Support Questions

Find answers, ask questions, and share your expertise

Firewall Between Knox and Master/Data nodes

avatar
Master Guru

Need to determine if I would encounter any challenges or gotchas when enabling a firewall between knox and master/data nodes. The security team I am working with is requiring this. Any knowledge share in this area would be AWESOME and helpful

1 ACCEPTED SOLUTION

avatar
Expert Contributor

I assume that you mean that Knox will be deployed within a DMZ of sorts between two firewalls. The challenges will be to make sure that the appropriate hosts and ports are available to Knox for accessing the Hadoop components inside the cluster.

View solution in original post

3 REPLIES 3

avatar
Expert Contributor

I assume that you mean that Knox will be deployed within a DMZ of sorts between two firewalls. The challenges will be to make sure that the appropriate hosts and ports are available to Knox for accessing the Hadoop components inside the cluster.

avatar
Master Guru

@lmccay Any performance considerations?

avatar
Contributor

Knox was designed for perimeter security and having it outside the firewall allows you to lock down your data/control nodes as stated. This approach makes it easy to hide hosts/ports that may change and provides users with one main access pattern. As mentioned in the other reply your firewall policy needs to account for the hosts/ports used. This is something we have deloyed on our edge node along with Hue and other UI services and fronted with a load balancer for high availability.