Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Firewall Between Knox and Master/Data nodes

Solved Go to solution

Firewall Between Knox and Master/Data nodes

Super Guru

Need to determine if I would encounter any challenges or gotchas when enabling a firewall between knox and master/data nodes. The security team I am working with is requiring this. Any knowledge share in this area would be AWESOME and helpful

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Firewall Between Knox and Master/Data nodes

Contributor

I assume that you mean that Knox will be deployed within a DMZ of sorts between two firewalls. The challenges will be to make sure that the appropriate hosts and ports are available to Knox for accessing the Hadoop components inside the cluster.

3 REPLIES 3

Re: Firewall Between Knox and Master/Data nodes

Contributor

I assume that you mean that Knox will be deployed within a DMZ of sorts between two firewalls. The challenges will be to make sure that the appropriate hosts and ports are available to Knox for accessing the Hadoop components inside the cluster.

Re: Firewall Between Knox and Master/Data nodes

Super Guru

@lmccay Any performance considerations?

Re: Firewall Between Knox and Master/Data nodes

New Contributor

Knox was designed for perimeter security and having it outside the firewall allows you to lock down your data/control nodes as stated. This approach makes it easy to hide hosts/ports that may change and provides users with one main access pattern. As mentioned in the other reply your firewall policy needs to account for the hosts/ports used. This is something we have deloyed on our edge node along with Hue and other UI services and fronted with a load balancer for high availability.