Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to keep the authentication for separate environment

How to keep the authentication for separate environment

New Contributor

Hello,


If you have 4 environments such as DEV, QA, PREPROD and PROD, for the authentication would you keep separate ADs or would you keep same?


4 REPLIES 4
Highlighted

Re: How to keep the authentication for separate environment

New Contributor

Hi @Anpan


It is better to have one AD for each environment.
You can control each user with setting up a different principal's like hdfs principal for DEV users and separate for PROD users.


You can easy maintained different OU and Groups for each Environment as per requirement in your organisation.


It is also recommended to have only one AD server for each environment. This will be cost effective and easy to manage OU , Groups and Princiapls etc..


Thanks,

Owez


Re: How to keep the authentication for separate environment

Expert Contributor

@Anpan K It depends your environment. You can use a single AD with different Ou's created for different environment . Only thing you need to make sure is all the environments should be on same network if not so some natting would be require but still acheivable.

.

Re: How to keep the authentication for separate environment

New Contributor

The reason I would like to keep AD for each environment is that mainly security. Why would we need to have same AD for Dev and PROD?


What are the advantages and disadvantages of having same AD for all the environment?


I would agree with Owez to keep separate AD.

Re: How to keep the authentication for separate environment

New Contributor

The reason I would like to keep AD for each environment is that mainly security. Why would we need to have same AD for Dev and PROD?


What are the advantages and disadvantages of having same AD for all the environment?


I would agree with Owez to keep separate AD.