Please share the best practices for -
1. Security Configuration (LDAP/AD/Kerberos)
2. Data Encryption (Data in motion/Data at rest) and
3. Firewall ports and protocol support.
1. NiFi supports TLS certificates, LDAP and Kerberos for user authentication Once NiFi has been configured for HTTPS access. Each of these is covered in the admin guide. The documentation for which ever build you are running is included with the software and is also accessible directly through the NiFi UI by clicking on "help" in the upper right corner.
2. NiFi has many processor that support the encrypted receiving and sending of data (ListenHTTP, invokeHTTP, GetSFTP, putSFTP, etc....). As far as data at rest, NiFi has an encryptContent processor that can be used to encrypt and decrypt teh content of a NiFi FlowFile.
3. NiFi sets no requirement for what specific ports are used by any of it components. The number of ports needed varies based upon whether you are setting up a standalone NiFi, a NiFI cluster, and any port based Listening processors (ListenTCP, LIstenUDP, ListenHTTP, etc....) you may use in your dataflow.
For a standalone, you need the following ports at a minimum:
- http or https port
- NiFi Site-toSite port (optional but recommended to take advanatge of NiFi's S2S capability)
For a cluster you need the above plus the following:
- Cluster node port
- Cluster NCM port
- Zookeeper port (typically 2181 - and only needed if using NiFi's embedded zookeeper)
- Zookeeper Quorum port (Typically 2888 - and only needed if using NiFi's embedded zookeeper)
- zookeeper leader port (Typically 3888 - and only needed if using NiFi's embedded zookeeper)
- Authority provider port (Needed if setup https)
NiFi also provides support for numerous protocols via its many NiFi processors.