We have a HW 2.6 On premise cluster which is currently integrated with AD. Now we are looking to enrich the security, by enabling AD Kerberos and enable Knox. Once we make this change, it will also mean that all consumption tools (like Tableau), we need to make some change for it to connect to Kerberos enabled cluster.
Keeping above in mind, seeking suggestion/best practice from below perspective:
1. Can we connect directly to Hive through Kerberos authentication using HW ODBC Driver in Tableau ? If yes, then any limitation or considerations to be aware of? Also any experience of implementing same with MicroStrategy? (We do not need SSO, just want to enable Kerberos as authetication type)
2. Is it preferred to have KNOX act as gateway to all JDBC/ODBC connections? If yes, any specific benefits of using Knox over direct connectivity using ODBC to Hive?
Any suggestion/inputs are welcome on the above 2 questions.
Our organization has taken the approach of using Knox for all of that as it doesn't require your BI Tools be in the same domain. Some tools we use support Kerberos but there are a number of caveats that can make it frustrating like ticket renewals and distributing keytabs and Knox didn't require any of that. One note for Knox if you're running really large SQL Statements you'll have to increase the HTTP Request Size.