Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

ports required to be open

avatar
author-rank avijeetd
Super Collaborator

Created on ‎01-23-2017 06:14 AM - edited ‎09-16-2022 03:56 AM

Hi All,

to install/run HDP using Ambari, there are many ports such as 50070 needs to be open

However on cloud platforms keeping these ports open creates risks

Is there a way to keep them accessible from the services however blocked from outside internet.

Thanks,

Avijeet

1,573 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank mqureshi
Super Guru

Created ‎01-23-2017 06:20 AM

@Avijeet Dash

In cloud environment you create cluster within a VPC (AWS) or Azure Virtual network which becomes an extension of your own network. In addition both cloud environments (and other major ones) offers network ACLs. You are not really opening up ports to DMZ. Any practical deployment should use these features regardless of Hadoop.

View solution in original post

1,280 Views
0 Kudos
3 REPLIES 3

avatar
author-rank mqureshi
Super Guru

Created ‎01-23-2017 06:20 AM

@Avijeet Dash

In cloud environment you create cluster within a VPC (AWS) or Azure Virtual network which becomes an extension of your own network. In addition both cloud environments (and other major ones) offers network ACLs. You are not really opening up ports to DMZ. Any practical deployment should use these features regardless of Hadoop.

1,281 Views
0 Kudos

avatar
author-rank avijeetd
Super Collaborator

Created ‎01-23-2017 06:28 AM

Thanks @mqureshi

Can you pls confirm for a cluster deployed without VPC - is there any way to secure Hadoop with all these ports open?

Thinking of KNOX as one way - anything else that can be done quickly, also will KNOX work without LDAP/AD?

Regards,

Avijeet

1,280 Views
0 Kudos

avatar
author-rank mqureshi
Super Guru

Created ‎01-23-2017 06:37 AM

The only thing you can do is limit which IP's can access your cluster. Basically specifying security rules for inbound traffic (or outbound also).

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#ec2-classic-security-...

1,280 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements