Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Check out our newest addition to the community, the Cloudera Data Analytics (CDA) group hub.
Solved Go to solution

ports required to be open

avijeetd
Expert Contributor

Created on ‎01-23-2017 06:14 AM - edited ‎09-16-2022 03:56 AM

Hi All,

to install/run HDP using Ambari, there are many ports such as 50070 needs to be open

However on cloud platforms keeping these ports open creates risks

Is there a way to keep them accessible from the services however blocked from outside internet.

Thanks,

Avijeet

903 Views
0 Kudos
1 ACCEPTED SOLUTION

mqureshi
Super Guru

Created ‎01-23-2017 06:20 AM

@Avijeet Dash

In cloud environment you create cluster within a VPC (AWS) or Azure Virtual network which becomes an extension of your own network. In addition both cloud environments (and other major ones) offers network ACLs. You are not really opening up ports to DMZ. Any practical deployment should use these features regardless of Hadoop.

View solution in original post

610 Views
0 Kudos
3 REPLIES 3

mqureshi
Super Guru

Created ‎01-23-2017 06:20 AM

@Avijeet Dash

In cloud environment you create cluster within a VPC (AWS) or Azure Virtual network which becomes an extension of your own network. In addition both cloud environments (and other major ones) offers network ACLs. You are not really opening up ports to DMZ. Any practical deployment should use these features regardless of Hadoop.

611 Views
0 Kudos

avijeetd
Expert Contributor

Created ‎01-23-2017 06:28 AM

Thanks @mqureshi

Can you pls confirm for a cluster deployed without VPC - is there any way to secure Hadoop with all these ports open?

Thinking of KNOX as one way - anything else that can be done quickly, also will KNOX work without LDAP/AD?

Regards,

Avijeet

610 Views
0 Kudos

mqureshi
Super Guru

Created ‎01-23-2017 06:37 AM

The only thing you can do is limit which IP's can access your cluster. Basically specifying security rules for inbound traffic (or outbound also).

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#ec2-classic-security-...

610 Views
0 Kudos
Take a Tour of the Community
Don't have an account?
Register
Your experience may be limited. Sign in to explore more.
Announcements
Product Announcements
CDP Public Cloud: May 2023 Release Summary
What's New @ Cloudera
Cloudera Operational Database (COD) provides enhancements to the --scale-type CDP CLI option
What's New @ Cloudera
Cloudera Operational Database (COD) UI supports creating a smaller cluster using a predefined Data Lake template
What's New @ Cloudera
Cloudera Operational Database (COD) supports scaling up the clusters vertically
Product Announcements
CDP Public Cloud: April 2023 Release Summary
View More Announcements