Overview
The significant improvements in CDP architecture and tools makes CDP “Secure by Design.” The Cloudera Data Platform is intended to meet the most demanding technical audit standards. This four-day hands-on course is presented as a project plan for CDP administrators to achieve technical audit standards.
The first project stage is implementing Perimeter Security by installing host level security and Kerberos. The second project stage protects Data by implementing Transport Layer Security using Auto-TLS and data encryption using Key Management System and Key Trustee Server (KMS/KTS). The third project stage controls Access for users and to data using Ranger and Atlas. The fourth stage teaches Visibility practices for auditing systems, users, and data usage. This project stage also analyzes applications in terms of vulnerabilities and introduces CDP practices for Risk Management in a fully secured Cloudera Data Platform. This course is 60% exercise and 40% lecture.
Who should take this course?
This immersion course is intended for Linux Administrators who are taking up roles as CDP Administrators. We recommend a minimum of 3 to 5 years of system administration experience in industry. Students must have proficiency in Linux CLI. Knowledge of Directory Services, Transport Layer Security, Kerberos, and SQL select statements is helpful. Prior experience with Cloudera products is expected, experience with CDH or HDP is sufficient. Students must have access to the Internet to reach Amazon Web Services.
Book the course
Course Details
Security Management
CDP Security Models
CDP Security Pillars
CDP Security Levels
Project Planning
The Importance of Project Planning
Roles and Responsibilities
Isolated Networks
Architecture for Network Security
Building an Isolated Network
Identity Management
FreeIPA or Active Directory
Identity Management Architecture
Pluggable Authentication Modules
Lightweight Directory Access Protocol
Cloudera Manager Roles
Managing Super Users
Quality Controlled Hosts
CDP Requirements for Hosts
Recommendations for deployment hosts
Encrypt Network Traffic
Theory for Security Protocols
Tools: openssl and keytool
Architecture for Certificate Authorities
Deploying TLS using Auto-TLS
Deploying SASL
Authentication with Kerberos
Architecture for Kerberos
Kerberos CLI
Deploying Kerberos
Managing CDP services within Kerberos
Shared Data Experience (SDX)
Architecture for Apache Ranger
Deploying Ranger
Deploying Infra Solr
Deploying Atlas
Data at Rest
Theory for KMS with KTS
Deploying KMS with KTS
Encrypting Data at Rest
Single Sign-On with Knox Gateway
Architecture for Knox Gateway
Installing Knox Gateway
Deploying Knox Gateway SSO
Accessing services through Knox Gateway
Authorization with Ranger
Creating Ranger Data Encryption Zones
Creating Ranger Security Zones
Creating Ranger resource policies
Creating Ranger masking policies
Classify Data with Atlas
Ranger Policies for Atlas
Searching Atlas
Classifying Data with Tags
Creating Ranger Tag Policies
Creating Ranger Masking Policies
Audit CDP
Auditing access on hosts
Auditing users with Ranger
Auditing lineage with Atlas
Troubleshooting with Audits
Commission CDP
Validating Security Level 2
Checklist for commissioning CDP
Achieving Compliance
Regulatory Compliance
Roadmap to Security Level 3