ADMIN-232: Building Secure Cloudera Clusters
Duration: 4 Days (32 Hours)
ADMIN-232: Building Secure Cloudera Clusters:
Designed for Cloudera Data Platform (CDP) administrators, this intensive four-day course imparts essential skills and methodologies to configure solutions aligning with stringent technical security audit criteria. The curriculum revolves around a recommended project plan catering to CDP administrators. The initial project phase encompasses Perimeter Security implementation, entailing host level security and Kerberos installation. Subsequently, the second project stage reinforces data security through Transport Layer Security facilitated by Auto-TLS, along with data encryption utilizing Key Management System and Key Trustee Server (KMS/KTS). The third phase centers on access management for users and data via Ranger and Atlas. The fourth stage elucidates visibility strategies for comprehensive system, user, and data usage auditing. Conclusively, the final project stage assesses application vulnerabilities while introducing CDP protocols for robust risk management within a fully fortified Cloudera Data Platform. This hands-on course predominantly comprises 70% lab exercises and 30% lectures, ensuring immersive learning.
Intended Audience:
- This course is intended for Linux administrators who are tasked with administering CDP.
Learning Objectives of ADMIN-232: Building Secure Cloudera Clusters:
- This course teaches how to build secure Cloudera Private Cloud cluster that meet techinical audit compliance, including reference architecture and all required security components, such as Auto-TLS, Kerberos, KMS w/ KTS, Ranger, and Atlas.
CDP Secure by Design
- CDP Security Models
- Architecture for CDP Security
Project Planning for Securing CDP
- Roles and Responsibilities
- Project Plan Stages
Connecting to Directory Services
- Architecture for Identity Management
- Comparing Directory Services
- Connecting to Lightweight Directory Access Protocol
Hardening Networks and Hosts
- CDP Requirements for Networks
- CDP Requirements for Hosts
Protecting Data in Motion
- Architecture for Transport Layer Security
- Deploying TLS using Auto-TLS
- Managing CDP services within TLS
Managing Authentication with Kerberos
- Architecture for Kerberos
- Deploying Kerberos
- Managing CDP services within Kerberos
Deploying Authorization
- Architecture for Apache Ranger
- Deploying Ranger
- Architecture for Atlas
- Deploying Atlas
Protecting Data at Rest
- Architecture for HDFS encryption
- Deploying Key Management System with Key Trustee Server
- Creating and managing encryption zones
Creating Single Sign-On with Knox Gateway
- Architecture for Knox Gateway
- Deploying Knox Gateway SSO
Managing Authorization with Ranger
- Creating resource policies
- Creating masking policies
- Creating Row Level Filtering policies
Classifying Data with Atlas
- Classifying Data with Tags
- Creating Ranger Tag Policies
- Creating Ranger Masking Policies
Auditing CDP
- Auditing access on hosts
- Auditing users with Ranger
- Auditing lineage with Atlas
Bringing Applications Aboard CDP
- Creating multi-tenant environments
Achieving Compliance
- Threat and Risk Modeling for CDP
- Regulatory Compliance
ADMIN-232: Building Secure Cloudera Clusters Course Prerequisites
- We recommend a minimum of 3 to 5 years of system administration experience. Students must have proficiency in Linux CLI and should be familiar with Linux shell scripts. Knowledge of Transport Layer Security, Kerberos, and SQL select statements is helpful. Students must have access to the internet to reach Amazon Web Services (AWS).
Discover the perfect fit for your learning journey
Choose Learning Modality
Live Online
- Convenience
- Cost-effective
- Self-paced learning
- Scalability
Classroom
- Interaction and collaboration
- Networking opportunities
- Real-time feedback
- Personal attention
Onsite
- Familiar environment
- Confidentiality
- Team building
- Immediate application
Training Exclusives
This course comes with following benefits:
- Practice Labs.
- Get Trained by Certified Trainers.
- Access to the recordings of your class sessions for 90 days.
- Digital courseware
- Experience 24*7 learner support.
Got more questions? We’re all ears and ready to assist!