Securing Cloudera on premises

Course Information

Course Name

ADMIN-332: Securing Cloudera on premises

Exam code

CDP-ADMINPVC

Duration

4 Days

Certification

Cloudera Administrator On Premises

Overview

The Cloudera platform is intended to meet the most demanding technical audit standards. The significant improvements in Cloudera architecture and components make Cloudera “Secure by Design.” This four-day hands-on course is presented as a project plan for Cloudera administrators to build fully secured Cloudera clusters.

The course begins with implementing Perimeter Security by installing host level security and Kerberos. Next, students protect Data by implementing Transport Layer Security using Auto-TLS and data encryption using Key Management System and Key Trustee Server (KMS/KTS). Following this, in the third stage, students control access for users and to data using Apache Ranger and Apache Atlas. The fourth stage focuses on visibility practices, teaching students how to audit systems, users, and data usage. Finally, the course introduces Cloudera practices for Risk Management in a fully secured Cloudera platform.

This course is 60% exercise and 40% lecture.

Audience Profile

This immersion course is designed for Linux Administrators transitioning to Cloudera Administrator roles. Students must have proficiency in Linux (e.g., navigating the file system, using basic commands) and Linux text editors (e.g., vi, nano). Familiarity with Directory Services, Transport Layer Security, Kerberos, and SQL select statements is recommended. Prior experience with Cloudera products is required. Students must have reliable internet access to connect to the classroom environments hosted on Amazon Web Services.

Prerequisities

The Admin-332: Securing Cloudera On-Premises course is designed for Linux administrators transitioning into Cloudera Data Platform (CDP) administration roles. While there are no formal prerequisites, the following background is recommended to maximize the benefits of the course:

• System Administration Experience: 3 to 5 years in system administration within the industry.​

• Linux Command-Line Proficiency: Comfortable using Linux CLI for various administrative tasks.​

• Familiarity with Security Concepts: Understanding of Directory Services, Transport Layer Security (TLS), and Kerberos.​

• Basic SQL Knowledge: Ability to construct and understand SQL SELECT statements.​

• Prior Cloudera Product Experience: Experience with Cloudera products such as CDH or HDP is beneficial.​

Additionally, participants should have internet access to connect to Amazon Web Services (AWS) during the course.

At Course Completion

Course Outline

Module 1: Cloudera Secure by Design

• Cloudera Security Models

• Cloudera Security Pillars

• Cloudera Security Levels

Module 2: Project Planning for Cloudera

• The Importance of Project Planning

• Outline of Project Plan

• Roles and Responsibilities of a Cloudera Administrator

Module 3: Directory Services

• Comparing Directory Services

• Lightweight Directory Access Protocol

• FreeIPA or Active Directory

Module 4: Manage Identities on Cloudera

• Identity Management Architecture

• The purpose of PAM

• Cloudera Manager and PAM

Module 5: Isolated Networks

• Architecture for Network Security

• Building an Isolated Network

Module 6: Quality Controlled Hosts

• Cloudera Requirements for Hosts

• Recommendations for deployment hosts

Module 7: Protect Data in Motion

• Theory for Security Protocols (TLS and SASL)

• Tools: openssl and keytool

• Architecture for Enterprise Certificate Authorities

• Deploying TLS using Auto-TLS

• Deploying SASL

Module 8: Audit Cloudera

• Auditing access on hosts

• Auditing users with Ranger

• Auditing lineage with Atlas

Module 9: Authentication with Kerberos

• Architecture for Kerberos

• Kerberos CLI

• Deploying Kerberos

• Managing Cloudera services within Kerberos

Module 10: Shared Data Experience (SDX)

• Architecture for Apache Ranger

• Deploying Ranger

• Deploying Infra Solr

• Deploying Atlas

Module 11: Data at Rest

• Theory for KMS/KTS

• Deploying KMS/KTS

• Encrypting Data at Rest

Module 12: Single Sign-On with Knox Gateway

• Architecture for Knox Gateway

• Installing Knox Gateway

• Deploying Knox Gateway SSO

• Accessing services through Knox Gatewa

Module 13: Authorization with Ranger

• Creating Ranger KMS Encryption Zones

• Creating Ranger Security Zones

• Creating Ranger resource policies

Module 14: Classify Data with Atlas

• Ranger Policies for Atlas

• Searching Atlas

• Classifying Data with Tags

• Creating Ranger Tag Policies

• Creating Ranger Masking Policies

Module 15: Commission Cloudera

• Validating Security Level 2

• Checklist for commissioning Cloudera

Module 16: Achieving Compliance

• Regulatory Compliance

• Roadmap to Security Level 3

All Cloudera certification courses are conducted by certified trainers from Iverson.

Digital Methods acts as the official training partner and assists with program consultation, registration, coordination, scheduling, and administrative arrangements to ensure a seamless and well-managed training experience.