Skip links

ADMIN-332: Securing Cloudera on premises

Because we know just how hard it is to get the size.

Training

ADMIN-332: Securing Cloudera on premises

Course Information

Course Name

ADMIN-332: Securing Cloudera on premises

Exam code

CDP-ADMINPVC

Duration

4 Days

Certification

Overview

The Cloudera platform is intended to meet the most demanding technical audit standards. The significant improvements in Cloudera architecture and components make Cloudera “Secure by Design.” This four-day hands-on course is presented as a project plan for Cloudera administrators to build fully secured Cloudera clusters.

The course begins with implementing Perimeter Security by installing host level security and Kerberos. Next, students protect Data by implementing Transport Layer Security using Auto-TLS and data encryption using Key Management System and Key Trustee Server (KMS/KTS). Following this, in the third stage, students control access for users and to data using Apache Ranger and Apache Atlas. The fourth stage focuses on visibility practices, teaching students how to audit systems, users, and data usage. Finally, the course introduces Cloudera practices for Risk Management in a fully secured Cloudera platform.

This course is 60% exercise and 40% lecture.

Overview

Overview

The Cloudera platform is intended to meet the most demanding technical audit standards. The significant improvements in Cloudera architecture and components make Cloudera “Secure by Design.” This four-day hands-on course is presented as a project plan for Cloudera administrators to build fully secured Cloudera clusters.

The course begins with implementing Perimeter Security by installing host level security and Kerberos. Next, students protect Data by implementing Transport Layer Security using Auto-TLS and data encryption using Key Management System and Key Trustee Server (KMS/KTS). Following this, in the third stage, students control access for users and to data using Apache Ranger and Apache Atlas. The fourth stage focuses on visibility practices, teaching students how to audit systems, users, and data usage. Finally, the course introduces Cloudera practices for Risk Management in a fully secured Cloudera platform.

This course is 60% exercise and 40% lecture.

Audience Profile

This immersion course is designed for Linux Administrators transitioning to Cloudera Administrator roles. Students must have proficiency in Linux (e.g., navigating the file system, using basic commands) and Linux text editors (e.g., vi, nano). Familiarity with Directory Services, Transport Layer Security, Kerberos, and SQL select statements is recommended. Prior experience with Cloudera products is required. Students must have reliable internet access to connect to the classroom environments hosted on Amazon Web Services.

Prerequisities

The Admin-332: Securing Cloudera On-Premises course is designed for Linux administrators transitioning into Cloudera Data Platform (CDP) administration roles. While there are no formal prerequisites, the following background is recommended to maximize the benefits of the course:

  • System Administration Experience: 3 to 5 years in system administration within the industry.

  • Linux Command-Line Proficiency: Comfortable using Linux CLI for various administrative tasks.

  • Familiarity with Security Concepts: Understanding of Directory Services, Transport Layer Security (TLS), and Kerberos.

  • Basic SQL Knowledge: Ability to construct and understand SQL SELECT statements.

  • Prior Cloudera Product Experience: Experience with Cloudera products such as CDH or HDP is beneficial.

Additionally, participants should have internet access to connect to Amazon Web Services (AWS) during the course.

Course Outline

  • Cloudera Security Models
  • Cloudera Security Pillars
  • Cloudera Security Levels
  • The Importance of Project Planning
  • Outline of Project Plan
  • Roles and Responsibilities of a Cloudera Administrator
  • Comparing Directory Services
  • Lightweight Directory Access Protocol
  • FreeIPA or Active Directory
  • Identity Management Architecture
  • The purpose of PAM
  • Cloudera Manager and PAM
  • Architecture for Network Security
  • Building an Isolated Network
  • Cloudera Requirements for Hosts
  • Recommendations for deployment hosts
  • Theory for Security Protocols (TLS and SASL)
  • Tools: openssl and keytool
  • Architecture for Enterprise Certificate Authorities
  • Deploying TLS using Auto-TLS
  • Deploying SASL
  • Auditing access on hosts
  • Auditing users with Ranger
  • Auditing lineage with Atlas
  • Architecture for Kerberos
  • Kerberos CLI
  • Deploying Kerberos
  • Managing Cloudera services within Kerberos
  • Architecture for Apache Ranger
  • Deploying Ranger
  • Deploying Infra Solr
  • Deploying Atlas
  • Theory for KMS/KTS
  • Deploying KMS/KTS
  • Encrypting Data at Rest
  • Architecture for Knox Gateway
  • Installing Knox Gateway
  • Deploying Knox Gateway SSO
  • Accessing services through Knox Gateway
  • Creating Ranger KMS Encryption Zones
  • Creating Ranger Security Zones
  • Creating Ranger resource policies
  • Ranger Policies for Atlas
  • Searching Atlas
  • Classifying Data with Tags
  • Creating Ranger Tag Policies
  • Creating Ranger Masking Policies
  • Validating Security Level 2
  • Checklist for commissioning Cloudera
  • Regulatory Compliance
  • Roadmap to Security Level 3
Course Price

RM13,600.00 exc. 8% tax

Training Dates

Product price:RM13,600.00 exc. 8% tax
Total options:
Order total:
Fill up the form for enquiry

Related Courses

You might also being interested in this course

Intermediate

ADMIN-230: Administering Cloudera on Premises