
Course Information

Course Name
ADMIN-332: Securing Cloudera on premises

Exam code
CDP-ADMINPVC

Duration
4 Days
Certification
Overview
The Cloudera platform is intended to meet the most demanding technical audit standards. The significant improvements in Cloudera architecture and components make Cloudera “Secure by Design.” This four-day hands-on course is presented as a project plan for Cloudera administrators to build fully secured Cloudera clusters.
The course begins with implementing Perimeter Security by installing host level security and Kerberos. Next, students protect Data by implementing Transport Layer Security using Auto-TLS and data encryption using Key Management System and Key Trustee Server (KMS/KTS). Following this, in the third stage, students control access for users and to data using Apache Ranger and Apache Atlas. The fourth stage focuses on visibility practices, teaching students how to audit systems, users, and data usage. Finally, the course introduces Cloudera practices for Risk Management in a fully secured Cloudera platform.
This course is 60% exercise and 40% lecture.
Audience Profile
This immersion course is designed for Linux Administrators transitioning to Cloudera Administrator roles. Students must have proficiency in Linux (e.g., navigating the file system, using basic commands) and Linux text editors (e.g., vi, nano). Familiarity with Directory Services, Transport Layer Security, Kerberos, and SQL select statements is recommended. Prior experience with Cloudera products is required. Students must have reliable internet access to connect to the classroom environments hosted on Amazon Web Services.
Prerequisities
The Admin-332: Securing Cloudera On-Premises course is designed for Linux administrators transitioning into Cloudera Data Platform (CDP) administration roles. While there are no formal prerequisites, the following background is recommended to maximize the benefits of the course:
System Administration Experience: 3 to 5 years in system administration within the industry.
Linux Command-Line Proficiency: Comfortable using Linux CLI for various administrative tasks.
Familiarity with Security Concepts: Understanding of Directory Services, Transport Layer Security (TLS), and Kerberos.
Basic SQL Knowledge: Ability to construct and understand SQL SELECT statements.
Prior Cloudera Product Experience: Experience with Cloudera products such as CDH or HDP is beneficial.
Additionally, participants should have internet access to connect to Amazon Web Services (AWS) during the course.
Course Outline
- Cloudera Security Models
- Cloudera Security Pillars
- Cloudera Security Levels
- The Importance of Project Planning
- Outline of Project Plan
- Roles and Responsibilities of a Cloudera Administrator
- Comparing Directory Services
- Lightweight Directory Access Protocol
- FreeIPA or Active Directory
- Identity Management Architecture
- The purpose of PAM
- Cloudera Manager and PAM
- Architecture for Network Security
- Building an Isolated Network
- Cloudera Requirements for Hosts
- Recommendations for deployment hosts
- Theory for Security Protocols (TLS and SASL)
- Tools: openssl and keytool
- Architecture for Enterprise Certificate Authorities
- Deploying TLS using Auto-TLS
- Deploying SASL
- Auditing access on hosts
- Auditing users with Ranger
- Auditing lineage with Atlas
- Architecture for Kerberos
- Kerberos CLI
- Deploying Kerberos
- Managing Cloudera services within Kerberos
- Architecture for Apache Ranger
- Deploying Ranger
- Deploying Infra Solr
- Deploying Atlas
- Theory for KMS/KTS
- Deploying KMS/KTS
- Encrypting Data at Rest
- Architecture for Knox Gateway
- Installing Knox Gateway
- Deploying Knox Gateway SSO
- Accessing services through Knox Gateway
- Creating Ranger KMS Encryption Zones
- Creating Ranger Security Zones
- Creating Ranger resource policies
- Ranger Policies for Atlas
- Searching Atlas
- Classifying Data with Tags
- Creating Ranger Tag Policies
- Creating Ranger Masking Policies
- Validating Security Level 2
- Checklist for commissioning Cloudera
- Regulatory Compliance
- Roadmap to Security Level 3
Overview
Overview
The Cloudera platform is intended to meet the most demanding technical audit standards. The significant improvements in Cloudera architecture and components make Cloudera “Secure by Design.” This four-day hands-on course is presented as a project plan for Cloudera administrators to build fully secured Cloudera clusters.
The course begins with implementing Perimeter Security by installing host level security and Kerberos. Next, students protect Data by implementing Transport Layer Security using Auto-TLS and data encryption using Key Management System and Key Trustee Server (KMS/KTS). Following this, in the third stage, students control access for users and to data using Apache Ranger and Apache Atlas. The fourth stage focuses on visibility practices, teaching students how to audit systems, users, and data usage. Finally, the course introduces Cloudera practices for Risk Management in a fully secured Cloudera platform.
This course is 60% exercise and 40% lecture.
Audience Profile
Audience Profile
This immersion course is designed for Linux Administrators transitioning to Cloudera Administrator roles. Students must have proficiency in Linux (e.g., navigating the file system, using basic commands) and Linux text editors (e.g., vi, nano). Familiarity with Directory Services, Transport Layer Security, Kerberos, and SQL select statements is recommended. Prior experience with Cloudera products is required. Students must have reliable internet access to connect to the classroom environments hosted on Amazon Web Services.
Prerequisities
Prerequisities
The Admin-332: Securing Cloudera On-Premises course is designed for Linux administrators transitioning into Cloudera Data Platform (CDP) administration roles. While there are no formal prerequisites, the following background is recommended to maximize the benefits of the course:
System Administration Experience: 3 to 5 years in system administration within the industry.
Linux Command-Line Proficiency: Comfortable using Linux CLI for various administrative tasks.
Familiarity with Security Concepts: Understanding of Directory Services, Transport Layer Security (TLS), and Kerberos.
Basic SQL Knowledge: Ability to construct and understand SQL SELECT statements.
Prior Cloudera Product Experience: Experience with Cloudera products such as CDH or HDP is beneficial.
Additionally, participants should have internet access to connect to Amazon Web Services (AWS) during the course.
At Course Completion
Course Outline
Course Outline
- Cloudera Security Models
- Cloudera Security Pillars
- Cloudera Security Levels
- The Importance of Project Planning
- Outline of Project Plan
- Roles and Responsibilities of a Cloudera Administrator
- Comparing Directory Services
- Lightweight Directory Access Protocol
- FreeIPA or Active Directory
- Identity Management Architecture
- The purpose of PAM
- Cloudera Manager and PAM
- Architecture for Network Security
- Building an Isolated Network
- Cloudera Requirements for Hosts
- Recommendations for deployment hosts
- Theory for Security Protocols (TLS and SASL)
- Tools: openssl and keytool
- Architecture for Enterprise Certificate Authorities
- Deploying TLS using Auto-TLS
- Deploying SASL
- Auditing access on hosts
- Auditing users with Ranger
- Auditing lineage with Atlas
- Architecture for Kerberos
- Kerberos CLI
- Deploying Kerberos
- Managing Cloudera services within Kerberos
- Architecture for Apache Ranger
- Deploying Ranger
- Deploying Infra Solr
- Deploying Atlas
- Theory for KMS/KTS
- Deploying KMS/KTS
- Encrypting Data at Rest
- Architecture for Knox Gateway
- Installing Knox Gateway
- Deploying Knox Gateway SSO
- Accessing services through Knox Gateway
- Creating Ranger KMS Encryption Zones
- Creating Ranger Security Zones
- Creating Ranger resource policies
- Ranger Policies for Atlas
- Searching Atlas
- Classifying Data with Tags
- Creating Ranger Tag Policies
- Creating Ranger Masking Policies
- Validating Security Level 2
- Checklist for commissioning Cloudera
- Regulatory Compliance
- Roadmap to Security Level 3
Related Courses
You might also being interested in this course
ADMIN-230: Administering Cloudera on Premises
- RM13,600.00 exc. 8% tax
- 4 Days
