Installing DataPlane
Also available as:
PDF

Plan for Trusted Proxy Pattern Configuration

The communication between DataPlane Platform and cluster services such as Data LifeCycle Manager requires Knox. You can choose to configure Knox Trusted Proxy Pattern or Knox SSO.

DP Platform and the DP Apps leverage Knox to provide users and services with simplified and consistent access to clusters, data, and other services. DataPlane authenticates users against a centralized identity provider in the organization (such as an LDAP or AD). Having Knox set up with your clusters ensures that those users and services are authorized to perform specific actions on the respective clusters, and propagates the identity of the user or service from DataPlane to the cluster services.

Configuring and using Knox SSO involves manual setup of Knox topologies and manual registration of Data Plane services. To configure Knox SSO to use DP apps such as DLM and DSS, you must manually set up the Knox topologies such as token.xml and dpproxy.xml. In addition, to log in to services such as Ambari or DP apps such as DLM, you need to log in through a Knox SSO page.

Trusted proxy pattern provides an alternative secure way for DataPlane to communicate with Ambari. It eliminates the need to enable Single Sign On on the services.

Knox Trusted Proxy Pattern addresses this problem of varying authentication screens as the clusters are already registered using the DP Cluster Setup Utility Script.

The DP Cluster Setup Utility Script performs the following functions:

  • Validates if the environment meets all prerequisite requirements

  • Checks if all the DP App agents such as DLM Engine and DP Profiler Agent are installed

  • Adds and configures the Knox topologies that DP requires and the installed apps require to communicate with cluster services - token.xml and dp-proxy.xml

  • Sets up the trusted proxy configuration for services

  • Registers the clusters in DataPlane

If your environment meets the requirements for Knox Trusted Proxy Pattern, it is recommended that you configure Knox TPP instead of Knox SSO. See Prerequisites for Knox Trusted Proxy Pattern for more information about these requirements.