CDP security components ensure the confidentiality, integrity, and availability of your CDP services and data. CDP’s comprehensive and centralized security features include user authentication, resource access authorization, data encryption, and data governance.

Authentication, a process that requires users and services to prove their identity when trying to access a system resource, is provided by integration with MIT Kerberos and LDAP/AD. Encryption for data at rest or data in motion is provided by TLS, HDFS transparent encryption, Cloudera NavEncrypt, Key Trustee Server, and Ranger KMS. Authorization, or control over who has access to a particular resource or service, is provided by Apache Ranger, Apache HDFS ACLs, traditional POSIX-style permissions for directories and files, and Apache HBase ACLs.

Configuring Authentication in Cloudera Manager

Configure Kerberos authentication in Cloudera Manager.

Cloudera Authorization

Control access to Cloudera Manager resources using LDAP.

Encrypting Data in Transit

Configure TLS/SSL secure networking in Cloudera Manager clusters.

Encrypting Data at Rest

Secure data at rest using encryption mechanisms and key management.

Key Trustee Server

How to configure the Key Trustee Server key storage and management system.

Navigator Encrypt

How to use Navigator Encrypt to transparently encrypt and secure data at rest.

Navigator Key HSM

How to use Navigator Key HSM to integrate with a hardware security module (HSM).

Apache Ranger Access Control and Auditing

How to use Apache Ranger for fine-grained access control and auditing.

Apache Knox Authentication

Apache Knox provides perimeter security, a single point of authentication and access for your services, to your CDP cluster.

Additional Security Topics

A collection of How-to guides covering a wide range of advanced Cloudera Manager security topics.