How To Set Up Access to Cloudera EDH (Microsoft Azure Marketplace)
- Set up a SOCKS (
Sockets Secure protocol
) proxy on your client machine. Cloudera recommends that you use this option. - Add inbound rules to the Network Security Group in the Azure instance after you deploy EDH or Director to Azure.
Configure the SOCKS Proxy
The SOCKS5 protocol is implemented as a client and server process that enables traversal of IP network firewalls. After you configure the SOCKS proxy, your browser resolves DNS lookups using the Microsoft Azure network (through the proxy server), and lets you connect to services using internal FQDNs or private IP address.
- Set up a single SSH tunnel to one of the hosts on the network and create a SOCKS proxy on the host.
- Change the browser configuration to perform all lookups through the SOCKS proxy host.
Network Prerequisites
- You must be able to reach the host that you want to proxy to from the public internet or from the network that you're connecting from.
- The host that you proxy to must be on the same network as the Cloudera services that you're connecting to. For example, if you’re using the Cloudera EDH offering, tunnel to the Cloudera Manager host.
Find the Public IP of the Host
For the Cloudera EDH offering, use the public IP of the 0th master node VM: [dnsName]-mn0.
Start the SOCKS Proxy
On Linux
ssh -i your-key-file.pem -CND 1080
the_username_you_specified@publicIP_of_VM
-i your-key-file.pem
Specifies the path to the private key needed to SSH to the Cloudera EDH server. Omit if using SSH passwords.C
Sets up compression.N
Suppresses any command execution once established.D
Sets up the SOCKS proxy on a port.1080
The port to set the SOCKS proxy locally.
On Windows
Follow the instructions on Microsoft's website (see SSH tunnel to endpoints in Azure VNet
from Windows
).
Configure Google Chrome to Use the Proxy
- The SOCKS proxy port. This must be the same port that you used when you started the proxy.
- The profile. This examples below create a new profile.
Use one of the following commands to create a profile and launch a new instance of Chrome that does not conflict with any currently running Chrome instances.
/usr/bin/google-chrome \
--user-data-dir="$HOME/chrome-with-proxy" \
--proxy-server="socks5://localhost:1080"
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \
--user-data-dir="$HOME/chrome-with-proxy" \
--proxy-server="socks5://localhost:1080"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^
--user-data-dir="%USERPROFILE%\chrome-with-proxy" ^
--proxy-server="socks5://localhost:1080"
In this Chrome session, you can use the private IP address or internal FQDN to connect to any host that is accessible by Cloudera EDH.
Network Security Group
Warning: This method is not recommended for any purpose other than a Proof of Concept. If the data is not carefully locked down, it will be accessible to hackers and malicious entities.
On the Microsoft Azure Portal
, find the Network Security Group(s) and add inbound rules
for the various services. You might have to create these rules for the
services.