Configuring TLS/SSL encryption manually for Cloudera Services To configure TLS/SSL encryption manually for Cloudera services. Configuring TLS encryption manually for Apache AtlasConfiguring Apache Atlas Transport Layer Security (TLS) involves both one-way (server authentication) and two-way (server and client authentication).Enable security for Cruise ControlWhen AutoTLS is disabled, you need to configure the security properties in Cloudera Manager to use Cruise Control in a secure environment. You can also choose between SPENGO and Trusted Proxy as an authentication method, and can assign admin, user and viewer roles to users to achieve further authorization over Cruise Control tasks.Configuring TLS/SSL encryption manually for DAS using Cloudera ManagerTo secure the transfer of sensitive information between Data Analytics Studio (DAS) and Cloudera Manager as well as with other services within your cluster, you must enable TLS/SSL for both Event Processor and WebApp. You can configure TLS manually using Cloudera Manager or have it set up automatically using the “Auto-TLS” feature.Enabling security for Apache FlinkSince Flink is essentially just a YARN application, you mainly need to configure service level security settings for the Flink Dashboard and Gateway in Cloudera Manager. You can configure security during the installation or later in the Configuration menu for Flink.Configuring TLS/SSL for HBase Once all the prerequisites are fulfilled, you can configure TLS/SSL for HBase Web UIs, HBase REST Server and HBase Thrift Server.Enabling TLS/SSL for HiveServerYou can secure client-server communications using symmetric-key encryption in the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocol. To encrypt data exchanged between HiveServer and its clients, you can use Cloudera Manager to configure TLS/SSL.Configuring TLS/SSL for HueYou can independently enable TLS/SSL for Hue.Configuring Impala TLS/SSLTo protect sensitive information being transmitted, Impala supports TLS/SSL network encryption, between Impala and client programs, and between the Impala-related daemons running on different nodes in the cluster.Channel encryptionKafka supports client to broker and inter-broker TLS/SSL encrypted communications. Configuring TLS/SSL encryption for a Kafka deployment involves configuring both clients and brokers. In addition to this, Kafka also supports TLS/SSL communication with Zookeeper.Configuring TLS/SSL encryption manually for Apache KnoxIf you do not want to enable Auto-TLS because, for example, you need to use your own enterprise-generated certificates, you can manually enable TLS for Apache Knox.Configuring TLS/SSL encryption for Kudu using Cloudera ManagerTLS/SSL encryption is enabled between Kudu servers and clients by default. You can enable TLS/SSL encryption for Kudu web UIs or configure the encryption using Cloudera Manager.Configure Lily HBase Indexer to use TLS/SSLAlthough Cloudera recommends using AutoTLS, you also have the option to set up TLS manually for the Lily HBase Indexer.Configuring TLS/SSL encryption manually for LivyYou can enable TLS manually for the Apache Livy Server.Configuring TLS/SSL manuallyIf you use your own enterprise-generated certificates, you would need to manually configure TLS.Configure TLS/SSL for OozieYou can edit properties to enable TLS/SSL for Oozie, specify the keystore file location on the local file system, and set the password for the keystore.Configure TLS encryption manually for Phoenix Query ServerYou can encrypt communication between clients and the Phoenix Query Server using Transport Layer Security (TLS) formerly known as Secure Socket Layer (SSL). You must follow these steps to manually configure TLS for Phoenix Query Server.Configure TLS/SSL encryption manually for Apache RangerHow to manually configure TLS/SSL encryption for Apache Ranger.Configure TLS/SSL encryption manually for Ranger KMSHow to manually configure TLS/SSL encryption for Ranger KMSConfigure TLS/SSL encryption manually for Ranger RMSHow to manually configure TLS/SSL encryption for Ranger RMSConfiguring TLS encryption manually for Schema RegistryIf you do not want to enable Auto-TLS, because, for example, you need to use your own enterprise-generated certificates, you can manually enable TLS for Schema Registry.Configure TLS/SSL encryption for SolrAlthough Cloudera recommends using AutoTLS, you also have the option to set up TLS manually for Cloudera Search.Configuring TLS/SSL encryption manually for SparkYou can enable TLS manually for the Spark History Server.Encryption in Cloudera SQL Stream BuilderWhen auto-TLS is disabled for the Cloudera SQL Stream Builder service, you must manually set the TLS properties for SSB in Cloudera Manager.Enabling TLS/SSL for the SRM serviceTLS/SSL can be enabled and configured for the Streams Replication Manager (SRM) service (Driver and Service roles) with various configuration properties available in Cloudera Manager. Configuring these properties affects the security configuration of SRM in multiple ways.Enabling TLS Encryption for Streams Messaging Manager on Cloudera on premisesLearn how to enable TLS/SSL encryption for Streams Messaging Manager on Cloudera on premises to secure the communication of sensitive information. You can enable the settings in Cloudera Manager according to the cluster configuration.Configuring TLS/SSL for Core Hadoop ServicesTLS/SSL for the core Hadoop services (HDFS and YARN) must be enabled as a group.Configuring TLS/SSL encryption manually for ZeppelinYou can enable TLS manually for the Apache Zeppelin Server.Configure ZooKeeper TLS/SSL using Cloudera ManagerTLS/SSL encryption between the ZooKeeper client and the ZooKeeper server and within the ZooKeeper Quorum is supported.
