Migrating Security and Governance Data from CDH to CDP
How to migrate security and governance data from CDH to CDP.
Sentry to Ranger
- Hive/Impala replication in the Replication Manager can be used to convert and migrate Sentry policies to Ranger (for CDP Public Cloud).
- Kafka and Solr permissions must be manually converted to Ranger policies.
- HDFS ACLs that are automatically set up by Sentry must be manually converted to Ranger policies.
Key Trustee Server, Key Trustee KMS, Key HSM, HSM KMS
Use BDR/Replication Manager to migrate encrypted data to CDP Public Cloud or CDP Data Center.
- Migrate data from encrypted volumes to Cloud-native encrypted storage (for CDP Public Cloud) or to another NavEncrypt encrypted volume (in CDP Data Center).
- Data re-encryption will take place during the migration.
Navigator to Atlas Migration
- CDP has Atlas wired up to all workloads. Ported workloads will recreate lineage.
- Navigator-managed metadata tags and any manually entered data must be manually ported to Atlas Business Metadata Tags.
- Any applications using the Navigator SDK must be ported to use Atlas APIs.
- Navigator Audit information is not ported. To retain legacy audit information you can maintain a read-only Navigator instance until it is no longer needed. You may need to upgrade Cloudera Manager or Navigator on the legacy cluster to a newer version to avoid end-of-life issues.