Cloudera Edge Management security overview
Cloudera Edge Management is not secure by default. Cloudera recommends that you must always enable security for production environment. To secure Cloudera Edge Management, you must secure both Edge Flow Manager and MiNiFi agents.
By default, Edge Flow Manager runs in an unsecured mode where the web endpoints are accessible over HTTP on all network interfaces and clients are not authenticated. When unsecured, all clients are anonymous and have full access to the application. For this reason, insecure mode should only be used for test or development purposes and when Edge Flow Manager is not accessible through the public Internet.
efm.properties
file.efm.web.host=localhost
For production environments, security should always be enabled by configuring a TLS context and method of user authentication.
Securing Cloudera Edge Management involves securing both the Edge Flow Manager server and MiNiFi agents.
The Edge Flow Manager server provides centralized control of MiNiFi agents. Starting with version 1.3.0, Edge Flow Manager provides robust options for authentication and authorization.
- Generating or obtaining keys and certificates for Edge Flow Manager, MiNiFi agents, and optionally service user accounts.
- Configuring the Edge Flow Manager TLS context.
- Configuring MiNiFi agent TLS contexts, which allows MiNiFi agents to authenticate to a secured Edge Flow Manager server.
- Configuring end-user authentication for the Edge Flow Manager web application UI, typically as an integration with a Single Sign On (SSO) identity provider.
- Assigning access control policies to users and groups in the Edge Flow Manager web application UI.
For more information about the security aspects of Edge Flow Manager, check out the video on the Cloudera Edge Management YouTube playlist: