Enabling TLS with Cloudera Director
Transport Layer Security (TLS) is a security protocol that supersedes Secure Sockets Layer (SSL). It is designed to prevent eavesdropping, tampering, and message forgery by encrypting network communications. It also supports authentication of host certificates prior to encryption, to prevent spoofing. You can enable TLS on your clusters, as well as on Cloudera Manager and Cloudera Director, in order to protect communications among them.
Cloudera Director supports TLS, but with the following limitations:
- Cloudera Director can be configured to require TLS for access, so that communications between its server and clients are secured. However, the generated Java and Python client libraries for the Cloudera Director server API, which are provided in the Cloudera Director SDK, cannot communicate with a Cloudera Director server that is running under TLS. Also, the Cloudera Director CLI cannot communicate with a Cloudera Director server that is running under TLS for operations such as bootstrap-remote.
- Cloudera Director cannot directly enable TLS in Cloudera Manager deployments that it bootstraps. Instead, see Configuring Cloudera Manager Clusters for TLS/SSL in the Cloudera Manager documentation for instructions on enabling TLS.
- Cloudera Director can be used to configure TLS for a cluster's services by implementing the necessary steps, using features such as bootstrap scripts and/or designing instance images that have required files, such as truststores, already in place. See Configuring TLS/SSL Encryption for CDH Services in the Cloudera Security documentation for instructions on configuring TLS for CDH services. While Cloudera Manager can be used independently of Cloudera Director to set up TLS for a cluster, Cloudera Director would then not know to perform the same procedures on new instances created during grow or clone operations.