Running Altus Director and Cloudera Manager in Different Regions or Clouds
A Altus Director instance requires network access to all of the Cloudera Manager and CDH instances it deploys and manages. If Altus Director is installed in the same subnet where you
install Cloudera Manager and create CDH clusters, this requirement is satisfied automatically. However, the following alternative configurations are also supported:
- Running Altus Director in one region and Cloudera Manager and the CDH clusters it manages in a different region.
- Installing Altus Director on one cloud provider, such as AWS, and Cloudera Manager and the CDH clusters it manages on a different cloud provider, such as Microsoft Azure or Google Cloud Platform.
- Installing Altus Director in your local network environment (on your laptop, for instance), and Cloudera Manager and the CDH clusters it manages in a cloud environment.
The most secure solution in these cases is to set up a VPN giving Altus Director access to the private subnet. Alternatively, Altus Director can be given SSH access to the instances through the public internet.
When using SSH to configure Cloudera Manager and CDH instances, Altus Director will try to connect to the instances in the following order:
- Private IP address
- Private DNS host name
- Public IP address
- Public DNS host name
The following requirements apply to running Altus Director and clusters in different regions or cloud provider environments when connecting to instances through their public endpoints:
- Your cluster instances must have public IP addresses and your security group must allow SSH access on port 22 from the IP address of the Altus Director host.
- For AWS: If you are creating the cluster with the UI, set Associate public IP addresses to true in the Environment for Cloudera Manager and the cluster. If you are creating the cluster with the CLI, set the associatePublicIpAddresses to true in the configuration file.
- For Microsoft Azure: If you are creating the cluster with the UI, set Public IP to Yes in the instance template for Cloudera Manager and the cluster. If you are creating the cluster with the CLI, set publicIP to Yes in the configuration file.
- While Altus Director can run in a different subnet, Cloudera Manager and the CDH cluster hosts must be in the same subnet.
- Altus Director must have SSH access to the public IP addresses of all cluster instances.
- Altus Director needs to communicate with Cloudera Manager on its API endpoint (typically through HTTP to port 7180) on the private IP address. For security reasons, this endpoint
should not be exposed to the public internet.
- For Cloudera Manager instances that were deployed by Altus Director, if Altus Director cannot make a direct connection to the Cloudera Manager API on the private IP address, it will automatically attempt to create an SSH tunnel to the Cloudera Manager API endpoint through an SSH connection to the instance on its public IP address.
- Connecting to an existing deployment of Cloudera Manager through SSH tunneling is not supported.