Cloudera Docs

Setting up trust for hybrid environments

Learn more about how to set up trust for hybrid environments.

Once the hybrid environment has been created, its status changes to Trust Setup Required. This requires setting up a cross-realm trust between FreeIPA in Cloudera on cloud and Active Directory in Cloudera on premises.

  • You have the following options to connect the cloud and on-premises environments:
    • Connect the cloud and on-premises Control Plane.
    • Register the Cloudera on premises cluster as a Classic cluster in Cloudera on cloud.
  • The on-premises Control Plane provides additional functionalities over the Classic clusters, such as Data Services and more controlled user-level access to the on-premises data lake services, but it is not mandatory for the Hybrid burst to cloud use cases.
  • Creating a connection between the cloud and on-premises platform, the Cloudera Base cluster acts as the data lake for the hybrid cloud environment.

    The Cloudera Data Hub cluster created in the Cloudera Hybrid Environments can directly access data and metadata in the Cloudera on premises Data Lake cluster.

  • To have a seamless connection between Cloudera on cloud and Cloudera on premises, you also have to connect the Cloudera on cloud Kerberos KDC and DNS server to the same one used by the Cloudera on premises account.

  • Register your Cloudera on premises control plane in the Cloudera Hybrid Environments.

  1. Navigate to the Cloudera Management Console for Cloudera on cloud.
  2. Select Environments.
  3. Select the environment created in Registering Hybrid Environments.
  4. Select the Data Lake tab.
  5. Click Next.
  6. Select the on-premises environment from the drop-down list.
  7. The wizard will fetch the required information and complete the necessary items.
    Realm
    The Active Directory REALM is typically your domain name, but entered in all capital letters (e.g., CORP.EXAMPLE.COM). It is used for Kerberos authentication to identify the specific security domain.
    IP Address
    This is the specific IP address of the Domain Controller responsible for authentication and other directory services. You can find this by running nslookup on your Active Directory FQDN.
    FQDN
    The Fully Qualified Domain Name (FQDN) is the complete domain name for your Active Directory, such as corp.example.com. It uniquely identifies your domain on the Internet.
  8. Click Validate and Configure.
  9. In the Authorize On-Premises Components section under Active Directory, click Show commands.
  10. Copy the commands and run them on the Active Directory instance in a command prompt with administrative rights. You must log in with a user who has Domain Administrator, Enterprise Administrator, or equivalent elevated privileges.
  11. Under Data Lake, click Show Instructions.
  12. Copy the code.
  13. Create a new file in the /etc/krb5.conf.d/ folder with a custom name and .conf extension on Cloudera on premises.
  14. Paste the code into the file and save it. It is automatically processed by the Kerberos service.
  15. Configure the auth_to_local service setting in Cloudera Manager on-premises as explained in the Adding trusted realms to the cluster section of the Cloudera Base on premises documentation.
  16. Click Test connection.

When the connection is successful, the data lake services are listed, and the cross-realm setup is finished.

You can start creating Cloudera Data Hub clusters in your hybrid cloud environment.