Use a non-transparent proxy with Cloudera AI on AWS environments
Cloudera AI can use non-transparent proxies if the environment is configured to use a network proxy in Management Console.
Enterprise customers frequently need to deploy Cloudera in a virtual network that does not have direct internet access. Specifically, the proxy server may be located in a different virtual network, in order to filter traffic for allowed domains or IPs.
Transparent and non-transparent network proxies differ in the following ways.
- Transparent network proxy
- Proxy is unknown to clients and requires no additional client configuration.
- Usually, connections by way of transparent proxies are configured in route tables on your AWS VPC.
- Non-transparent proxy
-
- Clients are aware of non-transparent proxies and each client must be specifically configured to use the non-transparent proxy connection.
- You pass connection or security information (username/password) along with the connection request sent by clients.
You can configure an AWS environment to use non-transparent proxy connections when activating environments for Cloudera AI.
Use a non-transparent proxy in a different VPC
If the customer wants to copy the hostname for the non-transparent proxy and the non-transparent proxy is configured in a different VPC, then Cloudera needs the CIDR of the non-transparent proxy to allow the inbound access. To configure this, in the Provision Cloudera AI Workbench UI, select Use hostname for non-transparent proxy and enter the CIDR range in Inbound Proxy CIDR Ranges.