Managing an environment The following management options are available for an existing environment: Stop and restart an environmentYou can stop an environment if you need to suspend but not terminate the resources within the environment. When you stop an environment, all of the resources within the environment are also stopped, including Data Lakes and Data Hubs. You can also restart the environment.Delete an environmentDeleting an environment terminates all resources within the environment including the Data Lake.Cleaning up a failed Azure environmentWhen environment creation fails, you should delete the environment. If environment termination fails, you should clean up any resources that might have already been created on your AWS account. Add subnets to an environmentYou can add additional subnets to an existing environment. These subnets will be used for all Data Hub clusters created within the environment in the future.Add security groups to an environmentYou can add additional security groups to an existing environment. These security groups will be used for all Data Hub clusters created within the environment in the future.Change environment's credentialYou can change the credential attached to an environment as long as the new credential provides the required level of access to the same Azure subscription as the old credential. Enabling environment telemetryYou can optionally enable workload analytics so that diagnostic information about job and query execution is sent to Workload Manager for Data Hub clusters. Similarly, you can optionally enable logs collection so that logs generated during deployments will be automatically sent to Cloudera. Adding a customer managed encryption key to a CDP environment running on AzureBy default, local Data Lake, FreeIPA, and Data Hub disks attached to Azure VMs and the PostgreSQL server instance used by the Data Lake and Data Hubs are encrypted with server-side encryption (SSE) using Platform Managed Keys (PMK), but you can optionally configure SSE with Customer Managed Keys (CMK). Defining custom tagsIn the Management Console user interface, you can define tenant-level or environment-level custom tags across all instances and resources provisioned in your organization’s cloud provider account. Enabling a private endpoint for Azure PostgresBy default CDP uses service endpoints, but you can select to use private endpoints instead. During environment registration you can optionally select the “Create Private Endpoint” option to use private endpoints instead of using a service endpoint. Currently, only one service or private endpoint is used, for Azure Postgres. Restricting access for CDP services that create their own security groups on AzureThe security groups that you select to use during environment registration are only used for the Data Lake, FreeIPA, Data Hubs, and Operational Databases running in that environment. The Kubernetes-based CDP services (Data Warehouse and Machine Learning) create their own security groups with rules that should be restricted separately. Configure lifecycle management for logs on AzureTo avoid unnecessary costs related to ALS Gen2 cloud storage, you should create lifecycle management rules for your cloud storage container used by CDP for storing logs so that these logs get deleted once they are no longer useful.