Security terminology

The following terminology is key to understanding CDP security:

Table 1. Management Console terminology
Term	Description
Credential	A credential allows CDP to authenticate with your cloud provider account and obtain authorization to provision cloud provider resources on your behalf.
Environment	In CDP, an environment is a logical subset of your cloud provider account including a specific virtual network. A credential provides CDP with access to an environment.
Data Lake	Data Lake is a service for creating safe, secure, and governed Data Lake which provides a protective ring around the data stored in a cloud object store.
Virtual network	An environment corresponds to a single private virtual network (for example VPC on AWS) into which all your CDP resources are deployed.
Security access settings	Security access settings refer to security groups that are created on your cloud provider account to allow communication via specific ports.

Table 2. Knox terminology
Term	Description
FreeIPA	FreeIPA is an open-source product that combines four identity management capabilities: LDAP directory, Kerberos KDC, DNS server, and Certificate Authority (CA).
IDBroker	An identity federation solution that exchanges cluster authentication for temporary cloud credentials.
Knox Gateway	A reverse proxy that authenticates proxy for web UIs and HTTP APIs.
Trusted Proxy	Propagates the authenticated end user to the backend service.