CDP identity management CDP Identity Management includes CDP user management system, Free IPA, identity federation, and Knox authentication. FreeIPA identity managementFederating identity management with users/groups maintained in FreeIPA and passwords authenticated via SSO to an SAML-compliant identity provider (IDP) provides the necessary backbone infrastructure needed for CDP services, without requiring you to expose your on-prem identity management system over the network. Cloud identity federationWhen accessing cloud storage in CDP, credentials are provided by Knox IDBroker, an identity federation solution that exchanges cluster authentication for temporary cloud credentials. Authentication with Apache KnoxApache Knox handles proxy for web UIs and APIs, and Trusted Proxy propagates the authenticated end user to the backend service.TLS encryption using auto-TLSAuto-TLS greatly simplifies the process of enabling and managing TLS encryption on your cluster.Secure in-bound communicationThe CDP Control Plane reaches out to workload environments for various command and control purposes. These connections currently go over the Internet to the workload environment hosts. As a consequence, CDP currently deploys workloads into public (Internet routable) subnets.
