Course Overview
This four-day hands-on course for Cloudera Data Platform (CDP) administrators teaches the skills and practices needed to configure solutions that meet the most demanding technical security audit standards. The course is built around a recommended project plan for CDP administrators. The first project stage is implementation of Perimeter Security by installing host level security and Kerberos. The second project stage protects data by implementing Transport Layer Security via Auto-TLS and data encryption using Key Management System and Key Trustee Server (KMS/KTS). The third project stage controls access for users and data using Ranger and Atlas. The fourth stage teaches visibility practices for auditing of systems, users, and data usage. The final project stage analyzes applications in terms of vulnerabilities and introduces CDP practices for risk management in a fully secured Cloudera Data Platform. This course is primarily hands-on, consisting of 70% lab exercise and 30% lecture.
Who should attend
This course is intended for Linux administrators who are tasked with administering CDP.
Prerequisites
We recommend a minimum of 3 to 5 years of system administration experience. Students must have proficiency in Linux CLI and should be familiar with Linux shell scripts. Knowledge of Transport Layer Security, Kerberos, and SQL select statements is helpful. Students must have access to the internet to reach Amazon Web Services (AWS).
Course Objectives
In this course, you will come to understand:
- The CDP “Secure by Design” models, architecture, and tools
- Project planning for implementing a fully secured CDP
- CDP administrator recommended best practices for security
- How to create encryption zones and security zones for data isolation
- Advanced access control policies and how to use data lineage tools
- How to achieve regulatory compliance
Course Content
CDP Secure by Design
- CDP Security Models
- Architecture for CDP Security
Project Planning for Securing CDP
- Roles and Responsibilities
- Project Plan Stages
Connecting to Directory Services
- Architecture for Identity Management
- Comparing Directory Services
- Connecting to Lightweight Directory Access Protocol
Hardening Networks and Hosts
- CDP Requirements for Networks
- CDP Requirements for Hosts
Protecting Data in Motion
- Architecture for Transport Layer Security
- Deploying TLS using Auto-TLS
- Managing CDP services within TLS
Managing Authentication with Kerberos
- Architecture for Kerberos
- Deploying Kerberos
- Managing CDP services within Kerberos
Deploying Authorization
- Architecture for Apache Ranger
- Deploying Ranger
- Architecture for Atlas
- Deploying Atlas
Protecting Data at Rest
- Architecture for HDFS encryption
- Deploying Key Management System with Key Trustee Server
- Creating and managing encryption zones
Creating Single Sign-On with Knox Gateway
- Architecture for Knox Gateway
- Deploying Knox Gateway SSO
Managing Authorization with Ranger
- Creating resource policies
- Creating masking policies
- Creating Row Level Filtering policies
Classifying Data with Atlas
- Classifying Data with Tags
- Creating Ranger Tag Policies
- Creating Ranger Masking Policies
Auditing CDP
- Auditing access on hosts
- Auditing users with Ranger
- Auditing lineage with Atlas
Bringing Applications Aboard CDP
- Creating multi-tenant environments
Achieving Compliance
- Threat and Risk Modeling for CDP
- Regulatory Compliance