Configuring TLS Security for Cloudera Manager
- Cloudera strongly recommends that you set up a fully-functional CDH cluster and Cloudera Manager before you begin configuring it to use TLS.
- If you want to add new hosts after performing the following procedures to enable TLS, you must disable TLS and then configure TLS for each new host. For more information, see Adding a Host to the Cluster.
Transport Layer Security (TLS) provides encryption and authentication in the communications between the Cloudera Manager Server and Agents. Encryption prevents snooping of communications, and authentication helps prevent malicious Servers or Agents from causing problems in your cluster. Cloudera Manager supports three levels of TLS security:
- Level 1 (Good) - Encrypted communications between the Server and Agents only; no authentication of Server and Agents. See Configuring TLS Encryption only for Cloudera Manager.
- Level 2 (Better) - Encrypted communications and authentication of Server to Agents and users; no authentication of Agents to Server. See Configuring TLS Authentication of Server to Agents.
- Level 3 (Best) - Encrypted communications, authentication of Server to Agents, and authentication of Agents to Server. See Configuring TLS Authentication of Agents to Server.
To enable TLS encryption for all connections between your Web browser running the Cloudera Manager Admin Console and the Cloudera Manager Server, see Configuring TLS Encryption for Cloudera Manager Admin Console.