Running Cloudera Director and Cloudera Manager in Different Regions or Clouds

A Cloudera Director instance requires network access to all of the Cloudera Manager and CDH instances it deploys and manages. If Cloudera Director is installed in the same subnet where you install Cloudera Manager and create CDH clusters, this requirement is satisfied automatically. However, the following alternative configurations are also supported:
  • Running Cloudera Director in one region and Cloudera Manager and the CDH clusters it manages in a different region.
  • Installing Cloudera Director on one cloud provider, such as AWS, and Cloudera Manager and the CDH clusters it manages on a different cloud provider, such as Google Cloud Platform.
  • Installing Cloudera Director in your local network environment (on your laptop, for instance), and Cloudera Manager and the CDH clusters it manages in a cloud environment.

The most secure solution in these cases is to set up a VPN giving Cloudera Director access to the private subnet. Alternatively, Cloudera Director can be given SSH access to the instances through the public internet.

When using SSH to configure Cloudera Manager and CDH instances, Cloudera Director will try to connect to the instances in the following order:
  1. Private IP address
  2. Private DNS host name
  3. Public IP address
  4. Public DNS host name
The following requirements apply to running Cloudera Director and clusters in different regions or cloud provider environments when connecting to instances through their public endpoints:
  • Your cluster instances must have public IP addresses and your security group must allow access to them through SSH.
  • While Cloudera Director can run in a different subnet, Cloudera Manager and the CDH cluster hosts must be in the same subnet.
  • Cloudera Director must have SSH access to the public IP addresses of all cluster instances.
  • Cloudera Director needs to communicate with Cloudera Manager on its API endpoint (typically through HTTP to port 7189) on the private IP address. For security reasons, this endpoint should not be exposed to the public internet.
    • For Cloudera Manager instances that were deployed by Cloudera Director, if Cloudera Director cannot make a direct connection to the Cloudera Manager API on the private IP address, it will automatically attempt to create an SSH tunnel to the Cloudera Manager API endpoint through an SSH connection to the instance on its public IP address.
    • Connecting to an existing deployment of Cloudera Manager through SSH tunneling is not supported.