This is the documentation for Cloudera Manager 5.1.x. Documentation for other versions is available at Cloudera Documentation.
Configuring TLS Security for Cloudera Manager
Important- Cloudera strongly recommends that you set up a fully-functional CDH cluster and Cloudera Manager before you begin configuring it to use TLS.
- Once Level 3 TLS is configured, if you want to add new hosts running Agents, you must
manually deploy the Cloudera Manager Agent and daemon packages for your
platform, issue a new certificate for the host, configure
/etc/cloudera-scm-agent/config.ini to use SSL/TLS and then
bring the host online.
Conversely, you can disable TLS to add the host, configure the new host for TLS, then re-enable with the proper configuration in place. Either approach is valid, based on your needs.
Transport Layer Security (TLS) provides encryption and authentication in the communications between the Cloudera Manager Server and Agents. Encryption prevents snooping of communications, and authentication helps prevent malicious Servers or Agents from causing problems in your cluster. Cloudera Manager supports three levels of TLS security:
- Level 1 (Good) - Encrypted communications between the Server and Agents only; no authentication of Server and Agents. See Configuring TLS Encryption only for Cloudera Manager.
- Level 2 (Better) - Encrypted communications and authentication of Server to Agents and users; no authentication of Agents to Server. See Configuring TLS Authentication of Server to Agents.
- Level 3 (Best) - Encrypted communications, authentication of Server to Agents, and authentication of Agents to Server. See Configuring TLS Authentication of Agents to Server.
To enable TLS encryption for all connections between your Web browser running the Cloudera Manager Admin Console and the Cloudera Manager Server, see Configuring TLS Encryption for Cloudera Manager Admin Console.
| << Configuring External Authentication | Configuring TLS Encryption only for Cloudera Manager >> | |