ADMIN-332CRClouderaCR-ADMIN-3321.0<p>We recommend a minimum of 3 to 5 years of system administration experience in industry. Students must have proficiency in Linux CLI. Knowledge of Directory Services, Transport Layer Security, Kerberos, and SQL select statements is helpful. Prior experience with Cloudera products is expected, experience with CDH or HDP is sufficient. Students must have access to the Internet to reach Amazon Web Services.</p><p>This immersion course is intended for Linux Administrators who are taking up roles as CDP Administrators.</p><ul> <li>Architecture for CDP Clusters</li><li>Requirements for an isolated network</li><li>Comparison of Active Directory to Identity, Policy, and Audit</li><li>Theory and installation of <ul> <li>Kerberos</li><li>Auto-TLS</li><li>Ranger</li><li>Atlas</li><li>Ranger Key Management Service</li><li>Knox Gateway</li></ul></li><li>Building Ranger Resource Policies</li><li>Creating Atlas Classifications</li><li>Building Ranger Tag Policies</li></ul><h5>Security Management</h5><ul> <li>CDP Security Models</li><li>CDP Security Pillars</li><li>CDP Security Levels</li></ul><h5>Project Planning</h5><ul> <li>The Importance of Project Planning</li><li>Roles and Responsibilities Isolated Networks</li><li>Architecture for Network Security</li><li>Building an Isolated Network</li></ul><h5>Identity Management</h5><ul> <li>FreeIPA or Active Directory</li><li>Identity Management Architecture</li><li>Pluggable Authentication Modules</li><li>Lightweight Directory Access Protocol</li><li>Cloudera Manager Roles</li><li>Managing Super Users</li></ul><h5>Quality Controlled Hosts</h5><ul> <li>CDP Requirements for Hosts</li><li>Recommendations for deployment hosts</li></ul><h5>Encrypt Network Traffic</h5><ul> <li>Theory for Security Protocols</li><li>Tools: openssl and keytool</li><li>Architecture for Certificate Authorities</li><li>Deploying TLS using Auto-TLS</li><li>Deploying SASL</li></ul><h5>Authentication with Kerberos</h5><ul> <li>Architecture for Kerberos</li><li>Kerberos CLI</li><li>Deploying Kerberos</li><li>Managing CDP services within Kerberos</li></ul><h5>Shared Data Experience (SDX)</h5><ul> <li>Architecture for Apache Ranger</li><li>Deploying Ranger</li><li>Deploying Infra Solr</li><li>Deploying Atlas</li></ul><h5>Data at Rest</h5><ul> <li>Theory for KMS with KTS</li><li>Deploying KMS with KTS</li><li>Encrypting Data at Rest</li></ul><h5>Single Sign-On with Knox Gateway</h5><ul> <li>Architecture for Knox Gateway</li><li>Installing Knox Gateway</li><li>Deploying Knox Gateway SSO</li><li>Accessing services through Knox Gateway</li></ul><h5>Authorization with Ranger</h5><ul> <li>Creating Ranger Data Encryption Zones</li><li>Creating Ranger Security Zones</li><li>Creating Ranger resource policies</li><li>Creating Ranger masking policies</li></ul><h5>Classify Data with Atlas</h5><ul> <li>Ranger Policies for Atlas</li><li>Searching Atlas</li><li>Classifying Data with Tags</li><li>Creating Ranger Tag Policies</li><li>Creating Ranger Masking Policies</li></ul><h5>Audit CDP</h5><ul> <li>Auditing access on hosts</li><li>Auditing users with Ranger</li><li>Auditing lineage with Atlas</li><li>Troubleshooting with Audits</li></ul><h5>Commission CDP</h5><ul> <li>Validating Security Level 2</li><li>Checklist for commissioning CDP</li></ul><h5>Achieving Compliance</h5><ul> <li>Regulatory Compliance</li><li>Roadmap to Security Level 3</li></ul>We recommend a minimum of 3 to 5 years of system administration experience in industry. Students must have proficiency in Linux CLI. Knowledge of Directory Services, Transport Layer Security, Kerberos, and SQL select statements is helpful. Prior experience with Cloudera products is expected, experience with CDH or HDP is sufficient. Students must have access to the Internet to reach Amazon Web Services.This immersion course is intended for Linux Administrators who are taking up roles as CDP Administrators.- Architecture for CDP Clusters - Requirements for an isolated network - Comparison of Active Directory to Identity, Policy, and Audit - Theory and installation of - Kerberos - Auto-TLS - Ranger - Atlas - Ranger Key Management Service - Knox Gateway - Building Ranger Resource Policies - Creating Atlas Classifications - Building Ranger Tag PoliciesSecurity Management - CDP Security Models - CDP Security Pillars - CDP Security Levels Project Planning - The Importance of Project Planning - Roles and Responsibilities Isolated Networks - Architecture for Network Security - Building an Isolated Network Identity Management - FreeIPA or Active Directory - Identity Management Architecture - Pluggable Authentication Modules - Lightweight Directory Access Protocol - Cloudera Manager Roles - Managing Super Users Quality Controlled Hosts - CDP Requirements for Hosts - Recommendations for deployment hosts Encrypt Network Traffic - Theory for Security Protocols - Tools: openssl and keytool - Architecture for Certificate Authorities - Deploying TLS using Auto-TLS - Deploying SASL Authentication with Kerberos - Architecture for Kerberos - Kerberos CLI - Deploying Kerberos - Managing CDP services within Kerberos Shared Data Experience (SDX) - Architecture for Apache Ranger - Deploying Ranger - Deploying Infra Solr - Deploying Atlas Data at Rest - Theory for KMS with KTS - Deploying KMS with KTS - Encrypting Data at Rest Single Sign-On with Knox Gateway - Architecture for Knox Gateway - Installing Knox Gateway - Deploying Knox Gateway SSO - Accessing services through Knox Gateway Authorization with Ranger - Creating Ranger Data Encryption Zones - Creating Ranger Security Zones - Creating Ranger resource policies - Creating Ranger masking policies Classify Data with Atlas - Ranger Policies for Atlas - Searching Atlas - Classifying Data with Tags - Creating Ranger Tag Policies - Creating Ranger Masking Policies Audit CDP - Auditing access on hosts - Auditing users with Ranger - Auditing lineage with Atlas - Troubleshooting with Audits Commission CDP - Validating Security Level 2 - Checklist for commissioning CDP Achieving Compliance - Regulatory Compliance - Roadmap to Security Level 34 jours3520.00