How To Set Up Access to Cloudera EDH or Cloudera Director (Microsoft Azure Marketplace)
- Set up a SOCKS (Sockets Secure protocol) proxy on your client machine. Cloudera recommends that you use this option.
- Add inbound rules to the Network Security Group in the Azure instance after you deploy EDH or Director to Azure.
Configure the SOCKS Proxy
The SOCKS5 protocol is implemented as a client and server process that enables traversal of IP network firewalls. After you configure the SOCKS proxy, your browser resolves DNS lookups using the Microsoft Azure network (through the proxy server), and lets you connect to services using internal FQDNs or private IP address.
- Set up a single SSH tunnel to one of the hosts on the network and create a SOCKS proxy on the host.
- Change the browser configuration to perform all lookups through the SOCKS proxy host.
Network Prerequisites
- You must be able to reach the host that you want to proxy to from the public internet or from the network that you're connecting from.
- The host that you proxy to must be on the same network as the Cloudera services that you're connecting to. For example, if you’re using the Cloudera EDH offering, tunnel to the Cloudera Manager host. If you're using the Cloudera Director offering, tunnel to the Cloudera Director host.
Find the Public IP of the Host
Only one VM is created for the Cloudera Director. Use the public IP of that VM.
For the Cloudera EDH offering, use the public IP of the 0th master node VM: [dnsName]-mn0.
Start the SOCKS Proxy
On Linux
ssh -i your-key-file.pem -CND 1080 the_username_you_specified@publicIP_of_VM
- -i your-key-file.pem Specifies the path to the private key needed to SSH to the Cloudera Director server. Omit if using SSH passwords.
- C Sets up compression.
- N Suppresses any command execution once established.
- D Sets up the SOCKS proxy on a port.
- 1080 The port to set the SOCKS proxy locally.
On Windows
Follow the instructions on Microsoft's website.
Configure Google Chrome to Use the Proxy
- The SOCKS proxy port. This must be the same port that you used when you started the proxy.
- The profile. This examples below create a new profile.
Use one of the following commands to create a profile and launch a new instance of Chrome that does not conflict with any currently running Chrome instances.
/usr/bin/google-chrome \ --user-data-dir="$HOME/chrome-with-proxy" \ --proxy-server="socks5://localhost:1080"
"/Applications/Google Chrome.app/Contents/MacOS/Google Chrome" \ --user-data-dir="$HOME/chrome-with-proxy" \ --proxy-server="socks5://localhost:1080"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" ^ --user-data-dir="%USERPROFILE%\chrome-with-proxy" ^ --proxy-server="socks5://localhost:1080"
In this Chrome session, you can use the private IP address or internal FQDN to connect to any host that is accessible by Cloudera Director. For example, if you proxy to the Cloudera Director server, you can connect to Cloudera Director as if it were local by entering localhost:7189 in the Chrome URL bar.
Network Security Group
Warning: This method is not recommended for any purpose other than a Proof of Concept. If the data is not carefully locked down, it will be accessible to hackers and malicious entities.
On portal.azure.com, find the Network Security Group(s) and add inbound rules for the various services. You may have to create these rules for the services. Refer to Cloudera documentation for more information on ports used by Cloudera Manager, CDH components, managed services, and third-party components.
<< How to Set Up a Gateway Host to Restrict Access to the Cluster | ©2016 Cloudera, Inc. All rights reserved | How to Use Self-Signed Certificates for TLS >> |
Terms and Conditions Privacy Policy |