ADMIN-232: Building Secure Cloudera Clusters

Duration: 4 Days (32 Hours)

ADMIN-232: Building Secure Cloudera Clusters:

Designed for Cloudera Data Platform (CDP) administrators, this intensive four-day course imparts essential skills and methodologies to configure solutions aligning with stringent technical security audit criteria. The curriculum revolves around a recommended project plan catering to CDP administrators. The initial project phase encompasses Perimeter Security implementation, entailing host level security and Kerberos installation. Subsequently, the second project stage reinforces data security through Transport Layer Security facilitated by Auto-TLS, along with data encryption utilizing Key Management System and Key Trustee Server (KMS/KTS). The third phase centers on access management for users and data via Ranger and Atlas. The fourth stage elucidates visibility strategies for comprehensive system, user, and data usage auditing. Conclusively, the final project stage assesses application vulnerabilities while introducing CDP protocols for robust risk management within a fully fortified Cloudera Data Platform. This hands-on course predominantly comprises 70% lab exercises and 30% lectures, ensuring immersive learning.

Intended Audience:

  • This course is intended for Linux administrators who are tasked with administering CDP.

Learning Objectives of ADMIN-232: Building Secure Cloudera Clusters:

  • This course teaches how to build secure Cloudera Private Cloud cluster that meet techinical audit compliance, including reference architecture and all required security components, such as Auto-TLS, Kerberos, KMS w/ KTS, Ranger, and Atlas.
CDP Secure by Design
  • CDP Security Models
  • Architecture for CDP Security
  • Roles and Responsibilities
  • Project Plan Stages
  • Architecture for Identity Management
  • Comparing Directory Services
  • Connecting to Lightweight Directory Access Protocol
  • CDP Requirements for Networks
  • CDP Requirements for Hosts
  • Architecture for Transport Layer Security
  • Deploying TLS using Auto-TLS
  • Managing CDP services within TLS
  • Architecture for Kerberos
  • Deploying Kerberos
  • Managing CDP services within Kerberos
  • Architecture for Apache Ranger
  • Deploying Ranger
  • Architecture for Atlas
  • Deploying Atlas
  • Architecture for HDFS encryption
  • Deploying Key Management System with Key Trustee Server
  • Creating and managing encryption zones
  • Architecture for Knox Gateway
  • Deploying Knox Gateway SSO
  • Creating resource policies
  • Creating masking policies
  • Creating Row Level Filtering policies
  • Classifying Data with Tags
  • Creating Ranger Tag Policies 
  • Creating Ranger Masking Policies
  • Auditing access on hosts
  • Auditing users with Ranger
  • Auditing lineage with Atlas
  • Creating multi-tenant environments
  • Threat and Risk Modeling for CDP
  • Regulatory Compliance

ADMIN-232: Building Secure Cloudera Clusters Course Prerequisites

  • We recommend a minimum of 3 to 5 years of system administration experience. Students must have proficiency in Linux CLI and should be familiar with Linux shell scripts. Knowledge of Transport Layer Security, Kerberos, and SQL select statements is helpful. Students must have access to the internet to reach Amazon Web Services (AWS).

Discover the perfect fit for your learning journey

Choose Learning Modality

Live Online

  • Convenience
  • Cost-effective
  • Self-paced learning
  • Scalability


  • Interaction and collaboration
  • Networking opportunities
  • Real-time feedback
  • Personal attention


  • Familiar environment
  • Confidentiality
  • Team building
  • Immediate application

Training Exclusives

This course comes with following benefits:

  • Practice Labs.
  • Get Trained by Certified Trainers.
  • Access to the recordings of your class sessions for 90 days.
  • Digital courseware
  • Experience 24*7 learner support.

Got more questions? We’re all ears and ready to assist!

Request More Details

Please enable JavaScript in your browser to complete this form.

Subscribe to our Newsletter

Please enable JavaScript in your browser to complete this form.