Access the web UIs of open source components - E-MapReduce

In an E-MapReduce (EMR) cluster, the ports over which you can access the web user interfaces (UIs) of open source components, such as Hadoop, Spark, and Flink, are disabled for security purposes. You can access the web UI of an open source component by using the native UI address, the internal or external Knox proxy address, a local port, or a dynamic port based on your business requirements.

Quick selection

You can access the web UIs of open source components by using the addresses that are provided in the EMR console or by creating an SSH tunnel. You can select a method based on your specific needs, network environment, and security requirements.

Scenario	Recommended method	Description
High security requirements	Use the internal Knox proxy address to access the web UIs of open source components	This method provides centralized management and security control and is suitable for the internal use of enterprises.
Access from external users or remote machines	Use the external Knox proxy address to access the web UIs of open source components	This method is suitable for external access that requires high security. Knox provides authentication and authorization mechanisms.
Convenient access from internal users	Use the native UI address to access the web UIs of open source components	This method is suitable for quick and easy access from an internal network environment. You must ensure the security and reliability of the internal network environment.
Flexible access to multiple open source components	Create an SSH tunnel to enable dynamic port forwarding	This method is suitable for users who want to implement flexible access to different open source components and can meet various network requirements.

Usage notes of different methods

Method type	Method	Advantage and disadvantage	Limit
EMR console	Use the native UI address to access the web UIs of open source components	Advantages: You can directly access the web UIs of open source components without the need for additional configurations. This method is suitable only for internal users and provides high security. Disadvantages: External users cannot access the web UIs of open source components. You must enable ports over which the web UIs of open source components can be accessed.	The client that you use must reside in the same internal network environment in which the nodes in your EMR cluster reside.
	Use the internal or external Knox proxy address to access the web UIs of open source components	Internal Knox proxy address Advantages: You need to only enable port 8443 for the security group of a cluster. This method is suitable only for internal users and requires identity authentication, which provides high security. Disadvantages: The configuration is complex. External users cannot access the web UIs of open source components.	The client that you use must reside in the same internal network environment in which the nodes in your EMR cluster reside. Knox is deployed in your EMR cluster. You can use this method to access the web UIs of only specific open source components. Note You can use this method to access the web UIs of the following open source components: YARN, HDFS, Spark 2, Spark 3, Flink, HBase, Impala, Trino, Presto, Tez, and Ranger.
		External Knox proxy address Advantages: You need to only enable port 8443 for the security group of a cluster. This method is suitable for remote access to the web UIs of open source components. This method requires identity authentication and provides high security. Disadvantages: The configuration is complex.	The client that you use must connect to the master node of your EMR cluster. Knox is deployed in your EMR cluster. You can use this method to access the web UIs of only specific open source components. Note You can use this method to access the web UIs of the following open source components: YARN, HDFS, Spark 2, Spark 3, Flink, HBase, Impala, Trino, Presto, Tez, and Ranger.
SSH tunnel	Create an SSH tunnel to enable local port forwarding	Advantages: SSL-encrypted data transmission is supported. You need to only configure simple commands. Disadvantages: The client that you use must connect to the master node of your EMR cluster over SSH. You need to enable multiple ports for the security group of your cluster.	The client that you use must connect to the master node of your EMR cluster. You cannot view the job details.
SSH tunnel	Create an SSH tunnel to enable dynamic port forwarding	Advantages: SSL-encrypted data transmission is supported. You can enable one port for accessing the web UIs of multiple open source components. Disadvantages: The configuration is complex. The client that you use must connect to the master node of your EMR cluster over SSH.	The client that you use must connect to the master node of your EMR cluster.