Hi all, Ambari web offers Ambari views feature to proxy third party UI in 2014, then Knox was introduced as a security REST gateway. It seems there are some duplicate functions of reverse proxy from two different view points. Ambari was original design to be a multi-cluster deployment system for system administrators. The exposure of Ambari Server is mostly to operational folks who may want to restrict Ambari Server access to private management network only. Can Ambari views be exposed to outside and not expose Ambari-Server UI?
Is Knox designed as a gateway in front of Ambari views? If Knox is a gateway in front of Ambari views, shouldn't reverse proxy feature being inside of Knox project instead of Ambari views? If Knox is behind Ambari views, what mechanism will be to secure Ambari views? Take Hue as a possible candidate for assimilation. For someone to integrate Hue into the stack of software. Option 1: Someone needs to modify the login mechanism for Hue to accept Knox authentication, and define Ambari views quick link to Hue UI, if Knox is in front of Ambari views. Ambari views is the landing page for all end user facing UI. The only issue is, can Ambari views and Ambari Server deploy to two different networks? Hue is a data scientist UI that end users facing network. Ambari Web is ops oriented, and deployed on ops only network. Option 2: It is also possible only reverse proxy via Knox only, which makes Ambari views proxy irrelevant to end user facing UI. Option 3: If Ambari views are in front of Knox, Hue authentication remains standalone, and Ambari views will do the proxy. This may breach security model offer by Knox. It would be great to discuss this to ensure there is no duplication between projects. Thanks regards, Eric
