Connect, Identity and Access Management, Cloud 감사 로그, Cloud Key Management Service, Security Command Center 등의 Google Cloud 통합을 제공합니다.
계약 상의 지원을 목적으로 액세스 투명성 및 액세스 승인을 사용하여 고객 클러스터에 대한 Google 관리 액세스를 제한하고 로깅합니다.
Dataproc 이미지에 포함된 Dataproc 및 오픈소스 구성요소를 구성하기 위한 권장사항 제공
Dataproc: 고객의 책임
애플리케이션 코드, 커스텀 이미지, 데이터, IAM 정책, 실행하는 클러스터를 포함한 워크로드 유지보수
최신 하위 마이너 이미지 버전을 활용하고, 커스텀 이미지를 즉시 새로 고치고, 가능한 한 빨리 최신 마이너 이미지 버전으로 마이그레이션하여 최신 Dataproc 이미지에서 클러스터를 실행합니다. 이미지 메타데이터에는 previous-subminor 라벨이 포함되며, 클러스터가 최신 하위 마이너 이미지 버전을 사용하지 않는 경우 이 라벨은 true로 설정됩니다. 자세한 내용은 버전 관리에 관한 중요사항을 참조하세요.
문제 해결 목적으로 요청을 받은 경우 Google에 환경 세부정보 제공
Dataproc과 기타 Google Cloud서비스 구성 및 Dataproc 이미지에 포함된 오픈소스 구성요소 구성에 대한 권장사항 준수
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-08-27(UTC)"],[[["\u003cp\u003eGoogle's responsibilities for Dataproc include securing the underlying infrastructure, releasing security patches for Dataproc images, providing Google Cloud integrations, restricting and logging administrative access, and recommending configuration best practices.\u003c/p\u003e\n"],["\u003cp\u003eCustomers are responsible for maintaining their workloads, including application code, custom images, data, IAM policy, and clusters, and ensuring they run on up-to-date Dataproc images.\u003c/p\u003e\n"],["\u003cp\u003eGoogle encrypts data at rest and in transit, utilizes custom-designed hardware, and implements private network cables as part of their infrastructure protection.\u003c/p\u003e\n"],["\u003cp\u003eCustomers should leverage the latest subminor image version of Dataproc images, and migrate to the most recent minor image version when possible.\u003c/p\u003e\n"],["\u003cp\u003eGoogle will request customers for environmental details to be used for troubleshooting purposes.\u003c/p\u003e\n"]]],[],null,["Running business-critical workloads on Dataproc requires multiple parties to\ncarry different responsibilities. While not an exhaustive list, this page lists\nthe responsibilities for Google and the customer.\n\nDataproc: Google responsibilities\n\n- Protecting the underlying infrastructure, including hardware, firmware, kernel,\n OS, storage, network, and more. This includes:\n\n - [encrypting data at rest by default](/security/encryption-at-rest/default-encryption)\n - providing [additional customer-managed disk encryption](/dataproc/docs/concepts/configuring-clusters/customer-managed-encryption)\n - [encrypting data in transit](https://cloud.google.com/security/encryption-in-transit)\n - using [custom-designed hardware](/docs/security/titan-hardware-chip)\n - laying [private network cables](https://cloud.google.com/about/locations#network-tab)\n - protecting data centers from physical access\n - protecting the bootloader and kernel against modification using [Shielded Nodes](/kubernetes-engine/docs/how-to/shielded-gke-nodes)\n - providing network protection with [VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products)\n - following secure software development practices\n- Releasing security patches for Dataproc images . This includes:\n\n - patches for the base operating systems included in [Dataproc images](/dataproc/docs/concepts/versioning/dataproc-version-clusters) (Ubuntu, Debian, and Rocky Linux)\n - patches and fixes available for the [open source components](/dataproc/docs/concepts/versioning/dataproc-release-2.1) included in Dataproc images Security patches may only be available for operating system versions or open source software that are included in the most recent version of Dataproc images. Leveraging the latest Dataproc image version available is a customer responsibility.\n- Providing Google Cloud integrations for Connect, Identity and Access Management,\n Cloud Audit Logs, Cloud Key Management Service, Security Command Center, and others.\n\n- Restricting and logging Google administrative access to customer clusters for\n contractual support purposes with [Access Transparency](/access-transparency)\n and [Access Approval](/assured-workloads/access-approval/docs/overview)\n\n- Recommending best practices for configuring Dataproc and the open source\n components included in Dataproc images\n\nDataproc: Customer responsibilities\n\n- Maintaining your workloads, including your application code, custom images, data,\n IAM policy, and clusters that you run\n\n- Running clusters on up-to-date Dataproc images\n by leveraging the latest\n [subminor image version](/dataproc/docs/concepts/versioning/dataproc-version-clusters#debian_images),\n promptly refreshing your custom images, and migrating to the most recent minor\n image version as soon as it is feasible. Image metadata includes a\n `previous-subminor` label, which is set to `true` if the cluster is not\n using the latest subminor image version. For information on how to view\n image metadata, see\n [Important notes about versioning](/dataproc/docs/concepts/versioning/overview#important_notes_about_versioning).\n\n- Providing Google with environmental details when requested for troubleshooting\n purposes\n\n- Following best practices for the configuration of Dataproc and other Google Cloud\n services, and for the configuration of open source components included in\n Dataproc images"]]