Skip to main content

Privacera Documentation

Set up Discovery on Azure for Privacera Platform

This topic allows you to setup the Azure configuration for installing Privacera Discovery.

Prerequisites

Ensure the following prerequisites are met:

Azure storage account

Azure Cosmos DB account

  • Create an Azure Cosmos DB.

  • Get the URI from the Overview section.

  • Get the Primary Key from the Settings > Keys section.

  • Set the consistency to Strong in the Settings > Default Consistency section.

For Terraform

  • Assign permissions to create Azure resources using managed-identity.

Procedure
  1. SSH to the instance where Privacera is installed.

  2. Run the following commands.

    cd ~/privacera/privacera-manager  
    cp config/sample-vars/vars.kafka.yml config/custom-vars
    vi config/custom-vars/vars.kafka.yml
    
  3. Run the following commands.

    cd ~/privacera/privacera-manager  
    cp config/sample-vars/vars.discovery.azure.yml config/custom-vars
    vi config/custom-vars/vars.discovery.azure.yml
    
  4. Edit the following properties. For property details and description, refer to the Configuration Properties below.

    DISCOVERY_FS_PREFIX: "<PLEASE_CHANGE>"
    DISCOVERY_AZURE_STORAGE_ACCOUNT_NAME: <PLEASE_CHANGE>"
    DISCOVERY_COSMOSDB_URL: <PLEASE_CHANGE>"
    DISCOVERY_COSMOSDB_KEY: "<PLEASE_CHANGE>"
    DISCOVERY_AZURE_STORAGE_ACCOUNT_KEY: "<PLEASE_CHANGE>"
    CREATE_AZURE_RESOURCES: "false"
    DISCOVERY_AZURE_RESOURCE_GROUP: "<PLEASE_CHANGE>"
    DISCOVERY_AZURE_COSMOS_DB_ACCOUNT: "<PLEASE_CHANGE>"
    DISCOVERY_AZURE_LOCATION: "<PLEASE_CHANGE>"
    
  5. (Optional) If you want to customize Discovery configuration further, you can add custom Discovery properties. For more information, refer to Set custom Discovery properties on Privacera Platform.

    For example, by default, the username and password for the Discovery service is padmin/padmin. If you choose to change it, refer to Add custom properties using Privacera Manager on Privacera Platform.

  6. To configure real-time scan for audits, refer to Enable Pkafka for real-time audits in Discovery on Privacera Platform.

  7. Run the following commands.

    cd ~/privacera/privacera-manager  
    ./privacera-manager.sh update
    

Configuration properties for Discovery on Azure

Property

Description

Example

DISCOVERY_ENABLE

In the Basic tab, enable/disable Privacera Discovery.

DISCOVERY_REALTIME_ENABLE

In the Basic tab, enable/disable real-time scan in Privacera Discovery.

For real-time scan to work, ensure the following:

  • If you want to scan the default ADLS app registered by the system at the time of installation, keep its app properties unchanged in Privacera Portal.

  • If you want to scan a user-registered app, the app properties in Privacera Portal and its corresponding discovery.yml should be the same.

  • At a time, only one app can be scanned.

DISCOVERY_FS_PREFIX

Enter the container name. Get it from the Prerequisites section.

container1

DISCOVERY_AZURE_STORAGE_ACCOUNT_NAME

Enter the name of the Azure Storage account. Get it from the Prerequisites section.

azurestorage

DISCOVERY_COSMOSDB_URL

DISCOVERY_COSMOSDB_KEY

Enter the Cosmos DB URL and Primary Key. Get it from the Prerequisites section.

DISCOVERY_COSMOSDB_URL: "https://url1.documents.azure.com:443/"

DISCOVERY_COSMOSDB_KEY: "xavosdocof"

DISCOVERY_AZURE_STORAGE_ACCOUNT_KEY

Enter the Access Key of the storage account. Get it from the Prerequisites section.

GMi0xftgifp==

[Properties of Topic and Table names](../pm-ig/customize_topic_and_tables_names.md)

Topic and Table names are assigned by default in Privacera Discovery. To customize any topic or table name, refer to the link.

PKAFKA_EVENT_HUB

In the Advanced > Pkafka Configuration section, enter the Event Hub name. Get it from the Prerequisites section.

eventhub1

PKAFKA_EVENT_HUB_NAMESPACE

In the Advanced > Pkafka Configuration section, enter the name of the Event Hub namespace. Get it from the Prerequisites section.

eventhubnamespace1

PKAFKA_EVENT_HUB_CONSUMER_GROUP

In the Advanced > Pkafka Configuration section, enter the name of the Consumer Group. Get it from the Prerequisites section.

congroup1

PKAFKA_EVENT_HUB_CONNECTION_STRING

In the Advanced > Pkafka Configuration section, enter the connection string. Get it from the Prerequisites section.

Endpoint=sb://eventhub1.servicebus.windows.net/;

SharedAccessKeyName=RootManageSharedAccessKey;

SharedAccessKey=sAmPLEP/8PytEsT=

CREATE_AZURE_RESOURCES

For terraform usage, assign the value as true. Its default value is false.

true

DISCOVERY_AZURE_RESOURCE_GROUP

Get the value from the Prerequisite section.

resource1

DISCOVERY_AZURE_COSMOS_DB_ACCOUNT

Get the value from the Prerequisite section.

database1