Skip to content

Integrate Privacera Services in Separate VPC

In some network topologies, the systems that Privacera needs to work with (such as Databricks or other data source) might be in a Virtual Private Cloud (VPC) that is separate from the VPC where Privacera runs. This separate VPC might be behind a required firewall that must not be changed due to security requirements.

This network configuration needs some manual steps to configure Privacera properties to use a private link between those separate VPCs and certain Privacera services. The affected Privacera services are as follows:

  • Privacera Ranger for installed plugins to retrieve policies.
  • Privacera Audit Server for installed plugins to push audits data.
  • Privacera Data Server for the Privacera Signed URL feature.

Prerequisites#

  • You have already installed Privacera Manager.
  • You have identified the VPCs that must be linked.
  • The load balancer between the VPCs must be a Network Load Balancer (NLB), not a classic load balancer, which is not sufficiently performant for this network topology.

Steps#

The details here explain the manual steps needed to to configure certain properties to allow a private link between Privacera and those VPC-protected systems.

Configure Privacera Ranger Load Balancer Properties#

  1. Create a Ranger configuration directory:

    cd ~/privacera/privacera-manager
    mkdir -p config/custom-vars/ranger-admin
    
  2. Edit a Privacera Ranger properties configuration file to add the following lines:

    vi config/custom-vars/ranger-admin/ranger-service.yml
    
    metadata:
    
      annotations:
    
        service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
        service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
    
  3. Save the file.

Configure Privacera Audit Server Load Balancer Properties#

  1. Create an Audit Server configuration directory:

    cd ~/privacera/privacera-manager
    mkdir -p config/custom-vars/auditserver
    
  2. Edit a Privacera Ranger Audit Server configuration file to add the following lines:

    vi config/custom-vars/auditserver/auditserver-service.yml
    
    metadata:
    
      annotations:
    
        service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
        service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
    
  3. Save the file.

Configure Privacera Data Server Load Balancer Properties#

  1. Create a Data Server configuration directory:

    cd ~/privacera/privacera-manager
    mkdir -p config/custom-vars/dataserver
    
  2. Edit a Privacera Data Server configuration file to add the following lines:

    vi config/custom-vars/dataserver/dataserver-service.yml
    
    metadata:
    
      annotations:
    
        service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
        service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
    
  3. Save the file.

Update Privacera Manager#

cd ~/privacera/privacera-manager
./privacera-manager.sh update

Last update: July 23, 2021