Skip to content

Install Default Services#

The default services are the basic services required by Privacera for its normal functioning. In each of the services, you can configure basic, advanced and custom configurations.

For a standard installation, the following services are enabled by default and are not required to be configured separately:

  • Apache Ranger
  • MariaDB
  • Zookeeper

To set up the default services, expand each configuration below and set their properties. After completing a configuration, click Save & Next to proceed further.

Configure Platform Defaults#

Expand

You can configure the AWS region in Privacera for an AWS instance using PM-UI. To configure the region, perform the following steps:

  1. In the Basic tab, enter the AWS Region where Privacera is installed. For example, us-east-1.

  2. Click Save.

Configure Privacera Portal#

Expand

SSO Configuration#

You can configure single sign-on (SSO) for Privacera Portal using one of the following SSO providers:

  • SAML

  • Okta

OKTA

Prerequisite

Setup an Okta Authorization and get the values for the following to use them in the configuration:

  • authorization_endpoint
  • token_endpoint
  • Client ID
  • Client Secret
  • User Info URI

Configurtion

  1. Set UI SSO Enable.

  2. Select OAUTH as provider.

  3. Configure the properties. For more information, refer OKTA.

SAML

Prerequisite

Configure the SSO in Azure Portal and get the values for the following to use them in the configuration:

  • Entity ID

  • Federation Metadata XML

Configurtion

  1. Set UI SSO Enable.

  2. Select SAML as provider.

  3. Configure the properties. For more information, refer SAML.

LDAP Configuration#

You can configure the Privacera Portal to reference an external LDAP or LDAP over SSL directory for the purpose of Privacera Portal user login authentication.

Configuration

  1. Set Enable Portal LDAP.

  2. Configure the properties. For more information, refer LDAP/LDAP-S.

HA Configuration#

Expand

You can configure the Privacera Portal HA mode for AWS. Under a normal working environment, the core Privacera services such as Solr, MariaDB, Dataserver, Zookeeper, and Ranger connect to a Portal service. By configuring a HA mode for Privacera Portal, it would ensure that the Portal service is always up and running.

Zookeeper is given the task of electing which pod/node would be Master. In a 3 pod setup, Zookeeper automatically elects a pod as a master node and the remaining pods as slaves.

Prerequisites

Assign an IAM role with a policy that gives access to the AWS Controller for Kubernetes (ACK). To attach such an IAM role, click here.

Configuration

  1. Set Portal k8s HA Enable.

  2. In Portal k8s replicas, enter an odd number of nodes/pods to be created.

    Zookeeper that manages the nodes/pods requires an odd number to elect a master node successfully.

    Note

    A minimum of three nodes is required in HA mode. A value of 1 turns off HA mode.

AWS ALB Ingress Configuration#

Expand

AWS load balancer ingress is required in an HA mode to achieve a sticky session, so that Privacera Portal can be accessed using a browser.

Prerequisites

Assign an IAM role with a policy that gives access to the AWS Controller for Kubernetes (ACK). To attach such an IAM role, click here.

Configuration

  1. Set AWS ALB Ingress Enable.

  2. Set AWS ALB Ingress Manage ACM Certificates.

Configure AuditServer#

Expand

You can set up an AuditServer to receive audits from Privacera Plugins and send audits to Solr and Fluentd. If you choose to keep the audits beyond a 90-day period, you can use AuditServer for that purpose.

Configuration

  1. Set Audit Server Enable.

  2. Configure the properties. For more information, AuditServer.

  3. Click Save & Next.

Configure Aurora DB#

Expand

This configuration appears when you select Select Policy Store > Aurora DB in the Platform and Installation Type.

You can configure External RDS Aurora DB with PostGres/MySQL flavour for Portal, Ranger, Ranger KMS, Access Request Manager.

PostgreSQL

Prerequisites

Create RDS Aurora DB with PostGres flavour with a database name. You'll need to use the database name in the configuration section below.

Configuration

  1. Select Postgres in External Database Flavour.

  2. Configure the properties. For more information, refer PostgreSQL.

  3. To check whether the configuration has been set correctly, click Test Connection.

MySQL

Prerequisites

Create RDS Aurora DB with MySQL flavour with a database name. You'll need to use the database name in the configuration section below.

Configuration

  1. Select MySQL in External Database Flavour.

  2. Configure the properties. For more information, refer MySQL.

  3. To check whether the configuration has been set correctly, click Test Connection.

Configure Solr#

Expand

You can handle basic Solr authentication for servers and clients.

Configuration

  1. In the Advanced tab,

    1. Set Enable Solr Basic Auth.

    2. Configure the properties. For more information, refer to Solr.

  2. In the Custom tab, you can configure additional properties related to Solr. For more information on the properties, click here.

You can import/export the configuration of each default service. On the service page, do the following:

  • To import, click Import.
  • To export, click Export.

Last update: August 24, 2021