Skip to main content

Privacera Platform master publication

Integrate Privacera services in separate VPC
:

In some network topologies, the systems that Privacera needs to work with (such as Databricks or other data source) might be in a Virtual Private Cloud (VPC) that is separate from the VPC where Privacera runs. This separate VPC might be behind a required firewall that must not be changed due to security requirements.

This network configuration needs some manual steps to configure Privacera properties to use a private link between those separate VPCs and certain Privacera services. The affected Privacera services are as follows:

  • Privacera Ranger for installed plugins to retrieve policies.

  • Privacera Audit Server for installed plugins to push audits data.

  • Privacera Data Server for the Privacera Signed URL feature.

Prerequisites
  • You have already installed Privacera Manager.

  • You have identified the VPCs that must be linked.

  • The load balancer between the VPCs must be a Network Load Balancer (NLB), not a classic load balancer, which is not sufficiently performant for this network topology.

Steps

The details here explain the manual steps needed to to configure certain properties to allow a private link between Privacera and those VPC-protected systems.

Configure Privacera Ranger Load Balancer Properties
  1. Create a Ranger configuration directory:

    cd ~/privacera/privacera-manager
    mkdir -p config/custom-vars/ranger-admin
    
  2. Edit a Privacera Ranger properties configuration file to add the following lines:

    vi config/custom-vars/ranger-admin/ranger-service.yml
    
    metadata:
    
      annotations:
    
        service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
        service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
    
  3. Save the file.

Configure Privacera Audit Server Load Balancer Properties
  1. Create an Audit Server configuration directory:

    cd ~/privacera/privacera-manager
    mkdir -p config/custom-vars/auditserver
    
  2. Edit a Privacera Ranger Audit Server configuration file to add the following lines:

    vi config/custom-vars/auditserver/auditserver-service.yml
    
    metadata:
    
      annotations:
    
        service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
        service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
    
  3. Save the file.

Configure Privacera Data Server Load Balancer Properties
  1. Create a Data Server configuration directory:

    cd ~/privacera/privacera-manager
    mkdir -p config/custom-vars/dataserver
    
  2. Edit a Privacera Data Server configuration file to add the following lines:

    vi config/custom-vars/dataserver/dataserver-service.yml
    
    metadata:
    
      annotations:
    
        service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
        service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
    
  3. Save the file.

Update Privacera Manager
cd ~/privacera/privacera-manager
./privacera-manager.sh update