Skip to main content

Privacera Documentation

Integrate Privacera services in separate VPC

In some network topologies, the systems that Privacera needs to work with (such as Databricks or other data source) might be in a Virtual Private Cloud (VPC) that is separate from the VPC where Privacera runs. This separate VPC might be behind a required firewall that must not be changed due to security requirements.

This network configuration needs some manual steps to configure Privacera properties to use a private link between those separate VPCs and certain Privacera services. The affected Privacera services are as follows:

  • Privacera Ranger for installed plugins to retrieve policies.

  • Privacera Audit Server for installed plugins to push audits data.

  • Privacera Data Server for the Privacera Signed URL feature.

Prerequisites
  • You have already installed Privacera Manager.

  • You have identified the VPCs that must be linked.

  • The load balancer between the VPCs must be a Network Load Balancer (NLB), not a classic load balancer, which is not sufficiently performant for this network topology.

Procedure

The details here explain the manual steps needed to to configure certain properties to allow a private link between Privacera and those VPC-protected systems.

  1. Configure the Privacera Ranger load balancer properties:

    1. Create a Ranger configuration directory:

      cd ~/privacera/privacera-manager
      mkdir -p config/custom-vars/ranger-admin
    2. Edit a Privacera Ranger properties configuration file to add the following lines:

      vi config/custom-vars/ranger-admin/ranger-service.yml
      
      metadata:
      
        annotations:
      
          service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
          service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
    3. Save the file.

  2. Configure the Privacera Audit Server load balancer properties:

    1. Create an Audit Server configuration directory:

      cd ~/privacera/privacera-manager
      mkdir -p config/custom-vars/auditserver
    2. Edit a Privacera Ranger Audit Server configuration file to add the following lines:

      vi config/custom-vars/auditserver/auditserver-service.yml
      
      metadata:
      
        annotations:
      
          service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
          service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
    3. Save the file.

  3. Configure the Privacera Data Access Server load balancer properties:

    1. Create a Data Server configuration directory:

      cd ~/privacera/privacera-manager
      mkdir -p config/custom-vars/dataserver
    2. Edit a Privacera Data Server configuration file to add the following lines:

      vi config/custom-vars/dataserver/dataserver-service.yml
      
      metadata:
      
        annotations:
      
          service.beta.kubernetes.io/aws-load-balancer-internal: 'true'
          service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
    3. Save the file.

  4. Update Privacera Manager:

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update