Skip to content

Enterprise Readiness of Privacera Deployment

Privacera is designed to support mission-critical, large-scale enterprise deployments. This document outlines the key enterprise readiness features that ensure high availability, performance, security, scalability, and operational excellence for Privacera deployments.

Deployment Models and Responsibility

Privacera supports multiple deployment models to meet the needs of various enterprise environments. Each model offers different responsibilities for HA (High Availability) and DR (Disaster Recovery).

1. Privacera Cloud (SaaS)

  • Description: Fully managed deployment hosted and operated by Privacera in a secure cloud environment.
  • HA: Built-in HA with managed scaling, redundancy, and failover handled by Privacera.
  • DR: Privacera is responsible for backups, DR strategy, and service restoration.
  • Customer Responsibility: Secure data plane connectivity, connector authentication, and user onboarding.

2. Privacera Data Plane (Hybrid)

  • Description: Control plane is managed by Privacera; data connectors and runtime agents (e.g., PolicySync, Discovery) run in the customer's environment (cloud or on-prem).
  • HA: Data Plane components can be deployed with HA by the customer (e.g., multiple connector pods).
  • DR: Control plane DR is handled by Privacera; customers must ensure local DR strategy for their deployed connectors.
  • Customer Responsibility: Resilience of local services, failover configurations, and ensuring redundant deployments of connectors.

3. Self Managed

  • Description: Full installation and operation of Privacera components by the customer using Privacera Manager.
  • HA: Customer is responsible for configuring HA (e.g., multiple pods, database replication, load balancers).
  • DR: Customer must implement backup, recovery, and infrastructure replication strategy.
  • Customer Responsibility: Entire lifecycle management, including patching, HA, DR, and scaling.

High Availability (HA) and Fault Tolerance

  • HA Architecture: Core services such as the Apache Ranger, Privacera Encryption Gateway (PEG) server, Privacera Encryption Scheme server, and Privacera Portal can be deployed with redundancy across multiple nodes.
  • Stateless Services: Most Privacera services are stateless and can be scaled horizontally.
  • Database Redundancy: Supports external HA-enabled databases like Amazon RDS, Azure Database, or self-managed HA Postgres/MySQL clusters.

Scalability

  • Horizontal Scaling: Core components can be scaled out to meet high-throughput workloads.
  • Connector Scalability: Connector services like PolicySync are single-instance but can be deployed in a clustered mode for high availability. However, they maintain state in local Persistent Volumes (PVs) and can be easily rebuilt with minimal service disruption.
  • Kubernetes Native: Supports autoscaling via Kubernetes HPA and node scaling.

Observability

  • Monitoring: Exposes metrics that can be scraped by Prometheus and visualized via Grafana.
  • Health Checks: Dedicated healthcheck APIs for PEG, scheme-server, and other services.

Disaster Recovery

  • Disaster Recovery: Supports redeployment and recovery using cold standby and data store backups

Comments