Integrate Privacera Services in Separate VPC
In some network topologies, the systems that Privacera needs to work with (such as Databricks or other data source) might be in a Virtual Private Cloud (VPC) that is separate from the VPC where Privacera runs. This separate VPC might be behind a required firewall that must not be changed due to security requirements.
This network configuration needs some manual steps to configure Privacera properties to use a private link between those separate VPCs and certain Privacera services. The affected Privacera services are as follows:
- Privacera Ranger for installed plugins to retrieve policies.
- Privacera Audit Server for installed plugins to push audits data.
- Privacera Data Server for the Privacera Signed URL feature.
Prerequisites
- You have already installed Privacera Manager.
- You have identified the VPCs that must be linked.
- The load balancer between the VPCs must be a Network Load Balancer (NLB), not a classic load balancer, which is not sufficiently performant for this network topology.
Steps
The details here explain the manual steps needed to to configure certain properties to allow a private link between Privacera and those VPC-protected systems.
Configure Privacera Ranger Load Balancer Properties
-
Create a Ranger configuration directory:
cd ~/privacera/privacera-manager mkdir -p config/custom-vars/ranger-admin
-
Edit a Privacera Ranger properties configuration file to add the following lines:
vi config/custom-vars/ranger-admin/ranger-service.yml metadata: annotations: service.beta.kubernetes.io/aws-load-balancer-internal: 'true' service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
-
Save the file.
Configure Privacera Audit Server Load Balancer Properties
-
Create an Audit Server configuration directory:
cd ~/privacera/privacera-manager mkdir -p config/custom-vars/auditserver
-
Edit a Privacera Ranger Audit Server configuration file to add the following lines:
vi config/custom-vars/auditserver/auditserver-service.yml metadata: annotations: service.beta.kubernetes.io/aws-load-balancer-internal: 'true' service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
-
Save the file.
Configure Privacera Data Server Load Balancer Properties
-
Create a Data Server configuration directory:
cd ~/privacera/privacera-manager mkdir -p config/custom-vars/dataserver
-
Edit a Privacera Data Server configuration file to add the following lines:
vi config/custom-vars/dataserver/dataserver-service.yml metadata: annotations: service.beta.kubernetes.io/aws-load-balancer-internal: 'true' service.beta.kubernetes.io/aws-load-balancer-type: 'nlb'
-
Save the file.
Update Privacera Manager
cd ~/privacera/privacera-manager
./privacera-manager.sh update