Skip to content

Setting up the Environment#

To set up the environment, expand each configuration and set their properties:

Platform and Installation Type#

Expand

  1. Enter an environment name. The environment name should have no space and can contain a combination of alphanumeric characters, underscore (_), dot (.) and dash (-).

    Note

    Carefully select an environment name. Once the name is set and you have deployed the Privacera services, then you will not be able to change the name.

  2. Select a cloud provider: AWS, Azure, GCP

  3. Select the container platform where you want to deploy Privacera's products and components: Docker or Kubernetes.

    If you've selected Kubernetes, enter a cluster name and namespace.

  4. In the Select Policy Store, select a database. All the default services of Privacera will use this database.

  5. Click Save & Next.

Internet and Security#

Expand

  1. To download the Privacera product packages, do the following:

    If your environment is accessible to the Internet during the install process, enable Is Public Internet Available.

    In airgapped environments (no Internet access), you must download the components and then upload them into a internal repository

    Get the following environment variables. For more information on the variables, see Environment Variables:

    • Privacera Account User/Password - Privacera account credentials used for downloading the Privacera product package.
    • Privacera Release Version - Release version of Privacera product. On the Environment Variables page, use the value of PRIVACERA_IMAGE_TAG .
    • Repository URL - Privacera download URL used for downloading Privacera product package. On the Environment Variables page, use the value of PRIVACERA_BASE_DOWNLOAD_URL.

    The host machine will connect to the Privacea account and download all the components (packages/images) from a Privacera repository based on the release version you've selected.

    1. Enter the username of the Privacera account.

    2. Enter the password of the Privacera account.

    3. Enter a release version.

    4. Enter the repository URL.

  2. To set up SSL, enable the SSL button.

    Privacera can generate the SSL certificates for you, or if you have your own certificates, you can upload them. Uploading self-generated SSL certificates may vary depending on the installation type you've chosen: Docker or Kubernetes.

    • To allow Privacera generate the certificates, select Let Privacera Generate SSL Certificates.

    • To upload certificates, select Upload SSL Certificates.

    1. In the App HostName, enter the domain/sub-domain name for which the certificate was generated.

    2. Select a format: JKS, PKS12, PEM

    3. For JKS and PKS12, browse the certificate in the Keystore File, give it a name in the Key Alias, and enter a Key Password.

    4. For PEM, browse and add the Full Chain and Private Key.

    If you're installing Privacera with Kubernetes configured in your environment, then generate and upload SSL certificates for the following services:

    • Portal

    • Ranger

    • PEG (If PEG service does not appear, then go to Products and Services > Encryption > Masking, and then select PEG.)

    You have the following two options to upload SSL certificates:

    • Generate and upload a single SSL certificate for all the three services.

    • Generate and upload an SSL certificate for each of the services separately.

    A) To upload an SSL certificate for all the three services:

    1. Enter the domain/sub-domain name for which service the certificate was generated.

    • Portal Hostname
    • Ranger Hostname
    • Peg Hostname

    2. Select Global.

    3. Select a format: JKS, PKS12, PEM

    4. For JKS and PKS12, browse the certificate in the Keystore File, give it a name in the Key Alias, and enter a Key Password.

    5. For PEM, browse and add the Full Chain and Private Key.

    B) To upload an SSL certificate for each service:

    1. Enter the domain/sub-domain name for which service the certificate was generated.

    • Portal Hostname
    • Ranger Hostname
    • Peg Hostname

    2. Select Individual, and depending on the service, follow the steps from 3 to 5 to upload the SSL certificate.

    3. Select a format: JKS, PKS12, PEM

    4. For JKS and PKS12, browse the certificate in the Keystore File, give it a name in the Key Alias, and enter a Key Password.

    5. For PEM, browse and add the Full Chain and Private Key.

  3. To enable encryption of secrets for Privacera services, enable Encrypt Secrets in Keystores?.

  4. Click Save & Next.

Products and Services#

Expand

  1. Access Manager

    1. Select a dataserver.

    2. Select a service for policysync.

    3. To integrate a plugin with Privacera, select a plugin.

    4. If you have an active directory of users/user groups, select Enable Usersync?.

    5. If you want to manage policies based on user requests, select Enable Access Request Manager?.

    6. If you want to store audits locally or in a cloud, select Enable Audits Export (Fluentd)?

    7. If you want to create data assets from various data sources, select Enable Privacera Services?.

  2. Discovery

    Select a Discovery analytics engine:

    • Embedded Spark

    • Spark from Databricks

  3. Encryption and Masking

    Select a service for encryption and masking: PEG, Ranger KMS

  4. Click Save & Next.

You can import/export the configuration of all the services of Privacera. Do the following:

  • To import, click Import.

  • To export, click Export.

    Note

    The Export button appears only when Privacera products and services are installed.