- Platform Release 6.5
- Privacera Platform Release 6.5
- Enhancements and updates in Privacera Access Management 6.5 release
- Enhancements and updates in Privacera Discovery 6.5 release
- Enhancements and updates in Privacera Encryption 6.5 release
- Deprecation of older version of PolicySync
- Upgrade Prerequisites
- Supported versions of third-party systems
- Documentation changelog
- Known Issues 6.5
- Platform - Supported Versions of Third-Party Systems
- Platform Support Policy and End-of-Support Dates
- Privacera Platform Release 6.5
- Privacera Platform Installation
- About Privacera Manager (PM)
- Install overview
- Prerequisites
- Installation
- Default services configuration
- Component services configurations
- Access Management
- Data Server
- UserSync
- Privacera Plugin
- Databricks
- Spark standalone
- Spark on EKS
- Portal SSO with PingFederate
- Trino Open Source
- Dremio
- AWS EMR
- AWS EMR with Native Apache Ranger
- GCP Dataproc
- Starburst Enterprise
- Privacera services (Data Assets)
- Audit Fluentd
- Grafana
- Ranger Tagsync
- Discovery
- Encryption & Masking
- Privacera Encryption Gateway (PEG) and Cryptography with Ranger KMS
- AWS S3 bucket encryption
- Ranger KMS
- AuthZ / AuthN
- Security
- Access Management
- Reference - Custom Properties
- Validation
- Additional Privacera Manager configurations
- Upgrade Privacera Manager
- Troubleshooting
- How to validate installation
- Possible Errors and Solutions in Privacera Manager
- Unable to Connect to Docker
- Terminate Installation
- 6.5 Platform Installation fails with invalid apiVersion
- Ansible Kubernetes Module does not load
- Unable to connect to Kubernetes Cluster
- Common Errors/Warnings in YAML Config Files
- Delete old unused Privacera Docker images
- Unable to debug error for an Ansible task
- Unable to upgrade from 4.x to 5.x or 6.x due to Zookeeper snapshot issue
- Storage issue in Privacera UserSync & PolicySync
- Permission Denied Errors in PM Docker Installation
- Unable to initialize the Discovery Kubernetes pod
- Portal service
- Grafana service
- Audit server
- Audit Fluentd
- Privacera Plugin
- How-to
- Appendix
- AWS topics
- AWS CLI
- AWS IAM
- Configure S3 for real-time scanning
- Install Docker and Docker compose (AWS-Linux-RHEL)
- AWS S3 MinIO quick setup
- Cross account IAM role for Databricks
- Integrate Privacera services in separate VPC
- Securely access S3 buckets ssing IAM roles
- Multiple AWS account support in Dataserver using Databricks
- Multiple AWS S3 IAM role support in Dataserver
- Azure topics
- GCP topics
- Kubernetes
- Microsoft SQL topics
- Snowflake configuration for PolicySync
- Create Azure resources
- Databricks
- Spark Plug-in
- Azure key vault
- Add custom properties
- Migrate Ranger KMS master key
- IAM policy for AWS controller
- Customize topic and table names
- Configure SSL for Privacera
- Configure Real-time scan across projects in GCP
- Upload custom SSL certificates
- Deployment size
- Service-level system properties
- PrestoSQL standalone installation
- AWS topics
- Privacera Platform User Guide
- Introduction to Privacera Platform
- Settings
- Data inventory
- Token generator
- System configuration
- Diagnostics
- Notifications
- How-to
- Privacera Discovery User Guide
- What is Discovery?
- Discovery Dashboard
- Scan Techniques
- Processing order of scan techniques
- Add and scan resources in a data source
- Start or cancel a scan
- Tags
- Dictionaries
- Patterns
- Scan status
- Data zone movement
- Models
- Disallowed Tags policy
- Rules
- Types of rules
- Example rules and classifications
- Create a structured rule
- Create an unstructured rule
- Create a rule mapping
- Export rules and mappings
- Import rules and mappings
- Post-processing in real-time and offline scans
- Enable post-processing
- Example of post-processing rules on tags
- List of structured rules
- Supported scan file formats
- Data Source Scanning
- Data Inventory
- TagSync using Apache Ranger
- Compliance Workflow
- Data zones and workflow policies
- Workflow Policies
- Alerts Dashboard
- Data Zone Dashboard
- Data zone movement
- Workflow policy use case example
- Discovery Health Check
- Reports
- How-to
- Privacera Encryption Guide
- Overview of Privacera Encryption
- Install Privacera Encryption
- Encryption Key Management
- Schemes
- Encryption with PEG REST API
- Privacera Encryption REST API
- PEG API endpoint
- PEG REST API encryption endpoints
- PEG REST API authentication methods on Privacera Platform
- Common PEG REST API fields
- Construct the datalist for the /protect endpoint
- Deconstruct the response from the /unprotect endpoint
- Example data transformation with the /unprotect endpoint and presentation scheme
- Example PEG API endpoints
- /authenticate
- /protect with encryption scheme
- /protect with masking scheme
- /protect with both encryption and masking schemes
- /unprotect without presentation scheme
- /unprotect with presentation scheme
- /unprotect with masking scheme
- REST API response partial success on bulk operations
- Audit details for PEG REST API accesses
- Make encryption API calls on behalf of another user
- Troubleshoot REST API Issues on Privacera Platform
- Privacera Encryption REST API
- Encryption with Databricks, Hive, Streamsets, Trino
- Databricks UDFs for encryption and masking on PrivaceraPlatform
- Hive UDFs for encryption on Privacera Platform
- StreamSets Data Collector (SDC) and Privacera Encryption on Privacera Platform
- Trino UDFs for encryption and masking on Privacera Platform
- Privacera Access Management User Guide
- Privacera Access Management
- How Polices are evaluated
- Resource policies
- Policies overview
- Creating Resource Based Policies
- Configure Policy with Attribute-Based Access Control
- Configuring Policy with Conditional Masking
- Tag Policies
- Entitlement
- Service Explorer
- Users, groups, and roles
- Permissions
- Reports
- Audit
- Security Zone
- Access Control using APIs
- AWS User Guide
- Overview of Privacera on AWS
- Configure policies for AWS services
- Using Athena with data access server
- Using DynamoDB with data access server
- Databricks access manager policy
- Accessing Kinesis with data access server
- Accessing Firehose with Data Access Server
- EMR user guide
- AWS S3 bucket encryption
- Getting started with Minio
- Plugins
- How to Get Support
- Coordinated Vulnerability Disclosure (CVD) Program of Privacera
- Shared Security Model
- Privacera Platform documentation changelog
Air-gapped install
Airgap Installation refers to installation of Privacera product in servers/VMs which are offline or have no access to Privacera Hub Repository to download the required packages and images.
Prerequisites
A host machine without internet access where Privacera will be installed. Make sure you have met all the prerequisite hardware configuration and software for your platform, including Docker/Kubernetes on AWS or Azure. See Prerequisites Overview.
An intermediate system with internet access to download packages and images from Privacera Hub Repository.
Privacera installation variables. For more information about the variables, see Installation Environment Variables
Intermediate system for download
If the Privacera Manager host does not have access to the internet or Privacera Hub Repository, then you will need an intermediate system for access. On this intermediate system, you will download all necessary Privacera packages and images. Once downloaded, you can host the images on your internal repository and copy the packages to any cloud storage or copy them to the Privacera Manager host using SSH.
The Privacera airgap script can help you download the packages and images, push images to your internal repository or copy them to your Privacera Manager host.
Download packages and images of Privacera Manager
On your intermediate system, download the following script. This script allows you to download all the images required for installing Privacera Manager and upload them to an internal repository.
wget https://privacera.s3.amazonaws.com/public/pm-scripts/airgap-pkg-download-v61.sh
Using the script, download Privacera Platform components (packaged as 'Docker images') to your intermediate system. You may choose to download the complete set, or in consultation with your Privacera sales advisor elect to download select a subset based on your licensing and local requirements.
Image Name
Description
Filename
Core Components
privacera-manager
Privacera Manager (Installation Update)
privacera-manager.docker.gz
privacera
Privacera Portal - Centralized Dashboard
privacera.docker.gz
solr
Search engine for Privacera
privacera_solr.gz
privacera-usersync
Sync users from LDAP/Active Directory to Privacera Portal
privacera-usersync.docker.gz
fluentd
Fluentd log/audit management
privacera_fluentd.docker.gz
zookeeper
Coordination and synchronization service
zookeeper.docker.gz
ranger
Authorization and Authentication
ranger.docker.gz
ranger-usersync
Data access user LDAP/AD importer
ranger-usersync.docker.gz
ranger-tagsync
Discovery to Access Manager tags synchronization
ranger-tagsync.docker.gz
auditserver
Audit/log server abstraction layer
auditserver.docker.gz
Internal Database
mariadb
Default configuration database
mariadb.docker.gz
Access Manager
dataserver
Proxy server based access control service
privacera_dataserver.docker.gz
policysync
Policy-based access control service
privacera_policysync.docker.gz
policysync-v2
Version 2 (V2) of policy-based access control service
privacera_policysync-v2.docker.gz
flowable
BPMN Engine for Access Request workflow
privacera_flowable.docker.gz
Discovery
discovery
Discovery / Spark service for scanning and tagging data
discovery.docker.gz
Kafka
Kafka service for real-time scanning
privacera-kafka.docker.gz
Encryption & Masking
ranger-kms
Apache Ranger KMS
ranger-kms.docker.gz
privacera-peg
Privacera Encryption Gateway (PEG) Service
privacera-peg.docker.gz
Metrics and Monitoring
grafana
Statistics and monitoring
grafana.docker.gz
graphiteapp
Statistics and monitoring
graphite.docker.gz
The script has three actions - pull, push and sync. By default, it runs the pull action which downloads the Privacera packages and images. The script will first request for the Privacera Base and Privacera Manager Download URLs, then you to select which set of images to be downloaded (see above table).
Before running the script, ensure Privacera images with the same tag should not be present in the system. To verify, run
docker imagescommand.To pull the packages and images, run the following script. By default, it runs with pull action.
sudo chmod +x airgap-pkg-download-v61.sh ./airgap-pkg-download-v61.sh
Sequence of prompts:
Enter the Privacera Base Download URL.
Choose whether you want to download the images of Core Components.
Choose whether you want to download the image of Internal Database.
Choose whether you want to download the images of Access Manager.
Choose whether you want to download the images of Discovery.
Choose whether you want to download the images of Encryption and Masking.
Choose whether you want to download the images of Statistics and Monitoring.
The scripts lists the packages and images downloaded and saved in
${PWD}/privacera/downloadsand${PWD}/privacera/downloads/imageslocations respectively.Run the script to upload the packages either to your internal repository or the Privacera Manager host machine.
Internal Repository
Run the script again with push action to upload the images to your private Repository and copy (.tar) packages to your Privacera Manager host.
./airgap-pkg-download-v61.sh push
Sequence of prompts:
Enter Privacera Docker Hub URL.
Enter Privacera Image Tag.
Enter Docker login URL
Enter Docker user.
Enter Docker password.
Once the images are pushed to the internal repository, it will clean up images in the
${PWD}/privacera/downloads/imagesdirectory and prompts to copy packages to Privacera Manager host.The following is the sequence of prompts for reference:
Choose whether the the remote user has passwordless access to the PM host.
Enter the host name of the PM host.
Enter the name of the remote user.
Privacera Manager Host
Note
The steps below are applicable for a Docker-based environment.
Run the script again with sync action to copy the packages and images to the Privacera Manager host.
./airgap-pkg-download-v61.sh sync
The following is the sequence of prompts for reference:
Do you want to copy packages to PM Host.
Can current user SSH(Passwordless), to PM Host.
Enter the host name of the PM host.
Enter the name of the remote user.
Configure Privacera Manager
Log in to the Privacera Manager host.
Follow the steps on Configure the deployment mode to configure the enviroment, deployment mode and cloud platform.
Configure Privacera Manager to use Air-Gap installation, with either the internal repository or the PM Host:
Internal Repository
cd ~/privacera/privacera-manager cp config/sample.vars.privacera.yml config/vars.privacera.yml vi config/vars.privacera.yml
Add the following property and enter your internal repository URL.
privacera_hub_url: "www.your.internal.repo.url.com"
Privacera Manager Host
Note
This is applicable for a Docker-based environment.
cd ~/privacera/privacera-manager cp config/sample-vars/vars.airgap.install.yml config/custom-vars/
Run the following commands to update.
cd ~/privacera/privacera-manager ./privacera-manager.sh update
Upgrade Privacera Manager
On the intermediate system, download the latest PM packages and upload them to the internal repository.
Edit the
pm-env.shfile.cd ~/privacera/privacera-manager vi config/pm-env.sh
Update the following in the command below:
<YOUR_INTERNAL_REPO_URL>- Your internal repository URL where theprivacera-manager.tar.gzpackage is stored.<INTERNAL_REPO_HUB_NAME>- Your internal repository name.rel_x.x.x.x- Privacera release version.
export PRIV_MGR_PACKAGE=<YOUR_INTERNAL_REPO_URL>/privacera-manager.tar.gz export PRIV_MGR_IMAGE=<INTERNAL_REPO_HUB_NAME>/privacera-manager:rel_x.x.x.x
Update the download URL and image tag with the new build number. Open config/vars.privacera.yml.
cd ~/privacera/privacera-manager vi config/vars.privacera.yml
Edit the following properties:
PRIVACERA_IMAGE_TAG:"<PLEASE_CHANGE>" PRIVACERA_BASE_DOWNLOAD_URL:"<PLEASE_CHANGE>"
Upgrade Privacera Manager with the following commands.
cd ~/privacera/privacera-manager ./privacera-manager.sh upgrade-manager ./privacera-manager.sh update
Note
The steps below are applicable for a Docker-based environment.
From your PM host, remove the all files in the
downloadsfolder (~/privacera/downloads) andimagesfolder (~/privacera/downloads/images).On the intermediate system, download the latest PM packages and copy them to the PM host.
Verify that all the PM packages and images are the latest versions in their respective folders. Also, verify that release tag is updated in the
pm-env.shandvars.privacera.ymlfiles.Upgrade Privacera Manager with the following commands.
cd ~/privacera/privacera-manager ./privacera-manager.sh upgrade-manager ./privacera-manager.sh update
Upgrade Solr from 8.5.1 to 8.9.0
In the intermediate system, get the latest Solr image by downloading the
privacera_solr.gzpackage.Upload
privacera_solr.gzpackage to the internal repository URL.On the PM host, add the following variable in
config/vars.privacera.yml.SOLR_IMAGE_TAG:"8.9.0"
Upgrade Privacera Manager with the following commands.
cd ~/privacera/privacera-manager ./privacera-manager.sh update
In the intermediate system, get the latest Solr image by downloading the
privacera_solr.gzpackage.Sync/copy the latest
privacera_solr.gzpackage to the ~/privacera/downloads/images folder in PM host.On the PM host, add the following variable in
config/vars.privacera.yml.SOLR_IMAGE_TAG:"8.9.0"
Upgrade Privacera Manager with the following commands.
cd ~/privacera/privacera-manager ./privacera-manager.sh update