Skip to content

About Account#

The Account page contains the following four sections:

  • Activity—-displays basic information about your master PrivaceraCloud account, such as account status, creation and expiry dates, and portal user count.

  • Manage this Account—-if enabled, this module provides the PrivaceraCloud master with linked, or sub-account functionality.

    Contact Privacera Support to request enabling this feature.

  • Allowed IP Address—-control access to data sources through VPI-IP configuration.

  • Discovery—-enable data discovery and Real-Time scanning.

Activity#

To edit personal account information or to replace your master account ID with an alias name:

  1. Select the pencil icon next to your account name.

  2. Add an optional alias name.

  3. Edit your company or personal name and phone number.

  4. Click Save when you are finished.

Manage this Account#

Primarily intended for administration purposes, a master account can create an authorized number of linked, or sub-accounts. The new account receives a full set of resources and will function the same as an independent account.

To create a sub-account:

  1. Click Manage Linked Accounts to open to the Manage Accounts page.

  2. Click + Create Account.

  3. Enter a first and last name, email, and sub-account name. The email address of the sub-account can be the same as that of the master account.

  4. Click Create Account.

A sub-account is automatically approved for use and will deliver a welcome email message to the specified email address.

Allowed IP Addresses#

Policy updates and user access to data resources can be restricted to whitelisted IP addresses and Virtual Private Cloud (VPC) identifiers. User access to resource servers is controlled on a more granular level by defining how specific IP addressess can access data sources.

To create and manage allowed IP addresses:

  1. From Allowed IP Address, click Allow IP Addresses.

  2. Click + Add New IP Range.

  3. From the Add IP Range configuration screen, choose one of the following options:

    1. Enter a single IP address.

    2. An IP address range—two IP addresses separated by a "/".

    3. Select Allow All to enable all IP addresses.

  4. Provide an optional description.

  5. Select an access traffic type from the drop-down menu.

    • Privacera Encryption Services (PEG)

    • Data Access

    • API Access

    • All

  6. Choose to enable or disable this this IP address configuration.

  7. Click Add IP Range.

Discovery#

Real-Time scanning can be performed on both AWS S3 bucket and Azure ADLS Eventhub. Use the following tabs:

  1. Click Enable Discovery to enable Enable Real-Time Scanning.

  2. To enable real-time scanning on an S3 bucket, do the following steps. This step assumes you have an existing setup of an AWS SQS account with a queue created. If you do not have an AWS SQS account, set up an account and then create a queue.

    1. Get the following information from the AWS SQS account and enter them:

      • SQS Endpoint
      • SQS Access Key
      • SQS Secret Key
      • SQS Region
      • SQS Queue Name
    2. Click Test Connection to check if the connection is successful, and then click Save Settings.

Additional Resource

For further reading, see the following:

For real-time scanning to be configured, you need to configure an Azure Event Hub. It will process all the events sent from the Azure storage container, whenever a new resource gets added.

Event Hub requires a storage account to store checkpoint information. Checkpointing is a process by which readers (i.e Pkakfa) mark or commit their position within a partition event sequence. In this case, Azure blob storage container is used for storing checkpoints while processing events from Azure Event Hubs.

  1. Configure Event Hub:

    1. Create an Event Hub namespace with a region similar to the region of a Storage Account you want to monitor. Refer to Microsoft documentation on how to Create an Event Hubs namespace.

      Use this Event Hub namespace name in Eventhub Namespace.

    2. Create an Event Hub in the Event Hub namespace. Refer to Microsoft documentation on how to Create an event hub.

      Use this event hub name in Eventhub Name.

    3. Get Eventhub Sas Key Name and Eventhub Sas key:

      1. Navigate to Event hub namespace > Event hub.

      2. Under Settings, click Shared access policies.

      3. Click +Add to create a new Sas policy.

        The Add SAS Policy section is displayed on the right.

      4. Enter a policy name and select appropriate claims.

      5. Click on the new policy to populate keys.

        Use the policy name in Eventhub Sas Key Name, and use either the Primary key or Secondary key in Eventhub Sas key.

  2. Create Consumer Group for Pkafka:

    1. Navigate to Event Hubs namespace > Event Hub > Consumer Groups > +Consumer Group. The Consumer Groups tab will be under Entities of the Event Hub page.

    2. Create a consumer group with name as pkafkagroup1.

  3. Configure Checkpoint Storage for Pkafka:

    1. Get Eventhub Storage Account Name:

      Use an existing storage account or create a storage account to use with Eventhub. Refer to Microsoft documentation on how to Create a Storage Account.

      Use this storage account name in Eventhub Storage Account Name.

    2. Get Eventhub Storage Account Key:

      1. Navigate to the storage account.

      2. Under Security + networking, click Access keys.

      3. Click Show Keys for keys to be populated.

      4. Use Key1 value in Eventhub Storage Account Key.

    3. Get Eventhub Storage Container Name:

      Use an existing container name or create a storage container to use with Eventhub. Refer to Microsoft documentation on how to Create a Container.

      Use this container name in Eventhub Storage Container Name.

    4. Get the Eventhub URL Prefix:

      1. Navigate to the container.

      2. Open the container and click Properties, container property details are populated on the right.

      3. Use the URL prefix in Eventhub Storage Url Prefix.

  4. Enable Real-Time Scan:

    1. In Privacera Portal, enable Discovery.

    2. Click Enable Discovery to enable Enable Real-Time Scanning.

    3. Provide the following information:

      • Eventhub Namespace

      • Eventhub Name

      • Eventhub Sas Key Name

      • Eventhub Sas key

      • Eventhub Storage Url Prefix

      • Eventhub Storage Account Name

      • Eventhub Storage Account Key

      • Eventhub Storage Container Name

    4. Click Test Connection to check if the connection is successful, and then click Save Settings.

Additional Resources

For further reading, see the following:


Last update: August 13, 2021