Skip to content

Installation using UI#

Before you begin the installation, download all the necessary packages required for installing Privacera services. For more information, click here.

Start PM UI#

  1. By default, a port 6888 is assigned to PM UI. To enable the port for PM UI, run the following commands.

    cd ~/privacera/privacera-manager/
    cd config/pm-ui/
    cp sample.application-custom.properties application-custom.properties
    

    Note

    If you want to run the Privacera Manager UI on a specific port other than the default port, do the following changes:

    vi application-custom.properties

    Change the server port, Privacera Manager UI will run on this port.

    server.port=6888

  2. To start the UI service, run the following commands. If you're installing for the first time, it will download and extract the docker image of Privacera Manager. For more information on the other shell commands, refer to Privacera Manager Command Line.

    cd  ~/privacera/privacera-manager
    ./privacera-manager.sh pm-ui start
    

    This will download, and extract the Privacera Manager components.

    It will give you a URL along with the port number. Copy the URL in a browser tab, for example, http://10.xxx.xx.44:6888.

    On the Privacera login page, enter your login credentials. If its your first time for installing Privacera using the Privacera Manager UI, then use the following default credentials to log in.

    • Username: pmanager
    • Password: pmanager

    Note

    You can change the default password, after you've logged in. On the top-right corner, click Profile button, and then click Change Password.

    Once logged in, the following landing page is displayed.

    To begin with the installation of Privacera products and services, click Setup Environment. The Privacera installation page is displayed. On the left, you have the clickable navigation tabs and on the right, you can define the environment and service configurations.

Platform and Installation Type#

  1. Enter an environment name. The environment name should have no space and can contain a combination of alphanumeric characters, underscore (_), dot (.) and dash (-).

    Note

    Carefully select an environment name. Once the name is set and you have deployed the Privacera services, then you will not be able to change the name.

  2. Select a cloud provider: AWS, Azure, GCP

  3. Update the version for the following variables with the new release version.

    • In the PRIV_MGR_PACKAGE variable, update the release version in the path of the URL /privacera/rel/rel_X.X.X.X/.
    • In the PRIV_MGR_IMAGE variable, update the release version in the path of the URL /privacera-manager:rel_X.X.X.X.

Internet and Security#

  1. If your environment is accessible to the Internet during the install process, enable Is Public Internet Available.

    In airgapped environments (no Internet access), you must download the components and then upload them into a internal repository

    The host machine will connect to the Privacea account and download all the components (packages/images) from a Privacera repository based on the release version you've selected.

    1. Enter the username of the Privacera account.

    2. Enter the password of the Privacera account.

    3. Enter a release version.

    4. Enter the repository URL.

  2. To set up SSL, enable the SSL button.

    Privacera can generate the SSL certificates for you, or if you have your own certificates, you can upload them. Uploading self-generated SSL certificates may vary depending on the installation type you've chosen: Docker or Kubernetes.

    • To allow Privacera generate the certificates, select Let Privacera Generate SSL Certificates.

    • To upload certificates, select Upload SSL Certificates.

    1. In the App HostName, enter the domain/sub-domain name for which the certificate was generated.

    2. Select a format: JKS, PKS12, PEM

    3. For JKS and PKS12, browse the certificate in the Keystore File, give it a name in the Key Alias, and enter a Key Password.

    4. For PEM, browse and add the Full Chain and Private Key.

    If you're installing Privacera with Kubernetes configured in your environment, then generate and upload SSL certificates for the following services:

    • Portal

    • Ranger

    • PEG (If PEG service does not appear, then go to Products and Services > Encryption > Masking, and then select PEG.)

    You have the following two options to upload SSL certificates:

    • Generate and upload a single SSL certificate for all the three services.

    • Generate and upload an SSL certificate for each of the services separately.

    A) To upload an SSL certificate for all the three services:

    1. Enter the domain/sub-domain name for which service the certificate was generated.

    • Portal Hostname
    • Ranger Hostname
    • Peg Hostname

    2. Select Global.

    3. Select a format: JKS, PKS12, PEM

    4. For JKS and PKS12, browse the certificate in the Keystore File, give it a name in the Key Alias, and enter a Key Password.

    5. For PEM, browse and add the Full Chain and Private Key.

    B) To upload an SSL certificate for each service:

    1. Enter the domain/sub-domain name for which service the certificate was generated.

    • Portal Hostname
    • Ranger Hostname
    • Peg Hostname

    2. Select Individual, and depending on the service, follow the steps from 3 to 5 to upload the SSL certificate.

    3. Select a format: JKS, PKS12, PEM

    4. For JKS and PKS12, browse the certificate in the Keystore File, give it a name in the Key Alias, and enter a Key Password.

    5. For PEM, browse and add the Full Chain and Private Key.

  3. To enable encryption of secrets for Privacera services, enable Encrypt Secrets in Keystores?.

  4. Click Save & Next.

Products and Services#

  1. Access Manager

    1. Select a dataserver.

    2. Select a service for policysync.

    3. To integrate a plugin with Privacera, select a plugin.

    4. If you have an active directory of users/user groups, select Enable Usersync?.

    5. If you want to manage policies based on user requests, select Enable Access Request Manager?.

    6. If you want to store audits locally or in a cloud, select Enable Audits Export (Fluentd)?

    7. If you want to create data assets from various data sources, select Enable Privacera Services?.

  2. Discovery

    Select a Discovery analytics engine:

    • Embedded Spark

    • Spark from Databricks

  3. Encryption and Masking

    Select a service for encryption and masking: PEG, Ranger KMS

  4. Click Save & Next.

Install Services#

After configuring the services, you need to start the install. On left navigation, click Install tab and then click Start & Install Services.

Import and Export Configurations#

You can import/export the configuration of all the services of Privacera. Do the following:

  • To import, click Import.
  • To export, click Export.

    Note

    The Export button appears only when Privacera products and services are installed.