Architecture
The Privacy Platform consists of two main application components:
Policy Manager
Event Broker
Both of these components have been integrated with CyberArk CCP.
Note
The Event Broker is an optional application component that can be installed on the platform. For the purposes of this document, it is assumed that the Event Broker has been installed.
Integration process
The Policy Manager is responsible for managing privacy policies. It runs Jobs that de-identify an input dataset according to a pre-defined privacy policy.
The Event Broker is an analytics and diagnostics tool for the platform.
In a typical installation, there will be two integration endpoints:
One endpoint for the Policy Manager to retrieve credentials from CyberArk CCP.
One endpoint for the Event Broker to retrieve credentials from the CyberArk CCP.
The following diagram shows how these application components interface to CyberArk CCP and how other CyberArk components are used during configuration and setup of an application, and for authentication purposes:
 |
For CyberArk configuration and setup, each application needs to be defined and application-specific details added to one or more Safes in the CyberArk Vault. This configuration and setup can be done via the CyberArk Password Vault REST API or via the Password Vault Web Access (PVWA) interface.
The CyberArk authentication process is handled by the CyberArk CCP. An application makes requests to CCP for passwords or other credentials. CCP will authenticate the request based on the details that have been defined for the application (during the configuration and setup of the application). If the details are correct, CyberArk fetches the credentials from the CyberArk Vault and returns them to the requesting application.
Credential Retrieval
There are four flows in which credential retrieval may occur on the platform:
On start up of Policy Manager, to fetch any credentials that it requires.
On start up of the Event Broker, to fetch any credentials that it requires.
When a Policy Manager user enters a new CyberArk CCP query for their team-specific Job processing credentials. Credential retrieval is performed to validate the query. This could include a request to access a JDBC Token Vault.
When Policy Manager handles a request to retrieve a Job definition to apply a privacy policy. (Typical usage is below 100 requests per hour.)
Requirements
The Integration requirements are:
The instance on which Policy Manager is deployed requires connectivity to a CyberArk CCP that has access to credentials specified in the Policy Manager configuration and Token Vault credentials for each Team defined in the platform.
The instance on which the Event Broker is deployed requires connectivity to a CyberArk CCP that has access to the credentials specified in the Event Broker configuration.
Note
This assumes you are using the Event Broker on your platform and that you want to store credentials for the Event Broker in CyberArk.