Skip to main content

Installation and Administration Guide

Architectural Overview

This section describes the architectural concepts of the Privitar Data Security Platform​ that you should read and understand before continuing to configure it. There are several components:

The platform creates a clear division between:

  • The data plane: The independent software services that can directly access and transform data. These services include the data agent and data proxy components.

  • The control plane: Those services that control access to the data, but do not directly access it. These services include the data exchange, which allows data owners to classify sensitive datasets, and data consumers to access them, without compromising data safety.

Each organization has a control plane. Within this, one or more enterprises are deployed. An enterprise can have multiple data exchanges, and there can be commonalities across all the data exchanges in an enterprise, such as in user management.

The user registry is the first part of the platform that an enterprise administrator configures. They make decisions on the use of LDAP or the internal user registry. They also make fundamental platform decisions on user and group management. See Enterprise Administration Tasks.

In this section:

A data exchange is a secure online portal where data owners can classify sensitive datasets, and data consumers can access them, without compromising data safety.

Each data exchange is separate and different from other data exchanges, being a discrete entity within an enterprise.

The control plane is a logical perimeter that does not have direct access to data but may host components that drive operations in the data plane.

The control plane is where policies, rules, projects, and assets are created and managed.

The architectural split between the control plane and the data plane allows for configuration, orchestration, and administration (control) without the need to access data, but the ability to process data close to the source within a given jurisdiction. The control plane allows for this by using metadata, data classes, and other representations of the data.

A data plane is a set of services used for the reading, writing, and processing of data. It contains a data agent and services capable of provisioning data, such as a data proxy or an integration using the Privitar SDK.

The data agent provides access to the data plane whenever required by the control plane, for example to retrieve the schema for a data asset. It makes a long-lived connection to the data bridge on startup.

The data proxy is a Java Database Connectivity proxy (JDBC proxy) that allows data consumers to access sensitive data to which de-identification policies have been applied. It makes calls to the data bridge to fetch the information it needs, for example the details of how to connect to the sensitive data and the policies to be applied.