Package Deployment in Protectors
This section describes Package Deployment in protectors.
Protegrity enables you to deploy artifacts to protectors through packages. A package can contain policies, an entity such as a CoP ruleset, or a combination of policies and other entities. For example, a package can include the following entities:
Data Security Policy - Security policies used to protect, unprotect, and reprotect data.
CoP Ruleset - Instructions used by the Protegrity Data Security Gateway (DSG) to transform data.
For more information about the CoP Ruleset, refer to Ruleset reference.
The following image illustrates how the Data Security Policy that is defined in the ESA reaches the protectors as part of a package. A Data Security Policy is created and deployed in the ESA either using the ESA Web UI or the DevOps API. When the protector sends a request to the ESA, the ESA creates a package containing the policy. The protector then pulls the package and the related metadata. If a change is made to any of the policies that are part of the package, the protector pulls the updated package from the ESA. There can be multiple scenarios when any change in policy is made.
Important: The deployment scenario explained in this section applies to 10.0.x protectors and later.
Overview of the Resilient Deployment Architecture
The following diagram shows a sample deployment architecture for the Resilient Protectors. It shows three sample use cases for downloading the resilient package from the ESA or an upstream server to the protectors.
Important: The preferred use case depends on the type of protector that you are using. Refer the corresponding Protector documentation for more details.
In the first use case, the users create a DevOps process that uses the RPS API to export the resilient package from the ESA to the Immutable protector.
For more information, and example, of using the DevOps process in Application Protectors, refer to the section DevOps Approach for Application Protector.
In the second use case, a Resilient Package Proxy (RPP) is used to download the resilient package from the ESA. An RPP is an HTTP Cache that retrieves the resilient package from the ESA and stores it in its cache. The short lived protector or node then connects to the RPP instead of the ESA to download the resilient package. If the policy is updated in the ESA, then the RPP connects to the ESA to download the updated package.
In the third use case, the Resilient Package Agent (RPA) is installed on the Protector node or pod. The RPA connects to the ESA and downloads the resilient package.
For more information, and example, of using the RP Agent in CDP-PVC-Base, refer to the section Understanding the architecture.