Protegrity Synthetic Data on

Prerequisites

Mon, 01 Jan 0001 00:00:00 +0000

Ensure the following prerequisites are met:

AWS Setup:
- A Protegrity Provisioned Cluster (PPC) is available.
  For more information about PPC, refer to Protegrity Provisioned Cluster.
- An AWS account with CLI credentials for configuring AWS is available.
- An existing VPC with at least two private subnets is available.
- An S3 bucket for storing Synthetic Data artifacts is available. The S3 bucket should not be KMS encrypted. The bucket must use default SSE-S3 encryption or no encryption.
- An IAM role (for example, arn:aws:iam::<Account_ID>:role/<Role_Name>) with the required S3 permissions (s3:ListBucket, s3:GetObject, s3:PutObject, s3:DeleteObject) must exist before installation.
- Ensure that the jumpbox can connect to the required repositories. If not already authenticated, then log in to the required repository.

For connecting and deploying from the Protegrity Container Registry (PCR), use the following command and the credentials obtained from the My.Protegrity portal during account creation:

helm registry login registry.protegrity.com:9443

For connecting and deploying to the local repository, use your local credentials and local repository endpoint as required.
Obtain the AMI ID for the EKS GPU-optimized image (al2023-x86_64-nvidia-1.34-*) that corresponds to your deployment region.

Note: Each AWS region has a unique AMI ID.

Installing Protegrity Synthetic Data

Mon, 01 Jan 0001 00:00:00 +0000

Helm Deployment

This project deploys the Protegrity Synthetic Data stack on Amazon EKS as a Protegrity AI Team Edition Feature. It uses Helm to deploy Kubernetes workloads.

Deployment Steps

1. Prepare Configuration

Create a namespace for the deployment.

kubectl create namespace syntheticdata-ns

Create a Kubernetes secret using the static IAM access keys for S3 bucket access.
```
kubectl -n syntheticdata-ns create secret generic synthobjectstore-creds \
--from-literal=access_key=YOUR_STATIC_ACCESS_KEY_ID \
--from-literal=secret_key=YOUR_STATIC_SECRET_ACCESS_KEY
```
Note: Use static access keys, not temporary session credentials, when creating this secret. These keys allow the Synthetic Data service to access the configured S3 bucket.

Configuring Protegrity Synthetic Data

Mon, 01 Jan 0001 00:00:00 +0000

Update Role Permission and Create User

After deployment, update the default syntheticdata_administrator role to include can_create_token permission, then create a user with this role.

Step 1: Update `syntheticdata_administrator` role permission

export GATEWAY_URL="https://$(kubectl get configmap/nfa-config -n default -o jsonpath='{.data.FQDN}')"

# 1. Obtain an Authentication Token
TOKEN=$(curl -sk -X POST "${GATEWAY_URL}/api/v1/auth/login/token" \
 -H 'Content-Type: application/x-www-form-urlencoded' \
 -d 'loginname=admin&password=Admin123!' \
 -D - -o /dev/null | grep -i 'pty_access_jwt_token' | awk '{print $2}' | tr -d '\r\n')

curl -sk -X PUT \
 "${GATEWAY_URL}/pty/v1/auth/roles" \
 -H 'accept: application/json' \
 -H "Authorization: Bearer ${TOKEN}" \
 -H 'Content-Type: application/json' \
 -d '{
 "name": "syntheticdata_administrator",
 "description": "Administrator role",
 "permissions": [
 "can_create_token",
 "syntheticdata_operations_admin"
 ]
 }'

Step 2: Create user with `syntheticdata_administrator` role attached

Use the following request payload when creating the user:

Uninstalling and Cleanup Protegrity Synthetic Data

Mon, 01 Jan 0001 00:00:00 +0000

To remove the Synthetic Data and all associated Kubernetes resources:

Clear the deployed release.

helm uninstall pty-synthetic-data -n syntheticdata-ns --wait --timeout 420s

Delete the S3 credentials secret.

kubectl delete secret/synthobjectstore-creds -n syntheticdata-ns

Delete the persistent volume claim.

kubectl delete pvc/syn-db-persistent-storage-syn-db-depl-0 -n syntheticdata-ns

Clear the namespace.

kubectl delete namespace syntheticdata-ns

Optionally clean up any S3 artifacts that are no longer needed.

Protegrity Synthetic Data on

Prerequisites

Installing Protegrity Synthetic Data

Helm Deployment

Deployment Steps

1. Prepare Configuration

Configuring Protegrity Synthetic Data

Update Role Permission and Create User

Step 1: Update syntheticdata_administrator role permission

Step 2: Create user with syntheticdata_administrator role attached

Uninstalling and Cleanup Protegrity Synthetic Data

Step 1: Update `syntheticdata_administrator` role permission

Step 2: Create user with `syntheticdata_administrator` role attached