Prerequisites
Requirements before installing the protector.
Google Cloud Services
The following table describes the Google Cloud services that may a part of your Protegrity installation.
| Service | Description |
|---|---|
| Cloud Run Functions | Provides serverless compute for Protegrity protection operations and the ESA integration to fetch policy updates. |
| Key Management Service | Provides cryptographic keys for envelope encryption/decryption of the policy. |
| Secret Manager Service | Stores secrets required during deployment, e.g., ESA credentials. |
| Cloud Storage Service | Storage location for the encrypted ESA policy package. |
| Identity and Access Management | Enforces access policies for deployed resources. |
| Cloud Logging Service | Application and audit logs, performance monitoring, and alerts. |
| Cloud VPC | Required for securing network access to On-Prem or cloud-based ESA. |
| Pub/Sub | Provides a messaging service when forwarding audit logs to ESA is enabled. |
| BIgQuery Connection API | Allows creating connection from BigQuery to Protect Cloud Function. |
ESA Version Requirements
The Protector and Log Forwarder functions require a security policy from a compatible ESA version.
The table below shows compatibility between different Protector and ESA versions.
Note
For the latest up-to-date information refer to: Protegrity Compatibility Matrix| Protector Version | ESA Version | |||
|---|---|---|---|---|
| 8.x | 9.0 | 9.1 & 9.2 | 10.0 | |
| 2.x | No | Yes | * | No |
| 3.0.x & 3.1.x | No | No | Yes | No |
| 3.2.x | No | No | Yes | * |
| 4.0.x | No | No | No | Yes |
Legend | |
|---|---|
Yes | Protector was designed to work with this ESA version |
No | Protector will not work with this ESA version |
* | Backward compatible policy download supported:
|
Prerequisites
| Requirement | Detail |
|---|---|
| Protegrity distribution and installation scripts | These artifacts are provided by Protegrity |
| Protegrity ESA 10.0+ | The Cloud VNet must be able to obtain network access to the ESA |
| Google Cloud Account | Recommend creating a new project for Protegrity Serverless |
| Terraform CLI v0.14 or higher | Terraform is used to deploy resources to Google Cloud Account |
Required Skills and Abilities
| Requirements | Description |
|---|---|
| GCP Cloud Administrator | Run Terraform (or perform steps manually), create/configure a VPC and IAM permissions. |
| Protegrity Administrator | The ESA credentials required to extract the policy for the Policy Agent |
| Network Administrator | Open firewall to access ESA and evaluate Google Cloud network setup |
Feedback
Was this page helpful?