Deployment models for Data Security Broker

Private VPC ROKS cluster

If you are planning your deployment on a private Red Hat® OpenShift® cluster, follow the steps below after installing Data Security Broker Manager and Data Security Broker Shield to get the public Data Security Broker Manager URL and a private Data Security Broker Shield URL.

Data Security Broker Manager on a private Red Hat OpenShift cluster

1. If you do not have access to the Red Hat OpenShift console to access the cluster, you can follow the two steps mentioned below to fetch the Data Security Broker Manager URL:

   a. Using the Virtual Machine (VM) user interface deployed within the VPC.

   • Login to the Red Hat OpenShift cluster using ibmcloud shell, and execute the following command:

     oc get routes dsb-manager -n <data_security_broker_manager_deployment_projectname>
     

   where data_security_broker_manager_deployment_projectname is the project name that you created or selected during the Data Security Broker Manager installation.

   • Login to the virtual machine and open the Data Security Broker Manager URL, that is obtained from the previous step.

   b. Create a public Load Balancer (LB).

   • Login to the Red Hat Openshift cluster using ibmcloud shell, and execute the following command:

    ```sh {: codeblock}
    oc get routes dsb-manager -n <data_security_broker_manager_deployment_projectname>
    ```      
   

   where data_security_broker_manager_deployment_projectname is the project name that you created or selected during the Data Security Broker Manager installation.

   • Create a YAML file with the below format for the load balancer resource.

     apiVersion: v1
     kind: Service
     metadata:
     labels:
       app: dsb-nginx
       name: dsb-nginx-public
     spec:
       ports:
         - port: 443
         protocol: TCP
         targetPort: 8443
     selector:
         app: dsb-nginx
     type: LoadBalancer
     

   • Execute the command to apply the YAML file:

     oc apply -f <YAML> -n <data_security_broker_manager_deployment_projectname>
     

   • Wait for the load balancer to get into Active state. This process might take from five to ten minutes.

   • Fetch the load balancer URL by executing the command:

     oc get svc dsb-nginx-public -n <data_security_broker_manager_deployment_projectname>
     

Data Security Broker Shield on a private Red Hat OpenShift cluster

1. After you install Data Security Broker Shield in a private Red Hat OpenShift cluster, by default, a public Load Balancer IP is provisioned.

2. If you require a private Load Balancer, you can use create a YAML file for the load balancer with the format mentioned below.

   apiVersion: v1
    kind: Service
    metadata:
      annotations:
      service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "private"
    labels:
      app: <dsb-deployment-name>
      name: dsb-shield-private
    spec:
      ports:
        - port: 8444
          protocol: TCP
          targetPort: 8444
    selector:
      app: <dsb-deployment-name>
    type: LoadBalancer
   

   where dsb-deployment-name is the name of the Data Security Broker Shield deployment in your project. To get your dsb-deployment-name, execute the following command from your project, where you have installed Data Security Broker Shield.

   helm list -n <project_name> | grep shield
   

3. Execute the command to apply the YAML file:

   oc apply -f <YAML> -n <data_security_broker_manager_deployment_projectname>
   

4. Wait for the load balancer to get into Active state. This process might usually take from five to ten minutes.

5. Fetch the load balancer URL by executing the command:

   oc get svc dsb-nginx-public -n <data_security_broker_manager_deployment_projectname>
   

Private VPC IKS cluster

Data Security Broker Manager on a private IBM Cloud® Kubernetes Service cluster

1. After you install Data Security Broker Manager in a private IBM Cloud Kubernetes Service cluster, by default, a public Load Balancer IP is provisioned.

2. If you require a private Load Balancer, you can use create a YAML file for the load balancer with the format mentioned below.

   apiVersion: v1
    kind: Service
      metadata:
    annotations:
      service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "private"
    labels:
      app: dsb-nginx
      name: dsb-nginx-private
    spec:
      ports:
      - port: 443
      protocol: TCP
      targetPort: 8443
    selector:
      app: dsb-nginx
      type: LoadBalancer
   

3. Execute the command to apply the YAML file:

   kubectl apply -f <YAML> -n <data_security_broker_manager_deployment_name_of_the_namespace>
   

   where data_security_broker_manager_deployment_name_of_the_namespace is the namespace name that you created or selected during the Data Security Broker Manager installation.

4. Wait for the load balancer to get into Active state. This process might usually take from five to ten minutes.

5. Fetch the load balancer URL by executing the command:

   kubectl get svc dsb-nginx-private -n <data_security_broker_manager_deployment_nameo_of_the_namespace>
   

Data Security Broker Shield on a private IBM Cloud Kubernetes Service cluster

1. After you install Data Security Broker Shield in a private IBM Cloud Kubernetes Service cluster, by default, a public Load Balancer IP is provisioned.

2. If you require a private Load Balancer, you can use create a YAML file for the load balancer with the format mentioned below.

   apiVersion: v1
    kind: Service
      metadata:
    annotations:
      service.kubernetes.io/ibm-load-balancer-cloud-provider-ip-type: "private"
    labels:
      app: <dsb-deployment-name>
      name: dsb-shield-private
    spec:
      ports:
      - port: 8444
      protocol: TCP
      targetPort: 8444
    selector:
      app: <dsb-deployment-name>
      type: LoadBalancer
   

   where dsb-deployment-name is the name of the Data Security Broker Shield deployment in your namespace. To get your dsb-deployment-name, execute the following command from your namespace, where you have installed Data Security Broker Shield.

   helm list -n <namespace_name> | grep shield
   

3. Execute the command to apply the YAML file:

   kubectl apply -f <YAML> -n <data_security_broker_shield_deployment_name_of_the_namespace>
   

   where data_security_broker_shield_deployment_name_of_the_namespace is the namespace name that you created or selected during the Data Security Broker Shield installation.

4. Wait for the load balancer to get into Active state. This process might usually take from five to ten minutes.

5. Copy the load balancer by executing the command:

   kubectl get svc dsb-nginx-private -n <data_security_broker_shield_deployment_nameo_of_the_namespace>
   

Data Security Broker Manager and Data Security Broker Shield in different or multiple private VPC clusters

If you are planning to install Data Security Broker Manager and Data Security Broker Shield in different or multiple private VPC clusters, you have two options:

1. Using VPC VPN connectivity: Refer to Setting up VPC VPN connectivity for more details on how to setup the VPC VPN connectivity.

2. Using Tansit Gateway: Refer to IBM Cloud Transit Gateway for more details on how to use the transit gateway method.