Supported forward proxy configurations for Edge

As an Edge or security administrator, you can configure a forward proxy during the Edge site installation process.

Forward proxies allow you to:

  • Securely connect Edge to cloud services.
  • Inspect traffic for security concerns.
  • Align with your organization's network requirements.

We support the following forward proxy configurations:

  1. Explicit proxy
  2. Transparent Proxy

For either type of forward proxy, you can have one of the following configurations:

  • A direct, end-to-end encrypted communication between Edge and your Collibra Platform, and Edge and your data sources. This communication is encrypted using standard TLS encryption protocol. By default, Edge only trusts certificates signed by a Public Certificate Authority.
  • A traffic intercepting configuration, such as a Man-in-the-Middle (MITM) proxy, which allows your proxy to inspect the communication between Edge and your Collibra Platform, and Edge and your data sources. With this configuration, your proxy needs to be able to decrypt and re-encrypt the communication. To do this, you must add private certificates signed by a Private Certificate Authority to your Edge site truststore.

Your forward proxy should be able to handle:

  • Long running requests, typically no longer than 30 seconds.
  • Transfers of large files, up to 100MB.

Your proxy does not need to support websockets.

Explicit proxy

There are two options when you configure an explicit forward proxy for Edge:

  • A direct explicit proxy. This is a proxy in your network that requires you to configure a specific proxy argument and forwards data from your Edge site to your Collibra Platform. If you want to use a direct explicit proxy, you must add the --proxy flag to the Edge site installation script.
  • A man-in-the-middle (MITM) explicit proxy. This is a proxy server that stops all incoming, internal traffic based on your specific proxy argument and decrypts it, before forwarding it. An example of this type of proxy is a Squid proxy with SSLBump. If you want to use a MITM explicit proxy, you must add the --proxy and --ca flags to the Edge site installation script.

Transparent proxy

There are two options when you configure a transparent forward proxy for Edge:

  • A direct transparent proxy. This is a proxy server in your network that forwards data from your Edge site to your Collibra Platform. You don't need to configure anything for this type of forward proxy.
  • A man-in-the-middle (MITM) transparent proxy. This is a proxy that stops all incoming, internal traffic and decrypts it, before forwarding it. An example of this type of proxy is an AWS TLS Inspection. If you want to use a MITM transparent proxy, you must add the --ca flag to the Edge site installation script.

What's next

Install your Edge site with a forward proxy.