Communication between Edge and Collibra

Edge operates over an outbound-only model — it executes tasks as commands polled from your Collibra platform. All data is encrypted in transit between your Edge site and the Collibra Data Intelligence Platform via certificates issued by a Collibra-chosen Certificate Authority (CA) over TLS 1.3 and basic authentication. However, if there is a forward proxy server between the Edge site and Collibra, you have to use the proxy server's CA.

A user account is generated for communicating to Collibra each time the Edge site installer is downloaded. This user account is unique to each Edge site. It is possible to change the password of this user account by following the steps outlined in our Update Edge user password article.

  • Edge for commercial customers
  • Edge for Collibra Cloud for Government
  • Edge for Collibra Platform Self-Hosted

Edge for commercial customers is a Collibra solutions that allows your Collibra Data Intelligence Platform to safely connect to your data sources hosted in an on-premise or cloud environment.

Communication flow between Edge and Collibra Data Intelligence Cloud

Edge for Collibra Cloud for Government is a Collibra solutions that allows your Collibra Data Intelligence Platform to safely connect to your data sources hosted in an on-premise or cloud environment.

Communication flow between Edge and Collibra Data Intelligence Cloud

Collibra Platform Self-Hosted (CPSH) is a Collibra solution that allows you to install your Collibra Data Intelligence Platform on an infrastructure of your choice. For Edge, this means that you are hosting both your Collibra platform and your Edge site. For more information about CPSH, go to our CPSH documentation.

  • Edge sites always use REST API endpoints to establish connections.
  • Edge requires access to a Collibra server. It is needed for:
    • Reading a request queue, which is a queue with jobs that need to be run on Edge.
    • Returning the metadata results of Edge jobs.
  • Edge manages Collibra Data Intelligence Platform and data source credentials. This has the following consequences:
    • Credentials are not accessible outside of Edge.
    • Credentials used on an Edge site are encrypted with a key that is secured in Collibra.
    • Credentials of data sources and Collibra can be updated if necessary.
  • All configuration parameters, files or strings marked as secret, are stored on the Edge site encrypted with a public key that resides in Collibra. The private part of that key is encrypted with a public key from the Edge site. As a result, secrets can only be decrypted with both key pairs, one residing on the Edge site and the other on Collibra.
  • An Edge site communicates over a secure channel with your Collibra environment using certificates, issued by a Collibra-chosen Certificate Authority (CA). However, if there is a forward proxy server between the Edge site and Collibra, you have to use the proxy server's CA.