Supported forward proxy configurations for Edge

For security reasons, you may need your Edge site to connect to cloud services via a forward HTTP proxy. You can configure this forward proxy during the Edge site installation process.

We support the following forward proxy configurations:

  1. Explicit proxy
  2. Transparent Proxy

For either type of forward proxy, you can have one of the following configurations:

  • A direct, end-to-end encrypted communication between Edge and your Collibra Platform, and Edge and your data sources. This communication is encrypted using standard TLS encryption protocol. By default, Edge only trusts certificates signed by a Public Certificate Authority.
  • A traffic intercepting configuration, such as a Man-in-the-Middle (MITM) proxy, which allows your proxy to inspect the communication between Edge and your Collibra Platform, and Edge and your data sources. With this configuration, your proxy needs to be able to decrypt and re-encrypt the communication. In order to do this, you must add private certificates signed by a Private Certificate Authority to your Edge site truststore.

Explicit proxy

There are two options when you configure an explicit forward proxy for Edge:

  • A direct explicit proxy. This is a proxy in your network that requires you to configure a specific proxy argument and forwards data from your Edge site to your Collibra Platform. If you want to use a direct explicit proxy, you must add the --proxy flag to the Edge site installation script.
  • A man-in-the-middle (MITM) explicit proxy. This is a proxy server that stops all incoming, internal traffic based on your specific proxy argument and decrypts it, before forwarding it. An example of this type of proxy is a Squid proxy with SSLBump. If you want to use a MITM explicit proxy, you must add the --proxy and --ca flags to the Edge site installation script.

Transparent proxy

There are two options when you configure a transparent forward proxy for Edge:

  • A direct transparent proxy. This is a proxy server in your network that forwards data from your Edge site to your Collibra Platform. You don't need to configure anything for this type of forward proxy.
  • A man-in-the-middle (MITM) transparent proxy. This is a proxy that stops all incoming, internal traffic and decrypts it, before forwarding it. An example of this type of proxy is an AWS TLS Inspection. If you want to use a MITM transparent proxy, you must add the --ca flag to the Edge site installation script.