Edge FAQ

Question	Answer
Who benefits from using Edge?	All customers who want to ingest data into Collibra Platform benefit from Edge. Some of the benefits for using Edge are: Data is processed in the customer's secure environment and only the process results are sent to Collibra Platform. Edge can automatically anonymize sensitive profiling data before sending it to Collibra Platform. Edge can automatically classify the metadata and send the classification results together with the profiling results to Collibra Platform. Edge enables better profiling performance, because data no longer has to be copied or moved. Edge can execute capabilities in parallel, considering this is dependent of available resources. Jobserver only executes capability jobs sequentially.
Why should I migrate from Jobserver to Edge?	Edge provides our customers with all of the capabilities provided with Jobserver, but with better security controls and added capabilities. Edge provides seamless native integrations and on-site data processing solutions that prioritize security and proximity to the data, while keeping the processing of your data within your own environment. For more information, go to Migrate to Edge from Jobserver. The main differences between Edge and Jobserver are the following: Edge is based on Kubernetes, a distributed runtime, which means: It offers built in resource management. It has reliable delivery of results to Collibra Platform. Edge provides the ability to mirror images in your private docker registry to better fit your security policy. Edge offers two upgrade modes to best suit your needs: Automatic and Manual. Edge is a Collibra service compatible with on-premises as well as cloud environments. Edge offers continuous delivery of capability types and updates will be delivered on a regular basis. Edge updates are included with Collibra Platform releases. New capabilities will not be developed for Jobserver, as it will be made end of life from September 30, 2024. We recommend migrating to Edge before this date.
Can Edge run alongside Jobserver?	Yes, both can technically be run at the same time, however, we strongly recommend that you do not install both Jobserver and Edge on the same server. Edge should be installed on its own dedicated server.
What does the Edge architecture look like?	You can see how Edge interacts with other components in this architecture and components overview.
Can Edge use Kubernetes provided by a Cloud vendor, for example Google Kubernetes Engine (GKE), Azure Kubernetes Services (AKS) or Amazon Elastic Kubernetes Service (EKS)?	Yes, you can install Edge on the following managed Kubernetes clusters: Azure Kubernetes Service (AKS) AWS Fargate using EKS Amazon EKS Google Kubernetes Engine (GKE) OpenShift Currently, we only support basic integrations with these Cloud services. Please contact your Account Team if you have any questions. Note Alternatively, if you install Edge on a Cloud environment, the Edge site installer includes the k3s Kubernetes version.
Can you use Autopilot mode if your Edge site is installed on a Google Kubernetes Engine (GKE) cluster?	Yes, but we cannot support troubleshooting your Edge site installed on a GKE cluster if Autopilot mode is enabled.
Can Edge be installed on Windows servers?	If you use Microsoft technologies, you can install your Edge site on a managed Azure Kubernetes Service (AKS) cluster. We prioritize your experience on Linux-based operating systems, and as such, because Microsoft does not currently provide seamless support for k8s clusters and container technology, we do not provide support for Edge installations on any other Microsoft technologies at this time.
Can Edge be installed on a cluster with existing resources?	From the 2024.05 Edge release, Edge sites can be installed on shared Kubernetes clusters. To learn more, go to the system requirements for installing Edge on a managed, shared Kubernetes cluster.
What are the supported data sources on Edge?	You can find the list of supported data sources in the Data sources supported by Edge section.
How does authentication from Edge to the customer's data sources work?	Authentication to data sources depends on the source type that the capability is connecting to. JDBC sources are covered via Edge connection providers. Other sources are accessed in different ways by capabilities themselves.
Can you connect using a cloud provider key manager such as AWS Secrets Manager, GCP Secret Manager or Azure Key Vault?	Yes, you can integrate your Edge site with the following vault providers: CyberArk Vault HashiCorp Vault Azure Key Vault AWS Secrets Manager Google Secret Manager
Why do you not support CentOS Linux 8?	CentOS Linux 8 has been made end-of-life. We are committed to using the latest technologies to ensure the best performance of our software, and as such RedHat 8 is required in order to receive support for Edge installations.
How does Edge connect to Collibra Platform?	An Edge site is installed in the customer's environment, close to the data source. The Edge site communicates to Collibra Platform using an outbound HTTPS connection via port 443.
Does deleting an Edge site delete the data from capabilities already ingested in Collibra Platform?	No. When you delete an Edge site, only the site and its configurations are deleted. Data that has already been ingested in Collibra Platform must be deleted manually.
Is Edge on premises or in the Cloud?	Edge is always close to your data, and therefore can be on your premises or in a private or public Cloud setup.
Who controls Edge?	Edge is controlled by the customer through local access via the Collibra Platform user interface. You can also use local access via the Linux shell for advanced troubleshooting when Edge is unable to connect. For more information, go to About Edge.
How is Edge updated?	Edge sites can be configured to either upgrade automatically whenever a new version is released, or upgrade manually, in order to control when and to which version your sites are upgraded. For more information, go to Upgrading an Edge site.
Can an Edge site connect to more than one Collibra environment?	No. Every Edge site belongs and authenticates to only one Collibra Platform environment.
Can Edge use customer-provided certificates to connect to Collibra Platform?	Currently, we do not support this. Edge is a Collibra product that can run on the customer's on-premises or cloud environment. The authentication between the Edge site and Collibra Platform is controlled and secured by Collibra. The keys and credentials are generated when you install the Edge site.
When do internal K3S certificates expire?	The internal K3S certificates expire 12 months after the initial installation. You should restart the K3S-based Edge site in the last 3 months to ensure the internal certificates are rotated. If not, restart K3S or reinstall the Edge site.
Does Edge implement Cross-Site Request Forgery (CSRF) tokens?	Yes, the Edge management user interface can now implement CSRF tokens. Note The CSRF token needs to be unique per user session and should be a large, random value.
Does Edge support mTLS when connecting to Collibra Platform?	Currently, we do not support this.
Is Edge horizontally scalable?	Yes, Edge sites installed on a managed, shared Kubernetes cluster are horizontally scalable.
Does Edge support High Availability and disaster recovery?	Edge does not support High Availability, but core Edge services can be replicated if Edge is installed on a multi-node cluster, and Edge capabilities can be restarted in the event of a failure. Disaster recovery is supported through regular backups. More information about our disaster recovery process can be found in this overview.
What troubleshooting information is collected and where is it stored?	When Edge is operational and has deployed running capabilities, jobs or services, it can collect information on multiple levels: Infrastructure logs - default level info is collected, sent to the Cloud and accessible by Collibra. Edge system monitoring - sent to the Cloud and accessible by Collibra. Metadata connector logs - off by default and accessible by the customer . Edge diagnostics - information is collected on demand by the customer on site and sent to Collibra as part of the support ticket.
Edge Sample Data capability: Can everybody see sample data? How is sample data queried from the database? Which user account pulls the sample data from the database?	The Sample Data capability for Edge is a feature and needs to be activated. Only users with the permission will be able to view the sample data. Samples are queried from the data source upon request. The samples will be pulled from the database using the ID of the account specified in the Edge connection.
Can metrics data from an Edge site be sent to Collibra through a private link instead of over the Internet?	No, this data can only be sent over the Internet.
What are Edge security considerations?	Edge is designed around security first principles. Several highlights: No inbound connectivity - Edge site is always polling the platform via a REST endpoint. Data is not stored on Edge after a job has finished. Credentials are managed by Edge and not accessible outside of it. Credentials on Edge site are encrypted with the key secured in the Collibra Data Governance Center. Credentials can be updated both for data sources and Collibra Data Governance Center. With the Edge Smart Upgrade feature, you can configure your Edge sites to upgrade manually. Manual upgrade allows you to run security scans on images included in a new release version before upgrading your Edge site version. Furthermore, these security scans can be performed in your own private docker registry. For more information on how your Edge sites can be upgraded, go to Upgrading an Edge site. For more information about security scanning, go to Collibra's vulnerability and scanning policy.
How are secrets stored on an Edge site?	You can find the details of how Edge stores secrets in this Storing secrets overview.

Who benefits from using Edge?

All customers who want to ingest data into Collibra Platform benefit from Edge.

Some of the benefits for using Edge are:

Data is processed in the customer's secure environment and only the process results are sent to Collibra Platform.
Edge can automatically anonymize sensitive profiling data before sending it to Collibra Platform.
Edge can automatically classify the metadata and send the classification results together with the profiling results to Collibra Platform.
Edge enables better profiling performance, because data no longer has to be copied or moved.
Edge can execute capabilities in parallel, considering this is dependent of available resources. Jobserver only executes capability jobs sequentially.

Why should I migrate from Jobserver to Edge?

Edge provides our customers with all of the capabilities provided with Jobserver, but with better security controls and added capabilities. Edge provides seamless native integrations and on-site data processing solutions that prioritize security and proximity to the data, while keeping the processing of your data within your own environment. For more information, go to Migrate to Edge from Jobserver.

The main differences between Edge and Jobserver are the following:

Edge is based on Kubernetes, a distributed runtime, which means:
- It offers built in resource management.
- It has reliable delivery of results to Collibra Platform.
Edge provides the ability to mirror images in your private docker registry to better fit your security policy.
Edge offers two upgrade modes to best suit your needs: Automatic and Manual.
Edge is a Collibra service compatible with on-premises as well as cloud environments.
Edge offers continuous delivery of capability types and updates will be delivered on a regular basis.
Edge updates are included with Collibra Platform releases.

New capabilities will not be developed for Jobserver, as it will be made end of life from September 30, 2024. We recommend migrating to Edge before this date.

Can Edge run alongside Jobserver?

Yes, both can technically be run at the same time, however, we strongly recommend that you do not install both Jobserver and Edge on the same server. Edge should be installed on its own dedicated server.

What does the Edge architecture look like?

You can see how Edge interacts with other components in this architecture and components overview.

Can Edge use Kubernetes provided by a Cloud vendor, for example Google Kubernetes Engine (GKE), Azure Kubernetes Services (AKS) or Amazon Elastic Kubernetes Service (EKS)?

Yes, you can install Edge on the following managed Kubernetes clusters:

Azure Kubernetes Service (AKS)
AWS Fargate using EKS
Amazon EKS
Google Kubernetes Engine (GKE)
OpenShift

Currently, we only support basic integrations with these Cloud services. Please contact your Account Team if you have any questions.

Note Alternatively, if you install Edge on a Cloud environment, the Edge site installer includes the k3s Kubernetes version.

Can you use Autopilot mode if your Edge site is installed on a Google Kubernetes Engine (GKE) cluster?

Yes, but we cannot support troubleshooting your Edge site installed on a GKE cluster if Autopilot mode is enabled.

Can Edge be installed on Windows servers?

If you use Microsoft technologies, you can install your Edge site on a managed Azure Kubernetes Service (AKS) cluster.

We prioritize your experience on Linux-based operating systems, and as such, because Microsoft does not currently provide seamless support for k8s clusters and container technology, we do not provide support for Edge installations on any other Microsoft technologies at this time.

Can Edge be installed on a cluster with existing resources?

From the 2024.05 Edge release, Edge sites can be installed on shared Kubernetes clusters. To learn more, go to the system requirements for installing Edge on a managed, shared Kubernetes cluster.

What are the supported data sources on Edge?

You can find the list of supported data sources in the Data sources supported by Edge section.

How does authentication from Edge to the customer's data sources work?

Authentication to data sources depends on the source type that the capability is connecting to. JDBC sources are covered via Edge connection providers. Other sources are accessed in different ways by capabilities themselves.

Can you connect using a cloud provider key manager such as AWS Secrets Manager, GCP Secret Manager or Azure Key Vault?

Yes, you can integrate your Edge site with the following vault providers:

CyberArk Vault
HashiCorp Vault
Azure Key Vault
AWS Secrets Manager
Google Secret Manager

Why do you not support CentOS Linux 8?

CentOS Linux 8 has been made end-of-life. We are committed to using the latest technologies to ensure the best performance of our software, and as such RedHat 8 is required in order to receive support for Edge installations.

How does Edge connect to Collibra Platform?

An Edge site is installed in the customer's environment, close to the data source. The Edge site communicates to Collibra Platform using an outbound HTTPS connection via port 443.

Does deleting an Edge site delete the data from capabilities already ingested in Collibra Platform?

No. When you delete an Edge site, only the site and its configurations are deleted. Data that has already been ingested in Collibra Platform must be deleted manually.

Is Edge on premises or in the Cloud?

Edge is always close to your data, and therefore can be on your premises or in a private or public Cloud setup.

Who controls Edge?

Edge is controlled by the customer through local access via the Collibra Platform user interface. You can also use local access via the Linux shell for advanced troubleshooting when Edge is unable to connect. For more information, go to About Edge.

How is Edge updated?

Edge sites can be configured to either upgrade automatically whenever a new version is released, or upgrade manually, in order to control when and to which version your sites are upgraded. For more information, go to Upgrading an Edge site.

Can an Edge site connect to more than one Collibra environment?

No. Every Edge site belongs and authenticates to only one Collibra Platform environment.

Can Edge use customer-provided certificates to connect to Collibra Platform?

Currently, we do not support this.

Edge is a Collibra product that can run on the customer's on-premises or cloud environment. The authentication between the Edge site and Collibra Platform is controlled and secured by Collibra. The keys and credentials are generated when you install the Edge site.

When do internal K3S certificates expire?

The internal K3S certificates expire 12 months after the initial installation. You should restart the K3S-based Edge site in the last 3 months to ensure the internal certificates are rotated. If not, restart K3S or reinstall the Edge site.

Does Edge implement Cross-Site Request Forgery (CSRF) tokens?

Yes, the Edge management user interface can now implement CSRF tokens.

Note The CSRF token needs to be unique per user session and should be a large, random value.

Does Edge support mTLS when connecting to Collibra Platform?

Currently, we do not support this.

Is Edge horizontally scalable?

Yes, Edge sites installed on a managed, shared Kubernetes cluster are horizontally scalable.

Does Edge support High Availability and disaster recovery?

Edge does not support High Availability, but core Edge services can be replicated if Edge is installed on a multi-node cluster, and Edge capabilities can be restarted in the event of a failure.

Disaster recovery is supported through regular backups. More information about our disaster recovery process can be found in this overview.

What troubleshooting information is collected and where is it stored?

When Edge is operational and has deployed running capabilities, jobs or services, it can collect information on multiple levels:

Infrastructure logs - default level info is collected, sent to the Cloud and accessible by Collibra.
Edge system monitoring - sent to the Cloud and accessible by Collibra.
Metadata connector logs - off by default and accessible by the customer .
Edge diagnostics - information is collected on demand by the customer on site and sent to Collibra as part of the support ticket.

Edge Sample Data capability:

Can everybody see sample data?
How is sample data queried from the database?
Which user account pulls the sample data from the database?

The Sample Data capability for Edge is a feature and needs to be activated.

Only users with the permission will be able to view the sample data.
Samples are queried from the data source upon request.
The samples will be pulled from the database using the ID of the account specified in the Edge connection.

Can metrics data from an Edge site be sent to Collibra through a private link instead of over the Internet?

No, this data can only be sent over the Internet.

What are Edge security considerations?

Edge is designed around security first principles. Several highlights:

No inbound connectivity - Edge site is always polling the platform via a REST endpoint.
Data is not stored on Edge after a job has finished.
Credentials are managed by Edge and not accessible outside of it.
Credentials on Edge site are encrypted with the key secured in the Collibra Data Governance Center.
Credentials can be updated both for data sources and Collibra Data Governance Center.
With the Edge Smart Upgrade feature, you can configure your Edge sites to upgrade manually. Manual upgrade allows you to run security scans on images included in a new release version before upgrading your Edge site version. Furthermore, these security scans can be performed in your own private docker registry. For more information on how your Edge sites can be upgraded, go to Upgrading an Edge site.

For more information about security scanning, go to Collibra's vulnerability and scanning policy.

How are secrets stored on an Edge site?

You can find the details of how Edge stores secrets in this Storing secrets overview.