RTV includes an integrated Privacy Tester utility. You can apply a configured set of privacy rules to one or more selected sessions and then to replay them to see the effects. If you use RTV to develop and test privacy rules, complete the following configuration changes.
Privacy rules in RTV are tested against entire sessions.
Privacy is applied and displayed in Request View, Response View, and Replay View.
From the point of capture through replay, the Tealeaf CX system enables the masking or blocking of sensitive data at multiple points of access throughout the system. For security purposes, you can determine the data and the types of privacy rules to apply to sensitive data.
In the CX Passive Capture Application, Windows™ pipeline, and the CX RealiTea Viewer, data privacy is managed through the same mechanisms. This means that you can apply the same privacy configuration at any place in the system. Typically, privacy is applied at PCA for data that must never be displayed in Tealeaf.
In the pipeline, privacy is applied to remove or mask data that should not be searchable, reportable, or replayable using the Privacy session agent or the Extended Privacy session agent, which provides more features not available in the standard session agent.
In RTV, response headers are hidden from display by default. If you use RTV to gather response data for testing privacy rules:
- In the RTV toolbar, click the Response button.
- From the drop-down menu on the Response button, select Full Response.
- In the RTV menu, select View > Show HTTP Response.
Developing privacy rules
When privacy is applied, each active privacy rule is tested against session data.
A privacy rule consists of the following parts:
- Rules are used to determine which hits to select for data blocking, encryption or other Privacy action.
- Tests are comparisons that are used to determine whether an associated action must be taken upon evaluation.
- Actions indicate the data in the hit to process and how to process it.
- Keys determine the privacy keys to utilize for encryption processes. These keys are used for encryption actions only.
Privacy rules development is an iterative process. You must develop simple rules, tests, and actions and test them thoroughly on well-known data. You can then add more sophisticated rules accordingly.
The Privacy session agent documentation contains detailed information about how to develop privacy rules.
Uses of RTV privacy
RTV Privacy works in the same manner as privacy in the Windows pipeline and in the CX Passive Capture Application. With RTV Privacy, you can apply privacy to a controlled set of sessions without affecting the stored versions of them and then immediately replay the outputted sessions. In this manner, RTV can be a useful rules development mechanism.
RTV Privacy is most useful for evaluating the effects of privacy rules on replayed sessions. In this manner, privacy rules that are developed and tested through RTV can be applied to manage privacy for replay.
RTV does not include an integrated editor for rules development. You can choose to develop your privacy rules in the TMS-based Privacy Tester Utility and then acquire the configuration file for use with RTV.
Experienced privacy developers can edit the privacy configuration file directly before they load it into RTV.
Applying privacy through RTV
After you acquire the .cfg
file and modified it to include your new rules, complete the following steps to test those rules in RTV.
Before you begin, you must acquire a privacy configuration file for developing rules and testing them through RTV.
In a Processing server, acquire the following file:
<install_directory>\Privacy.cfg
This file contains the current privacy configuration that is applied to session data when the Privacy session agent is enabled in the Windows pipeline for that server.
If you want to start with the default file provided by Tealeaf, acquire the following file from the Processing server:
<install_directory>\Privacy.cfg.ORIG
You must save a backup version of the file that you are using for development. Later, you can compare the backup to the version you used for development to determine the new rules you created.
Next, develop your privacy rules and apply them to the configuration file you acquired.
- Open RTV.
- Acquire test sessions or a session list in RTV:
- Load a
.tls
or.tla
file in RTV. - Perform a search.
- Load a
- You can save as your baseline test data.
- If you open a session list, select the sessions that you want to test using the Privacy Tester. You can select more than one.
- If you do not select any sessions from a session list, the privacy rules are applied to all sessions in the list.
- From the RTV menu, select Tools > Privacy Tester.... The Privacy Tester dialog is displayed:
- In the Privacy Tester dialog, click Browse....
- Browse your local computer to find the
.cfg
containing your rules in development. Select the file and click Open. - The Privacy Tester dialog is populated with the full path to the
.cfg
file. - To display errors that are detected during privacy evaluation, click theDisplay Errors in Notepad check box. These errors can be saved to a local
.txt
file for further evaluation. - To log all privacy actions applied based on the rules to the request buffer of each modified hit in the session, click theLog All Actions to Request Buffer check box.
Privacy log messages are stored in the
[privacylog]
section of the request of the applicable hit. - For masking on-demand privacy, you can configure the values of the
TL_USER_GROUPS
andTL_USER_NAME
to which to apply privacy rules. Since masking on-demand is applied to a single user at a time, you can specify one user name or a comma-separated list of user groups to which the user might belong. - Click OK.
- The Privacy rules are applied to the selected sessions.
- The results are displayed in a new session list.
- Replay sessions until you can determine whether the privacy rules are applied correctly.
You can review the session to see how the privacy rules were applied.
- Repeat these steps if additional changes are required to your privacy rules.
Deploying privacy rules changes
After you finish developing privacy rules, you can deploy them into the production data processing stream in other areas of the Tealeaf CX system.
- If you are deploying the entire
Privacy.cfg
file that you used in RTV, locate this file on your local computer. - If you are only deploying part of this file, you must acquire as a text snippet the parts that were modified from the source file.
Depending on the destination of your rules changes, use the following links below:
- UI Capture Privacy: When the CX UI Capture for AJAX is installed and deployed for your web application, privacy rules can be configured and applied through the client browser to ensure that private data never enters the Tealeaf system.
Note: CX UI Capture for AJAX is only available to legacy users.
- PCA Privacy: Privacy rules must be configured manually through the Rules tab.
- Windows Pipeline Privacy: Privacy rules are developed and applied through the configuration of the Privacy session agents in TMS.
You can also use TMS to acquire the current privacy configuration file, apply your changes, and then post the file back to the appropriate location on the Processing server.
- Masking on-demand: Privacy rules changes are applied by the Search server to sessions request by replay clients.