Before you enable capture, you might need to configure privacy rules to prevent the unwanted capture of sensitive information, such as customer credit card numbers. If capture is enabled without appropriate privacy rules, unfiltered customer data may be forwarded to the Windows™ pipeline and stored in the Tealeaf databases, where it can be searched by any Tealeaf user with the appropriate permissions.
Tealeaf privacy enables the manipulation, masking, or removal of sensitive information in the request or response traffic. Based upon privacy rules that you configure, this data can be hidden in the traffic that is stored in the Tealeaf database.
During the initial configuration, privacy rules and actions are typically defined at the earliest point in the capture and processing of session data, which occurs at the PCA. By blocking all private data through the PCA, you can be assured that no sensitive information is ever available in the system.
Depending on the volume and type of privacy rules enacted at the PCA and the overall volume of traffic, the PCA server may be unable to keep up with all captured hits and may be forced to drop hits. In these instances, to relieve the processing burden on the PCA, you may choose to move some of the privacy rules processing to the Windows pipeline, which is managed on a different server from the PCA.
- Other issues may cause hits to be dropped at the PCA. For more information, contact Support.
- The PCA server and each Processing Server can be configured to transmit encrypted data, if that additional layer of security is needed.
In the Windows pipeline, privacy is managed by including the Privacy or Extended Privacy session agents in your pipeline configuration. Through either of these two session agents, you can define the same privacy rules and actions that are available in the PCA.
PrivacyEx
) for child pipelines that have HBR enabled. If HBR and PrivacyEx
are enabled for a child pipeline, the service can run out of memory and cause the service to restart unexpectedly. - Extended Privacy session agent is the recommended session agent.
- Privacy is configured through the Pipeline Editor available in TMS.