Data protection proxy deployment

Data protection proxy (DPP) is a small middleware fully managed by your security officer which hides personal data in Zendesk API responses. It works as follows: when Round Robin app needs to get data from your Zendesk account it calls DPP instead real Zendesk API. DPP gets the data from Zendesk, hides all except the data explicitly allowed by your security officer in DPP configuration and returns to the app. To learn more about DPP configuring please check this article. 

Before you begin:

1.  Please contact our customer support support@roundrobin.zendesk.com. We enable the feature for your account.

2. Data protection proxy is available starting from the Enterprise plan of the Round Robin app. Please check your plan. After registration, you have a 30-day trial period with Enterprise plan so you are welcome to test DPP during your trial.

To  deploy it on Google cloud platform you need to make the following steps:

1. Go to Google cloud shell and login with your account you want to use as an owner of your DPP installation.

2. Copy the following commands, paste these to the terminal window and press Enter.

Note:

ERROR: (gcloud.app.create) PERMISSION_DENIED: Read access to project 'yourprojectname'
was denied: please check billing account associated and retry

You just need to check if the project is linked to the Google billing account.

3. Open the file youraccount/dpp/src/main/resources/config.xml. Specify highlighted parameters than click menu File -> Save or press Ctrl+S.

<baseurl>https://yourdomain.zendesk.com</baseurl> - your Zendesk subdomain

Do not add a "/" at the ending of baseurl

<apiuser>user@yourdomain.com/token</apiuser> - the email of Zendesk user on behalf of which DPP will operate.

Add "/token" to the end of your username. For example, "user@domain.com/token"

<proxyurl>https://url_from_settings_page</proxyurl> - that is the value of the "Proxy url" field on the Settings page in the Round Robin app. Just copy the value and paste it after "https://". That string will be used for replacements in case of Zendesk pagination (there is a field "next_page" on the response to let the RR app read next 100 items. DPP should hide the origin Zendesk subdomain as well, thus you need to advice the DPP by which URL the RR app interacts with DPP). You can read more about pagination here: https://developer.zendesk.com/api-reference/introduction/pagination/

<apipassword>yourapipassword</apipassword> - the password of the user. When authenticating with tokens specify your token in this field

<proxyuser>yourproxyuser</proxyuser> - the user name for authentication on DPP

<proxypassword>yourproxypassword</proxypassword> - the password of the user.

 

Warning! never use real Zendesk user credentials in <proxyuser> and <proxypassword> fields.

 

4. Copy the following commands, paste these to the terminal window and press Enter.

cd ~/dpp;mvn clean install;gcloud app deploy ~/dpp/target/dpp.jar -v 1-3 -q;gcloud app browse

When the execution of the commands will be finished follow the link displayed in the terminal window.

Go to the link. If you see the message

{"info":"DPP is ready for operation"} 

- the deployment is completed successfully, your Data protection proxy is ready for operation.

5. Go to the Round Robin app and click Settings. Specify your DPP URL (e.g. dpp-123456789.appspot.com), username which you specified in <proxyuser> field in the config.xml file on the step 3, password or token username which you specified in <proxypassword> field.

Click Test Connection

Note: you need to follow the article https://roundrobin.zendesk.com/hc/en-us/articles/115002537065-Connect-Round-Robin-to-Zendesk if the test of the connection fails.

Click Submit if the test connection is successful.

That's all. Your Round Robin app now is working with your Zendesk account through Data protection proxy and have no access to your customer's personal data.

So, as to update your DPP configuration please make the following steps.  

Data protection proxy is developed on java provided with source code and supports standard maven deployment procedure so you can deploy it on any other cloud which you prefer or on premise.