Data source support
The Continuous Compliance service supports profiling, masking, and tokenizing a variety of different data sources including distributed databases, mainframes, PaaS databases, and files. At a high level, Continuous Compliance breaks up support for data sources into two categories:
Delphix connectors: These are data sources that the Delphix Engine can connect to directly using built-in connectors that have been optimized to perform masking, profiling, and tokenization. Delphix Connectors are available as Standard Connectors and Select Connectors. Standard Connectors are bundled with the Continuous Compliance Engine. Select Connectors are an add-on to the Delphix engine and require a separate installation and configuration process.
FEML sources: FEML (File Extract Mask and Load) is a method used to mask and tokenize data sources that do not have dedicated Delphix Connectors. FEML uses existing APIs from data sources to extract the data to a file, masks the file, and then uses APIs to load the masked file back into the database.
Standard connectors
The Delphix Engine has standard masking connectors for the following data sources:
Distributed database: Db2 LUW, Oracle, MS SQL, MySQL, SAP ASE (Sybase), PostgreSQL, MariaDB
Mainframe/Midrange: Db2 Z/OS, Db2 iSeries, Mainframe data sets
Files: Fixed Width, Delimited, XML
For a detailed view of all the versions, features, etc. Delphix supports each data source - see the sections below.
Select connectors
The Delphix Engine has Select masking connectors for the following data sources:
Distributed database: Salesforce (Compliance Accelerator documentation), CockroachDB, YugabyteDB, and SAP HANA 2.0 (SAP Compliance documentation)
Db2 LUW connector
Introduction
Db2 for Linux, UNIX, and Windows is a database server product developed by IBM. Sometimes called Db2 LUW for brevity, it is part of the Db2 family of database products. Db2 LUW is the "Common Server" product member of the Db2 family, designed to run on the most popular operating systems. By contrast, all other Db2 products are specific to a single platform.
Support matrix
Platforms | Versions | Feature | Availability |
|---|---|---|---|
Unix | 11.1 | TLS/SSL | Available |
Linux | 11.5 | Password Vault | Available |
Windows | Kerberos | Unavailable | |
In-place Masking Mode | |||
Multi-tenant | Available | ||
Streams/Threads | Available | ||
Batch Update | Available | ||
Drop Indexes | Available | ||
Drop Triggers | Available | ||
Drop Constraints | Available | ||
Identity Column Support | Available | ||
On-the-fly Masking Mode | |||
Restart Ability | Available | ||
Truncate | Available | ||
Drop Triggers | Available | ||
Drop Constraints | Available | ||
Profiling | |||
Multi-tenant | Available | ||
Streams | Available | ||
TLS/SSL setup
Add the database’s certificate in the setup application using instructions in the Adding a certificate section, in the TrustStore settings page.
Restart the Compliance engine.
Create a Db2 connector in Continuous Compliance with the relevant parameters. Upload a properties file for the connector with the following:
sslConnection = True
Oracle connector
Introduction
Oracle Database (commonly referred to as Oracle RDBMS or simply as Oracle) is a multi-model database management system produced and marketed by Oracle Corporation.
Support matrix
Platforms | Versions | Feature | Availability |
Unix | 11.2 | TLS/SSL | Available |
Linux | 12c | Password Vault | Available |
Windows | 12cR | Kerberos | Available |
AWS RDS | 18c | In-place Masking Mode | |
OCI DBaaS on Bare Metal | 19c | Multi-tenant | Available |
OCI DBaaS on VM | 21c | Streams/Threads | Available |
Batch Update | Available | ||
Drop Indexes | Available | ||
Disable Triggers | Available | ||
Disable Constraints | Available | ||
Identity Column Support | Available | ||
On-the-fly Masking Mode | |||
Restart Ability | Available | ||
Truncate | Available | ||
Disable Triggers | Available | ||
Disable Constraints | Available | ||
Profiling | |||
Multi-tenant | Available | ||
Streams | Available | ||
TLS/SSL setup
Add the database’s certificate in the setup application using instructions in the Adding a certificate section, in the TrustStore settings article.
Restart the Compliance engine.
Create an Oracle connector in Continuous Compliance with JDBC URL, similar to below examples, depending upon the Oracle database and certificate configuration.
Note: SSL connection with BASIC Oracle connector is not supported.CODEjdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servername)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=servicename))) jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servername)(PORT=2484))(CONNECT_DATA=(SID=SID_NAME))) jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servername)(PORT=2484))(CONNECT_DATA=(SID=SID_NAME))(SECURITY=(SSL_SERVER_CERT_DN="CN=<certificate cn_name>")))
MS SQL connector
Introduction
Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network (including the Internet).
Support matrix
Platforms | Versions | Feature | Availability |
|---|---|---|---|
Unix | 2012 | TLS/SSL | Available |
Linux | 2014 | Password Vault | Available |
Windows | 2016 | Kerberos | Available |
AWS RDS | 2017 | In-place Masking Mode | |
Azure SQL | 2019 | Multi-tenant | Available |
Azure Managed Instance | 2022 | Streams/Threads | Available |
Azure SQL Data Warehouse | Batch Update | Available | |
Google Cloud SQL Server | Drop Indexes | Available | |
Disable Triggers | Available | ||
Disable Constraints | Available | ||
Identity Column Support | Available | ||
On-the-fly Masking Mode | |||
Restart Ability | Available | ||
Truncate | Available | ||
Disable Triggers | Available | ||
Disable Constraints | Available | ||
Profiling | |||
Multi-tenant | Available | ||
Streams | Available | ||
TLS/SSL setup
Add the database’s certificate in the setup application using instructions in the Adding a certificate section, in the TrustStore settings article.
Restart the Compliance engine.
Create a MSSQL connector in Continuous Compliance with the relevant parameters. Upload a properties file for the connector with the following:
CODEencrypt = true trustServerCertificate = false / true <—---- Depending upon whether to directly accept the database certificate without checking certificate common-name hostNameInCertificate = 10-110-229-143.qa-ad.delphix.com <—---- This property is only required in case trustServerCertificate is set to false
PostgreSQL connector
Introduction
PostgreSQL, often simply Postgres, is an object-relational database management system (ORDBMS) with an emphasis on extensibility and standards compliance. PostgreSQL is developed by the PostgreSQL Global Development Group, a diverse group of many companies and individual contributors. It is free and open-source, released under the terms of the PostgreSQL License, a permissive software license.
Support matrix
Platforms | Versions | Feature | Availability |
|---|---|---|---|
Unix | 9.2 | TLS/SSL | Available |
Linux | 9.3 | Password Vault | Available |
Windows | 9.4 | Kerberos | Unavailable |
AWS RDS | 9.5 | In-place Masking Mode | |
AWS Aurora | 9.6 | Multi-tenant | Available |
Azure Database for PostgreSQL | 10 | Streams/Threads | Available |
Google Cloud SQL PostgreSQL | 11 | Batch Update | Available |
12 | Drop Indexes | Available | |
13 | Disable Triggers | Available | |
14 | Drop Constraints | Available | |
Enterprise DB | Identity Column Support | Available | |
On-the-fly Masking Mode | |||
Restart Ability | Unavailable | ||
Truncate | Available | ||
Disable Triggers | Available | ||
Drop Constraints | Available | ||
Profiling | |||
Multi-tenant | Available | ||
Streams | Unavailable | ||
TLS/SSL setup
Add the database’s certificate in the setup application using instructions in the Adding a certificate section, in the TrustStore settings article.
Restart the Compliance engine.
Create a PostgreSQL connector in Continuous Compliance with the relevant parameters. Upload a properties file for the connector with the following:
CODEssl=true sslmode=verify-full sslfactory=org.postgresql.ssl.DefaultJavaSSLFactoryNote: To use the verify-full setting (highest security), the PostgreSQL database certificate’s Common Name (CN) field must match the hostname. To check the CN value in the certificate:
openssl x509 -in server.crt -text -noout
MySQL / MariaDB connector
Introduction
MySQL is an open-source relational database management system (RDBMS). MySQL was owned and sponsored by a single for-profit firm, the Swedish company MySQL AB. MySQL is now owned by Oracle Corporation.
MariaDB is a community-developed fork of the MySQL relational database management system intended to remain free under the GNU GPL. Development is led by some of the original developers of MySQL, who forked it due to concerns over its acquisition by Oracle Corporation.
A MySQL Connector may be used to connect to either a MySQL or MariaDB database instance.
MySQL support matrix
Platforms | Versions | Feature | Availability |
|---|---|---|---|
Unix | 5.5 | TLS/SSL | Available |
Linux | 5.6 | Password Vault | Available |
Windows | 5.7 | Kerberos | Unavailable |
AWS RDS | 8 | In-place Masking Mode | |
AWS Aurora | Multi-tenant | Available | |
Azure Database for MySQL | Streams/Threads | Available | |
Google Cloud SQL MySQL | Batch Update | Available | |
Drop Indexes | Available | ||
Disable Triggers | Unavailable | ||
Disable Constraints | Unavailable | ||
Identity Column Support | Available | ||
On-the-fly Masking Mode | |||
Restart Ability | Unavailable | ||
Truncate | Available | ||
Disable Triggers | Unavailable | ||
Disable Constraints | Unavailable | ||
Profiling | |||
Multi-tenant | Available | ||
Streams | Available | ||
MariaDB support matrix
Platforms | Versions | Feature | Availability |
|---|---|---|---|
Unix | 10 | TLS/SSL | Available |
Linux | Password Vault | Available | |
Window | Kerberos | Unavailable | |
AWS RDS | In-place Masking Mode | ||
AWS Aurora | Multi-tenant | Available | |
Azure Database for MariaDB | Streams/Threads | Available | |
Batch Update | Available | ||
Drop Indexes | Available | ||
Disable Triggers | Unavailable | ||
Disable Constraints | Unavailable | ||
Identity Column Support | Available | ||
On-the-fly Masking Mode | |||
Restart Ability | Unavailable | ||
Truncate | Available | ||
Disable Triggers | Unavailable | ||
Disable Constraints | Unavailable | ||
Profiling | |||
Multi-tenant | Available | ||
Streams | Available | ||
TLS/SSL setup
Add the database’s certificate in the setup application using instructions in the Adding a certificate section, in the TrustStore settings article.
Restart the Compliance engine.
Create a MySQL/MariaDB connector in Continuous Compliance with the relevant parameters. Upload a properties file for the connector with the following:
CODEuseSSL=True trustServerCertificate=false keyStore=file:/var/delphix/server/etc/.truststore keyStoreType=JKS
SAP ASE (Sybase) connector
Introduction
SAP ASE (Adaptive Server Enterprise), originally known as Sybase SQL Server, and also commonly known as Sybase DB or Sybase ASE, is a relational model database server product for businesses developed by Sybase Corporation which became part of SAP AG.
Support matrix
Platforms | Versions | Feature | Availability |
|---|---|---|---|
Unix | 15.5 | TLS/SSL | Available |
Linux | 15.7 | Password Vault | Available |
Windows | 16 | Kerberos | Available |
In-place Masking Mode | |||
Multi-tenant | Available | ||
Streams/Threads | Available | ||
Batch Update | Available | ||
Drop Indexes | Available | ||
Disable Triggers | Available | ||
Disable Constraints | Available | ||
Identity Column Support | Available | ||
On-the-fly Masking Mode | |||
Restart Ability | Available | ||
Truncate | Available | ||
Disable Triggers | Available | ||
Disable Constraints | Available | ||
Profiling | |||
Multi-tenant | Available | ||
Streams | Available | ||
TLS/SSL setup
Add the database’s certificate in the setup application using instructions in the Adding a certificate section, in the TrustStore settings article.
Restart the Compliance engine.
Create a Sybase connector in Continuous Compliance with the relevant parameters. Upload a properties file for the connector with the following contents:
CODEENABLE_SSL=true
Db2 z/OS and iSeries connectors
Introduction
Db2 for z/OS and iSeries are relational database management systems that run on IBM Z (mainframe) and IBM Power Systems.
Support matrix
iSeries | z/OS | Feature | Availability |
|---|---|---|---|
7.1 | 11 | TLS/SSL | Available |
7.2 | 12 | Password Vault | Available |
7.3 | Kerberos | Unavailable | |
7.4 | In-place Masking Mode | ||
Multi-tenant | Available | ||
Streams/Threads | Available | ||
Batch Update | Available | ||
Drop Indexes | z/OS: Unavailable | ||
Disable/Drop Triggers | z/OS: Available | ||
Drop Constraints | Available | ||
Identity Column Support | Available | ||
On-the-fly Masking Mode | |||
Restart Ability | Unavailable | ||
Truncate | Available | ||
Disable/Drop Triggers | z/OS: Available | ||
Drop Constraints | Available | ||
Profiling | |||
Multi-tenant | Available | ||
Streams | Available | ||
TLS/SSL setup
See the instructions in the Db2 LUW connector section
Files connector
Introduction
Data stored in a variety of different formats may be masked using the same algorithms available for other data sources.
Support matrix
File type/format | Supported encodings | Support level |
|---|---|---|
Fixed Width | ASCII, UTF-8 | Supported |
Delimited | ASCII, UTF-8 | Supported |
XML | ASCII, UTF-8 | Supported |
JSON | ASCII, UTF-8 | Supported |
Mainframe data set connector
Introduction
In addition to databases and files, the Continuous Compliance Engine can process data stored in Mainframe data sets commonly found on the IBM z/OS operating system. For more information on data sets, see this IBM knowledge center article.
Support matrix
The Continuous Compliance Engine requires that data be encoded in EBCDIC rather than something like ASCII or UTF-8. EBCDIC is the encoding traditionally used on Mainframes.
On-The-Fly masking jobs
Continuous Compliance supports On-The-Fly (OTF) masking jobs where the data is read from a source location and written to a different target location. Only certain combinations of connector types are supported for OTF jobs.
OTF jobs with connectors of the same type are supported. For example, masking data from an Oracle source database to an Oracle target database is supported if both are using the built-in Oracle connector. OTF jobs using Extended Connectors are supported if both the source and target are using the same Extended Driver (the same uploaded JDBC driver). Additionally, OTF jobs with a relational database source and a delimited file target are supported. The following data sources are supported as source connectors for OTF jobs with delimited file targets.
Oracle
Db2
MS SQL
PostgreSQL
MySQL / MariaDB
SAP ASE (Sybase)
Connectors created as Extended Connectors.
For masking flat files (e.g. XML, delimited, etc) in an on-the-fly masking job, it is no longer required to copy or create empty files on the target. If the file name pattern does not match any file on the source, the execution will reported as success, although no file is masked.
No other combinations of connector types are supported. For example, an Oracle source with a PostgreSQL target, or an MS SQL source with a fixed-width file target, are unsupported.
Yugabyte connector
Introduction
YugabyteDB, often simply referred to as Yugabyte, is a distributed SQL database management system with a focus on scalability, performance, and high availability. It is designed to be compatible with PostgreSQL and offers distributed ACID transactions, automatic sharding, and fault tolerance. Yugabyte is developed by Yugabyte Inc., with contributions from various companies and individual contributors. It is free and open-source software, released under the YugabyteDB License.
Support matrix
Platforms | Versions | Feature | Availability |
|---|---|---|---|
Unix | 2.18 | TLS/SSL | Available |
Linux | Password Vault | Available | |
Kerberos | Unavailable | ||
In-place Masking Mode | |||
Multi-tenant | Available | ||
Streams/Threads | Available | ||
Batch Update | Available | ||
Drop Indexes | Available | ||
Disable Triggers | Available | ||
Disable Constraints | Available | ||
Identity Column Support | Available | ||
On-the-fly Masking Mode | |||
Restart Ability | Unavailable | ||
Truncate | Available | ||
Disable Triggers | Available | ||
Disable Constraints | Available | ||
Profiling | |||
Multi-tenant | Available | ||
Streams | Unavailable | ||
TLS/SSL setup
Add the database’s certificate in the setup application using instructions in the Adding a certificate section, in the TrustStore settings article.
Restart the Delphix Continuous Compliance Engine.
Create a PostgreSQL connector in the Delphix Continuous Compliance Engine with the relevant parameters. Upload the properties file for the connector with the following:
ssl=true
sslmode=verify-full
sslfactory=org.postgresql.ssl.DefaultJavaSSLFactory
To use the verify-full setting (highest security), the PostgreSQL database certificate’s Common Name (CN) field must match the hostname. To check the CN value in the certificate, run the following command: openssl x509 -in server.crt -text -noout.