Skip to main content
Skip table of contents

Managing connectors

Connectors are used to define data sources that the Continuous Compliance Engine can connect to and are grouped within environments. To navigate to the connectors screen, click on an environment and then click the Connectors tab.

The Connectors screen contains the following information and actions:

  • Meta Data Source: The source of the connector. E.g. Database, File, or Mainframe. The rows are grouped by Meta Data Source.

  • Connector ID: The numeric ID of the connector used to refer to the connector from the masking API.

  • Name: The name of the connector.

  • Type: The specific type of connector.

  • Edit: Edit the connector. See more details below.

  • Test Connection: Test the connector. See more details below.

  • Delete: Delete the connector. See more details below.

The rows on the screen can be filtered or sorted by Connector ID and Name within each Meta Data Source group by clicking on the respective field. More information on grid filtering and sorting can be found here.

Missing Authentication

If an authentication is missing, an aptly named warning icon will show next to Name. Hover over the icon to identify if it’s missing the password, SSH key, credential path, or access keys.

For more information about connectors including features, versions and TLS Setup, please refer to Data Source Support.

Database connectors

The fields that appear are specific to the DBMS Type you select. If you need assistance determining these values, please contact your database administrator.

  • Schema Name: The schema that contains the tables that this connector will access.

  • Database Name: The name of the database to which you are connecting. Note: the database name field is case-sensitive. It must match exactly with the name of the current database as known to the instance.

  • Host Name/IP: The network hostname or IP address of the database server.

  • Port: The TCP port of the server.

  • SID: (Oracle only) Oracle System ID (SID).

  • Instance Name: (MSSQL Server only) The name of the instance. This is optional. If the instance name is specified, the connector ignores the specified "Port" and attempts to connect to the "SQL Server Browser Service" on port 1434 to retrieve the connection information for the SQL Server instance. If the instance name is provided, be sure to make exceptions in the firewall for port 1434 as well as the particular port that the SQL Server instance listens to.

  • Custom Driver Name: (Generic only) The name of the JDBC driver class, including Java package name.

  • JDBC URL: (Generic and Advanced connector mode for Oracle, MS SQL Server, and Sybase only) The custom JDBC URL, typically including hostname/IP and port number.

Database connector properties

Getting properties

To retrieve all properties set on the connector, make a request to the GET database-connector/{id}/properties endpoint. This endpoint will respond with all default properties set by the driver, superimposed by any properties specified by an uploaded connection properties file. If a properties file is uploaded for a connector, this list can also be viewed through the UI on the database connector form, where you can sort by Property, Value, or Modified. The Modified field signifies whether the property value is the default or modified by the uploaded properties file.

The database name field is case-sensitive. It must match exactly with the name of the current database as known to the instance.

Only a valid JDBC URL is required to retrieve properties of a connector; a valid connection to the database server is not necessarily required.

Setting properties

Properties can sometimes be set through the JDBC URL or through a connection properties file. Customizing the JDBC URL is limited to Advanced, Generic, and Extended Connectors, while uploading a properties file is supported by all database connectors. All properties files must have the extension .properties and must adhere to Java properties file syntax. Even if a property specified in the properties file is not technically supported by the JDBC driver, it will still be passed along to the driver when building the JDBC Connection. All provided and unsupported properties will be logged whenever the properties file is loaded.

The properties file is assumed to be written using ISO 8859-1 character encoding.

Certain JDBC drivers do not allow specific supported properties to be set through the JDBC URL. For example, Caché DB does not support setting the schema property through the JDBC URL, so it must either be set through the extended connector's Schema form field or through a connection properties file. Please defer to specific Driver documentation to see how a property must be set.

When a property can be duplicated among a form field, the JDBC URL, and the properties file, the property value will most likely be used in the following hierarchy of specification.

  1. Connector form fields (where applicable) for username, password, and schema.

  2. Properties file 3a. Connector form fields (where applicable) for database name, host, port, SID, and instance name 3b. JDBC URL

Though this hierarchy is convention, it is up to the JDBC driver to implement the precedence for duplicate properties specified among the URL, Properties object, and JDBC Connection API. Please defer to the specific JDBC Driver documentation to verify which method of specification precedes the other. A masking connectors form will either have the fields listed in 3a or 3b, but not both. Therefore, it is not possible to duplicate a property between 3a and 3b.

Security considerations

The property key or value provided in a database connector's properties file will not be regulated and is subject to any user with CREATE or UPDATE connector privileges. This means that even supported sensitive properties such as user, password, hostname, etc. will be available in plain text to anyone with the VIEW connector privilege.

If possible, specify sensitive properties through relevant form fields which will be obfuscated in all places or through the JDBC URL which will still be visible in plain text to any user with the VIEW connector privilege but will be redacted in support bundles.

File connectors

The following values appear when any of the file connector types are selected:

  • Connector Name: The name of the file connector (specific to your Delphix application and unrelated to the file itself).

  • Connection Mode: Filesystem Mount Point, SFTP, FTP and FTPS (only for mainframe datasets), AWS S3.

Due to networking complications in containerized masking, FTP and FTPS is currently disabled in containerized deployments. Delphix is researching options to re-enable FTP (for containerized masking) at a future date.

Details Step

Credentials Step

The rest of the values appear based on the selected Connection Mode value. For Filesystem Mount Point connection mode, refer to the corresponding section on the Managing Remote Mounts page. For other connection modes, the following values appear under the credential step:

  • Path: The path to the directory where the file(s) are located.

  • Server Name: The name of the server used to connect to the file.

  • Port: The port used to connect to the server.

  • User Name: The user name to connect to the server.

  • Password: (non-Public Key Authentication only) The associated password for the server.

  • Public Key Authentication: (Optional) (Only appears for SFTP) Select this from ‘Select Authentication Type’ dropdown to specify a public key. Use the following instructions in this Knowledge base article to complete.

If you plan to do on-the-fly masking, you will need to create a separate environment and connector as the source for the files to be masked. The masked files will be put into the directory being pointed to by the connector created previously (the target). However, the file path specified in the connector of the target rule set must point to an existing file the target directory. It does not have to be a copy of the file, just an entry in the directory with the same name. It will be replaced by the masked file.

Starting with version 6.0.9.0 the SFTP mode is extended with the User Directory as root flag. If the Path defined is relative to the User-home-dir as configured on the SFTP Server, select the flag below.

User Directory as root

If the connector is configured via the API then that flag is accessible as userDirIsRoot, for example:

CODE 
{
    "connectorName": "Test SFTP Connector",
    "environmentId": 2,
    "fileType": "DELIMITED",
    "connectionInfo": {
        "connectionMode": "SFTP",
        "path": "/delimited",
        "host": "yourSFTPServer",
        "loginName": "xxxxx",
        "password": "xxxxx",
        "port": 22,
        "userDirIsRoot": true
    }
}

Limitations

  • The ASDD profiler support does not currently support S3 connectors.

  • S3 Role-based connectivity is restricted to Continuous Compliance instances hosted on AWS EC2. Connectivity attempts from outside the AWS environment using this method will result in connection failures.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close