Managing extended connectors
Extended Connectors allow you to upload additional JDBC Drivers to the Continuous Compliance Engine to enable masking of data sources not natively supported by Continuous Compliance.
Limitations
Delphix supports type 4 JDBC Drivers. These must be a pure-java .jar file that can be used simply by uploading it (or it’s zip file) to the engine. Anything that requires compilation on the engine, or execution of any kind of install or licensing script, is not supported.
Extended Connectors don't support all of the features available for built-in connectors like Oracle. As of 6.0.9.0, the "Disable Constraint", "Disable Trigger" and "Drop Indexes" options can be implemented and enabled by driver support plugins, which are detailed here. Delphix provides support for Extended Connectors in accordance with our Support Policy.
Drivers that require a Java version higher than 8 are not supported.
Installing a new driver
To use a new JDBC driver, first you need to upload it to your Masking Engine. Since some drivers require multiple files, the driver and any additional files it needs to function should be put together in a single zip file. Even if a driver doesn't require additional files, it still needs to be zipped.
For example, to package the Informix JDBC driver for use with Continuous Compliance take all three files provided for Informix and zip them together:
$ ls
LICENSE.txt ifxjdbc.jar ifxlang.jar
$ zip informix.zip *
adding: LICENSE.txt (deflated 70%)
adding: ifxjdbc.jar (deflated 4%)
adding: ifxlang.jar (deflated 4%)
$ ls
LICENSE.txt ifxjdbc.jar ifxlang.jar informix.zip
$To upload the driver package to the engine, navigate to the JDBC Drivers under Settings.
Clicking on the + JDBC Driver button will bring up a dialog box to upload the driver zip file and enter the driver's configuration details.
The Add JDBC Driver screen lets you set the following information.
Name: A human-readable name for the driver. Name it whatever is convenient for you. Note: Special Characters are not allowed in the Name field.
Description: A human-readable description of the driver.
Class Name: The Fully Qualified Class Name of the class in the JDBC driver that implements the java.sql.Driver interface. The class name will be in the documentation for the driver itself.
Select JDBC driver for upload: Lets you select the zip file containing the driver and upload it.
Users cannot update the driver support that a JDBC driver references or uses via the UI; as of now, that can only be done via the web API.
To remove an uploaded driver, click the Actions button to the right side corner of the JDBC Drivers list and select the option Delete. Note that the delete will fail if any Connectors exist that use the driver you're trying to delete.
If you find you need to edit a driver's configuration options later, click the Actions button to the right side corner of the JDBC Drivers list and select the option Edit.
Driver permissions
The Continuous Compliance Engine uses the Java Security Manager to prevent uploaded JDBC drivers from performing certain actions without your permission.
Uploaded drivers are granted all permissions except for the following non-FilePermission:
Class | Target | Action |
|---|---|---|
java.net.SocketPermission | localhost:- | accept, connect, listen, resolve |
java.lang.RuntimePermission | exitVM | |
java.lang.RuntimePermission | createClassLoader | |
java.lang.RuntimePermission | accessClassInPackage.sun | |
java.lang.RuntimePermission | setSecurityManager | |
java.security.SecurityPermission | setPolicy | |
java.security.SecurityPermission | setProperty.package.access |
With regards to FilePermissions, read access is granted to all, though write is only allowed for the following directories:
the masking user's home directory (
System.getProperty("user.home"))the JVM's default temp directory (
System.getProperty("java.io.tmpdir"))
Please note that both of these locations are shared, so care will need to be taken to avoid collisions.
The set of permissions granted to uploaded drivers is static and cannot be modified.
Extended logging
The Continuous Compliance Engine provides enhanced logging for extended connectors to assist in debugging connection problems. Enhanced logging can be enabled when the connector is created by checking the 'Enable Logger' box. Enhanced logging may have an impact on performance so you should enable it only when debugging connection problems.
Note that extended logging will not work with signed drivers such as MSSQL.
Enhanced Logging requires some additional permissions to be granted.
Class Name | Target Name | Action Name | Purpose |
|---|---|---|---|
java.io.RuntimePermission | getClassLoader | Allows the driver to load the classes implementing the logging feature |
Creating an extended connector
Creating a connector using an Extended Driver is very similar to creating a connector with built-in support.
It can be done by the following steps:
Details Step
Choose Database - Extended as the Source Type. Specify Connection Name which is a name for this connection.
Details Step
Credentials Step
The following fields will be available:
JDBC Driver Select the JDBC Driver you want to use for this connection
Login ID The username the Masking Engine should connect to the target database with.
Password The password to use to connect to the database
JDBC URL You must provide the JDBC URL for the database to connect to. The exact format and available parameters are specific to the database you're connecting to. Consult your database vendors documentation for details.
Some databases allow you to specify usernames and passwords in the JDBC URL. It's best not to do this. The Continuous Compliance Engine is careful not to log the Login ID and Password in the Masking Engine's logs, but JDBC URLs may be logged unmodified.
Credentials Step
Custom Properties Step
In this step, you can upload the connection properties (optional).
Custom Properties Step
Summary Step
Here you can view all the details of the information entered for a quick review before saving.
Information related to Selected JDBC Driver will also be available here.
Summary Step
Once the connector is created, you can create rulesets, inventories, and jobs to profile and mask your data as with other types of connectors.
Extended Connectors can be edited and deleted in the same way as Built In Connectors.
Synchronization
Connectors using extended JDBC Drivers can be synchronized similarly to other connectors. See Working with Multiple Masking Engines for details. When a job or connector requires an uploaded JDBC Driver, the driver will be exported along with the connector or job. JDBC Drivers are part of the Global Object and so will be synchronized whenever the Global Object is synchronized. They can also be synchronized individually.
License entitlement for commercial JDBC drivers
Continuous Compliance requires the installation of a Delphix license to use certain commercial JDBC drivers. Users who have purchased this entitlement will have access to their given license files on the Delphix download site.
Installing a license
Commercial JDBC drivers from the following vendors must be licensed using this mechanism:
CData
To synchronize License files attached to a JDBC driver while s ynchronizing a connector, Global Objects should be Synchronized first.
Download the license from the Delphix download site.
Upload the license to Continuous Compliance using either
the API using the
POST /licenseAPI endpoint orthe UI using the License file upload button in the Add or Edit JDBC Driver dialogue box. The License button appears on entering a valid CData JDBC driver class name as shown in this screenshot:
Managing licenses
To view the licenses installed on an engine, use the GET /license API or GET /ALL API endpoint.