New features
Release 22.0.0.0
User experience
The user experience has been dramatically improved across all remaining admin sub-pages, including Users, Logs, About, and Email Notifications. Additionally, a new sub-page for Application Settings has been introduced, enabling users to conveniently adjust application behavior via the UI. The Environments landing page has been upgraded, and the async task is now accessible as a separate page under Monitor. Moreover, the entire UX has transitioned into a single-page application, dramatically enhancing UI performance and user experience. This transition results in smoother interactions and faster load times, among other improvements.Automated Sensitive Data Discovery (ASDD) for fixed width files
ASDD was introduced last year, bringing a complete set of sensitive data identification techniques to structured data and semi-structured files. Previously, ASDD worked with databases, JSON, delimited, and XML files. It now supports fixed width files as well.Automated Sensitive Data Discovery (ASDD) improvements
ASDD now comes with a major time-saver – profile sets are now tunable with a single assignment threshold. This allows us to ship the ASDD Standard profile set with a better tuned assignment threshold that reduces false positives without impacting the default/out-of-the-box, application-wide assignment threshold for all profile sets. Moreover, users can now fine-tune the ASDD profile sets that are created easier.GCP Secrets Manager support for PostgresSQL
Increasingly, organizations are looking to connect to their databases various secret manager solutions. With this release, support has been added for using GCP Secrets Manager with Continuous Compliance connectors to Postgres databases.SAP Accelerator
Introducing a new method to provide secure password properties. Removed theenginecommand to reduce redundancy.YugabyteDB
YugabyteDB is now supported. This is certified with the existing PostgreSQL connector.
Release 21.0.0.0
Automated Sensitive Data Discovery (ASDD) for XML files
ASDD was introduced last year, bringing a much more complete set of sensitive data identification techniques to structured data and semi-structured files. Previously, ASDD worked with databases, JSON, and delimited files. Now ASDD also supports XML files.New profiling jobs use ASDD by default
When creating a new profiling job on an ASDD supported data source, the ASDD Standard profile set will be select by default.AWS S3 connector UI
AWS S3 connectors can now be created in the UI, in addition to the API. This connector allows you to connect to S3 buckets and mask supported file types.Improved user experience
This release introduces completely overhauled Environments Jobs and Connectors pages. These improvements include easy to use wizards for both connectors and jobs, as well as new grid views.
Release 20.0.0.0
Automated Sensitive Data Discovery for JSON and delimited files
Automated Sensitive Data Discovery (ASDD) was introduced last year, bringing a more complete set of sensitive data identification to structured data. This has now been expanded to operate against JSON and delimited files.File masking in S3 buckets
Increasingly, organizations store sensitive application data in object storage buckets. To ensure that these buckets can be masked alongside other application data, connecting directly to S3 buckets and masking supported file types is now available.Improved user experience
The Add and Edit Ruleset pages in the Environments page have been updated.
Release 19.0.0.0
Character Replacement Algorithm Framework
This framework allows for the creation of rules to replace specific characters in a string with other characters. As an example, you can use this framework to remove inconsistent punctuation in data to maintain referential integrity across data sources.
Release 18.0.0.0
New String Chaining Framework
Introducing a new framework, StringAlgorithmChain, designed to make it easier to build chained algorithms for String types. This framework allows for combining various algorithms to produce a specific output. A scenario where this would be helpful is if an instance of the Data Cleansing framework should be used before another masking algorithm, or if highly unique data needs to be normalized or formatted before or after masking with any type of algorithm.Expanded Classifiers
Automated Sensitive Data Discovery has been expanded to add data discovery for medical codes (CPT, ICD-9, ICD-10), IBAN TYPE & PATH classifiers, swift codes and bank account routing numbers. Further, we’ve added a type classifier for license plates.Expanded algorithms
New masking algorithms have been added for swift codes and bank account routing numbers.UI improvements
Continued improvement on the user interface, upgrading the monitoring functionality in this release.Certifications
Certified SAP HANA SPS 07.
Release 17.0.0.0
Password Vault support for MariaDB/MySQL
Supported password vault platforms may now be used to authenticate the connections to MariaDB and MySQL databases.Email algorithm enhancement to include ExtendedEmail plugin capabilities
The Email algorithm framework has been updated to allow the chaining of existing first name and last name algorithms, expanding on the current Email algorithm capabilities. Options to remove accent characters, specify error handling actions, and preserve original domains are also added, all to facilitate the creation of a realistic masked email value. More details can be found in the Email (algorithm frameworks) page.Continuous Compliance user experience improvements
The Continuous Compliance user experience overhaul continues with an update to the Environments Rule Set page in the UI.New Classifiers
In Automated Sensitive Data Discovery (ASDD), classifiers are used to identify different types of data. New classifiers have been added for gender, sexual orientation, house number, marital status, language, ethnicity, blood type, prescription drugs, companies, job titles, and department.New Secure Lookup algorithms
To pair with the new classifiers, new Secure Lookup algorithms have been added for marital status, language, ethnicity, blood type, prescription drugs, job titles, and department.
Release 16.0.0.0
New Multi-Column Conditional Algorithm Framework
A new algorithm framework has been added that allows users to conditionally mask a column. This is an extremely handy new capability that will eliminate scripting or custom plug-ins that were required to satisfy conditional masking use cases in the past.FTPS support for Mainframe data sets
Users masking files on the Mainframe can now establish direct connections using the built-in FTPS protocol support on the Mainframe.Automated index, constraint, and trigger control for Db2 iSeries
Users masking Db2 iSeries databases can now take advantage of our automated support for managing indexes, constraints, and triggers that are impacted by masked columns. This eliminates custom pre and post scripting that has otherwise been required.Automated constraint and trigger control for Db2 z/OS
Users masking Db2 z/OS databases can now take advantage of our automated support for managing constraints and triggers that are impacted by masked columns. This eliminates some of the custom pre and post scripting that has otherwise been required. Index automation is not available for Db2 z/OS.Additional classifiers and algorithms
Additional classifiers, domains, and algorithms have been added to allow users an easier experience finding and masking age and location data.Password vault for SAP ASE
Supported password vaults may now be used with SAP ASE (Sybase) databases.Updated user experience
Continued overhauls of the user interface have been implemented to provide better utility, scalability, and stability. In this release, the Inventory page for XML and Mainframe file formats has been updated.Redeploy Support (Repave)
Continuous Compliance Engines may now be disconnected from their storage and redeployed, maintaining the previous configuration and data. Redeployment support only works with the same Delphix Engine version.
Release 15.0.0.0
Document type masking support for Delimited File Fields (JSON and XML)
Increasingly, XML and JSON data are stored in delimited file fields, often as the result of exporting a database table to a delimited file. Now, these fields can be assigned an appropriate file format so fine grained masking of XML or JSON can be performed.Masking UI Revamp - Inventory screens for databases and JSON
This release introduces completely overhauled database and JSON inventory pages, showcasing a range of user-friendly improvements. These improvements include filtering, sorting, column resizing, and overall performance optimizations. For those using databases and working with JSON data, this upgrade is a must-have.Improved auditing of cascading deletes
In some cases, deleting an object (e.g., a Connector) results in a cascading deletion of dependent objects (e.g., rule sets, jobs). Previously the audit log only recorded the initial object deletion. Now, the audit log will also record an entry for all other deleted objects.
Release 14.0.0.0
Updated Classifiers
A new tranche of classifiers has been added to discover additional sensitive data. These new classifiers include elements like medical record number, full name, age, and IP address. Several existing classifiers have been improved to better discover sensitive information, including credit card numbers and bank account numbers.Data Discovery and Authentication Support
Automated Sensitive Data Discovery now supports OAuth for Salesforce or Kerberos for Oracle Database, Microsoft SQL Server, and SAP ASE.FTP Support for Mainframe MVS Storage
The Compliance Engine now offers enhanced functionality with FTP support, enabling direct access to the mainframe MVS storage environment.Updated IBM Db2 LUW Connector
The connector will now provide more automated control of indexes, constraints, and triggers as well as deliver automated identity column support. This will automatically upgrade and allow you to choose these features.IBM Db2 LUW, iSeries and z/OS Temporary Identity Column Support The connector will now created an identity column and index for Db2 tables where none exists. These will be removed and the table returned to it’s original state after masking concludes.
Password Vault for IBM DB2 on LUW, iSeries and z/OS
Supported password vaults may now be used with DB2 databases on LUW, iSeries, and z/OS systems.Updated User Experience
The process of overhauling the user interface to provide you better utility, scalability, and stability continues. In this release, the inventory page has been updated for fixed-length and delimited file types, as well as the file format settings page.ESXi 8.0 U1
Continuous Compliance may now be run on VMware ESXi 8.0 U1.
The product’s REST API schema specification has been upgraded from Swagger 2.0 to OpenAPI 3.0.1. This may impact API consumers in different ways, depending on what tools are used to access the API. The short summary is: unless your API client is dynamically generating API access classes (aka. stubs), you should not notice any disruption.
Usage that will see limited or no Impact:
Using Curl / HttpRequest / other Third party HTTP libraries
These tools do not consume the REST API schema. The only known, observable difference regards the error response returned when a request is sent with an empty body (when body content is required). Valid API usage should never encounter this error.Using Swagger 2.0 static stubs
API client stub methods generated previously from an API schema taken from earlier product versions should continue to function normally. The REST API version used to construct the API stubs should be specified in the request path to maintain compatibility; this a general requirement for API compatibility not resulting from this change.
Usage that will see significant impact:
Generating API client stubs
This approach dynamically generates API client access classes using the REST API's swagger schema specification. These classes are sometimes referred to as client-stubs. Third-party libraries likeswagger-codegenoropenapi-generatorcan be used to generate API helper classes. To continue with dynamic client generation, the third-party library in use will need to be upgraded to a version compatible with the OpenAPI 3 schema format.After the library upgrade, the auto-generated OpenAPI 3 client stubs will likely differ from the Swagger 2 specification’s client stubs, requiring updates to any code that consumes the stub classes. These changes include the following, though other variations may exist that were not encountered during testing:
Change in default date-time libraries (can be configured through generator library arguments).
Change in the order of request parameters and request body within the method arguments of stubs classes.
Change in getter functions of boolean variables (ex: variable-“valid” getter function in 2.0 specification is
getValid(), whereas in 3.0 it isisValid()).
Release 13.0.0.0
Password Vault Support for Microsoft SQL Server
In this release, the SQL Server connector joins the growing list of connectors that support credential management systems.SQL Server
SQL Server 2022 is now supported.Microsoft Azure SQL Data Warehouse
Azure SQL Data Warehouse is now supported.Updated User Experience
The Roles page has been updated, with a number of handy templates now provided as well.
Release 12.0.0.0
ASDD extended drivers
Extended drivers allow you to provide your driver with additional data sources. Automated Sensitive Data Discovery, which aims to identify common sensitive and personally identifiable data elements, now works with these sources.Password vault support for Oracle
You can now leverage supported password vaults to manage credentials for Oracle databases.
Release 11.0.0.0
IBAN discovery and masking
Supports automatically discovering and masking International Bank Account Numbers.New US driver's license classifier
Supports automatically discovering and masking US Driver’s Licenses.Oracle source sizing
Measures the size of connected Oracle databases. This information will be available via a new utilization PDF report, as well as through the GET /billing-usage API.New features for the Postgres connector
The connector will now provide more automated control of indexes, constraints, and triggers. This will automatically upgrade and allow you to choose these features.User-controlled automated sensitive data discovery (ASDD) set upgrade
With the 11.0 release, Delphix will begin shipping the standard ASDD discovery set independent of Continuous Compliance. You can use a new API endpoint to control when to adopt new ASDD discovery sets. This will allow you to upgrade to newer releases of the software without impacting existing workflows, as well as easily creating and distributing your own classifier sets.
Release 10.0.0.0
Password vault support for PostgreSQL connections
This release adds HashiCorp Vault and CyberArk support for storing and accessing secrets, keys, and certificates necessary for PostgreSQL operations.More automated sensitive data discovery classifiers
Classifiers improve our ability to automatically discover sensitive information and accurately recommend masking algorithms. This update adds classifiers for identifying Credit Cards, Addresses, Telephone numbers, US Passports, US SSNs, and Bank accounts. With ASDD Classifiers, organizations can easily mask new data sources for downstream teams to start working with compliant data quickly.Classifiers user interface
This update adds a new user interface for the Automated Sensitive Data Discovery classifiers introduced in 9. Previously, classifier definitions were only accessible via the API.Enhanced document type support for JSON and XML
This update expands our support for the JSON and XML Document types. Applying the multi-column algorithms to JSON and XML structures is now possible. Further, it is now possible to mask JSON and XML structures stored in BLOBs.CData license upload
Our partnership with CData allows customers to purchase and use CData JDBC drivers from Delphix to connect to additional data sources with Continuous Compliance. This release enables users to install the required license files on their engines. Customers download the CData drivers directly from CData but download the corresponding license files for these drivers from Delphix. Consult your account representative for purchasing and using a specific CData driver.
Release 9.0.0.0
New Automated Sensitive Data Discovery (ASDD) profiler implementation
The new ASDD profiler has been introduced with a number of new features, including new data-level profiling logic and improved database sampling capabilities. A new profile set, ASDD Standard has been added that leverages the new implementation.UI Updates: Audit and Classifiers
Audit: This page allows for a quick review of historical user activity with global audit logs, to help ensure compliance. Updated for speed and ease-of-use, with significantly better filtering, searching, and performance.
Classifiers: This section of the Settings page contains a list of Classifiers with relevant information and actions. The Profiler can be customized for domain and data level (name, column metadata, data value) using standard regex expressions. Improved performance, data level inspection, and accuracy for matching data types (using data classifiers).
Release 8.0.0.0
Improved JSON document store performance
Upon upgrade, JSON Document Store masking is significantly faster. For more information, visit Document Store Type Masking.This release contains bug fixes for the Continuous Compliance Engine.
Release 7.0.0.0
JSON and XML: tokenization/re-identification and chained algorithms
Easily leverage tokenization/re-identification algorithms and chained algorithms with JSON and XML data. Data tokenization/re-identification provides reversible data anonymization to protect data in non-prod environments. Chain algorithms enable complex multistep algorithms to be run on separate values, such as Full Name algorithms.
Release 6.0.17
JSON; XML field masking
This release introduces the ability to mask JSON; XML objects nested in string/text fields, allowing Continuous Compliance to be maintained for semi-structured JSON & XML data in non-production environments. With this, the Continuous Compliance library can be leveraged, or customized algorithms can be created to meet required data schemas.Microsoft Intelligent Data Platform Integration (Azure Data Factory; Azure Synapse Pipelines)
Accelerate data compliance using Microsoft Intelligent Data Platform’s ETL tools with Delphix Continuous Compliance. This allows users to quickly mask data while moving between 100+ Azure Synapse Analytics and Azure Data Factory connections. Quickly identify sensitive data in ETL pipelines and mask using Delphix algorithms.Containerized masking
This feature allows users to efficiently spin up and tear down Continuous Compliance containers. Easily orchestrate scaling out Continuous Compliance using a container orchestrator, allowing for quick parallelized masking jobs in the self-managed container cluster to multiple instances.Hyperscale Compliance masking job sync
Introducing fast migration for masking jobs from existing Continuous Compliance Engines to the Hyperscale Compliance Orchestrator. This accelerates the masking of massive Oracle databases for compliance and greatly improves masking speed for databases with billions of rows containing PII, PHI, or sensitive data fields.
Release 6.0.16.0
Strict content security policy
This release adds a new application setting group that drives strict content security policy. Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks. Including (but not limited to) Cross Site Scripting (XSS), and data injection attacks.
Release 6.0.15.0
JSON file masking
This update introduces support for JSON File Masking, a popular human-readable data exchange format. Teams can leverage Delphix's existing library of pre-built algorithms to mask sensitive information. For more information, see JSON File Masking.Segmented mapping algorithm V2
This update enhances the Segmented Mapping Algorithm for improved performance, extensibility, security, and portability. It produces new masking results from the legacy algorithm. Segmented Mapping allows a user to create unique masked values by dividing data into segments that are masked piecewise. For more information, see Segmented Mapping.Numeric expression algorithm
This new algorithm enables formula transformations to values, so that teams can run common math operators to scale or shift numbers.New API endpoints
This release introduced a new API Support Bundle Generation endpoint:
The new API endpoint is:
Group | Endpoints | Description |
|---|---|---|
supportBundle | POST /support-bundle | Generates support bundle |
For more information, see API for generating support bundle.
Release 6.0.14.0
Certifications
SAP HANA 2.0 SP 05
CockroachDB
VMware ESXi 7.0 U3c
Data cleansing
The Data Cleansing algorithm has been updated to standardize spellings, misspellings, and convert abbreviations. Algorithm based data cleansing eliminates slow and manual processes prior to masking the data. For more information, see Data Cleansing.Min Max
The MinMax Number and MinMax Date algorithms have been updated for normalizing outlier data in a table column by masking numbers and dates that could give context of records based on values.Continuous Compliance UI improvements
Monitoring interface now details which job step is currently underway
Improved Continuous Compliance job management for intermediate steps
Redesigned Execution Monitor interface
For more information, see Monitoring Masking Job.
“Optional” columns for multi-column algorithms
The Multi-column algorithm now allows for some fields to be marked as optional for more run-time flexibility. Concurrent Continuous Compliance operations can now occur using multiple data columns in a single operation. For more information, see Using Multi-Column Algorithms.
Automated sensitive data discovery
A new default profile set is being implemented to improve the accuracy and speed of column level profiling. 40 new profile expressions utilizing type constraints are introduced for domain and algorithm assignment to help reduce false positives associated with data type mismatches during inspection. The default profiler set upgrade has no change or impact on existing users.
New API endpoints
This release extends the list of API-endpoints by adding the following task-based progress monitoring endpoints.
The new API endpoints are :
Group | Endpoints | Description |
|---|---|---|
monitoring | GET /monitor-task | get the status of Execution or async task |
monitoring | GET /monitor-task/ | get the status of Execution or async task by the id |
Release 6.0.13.0
Certifications
This release adds support for VMware ESX/ESXi 7.0 U3c and DB2 12.0 on z/OS.
New tokenization algorithm
In this release, Delphix introduces a new Tokenization algorithm framework to replace the legacy Tokenization algorithm. This new Tokenization algorithm framework includes additional configuration options for increased security. For more information, see Tokenization. Legacy Tokenization algorithm instances will remain in place and function the same until their planned EOL in version 6.0.15.0, migration to the new Tokenization algorithm is recommended.
Zip+4 algorithm
A new version of the Zip+4 algorithm is now available that is used for full-length (nine-digit) zip codes. This new version is built upon the Masking Algorithm SDK and offers the same benefits as other new algorithms, including greater performance.
Improved masking monitoring
This release improves usability and diagnosability of the Masking Engine by allowing users to search for past jobs and filter the results based on job type and status. For more information, see the Search section at Monitoring Masking Job.
New API endpoints
This release extends the list of API-endpoints by adding the following execution logs endpoints. These API endpoints will return file download ID that can be used to download execution logs under GET /file-downloads/{fileDownloadId}.
The new API endpoints are :
Group | Endpoints | Description |
|---|---|---|
executions | GET /execution-logs | get all execution logs of all jobs. |
executions | GET /executions/ | get a particular execution log by using execution ID. |
execution-component-log | GET /execution-component-log | get all the execution component logs of all jobs, execution ID is a mandatory parameter. |
execution-component-log | GET /execution-component-log/ | get a particular execution log by using componentId. |
Release 6.0.12.0
New Microsoft SQL Server implementation to disable constraints/triggers and drop indexes
In this release, Delphix adds default driver support for Microsoft SQL Server database masking options of Disable Constraints, Drop Indexes, and Disable Triggers as job tasks. These changes apply to masking, reidentification, and tokenization jobs where enabled.
For details on the usage and known limitations of the Microsoft SQL Server Disable Constraints, Drop Indexes, and Disable Triggers driver support tasks, see Microsoft SQL Server Built-in Driver Support Plugin. Upon engine upgrade, any existing jobs on built-in Microsoft SQL Server connectors where these options were selected will be upgraded to these enabled driver support plugin tasks.
Improved user experience diagnosability
This release improves user experience by ensuring time is displayed in a consistent fashion. It prevents users from running parallel update threads against incompatible databases and provides per-job log information. The job monitoring view now displays the total time taken in the hours:minutes:seconds format.
Free text redaction
This release updates the free text redaction algorithm to the new extensible Algorithm framework to improve performance and allow chaining of algorithm instances. For more information, see Free Text Redaction.
Updated secure lookup instances
This release updates the legacy Secure Lookup algorithms to the extensible Secure Lookup framework. Masked results will remain the same other than whitespace handling.
New API endpoint for define fields
This release extends the list of API-endpoints by adding the following file-field-metadata endpoint to create field metadata for a file format. This field allows users to add a file field that you want to mask in a format. After the user uploads a format, all the fields from the uploaded file format are displayed at the inventory screen.
The new API endpoint is :
Group | Endpoints | Description |
|---|---|---|
fileFieldMetadata | POST /file-field-metadata | Creates field metadata for a file format. |
Masking whole file
You can now configure the masking engine to mask the complete file and pass the content of that file as a single input to an algorithm. For more information, see Masking Whole File.
Character mapping algorithm support for tokenization/reidentification jobs
The character mapping algorithm can now be used for tokenization and reidentification jobs.
Release 6.0.11.0
Certifications
This release adds support for Oracle database 21c.
General UI for extended algorithms
In this release, Delphix continues to improve the experience of creating and using new extended algorithms. These algorithms may include configuration information stored in JSON format. The configurations are now editable via the UI. For more information, see General UI for Extended Algorithms.
OAuth2 API support
The Virtualization and Masking engine APIs are now accessible via OAuth2 tokens that improve Delphix's security offerings. For more information, see Configuring OAuth2 Authentication for API Access.
New Oracle optimizations to disable constraints/triggers and drop indexes
In this release, Delphix has re-implemented the Oracle database masking options of Disable Constraints, Drop Indexes, and Disable Triggers as job tasks, using the Driver Support Plugin Framework, improving both functionality and performance. These optimizations apply to masking, reidentification, and tokenization jobs where these tasks are enabled.
For details on the optimizations, usage, and known limitations of the Oracle Disable Constraints, Drop Indexes, and Disable Triggers driver support tasks, see Oracle Built-in Driver Support Plugin. Upon engine upgrade, any existing jobs on built-in Oracle connectors where these options were selected will be upgraded to these enabled driver support plugin tasks.
New export secure lookup values API
This release extends the list of API-endpoints by adding a new API for exporting the values from a secure lookup algorithm instance.
The new API endpoint is:
Group Endpoints Description algorithm POST /algorithms/ Export lookup values form secure lookup algorithm. For more information, see Secure Lookup - Exporting Secure Lookup Values via API.
New copy ruleset API
This release extends the list of API-endpoints by adding three new APIs for copying rulesets under databaseRuleset, fileRuleset, and mainframeDatasetRuleset.
The new API endpoints are :
Group | Endpoints | Description |
|---|---|---|
databaseRuleset | PUT /database-rulesets/ | Copy ruleset objects in the same database environment. |
fileRuleset | PUT /file-rulesets/ | Copy ruleset objects in the same file environment. |
mainframeDatasetRuleset | PUT /mainframe-dataset-rulesets/ | Copy ruleset objects in the same dataset environment. |
New binary lookup algorithm
This release introduces a new binary lookup algorithm framework in the masking extensibility SDK that supports advanced features such as algorithm chaining. Legacy binary lookup algorithm instances will be automatically and seamlessly migrated to the new binary lookup framework when you upgrade the masking engine. For more information, see Binary Lookup.
UI/UX enhancements
This release introduces substantial improvements to the user interface that gives a new look and feel to the masking engine.
Release 6.0.10.0
Masking Salesforce data
There has been an increasing demand for an easy way to manage and utilize the highly sensitive data stored in Salesforce. With this new Select Connector offering, sensitive data discovery and masking algorithm assignment is automatically handled for the Salesforce default schema; this is not only unique in the market, but also the first time Delphix is delivering this solution as an addition to its product suite. This is the top compliance solution for Salesforce on the market and provides a dramatically simpler deployment option to manage and secure this business-critical data. For more information, see Application Solutions documentation.
New mapping algorithm
A more powerful and faster mapping algorithm is now available. This allows running the same mapping algorithm across multiple jobs and across multiple engines. Running the same mapping algorithm across multiple engines requires a compatible external database. New APIs now support migrating mappings from existing mapping algorithms to the new mapping algorithms.
Algorithm replacement APIs
APIs are now being introduced to list and replace algorithms.
Group Endpoints Description algorithm GET /algorithms/ Retrieves all usage of the algorithm specified in the request path. algorithm PUT /algorithms/ Updates all usage of the algorithm specified in the request path to use the new algorithm name supplied as a query parameter. For more information, see Managing Algorithm Usage.
Group Endpoints Description algorithm GET /algorithms/migration Returns a list of result objects describing each possible migration. One object is returned for every algorithm on the engine that can be migrated. algorithm POST /algorithms/ Creates a new algorithm named newAlgorithmName (from the API query parameters), by migrating from the algorithm named in the query path. For more information, see Migrating algorithms.
New phone masking algorithm
A new masking algorithm for the phone number framework for US and international numbers is now available. Migration from the old phone masking algorithm to the new one is required. For more information on transition, see Delphix Community Post.
New custom SQL API
In this release, Delphix has extended the list of API-endpoints by adding a new table-metadata endpoint for generating custom SQL for the given tableMetadataId.
The API endpoint is :
Group | Endpoints | Description |
|---|---|---|
tableMetadata | GET /table-metadata/ | Generates a custom SQL. |
Release 6.0.9.0
Masking SDK driver support plugins
The Masking SDK functionality is extended with the ability to develop a new kind of plugin, called driver support plugins. These allow the execution of developer-defined tasks as part of a masking job.
Masking SFTP connector is extended with a new flag UserDirIsRoot
Delphix introduces a new flag, setting whether the SFTP Connector configured Path is relative or absolute.
New Email framework
Delphix introduces a new Email Framework along with two default algorithm instances. This functionality allows for more customization in masking email addresses.
New copy environment API
In this release, Delphix has extended the list of API-endpoints by adding a new API for copying environments.
The API endpoint is :
Group | Endpoints | Description |
|---|---|---|
environment | POST /environments/ | Copy environment objects in the same or a different application |
Release 6.0.8.0
New name and full name frameworks
Delphix introduces new Name and Full Name Frameworks, as well as their default algorithms instances. That functionality adds flexibility and more sophisticated ways for name masking.
Masking SDK multiple plugins capacity
Masking SDK functionality is extended with an option of loading multiple plugins and chaining extensible algorithms based on different plugins. The dlpx-core plugin is uploaded by default.
New regex decompose algorithm chaining framework
Delphix introduces the Regex Decompose extensible algorithm framework, which allows the capability to build new algorithms from a combination of predefined actions and existing algorithms.
Enclosure escape character support for delimited file masking
In this release, Delphix has added escape character support for delimited file masking. Specifically the following were added:
Enclosure escaping strategy: The user can configure the enclosure escape character from the UI/API to escape the enclosure. To configure the enclosure escape character from the UI, the user must select the "Enclosure Escaping Strategy" dropdown value as per the below options on the edit Rule Set popup window.
Double Enclosure: Double enclosure option will set the escape character value same as enclosure value.
Custom: By selecting custom option, the user can specify any single character as an enclosure escape character, except the "escape sequences" and "control characters".
Escape "Enclosure Escape Character"
The user can escape the "enclosure escape character" itself by clicking on the Escape "Enclosure Escape Character" checkbox on the edit RuleSet popup window.
For more detailed information, see Managing rule sets.
Release 6.0.7.0
New date masking frameworks
Delphix introduces new date masking frameworks, which includes date replacement, date shift, and multi-column dates. These new frameworks obviate the need for many of the custom date algorithms that were required in the past. Delphix also introduces new default implementations of common date-masking functionality. The new date masking frameworks are briefly described below.
Date Replacement: Selects a replacement value from a configurable date range.
Date Shift: Produces a replacement value by randomly shifting the input date by a configurable increment range.
Multi-column Date: Masks date values that have a dependency, such as admission and discharge date using the same algorithm as Date Shift. This allows masking of both the initial date and the difference between the dates.
New credit card masking algorithms
Delphix introduces a robust payment-card masking framework, as well as a default algorithm implementation for credit card data. The legacy credit card algorithm (that produced random values) is being replaced by the new default instance, which provides consistent masking results, a unique output for every valid input, always changes a valid input value, and preserves all non-digit portions of the input value.
Masking Engine changes for users and groups
This enhancement adds stronger on-Masking Engine safeguards to the Users and Groups experience delivered in Central Management ,in which the access to a Masking Engine’s objects is determined by assigning authorization via global access groups. Specifically, when an engine opts into the global model, it relinquishes local control of object access. With this, the local enforcement of global (Central Management) settings is strengthened by deactivating local object access in the UI, thus ensuring the local values will not be overridden via frequent, periodic scans from Central Management.
New forgot and reset password APIs
In this release, Delphix has extended the list of API-endpoints by adding two new API's related to the existing Forgot and Reset password feature for a user, which was available via GUI only till now.
The two new sets of API endpoints are :
Group Endpoints Description user POST /users/forgot-password Send reset password mail to the user POST /users/reset-password Reset new password for the user The forgot-password API will generate and send a password reset link to the registered email id of the user, for which the password has to be reset.
The reset-password API will use the token sent via the password reset link, to set the new password.
Control character support for delimited file masking
In this release, Delphix has added the control character support for delimited file masking. Specifically the following were added:
Control character as a delimiter: The user can specify a control character as the delimiter from UI/API.
Control character as an end of record: The user can specify a control character as the end of record from UI/API.
Control character as a value: Delimited files containing values with control characters are now supported.
Date-Time format change for the API response
In this release, the date-time format for API responses is changed
From: yyyy-MM-dd'T'HH:mm:ss.SSSZ e.g. 2021-03-17T17:35:39.352+0000
To: yyyy-MM-dd'T'HH:mm:ss.SSSXXX e.g. 2021-03-17T17: 35:39.352+00:00.
The API endpoints below will be affected by this change:
GET /system-information
GET /plugin
GET /profile-jobs
GET /profile-sets
GET /execution-events
GET /async-tasks
GET /audit-logs
GET /algorithms in algorithm extension object
GET /execution-components
GET /jdbc-drivers
GET /masking-jobs
GET /reidentification-jobs
GET /tokenization-jobs
Release 6.0.6.0
Certifications
This release adds support for DB2 iSeries v7.4.
Multi-column algorithm
In this release, Delphix has introduced a Multi-Column Extensible Algorithm mechanism, which allows masking multiple columns of the same table conditional to their values (or using any other logic needed by the customer). To use the Multi-Column Algorithm Framework, users first create an algorithm via the Masking SDK and then install their algorithm on a Masking Engine via the Extensible Algorithm Plugin interface.
Latest API version
The latest masking API version supported on the engine will be included in the
GET /system-informationAPI response.Custom database connection properties
There is now a way to specify custom connection properties for all of our database connector types by uploading a properties file. For more information, see Database Connection Properties.
Release 6.0.5.0
Certifications
This release adds support for the following certificates:
MySQL 8
Postgres SQL 12
DB2 LUW 11.5
Oracle Database Cloud Services on Virtual Machines
Oracle Database Cloud Services on Bare Metal
Google Cloud SQL for PostgreSQL
Google Cloud SQL for MySQL
Google Cloud SQL for SQL Server
Character mapping algorithm
Delphix is introducing a replacement for the Segment Mapping Algorithm, the Character Mapping Algorithm. The new Character Mapping Algorithm is built using the recently released algorithm SDK, and in most common configurations this new algorithm will be faster and require less memory than the existing segment mapping algorithm. In addition, this new version does not have a length limitation for the input string and can handle non-ASCII characters.
Default API version
Introducing the ability to specify the Masking API version to be used when the version is omitted from the base path of the Masking API request's URL.
New API version
To reflect the API improvements mentioned above, the API version increased to 5.1.5 in this release. For a complete listing of version 5.1.5, see Masking API Client.
Release 6.0.4.0
Certifications
This release adds support for SQL Server 2017 and 2019.
Masking job memory improvements
Memory management has been dramatically improved. Not only can jobs run with less memory, but the Masking Engine will also now ensure that jobs can only run if enough memory is available and that the engine cannot run out of memory.
Along with these changes, there are two new execution statuses:
CANCELLEDandQUEUED.Extensible connector permissions change
The first iteration of the Masking Extensible Connectors, supporting the ability to upload and use JDBC drivers, required that the permissions for each driver be enumerated at install time. Delphix has now replaced this mechanism with a fixed security policy blocking only the most dangerous permissions (specifically those that could inflict harm to the Masking Engine), removing the need for user management of permissions. It remains the case that the engine administrator must ensure that only trusted JDBC driver software is installed.
File masking performance
The performance of file masking has been significantly improved.
Builtin extensible secure lookup framework
Delphix has added a builtin, configurable Secure Lookup Algorithm Framework, based on the Extensible Algorithms feature (introduced in 6.0.3.0 release).
This framework provides better performance and new features when compared with the Legacy Secure Lookup Algorithms.
It allows configuring the case sensitivity of input values (true/false), and the case configuration of the output values:
Preserve Lookup File Case // i.e. as found in Lookup File Preserve Input Case // i.e. preserve case of input value - UpperCase / LowerCase / Mixed Force all Lowercase // forces output to LowerCase Force all Uppercase // forces output to UpperCaseThe algorithm instance (based on the new Secure Lookup Algorithm Framework) might be managed via the existing Algorithm API, similar to any other plugin algorithm. The GUI has been changed for configuring/editing Secure Lookup Algorithm. For more information, see Secure Lookup Algorithm Framework.
Job scheduler removed
As of this release, we have removed the Job Scheduler feature. The introduction of Masking’s REST API several releases ago allowed customers to schedule job executions using their preferred job scheduler. As a result, the integrated scheduler is seldom used.
Free text redaction algorithm
The redaction strategies used in a free text redaction algorithm have been renamed to "Allowlist" and "Denylist".
New API version
To reflect the API improvements mentioned above, the API version increased to 5.1.4 in this release. For a complete listing of version 5.1.4, see Masking API Client.
Release 6.0.3.0
Extensible algorithms
We introduced a new, radically simpler, method to create new masking algorithms. With the new framework, Delphix partners and customers can create and share new algorithms.
Extensible algorithms and their related algorithm plugins can be managed through the following APIs:
Group Endpoints Description plugin GET /plugin Get all plugins POST /plugin Install plugin DELETE /plugin/ Delete plugin GET /plugin/ Get plugin detail by pluginId PUT /plugin/ Update plugin Existing algorithm API is extended with the following endpoints:
Group | Endpoints | Description |
|---|---|---|
algorithm | GET /algorithm/frameworks | Get all algorithm frameworks |
GET /algorithm/frameworks/id/ | Get algorithm framework by frameworkId |
UI-based environment sync
Over the past several releases Delphix has introduced and refined the ability to synchronize objects between Masking Engines via the API. In 6.0.3, Delphix now supports importing and exporting environments via the UI.
Note: In this release, the deprecated XML import/export functionality has been removed. If you used the XML import/export feature in previous releases, you'll find the new Sync Environment feature to be a more robust and complete solution with complete API support in addition to being available in the UI.
New SQL Server JDBC driver
The product switched from the jTDS JDBC driver to Microsoft's official open-source JDBC driver. This was done to obtain improved support for recent versions of SQL Server.
All SQL Server basic connectors will be converted transparently. If you used a SQL Server Advanced connector or a Generic connector using the jTDS driver, you will need to manually convert your JDBC URL to the Microsoft JDBC driver's format. To perform this conversion, see the references for the jTDS parameters and the Microsoft JDBC parameters. Delphix Customer Support's upgrade validation checks will detect any SQL Server Advanced connectors and Generic connectors using the jTDS driver in your installation and they will notify you of the need to manually convert those connectors.
AzureSQL managed databases
This release is certified to be compatible with the following Azure SQL Managed Databases:
Azure Database for PostgreSQL service
Azure Database for MySQL service
Azure Database for MariaDB service
Azure Database for SQL
Note: You must enable support for non-TLS connections.
File masking performance
This release contains significant performance improvements for delimited and XML file masking.
New API version
To reflect the API improvements mentioned above, the API version increased to 5.1.3 in this release. For a complete listing of version 5.1.3, see Masking API Client.
Release 6.0.2.0
Certifications
This release adds support for Oracle 19c.
Mainframe data set improvements for masking
This release delivers multiple quality-of-experience enhancements around mainframe masking workflows:Mainframe masking performance: Anyone masking mainframe data sets may see a large improvement in performance.
Engine sync support for mainframe: The Sync APIs and workflows now support mainframe objects: connectors, rule sets, jobs, and formats.
Mainframe data set record type APIs: This enhancement builds upon the recent release of Record Type APIs to include mainframe support. You will now be able to manage Mainframe data set record types via REST API, including redefine conditions. When masking a mainframe data set, the Masking Engine uses a mainframe data set format to interpret the data set's contents. A mainframe data set format has one default record type "All Record". If a mainframe data set format contains redefined fields, each redefined and redefines field will have a corresponding record type that holds the redefined condition for the redefined and redefines fields. Specifically, the following APIs were added:
Group
Endpoints
Description
mainframeDatasetRecordType
GET /mainframe-dataset-record-types
Get all Mainframe Dataset record type
GET /mainframe-dataset-record-types/
Get Mainframe Dataset record type by ID
PUT /mainframe-dataset-record-types/
Update Mainframe Dataset record type by ID
For more information on redefine conditions, see Managing a mainframe inventory.
JDBC to delimited files support
On-the-fly masking jobs with a JDBC source and delimited file target are now supported. This is targeted at users with data lake applications. This is targeted at users with data lake applications who wish to extract unmasked data using a JDBC connection and insert masked data back using a bulk file load mechanism.
Environment sync support for masking
With this release, an entire environment is now syncable with a single operation via the Sync REST APIs. Previously, Sync users would have to export/import objects on an individual basis, the process now is far more streamlined. Note: Environment Sync APIs are the preferred way of handling environment export/import versus XML-based transfer.
New API version
To reflect the API improvements mentioned above, the API version increased to 5.1.2 in this release. For a complete listing of version 5.1.2, see Masking API Client.
Release 6.0.1.0
Extended connectors
Extended connectors is a new feature that allows you to upload additional JDBC Drivers to the Continuous Compliance engine. This enables masking data sources that are not natively supported by Continuous Compliance. For more information, see Managing Extended Connectors.
Sync for tokenization and reidentification jobs
The Sync feature allows you to coordinate the operation of multiple engines. This release adds Sync support for Tokenization and Reidentification Jobs. For more information on the Sync feature, see Managing Multiple Engines for Masking.
File record type APIs
When masking a delimited or fixed length file, the Masking Engine uses a file format to interpret the file's contents. Each format has one or more record types. In previous releases, these record types could only be created and managed through the graphical user interface. This release adds the ability to also create and manage file record types through the APIs. Specifically, the following APIs were added:
Group Endpoints Description recordType GET /record-types Get all record type POST /record-types Create record type DELETE /record-types/ Delete record type by ID GET /record-types/ Get record type by ID PUT /record-types/ Update record type recordTypeQualifier GET /record-type-qualifiers Get all record type qualifiers POST /record-type-qualifiers Create record type qualifier DELETE /record-type-qualifiers/ Delete record type qualifier by ID GET /record-type-qualifiers/ Get record type qualifier by ID PUT /record-type-qualifiers/ Update record type qualifier by ID Note that record types are only used for delimited and fixed-length file formats. For more information on record types, see Adding Record Types for Files.
Release 6.0.0.0
Objects names requirements
Delphix 6.0 adds validations for object names that can be created/renamed manually. For more information, see Naming Requirements.
Please note that enforcing these requirements might fail the import, sync, or upgrade from pre-6.0 release. For resolving those failures, see [Knowledge Base Article KBA5096](https://support.delphix.com/Delphix_Masking_Engine/Object_Naming_Requirements_(KBA5096).
Versioning framework
6.0 marks the release of version 5.1 of the Masking API. For information on how the Masking API is versioned, see Masking API Versioning Documentation.
New API endpoints
In 6.0 we have expanded the list of API endpoints to include:
Group Endpoints Description Application DELETE /applications/ Delete application by ID Mount Filesystem GET /mount-filesystem Get all mounts POST /mount-filesystem Create a mount GET /mount-filesystem/ Get a mount by ID DELETE /mount-filesystem/ Delete a mount by ID PUT /mount-filesystem/ Update a mount by ID PUT /mount-filesystem/ Connect a mount by ID PUT /mount-filesystem/ Disconnect a mount by ID PUT /mount-filesystem/ Remount a mount by ID In addition to the new API endpoints, we have improved existing API endpoints. These improvements include:
Addition of the applicationId field to the application model
Replacement of the application field with an applicationId field in the Environment model
Removal of the classification field from the domain model
Addition of the rulesetType field to the Masking, Profiling, Reidentification, and Tokenization job models.
Addition of mountName in the ConnectionInfo of a file connector and a mainframe dataset connector to use a filesystem mount point.
For more information on Continuous Compliance APIs, see API documentation.
NFS and CIFS mounts
In previous releases, the Masking Engine has supported masking files via FTP or SFTP. In this release, we have added the ability for users to directly mount and mask a file system over NFS and CIFS. This should dramatically simplify the process of file masking. As with other Masking Engine objects, the Sync feature can be used to coordinate mount objects across multiple engines. For more information on the mount feature, see Managing Remote Mounts.
Release 5.3
Synchronizing masking jobs and universal settings across Engines
In 5.2 we introduced the ability to synchronize Masking Algorithms between engines to ensure consistent masking, regardless of the engine executing the masking. In 5.3 we are expanding the list of syncable objects to include:Masking Jobs
Connectors
Rulesets
Domains
File Formats
The sync of objects is possible through improvements to several sync API endpoints, including:
GET /syncable-objects[?object_type=
POST /export
POST /export-async
POST /import
POST/import-async
This expansion of syncable objects ensures that users can sync their Masking Jobs and all the objects necessary for that masking job to execute successfully - regardless of the masking engine it lives on, allowing for easier scaling of Continuous Compliance across the enterprise. For more information, see Managing Multiple Masking Engines.
Support for Kerberized connections
In 5.2.4 we added support for Kerberos for our Oracle Masking Connector. In 5.3 we have expanded the list of connectors that support Kerberos to:SQL Server
Sybase
To enable Kerberized connectors your engine must be configured properly and you must configure your masking Connectors for Kerberos. Kerberos can be enabled by going to the Advanced mode on Oracle, SQL Server and Sybase. For more information, see Managing Connectors.
New API endpoints
In 5.2 we released an all-new set of API endpoints allowing for the automation of many masking workflows. In 5.3, we have expanded this list of API endpoints around Algorithms, Users, Roles, File Upload, System Information, Login, Rulesets, and Connector. Below are the net new API endpoints:Group Endpoints Description Algorithms POST /algorithms Create algorithm DELETE /algorithms/ Delete algorithm by name GET /algorithms/ Get algorithm by name PUT /algorithms/ Update algorithm by name PUT /algorithms/ Randomize key by name Users GET /users Get all users POST /users Create user DELETE /users/ Delete user by ID GET /users/ Get user by ID PUT /users/ Update user by ID Roles GET /roles Get all roles POST /roles Create role DELETE /roles/ Delete role by ID GET /roles/ Get role by ID PUT /roles/ Update role by ID Rulesets PUT /database-rulesets/ Update the rule set’s tables PUT /database-rulesets/ Refresh the rule set Connectors POST /database-connectors/ Test a database connector POST /database-connectors/test Test an unsaved database connector POST /file-connectors/ Test a file connector POST /file-connectors/test Test an unsaved file connector Async Tasks GET /async-tasks Get all asyncTasks GET /async-tasks/ Get asyncTask by ID PUT /async-tasks/ Cancel asyncTask by ID File Upload/Download DELETE /file-uploads Delete all file uploads POST /file-uploads Upload file GET /file-downloads/ Download file System Information GET /system-information Get version, etc. Login/Logout PUT /logout User logout Executions GET /execution-components Status for a table, file, or Mainframe data set Tokenization Job GET /tokenization-jobs Get all tokenization jobs POST /tokenization-jobs Create tokenization job DELETE /tokenization-jobs/ Delete tokenization job by ID GET /tokenization-jobs/ Get tokenization job by ID PUT /tokenization-jobs/ Update tokenization job by ID Re-identification Job GET /reidentification-jobs Get all re-identification jobs POST /reidentification-jobs Create re-identification job DELETE /reidentification-jobs/ Delete re-identification job by ID GET /reidentification-jobs/ Get re-identification job by ID PUT /reidentification-jobs/ Update re-identification job by ID Database Rulesets PUT Update Database Ruleset by ID In addition to the net new API endpoints, we have improved pre-existing API endpoints. Some of the improvements include:
Addition of DB2 iSeries and Mainframe to connector endpoints.
Addition of Kerberos configuration on Oracle, SQL Server, and Sybase connectors
Ability to have ruleset refresh drop tables
Support for XML file types
Addition of dataType to column metadata
Addition of isProfilerWritable field to file-field-metadata endpoints. This is now represented in the API as a new isProfilerWritable boolean field in the body of a file-field-metadata. When the isProfilerWritable field is set to true, the algorithm/domain assignment on a column can be overwritten by the profiler. When the field is false, it may not be overwritten.
Addition of multipleProfilerCheck field to Profile Job endpoints. This feature is turned on using the boolean field in the body of a profile job. The job profiler normally stops profiling a column as soon as it flags a field as sensitive. If multipleProfilerCheck is true, the profiler will continue to scan the column for additional sensitive patterns. In the event that it finds more than one pattern, it will tag all the data domains found and apply 'one' standard algorithm for all those domains. The standard algorithm is ‘Null SL’ as of 5.3.4.0. This feature was formerly called ‘multi PHI’.
For more information on Continuous Compliance APIs, see API documentation. Please note that the previous generation of Masking APIs (commonly referred to as V4) is EOL and no longer supported in this release. All users are encouraged to migrate to the V5 APIs.