Prerequisites
VM-based Continuous Compliance Engines
This page details the hardware and software requirements needed to deploy the Continuous Compliance Engine for data masking. The Continuous Compliance Engine is a self-contained operating environment and application, provided as a Virtual Appliance, which is certified to run on a variety of platforms like VMware, AWS, and Azure.
The Continuous Compliance Engine should be placed on a server where it will not contend with other virtual machines for network, storage, or other computing resources. The Continuous Compliance Engine is a CPU and I/O-intensive application; deploying it in an environment where it must share resources can significantly reduce performance.
To use both Continuous Data (data virtualization) and Continuous Compliance (data masking) Engines, they must be deployed separately. One Delphix Engine is required per service, running both operations on one engine is not supported.
Web browser support
The Continuous Compliance Engine’s graphical interface can be accessed from a variety of different web browsers. Currently, the following web browsers are supported.
Microsoft Edge
Mozilla Firefox
Chrome
Delphix supports the latest version of Microsoft Edge, Firefox, and Chrome as well as the immediate prior version.
AWS EC2 platform
See AWS EC2 Installation for information about virtual machine requirements to install a dedicated Continuous Compliance Engine on Amazon's Elastic Cloud Compute (EC2) platform.
Azure platform
See Azure Installation for information about virtual machine requirements to install a dedicated Continuous Compliance Engine on the Azure platform.
Google cloud platform
See Google Cloud Platform Installation for information about virtual machine requirements to install a dedicated Continuous Compliance Engine on the GCP platform.
IBM Cloud
See IBM Cloud Installation for information about virtual machine requirements to install a dedicated Continuous Compliance Engine on the IBM Cloud.
VMware platform
See VMware installation for information about virtual machine requirements to install a dedicated Continuous Compliance Engine on the VMware Virtual platform.
Container (Kubernetes) based Continuous Compliance Engine
The Containerized Masking product is delivered as a set of containers that are deployed as a Pod in your Kubernetes infrastructure. The Pod provides a similar set of functionality as the Continuous Compliance VM-based appliance.
Containerized Masking was developed to provide the ability to create ephemeral engines, or small engines that can be spun up quickly for a specific need, then thrown away once that need is fulfilled.
You would need to provide the Kubernetes infrastructure whether it is on-prem (such as MiniKube or MicroK8s) or cloud-based (such as AWS EKS).
Some functionality may require additional software installations on the Kubernetes node systems. For example, if the use of NFS-mounted filesystems is planned, each node would need the NFS client software that allows Kubernetes to perform the desired NFS mounts.
Differences between VM-based and Container-based Engines
There are some functional differences between the VM-based engine and the Container-based engine. In some cases, a piece of functionality is available in both, but implemented in different ways. In other cases, the functionality is unavailable. The table below summarizes these differences.
Functionality | VM-based engine | Container-based engine |
FTP support for file masking | Yes | No |
SSL / TLS for connectors | Yes1 | Yes2 |
Local file masking via NFS | Yes1 | Yes2 |
Local file masking via CIFS | Yes1 | Yes2 |
LDAP over TLS/SSL | Yes1 | Yes2 |
Kerberos | Yes1 | No |
SSO / OAuth | Yes1 | No |
Upgrade / upgrade validation | Yes1 | No |
Db2 z/OS and iSeries Connector | Yes | No |
Via the Engine Setup app.
Via Kubernetes.