Getting started (Salesforce- Compliance accelerator)

When downloading dxac, please ensure that you get the distribution for your operating system.

Pre-requisites

  • Host Machine
    dxac requires a host to run. This can be a MacOS 11.6+, Windows10, or RHEL 7.9/8.x machine.

  • Storage
    At least 150 MB of disk space on the host to install and run dxac.

  • Ports, Firewall and Connectivity
    The dxac host machine must be able to connect to the Delphix Masking Engine over ports 80 and 443.
    *If your Delphix Masking Engine is configured to run on non-standard ports, please ensure that the firewall allows the dxac host to connect to the Delphix Masking engine over these ports.

  • Masking admin user
    dxac requires Delphix Masking admin user credentials to deploy the masking metadata bundle.

  • Masking readiness of the target database
    During the deployment process, dxac will try to make a JDBC connection to the target database using the credentials provided in configuration.dxac assumes that the database specific prerequisites have already been met.

  • Salesforce login credentials
    Login credentials are required by the Delphix Masking engine to authenticate with Salesforce.
    Basic Authentication:

    • Salesforce username

    • Salesforce user’s password

    • Salesforce user’s security token

OAuth2 Based Authentication:

  • A connected app in Salesforce with the following settings:

    • Refresh Token policy set to Refresh token is valid until revoked

    • OAuth Settings checkbox is selected

    • Callback URL set to http://localhost:33333

    • Selected OAuth Scopes: Full Access(full)

  • Client Id from the connected app

  • Client Secret from the connected app

  • Salesforce user permissions
    The Salesforce user must have the required read/write privileges on the Salesforce Org that’s being masked.
    Refer to Salesforce JDBC Masking documentation for more details.

  • Delphix Masking Engine
    6.0.15+

Installation

To install dxac, extract the tar (or zip) file into a folder of your choice.

The extraction process will create a folder named dxac-packagedapp-version .This is the working directory for dxac.

We recommend that you use a dedicated folder to extract/install dxac.

Contents of dxac-packagedapp-version folder:

  • resource folder

  • dxac command line tool

Version

To check the version of the dxac command line tool use the below command:

Linux/Mac 

./dxac --version

Windows 

.\dxac.exe --version
All the commands will be specified w.r.t linux going ahead. Change the command in respect to the OS that you are using.

Initialization

Once dxac is installed, the next step is initialization. To initialize dxac, run the following command from the dxac directory using a terminal window (or Powershell).

./dxac config init -r {PATH of the resource directory}

During this step, dxac does the following:

  • creates a log folder under the current working directory.

  • creates a database folder under the current working directory and initializes the dxac database. This database is used to contain the information of the registered Continuous Compliance Engine.

  • creates a dxac_user.config file under the current working directory based on the default configuration file under /resources/config folder.

Configuration

Now that dxac is installed, let’s move on to the configuration process.

dxac relies on information in a few configuration files to effectively deploy the masking metadata into a Delphix Masking engine.These configuration files are located inside the /resource folder.

connector.properties

This file, located under /resource/connector directory, contains the information to set up a Connector to the database that is being masked.

Required parameters are tagged with an *.

  1. *username: A DB user with the required read/write permissions for masking.

  2. connector_name: A user friendly name for the connector. If not provided, a default name will be assigned.

  3. schema_name: Schema name of the datasource being masked.

  4. database_type: Type of database.

  5. kerberos_auth: Whether to use kerberos authentication or not.

  6. *jdbc: A full jdbc string to connect to the datasource being masked.

JDBC Connector Info

dxac requires your Salesforce Org’s JDBC url in the connector.properties file under the resource/connector folder.

Following are the key parameters in a JDBC url that the Delphix Masking engine can use to connect to Salesforce.

These are recommended best practice settings for optimal masking performance. Please review CDATA documentation for more details.

Required parameters are tagged with an *.

Parameter

Description

*rtk

RTK (runtime key) for the CDATA JDBC Driver.
If you do not have an RTK, please reach out to CDATA.

Note: An RTK is not required for Continuous Compliance engine version 7.0.0 onwards.

*SSLServerCert

Two options to provide certificate content:

  • Upload the Salesforce certificate chain as a PEM file into the engine and provide the file reference, which can now be done automatically by supplying “-uc” with the deploy command. This will upload the certificate present in the resource/certs folder whose name is present in the “cert_name” parameter in the “resource/config/dxac_default.config” file.

  • Provide the contents of the Salesforce Certificate chain.

UseBulkAPI

Instructs the CDATA driver to use Salesforce Bulk API
Default: false
Recommended Value: true

BulkAPIVersion

Version of Salesforce Bulk API to use
Default: v1
Recommended Value: v2

Logfile

Log file for CDATA driver.
This log file is written on the Delphix Masking engine.

Verbosity

Verbosity level for the CDATA driver log

usesandbox

Must be set to true if masking data in a sandbox.
Recommended Value: true

BulkAPIConcurrencyMode

Concurrency mode for the BulkAPI.
Recommended Value: Parallel

WaitForBulkResults

When set, the CDATA driver will wait for a commit response from Salesforce before proceeding with the next batch.
Recommended Value:true

Sample JDBC Url

jdbc:salesforce:UseBulkAPI='true';BulkAPIVersion='v2';Logfile='/path/logfilename';Verbosity=1;rtk='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';usesandbox=true;BulkAPIConcurrencyMode=Parallel;WaitForBulkResults=true;SSLServerCert='-----BEGIN CERTIFICATE----- xxxxxxxxxx -----END CERTIFICATE-----';

Additional Configuration

You can configure the following additional metadata parameters using dxac. These parameters are housed in dxac_user.config under the current working directory.

  1. environment_name
    Name of the environment to create in the Delphix Masking engine.

  2. app_name
    Name of the application to create in the Delphix Masking engine.

  3. plugin_name
    If a driver support plugin needs to be uploaded, name of the plugin jar file.
    The jar file with the same name must be present under /resource/plugin folder.

  4. driver_name
    Name of the driver to use for this deployment.
    If dxac is uploading the driver to the Masking engine, then a driver file with the same name must be present in the /resource/jdbc_driver folder.
    Else if the driver has been uploaded to Masking engine before dxac deploys the metadata, then the name of the driver in the Masking engine (Settings Tab -> JDBC Drivers) must be provided to this parameter.

  5. resource_location
    If the resource folder is not located in the directory from where dxac is run, provide the full path to the resource folder(including /resource).

  6. driver_class_name
    This is the class name of the driver in the jar file.
    This parameter is required if dxac is uploading a driver to the Delphix Masking engine.

  7. Cert_name
    Name of the certificate chain file that is present under the resource/certs folder.
    If dxac is uploading the certificate to the masking engine then a file with the same name should be present under the resource/certs folder.

  8. Settings_file_ref
    It is used to store the file reference path of the OAuth2Settings.txt file after it has been uploaded to the masking engine. It is blank by default.

  9. Cert_file_ref
    It is used to store the file reference path of the certificate mentioned in cert_name, after it has been uploaded to the masking engine. It is blank by default.

All of these parameters can be set/updated using the dxac config update command as follows.

./dxac config update --param-name value

See dxac config documentation for more info.

What’s Next?

You have now installed, initialized and configured dxac successfully.Next step is to deploy the masking metadata to a Delphix Masking Engine.Refer to Deploying Metadata for detailed instructions.

For information on dxac commands, refer to Compliance Accelerator’s CLI References section.