Security
Delphix Masking / Masking Engine Admin Guide / Security

The following sections describe security actions.

Storing Database Passwords

Masking Engine uses encryption and stores all passwords encrypted in the application's repository database.

Authenticating Users

If you choose to use Masking Engine internal authentication, Masking Engine uses encryption and stores passwords for each user encrypted in the Masking Engine relational repository.

When a user logs in to Masking Engine and enters their username and password, Masking Engine verifies that the user is an active user with Masking Engine, and then authenticates their password.

Optionally, Masking Engine can integrate with external authentication software (Microsoft Active Directory, CA SiteMinder, or LDAP) to authenticate users. If you integrate with external authentication software, Masking Engine will validate that the user has rights to access the application and will log in the user automatically. (No additional Masking Engine password will be required.)

Authorizing Users (Roles)

With the built-in Masking Engine Administrator role, which is similar to a superuser role, the administrator can add roles and assign the roles to users. By creating specific roles and assigning them, the administrator can control which users are authorized to perform various tasks (privileges).

Configuring a Boot Password

This topic describes how to configure a boot password on the Delphix Engine. The Delphix Engine uses a boot loader to select the underlying system image to run, along with associated options. Access to the console is controlled through the virtualization framework, which should be sufficient to secure the Delphix Engine. System users can configure a boot password if additional compliance regulations require a boot loader password on top of the access control provided by the virtualization framework.

Procedure

  1. Login to the CLI as a system user.

    The boot password is not currently configurable through the browser UI.

  2. Switch to the service security context and execute the update command.

    delphix> service security
delphix service security> update

  3. Set the bootPassword property. The password can be entered on a separate line to avoid echoing the contents.
     

    delphix service security update *> set bootPassword
Enter bootPassword: ******

    To clear an existing boot password, run unset bootPassword.

  4. Commit the change.

    delphix service security update *> commit

Configuring a Security Banner

This topic describes how the system administrator can configure a security banner on the Delphix Engine. All users will see the security banner prior to login, over Secure Shell (SSH) and in the browser.

Procedure

  1. Login to the command line interface (CLI) as a system user.

    Currently, you cannot configure the security banner through the browser user interface (UI).

  2. Switch to the service security context and execute the update command.

    delphix> service security
delphix service security> update

  3. Set the banner property, using quotation marks if you require spaces.
     

    delphix service security update *> set banner="Use is subject to license terms."

    The banner is in plain text. HTML or other markup is not supported.

    To clear an existing banner, run unset banner.

  4. Commit the change.

    delphix service security update *> commit