Delphix runs as a virtual appliance deployed in various types of platforms, as outlined in these Deployment articles. When first logging into an instance, the setup wizard will help with initial configurations for network, storage, authentication, and more. This article describes each step in the setup process and will outline and the various options available.
When first connecting to the Delphix Engine via any supported browser, enter the default sysadmin login; the credentials for username/password are sysadmin/sysadmin. On the first login, there will be a prompt to change the initial default password for security purposes.
A login failure issue could occur if the Delphix Engine clock is not in sync with the IDP clock. To resolve the issue, either use the NTP clock or set up the skew time property in SSO (Single Sign-On) configuration.
The Welcome tab asks users to select the engine type for setup, choose from Virtualization or Masking. This document explains the setup for Virtualization engines. For Masking engines, please visit the Masking documentation.
Each Delphix Virtualization engine has two default accounts:
- System Administrator: ‘sysadmin’ with a password that users can define. This will be the system administrator for the instance.
- Engine Administrator: ‘admin’ with a password that users can define. This is typically a DBA who will administer all the data managed by the instance.
Provide an email address and password for both users at the Administrators step of the setup.
Each Delphix Masking engine has the following default account:
- Masking Administrator - "admin" with a user-defined password. This will be the Masking administrator responsible for setting up users and other administrative actions in Masking. This is only applicable if Masking was selected.
The Delphix Engine leverages its time setting to determine policies and actions that take place within the application. Manually set the time or choose from an NTP server, an explanation of these options are shown below.
Set NTP Server (recommended)
After selecting this option, select an NTP server from the list, or click Add NTP Server to manually enter one or more server(s).
When configuring a Delphix Engine on VMware, be sure to configure the NTP client on the host to use the same servers that are entered here.
Manually Select Time and Date
Click Use Browser Time and Date option to set the system time, or select the date and time by using the calendar and clock icons.
If this option is selected, the date and time will persist as the local time, even if time zones are changed.
The initial network configuration will be pre-populated based on the deployment platform used for Delphix. For VMware deployments, Delphix defaults to the VMXNET3 network adapter.
Select ‘Settings’ for each Network Interface to manage the following options:
DHCP or Static network addressing
For Static addressing, enter an IP Address and Subnet Mask. The static IP address must be specified in CIDR notation (for example, 192.168.1.2/24).
This setting is highly recommended. VMXNET3 supports Ethernet jumbo frames, which can be used to maximize throughput and minimize CPU utilization.
A default gateway will be specified in this section.
Enter a DNS Domain Name and DNS Server to be used for this engine.
Delphix installs certificates signed by the engine’s Certificate Authority. Users have the ability to manage their own certificates for HTTPS and DSP (Delphix Session Protocol) connections to and from the Delphix Engine. You can add or modify certificates and certificate signing requests (CSRs) via the ‘...’ option.
When you update the Certificate Authority certificate, your HTTPS and DSP certificates will be automatically updated.
For more information please refer to Certificate Management in the Security section of this documentation.
Storage for Engines backed by Block Devices
The Delphix Engine automatically discovers and displays storage devices. For each device, confirm that Usage Assignment is set to Data.
You can associate additional storage devices with the Delphix Engine after initial configuration, as described in Adding and Expanding Storage Devices.
There are two options for storage disk usage assignment:
- Enabled: Once you set the storage unit assignment for a disk and save the configuration, you cannot change it again.
- Unassigned: These are disks being held for later use.
Configure at least four disks for the storage of user data. This makes the Delphix Engine storage manager function more efficient since duplicated metadata can be distributed across multiple disks.
Delphix Cloud Engines (Engines backed by s3 storage)
- Check the “Enable Object Storage” box
- Enter the amount of data that you would like to store on the engine. The size would be similar to the total storage on a traditional engine. Delphix Cloud engines provide the following advantages
- S3 only charges for the amount of storage used (In traditional EBS-backed engines, AWS charges based on provisioned storage) . Eg: if the size here was 10TB but the engine only uses 1TB, then AWS charges only for the 1TB of storage used.
- Increasing or reducing this number is simple post setup. It involves editing this number from the sysadmin login (Size cannot be reduced to a number lesser than what the Delphix engine is already using)
- This number acts as a quota in case you do not want s3 storage and costs to grow beyond a certain number.
- Enter the Base URL, Region, and Bucket that you want to use for the engine
- Select whether you want the engine to access the s3 bucket via Role (Instance profile) or via Access Key.
- Make sure to Test the connection to confirm that the EC2 instance can access the bucket
BLOCK STORAGE FOR CACHE
- EBS as cache is used to reduce latencies for frequently read data and as temporary storage for synchronous writes before the writes are sent to s3.
- Sizing: If you already know the size of the frequently accessed data, then size the cache equal to (size of frequently accessed data + Extra 10% for bookkeeping purposes), If not, you can start off with sizing the cache to 50% of the size of all dsources that will be added to the engine.
- Refer to section "Storage for Engines backed by EBS" for the steps to set up EBS as cache devices.
If a Web Proxy Server is necessary for your environment, select ‘Configure web proxy’ and enter the hostname and credentials for that server.
The support and phone home bundles contain metadata from the Delphix Engine, but do not include the customer data that has been ingested into the engine. Redaction of known PII data (e.g. names and email addresses for Delphix users) is done on-engine before bundles are uploaded, and again after bundles are uploaded to Delphix to ensure that the latest redaction rules are applied to each bundle without requiring the engine to be continually upgraded. There may be some limited environment data in the bundle (e.g., IP addresses and database names) that are needed for debugging purposes. Support bundles are automatically deleted within 30 days after the support case is closed, or 30 days after upload, whichever comes later.
Enabling this option sends information to Delphix periodically over HTTPS (SSL). This data is securely managed by the internal team for product analysis and improvements. This feature requires a connection to the internet and will use the Web Proxy Server configuration.
Perform the following steps to enable/disable phonehome.
- Login to the Delphix Virtualization engine setup using the sysadmin credentials.
- From the Outbound Connectivity widget, click Modify.
- To enable phonehome, select the checkbox before the Enable phone home service option. If enabled, this service will automatically send a stream of anonymous, non-personal metadata describing user interaction with the product's user interface.
- To disable, deselect the checkbox before the Enable phone home service option.
- Click Save to save for the settings.
User-click Analytics is a lightweight method to capture how users interact with Delphix product UIs, allowing Delphix to collect browser-based, user-click data. Delphix does not collect, transmit, or store any personally identifiable information (PII) such as email addresses, IP addresses, usernames, etc.
Select Use an SMTP Server and enter the server name or IP address to enable email notifications for events and alerts. When a critical fault occurs with the Delphix Engine, it will automatically send an email alert to the admin user. Make sure to configure the SMTP server so that alert emails can be sent to this user. See System Faults for more information.
On the Authentication page, configure authentication protocols such as LDAP and SAML/SSO. See User and Authentication Management for further details.
To avoid configuration issues, consult with the lightweight directory access protocol (LDAP) administrator before attempting to set up LDAP authentication of users for the Delphix Engine. When configuring LDAP, provide an LDAP Server. Two authentication methods are currently supported: SIMPLE and DIGEST_MD5.
Select to Protect LDAP traffic with SSL/TLS if desired. This option requires to import the server certificate. If LDAP has been set up as an authentication service for the Delphix Engine, add new users with LDAP as their authentication mechanism. For more information, see the User Groups article.
To enable SAML/SSO, there are two properties to set:
- Audience Restriction: The audience restriction must be set to the entity id configured in the Delphix Server via the Delphix Setup. Its default value is https://<Delphix Server ID>, where <Delphix Server ID> is a 36-character hexadecimal string of the form xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx. See Determining the Delphix Server ID and Host Name for more on the Delphix Server ID. If the Delphix Engine does not exist or is unreachable, enter a temporary value (such as delphix-sp-id) which must later be replaced by the actual Delphix Server ID.
- IdP Metadata: an XML document that must be exported from the application created in the IdP. Paste its contents into the provided field.
The Kerberos page allows for Kerberos authentication to communicate between hosts connected with Delphix. Enabling this option will allow Kerberos key-based authentication when adding new environments to Delphix.
- Realm: the domain over which a Kerberos authentication server has the authority to authenticate a user, host, or service.
- Principal: a unique identity to which Kerberos can assign tickets.
- Keytab: a file containing pairs of Kerberos principals and encrypted keys (which are derived from the Kerberos password).
As described in Registration Management, registration allows Delphix Support to access the engine, properly diagnose, and identify any issues during support cases. If the Delphix Engine has access to the internet, auto-register the Delphix Engine with Delphix Support credentials in the ‘Online Registration’ section.
If external connectivity is not immediately available, perform the manual registration.
- Copy the Delphix Engine registration code displayed.
- Transfer the Delphix Engine's registration code to a workstation with access to the external network Internet. For example, e-mail the registration code to an externally accessible email account.
- On a machine with access to the internet, use a browser to navigate to the Delphix Registration Portal at http://register.delphix.com.
- Log in with Delphix support credentials.
- Paste the Registration Code.
- Click Register.
The Delphix Engine will work without registration, but it is recommended to register each engine as part of the setup. Failing to register the Delphix Engine will impact its supportability.
The final summary tab will enable a review of the configurations for each page in the setup tutorial. Confirm that everything looks correct, and click submit to complete the setup.
- After the configuration is complete, the Delphix Engine will restart and launch the browser-based Delphix Management application.
- After the Delphix Management application launches, the admin can log in using the initial default username admin and the initial default password Delphix. On the first login, there will be a prompt to change the initial password.