Delphix runs as a virtual appliance deployed in various types of infrastructure as described above. When you first log in to an instance, the setup wizard will help you configure the initial setup for network, storage, authentication and more. If you have just deployed, read this section to understand each step of the setup wizard.
Once you have deployed Delphix in the platform of your choice, you will need to set up the engine’s initial configuration, which includes settings such as system time, storage, and authentication. This page describes each step in the setup process and will outline and the various options available.
The setup procedure uses a wizard to take you through the following configuration screens:
- Network Security
- Outbound Connectivity
- Network Authorization
When you first connect to the Delphix Engine via any supported browser, you must enter the default sysadmin login, whose credentials are sysadmin/sysadmin. On the first login, you will be prompted to change the initial default password for security purposes.
A login failure issue could occur if the Delphix Engine clock is not in sync with the IDP clock. To resolve the issue, either use the NTP clock or set up the skew time property in SSO (Single Sign-On) configuration.
The Welcome tab asks users to select the engine type for setup. You can select from Virtualization or Masking. This document explains the setup for Virtualization engines. For Masking engines, please visit our Masking documentation.
Each Delphix Virtualization engine has two default accounts:
- System Administrator: ‘sysadmin’ with a password that users can define. This will be the system administrator for the instance.
- Engine Administrator: ‘admin’ with a password that users can define. This is typically a DBA who will administer all the data managed by the instance.
You must provide an email address and password for both users at the Administrators step of setup.
Each Delphix Masking engine has the following default account:
- Masking Administrator - "admin" with the password you defined. This will be the Masking administrator responsible for setting up users and other administrative actions in Masking. (Only available if Masking was selected).
The Delphix Engine leverages its time setting to determine policies and actions that take place within the application. Here, you can manually set time or choose from an NTP server.
Select an option for maintaining the system time as explained below.
Set NTP Server (recommended)
After selecting this option, select an NTP server from the list, or click Add NTP Server to manually enter one or more server(s).
When configuring a Delphix Engine on VMware, be sure to configure the NTP client on the host to use the same servers that you enter here.
Manually Select Time and Date
Click Use Browser Time and Date to set the system time, or select the date and time by using the calendar and clock displays.
If you select Use Browser Time and Date, the date and time will persist as your local time, even if you change the time zone.
The initial network configuration will be pre-populated based on the deployment platform you are using for Delphix. For VMware deployments, Delphix defaults to the VMXNET3 network adapter.
By selecting ‘Settings’ for each Network Interface, you can manage the following options:
DHCP or Static network addressing
For Static addressing, enter an IP Address and Subnet Mask.
This setting is highly recommended. VMXNET3 supports Ethernet jumbo frames, which can be used to maximize throughput and minimize CPU utilization.
A default gateway will be specified in this section.
Enter a DNS Domain Name and DNS Server to be used for this engine.
Delphix installs certificates signed by the engine’s Certificate Authority. Users have the ability to manage their own certificates for HTTPS and DSP (Delphix Session Protocol) connections to and from the Delphix Engine. You can add or modify certificates and certificate signing requests (CSRs) via the ‘...’ option.
When you update the Certificate Authority certificate, your HTTPS and DSP certificates will be automatically updated.
For more information please refer to Certificate Management in the Security section of this documentation.
The Delphix Engine automatically discovers and displays storage devices. For each device, confirm that Usage Assignment is set to Data.
You can associate additional storage devices with the Delphix Engine after initial configuration, as described in Adding and Expanding Storage Devices.
There are two options for storage disk usage assignment:
- Data: Once you set the storage unit assignment for a disk to Data and save the configuration, you cannot change it again.
- Unassigned: These are disks being held for later use.
Configure at least four disks for the storage of user data. This makes the Delphix Engine storage manager function more efficient since duplicated metadata can be distributed across multiple disks.
If a Web Proxy Server is necessary for your environment, select ‘Configure web proxy’ and enter the hostname and credentials for that server.
The support and phone home bundles contain metadata from the Delphix Engine, but do not include the customer data that has been ingested into the engine. Redaction of known PII data (e.g. names and email addresses for Delphix users) is done on-engine before bundles are uploaded, and again after bundles are uploaded to Delphix to ensure that the latest redaction rules are applied to each bundle without requiring the engine to be continually upgraded. There may be some limited environment data in the bundle (e.g., IP addresses and database names) that are needed for debugging purposes. Support bundles are automatically deleted within 30 days after the support case is closed, or 30 days after upload, whichever comes later.
Enabling this option sends information to Delphix periodically over HTTPS (SSL). This data is securely managed by the internal team for product analysis and improvements. This feature requires a connection to the internet and will use the Web Proxy Server configuration.
Perform the following steps to enable/disable phonehome.
- Login to the Delphix Virtualization engine setup using the sysadmin credentials.
- From the Outbound Connectivity widget, click Modify.
- To enable phonehome, select the checkbox before the Enable phone home service option. If you enable this option, this service will automatically send a stream of anonymous, non-personal metadata describing user interaction with the product's user interface.
- To disable, deselect the checkbox before the Enable phone home service option.
- Click Save to save your settings.
User-click Analytics is a lightweight method to capture how users interact with Delphix product user interfaces, allowing Delphix to collect browser-based, user-click data. Delphix does not collect, transmit or store any personally identifiable information (PII) such as email addresses, IP addresses, usernames, etc.
Select Use an SMTP Server and enter the server name or IP address to enable email notifications for events and alerts.
When a critical fault occurs with the Delphix Engine, it will automatically send an email alert to the admin user. Make sure that you configure the SMTP server so that alert emails can be sent to this user. See System Faults for more information.
In the Authentication page, you can configure authentication protocol such as LDAP and SAML/SSO. See User and Authentication Management for further details.
To avoid configuration issues, consult with your lightweight directory access protocol (LDAP) administrator before attempting to set up LDAP authentication of users for the Delphix Engine.
When configuring LDAP, you must provide an LDAP Server. We currently support two authentication methods: SIMPLE and DIGEST_MD5.
Select whether you want to Protect LDAP traffic with SSL/TLS. If you select this option, you must import the server certificate.
If LDAP has been set up as an authentication service for the Delphix Engine, you must add new users with LDAP as their authentication mechanism. For more information, see User Groups.
To enable SAML/SSO, there are two properties you must set:
- Audience Restriction: The audience restriction must be set to the entity id configured in the Delphix Server via the Delphix Setup. Its default value is https://<Delphix Server ID>, where <Delphix Server ID> is a 36-character hexadecimal string of the form xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx. See Determining the Delphix Server ID and Host Name for more on the Delphix Server ID. If the Delphix Engine does not exist or is unreachable, you can enter a temporary value (such as delphix-sp-id) which must later be replaced by the actual Delphix Server ID.
- IdP Metadata: an XML document which must be exported from the application created in your IdP. Paste its contents into the provided field.
The Network Authorization page allows you to use Kerberos authentication and Host Connection authentication methods to communicate between hosts connected with Delphix. Enabling the Kerberos option will allow Kerberos key-based authentication when adding new environments to Delphix. Complete the following fields while setting up the Delphix Engine.
- Realm: the domain over which a Kerberos authentication server has the authority to authenticate a user, host or service.
- Principal: a unique identity to which Kerberos can assign tickets.
- Keytab: a file containing pairs of Kerberos principals and encrypted keys (which are derived from the Kerberos password).
As described in Registration Management, registration allows Delphix Support to access the engine and properly diagnose and identify any issues during support cases.
If the Delphix Engine has access to the internet, then you can auto-register the Delphix Engine with your Delphix Support credentials in the ‘Online Registration’ section.
If external connectivity is not immediately available, you must perform manual registration.
- Copy the Delphix Engine registration code displayed.
- Transfer the Delphix Engine's registration code to a workstation with access to the external network Internet. For example, you could e-mail the registration code to an externally accessible email account.
- On a machine with access to the internet, use your browser to navigate to the Delphix Registration Portal at http://register.delphix.com.
- Login with your Delphix support credentials.
- Paste the Registration Code.
- Click Register.
The final summary tab will enable you to review your configurations for each page in the setup tutorial. Confirm that everything looks correct, and click submit to complete the setup.
- After the configuration is complete, the Delphix Engine will restart and launch the browser-based Delphix Management application.
- After the Delphix Management application launches, the admin can login using the initial default username admin and the initial default password delphix. On the first login, you will be prompted to change the initial password.