Installation guide for on-premises
Getting the installation kit
Get the installation kit from Accelario representative.
It should be a zip archive with following contents:
jar file
“conf” directory with single yaml file
Example:
data-masking-1.0-SNAPSHOT.jar
conf/application.yml
Prerequisites
Windows or Linux server - any release/version. This server will act as the application server. It can be any host - a dedicated one or the same as the database server.
Recommended server requirements: according to server sizing guide
Java 8, minimum 241 build , e.g.:
1.8.0_241
Network accessibility to required databases
OS user:
Linux - a user with a privilege to run java and has full permissions (read/write/execute) in the “app_home” directory
Windows - a user with a privilege to run java and to read/write in the “app_home” directoryDatabase user - a user with DBA privileges in every database that the app should work with. Each database may have different user and password.
Deployment
Unzip the installation kit into empty directory on app server - this directory will be further called “app_home”.
The configuration file conf/application.yml
already has all parameters with default values.
If needed, the parameters can be changed by updating this file and restarting the application.
The admin password may be changed by altering property: authConfiguration: password
The port may be changed by altering property: applicationConnectors: port
Pay attention that there are separate ports for http and https protocols.
HTTPS configuration
The application is packaged with self-signed certificate.
After the application’s start, the self-signed certificate is located at conf/keystore/a_masking_cert.jks
It allows to access the masking application via HTTPS, but browser will warn about unknown certificate.
To avoid the warning, the customer should provide trusted, signed certificate in p12 format. If the format is different, then it needs to be converted into p12 format and copied it to this folder: conf/keystore/
Тhe command to convert is:openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out fullchain_and_key.p12 -name dw -caname root
… where:
fullchain.pem - is customer's certificate
privkey.pem - private key
fullchain_and_key.p12 - is the name of result certificate
During the conversion a password is requested. The same password should be specified in /conf/application.yml
, in the property: authConfiguration: https: keyStorePassword
Start on Linux
Make sure that java 1.8 is installed.
Run these commands:
cd {app_home}
screen -dmSL masking java -Duser.timezone=GMT -Dfile.encoding=UTF-8 -Dconsole.encoding=UTF-8 -jar data-masking-1.0-SNAPSHOT.jar
If screen
utility is not installed, it is also possible to use nohup
:
cd {app_home}
nohup java -Duser.timezone=GMT -Dfile.encoding=UTF-8 -Dconsole.encoding=UTF-8 -jar data-masking-1.0-SNAPSHOT.jar &
Start on Windows
Make sure that java 1.8 64bit is installed.
Run these commands:
cd {app_home}
service_install.cmd
It creates a Windows service named Accelario Masking acc_masking
Once created, start the service.
The parameters for JVM are located in file {app_home}\service_parameters.list
In some cases, the application process may be started in an interactive mode - usually it is done as part of debugging session.
In that case, run these commands:
Accessing the application
Open a browser and goto: http://myserver:8084
Replace “myserver” with the hostname where the jar file was started
Reminder: the default port (8084) can be changed as described in Deployment section
Upgrade
Stop the application
Replace the file
data-masking-1.0-SNAPSHOT.jar
with new versionCompare original and new application.yml files - copy new properties only
Start the application