Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

CDP Administration

Configuring Teradata Databases

search

Please Note:

Configuring Teradata Databases

Before data can be migrated, CipherTrust Database Protection for Teradata must be installed on the database server and the database must be added to the CipherTrust Manager GUI.

This chapter provides information on operations that can be performed on the CipherTrust Manager for the CDP for Teradata client.

All the database management operations mentioned in this section need to be performed by a user of the ProtectDB Users group. This user is referred to as the CDP Server Administrator in this document.

For the Teradata database, only database connection and user mapping operations are supported through the CipherTrust Manager GUI. For instructions on how to migrate data, refer to the CDP for Teradata User Guide.

Managing Database Connection

This section provides instructions on how to configure a connection between the Teradata database and the CipherTrust Manager. It also describes how to view, edit, and delete an existing database connection.

Creating a Teradata Database Connection

To create a Teradata database connection:

  1. Log on to the CipherTrust Manager GUI.

  2. Click Database Protection to open the application. The Databases screen displays the list of existing database connections, if any.

    Teradata Connection

  3. Click + Database and select Teradata from the available options. The Teradata Database Configuration page is displayed.

  4. Enter the Connection Information details in the respective fields.

    Teradata Connection

    The following table lists the parameters that are required when creating or managing a Teradata database connection.

    ItemDescription
    Name (Alias)Enter a name for the connection information. This field uniquely identifies a database connection.
    HostEnter the IP address of the database server.
    PortEnter the port on which the database server is listening for connections. The default port is 1025.
    Database User NameEnter the database login name that has permission to modify the tables to be migrated. This could be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers.
    Database User PasswordEnter the password for the database user.
    MetaDatabase User NameDisplays the meta database user as INGRIAN. It cannot be changed. The INGRIAN user is created as requirement before installing the CDP client (for Teradata).
    MetaDatabase User PasswordEnter the password for the meta database user.
    Enable Credentials CachingSelect Enable Credential Caching feature to save the database credentials for multiple sessions and user authorization is not required to access table/column for a database.
    Possible configurations:
    Enabled: The user can directly access the table/column information for a database in multiple sessions.
    Disabled: For each session, while accessing the table/column information for a database, user is prompted for database credentials. Once the credentials are validated successfully, further authorization is not required for that session.
    NOTE: The database authorization is session based. Authorization is mandatory for each session while accessing table/column for a database.
    ProtocolSelect the TCP protocol to connect the CipherTrust Manager to the Teradata database.
    The SSL protocol is not supported for the Teradata databases.
    Database NameEnter the name for the database that contains the tables and columns to encrypt.
    Enter DescriptionEnter description for the database. This field is optional.
  5. Click Save. The newly added database appears on the Databases screen. The Status column reflects the status of the connection.

  6. Click the refresh (Refresh Icon) icon on the screen if the status is not updated.

After the database is added, the next step is to create a user mapping. Refer to Managing User Mappings.

Editing Database Connections

To edit an existing database connection:

  1. Log on to the CipherTrust Manager GUI.

  2. Click Database Protection to open the application. The Databases screen displays the list of existing database connections, if any.

  3. Click the overflow icon (Overflow Icon) corresponding to the desired database connection.

    Delete Connection

  4. Click Edit Connection. The Connection Information screen is displayed in edit mode.

  5. Edit the following fields/options as required.

    • Host

    • Port

    • Database User Name

    • Database User Password

    • MetaDatabase User Password

    • Enable Credential Caching

    • Protocol

    • Database Name

    • Description

  6. Click Save to save the new configuration. The Status column on the Database screen reflects status of the connection.

  7. Click the refresh icon (Refresh Icon) on the screen if the status is not updated.

Viewing Database Connections

To view the existing database connections:

  1. Log on to the CipherTrust Manager GUI.

  2. Click Database Protection to open the application. The Databases screen displays the list of existing database connections, if any.

    Teradata Connection

Deleting Database Connections

To delete an existing database connection:

  1. Log on to the CipherTrust Manager GUI.

  2. Click Database Protection to open the application. The Databases screen displays the list of existing database connections, if any.

  3. Click the overflow icon (Overflow Icon) corresponding to the desired database connection.

    Delete Connection

  4. Click Delete.

The database connection is deleted. The Databases screen displays the available list of database connections.

Managing User Mappings

A user mapping associates a database user with a CipherTrust Manager user. You need a user mapping to encrypt and decrypt a data. The database user must be able to access the data you are manipulating. The CipherTrust Manager user must be able to access the key you want to use.

When a database user sends a request to the CipherTrust Manager, CDP searches its list of user mappings (contained in the ING_AUTHORIZED_USER table in the metadata database). If the database user appears on the list or is a member of a mapped database role, CDP includes the associated CipherTrust Manager user and password in the request. If those credentials are valid and the CipherTrust Manager user has access to the required key, then the crypto operation is performed. If the credentials are invalid or the CipherTrust Manager user does not have access to the key, the operation fails.

If a user mapping is changed, restart the daemon service.

Ensure that the daemon services is restarted before adding any use mapping.

This section covers the following topics:

Viewing/Adding User Mappings

Viewing User Mappings

To view the list of existing user mappings for a Teradata database connection:

  1. Log on to the CipherTrust Manager GUI.

  2. Click Database Protection to open the application. The Databases screen displays the list of existing database connections, if any.

    SQL Server Connection

  3. Click the overflow icon (Overflow Icon) corresponding to the desired database connection.

    Delete Connection

  4. Click Manage User Mapping. The List of users screen is displayed. It displays the existing user mappings for a Teradata database connection.

    Map User - Teradata

Two database connections with different aliases but pointing to the same database IP will display the same list of user mappings.

Adding User Mapping

To add a new user mapping for a Teradata database connection:

  1. On the List of users screen, click Map User. The Map User screen is displayed.

    Map User - Teradata

  2. Enter the mapping details:

    ItemDescription
    Database UserThe database user or role that can be used to connect to the CipherTrust Manager.
    To create a default mapping, enter ING_DEFAULT_USER in this field.
    NOTE: The default mapping value applies to all the database users not otherwise listed on the List of users screen. Refer to Managing User Mappings for additional information on default user mapping.
    Local UserEnter the local user to which the database user is to be mapped.
    (The local user is a CipherTrust Manager user.)
    Local PasswordEnter the password for the local user.
  3. Click Save. The new user mapping appears on the List of users screen.

Adding User Mapping in Domain

To add a user mapping in a domain:

  1. On the List of users screen, click Map User. The Map User screen is displayed.

  2. Enter the mapping details. The local user name should include domain name (for example, my-domain||admin) as shown below:

    Mapping with Domain

  3. Click Save. The new user mapping with domain name appears on the List of users screen.

    Mapping with Domain

When the CDP client is configured in local mode and the column is encrypted using a versioned key, then ensure that the local user is part of the Key Users group and the key is shared with the Key Users group.

Deleting/Editing User Mapping

To delete or edit an existing user mapping:

  1. Log on to the CipherTrust Manager GUI.

  2. Click Database Protection to open the application. The Databases screen displays the list of existing database connections, if any.

  3. Click the overflow icon (Overflow Icon) corresponding to the desired database connection.

    Delete Connection

  4. Click Manage User Mapping. The List of users screen is displayed. It displays the list of existing user mappings for a SQL Server database connection.

    Teradata User Mapping

  5. Click the overflow icon (Overflow Icon) corresponding to the desired user mapping connection.

    Modify User Mapping

  6. (Optional) Click Delete. Skip this step if you do not want to delete an existing user mapping.

  7. Confirm the delete operation when prompted. The user mapping is deleted from the List of users screen.

  8. Click the overflow icon (Overflow Icon) corresponding to the desired user mapping connection.

    Modify User Mapping

  9. Click Edit. The Edit User Mapping screen is displayed.

    Change User Mapping

  10. Change the Local User and enter its password.

  11. Click Save.

The user mapping is updated on the List of users screen.