DataMasque Installation on a Linux Server
This guide describes the process for deploying DataMasque with Docker Compose on a Linux server.
- System requirements
- Installing DataMasque
- Upgrading DataMasque
- Troubleshooting and maintenance
- Recommendations
System requirements
Supported Operating Systems:
- Ubuntu 18.04 or 20.04 LTS, x86 64-bit
- Red Hat Enterprise Linux (RHEL) 7 or 8, x86 64-bit
4 vCPUs
8 GiB RAM
40 GiB total disk space
Free space: DataMasque requires at least 6GB of free space inside the Docker root directory before install or upgrade. By default, the Docker root directory is
/var/lib/docker
.
A static external IP or hostname
Ingress requests allowed on port
443
(and optionally port80
)- These ports are used to serve DataMasque's web interface.
- If HTTP traffic is allowed on port
80
, it will be automatically upgraded to HTTPS on port443
.
For admin access (SSH), ingress requests allowed on port
22
.
Client web browser: Google Chrome 85 or above
Container managers:
- Docker 19.03 to 25.0.0 (Ubuntu and RHEL) or Podman 4.4.1 to 5.0 (RHEL only)
- Docker Compose 1.17 to 1.29
Installing DataMasque
DataMasque is a container-based application and runs on both the Docker and Podman container managers. Follow one of the links below according to which container manager you are using.
- For Docker, see Docker installation.
- For Podman (on RHEL only), see Podman installation.
Upgrading DataMasque
It is recommended that you take backups of all rulesets, connections and uploaded files before upgrading your DataMasque instance.
To upgrade your DataMasque instance, extract the new DataMasque Docker Compose package,
and run the included installation script with the--upgrade
option:
tar -xvzf datamasque-docker-v<version>.pkg
cd datamasque/<version>/
sudo ./install.sh --upgrade
Note: If your user belongs to the
docker
anddatamasque
groups, root privilege escalation viasudo
is not necessary for Docker installations.
For installations with Podman:
sudo ./install.sh --podman --upgrade
Troubleshooting and maintenance
See the General Troubleshooting and Maintenance page.
Recommendations
General
- Scaling: If you intend to run masking tasks in parallel or to perform multiple masking runs simultaneously, you should ensure your system has 1 vCPU and at least 1 GiB of RAM per concurrent masking task.
- Network and I/O: Refer to Network and I/O best practices for server networking recommendations.
- Host security: Deploy DataMasque on a dedicated VM/server with appropriate access control and enable host filesystem encryption.
Starting DataMasque automatically on boot
DataMasque's containers are configured with Docker Compose to always restart, so DataMasque will start automatically after system boot if the Docker daemon is configured to start on boot (which is the default configuration for a standard installation of Docker). For more information on configuring Docker to start on boot, refer to: https://docs.docker.com/engine/install/linux-postinstall/#configure-docker-to-start-on-boot-with-systemd.
Data protection
It is recommended to take regular backups of your DataMasque EC2 instance. It is also recommended to periodically save copies of your Run Logs, as well as Ruleset and Connection configurations.