DataMasque Installation from Azure Marketplace
This guide describes the installation and initial configuration of a DataMasque instance deployed using one of the available DataMasque software products on the Azure Marketplace.
- DataMasque Azure Marketplace software products
- Prerequisites
- Optional configurations
- Provisioned Azure resources on deployment
- Configuring your DataMasque instance
- Configuring network access to your target databases
- Troubleshooting and maintenance
DataMasque Azure Marketplace software products
DataMasque’s software products in the Azure Marketplace are delivered as virtual machine images, from which Azure virtual machines may be provisioned.
You can view the available DataMasque products on the Azure Marketplace.
Pricing & Free Trial
The DataMasque product offers a 30-day free trial, after which time you will be charged the standard hourly consumption rate, based on your virtual machine instance size.
Prerequisites
Azure account
You will need a valid Azure account in order to deploy a DataMasque instance using one of the available DataMasque software products.
Optional configurations
Static external IP address
If you need a static public IP address to access your DataMasque instance, in addition to using your virtual machine instance’s private IP address, you will need to attach a Public IP when configuring the DataMasque instance.
DataMasque must also be configured with all addresses used to access it. For example, if you want to access DataMasque on both the public and private addresses, both should be configured with the global Hostnames setting from the Settings page.
Private subnet
It is recommended to deploy your DataMasque instance on a private subnet with appropriate access control.
Host security
Standard security practices should be applied to the DataMasque host virtual machine. Such best practices include, but are not limited to:
- Restrict access control using network ACLs
- Host filesystem encryption. Follow this guide to enable filesystem encryption on your virtual machine instance.
- Regular OS security patching
- Intrusion detection
- Virus scanning
Provisioned Azure resources on deployment
Upon deployment, a virtual machine, network interface and network security group will be created in your Azure account. By default, the network security group allows access on ports 443 (HTTPS) and 22 (SSH). It is recommended that you apply network security configuration to restrict access to these ports.
Depending on the configuration options you select, a new resource group, Static IP address and/or NIC may be created as well.
Note: The deployment does not create or use any other public or private Azure resources other than the listed resources in this section.
Configuring your DataMasque instance
Once your virtual machine is launched and ready for connection,
you can access your DataMasque instance from a client web browser at https://<instance-ip-or-hostname>.
Follow the Initial Setup guide to complete your installation of DataMasque.
Configuring network access to your target databases
You will need to allow network access between your DataMasque instance and your target databases before executing masking runs against your target databases. Once the network access has been set up, refer to the Database Connections user guide to configure the connection details for your target databases.
Troubleshooting and maintenance
Verifying the DataMasque processes
DataMasque is a fully containerised application and runs in Docker containers. Once the virtual machine has started, you can SSH to the virtual machine host to confirm the DataMasque Docker containers are running with the following command:
docker ps --format "table {{.ID}}\t{{.Status}}\t{{.Names}}"
You should see five DataMasque containers listed:
CONTAINER ID STATUS NAMES
60114d0c370d Up 3 minutes datamasque_admin-frontend_1
da8bacfbbe48 Up 3 minutes datamasque_admin-server_1
c9555bf98017 Up 3 minutes datamasque_agent-worker_1
d46296fd5b3b Up 3 minutes datamasque_agent-queue_1
1d5516575e1c Up 3 minutes datamasque_admin-db_1
It is also recommended to monitor the health of your DataMasque instance. Refer to the API documentation for authentication and the health check API endpoint.
Data protection
It is recommended to take regular backups of your DataMasque virtual machine. It is also recommended to periodically save copies of your Run Logs, as well as Ruleset and Connection configurations.
Upgrading DataMasque
It is recommended that you take backups of all rulesets, connections, and uploaded files, before upgrading your DataMasque instance.
Download the new DataMasque Docker package from DataMasque Customer Portal.
To upgrade your DataMasque instance, extract the new DataMasque Docker
Compose package, and run the included installation script with the
--upgrade option:
tar -xvzf datamasque-v<version>.pkg
cd datamasque/<version>/
sudo ./install.sh --upgrade
Restarting DataMasque
To restart the DataMasque Docker containers, run the following command as the system user
(by default this is azureuser):
sudo docker-compose -f /usr/local/etc/datamasque/docker-compose.yml restart
To restart the DataMasque Docker containers, run the following command as the system user
(by default this is azureuser):
sudo docker ps --format "table {{.ID}}\t{{.Status}}\t{{.Names}}"
DataMasque logs
For DataMasque 2.17 and newer
DataMasque logs can be downloaded through the web UI, by selecting Logs in the sidebar, then clicking Application Logs…. If the web UI is not accessible, then follow the instructions for DataMasque older than 2.17.0 below.
For DataMasque older than 2.17.0
Important DataMasque logs can be extracted from the Docker containers with the following commands.
Create a directory to store the logs:
mkdir -p <path to a log directory>
Then, follow the instructions below, which vary according to DataMasque version. Choose the section corresponding to the version of DataMasque that generated the logs you want (normally the current version - but if you have recently upgraded, you may be looking for logs from the previous version).
Old log files are not deleted on upgrade, so if you have upgraded to 2.16.1 or newer from a previous version, you can follow both sections to retrieve all log files.
For DataMasque 2.16.1 and newer
DataMasque 2.16.1 introduced log rotation. There can now be up to 10 of each log file,
hence the entire log directory must be copied from the container.
The most recent log file has the extension .log
while the others have the extension .log.1, .log.2, and so on.
To copy the DataMasque logs to a <log directory>:
sudo docker cp datamasque_admin-server_1:/files/logs/ <log directory>
DataMasque records three types of logs:
- Application runner logs are in the files starting with
masque_requests.log. - Web application logs are in the files starting with
masque_admin_server.log. - Masking agent logs are in the files starting with
masque_agent.log.
For DataMasque 2.16.0 and earlier
- To copy the DataMasque web application runner logs to a
<log directory>:
sudo docker cp datamasque_admin-server_1:/files/logs/uwsgi.log <log directory>
- To copy the DataMasque web application logs to a
<log directory>:
sudo docker cp datamasque_admin-server_1:/files/logs/django.log <log directory>
- To copy the DataMasque masking agent logs to a
<log directory>:
sudo docker cp datamasque_agent-worker_1:/files/logs/celery.log <log directory>
- To obtain the STDOUT from a container, run
docker logs <NAME OF CONTAINER>. - For example, to obtain the STDOUT logs from the admin-db container, run the following command:
docker logs datamasque_admin-db_1
Support information
DataMasque provides full product and installation support within 72 hours of making an enquiry. Contact the support team at support@datamasque.com for any enquiries you may have.