Initial Setup
This guide describes the process to set up DataMasque on initial installation.
Accessing your DataMasque instance
DataMasque can be accessed via a client web browser, without the need to install any additional agents or software.
DataMasque Docker deployments or AWS MarketPlace AMIs
If your DataMasque instance is deployed with Docker or deployed with the AWS Marketplace, you will need the hostname or IP address of the instance. The DataMasque instance will be served over port 443. You can access your DataMasque instance by using either of the following methods:
- Adding
https://
before the hostname or the IP address of your DataMasque instance:https://<instance-ip-or-hostname>
- Appending
:443
to the hostname or the IP address of your DataMasque instance:<instance-ip-or-hostname>:443
DataMasque Cohesity deployments
If DataMasque instance is deployed on Cohesity, you can access your instance through the Cohesity Dashboard following the steps below.
- Login to the Cohesity dashboard.
- Navigate to the My Apps section on the sidebar. This can be found under Marketplace > My Apps.
- Click on the Open App button for your DataMasque app.
DataMasque Amazon EKS deployments
If your DataMasque instance is deployed to EKS you will need the hostname or IP address of the instance. The DataMasque instance will be served over port 443. You can access your DataMasque instance by using either of the following methods:
- Adding
https://
before the hostname or the IP address of your DataMasque instance:https://<instance-ip-or-hostname>
- Appending
:443
to the hostname or the IP address of your DataMasque instance:<instance-ip-or-hostname>:443
Note: It is strongly recommended to include all EKS cluster node IP addresses as allowed hosts during DataMasque installation.
Configuration
The first time you access a new DataMasque instance, you will be greeted with the first-time installation page to perform initial configuration of the application.
1. Create admin account
Configure login details for the DataMasque admin user. This is a special privileged user account and should be reserved for administration tasks. Regular user accounts can be created for other users after installation is complete.
2. Configure hostnames
DataMasque must be configured with the hostnames and IP addresses that will be used to access the application. It is strongly recommended to include all cluster node IP addresses in this configuration as well as the cluster hostname to avoid losing access to the application. Currently, only IPv4 addresses are supported, in the following formats:
- Standard IPv4 address: x.x.x.x, where x ranges from 0 to 255.
- IPv4 with CIDR notation: x.x.x.x/y, where x ranges from 0 to 255 and y ranges from 0 to 32.
Hostnames can be added and removed using this interface, but the hostname that is being used to access DataMasque cannot be removed. Hostname configuration can also be modified after installation from the application settings page.
3. Configure SMTP settings
It is recommended that you configure your DataMasque instance to send emails over SMTP for the purposes of:
- Providing account recovery in the case of a forgotten password
- Receiving warnings and critical system notifications
- License quota and expiry notifications to ensure your DataMasque instance will continue to operate when licensed quota is exhausted.
- Sensitive data discovery notifications with newly discovered sensitive data.
For full details of the SMTP configuration options, see SMTP Email Settings.
4. Accept the EULA and complete installation
- Confirm that you are authorised to use the email address provided for the admin user account. DataMasque will send important system notifications to this address.
- Confirm that you are authorised to use the email address provided.
- For Docker and Cohesity installations, confirm that you have read and accept the DataMasque EULA.
- For AWS Marketplace installations, confirm the instance ID of your EC2 instance.
- Click COMPLETE INSTALLATION.
- Continue to the next section to Complete your installation
Complete your installation
After successful initial installation of DataMasque, it is recommended to the complete the following additional steps to make your instance production-ready.
1. Licence Installation
Navigate to My Account using the sidebar menu to access the Account page. Click the under Account Licence Information to open the Upload Licence panel. Click the Upload Licence File button and browse your files to locate your licence file, and select the file to install your licence.
See the Licensing section of the user guide for more details on licence types, and guidelines on how to use your licence.
2. SMTP configuration
Configuring DataMasque to send emails is recommended for production deployments. Without this configuration, users may become locked out of their accounts if they forget their password. Additionally, the system will be unable to send critical notifications to the administrator.
Navigate to Settings using the sidebar menu to view the SMTP settings. If you have already configured these settings during installation, you can validate them now using the Send Test Email button. Otherwise, click the button to add this configuration now. See the SMTP Email Settings section of the user guide for more information on these options.
3. Install trusted SSL credentials
On installation, DataMasque automatically generates a self-signed SSL certificate which must be accepted in the browser when accessing the application. It is recommended to follow these instructions to install your own trusted SSL certificate on your DataMasque instance.
4. Configure SAML single sign-on
DataMasque can be configured to use SAML single sign-on backed by your organisation's federated identity provider. Follow the SAML single sign-on user guide if you wish to enable SAML single sign-on for DataMasque.
5. Application monitoring
DataMasque provides a health check API endpoint to enable simple integration into your existing application monitoring tooling. To learn more about using this endpoint, see the API documentation for authentication and the health check API endpoint.
6. Next steps
DataMasque is now ready to be put to work protecting your organisation's sensitive data. Not sure what's next? Have a look through the Getting Started guide to learn more about how you can get the most from DataMasque.