DataMasque Installation on Cohesity

This guide describes the installation and initial configuration of a DataMasque instance on the Cohesity Marketplace environment.

• Prerequisites
  • Minimum cluster specifications
  • Firewall configuration
  • Enabling Apps Management
• Installation
  1. Install DataMasque
     • Installation using Helios
     • Manual installation
  2. Start a DataMasque instance
  3. Configure access
  4. Configure your DataMasque instance
• Upgrading DataMasque on Cohesity
• Impact of Cohesity patches
• Troubleshooting

Prerequisites

Minimum cluster specifications

DataMasque supports deployment on Cohesity version 6.5.1 and 6.6. The following minimum specifications are required when deploying to a Cohesity cluster environment:

• 3 Cohesity nodes
• Cohesity Apps Management enabled
• Allocatable resources by Cohesity Apps Management for each Cohesity node:
  • 4 vCPUs
  • 7.68 GB RAM

Note: The DataMasque evaluation package is available upon request for Proof of Concept (PoC) or evaluation purposes. This package supports a single cluster node deployment

Firewall configuration

After a new DataMasque instance has been deployed, it will be allocated a port on each cluster node between the range of 61001-63786. Additional firewall configuration may be necessary to allow clients to access this port. See 3. Configure Access for details.

---

Enabling Apps Management

If Cohesity Marketplace Apps haven't been installed on your cluster before, you may first need to enable Apps Management. See below for instructions.

Cohesity 6.5.1 and 6.6

1. Login to the Cohesity dashboard using an account with admin privileges.
2. Navigate to Settings > Cluster > Summary then choose Configure.
3. Navigate to Marketplace > My Apps. If Apps Management is not enabled yet, click on the My Apps tab, then click App Settings at the top right of the page, and toggle on Enable Apps Management.
4. Enable Allow external connectivity from apps which is required by DataMasque to connect to target database instances.
5. An external network must be added for DataMasque. Click Add under the External Networks section, then select a VLAN ID. Then enter an IP Start and IP End to select the range of addresses that apps can use. Then, click Add.
6. Click save to continue to My Apps.

  

Installation

These are the instructions for the first-time installation of DataMasque.

To upgrade DataMasque, see Upgrading DataMasque on Cohesity.

1. Install DataMasque

Installation using Helios

It is recommended to install DataMasque directly from the Cohesity Marketplace where possible. For dark-sites or environments without Helios enabled, follow the manual installation instructions.

1. Navigate to the DataMasque app listing on Cohesity Marketplace.
2. Follow detailed instructions from Cohesity to complete app installation.

Manual installation

These instructions describe the procedure for manual installation of DataMasque on Cohesity Marketplace. It is recommended to use the Helios installation method if possible, however manual installation may be necessary for dark-sites or environments without Helios enabled. The DataMasque .pkg for manual installation may be downloaded from the DataMasque Customer Portal.

1. Login to the Cohesity dashboard using an account with admin privileges
2. Navigate to the Apps dashboard
   • This is found under Marketplace > My Apps
3. Click the 'Upload App' button
4. Select and upload the DataMasque .pkg file and click 'Upload and Install'
5. After the package has uploaded, installation will begin.

  

---

2. Start a DataMasque instance

1. Click the Run App button on the newly installed DataMasque application:
2. Choose a QoS Policy. Max is recommended.
3. Cohesity will initialise a new instance of DataMasque, visible under the All Instances tab.
4. Once the app has initialised, click the 'Open App' button to open DataMasque in your browser.

  

---

3. Configure access

Once a DataMasque app instance has been created, it will be allocated a port on the cluster in the range 61001-63786. The port number can be found by clicking Open App on the DataMasque app instance, as described in 2. Start a DataMasque instance. The port number will be included in the address bar of the newly opened tab. If you are experiencing difficulty connecting to DataMasque, ensure this port has been opened in your firewall configurations.

---

4. Configure your DataMasque instance

The first time you access your new DataMasque instance, you will be greeted with the first-time installation page to perform initial configuration of the application.

Follow the Initial Setup guide to continue with the installation process.

Note: The first time you visit DataMasque, your browser will display a security warning because the self-signed certificate generated by DataMasque will be untrusted by your browser. You may proceed past this warning for now, and install your own trusted certificate after installation is complete (refer to Installing SSL Credentials). If you are unable to proceed past the warning due to HSTS being enabled for your domain, refer to Installation with HSTS enabled.

Upgrading DataMasque on Cohesity

When upgrading DataMasque, all existing data is preserved between versions and will still be present after the upgrade is complete. However, it is recommended that you take backups of any rulesets, connections and files before performing the upgrade.

Manual upgrade

These instructions describe the procedure to manually upgrade DataMasque on Cohesity Marketplace. It is recommended to follow the Helios upgrade process for DataMasque upgrades if possible, however this manual procedure may be necessary for dark-sites or environments without Helios enabled. The DataMasque .pkg for manual upgrade may be downloaded from Helios, or the DataMasque Customer Portal.

Warning

If during the following process the app is accidentally terminated instead of paused, the instance will be completely destroyed, removing all application data and files. There is no confirmation for this action. Be careful to click the correct option.

Upgrade instructions:

1. Follow the manual installation instructions to upload the new DataMasque .pkg.
2. Navigate to the 'All Instances' tab of the 'Apps' page.
3. Shut down the existing DataMasque app instance:
   • In the Cohesity, choose 'Kill' from the instance options menu. Do not click 'Remove'.
4. Wait for the app to enter the 'Paused' state.
5. Restart the app instance by choosing 'Resume' from the instance options menu.

Pause app

Impact of Cohesity patches

It is recommended to ensure that no masking tasks are running before performing any Cohesity upgrades on your cluster. Running upgrades while a masking task is operating will interrupt the DataMasque worker process and result in a partially masked database.

Troubleshooting

Installation with HSTS enabled

On browsers with HSTS enforced for the domain that the Cohesity cluster is on, the browser will block access to DataMasque when the default self-signed certificate is in use.

To access the DataMasque prior to installing your own trusted SSL certificate, you may replace the cluster hostname with the IP address from any of the cluster nodes in the address bar while retaining the port number.

For example, consider a scenario where your Cohesity cluster is accessible on the domain cohesity-01.my-organisation.com, and your organisation security policy has enforced HSTS for all subdomains on my-organisation.com. Usually you would be able to access DataMasque on the port allocated for the app on your cluster (e.g. 61001) using cohesity-01.my-organisation.com:61001. However, due to HSTS, this will be disallowed when a self-signed certificate is in use. Instead, replace the fully qualified cluster domain name in the browser URL bar with any cluster node IP address (e.g. https://10.0.66.213:61001).