DataMasque Installation on Cohesity
This guide describes the installation and initial configuration of a DataMasque instance on the Cohesity Marketplace environment.
- Prerequisites
- Installation
- Upgrading DataMasque on Cohesity
- Impact of Cohesity patches
- Troubleshooting
Prerequisites
Minimum cluster specifications
DataMasque supports deployment on Cohesity version 6.8.1. The following minimum specifications are required when deploying to a Cohesity cluster environment:
- 3 Cohesity nodes
- Cohesity Apps Management enabled
- Allocatable resources by Cohesity Apps Management for each Cohesity node:
- 4 vCPUs
- 7.68 GB RAM
Note: The DataMasque evaluation package is available upon request for Proof of Concept (PoC) or evaluation purposes. This package supports a single cluster node deployment
Firewall configuration
After a new DataMasque instance has been deployed, it will be allocated a port on each cluster node
between the range of 61001-63786
. Additional firewall configuration may be necessary to allow
clients to access this port. See 3. Configure Access for details.
Enabling Apps Management
If Cohesity Marketplace Apps haven't been installed on your cluster before, you may first need to enable Apps Management. See below for instructions.
Cohesity 6.8.1
- Login to the Cohesity dashboard using an account with admin privileges.
- Navigate to
Settings > Cluster > Summary
then chooseConfigure
. - Navigate to
Marketplace > My Apps
. If Apps Management is not enabled yet, click on the My Apps tab, then click App Settings at the top right of the page, and toggle on Enable Apps Management. - Enable Allow external connectivity from apps which is required by DataMasque to connect to target database instances.
- An external network must be added for DataMasque. Click Add under the External Networks section, then select a VLAN ID. Then enter an IP Start and IP End to select the range of addresses that apps can use. Then, click Add.
- Click save to continue to My Apps.
Installation
These are the instructions for the first-time installation of DataMasque.
To upgrade DataMasque, see Upgrading DataMasque on Cohesity.
1. Install DataMasque
Installation using Helios
It is recommended to install DataMasque directly from the Cohesity Marketplace where possible. For dark-sites or environments without Helios enabled, follow the manual installation instructions.
- Navigate to the DataMasque app listing on Cohesity Marketplace.
- Follow detailed instructions from Cohesity to complete app installation.
Manual installation
These instructions describe the procedure for manual installation of DataMasque
on Cohesity Marketplace. It is recommended to use the Helios
installation method if possible, however manual installation may be necessary
for dark-sites or environments without Helios enabled. The DataMasque .pkg
for manual installation may be downloaded from the
DataMasque Customer Portal.
- Login to the Cohesity dashboard using an account with admin privileges
- Navigate to the Apps dashboard
- This is found under
Marketplace > My Apps
- This is found under
- Click the 'Upload App' button
- Select and upload the DataMasque
.pkg
file and click 'Upload and Install' - After the package has uploaded, installation will begin.
2. Start a DataMasque instance
- Click the Run App button on the newly installed DataMasque application:
- Choose a QoS Policy. Max is recommended.
- Cohesity will initialise a new instance of DataMasque, visible under the All Instances tab.
- Once the app has initialised, click the 'Open App' button to open DataMasque in your browser.
3. Configure access
Once a DataMasque app instance has been created, it will be allocated a port on the cluster in the
range 61001-63786
. The port number can be found by clicking Open App on the DataMasque app
instance, as described in 2. Start a DataMasque instance.
The port number will be included in the address bar of the newly opened tab. If you are
experiencing difficulty connecting to DataMasque, ensure this port has been opened in your firewall
configurations.
4. Configure your DataMasque instance
The first time you access your new DataMasque instance, you will be greeted with the first-time installation page to perform initial configuration of the application.
Follow the Post-Installation Setup guide to continue with the installation process.
Note: The first time you visit DataMasque, your browser will display a security warning because the self-signed certificate generated by DataMasque will be untrusted by your browser. You may proceed past this warning for now, and install your own trusted certificate after installation is complete (refer to Installing SSL Credentials). If you are unable to proceed past the warning due to HSTS being enabled for your domain, refer to Installation with HSTS enabled.
Upgrading DataMasque on Cohesity
When upgrading DataMasque, all existing data is preserved between versions and will still be present after the upgrade is complete. However, it is recommended that you take backups of any rulesets, connections and files before performing the upgrade.
Manual upgrade
These instructions describe the procedure to manually upgrade DataMasque on Cohesity Marketplace.
It is recommended to follow the
Helios upgrade process
for DataMasque upgrades if possible, however this manual procedure may be necessary for dark-sites or
environments without Helios enabled. The DataMasque .pkg
for manual upgrade may be downloaded from
Helios, or the
DataMasque Customer Portal.
Warning
If during the following process the app is accidentally terminated instead of paused, the instance will be completely destroyed, removing all application data and files. There is no confirmation for this action. Be careful to click the correct option.
Upgrade instructions:
- Follow the manual installation instructions to upload the new DataMasque
.pkg
. - Navigate to the 'All Instances' tab of the 'Apps' page.
- Shut down the existing DataMasque app instance:
- In the Cohesity, choose 'Kill' from the instance options menu. Do not click 'Remove'.
- Wait for the app to enter the 'Paused' state.
- Restart the app instance by choosing 'Resume' from the instance options menu.
Pause app
Impact of Cohesity patches
It is recommended to ensure that no masking tasks are running before performing any Cohesity upgrades on your cluster. Running upgrades while a masking task is operating will interrupt the DataMasque worker process and result in a partially masked database.
Troubleshooting
Installation with HSTS enabled
On browsers with HSTS enforced for the domain that the Cohesity cluster is on, the browser will block access to DataMasque when the default self-signed certificate is in use.
To access the DataMasque prior to installing your own trusted SSL certificate, you may replace the cluster hostname with the IP address from any of the cluster nodes in the address bar while retaining the port number.
For example, consider a scenario where your Cohesity cluster is accessible on the domain cohesity-01.my-organisation.com, and your organisation security policy has enforced HSTS for all subdomains on my-organisation.com. Usually you would be able to access DataMasque on the port allocated for the app on your cluster (e.g. 61001) using cohesity-01.my-organisation.com:61001. However, due to HSTS, this will be disallowed when a self-signed certificate is in use. Instead, replace the fully qualified cluster domain name in the browser URL bar with any cluster node IP address (e.g. https://10.0.66.213:61001).