This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Configuring the Teradata Data Warehouse Protector

This section outlines the configuration process for the Protegrity Teradata Data Warehouse Protector.

1 - Updating the Config.ini File

  1. Log in to the server as the user with the required permissions.

  2. Navigate to the directory where you have downloaded the installation package.

  3. To view the contents within the directory, run the following command:

    /opt/protegrity/databaseprotector/teradata/data #  ls -ltr

  4. Press ENTER.
    The list of available configurable files appears.

    total 4
-rw-r----- 1 tdatuser tdtrusted 1058 Oct 14 01:27 config.ini

  5. To open the config.ini file, run the following command:

    /opt/protegrity/databaseprotector/teradata/data # vim config.ini

  6. Press ENTER.
    The contents of the config.ini file appears.

    ###############################################################################
# Log Provider Config
###############################################################################
[log]

# In case that connection to fluent-bit is lost, set how audits/logs are handled
# 
# drop  : (default) Protector throws logs away if connection to the fluentbit is lost
# error : Protector returns error without protecting/unprotecting 
#         data if connection to the fluentbit is lost
mode = drop

# Host/IP to fluent-bit where audits/logs will be forwarded from the protector
#
# Default localhost
host = localhost

###############################################################################
# Protector Config
###############################################################################
[protector]

# cadence is used to decide whether deployment is dynamic or immutable.
#
# '0' is used for immutable deployment.
# Non-negative values other than '0' is used as policy sync interval for dynamic deployment.
# default cadence value is '60'.
cadence = 60

  7. Update the parameters as mentioned in the table.

    The following table consists of the config.ini parameters along with the descriptions:

    Configuration ComponentParameterDescription
    LogmodeSpecifies how the protector logs are handled by the Log Forwarder. If the connection to the Log Forwarder host is lost, you can set the connection mode to one of the following types:
    - drop: Specifies the logs that the protector fails to record when the connection to the Log Forwarder is lost. By default, the Log Forwarder is configured to operate in the drop mode.
    - error: Stops all the data security operations and throws an error when the connection to the Log Forwarder is lost.
    Syntax: Parameter = Value
    Example: mode = error
    hostSpecifies the Log Forwarder hostname or the IP address where the logs are forwarded from the protector. The default host for the Log Forwarder is localhost.
    Syntax: Parameter = Value
    Example: host = <Hostname or IP Address>
    ProtectorcadenceSpecifies the time interval at which the protector synchronizes with the shared memory for fetching the policy package. The default value for the cadence parameter is 60 seconds. The minimum and maximum values that can be set for the cadence parameter are 0 seconds and 86400 seconds (24 hours) respectively.
    Important: If the cadence parameter value is set to 0 seconds, then the policy is fetched only once at the time of initialization. After initialization, the protector does not fetch for the new policy changes as a result of immutable deployment.
    Syntax: Parameter = Value
    Example: cadence = <time interval in seconds>

  8. Save the changes to the config.ini file.

    Important: Restart the Teradata Database to reflect any changes made to the config.ini file.

2 - Updating the Output Buffer

This page discusses the process to update the output buffer length for the Varchar Unicode UDFs.

By default, the value of the output buffer length is 500 characters. This value can be modified during the installation of the Teradata objects.

After completing the installation process, you may need to manually update the output buffer length values if necessary. For instance, if you need to protect strings longer than 500 bytes, adjust the buffer length to accommodate the largest string size. Be aware that a big buffer size slows the overall performance. Additionally, each protection method has a size limitations. For example, tokenization has a maximum size limit of 4096 bytes. The output buffer sizes for all the UDFs are stored in both, the dbpuserconf.ini and createvarcharunicode.sql files.

Updating the createvarcharunicode.sql file

  1. Log in to the server as the user with the required permissions.
  2. Navigate to the /opt/protegrity/databaseprotector/teradata/sqlscripts/ directory.
  3. To update the output buffer length in the createvarcharunicode.sql file, run the following command:
    vim createvarcharunicode.sql
  4. Press ENTER.
    The contents of the createvarcharunicode.sql file appears.

    Ensure to update the value of the output buffer length for the PTY_VARCHARUNICODEINS, PTY_VARCHARUNICODESEL, and PTY_VARCHARUNICODESELEX UDFs as per requirements.

  5. Save the changes to the createvarcharunicode.sql file:

    Important: To reflect any changes made to the createvarcharunicode file, restart the Teradata Database.

Updating the dbpuserconf.ini file

  1. Log in to the server as the user with the required permissions.
  2. Navigate to the directory where you have downloaded the dbpuserconf.ini file.
    For example, /etc/protegrity/
  3. To view the contents within the directory, run the following command:
    /etc/protegrity/ #  ls -ltr
  4. Press ENTER.
    The list of available configurable files appears.
    total 4
-rw-r----- 1 tdatuser tdtrusted 1058 Jan 28 01:27 dbpuserconf.ini
  5. Open the dbpuserconf.ini file in any text editor.
     ###############################################################################
 # Config ini
 ###############################################################################
 [config_ini]
 # path points to database protector installation directory
 path = /opt/protegrity/databaseprotector/teradata/data/config.ini

 ###############################################################################
 # Protector Varchar Sizes (set by user during installation)
 ###############################################################################
 [varchar_sizes]
 UDF_VARCHAR_MAX = 500
 UDF_VARCHAR_OVERHEADMAX = 500
 VARCHAR_MAX_IN_BUF_LEN_TOKEN_LATIN = 500
 VARCHAR_MAX_OUT_BUF_LEN_TOKEN_LATIN = 676
 VARCHAR_MAX_IN_BUF_LEN_ENC_LATIN = 500
 VARCHAR_MAX_OUT_BUF_LEN_ENC_BYTES = 538
 VARCHAR_MAX_IN_BUF_LEN_TOKEN_UNICODE = 500
 VARCHAR_MAX_OUT_BUF_LEN_TOKEN_UNICODE = 1356
 VARCHAR_MAX_IN_BUF_LEN_ENC_UNICODE = 500
 VARCHAR_UNICODE_MAX_OUT_BUF_LEN_ENC_BYTES = 1038
 TdvmDev2:/etc/protegrity/ #

    Important: Update the VARCHAR_MAX_OUT_BUF_LEN_TOKEN_UNICODE parameter with the required output buffer length.

  6. Update the parameters as per requirements.
  7. Save the changes to the dbpuserconf.ini file.

3 - Troubleshooting