Configuring Teradata Databases
Before data can be migrated, CipherTrust Database Protection for Teradata must be installed on the database server and the database must be added to the CipherTrust Manager GUI.
This chapter provides information on operations that can be performed on the CipherTrust Manager for the CDP for Teradata client.
Note
All the database management operations mentioned in this section need to be performed by a user of the ProtectDB Users group. This user is referred to as the CDP Server Administrator in this document.
Note
For the Teradata database, only database connection and user mapping operations are supported through the CipherTrust Manager GUI. For instructions on how to migrate data, refer to the CDP for Teradata User Guide.
Managing Database Connection
This section provides instructions on how to configure a connection between the Teradata database and the CipherTrust Manager. It also describes how to view, edit, and delete an existing database connection.
Creating a Teradata Database Connection
To create a Teradata database connection:
Log on to the CipherTrust Manager GUI.
Click CDP to open the application. The Databases screen displays the list of existing database connections, if any.
Click + Database and select Teradata from the available options. The Teradata Database Configuration page is displayed.
Enter the Connection Information details in the respective fields.
The following table lists the parameters that are required when creating or managing a Teradata database connection.
Item Description Name (Alias) Enter a name for the connection information. This field uniquely identifies a database connection. Host Enter the IP address of the database server. Port Enter the port on which the database server is listening for connections. The default port is 1025. Database User Name Enter the database login name that has permission to modify the tables to be migrated. This could be the owner of the database tables or a user with privileges to CREATE, MODIFY, and DROP views, tables, and triggers. Database User Password Enter the password for the database user. MetaDatabase User Name Displays the meta database user as INGRIAN. It cannot be changed. The INGRIAN user is created as requirement before installing the CDP client (for Teradata). MetaDatabase User Password Enter the password for the meta database user. Enable Credentials Caching Select Enable Credential Caching feature to save the database credentials for multiple sessions and user authorization is not required to access table/column for a database.
Possible configurations:
• Enabled: The user can directly access the table/column information for a database in multiple sessions.
• Disabled: For each session, while accessing the table/column information for a database, user is prompted for database credentials. Once the credentials are validated successfully, further authorization is not required for that session.
NOTE: The database authorization is session based. Authorization is mandatory for each session while accessing table/column for a database.Protocol Select the TCP protocol to connect the CipherTrust Manager to the Teradata database.
The SSL protocol is not supported for the Teradata databases.Database Name Enter the name for the database that contains the tables and columns to encrypt. Enter Description Enter description for the database. This field is optional. Click Save. The newly added database appears on the Databases screen. The Status column reflects the status of the connection.
Click the refresh () icon on the screen if the status is not updated.
After the database is added, the next step is to create a user mapping. Refer to Managing User Mappings.
Editing Database Connections
To edit an existing database connection:
Log on to the CipherTrust Manager GUI.
Click CDP to open the application. The Databases screen displays the list of existing database connections, if any.
Click the overflow icon () corresponding to the desired database connection.
Click Edit Connection. The Connection Information screen is displayed in edit mode.
Edit the following fields/options as required.
Host
Port
Database User Name
Database User Password
MetaDatabase User Password
Enable Credential Caching
Protocol
Database Name
Description
Click Save to save the new configuration. The Status column on the Database screen reflects status of the connection.
Click the refresh icon () on the screen if the status is not updated.
Viewing Database Connections
To view the existing database connections:
Log on to the CipherTrust Manager GUI.
Click CDP to open the application. The Databases screen displays the list of existing database connections, if any.
Deleting Database Connections
To delete an existing database connection:
Log on to the CipherTrust Manager GUI.
Click CDP to open the application. The Databases screen displays the list of existing database connections, if any.
Click the overflow icon () corresponding to the desired database connection.
Click Delete.
The database connection is deleted. The Databases screen displays the available list of database connections.
Managing User Mappings
A user mapping associates a database user with a CipherTrust Manager user. You need a user mapping to encrypt and decrypt a data. The database user must be able to access the data you are manipulating. The CipherTrust Manager user must be able to access the key you want to use.
When a database user sends a request to the CipherTrust Manager, CDP searches its list of user mappings (contained in the ING_AUTHORIZED_USER
table in the metadata database). If the database user appears on the list or is a member of a mapped database role, CDP includes the associated CipherTrust Manager user and password in the request. If those credentials are valid and the CipherTrust Manager user has access to the required key, then the crypto operation is performed. If the credentials are invalid or the CipherTrust Manager user does not have access to the key, the operation fails.
Note
If a user mapping is changed, restart the daemon service.
Note
Ensure that the daemon services is restarted before adding any use mapping.
This section covers the following topics:
Viewing/Adding User Mappings
Viewing User Mappings
To view the list of existing user mappings for a Teradata database connection:
Log on to the CipherTrust Manager GUI.
Click CDP to open the application. The Databases screen displays the list of existing database connections, if any.
Click the overflow icon () corresponding to the desired database connection.
Click Manage User Mapping. The List of users screen is displayed. It displays the existing user mappings for a Teradata database connection.
Note
Two database connections with different aliases but pointing to the same database IP will display the same list of user mappings.
Adding User Mapping
To add a new user mapping for a Teradata database connection:
On the List of users screen, click Map User. The Map User screen is displayed.
Enter the mapping details:
Item Description Database User The database user or role that can be used to connect to the CipherTrust Manager.
To create a default mapping, enterING_DEFAULT_USER
in this field.
NOTE: The default mapping value applies to all the database users not otherwise listed on the List of users screen. Refer to Managing User Mappings for additional information on default user mapping.Local User Enter the local user to which the database user is to be mapped.
(The local user is a CipherTrust Manager user.)Local Password Enter the password for the local user. Click Save. The new user mapping appears on the List of users screen.
Adding User Mapping in Domain
To add a user mapping in a domain:
On the List of users screen, click Map User. The Map User screen is displayed.
Enter the mapping details. The local user name should include domain name (for example,
my-domain||admin
) as shown below:Click Save. The new user mapping with domain name appears on the List of users screen.
Note
When the CDP client is configured in local mode and the column is encrypted using a versioned key, then ensure that the local user is part of the Key Users group and the key is shared with the Key Users group.
Deleting/Editing User Mapping
To delete or edit an existing user mapping:
Log on to the CipherTrust Manager GUI.
Click CDP to open the application. The Databases screen displays the list of existing database connections, if any.
Click the overflow icon () corresponding to the desired database connection.
Click Manage User Mapping. The List of users screen is displayed. It displays the list of existing user mappings for a SQL Server database connection.
Click the overflow icon () corresponding to the desired user mapping connection.
(Optional) Click Delete. Skip this step if you do not want to delete an existing user mapping.
Confirm the delete operation when prompted. The user mapping is deleted from the List of users screen.
Click the overflow icon () corresponding to the desired user mapping connection.
Click Edit. The Edit User Mapping screen is displayed.
Change the Local User and enter its password.
Click Save.
The user mapping is updated on the List of users screen.