Release Notes
Product Description
CipherTrust Batch Data Transformation (BDT) is a scalable, containerized solution designed for seamless data transformation across supported files and databases. With BDT, organizations can centrally configure and manage their data-centric cryptographic policies and job configurations in a reusable, human-readable format through the CipherTrust Manager. Jobs are initiated from the CipherTrust Manager, where users can also monitor the intermediate status of the job.
Release Description
This release includes new features.
Features and Enhancements
New Features
Central Management Support
The following high-level functionalities are included:
Centralized policy and configuration management: BDT uses Application Data Protection tile on the CipherTrust Manager to centrally manage configurations and policies required to run transformations, including protect, reveal, and reprotect.
Unified Dashboard for BDT clients: Option to get consolidated view of all BDT applications and the registered clients. You can also view configurations, near-time health and version of each client. Clients are also auto revoked based on heartbeat.
Job Management: Provides functionality to configure, manually run, and monitor status of the jobs from CipherTrust Manager.
Protection policies: BDT now supports protection policies, which are sets of rules that govern cryptographic operations. Key capabilities include:
Policy versioning (internal, external, or disabled)
Luhn check for data validation
Configurable data prefix
Data-centric access policies
Static masking formats for data protection
Random nonce for AES algorithms
Handle small input values in format preserving algorithms
Support to handle small character input and random nonce will be available in CipherTrust Manager 2.22 and higher versions.
Note
BDT can now decrypt or detokenize data that was encrypted or tokenized by any other connector using the same protection policy.
For detailed information on supported algorithms, keys, versioning, and more see Managing Protection Policy.
Auto-renewal of client certificate: Provides configuration to automatically renew client certificate when CipherTrust Manager acts as the local Certificate Authority (CA). See Renewing client certificate.
Containerized Deployment: BDT can now be deployed in a container-only environment, enhancing flexibility and scalability in modern infrastructure. See Quick Start and Alternative Deployment Methods.
PostgreSQL Support: BDT now supports PostgreSQL.
License Management: BDT now supports license monitoring; view consumed and available licenses on the CipherTrust Manager UI under Admin Settings > Licensing. See BDT Licensing Model.
Feature gaps from older versions
Some functionalities available in previous versions are not supported in BDT 3.0.0. For details, see Feature gaps from BDT 2.5.2 to BDT 3.0.0.
Note
With this release, BDT has been redefined and is not backward-compatible with previous versions. If you have data that was encrypted or tokenized with a previous version, you must first decrypt it using any compatible version before protecting the data with BDT 3.0.0.
Resolved and Known Issues
The following table defines the severity of the issues listed in this section.
| Priority | Classification | Definition |
|---|---|---|
| C | Critical | No reasonable workaround exists. |
| H | High | Reasonable workaround exists. |
| M | Medium | Medium level priority problems. |
| L | Low | Lowest level priority problems. |
Resolved Issues
There are no resolved issues to be listed in this section.
Known Issues
The following issues are known to exist in the product at the time of release.
| Issue | Severity | Description |
|---|---|---|
| CADP-24350 | M | [db-to-db:] Transformation fails when multiple tables are configured in a single thread and the thread count is 1. |
| CADP-27208 | M | The following log messages appear in the BDT console logs:Trying to fetch null user set for userName from Key ManagerError in get policy updateThese messages are not alarming; you can safely ignore them. |
| CADP-24175 | H | A deadlock error occurs during an in-place transformation in the Microsoft SQL Server database when the table has a primary key with a varchar datatype. Workaround: Using a primary key of a varchar datatype can slow down comparisons compared to integer datatypes, potentially leading to a deadlock. Therefore, it is recommended to modify the table to have a primary key of integer datatype. After the transformation is over, these changes can be reverted. 1. Identify the primary key constraint name. SELECT nameFROM sys.key_constraintsWHERE type = 'PK'AND parent_object_id = OBJECT_ID('table_name');2. Drop composite primary key constraint from the table. ALTER TABLE table_name DROP CONSTRAINT <constraint_name>;The Alter table <table_name> add <new_primary_column> int primary key identity(1,1)4. Run the transformation. It will run successfully. 5. Delete the new primary key created in step 3. — Identify its constraint name using the query mentioned in step 1. — Drop the constraint using query mentioned in step 2. 6. Alter the table to add the composite primary key constraint back. ALTER TABLE <table_name> ADD CONSTRAINT <constraint_name> PRIMARY KEY (<column_name1>, <column_name2>); |
For known issues on CipherTrust Manager, see Release Notes.
Compatibility Information
Key Manager
BDT 3.0.0 is compatible with CipherTrust Manager 2.20.0 and higher versions.
Caution
BDT configurations in the Application Data Protection tile on CipherTrust Manager 2.19.0 are available as a technical preview. For production environment, it is recommended to use CipherTrust Manager 2.20.0 or higher versions.
Databases
BDT is supported with the following databases. The table below lists the versions validated with BDT.
| Database | Tested Version |
|---|---|
| MySQL | 8.0.41 |
| Oracle | 19c, Version 19.16.0 |
| IBM DB2 | 11.5.9.0 |
| SAP HANA | 2.0 |
| Microsoft SQL Server | 2019 |
| PostgreSQL | 12.22 |
