Table of Contents

Search

  1. Preface
  2. Introduction to Dynamic Data Masking
  3. Rules
  4. Connection Rules
  5. Security Rules
  6. Security Rule Set Simulator
  7. Masking Functions
  8. Stored Procedure Result Set Masking
  9. Integration with Informatica Products
  10. Appendix A: XML Functions Reference
  11. Appendix B: Glossary

User Guide

User Guide

Dynamic Data Masking Components

Dynamic Data Masking Components

Dynamic Data Masking includes server components to intercept and process database requests and a client component to manage the server.
Dynamic Data Masking has the following components:
Dynamic Data Masking Server
The Dynamic Data Masking Server provides services and resources to intercept database requests and perform data masking tasks.
The Dynamic Data Masking Server includes the following components:
  • Dynamic Data Masking services
  • Rule Engine
Dynamic Data Masking Service
The Dynamic Data Masking service listens on the listener port to monitor and route incoming database requests.
You can run the following Dynamic Data Masking services:
Service
Description
DDM for Azure
Listens for and routes database requests for a Microsoft Azure SQL database. The service supports the SSL mode of communication.
DDM for DB2
Listens for and routes database requests for an IBM Db2 database. The service supports SSL and non-SSL modes of communication.
DDM for FAS
Listens for and routes database requests for Data Vault. The service supports SSL and non-SSL modes of communication.
DDM for Hive
Listens for and routes database requests for a Hive database. The service supports SSL and non-SSL modes of communication as well as Kerberos Authentication and Kerberos encrypted data.
DDM for Hive HTTP
Listens for and routes database requests for Hive databases using HTTP transport. The service supports SSL and non-SSL modes of communication, and Kerberos Authentication.
DDM for Impala
Listens for and routes database requests for an Impala database. The service supports SSL and non-SSL modes of communication as well as Kerberos Authentication.
DDM for Informix
Listens for and routes database requests in Informix native protocol to Informix databases.
DDM for Informix (DRDA)
Listens for and routes database requests in Distributed Relational Database Architecture protocol to Informix databases.
DDM for JDBC
Listens for database requests for a database that uses JDBC connectivity.
DDM for ODBC
Listens for database requests for a database that uses ODBC connectivity.
DDM for Oracle
Listens for and routes database requests for an Oracle database. The service supports SSL and non-SSL modes of communication.
DDM for PostgreSQL
Listens for and routes database requests for a PostgreSQL database.
DDM for SQL Server
Listens for and routes database requests for a Microsoft SQL Server database. The service supports SSL and non-SSL modes of communication.
DDM for Sybase
Listens for and routes database requests for a Sybase database.
DDM for Teradata
Listens for and routes database requests for a Teradata database.
Rule Engine
The Rule Engine evaluates incoming database requests and applies connection and security rules to determine how to route requests and mask data. The Rule Engine can modify the database request based on the rules defined in the Dynamic Data Masking Server.
The Rule Engine applies the following types of rules:
  • Connection rule. Defines the conditions and actions that the Rule Engine applies to determine how to route a database connection request received from an application.
  • Security rule. Contains the conditions and actions that define what to do with the database SQL request and how to apply SQL rewrites that manipulate the returned SQL result set.
Server Control
Server Control is a command line program that you use to configure and manage the Dynamic Data Masking Server. Use Server Control to start or stop the Dynamic Data Masking Server and services or to change the port number or password for the Dynamic Data Masking Server.
Management Console
The Management Console is a client application that you use to manage the Dynamic Data Masking Server. You can use the Management Console to create and manage rules and to configure and manage connections to databases.