Dynamic Data Masking includes server components to intercept and process database requests and a client component to manage the server.
Dynamic Data Masking has the following components:
Dynamic Data Masking Server
The Dynamic Data Masking Server provides services and resources to intercept database requests and perform data masking tasks.
The Dynamic Data Masking Server includes the following components:
Dynamic Data Masking services
Rule Engine
Dynamic Data Masking Service
The Dynamic Data Masking service listens on the listener port to monitor and route incoming database requests.
You can run the following Dynamic Data Masking services:
DDM for Azure. Listens for and routes database requests for a Microsoft Azure SQL database.
DDM for DB2. Listens for and routes database requests for an IBM Db2 database.
DDM for FAS. Listens for and routes database requests for Data Vault.
DDM for Hive. Listens for and routes database requests for a Hive database.
DDM for Hive HTTP. Listens for and routes database requests for Hive databases using HTTP transport. The service supports SSL and non-SSL modes of communication.
DDM for Impala. Listens for and routes database requests for an Impala database.
DDM for Informix. Listens for and routes database requests in Informix native protocol to Informix databases.
DDM for Informix (DRDA). Listens for and routes database requests in Distributed Relational Database Architecture protocol to Informix databases.
DDM for JDBC. Listens for database requests for a database that uses JDBC connectivity.
DDM for ODBC. Listens for database requests for a database that uses ODBC connectivity.
DDM for Oracle. Listens for and routes database requests for an Oracle database.
DDM for PostgreSQL. Listens for and routes database requests for a PostgreSQL database.
DDM for SQL Server. Listens for and routes database requests for a Microsoft SQL Server database.
DDM for Sybase. Listens for and routes database requests for a Sybase database.
DDM for Teradata. Listens for and routes database requests for a Teradata database.
Rule Engine
The Rule Engine evaluates incoming database requests and applies connection and security rules to determine how to route requests and mask data. The Rule Engine can modify the database request based on the rules defined in the Dynamic Data Masking Server.
The Rule Engine applies the following types of rules:
Connection rule. Defines the conditions and actions that the Rule Engine applies to determine how to route a database connection request received from an application.
Security rule. Contains the conditions and actions that define what to do with the database SQL request and how to apply SQL rewrites that manipulate the returned SQL result set.
Server Control
Server Control is a command line program that you use to configure and manage the Dynamic Data Masking Server. Use Server Control to start or stop the Dynamic Data Masking Server and services or to change the port number or password for the Dynamic Data Masking Server.
Management Console
The Management Console is a client application that you use to manage the Dynamic Data Masking Server. You can use the Management Console to create and manage rules and to configure and manage connections to databases.