Вы находитесь на странице: 1из 15

INSTALLATION GUIDE

July 2017 Imperva Camouflage


v 4.5.4 Install Guide
INSTALLATION GUIDE

COPYRIGHT NOTICE

2002 - 2017 Imperva, Inc. All Rights Reserved.


This document is for informational purposes only. Imperva, Inc. makes no warranties,
expressed or implied.
No part of this document may be used, disclosed, reproduced, transmitted, transcribed,
stored in a retrieval system, or translated into any language in any form or by any means
without the written permission of Imperva, Inc. To obtain this permission, write to the
attention of the Imperva Legal Department at: 3400 Bridge Parkway, Suite 200, Redwood
Shores, CA 94065.
Information in this document is subject to change without notice and does not represent a
commitment on the part of Imperva, Inc. The software described in this document is
furnished under a license agreement. The software may be used only in accordance with the
terms of this agreement.
This document contains proprietary and confidential information of Imperva, Inc. This
document is solely for the use of authorized Imperva customers. The information furnished
in this document is believed to be accurate and reliable. However, no responsibility is
assumed by Imperva, Inc. for the use of this material.
TRADEMARK ATTRIBUTIONS
Imperva and SecureSphere are trademarks of Imperva, Inc.
All other brand and product names are trademarks or registered trademarks of their
respective owners.
PATENT INFORMATION
The software described by this document is covered by one or more of the following
patents:
US Patent Nos. 7,640,235, 7,743,420, 7,752,662, 8,024,804, 8,051,484, 8,056,141, 8,135,948,
8,181,246, 8,392,963, 8,448,233, 8,453,255, 8,713,682, 8,752,208, 8,869,279 and 8,904,558,
8,973,142, 8,984,630, 8,997,232, 9,009,832, 9,027,136, 9,027,137, 9,128,941, 9,148,440,
9,148,446 and 9,401,927.
Imperva Inc.
3400 Bridge Parkway
Redwood Shores, CA 94065
United States
Tel: +1 (650) 345-9000
Fax: +1 (650) 345-9004
Website: http://www.imperva.com
General Information: info@imperva.com
Sales: sales@imperva.com
Technical Support: support@imperva.com

Imperva-Camouflage-Install-Guide-v4.5.4

Camouflage Installation Guide 2


INSTALLATION GUIDE

Table of Contents

Copyright Notice ............................................................................................. 2


1 Imperva Camouflage ............................................................................... 4
2 CX-Discover ........................................................................................... 4
2.1 Prerequisites ..................................................................................... 4
2.1.1 Tomcat Headless Linux Environment Configuration........................ 5
2.2 Web Application Deployment ......................................................... 5
2.3 Web Application Setup .................................................................... 6
2.3.1 Root Account Configuration .......................................................... 7
2.3.2 Repository Database Configuration ............................................... 7
2.3.3 License File ................................................................................... 9
2.3.4 Confirmation ................................................................................ 9
2.4 Installing Distributed Services ...................................................... 10
2.4.1 Configuration.............................................................................. 12
3 CX-Mask ............................................................................................... 13
3.1 Requirements .................................................................................. 13
3.2 Installation on Windows ................................................................ 13
3.3 Installation on Mainframe ............................................................. 15
3.4 Installation on Unix/Linux ............................................................. 15

Camouflage Installation Guide 3


INSTALLATION GUIDE

1 IMPERVA CAMOUFLAGE
The Imperva Camouflage data masking solution includes two primary engines that are used to classify,
and mask sensitive information.

The core components are:


CX-Discover Used for classification of sensitive information
o Web Application CX-Discover interface, and classification job management
o Distributed Services Runs all classification jobs
o Repository Stores classification configurations, and the results of sensitive data
analysis
CX-Mask Used to mask sensitive data

These components can be installed separately on different servers, or installed together on a single
server.

CX-Discover Application Server CX-Discover Distributed Services

Databases with
Sensitive Information
CX-Discover Repository Database CX-Mask

CX-Discover

2 CX-DISCOVER
2.1 Prerequisites
The CX-Discover web application requires a web server running Apache Tomcat with the
following configuration:

SERVER (PHYSICAL OR VIRTUAL)


2-4 cores (64 bit)
Minimum 8GB RAM
200GB free disk space

Operating System
64 bit Windows or Linux

Camouflage Installation Guide 4


INSTALLATION GUIDE

JAVA
JRE 8

APPLICATION SERVER
Apache Tomcat 7
Minimum memory of 2GB
It is strongly recommended that TLS be enabled.

Note: Installations on Linux based systems require the user to have read/write/execute
access to the tomcat/webapps and tomcat/bin directories.

DATABASE
Prepare one of the following supported databases to house the repository data
o PostgreSQL 9
o SQL Server 2008 or newer
o Oracle 11g or newer
A user profile and schema must be configured before installing the web application.
This user must have ownership/administrator level permission to the database
schema.

2.1.1 Tomcat Headless Linux Environment Configuration


In order to run Tomcat in a headless manner you have to configure the setenv.sh file in the
Tomcat bin/ directory as follows:

In this file, you need to either, add this line

CATALINA_OPTS="-Djava.awt.headless=true

or, if the parameter CATALINA_OPTS already exists then add

-Djava.awt.headless=true

to the already-present CATALINA_OPTS option line (inside the existing quotes, and arguments
need to be separated by spaces). Restart Tomcat after making changes to the setenv.sh file.

2.2 Web Application Deployment


1. Included in the installation package is a file called
camouflage-enterprise.war

Copy this file into the webapps directory of Tomcat.

By default, the webapps directory is located here:


C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\

2. Restart the Apache Tomcat service.

Open the Windows Services applet:


Start > Run > services.msc

Find the service Apache Tomcat 7 in the list and restart the service.

Camouflage Installation Guide 5


INSTALLATION GUIDE

You can confirm that the WAR file has deployed properly by looking in the webapps
directory. There should be a new directory called camouflage-enterprise.

3. If you are using Oracle as your repository database then you must place a copy of the
appropriate Oracle JDBC driver jar file in the following location:
webapps\camouflage-enterprise\WEB-INF\lib

Then restart the Apache Tomcat service prior to proceeding with the Web Application setup.

2.3 Web Application Setup


Navigate to the application URL in your browser:
http://localhost:8080/camouflage-enterprise/

Login using the default credentials.

USERNAME: admin
PASSWORD: {blank}

Camouflage Installation Guide 6


INSTALLATION GUIDE

2.3.1 Root Account Configuration


The first time you login as the admin user you are presented with a setup wizard. The first step
is to set a password for the admin user.

2.3.2 Repository Database Configuration


The second step in the setup process is to configure the database connection that the
application will use to store its configuration and data. To complete this step you will need the
following information:
Database type
Database hostname or IP
Database port
Database name
Schema
Username
Password

Note: The account and schema used to house repository data must be created prior to
completing this configuration step. The account used should be the owner of the specified
schema.

Camouflage Installation Guide 7


INSTALLATION GUIDE

1. Select the database type from the drop down menu.


2. Enter the hostname, port and database name into the URI field.
3. Enter the schema name into the Schema field.
4. Enter the database user into the Username field.
5. Enter the database user password into the Password field.
6. Click on Test Connection.
7. If the connection test passes, click next to continue.
If the connection test fails, verify and correct the information entered and test the
connection again.

Note: The Tablespace and Pool Size values are optional.

Note: If you are using an Oracle database, you must place a copy of the appropriate Oracle
JDBC driver jar file in the webapps\camouflage-enterprise\WEB-INF\lib\ directory and restart
Tomcat prior to running the setup configuration.

Camouflage Installation Guide 8


INSTALLATION GUIDE

2.3.3 License File


The third step is to upload your license file to the web application.

1. Click on Choose.
2. Browse to your license file and select it.
3. Click on Upload
4. If the license check succeeds, click Next to continue.
If the license check fails, verify your license file and upload it again.

Note: The setup process will allow this step to be skipped. However, a license is required to
carry out any database connectivity tests or Camouflage Discovery Jobs. Any license file
uploads that are carried out after the initial setup process will require that Tomcat be restarted
before it is fully applied.

2.3.4 Confirmation
The final step of the setup presents confirmation of the entered settings, allowing you to
review and make changes if required. Clicking the Confirm and Complete Setup button will
save this configuration and finalize the web application setup.

Upon successfully completing the setup, you will be redirected to the CX-Discover web
application home page.

Camouflage Installation Guide 9


INSTALLATION GUIDE

2.4 Installing Distributed Services


Included in the installation package are two files
Camouflage-Agent-[version]-windows-64bit.exe
Camouflage-Agent-[version].sh

1. Execute the installer appropriate for your environment.


2. Enter the path to your license file.

3. Enter the web application URL.


The default URL is http://localhost:8080/camouflage-enterprise

Camouflage Installation Guide 10


INSTALLATION GUIDE

4. Enter the installation destination directory

Once the software has completed installation, check your services for a running camouflage-
distributed-services service.

Note: If using Linux, the Distributed Services service will need to be started manually. From the
Distributed Services installation directory execute the following command:

camouflage-agent start

Stop the Distributed Services service by running the command:


Camouflage Installation Guide 11
INSTALLATION GUIDE

camouflage-agent stop
In order to automate the start and stop process, these two commands must be added to your
start up and shutdown sequences. This process varies depending on which version of Linux you
are using.

Note: For each database type you intend to connect to, you will need their respective JDBC
drivers. These JDBC drivers are available from the database vendors website. If you require
assistance in choosing the appropriate driver for your database type please contact
support@datamasking.com. Place a copy of the JDBC drivers in the following location:

Windows default
C:\Program Files\Camouflage-Agent\lib\jdbc

Linux default
/opt/Camouflage-Agent/lib/jdbc

2.4.1 Configuration
The Distributed Services process has several configuration parameters that you can set that
will affect its performance. These parameters are stored in a text file called camouflage-
eservices.properties. This file is located in the config directory.

Windows default
C:\Program Files\Camouflage-Agent\config\camouflage-eservices.properties

Linux default
/opt/Camouflage-Agent/config/camouflage-eservices.properties

In order for changes to the camouflage-eservices.properties file to take effect, the


Distributed Services must be restarted.

The available parameters and their defaults are:

This parameter controls how many concurrent DB connectivity tasks can run
o camouflage.service.allowableConcurrentConnectivityTasks=2
This parameter controls how many concurrent DB schema lookup tasks can run
o camouflage.service.allowableConcurrentSchemaLookupTasks=2
This parameter controls how many concurrent DB discovery tasks can run
o camouflage.service.allowableConcurrentDiscoverTasks=2
This parameter controls how many DB schemas can be processed concurrently per
profile task
o camouflage.service.profile.allowableConcurrentSchemaProcessTasks=1
This parameter controls how many DB tables can be processed concurrently per schema
profile task
o camouflage.service.profile.allowableConcurrentSchemaTableProcessTasks=1
This parameter controls how many concurrent result writers can run
o camouflage.service.discover.allowableConcurrentResultWritebacks=3

Camouflage Installation Guide 12


INSTALLATION GUIDE

3 CX-MASK
3.1 Requirements
Windows, Solaris or Linux Mainframe: IBM System z
UNIX System Services must be installed and properly
configured (for running directly on the mainframe).

Java Runtime Environment (JRE) 1.8 Java Runtime Environment (JRE) 1.8
Ensure that your JAVA_HOME environment variable is
pointing to the 1.8 install of Java.
Graphical windowing environment running to use the A network workstation or server that is running X Window
Camouflage graphical user interface (GUI) for project System.
configuration (UNIX/Linux).
Minimum of 150MB disk space available for Camouflage Hierarchical Data Storage allocated to USS, with a
binaries and documentation. minimum of 150MB available for Camouflage binaries and
documentation.
FULL read/write/execute access is required for the
Camouflage installation directory and its subdirectories.
Run As Administrator, sudo, or setuid/setgid are all
acceptable methods of granting appropriate permissions
at runtime.
Display resolution of at least 800 x 600, with a recommended resolution of 1024 x 768 or greater.
Minimum of 512MB / 2GB recommended of RAM available to run the GUI and data masking against small to medium
sized databases. The RAM required varies depending on the size of the database being masked and the complexity of the
data masking requirements.

3.2 Installation on Windows


Install File Description

camouflage-[version]-windows32.exe Windows 32bit installer


camouflage-[version]-windows64.exe Windows 64bit installer

1. Execute the installer appropriate for your environment. The Camouflage installation wizard
will guide you through the installation process.
2. Enter the path to your license file.

Camouflage Installation Guide 13


INSTALLATION GUIDE

3. Enter the destination path for your installation.

For each database type you intend to connect to, you will need their respective JDBC
drivers. These JDBC drivers are available from the database vendors website. If you
require assistance in choosing the appropriate driver for your database type please
contact support@datamasking.com. Place a copy of the JDBC drivers in the following
directory:
\CAMOUFLAGE_HOME\jdbcdrivers\

Camouflage Installation Guide 14


INSTALLATION GUIDE

Note: If you receive a license error when executing Camouflage you may be required to run
Camouflage using Run As Administrator.

3.3 Installation on Mainframe


1. Upload using an s/FTP client to USS the camouflage-<version>-uss.sh in binary mode.
2. For the graphical install, use ssh with X11 tunneling (if X11tunneling is
enabled/configured).
3. Execute camouflage-<version>-uss.sh. The Camouflage installation wizard will guide you
through the installation process.
4. Enter the path to your license file.
5. Enter the destination path for your installation.
6. For each database type you intend to connect to, you will need their respective JDBC
drivers. These JDBC drivers are available from the database vendors website. If you
require assistance in choosing the appropriate driver for your database type please
contact support@datamasking.com. Place a copy of the JDBC drivers in the following
directory:
\CAMOUFLAGE_HOME\jdbcdrivers\

3.4 Installation on Unix/Linux


Install File Description

camouflage-[version]-ctl.sh Generic Unix/Linux installer for use with previously installed Sun
JRE.
camouflage-[version]-non-sun-jre-ctl.sh Generic Unix/Linux installer for use with previously installed JRE
(other than Sun JRE).
camouflage-[version]-solaris-ctl.sh Solaris installer for use with previously installed Sun JRE.

1. Execute the appropriate installer for your environment. The Camouflage installation
wizard will guide you through the installation process.
2. Enter the path to your license file.
3. Enter the destination path for your installation.
4. For each database type you intend to connect to, you will need their respective JDBC
drivers. These JDBC drivers are available from the database vendors website. If you
require assistance in choosing the appropriate driver for your database type please
contact support@datamasking.com. Place a copy of the JDBC drivers in the following
directory:
/CAMOUFLAGE_HOME/jdbcdrivers/

Camouflage Installation Guide 15