Baffle Prerequisites and Requirements

Baffle Data Protection Services provide a range of data encryption, tokenization and de-identification methods to protect data in data stores and cloud storage environments. Common methods that Baffle employs include column or field level encryption, tokenization, format preserving encryption (FPE), dynamic data masking, and record level encryption. 

Key_Virtualization_Layer.png

Baffle Configuration Pre-Requisites

Before you begin configuring Baffle Manager and Baffle Shield, verify that you have met the following requirements:

  • Admin privileges for your platform
  • The user account used to log in to the Baffle Shield host machine must have a home directory on that system
  • SSH client
  • Private key pair
  • Database privileges for encryption and migration

System Requirements

Whether you use Baffle Professional Services to perform your deployment testing, or your organization does so independently as part of planning, ensure that your test environment meets the following minimum system requirements.

Baffle Component

Operating System

vCPU

Memory

Initial Space

Java

Baffle Manager

CentOS 7

2

8 GB

64 GB

OpenJDK Java 1.8

Baffle Shield

RHEL 7 or CentOS 7 equivalent

4

8 GB

64 GB1

OpenJDK Java 1.8

Database Platform

AWS RDS, Azure SQL and other supported database platforms1

16

256 GB

512 GB

OpenJDK Java 1.8

Prerequisite Information for Data Encryption

Data Schema

  • Number of columns to be encrypted
  • Data types and column field names
  • Number of rows in table(s)
  • Database size; Indexing, if any

Application

  • Identify the application and associated data for testing (for example, Microsoft SQL Server 2014 or later)
  • Set aside a copy of the application and data to expedite troubleshooting and diagnostics.
  • Provide test data that is encoded using UTF-8 character set.

Key Storage

  • Provide a supported key storage solution (see Key Management Support in the Baffle support center)
  • Provide associated encryption keys
  • Host in AWS and make available to Baffle infrastructure

 

Baffle Port Requirements

Baffle Manager enables encryption policies and configurations by communicating with the Baffle Shield and your databases. Baffle Manager constructs a privacy schema that maps key IDs to data columns, thus enabling encryption in a simplified manner.

The following illustration is a visual diagram of the communication dynamics within the Baffle architecture and the associated ports.

Baffle_Architecture_Rework_v2.3.png

The following table lists the ports that must allow connections in order for Baffle Manager to communicate. 

 

Host

Port Required

Direction

Purpose

Baffle Manager

22

Inbound

Console access for admin 

Baffle Manager

443

Inbound

Web interface access for admin

Baffle Manager

8553

Inbound

Baffle Shield client access

Baffle Manager

22

Outbound

Baffle Shield configuration

Baffle Manager

1433

Outbound

Database schema mapping

Baffle Manager

5696

Outbound

(Optional) KeySecure access

Baffle Shield

22

Inbound

Console and Baffle Manager access

Baffle Shield

8444

Inbound

Application communication

Baffle Shield

1433

Outbound

Database access1 

Baffle Shield

3306

Outbound

Database access2

Baffle Shield

5432

Outbound

Database access3

Baffle Shield

5696

Outbound

KeySecure access

Baffle Shield

8553

Outbound

Baffle Manager communications

Baffle Shield

443

Outbound

Baffle Manager communications

Database Server1

1433

Inbound

Baffle Manager and Baffle Shield access

Database Server2

3306

Inbound

Baffle Manager and Baffle Shield access

Database Server3

5432

Inbound

Baffle Manager and Baffle Shield access

Database Server4

5439

Inbound

Baffle Manager and Baffle Shield access

KeySecure

5696

Inbound

(Optional) Baffle Manager and Baffle Shield key config and retrieval

 

  • 1 For Microsoft SQL Server default port communications
  • 2 For MySQL, MariaDB or Aurora server default port communications
  • 3 For PostgreSQL server default port communications
  • 4 For Redshift default port communications

 

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.