Baffle Data Protection Services provide a range of data encryption, tokenization and de-identification methods to protect data in data stores and cloud storage environments. Common methods that Baffle employs include column or field level encryption, tokenization, format preserving encryption (FPE), dynamic data masking, and record level encryption.
Baffle Configuration Prerequisites
Before you begin configuring Baffle Manager and Baffle Shield, verify that you have met the following requirements:
- Admin privileges for your platform
- The user account used to log in to the Baffle Shield host machine must have a home directory on that system
- SSH client
- Private key pair
- Database privileges for encryption and migration
System Requirements
Whether you use Baffle Professional Services to perform your deployment testing, or your organization does so independently as part of planning, ensure that your test environment meets the following minimum system requirements. NOTE: For a complete list of what is supported by Baffle, see the Supported platforms, databases, data stores, keystores, and Web browsers page.
|
Baffle Component |
Operating System |
vCPU |
Memory |
Initial Space |
Java |
|
Baffle Manager |
CentOS 7 |
2 |
8 GB |
64 GB |
OpenJDK Java 1.8 |
|
Baffle Shield |
RHEL 7 or CentOS 7 equivalent |
4 |
8 GB |
64 GB1 |
OpenJDK Java 1.8 |
|
Database Platform |
AWS RDS, Azure SQL and other supported database platforms1 |
16 |
256 GB |
512 GB |
OpenJDK Java 1.8 |
|
Prerequisite Information for Data Encryption |
|||||
|
Data Schema |
|
||||
|
Application |
|
||||
|
Key Storage |
|
||||
Baffle Port Requirements
Baffle Manager enables encryption policies and configurations by communicating with the Baffle Shield and your databases. Baffle Manager constructs a privacy schema that maps key IDs to data columns, thus enabling encryption in a simplified manner.
The following illustration is a visual diagram of the communication dynamics within the Baffle architecture and the associated ports.
The following table lists the ports that must allow connections in order for Baffle Manager to communicate.
|
Host |
Port Required |
Direction |
Purpose |
|
Baffle Manager |
22 |
Inbound |
Console access for admin |
|
Baffle Manager |
443 |
Inbound |
Web interface access for admin |
|
Baffle Manager |
8553 |
Inbound |
Baffle Shield client access |
|
Baffle Manager |
22 |
Outbound |
Baffle Shield configuration |
|
Baffle Manager |
1433 |
Outbound |
Database schema mapping |
|
Baffle Manager |
5696 |
Outbound |
(Optional) KeySecure access |
|
Baffle Shield |
22 |
Inbound |
Console and Baffle Manager access |
|
Baffle Shield |
8444 |
Inbound |
Application communication |
|
Baffle Shield |
1433 |
Outbound |
Database access1 |
|
Baffle Shield |
3306 |
Outbound |
Database access2 |
|
Baffle Shield |
5432 |
Outbound |
Database access3 |
|
Baffle Shield |
5696 |
Outbound |
KeySecure access |
|
Baffle Shield |
8553 |
Outbound |
Baffle Manager communications |
|
Baffle Shield |
443 |
Outbound |
Baffle Manager communications |
|
Database Server1 |
1433 |
Inbound |
Baffle Manager and Baffle Shield access |
|
Database Server2 |
3306 |
Inbound |
Baffle Manager and Baffle Shield access |
|
Database Server3 |
5432 |
Inbound |
Baffle Manager and Baffle Shield access |
|
Database Server4 |
5439 |
Inbound |
Baffle Manager and Baffle Shield access |
|
KeySecure |
5696 |
Inbound |
(Optional) Baffle Manager and Baffle Shield key config and retrieval |
- 1 For Microsoft SQL Server default port communications
- 2 For MySQL, MariaDB or Aurora server default port communications
- 3 For PostgreSQL server default port communications
- 4 For Redshift default port communications
Comments
Please sign in to leave a comment.