This page walks through installing and then configuring Baffle Shield in an IBM Cloud Kubernetes environment. Baffle Shield enforces Data Protection Policies, encrypting the data in the databases that have been configured in Baffle Manager, as described in Connect to a Data Store.
IMPORTANT! NOTE: The user account used to log in to the Baffle Shield host machine must have a home directory on that system.
Configuring Baffle Shield for IBM Cloud
To configure Baffle Shield for IBM Cloud Kubernetes cluster, you must have already successfully configured Baffle Manager for IBM Cloud.
NOTE: A Baffle Shield can only be enrolled with one application.
To configure Baffle Shield, do the following:
- Go to the IBM Console, navigate to Catalog management > Catalogs > baffle and select baffle-shield from the catalog list.
- In the Version List table, select the baffle-shield version.
- Select Validate product, scroll down to the Deployment values, and specify the following Parameters:
BM_LB_URL – Load balancer URL from the Terraform Template output, from Step 1.
cluster_name – Name of your Kubernetes cluster
iaas_classic_api_key – IBM Key generated in Prerequisites.
iaas_classic_username – Username for the IBM Key generated in Prerequisites.
ibmcloud_api_key – IBM Key generated in Prerequisites.
image_location – Container registry where Baffle Shield is uploaded
shield_sync_id – Sync ID string copied from the enrolled application
NOTE: To copy the shield_sync_id, go to the Application page in the Baffle Manager console and select the application. Then, copy the Sync ID in the panel on the right and paste it into the shield_sync_id parameter field.
- Open port 844 and connect your application to Baffle Shield. For more information, see Create and select Baffle Shields for Migration from Baffle Manager.
- Click Revalidate to apply the parameter values. The Terraform Templates launch and apply the specified values to create the workspace.
- Continue on to Define a Data Protection Policy and Encrypt Data.
Please sign in to leave a comment.