DataSunrise Security is sponsoring AWS re:Inforce, please visit our booth in Houston, TX

Stop Wasting Time on Routine, Let the DataSunrise Resource Manager Do This Work

Stop Wasting Time on Routine, Let the DataSunrise Resource Manager Do This Work

Have you ever wondered how time-consuming working with a GUI can be? Just imagine how much effort and time a simple reproduction of one infrastructure on several computers can take – you press the same buttons several times, look at the same screens, set the same parameters… All of these processes are repeated over and over again, and sometimes this can lead to human error. Agree, sometimes you want to just copy and paste the settings to get rid of this whole routine.

Fortunately, such technology exists. This is called Infrastructure as Code (or sometimes a programmable framework). More than just copying and pasting customizations, this approach automates infrastructure management using software development techniques, effectively bridging the gap between coding applications and creating environments for those applications.

The work on this technique relies on the use of configuration files that contain code that describes the infrastructure. All the functionality for creating application resources is available to you in the same way, but now there is no need to switch between different settings screens, just describe them via code. This opens up great opportunities:

  • Automation – just import the template, and the application will deploy all the resources for you. This saves a lot of time and effort and reduces the surface for human errors.
  • Elastic reproducing – you can deploy the infrastructure to any number of machines using the same set of code.
  • Upload your templates to the Version Control System, such as Git, SVN, etc. – you will always know the history of changes and can restore previous versions.
  • Manage resources conveniently – as a group, not individually, and define dependencies between resources to deploy them in the correct order.

DataSunrise Resource Manager is a feature that allows you to manage your DataSunrise structure in an “Infrastructure as code” principle. It provides all the same capabilities as a graphical interface, allowing you to deploy, edit, and delete DataSunrise infrastructure assets.

Templates

The main functionality of the Resource Manager is provided by working with templates. A template is a declarative JSON file (it will be possible to work in XML in the future) containing information about the deployed resource group. This file looks like a document with code that is processed by the API.

Template code can be written manually or exported from an existing DataSunrise instance with ready-made infrastructure. In any case, you can freely change the values of the parameters, reconfiguring the infrastructure according to your security needs.

Below is an example of the code for an audit rule creation template:

{
    "DSTemplateVersion" : "2020-03-10",
    "ExternalResources" : {
        "Instance_4" : {
            "Properties" : {
                "DatabaseType" : "MySQL",
                "InstanceName" : "Test database"
            },
            "Type" : "Instance"
        }
    },
    "Mappings" : {"LocalServerID": "1",},
    "Parameters" : {
    "Password_instance" : {
    "Description" : "",
    "Type" : "String"
        },
    },
    "Resources" : {
        "AuditRule_17" : {
            "DependsOn" : "Interface_4",
            "Properties" : {
                "Action" : "Default",
                "ApplySelectForWhereAndJoin" : "True",
                "ApplySelectWithoutFrom" : "True",
                "AuditDestinationDatabase" : "Database",
                "BlockCounterLimit" : "0",
                "BlockCounterPeriod" : "0",
                "BlockingMessage" : "",
                "BlockingType" : "None",
                "CefGroup" : "0",
                "ChainType" : "Audit",
                "CheckNextRule" : "False",
                "Comment" : "",
                "DataFilter" : "",
                "DataFilterIsRegexp" : "True",
                "DepersonalizeQueries" : "False",
                "DmlDeleteEnabled" : "True",
                "DmlExcludes" : [],
                "DmlFilter" : [
                    {
                        "DatabaseName" : "[[database]]",
                        "DatabaseNameIsRegexp" : "False",
                        "ObjectName" : "actor",
                        "ObjectNameIsRegexp" : "False",
                        "ObjectsItemFilter" : [],
                        "ObjectType" : "Table",
                        "SchemaName" : "sakila",
                        "SchemaNameIsRegexp" : "False"
                    }
                ],
                "DmlInsertEnabled" : "True",
                "DmlSelectEnabled" : "True",
                "DmlUpdateEnabled" : "True",
                "Enable" : "True",
                "ExcludeObjectGroups" : [],
                "FileParams" : "",
                "FilterType" : "ObjectBased",
                "FuncCallEnabled" : "False",
                "FuncExcludes" : [],
                "FuncFilter" : [],
                "IncludeObjectGroups" : [],
                "Instance" : {
                    "Ref" : "Instance_4"
                },
                "LimitCountType" : "ByOperations",
                "LimitCountValue" : "0",
                "LimitEnable" : "False",
                "LimitFilterType" : "ByRule",
                "LimitPeriodType" : "Hour",
                "MaxRowsCount" : "DefaultRowsCount",
                "Name" : "Audit_rule",
                "Priority" : "17",
                "RowLimit" : "0",
                "SaveDataBindings" : "True",
                "SaveOnlyFirst" : "False",
                "SaveReturnedData" : "False",
                "SaveToEventMonitor" : "True",
                "Schedule" : "0",
                "SessionCriteria" : {
                    "criteria" : [],
                    "filterType" : "AND",
                    "operatorType" : "complex"
                },
                "Subscribers" : [],
                "Tags" : [],
                "UseFunctionDDL" : "False",
                "UserBlockingPeriod" : "0",
                "UserBlockingType" : "NoBlock",
                "UseViewDDL" : "False",
                "WhoBlock" : "UserAndHost"
            },
            "Type" : "AuditRule"
        }
    }
}

ExternalResources

Contains references to external objects that exist outside the DataSunrise template and are not controlled by it, but in the context of which the framework exported to the template worked. When these objects are rendered in another DataSunrise before the template is deployed, the deployed infrastructure will work even without changing the settings.

In this case, this section describes the existing Test database instance, the infrastructure of which is exported to the template.

Mappings

This section contains constants of the template and allows you to set their value. You can refer to these values using the Ref function to avoid repetition of specifying this value in your code. This improves the readability of the template and reduces the number of possible errors.

"Mappings" : {"LocalServerID": "1",}

This section contains the ID of the local server. When changing the value of this constant, you will not need to waste time to rewrite this value throughout the template, it is enough to change it in this section.

Parameters

This section declares resource attributes to be deployed with predefined values. It helps to avoid repetition in the template too, but unlike the constants from the Mappings section, the parameter values can be overridden for different conditions, for example, on a different host with a different IP. Any attribute can be taken as a parameter and set externally when deploying a template.

"Parameters" : "Parameters" : {
    "Password_instance" : {
    "Description" : "",
    "Type" : "String"
},

In our example, a String type is specified for passwords, and if the password type should be different for one of the infrastructures, you can change this value manually or by including an optional Parameters JSON file. You can also store sensitive data such as passwords in this file, so you don’t have to write it down directly in the template.

You can also refer to these parameters using the “Ref” function:

"Password" : {
    "Ref" : "Password_instance"
},

Resources

The description of the audit rule being deployed begins in the Resources section, which contains a description of the imported resources. This section describes all the DataSunrise resources that you have uploaded to the template. These same resources will be deployed.

The Properties subclause describes the characteristics applied to the rule. For example, requests to which the rule should respond (True values of the ApplySelectForWhereAndJoin and ApplySelectWithoutFrom arguments, which correspond to the marked requests in Filter Statements in the GUI for creating an audit rule). The DmlFilter specifies the information source which triggers the rule.

Thus, when this template is deployed, an audit rule will be created that records any interaction with information in the actor table of the sakila scheme. To make the copied template work in other conditions (for example, another data source for monitoring), it is enough just to change the values of some arguments, in this case – ObjectName and SchemaName.

scheme

Other Ways to Deploy Templates

You can deploy the DataSunrise resources when DataSunrise starts up. To do this, you need to stop the DataSunrise Database Security service in Windows Services, write the appropriate arguments in the startup parameters and start the service again.

The DataSunrise will deploy all the infrastructure from the template. This is useful if you do not want to waste time deploying resources using UI . By specifying the required template in the launch parameters, you will get a ready-to-use infrastructure.

List of arguments for working with templates in the DataSunrise service, as well as examples of their use:

  • Template file path:

    TEMPLATE_PATH = “C: /Users/Tom/IaCTemplates/templatePeriodicTask.json”

  • Path to TemplateParams file (optional):

    TEMPLATE_PARAMS_PATH = “C:
    /Users/Tom/IaCTemplates/paramsPostgreSql.json”

  • What to do with the infrastructure (Action = InfrastructureName), choose one of the three:

    CREATE_INFRASTRUCTURE = deployment1 – Create infrastructure

    UPDATE_INFRASTRUCTURE = deployment1 – Update infrastructure (Add or remove resources based on the difference between past and current templates)

    DELETE_INFRASTRUCTURE = deployment1 – Delete infrastructure and all associated resources

The example of import arguments:

UPDATE_INFRASTRUCTURE = deployment1 TEMPLATE_PATH = “C:/ Users/Tom/IaCTemplates/templatePeriodicTask.json” TEMPLATE_PARAMS_PATH = “C:/ Users/Tom/IaCostgostgles”

Required arguments for export:

  1. The path where the template will be unloaded (optional, if not specified, it will be unloaded next to the executable):

    EXPORT_INFRASTRUCTURE_PATH = “C:/Users/Tom/”

  2. Infrastructure name:

    EXPORT_INFRASTRUCTURE = deployment1


Conclusion

Using DataSunrise Resource Manager is an effective solution for managing DataSunrise configurations. Working with templates allows you to adapt the exported infrastructure to your needs by modifying multiple values and managing resources via code. This approach saves your time and budget and frees you from repeating the same routine work.

Learn more about deploying templates and describing resources in Chapter 12 of the User Guide.

Next

OCR Sensitive Data Discovery

OCR Sensitive Data Discovery

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
info@datasunrise.com
Sales:
sales@datasunrise.com
Customer Service and Technical Support:
support.datasunrise.com
Partnership and Alliance Inquires:
partner@datasunrise.com