Versions Compared

Old Version 42

changes.mady.by.user John Brinckwirth

Saved on

compared with

New Version 43

changes.mady.by.user John Brinckwirth

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this article

...

Note
titleBest Practice
  • You cannot use a Cloudplex for this configuration. Before enabling this feature, you need to work with SnapLogic support to turn off and remove Cloudplex instances from your Org or convert them into Groundplex instances. You can, however, use Enhanced Encryption in an eXtremeplex.
  • We do not recommend moving an Org from Enhanced Encryption to Standard Encryption. However, if the Org with Enhanced Encryption is moved to Standard Encryption, any OAuth 2.0 accounts created before do not function and therefore need to be re-created after the move.

...

Note
titleRecommendation

Data keys are the same across JCC nodes; however, the server keys are unique for each JCC node. We recommend that you generate the data keys on a Linux machine and copy them into the SL_KEY_DIR folder on the Windows machine. The files have to be copied with the name as generated on the Linux machine: 
jcc-datakeys.jks and jcc-datakeys.pass.

  1. On Windows-based Groundplex instances, copy the keys to a secure folder. Only the security administrators and users that run the Groundplex service must have access to the directory.

  2. Add the location of the directories as an environmental variable or Java property in Windows key directory as a Java property in the Snaplex configuration with the name SL_KEY_DIR.To add a Java property, add .
    1. Navigate to the target Snaplex in Manager, and then click to open it.

    2. Click the Node Properties tab, and under Global Properties, click Image Added to enter the key-value pair:

    3. Add the following in the Snaplex

    properties

    1. property:

      Paste code macro
      themeAgate
      jcc.jvm_options = -DSL_KEY_DIR=c:\\snaplogic_keys

      Image Added

    2. In the Create Snaplex dialog window, click Create. If you are updating an existing Snaplex, click Update.

  3. Restart the Windows service on all of the Groundplex nodes with the updated slpropz configuration.

...

  1. Log in as an Org admin and navigate to Manager > Settings, then click Configure Encryption.


  2. On the Encryption Settings dialog, click the Groundplex tab (default), then select Enhanced encryption.

    1. Verify that the same key is used on all nodes of the Groundplex; otherwise, you cannot configure the Org with Enhanced Encryption because all keys used across an Org must be consistent

    2. Select the level of sensitivity based on the following:

      • High. Encrypts passwords and secret keys
      • Medium and High. Encrypts usernames, passwords, and secret keys

      • Low, Medium, and High. Encrypts host name, database names, database URL properties, usernames, passwords, and secret keys.

        Info
        titleAccounts for Snap Packs

         To learn about which fields are encrypted for an Account, see the sensitivity level definition in the Account’s documentation for that Snap Pack.


    3. To set a key for the entire Org, select the target key. Only those keys that are available on all nodes are displayed.

    4. Confirm the new key. This configuration causes all accounts to be decrypted using the existing keys and then re-encrypted with the newly selected Org-level key.
  3. Click Update to apply enhanced encryption. 

...