ONE Desktop ONE DQ&C ONE MDM ONE RDM ONE Runtime Server
latest (15.3.0) 15.2.0 15.1.0 14.5.x 13.9.x 13.8.x 13.7.x 13.6.x 13.5.0 13.4.x 13.3.x 13.2.x
User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

Unique Encryption Keys

Generate individual encryption keys to secure the connection between ONE Desktop and your Ataccama Cloud deployment. This guide provides instructions about how to generate unique encryption keys in Cloud Portal and supply them to ONE Desktop, local runtime, and hybrid Data Processing Engine (DPE).

Overview

Using unique encryption keys contributes to overall security in the following ways:

  • It provides additional protection against unauthorized access to your data and environment in Ataccama Cloud.

  • It makes sure data is encrypted and compliant with data protection regulations.

  • It helps mitigate data leakage risks and protects data in transit and at the edge of the network.

  • It secures communication between ONE and edge components, such as hybrid DPEs and ONE Desktop.

Unique encryption keys can also be easily rotated as well as securely backed up and restored without getting embedded in the backup.

The keys are provided as JCE keystore files, encoded as Base64 strings.

Create keystore

To generate your keystore:

  1. In Cloud Portal, go to your environment and switch to the Services tab.

  2. In Shared Services, find ONE Desktop and select Instructions.

  3. In Use keystore file, select Generate to create the keystore.

  4. Once the keystore is ready, download the keystore file (Download keystore.jceks) and copy the corresponding password.

    Keep the modal open until you are finished with the configuration in case you need to return to it again. Otherwise, you have to generate a new keystore and password.
    Generate and download keystore file

Configure ONE Desktop to use the keystore

  1. Navigate to your ONE Desktop installation folder.

  2. Open the one-desktop.ini file in a text editor.

  3. Add the following properties. Make sure to provide the correct path to the downloaded keystore as well as the keystore password (see Create keystore, steps 3 and 4):

    Dproperties.encryption.keystore=<PATH_TO_KEYSTORE.JCEKS>
Dproperties.encryption.keystore.password=<KEYSTORE_FILE_PASSWORD>
Dproperties.encryption.keyAlias=initial_peripheral
Dinternal.encryption.keystore=<PATH_TO_KEYSTORE.JCEKS>
Dinternal.encryption.keystore.password=<KEYSTORE_FILE_PASSWORD>
Dinternal.encryption.keyAlias=initial_peripheral

  4. Save your changes.

  5. To apply the properties to the local runtime, launch ONE Desktop.

  6. Go to Window > Preferences > Java > Installed JREs.

  7. Select the default JRE and then Edit.

  8. In Default VM arguments, paste the properties listed in step 3.

  9. Select Finish and then Apply and Close to save the changes.

    Editing default JRE

Configure self-managed DPE to use the keystore

Self-managed hybrid DPEs connecting to Ataccama Cloud must use the same keystore.

For fresh installations, the keystore and its configuration are part of the values file generated by Cloud Portal. For details, see Self-Managed DPE Deployment in Ataccama Cloud.

For existing installations, modify the hybrid DPE etc/application.properties file by adding the following properties:

properties.encryption.keystore=<PATH_TO_KEYSTORE.JCEKS>
properties.encryption.keystore.password=<KEYSTORE_FILE_PASSWORD>
properties.encryption.keyAlias=initial_peripheral
internal.encryption.keystore=<PATH_TO_KEYSTORE.JCEKS>
internal.encryption.keystore.password=<KEYSTORE_FILE_PASSWORD>
internal.encryption.keyAlias=initial_peripheral

Was this page useful?