Deployment
Data Control Tower is a container-based architecture and is currently certified with Kubernetes and OpenShift to align with common enterprise container standards. The DCT architecture is comprised of multiple micro-services that are each run on individual pods. This lends DCT to be a highly flexible and resilient deployment by enabling customers and IT organizations to enact their own backup, scaling, and resiliency standards associated with hosting container-based applications. Below is an architectural diagram of all the services that make up DCT as well as the persistent storage for maintaining relationship metadata.
.png?inst-v=571b6a9b-6a0a-483a-8500-9eea84009574)
DCT is multi-cloud enabled, which means that a single DCT instance can be deployed to orchestrate (via HTTPS) Continuous Data and Continuous Compliance workloads with Delphix engines located in other networks. Alternatively, DCT can be localized to engines located within a network. DCT is a lightweight management application, which means that it does not require a highly performant connection to complete its work and can serve as a central management layer for Delphix engines globally.
.png?inst-v=571b6a9b-6a0a-483a-8500-9eea84009574)
This section will explain all of the required steps to deploy DCT on your container platform of choice.
Password policy default enablement
In order to enforce better security, a user password policy was enabled by default in DCT version 8.0. When a new user is created or a password is changed for an existing user, the given password must meet the following criteria:
Password must be a minimum of 15 characters
Password must contain a digit
Password must contain a capital letter
Password must contain a lowercase letter
Password must contain a special character
Username cannot be used as the password
Previous two (2) passwords cannot be reused
Maximum of five (5) incorrect password attempts allowed
To allow passwords without any restrictions or criteria, disable the password policy using the DCT API.
API: /management/accounts/password-policies
HTTP method: PATCH
Request body:
{
"enabled": false
}
/* Or, if you want to enforce a different password policy, use something similar to this request body: */
{
"enabled": true,
"min_length": 10,
"reuse_disallow_limit": 1,
"digit": true,
"uppercase_letter": true,
"lowercase_letter": true,
"special_character": false,
"disallow_username_as_password": true,
"maximum_password_attempts": 3
}
Change in password policy will not impact the existing user’s password. The new password policy will only be applicable when the password is changed or a new user is created.