Prepare nodes

To enable Enhanced Enycryption in an environment, you must first prepare the self-managed Snaplex nodes.

Prerequisites

The following are required to use Enhanced Encryption.

  • Google Chrome version 37 and higher for accessing the SnapLogic Platform.
  • The environment (Org) cannot have a mixture of self-managed Snaplexes and those managed by SnapLogic. Before enabling Enhanced Encryption, work with SnapLogic support to remove Cloudplexes from your environment or convert them to Groudplexes.
  • Groundplex nodes must use a Java 11 JRE.
  • Nodes can be deployed either on Windows or Linux operating systems:
    • For Windows OS, generate the data keys on a Linux machine and copy them to the nodes running on Windows. If all of a self-managed Snaplex’s nodes are on Windows machines, install the Linux RPM (Snaplex installation package) on a Linux machine solely for the purpose of generating or updating the key store using the jcc.sh script.
    • For Linux OS, you must use the latest version of the RPM/DEB SnapLogic installer. Download the package if your Snaplex is not running the latest version. If you are setting up a new Snaplex, follow the instructions to install it first.

Generate datakeys files

On a Linux machine that contains the latest Snaplex installation package, generate the key files:

  1. Start or stop and restart the node. For example: 
    $ sudo /opt/snaplogic/bin/jcc.sh start
  2. Copy the jcc-datakeys.jks and jcc-datakeys.pass files from the /etc/snaplogic directory.
  3. Follow the instructions to prepare the remaining Snaplex nodes Linux or on Windows.

For nodes on Linux

Each machine running a node should have the same Snaplex installation as the machine where you generated the keys. If the nodes are currently running, stop them. Propagate the datakeys files:

  1. Paste the generated jcc-datakeys.jks and jcc-datakeys.pass files
  2. Restart each node.

During startup, the nodes upload public keys to the SnapLogic cloud. Org admins can view the keys in the Encryption Settings dialog.

Important: The server keys stored in jcc-serverkeys.jks and jcc-serverkeys.pass must be unique for each Snaplex node. Do not copy server keys to other nodes.

For nodes on Windows

After you generate the key files on a Linux machine, prepare the nodes on Windows:

  1. Copy the jcc-datakeys.jks and jcc-datakeys.pass from the /etc/snaplogic directory of the Linux machine to a secure folder on the Windows machine. A secure folder is one that only those who work with the Snaplex nodes can access.
  2. Log into the IIP Manager and add the folder name, as the value of a new SL_KEY_DIR Java property in the Snaplex configuration file:
    1. Navigate to the target Snaplex, and click it to open its properties.
    2. Click the Node Properties tab.
    3. In the Global Properties section, click the plus sign to add the key.
    4. In the Key field, enter jcc.jvm_options.
    5. In the Value field, enter -DSL_KEY_DIR=folder_name. The following example shows how to enter the value for keys stored in c:\\snaplogic_keys:
      Windows key folder property

    6. Click Update.
  3. Restart the SnapLogic service on all nodes with the updated slpropz configuration.
Important: The server keys stored in jcc-serverkeys.jks and jcc-serverkeys.pass must be unique for each Snaplex node. Do not copy server keys to other nodes.

Next, enable Enhanced Encryption.