Prepare nodes

Preparing Snaplex nodes for enhanced encryption

To enable Enhanced Account Encryption (EAE) in an environment, you must first prepare the self-managed Snaplex nodes.

Prerequisites

The following are required to use EAE.

  • Google Chrome version 37 and higher for accessing the SnapLogic Platform.
  • The environment (Org) cannot have a mixture of self-managed Snaplexes and those managed by SnapLogic. Before enabling EAE, work with SnapLogic support to remove Cloudplexes from your environment or convert them to Groudplexes.
  • Groundplex nodes must use a Java 11 JRE.
  • Nodes can be deployed either on Windows or Linux operating systems:
    • For Windows OS, generate the data keys on a Linux machine and copy them to the nodes running on Windows. If all of a self-managed Snaplex’s nodes are on Windows machines, install the Linux RPM (Snaplex installation package) on a Linux machine solely for the purpose of generating or updating the key store using the jcc.sh script.
    • For Linux OS, you must use the latest version of the RPM/DEB SnapLogic installer. Download the package if your Snaplex is not running the latest version. If you are setting up a new Snaplex, follow the instructions to install it first.

Generate datakeys files

On a Linux machine that contains the latest Snaplex installation package, generate the key files:

  1. Start or stop and restart the node. For example:
    $ sudo /opt/snaplogic/bin/jcc.sh start
  2. Copy the jcc-datakeys.jks and jcc-datakeys.pass files from the /etc/snaplogic directory.
  3. Follow the instructions to prepare the remaining Snaplex nodes Linux or on Windows.

For nodes on Linux

Each machine running a node should have the same Snaplex installation as the machine where you generated the keys. If the nodes are currently running, stop them. Propagate the datakeys files:

  1. Paste the generated jcc-datakeys.jks and jcc-datakeys.pass files
  2. Restart each node.

During startup, the nodes upload public keys to the SnapLogic cloud. Org admins can view the keys in the Encryption Settings dialog.

Important: The server keys stored in jcc-serverkeys.jks and jcc-serverkeys.pass must be unique for each Snaplex node. Do not copy server keys to other nodes.

For nodes on Windows

After you generate the key files on a Linux machine, prepare the nodes on Windows:

  1. Copy the jcc-datakeys.jks and jcc-datakeys.pass from the /etc/snaplogic directory of the Linux machine to a secure folder on the Windows machine. A secure folder is one that only those who work with the Snaplex nodes can access.
  2. Log into the Admin Manager and add the folder name, as the value of a new SL_KEY_DIR Java property in the Snaplex configuration file:
    1. Navigate to the target Snaplex, and click it to open the Update Snaplx properties screen.
    2. Click the Node properties tab.
    3. In the Global properties field in the Key field, specify jcc.jvm_options.
    4. In the Value field, specify -DSL_KEY_DIR=folder_name and click + Add a new global property to add the values. The following example shows how to enter the value for keys stored in c:\\snaplogic_keys:
      Windows key folder property

    5. Click Save.
  3. Restart the SnapLogic service on all nodes with the updated slpropz configuration.
Important: The server keys stored in jcc-serverkeys.jks and jcc-serverkeys.pass must be unique for each Snaplex node. Do not copy server keys to other nodes.

Next, Enable Enhanced Account Encryption.