DataMasque Installation on a Linux Server

This guide describes the process for deploying DataMasque with Docker Compose on a Linux server.

• System requirements
• Installing DataMasque
• Upgrading DataMasque
• Troubleshooting and maintenance
• Recommendations

System requirements

• Supported Operating Systems:

  • Ubuntu 18.04 - 24.04 LTS, x86 64-bit
  • Red Hat Enterprise Linux (RHEL) 8.7+, 9.x or 10.x, x86 64-bit
  • Oracle Linux 9.x, x86 64-bit
  • Amazon Linux 2023

• 4 vCPUs

• 8 GiB RAM

• 40 GiB total disk space

Free space: DataMasque requires at least 6GB of free space inside the Docker root directory before install or upgrade. By default, the Docker root directory is /var/lib/docker.

Note: For masking Snowflake databases, 8 vCPUs and at least 16GiB RAM are required.

• A static external IP or hostname

• Ingress requests allowed on port 443 (and optionally port 80)

  • These ports are used to serve DataMasque's web interface.
  • If HTTP traffic is allowed on port 80, it will be automatically upgraded to HTTPS on port 443.

• For admin access (SSH), ingress requests allowed on port 22.

• Client web browser: Google Chrome 85 or above

• Container managers:

  • Docker 19.03 to 29.4 (Ubuntu and RHEL) or Podman 4.4.1 to 5.7 (RHEL and Oracle Linux only)
  • Docker Compose 1.17 to 5.1 (recommended 2.1 or above)

Installing DataMasque

DataMasque is a container-based application and runs on both the Docker and Podman container managers. Follow one of the links below according to which container manager you are using.

• For Docker, see Docker installation.
• For Podman (on RHEL and Oracle Linux only), see Podman installation.

Upgrading DataMasque

It is recommended that you take a complete backup before upgrading your DataMasque instance. See the Backup and Restore guide for detailed instructions.

To upgrade your DataMasque instance, extract the new DataMasque Docker Compose package, and run the included installation script with the--upgrade option:

tar -xvzf datamasque-docker-v<version>.pkg
cd datamasque/<version>/
sudo ./install.sh --upgrade

Note: If your user belongs to the docker and datamasque groups, root privilege escalation via sudo is not necessary for Docker installations.

For installations with Podman:

sudo ./install.sh --podman --upgrade

Upgrading from v2.x to v3.x

License Changes

• Non-marketplace installations with a license file: Contact DataMasque support for a new v3.x license.
• Non-marketplace with cloud contract: If you have the option to switch to AWS Contract License in the My Account page, your license should continue working without requiring a new license file.
• AWS Marketplace (Free Trial, Consumption, or AWS Contract): Contact DataMasque support for upgrade assistance.
• Azure Marketplace (Consumption): Contact DataMasque support for upgrade assistance.

Note: New licenses are provided at the same term, free of charge.

Database Migration

When upgrading from DataMasque v2.x to v3.x, the installation script automatically migrates the internal PostgreSQL database from version 12 to version 18.

What happens during the upgrade

1. The script detects that you are upgrading from v2.x
2. A backup of your database is created at /usr/local/etc/datamasque/pg_backup.dump
3. Your data (connections, rulesets, users, run history) is migrated to PostgreSQL 18
4. The migration is validated by comparing record counts before and after

Important notes

• The backup file is preserved after a successful upgrade
• You should manually delete the backup file after confirming the upgrade works:

  sudo rm /usr/local/etc/datamasque/pg_backup.dump

• If the migration fails, the backup file can be used for recovery

Recovery from a failed migration

If the upgrade fails after the database dump was created:

1. Stop the containers:

   cd /usr/local/etc/datamasque
   docker-compose down

2. Install the previous v2.x version
3. Start the containers:

   docker-compose up -d

4. Restore from the backup:

   docker exec -i $(docker ps -q -f name=admin-db) pg_restore -U postgres -d postgres --clean --if-exists < /usr/local/etc/datamasque/pg_backup.dump

Troubleshooting and maintenance

See the General Troubleshooting and Maintenance page.

Recommendations

General

• Scaling: If you intend to run masking tasks in parallel or to perform multiple masking runs simultaneously, you should ensure your system has 1 vCPU and at least 1 GiB of RAM per concurrent masking task, in addition to a baseline of 5GiB of RAM for the operating system and DataMasque.
• Network and I/O: Refer to Network and I/O best practices for server networking recommendations.
• Host security: Deploy DataMasque on a dedicated VM/server with appropriate access control and enable host filesystem encryption.

Starting DataMasque automatically on boot

DataMasque's containers are configured with Docker Compose to always restart, so DataMasque will start automatically after system boot if the Docker daemon is configured to start on boot (which is the default configuration for a standard installation of Docker). For more information on configuring Docker to start on boot, refer to: https://docs.docker.com/engine/install/linux-postinstall/#configure-docker-to-start-on-boot-with-systemd.

Data protection

It is recommended to take regular backups of your DataMasque instance. See the Backup and Restore guide for detailed instructions on backing up your database, instance secret, and other important data.