skip to main content
Welcome to DataDirect Hybrid Data Pipeline : Deployment scenarios : Load balancer deployment : Shared files and the key location for load balancer deployment
  

Try Now
Shared files and the key location for load balancer deployment
Hybrid Data Pipeline requires the specification of a key location during installation. The installation program writes shared files used in the operation of the data access service to this directory. For a load balancer deployment, the key location must be accessible to the node or nodes running the service.
As a matter of best practices, the key location should be secured on a machine separate from the machines hosting the Hybrid Data Pipeline service or the machine hosting the system database. In the case of system failure, the backup files can be used to restore the service.

Shared files

The following files are stored in the key location for a load balancer deployment.
*.backup: A backup copy of the contents of the install directory from the previous install. This is used to restore the contents of the directory if there is an error during an upgrade.
*key: Reference to the file containing the encryption key for the HDP database.
*key00: Encryption key for the system database. This key is used to encrypt sensitive information such as data source user IDs and passwords, security tokens, access tokens and other user or data source identifying information. If this is not present, or was over written during the installation, then you will not be able decrypt any of the encrypted information in the system database.
*key-cred: Encryption key for credentials contained in Hybrid Data Pipeline configuration files. Examples of credentials in the config files include the user ID and password information for the system database.
*db/*: Encrypted information about the system database. The contents of these files are encrypted using the key-cred key. Used by the installer when performing an upgrade or installing on an additional node. If these are not present, or do not have valid encoding, the installation or upgrade will fail.
*plugins/*: JAR files for external authentication plugins
*authKey: Authentication key for the On-Premises Connector. This key is used to encrypt the user ID and password information in the On-Premises Connector configuration file. The key in this file is encrypted using a key built into the On-Premises Connector. This encrypted key is included in the OnPremise.properties configuration file distributed with the On-Premises Connector. If this is overwritten or incorrect, the On-Premises Connector will not be able to authenticate with Hybrid Data Pipeline.
*ddcloud.jks: Sun SSL keystore. This keystore contains the Hybrid Data Pipeline server SSL certificate if the SSL termination is done at the Hybrid Data Pipeline server.
*ddcloud.bks: Bouncy Castle SSL keystore. This keystore contains the same SSL certificate as the ddcloud.jks keystore. This keystore is in the Bouncy Castle keystore format and is used when the server is configured to run in FIPS compliant mode. Should only be present with FIPS enabled.
*ddcloudTrustStore.jks: Sun SSL truststore. This trustore contains any Intermediate or Root CA certificates needed to validate the server SSL certificate. This truststore is distributed with the On-Premises Connector and with the ODBC and JDBC drivers, allowing these components to validate the Hybrid Data Pipeline server certificate.
*ddcloudTrustStore.bks: Bouncy Castle SSL truststore. Should only be present with FIPS enabled. This truststore contains any Intermediate or Root CA certificates needed to validate the server SSL certificate in the Bouncy Castle keystore format. The Bouncy Castle SSL library does not use the default Java cacerts file, so this truststore is populated with the contents of the default cacerts file plus any additional intermediate and root certificates needed to validate the Hybrid Data Pipeline server certificate. Should only be present with FIPS enabled.
*key-opc: Contains the unencrypted encryption key. The authKey above contains the encrypted version of this key. This key is not shipped with the On-Premises Connector.
*global.properties: Stores properties and other information shared between nodes in a cluster.
*redist/*: Redistributable files. These files are used to install the On-Premises Connector and the ODBC and JDBC drivers.