Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Cloud Connector Config Tokenization

IMPORTANT: You must have the Skyhigh Cloud Connector user role to configure Cloud Connector. For details, see About User Roles and Access Levels

Tokenize settings for user name IP addresses and Active Directory attributes. 

Tokenization.png

Field Description
Tokenize AD Attributes Select Yes to tokenize Custom AD Attributes before sending them to Skyhigh CASB. Select No to disable tokenization.
Detokenize Server TLS Protocol Select the TLS protocol to connect to the detokenization server (TLSv1.2 or TLSv1.3).

Advanced Settings 

Click Show Advanced Settings to display. 

Field Description
Disable remote detokenization Disable detokenization on remote Skyhigh Cloud Connector before forwarding syslog messages or emails.
User Name Cleanup Select Yes to normalize user names and avoid potential duplicates. Select No to disable.
Automatically Start Detokenization Server Select Yes to provide an override to avoid Tomcat performance impact due to testing. Select No to disable.
Automatically Restart Detokenization Server Enable this parameter to provide an override to avoid Tomcat performance impact due to testing. 
Tokenize DN Enter Key for Tokenize in Custom Attributes. 
Retention Period of Tokenized Data Enter the number of days tokenized data is retained before deleting.
Size of MapDBEncrypted in MB for Rotation Enter the MapDB Encrypted text file size in MB for rotation.

Write Tokenized Data to TTL DB

Select Yes to write to the TTL DB, where data is automatically deleted after the retention period, set in the field Retention period of tokenized data. Select No to write data to the levelDB, where data is not deleted.

NOTE: In Windows servers, TTL DB would work only with Microsoft Visual C++ 2015. Before changing the option, Write Tokenized Data to TTL DB  make sure that Microsoft Visual C++ 2015 is installed on windows server where Cloud Connector is installed.

Symbolic Server Name Enter the Symbolic Server Name used by Cloud Connector to detokenize files. 
Symbolic Server IP Address Enter the Symbolic Server IP address used by Cloud Connector to detokenize files. 
Detokenization Port Enter the port number where the detokenization server runs. This port number also runs the Cloud Connector user interface. 
Map DB Cache Type Enter the type of in-memory database used to store configuration properties. 
File Name to Store Token Mapping Enter the file name where cleartext to token mapping is stored. 

Change Salt Values

Changing salt value makes the existing MapDBEncrypted.txt file useless as existing MapDBEncrypted.txt contents are encrypted with the old salt value. If you attempt to import data from the old MapDBEncrypted.txt file after changing the salt value, it would lead to data corruption in DB. For this reason, perform the following steps after changing the salt value:

  1. Back up the existing MapDBEncrypted.txt files.
  2. Export the data from LevelDB/ Rocks-TTLDB.
  3. Use the new exported MapDBEncrypted.txt files for importing data in future.

Switch from TTLDB to LevelDB

To switch back to LevelDB from TTL DB (for any reason), perform the following steps:

  1. Export all data from TTL DB.
  2. Import all exported data from TTL DB to Level DB.
  3. Switch the Write Tokenized Data to TTL DB option on the dashboard.
  • Was this article helpful?