• Segregation of Production and Non-Production
A virtualisation or masking engine must be classified as a production environment if it contains or connects to production data. And therefore, all production security controls (the controls described in this document) must be applied.
A key feature of the Delphix DDP is replication, where whole engines or a subset of objects can be replicated using Delphix own protocol (DSP) to another engine. When replicating masked objects Selective Data Distribution (SDD) must be used, which ensures no unmasked blocks are replicated.
In this scenario it is possible to mask the production data in the production engine before replicating the masked virtual dataset to another target engine. The target engine can be classified as non-production providing it only contains fully de- sensitised data.
Regardless of whether replication is used, the target data server (the server hosting virtual datasets) may be classified as non-production as long as the data is fully de- sensitised. Security controls for either non-production engines or target data servers may be relaxed but this subject is outside the scope of this document.