Delphix Products

Hi all,

is it possible to replicate a VDB without replicating its dSource? I have one Engine in production environment. There is a folder with data files with sensitive data. On the production engine we provision a copy of those files and into the Configure Clone hook script we mask the data (invoking a masking job). Then we replicate only the vFiles (already masked) towards a second engine in the non production environment. Unfortunately, in the second engine, the test team will have not only the masked vFiles but also the unmasked (original) data from the dSource: the replication process, in fact, send not only the vFiles (I selected) but also its dSource (I did not select).

Thank you.
Gianpiero

Hi Gianpiero,

Thank you for contacting us regarding your question. You can select individual VDBs as part of a replication profile. However, by design data from the associated dSource will be transferred as part of the replication.

I hope I answered your question. Please let me know if you need anything else.

Thanks!

Srish

Hi Gianpiero, Why not to just create dsources on the second engine based on the masked virtuals from the first engine. This way you ensure that only masked data are given to the non prod environment. Notice that you need a target server on production to host you masked objects. Regards, Mouhssine

Sorry, I was reviewing my old questions and I realized I did not answer to your replies.
Believing it could help someone else, first I write my replies to your comments and finally I'll write my final solution.

@Srish Sriram

The design of the product can't help my customer and (I think) the great part of customers: they would like to replicate only masked data to the non production engine. Fortunately I know there is a new version of the engine with important feature that allows selective replication in order to replicate only virtual copy without the parent.

@Mouhssine Saidi

The production subnet and the non-production subnet are separated: for security policies any host into a subnet can't communicate with any host into another subnet. Even more so when it comes with production env. Only replication between two Engines is allowed (only DSP Protocol is allowed and so only one TCP Port in one direction is allowed).

Our solution while waiting the new Engine with selective replication

We created an empty vFiles on a target (a feature introduced since 4.3 version) and added a hook script on the pre-snapshot event that activates the masking job. Because the vFiles has not parent, we can replicate it without any dSource. And because only snapshots can be transferred to the target Engine, we guarantee that only masked data can be replicated. In fact if a masking job fails (activated by pre-snapshot hook), the snapshot can't complete and data can be trasferred to target engine. Only on demand snapshots can work, no scheduled snapshot. In fact we should avoid more than one snapshot on same data. The process that can work is: copy new unmasked data into vFiles, snapshot it and replicate it.