Any deployment using a load balancer requires the specification of an external key location. The external key location must be accessible to the node or nodes running the Hybrid Data Pipeline service. Additionally, for security reasons, the key location should be secured on a machine separate from the system database and any machine hosting the Hybrid Data Pipeline service.

The following files are stored in the key location for a load balancer deployment.

  • .backup: A backup copy of the contents of the install directory from the previous install. This is used to restore the contents of the directory if there is an error during an upgrade.
  • key: Reference to the file containing the encryption key for the Hybrid Data Pipeline database.
  • key00: Encryption key for the system database. This key is used to encrypt sensitive information such as data source user IDs and passwords, security tokens, access tokens and other user or data source identifying information. If this is not present, or was over written during the installation, then you will not be able decrypt any of the encrypted information in the system database.
  • key-cred: Encryption key for credentials contained in Hybrid Data Pipeline configuration files. Examples of credentials in the config files include the user ID and password information for the system database.
  • db/*: Encrypted information about the system database. The contents of these files are encrypted using the key-cred key. Used by the installer when performing an upgrade or installing on an additional node. If these are not present, or do not have valid encoding, the installation or upgrade will fail.
  • dddrivers/*: A directory of internally supported drivers that have been updated after a product upgrade.
  • drivers/*: The directory used for integrating third-party drivers with Hybrid Data Pipeline.
  • plugins/*: JAR files for external authentication plugins.
  • authKey: Authentication key for the On-Premises Connector. This key is used to encrypt the user ID and password information in the On-Premises Connector configuration file. The key in this file is encrypted using a key built into the On-Premises Connector. This encrypted key is included in the OnPremise.properties configuration file distributed with the On-Premises Connector. If this is overwritten or incorrect, the On-Premises Connector will not be able to authenticate with Hybrid Data Pipeline.
  • ddcloud.jks: Sun SSL keystore. This keystore contains the Hybrid Data Pipeline server SSL certificate if the SSL termination is done at the Hybrid Data Pipeline server.
  • ddcloud.bks: Bouncy Castle SSL keystore. This keystore contains the same SSL certificate as the ddcloud.jks keystore. This keystore is in the Bouncy Castle keystore format and is used when the server is configured to run in FIPS compliant mode. Should only be present with FIPS enabled.
  • ddcloudTrustStore.jks: Sun SSL truststore. This trustore contains the root CA certificate needed to validate the server SSL certificate. This truststore is distributed with the On-Premises Connector and with the ODBC and JDBC drivers, allowing these components to validate the Hybrid Data Pipeline server certificate.
  • ddcloudTrustStore.bks: Bouncy Castle SSL truststore. Should only be present with FIPS enabled. This truststore contains the root CA certificate needed to validate the server SSL certificate in the Bouncy Castle keystore format. The Bouncy Castle SSL library does not use the default Java cacerts file, so this truststore is populated with the contents of the default cacerts file and the root certificate needed to validate the Hybrid Data Pipeline server certificate. Should only be present with FIPS enabled.
  • key-opc: Contains the unencrypted encryption key. The authKey above contains the encrypted version of this key. This key is not shipped with the On-Premises Connector.
  • global.properties: Stores properties and other information shared between nodes in a cluster.
  • redist/*: Redistributable files. These files are used to install the On-Premises Connector and the ODBC and JDBC drivers.