Assign a repository to a sidecar
To protect a repository and allow users to connect to it, you must
associate the tracked repository with its sidecar. In this example, we
add the repository invoices
to the sidecar sandbox-sidecar
.
Prerequisites
- Make sure you've tracked the repository in Cyral, which allows Cyral to connect to the repository.
- Make sure you've installed a sidecar that can reach the repository on the network.
Procedure
When you assign a repository to a sidecar, you're associating the repository with the Cyral interception service that will secure and monitor it, and you're establishing a hostname and listener port where data users can safely and easily connect to the repository using the authentication method you specify.
In the Sidecars tab, select the sidecar to which you'd like to assign the repository and click its name to reveal the configuration options for the sidecar.
In the Data Repositories tab, click the plus sign.
In the Assign a Repository window, choose the repository you want to protect with this sidecar.
Specify the Listener Port or port range where data users and applications will connect to this repository. All connections established through this port will be authenticated and monitored by Cyral.
MongoDB only: If this repository is a MongoDB cluster, see Port ranges for MongoDB clusters, below.
How is the Listener Port used? Users and applications will connect to the repository at the sidecar host address and this Listener Port number. The sidecar host address is also known as the sidecar load balancer address because the sidecar runs as a highly available, load-balanced cluster. Data users can look up the sidecar host address and listener port in the Access Data Repositories panel, reachable by clicking the Your Access Token button or by navigating to the Cyral UI.
Must this Listener Port match the native port exposed by the repository? No, you can choose a different port here. You must choose a port that's not in use on this sidecar. For information about the repository's native port, see Track a repository.
Click Track.
You've configured your data repository to be monitored by a Cyral sidecar.
Next steps
Port ranges for MongoDB clusters
For a MongoDB replica set cluster, Cyral's repository tracking page specified the number of required ports for the cluster, and the Assign a repository page shows the port range that will be used. The image below shows a range of 27019 through 27022.
tip
Cyral automatically defaults the port range in this dialog to reserve a number of ports equal to the number assigned to this repository. When you configure an additional MongoDB cluster, if you choose ports in a range that's already taken, then the Listener Ports section will be highlighted in red to alert you that some or all ports are in use. If this happens, try starting your port range with a port number outside existing ranges you've configured in Cyral.