Upgrading to DataHub V11 - Security Considerations for Tunneling and other Remote Connections

DataHub V11 introduces a new, robust connection and security model designed to enhance protection for remote connectivity. These enhancements make DataHub more secure out of the box, but they require additional configuration when upgrading from earlier versions.

For a detailed explanation of the security enhancements added in DataHub V11, visit: Cogent DataHub V11 Security Enhancements Deep Dive

Why am I seeing a "Permission Denied" error?

Older versions of DataHub lack the new security configurations introduced in V11. After upgrading, you must manually configure these parameters to ensure seamless functionality.

For example, if you previously configured a Tunnel Master in DataHub V10 or earlier, upgrading to V11 will result in a "Permission Denied" error in the event log until the security settings are updated.

How to Resolve the Issue:

The most common configuration adjustment involves Security Principals, which define user login contexts based on IP patterns and interfaces. Follow these steps to configure security settings in DataHub V11:

1. Navigate to Security > Configure.
2. Set the Organization to Internal.
3. Choose Mirror, which is the default internal user for Tunnel/Mirror interfaces (while this example uses the Tunnel/Mirror interface, the same can be done for the other listed interfaces with internal users).
4. Under Principals, select the principal with the IP pattern 0.0.0.0/0.
5. Under Roles, check Show Available to view role options.
6. Assign the desired roles (e.g., "AllDataReader") based on your requirements.
7. Click Apply.

After completing these steps, the "Permission Denied" error should no longer appear in the event log.

If you have any questions or need further assistance, please contact our technical support team at support@softwaretoolbox.com.