Skip to content

Installation Manual - Platform

Introduction

DQ0 Platform is the actual DQ0 data quarantine instance that forms the secure enclave around your sensitive data and provides the software to securely compute analytics jobs and machine learning models on that data. This manual describes the installation procedure of DQ0 Platform.

Prerequisites

The DQ0 Platform ships pre-built as a binary executable for the following platforms:

  • Linux (tested on CentOS 7)
  • Mac OS, Version 10.15 or higher
  • Windows 10

It is recommended to use a Linux host for DQ0 platform.

Installation of Runtime Environment (Linux)

To provide a runtime environment go through the following steps for local execution mode:

  1. Do not run dq0 as root or admin, create a new user if neccessary adduser user
  2. Download miniconda: wget https://repo.anaconda.com/miniconda/Miniconda3-latest-Linux-x86_64.sh
  3. Install miniconda: sh Miniconda3-latest-Linux-x86_64.sh
  4. Create new conda environment: conda create -n dq0 python=3.7
  5. Activate environment: conda activate dq0

Quick setup

For quick setup the docker compose installation is recommended: Docker Installation

Manual Installation

After everything has been unpacked, the installation process can be started.

  1. Ensure your are user, in conda environment dq0 and in user’s home directory
  2. Install dq0-sdk: pip install dq0sdk-0.1-py3-none-any.whl

  3. Set environment variable DQ0SDK_PATH: 

    cd $CONDA_PREFIX
mkdir -p ./etc/conda/activate.d
mkdir -p ./etc/conda/deactivate.d
touch ./etc/conda/activate.d/env_vars.sh
touch ./etc/conda/deactivate.d/env_vars.sh

  4. Edit environment files: edit ./etc/conda/activate.d/env_vars.sh as follows: #!/bin/bash export DQ0SDK_PATH=/home/user/miniconda3/envs/dq0/lib/python3.7/site-packages/dq0sdk

  5. Edit ./etc/conda/deactivate.d/env_vars.sh as follows: #!/bin/bash unset DQ0SDK_PATH

Configuration

dq0config.yaml

  • Set the correct proxy domain name or ip address in pullURL and pushURL
  • other values can be kept unchanged

Generate public key pair

Since dq0 is encrypted end-to-end, we have to generate a public key pair and share the public key with that of the proxy instance. Generate pair (public_key.pem and private_key.pem) and move to config folder:

./dq0-main --create-pk && mv *.pem config`

"public_key.pem" can be now shared with the proxy.

Create database

The database is created locally and uses sqlite3. Create the database with the following command: 

./dq0-main db create

Add roles and users

Now we can add new roles and users. To create a new role use the following command: 

./dq0-main role add

You will be prompted for the name for the role (enter for example "admin").

Create users with this command:

./dq0-main user add

Enter the username and password as requested.

Run as Service (Linux Cent OS example)

As root user we need to create a new file: vi /etc/systemd/system/dq0-main.service and add following content: 

[Unit]
Description=dq0 main service
After=network.target
StartLimitIntervalSec=0

[Service]
Type=simple
Restart=always
RestartSec=1
WorkingDirectory=/home/user/dq0-main
User=user
Group=user
ExecStart=/home/user/dq0-main/service.sh

[Install]
WantedBy=multi-user.target

Start service:

systemctl start dq0-main

and enable at system startup:

systemctl enable dq0-main

Network Settings

As the data quarantine seeks to provide a secure enclave for your private data it is very important to install DQ0 Main only in a network environment with the highest level of network protection and firewall settings enabled.

  • Make sure that only the DQ0 Proxy port (default is 8000) is open for public communication via TCP. All other ports shall be closed.
  • Set file level or database permissions so that only the DQ0 Main user can read the data source directories. Nobody should have write access to the data sources.