Configuring Amazon RDS MS SQL as the Backend Database

PAM360 uses PostgreSQL as the default backend database, and it comes bundled with the product. However, you can configure the product with other database servers such as PostgreSQL, MS SQL (both standalone and cluster), Azure SQL, and Amazon RDS. Amazon Web Services (AWS) Relational Database Service (RDS) is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud. It supports several database engines, including Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, and Microsoft SQL Server.

Benefits of using Amazon RDS Instance

• Simplifies the database administration tasks such as automated backups, patching, and scaling.
• Ensure minimal downtime and automatic failover, along with dynamic scaling to compute storage resources to meet demand.
• Optimized storage options and read replicas enhance performance.
• Automated backups, snapshots, and multi-region deployments ensure data durability and availability.

This document explains in detail the steps to configure Amazon RDS MS SQL, an on-demanding service in the backend database.

Configuring Amazon RDS MS SQL as the Backend Database

1. Download and install PAM360 in an AWS EC2 instance.
2. Create a new RDS MS SQL database in the AWS instance for PAM360.
3. Make copies of the following files under <PAM360 Installation Directory>\conf directory and rename them:
   • wrapper.conf to wrapper.conf_old
   • wrapper_lin.conf to wrapper_lin.conf_old
   • wrapper_lin.conf to wrapper_lin.conf_old
   • wrapper_lin.conf_mssql to wrapper_lin.conf
   • pam360_key.key to pam360_key.key_old
   • database_params.conf to database_params.conf_old
   • customer-config.xml to customer-config.xml_old
   • customer-config.xml_mssql to customer-config.xml
4. Download and replace the below files under <PAM360 Installation Directory>\conf directory.
   • customer-config.xml
   • database_params.conf
   • masterkey.key
5. Upon replacement, open the masterkey.key file and enter a new password.
6. Open the SQL studio application and execute the following query:
   

    use <DBNAME>;

   create master key encryption by password = 'Password entered in the masterkey.key file';

7. From the <PAM360 Installation Directory>\conf folder, open the database_params.conf file in a text editor and perform the following actions:
   • Replace the <%DNS_NAME%> with the AWS MS SQL instance name.
   • Replace <database name> with the encrypted database name.
   • Update the Username and Password with the RDS MS SQL instance detail.
   • Search for db.password.encrypted=true and change it as db.password.encrypted=false
   • Now, save and close the database_params.conf file.
8. Download the RDS MS SQL RDS region's root CA certificate.
9. Navigate to the <PAM360 Installation Directory>\jre\bin folder using the command prompt and execute the following command:
   

    keytool.exe -import -v -alias <alias name> -file <certificate path> -keystore  ..\lib\security\cacerts -keypass changeit -storepass changeit -noprompt

   Now, you have successfully configured Amazon RDS MSSQL as the backend database for the PAM360 application.