Getting Started

To begin using DataBee, follow the steps mentioned in the Preliminary Deployment section below.

Preliminary Deployment

Overview

This section will walk you through the preliminary deployment process for setting up your cloud infrastructure. We will cover the necessary actions you need to take, including selecting an AWS region, choosing a subdomain name and email for your local admin account, and the expected next steps to be followed.

Timeline

The expected timeline for this deployment process is approximately one week.

What we need

• Pick AWS region- When selecting an AWS region for your cloud infrastructure, you can choose from the following options.

  Region	Location
  us-east-1	North Virginia, US
  us-east-2	Ohio, US
  us-west-1	Northern California, US
  us-west-2	Oregon, US
  ap-southeast-2	Sydney, Australia
  eu-central-1	Frankfurt, Germany
  eu-west-1	Ireland, Europe

• Subdomain name- any subdomain name of your choice, such as acme.databee.buzz

• Email- Provide an email address for the initial local admin account. This will be the primary account to which we will send important emails regarding your cloud infrastructure.

• Customer Name- you can provide the name of your organization.

What you should expect

After the preliminary deployment process is complete, you can expect to receive an email with login credentials and a link to access your instance. This email will be sent to the email address provided for the initial local admin account.

Expected next steps

Setup SSO- you will need the SAML meta file to set up single sign-on for your users.

Snowflake setup- the setup script provided below will help you configure Snowflake for your cloud infrastructure.

Snowflake Direct Connect

Note:

Network policies differ between customers and how their architecture is set up. You may need to apply a network policy allowing DataBee to talk to your Snowflake instance. For a list of IP addresses that need to be whitelisted, contact DataBee Support or reach out to your Technical Account Manager.

To learn more about configuring the Snowflake Network Policy, see Create Network Policy.

Key Pair Setup

DataBee connects to Snowflake using a secure key-pair authentication mechanism. Before configuring your Snowflake environment, you will need to generate a key pair for the connection. This 2-step process generates a private encrypted key and a public key. To generate the private key you can run the following openssl command:

openssl genrsa 2048 | openssl pkcs8 -topk8 -v2 des3 -inform PEM -out rsa_key.p8

Private Key Password

This command will ask you to setup a password to protect the private key. DO NOT LOSE this password or you will be unable to complete the Snowflake connection.

To generate the public key that matches the private key created above you can use this openssl command:

openssl rsa -in rsa_key.p8 -pubout -out rsa_key.pub

Password Input

This command requests the same password you used to create the private key.

You will use this public key when setting up the user in Snowflake and the private key and password when connecting in the DataBee UI. Click on Key-pair authentication with Snowflake for more details.

Snowflake Setup

Prior to configuring your Snowflake connection in DataBee your Snowflake administrator must perform the steps in the script below:

-- Creating Role
USE ROLE ACCOUNTADMIN;
create ROLE CTSCYBER_RL comment = 'Role created for Comcast to manage the connected app product' ;

USE ROLE ACCOUNTADMIN;
grant OWNERSHIP on ROLE CTSCYBER_RL to ROLE SYSADMIN;

USE ROLE SYSADMIN;
GRANT ROLE CTSCYBER_RL to ROLE SYSADMIN;

-- Creating Warehouse
USE ROLE SYSADMIN;
CREATE OR REPLACE WAREHOUSE CTSCYBER_WH
WITH WAREHOUSE_SIZE = SMALL -- default as XSMALL [| SMALL | MEDIUM | LARGE | XLARGE | XXLARGE | XXXLARGE | X4LARGE | X5LARGE | X6LARGE]
MAX_CLUSTER_COUNT = 2 -- default to 2
MIN_CLUSTER_COUNT = 1 -- default to 1
SCALING_POLICY = STANDARD -- always default to STANDARD [| ECONOMY]
AUTO_SUSPEND = 60 -- warehouses automatically bill for the first minute, so we default to 60 second suspension
AUTO_RESUME = TRUE -- always default to TRUE [| FALSE]
INITIALLY_SUSPENDED = TRUE -- always default to TRUE [| FALSE]
COMMENT = 'This warehouse is utilized by the Comcast DataBee team to load and monitor data in your SF account'
STATEMENT_QUEUED_TIMEOUT_IN_SECONDS = 1800 -- default to 30 min
STATEMENT_TIMEOUT_IN_SECONDS = 3600 -- default to 60 min
;

USE ROLE ACCOUNTADMIN;
GRANT USAGE ON WAREHOUSE CTSCYBER_WH TO ROLE CTSCYBER_RL;

-- Creating necessary database
USE ROLE SYSADMIN;
CREATE DATABASE CTSCYBER_DB
COMMENT = 'Database used for/by Comcast DataBee';

USE ROLE SYSADMIN;
GRANT OWNERSHIP ON DATABASE CTSCYBER_DB TO CTSCYBER_RL COPY CURRENT GRANTS;
GRANT USAGE on database CTSCYBER_DB TO CTSCYBER_RL;

-- Add Users
USE ROLE ACCOUNTADMIN;
CREATE OR REPLACE USER SVC_CTSCYBER
LOGIN_NAME = 'SVC_CTSCYBER'
RSA_PUBLIC_KEY = 'MIIBIjANBgkqh...' -- replace this with the public key you created for this user
DISPLAY_NAME = 'SVC USER CTSCYBER'
FIRST_NAME = ''
LAST_NAME = ''
DEFAULT_WAREHOUSE = 'CTSCYBER_WH' -- default warehouse
DEFAULT_NAMESPACE = 'CTSCYBER_DB' --default database
DEFAULT_ROLE = 'CTSCYBER_RL' --default role
MUST_CHANGE_PASSWORD=FALSE;

-- Grant default role
USE ROLE ACCOUNTADMIN;
GRANT ROLE CTSCYBER_RL TO USER SVC_CTSCYBER;
ALTER USER SVC_CTSCYBER SET DEFAULT_ROLE = CTSCYBER_RL;

-- Grant task permissions
USE ROLE ACCOUNTADMIN; 
GRANT EXECUTE TASK, EXECUTE MANAGED TASK ON ACCOUNT TO ROLE CTSCYBER_RL;