Understand migrating from jdbc-metadata-extractor to SDR
The jdbc-metadata-extractor is a standalone tar file that runs on your infrastructure and extracts metadata from on-premises databases without a direct connection from Atlan Cloud. Self-Deployed Runtime (SDR) is its successor—it provides the same capability with improved security, automated credential handling, and near-instant job pickup.
What changes
| Area | jdbc-metadata-extractor | SDR |
|---|---|---|
| Deployment | Docker Compose services started manually from the tar file | Dedicated connector app container, installed from the Atlan Marketplace |
| Credentials | Set as environment variables in the Docker Compose file | Fetched at runtime from your secret store (AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, HashiCorp Vault, or env vars) |
| Auth to Atlan | Long-lived API key (VAR_ATLAN_TOKEN) | Per-deployment OAuth credentials with autorefreshing short-lived tokens |
| Source filtering | INCLUDE_FILTER_TEMPLATE and EXCLUDE_FILTER_TEMPLATE env vars: regex patterns for databases and schemas (for example, {"^DB1$": ["^SCHEMA1$"]}) | Configured as include and exclude filter fields in the Atlan UI workflow form |
| System object exclusions | SYSTEM_SCHEMA_REGEX, SYSTEM_DATABASE_REGEX, and TEMP_TABLE_REGEX env vars | Configured as exclusion pattern fields in the Atlan UI workflow form |
| Firewall | Outbound HTTPS to <tenant>.atlan.com:443 | Outbound HTTPS to <tenant>.atlan.com:443 + outbound gRPC/TLS to <tenant>-temporal.atlan.com:443 |
What stays the same: Firewall rules to your source databases, object storage bucket, secret store paths, and source system credentials.