Creating Cloud Object Storage GuardPoints

Steps to create GuardPoints on individual clients and client groups are similar. GuardPoints can be created on the GuardPoints tab of individual clients and client groups.

CTE supports protection of Amazon S3 and Wasabi cloud storages. Before proceeding, review the "CTE COS for Amazon S3" section of the CTE Agent for Linux Advanced Configuration document. Make sure to fulfill the COS requirements.

To create a Cloud Object Storage GuardPoint:

1. Open the Transparent Encryption application.

2. Select the client or client group on which you want to create a GuardPoint.

   • Click a client under the Client Name column (Clients > Clients).

   • Click a client group under the Client Group Name column (Clients > Client Groups).

3. On the GuardPoints tab, click Create GuardPoint.

4. Select a Policy. This is a mandatory field.

   1. Click Select next to the Policy field.

   2. Select a Cloud Object Storage policy. If no policy exists, create one, as described in Creating Policies.

      

   3. Click Select.

5. Select the Type of device to protect. This is a mandatory field. The options are:

   • Auto Cloud Storage: Select for Cloud Storage policies.

   • Manual Cloud Storage: Select for Cloud Storage policies to be guarded manually.

   Note

   Manual Cloud Storage are guarded and unguarded (for example, mounted and unmounted) by running the secfsd -guard and secfsd -unguard commands. Do not run the mount and umount commands to swap GuardPoint nodes in a cluster configuration.

6. Specify the Cloud Object Storage URL of the storage to be protected. The URL format must be valid. For example, the URL format for an S3 bucket is https://s3.amazonaws.com/[bucket_name].

   Options to specify the URLs are:

   • URL: Select this option, and enter the URL in the box. Only one URL can be specified in the box.

   • Upload CSV: Select this option and click Browse to upload the CSV file containing the list of one or more URLs. This is the recommended method to specify a large number of paths in one step.

     Note

     • When specifying the URLs using the Upload CSV option, be sure the URLs in the file are correct. The CipherTrust Manager does not parse manually specified URLs for correct syntax.

     • See Considerations Before Creating GuardPoints for what to be aware of before creating a GuardPoint.

     • If multiple URLs are specified, they will all be protected by the same policy.

     • A maximum of 1000 URLs per CSV file can be uploaded.

   

7. Click Create.

Depending on the number of paths you add to a GuardPoint, a status information message may appear. Refer to GuardPoint Status Information for details.

The newly created GuardPoint appears on the GuardPoints tab. The status remains Unknown until the client sends the response after processing the GuardPoint request. Click the Refresh GuardPoints icon () to view the updated status.

Status of a GuardPoint can be checked at any time on the GuardPoints tab. Refer to Viewing GuardPoint Status for details.