Removing GuardPoints
GuardPoints can be unguarded (removed) from entire client groups or individual clients. When a GuardPoint is removed from a client group, the GuardPoint is automatically removed from all clients in the group.
When unguarded, all references to the GuardPoint are removed from the CipherTrust Manager, the mound point is removed from the client, and the client stops enforcing protection on the GuardPoint.
Before Removing GuardPoints
The following preliminary steps need to be taken before removing a GuardPoint:
Encrypted data in a GuardPoint will still be encrypted when the GuardPoint is removed. If you are not going to reuse the GuardPoint for any reason, such as uninstalling the CTE Agent software from a client, do either of the following:
Copy the encrypted files out of the GuardPoint so that they are saved as unencrypted files. The GuardPoint must be enabled while copying encrypted files out. Also, ensure that the user or process copying files out of the GuardPoint is not restricted to ciphertext read access under any security rule in the policy applied to the GuardPoint.
Rekey the encrypted files while the GuardPoint is still applied under an offline transformation policy.
Note
For LDT GuardPoints, refer to Migrating a GuardPoint Out of CTE-LDT in the CTE-Live Data Transformation with CipherTrust Manager to ensure that the data in those GuardPoints remains available.
Take the GuardPoint out of service so that no user or application is accessing the directories and files in the GuardPoint. A GuardPoint is a mounted file system. Removing a GuardPoint involves unmounting the file system. File systems cannot be unmounted when in use.
Remove all the GuardPoints and disable the locks for a client before deleting the client from the CipherTrust Manager. This ensures that there are no residual GuardPoints in effect on the client.
Removing a GuardPoint
To remove a GuardPoint:
Open the Transparent Encryption application.
Select the client or client group from which you want to remove the GuardPoint.
Click a client under the Client Name column (Clients > Clients).
Click a client group under the Client Group Name column (Clients > Client Groups).
On the GuardPoints tab, select the GuardPoint to be removed.
Click the delete icon ().
Alternatively, click the overflow icon () corresponding to the desired GuardPoint, and click Unguard.
A warning message appears stating that unguarding a GuardPoint is permanent and cannot be undone.
Click Unguard to confirm the action.
The GuardPoint status becomes
Processing
. While processing the GuardPoint removal:CipherTrust Manager notifies the CTE Agent that the GuardPoint is removed from the CipherTrust Manager.
CTE Agent removes the mount point from the client.
CTE Agent notifies the CipherTrust Manager about the GuardPoint removal.
CipherTrust Manager removes the GuardPoint from the GuardPoints tab.
Click the Refresh GuardPoints icon () to update the tab.
Verify the mount points on the CTE client.
On UNIX, run the command
df
orsecfsd -status guard
.On Windows, click the Vormetric icon and View > File System > GuardPoints.
Removing Multiple GuardPoints
The CipherTrust Manager provides an option to remove/unguard multiple GuardPoints. A maximum of 200 GuardPoints can be removed at once.
To remove multiple GuardPoints:
Open the Transparent Encryption application.
Select the client or client group from which you want to remove the GuardPoints.
Click a client under the Client Name column (Clients > Clients).
Click a client group under the Client Group Name column (Clients > Client Groups).
On the GuardPoints tab, select the GuardPoints to be removed.
To select all GuardPoints visible on the page, select the top check box to the left of the Status heading.
Click the delete icon ().
A warning message appears stating that unguarding GuardPoints is permanent and cannot be undone.
Click Unguard to confirm the action.
The GuardPoint status becomes
Processing
. While processing the GuardPoint removal:CipherTrust Manager notifies the CTE Agent that the GuardPoint is removed from the CipherTrust Manager.
CTE Agent removes the mount point from the client.
CTE Agent notifies the CipherTrust Manager about the GuardPoint removal.
CipherTrust Manager removes the GuardPoint from the GuardPoints tab.
Click the Refresh GuardPoints icon () to update the tab.
Verify the mount points on the CTE Agent client.
On UNIX, run the command
df
orsecfsd -status guard
.On Windows, click the Vormetric icon and View > File System > GuardPoints.