Managing Data Stores
You manage data stores through the Data Stores page, which is accessed by clicking the Data Stores link in the Data Discovery sidebar on the left.
From the Data Stores page you can:
View all the available data stores. See Viewing Data Stores.
Create a new data store. See Adding Data Stores.
Edit an existing data store. See Editing Data Stores.
Remove a data store. See Removing Data Stores.
Select an Agent for a data store. See Selecting Agents.
Viewing Data Stores
The list view of the Data Stores page shows the number of:
Existing data stores with the number of scanned and unscanned data stores.
Supported data types with the number of configured data stores of each type.
Scanned data stores with the number of data stores containing sensitive and nonsensitive data.
Click the refresh button to refresh the displayed information.
The list view of the Data Stores page shows the following details:
Item | Description |
---|---|
Name | Name of the data store. |
Type | Type of the data store. |
Sens Level | Sensitivity level applied to the data store. |
Location | Location of the data store. |
Agent Status | The status of automatic agent assignment. - "Ready" or "Failed". |
Labels | The number of agent labels that the datastore has. |
%Sens. Info | Percentage of data objects in the data store that are considered as sensitive data objects. A hyphen "-" indicates that a data store is not yet scanned. |
Status | Status of the data store - enabled or disabled. During a scan, DDC searches for agents in enabled data stores. Click the toggle switch to change the status. |
The status of a data store could be disabled while it waits for an Agent or if it fails to select an Agent. Disabled data stores are skipped during the scan.
Tip
Use the Search text box to filter data stores. Search results display data stores that contain specified text in their names.
By default, data stores are listed in ascending alphabetic order of their names.
Data stores can be sorted by their names, types, sensitivity levels, locations, and percentage of sensitive information.
Adding Data Stores
To create a new data store, navigate to the Data Stores screen (Data Discovery > Data Stores). Click the +Add Data Store button to open the Add Data Store wizard.
In the wizard, you have to go over four configuration steps for each data store that you create:
Select Store Type - Select a data store type that you want to create. Refer to individual procedures for each data store type for details.
Configure Connection - provide the connection details for the data store that you selected in the previous step. This step is different for every data store type. Refer to individual procedures for each data store type for configuration details.
General Info - specify the name, description, branch location, and sensitivity level for your data store. These settings are shared by all data store types. See General Information for details.
Add Tags & Access Control - grant access rights to your data store and add tags. These settings are shared by all data store types. See Tags and Access Control for details.
Refer to individual procedures for each data store type for configuration details:
To add a local data store, see Local Data Stores.
To add a network data store, see Network Data Stores.
To add a database data store, see Database Data Stores.
To add a BigData data store, see Big Data Stores.
To add a cloud data store, see Cloud Data Stores.
To add a server data store, see Server Data Stores.
Editing Data Stores
Existing data stores can be modified to suit your requirements. Use the edit view of the page to modify properties of data stores. You can edit the data store name, description, linked branch location, and applied sensitivity level. Additionally, connection settings, access rights, and tags can be modified.
To edit a data store:
In the left pane of the Data Discovery application, click Data Stores. The Data Stores page is displayed. This page lists available data stores.
Click the overflow icon () corresponding to the desired data store. A shortcut menu appears.
Tip
Alternatively, to open the edit view a data store, click the Name link of the desired data store. Only the users with appropriate rights can see edit data store settings. All other users can only the settings.
Click View/Edit. The edit view of the Data Stores page appears.
Note
Only the users with appropriate rights can see the View/Edit button. For all other users, only the View button is visible.
Expand GENERAL. General details are displayed.
Modify the required information.
Note
The current data store type, which is displayed under Select Type, cannot be changed.
Expand CONNECTION. Connection settings are displayed. Based on the storage type, the displayed fields can be different.
Modify the required information.
Note
When using the Authentication method, specify valid credentials in User and Password. To change the existing password, unlock the Password field by clicking the lock icon and enter the new password.
Expand AGENTS. The applied agent labels, if any, are displayed.
Add new agent labels or remove existing ones, as required.
Click Test Connection to test the modified connection settings. If any error occurs, correct the connection settings and retry.
Note
The Test Connection button is available only if a compatible Agent is found.
Expand ACCESS. The granted access rights are displayed.
Modify access rights under Grant Access to, if required.
Expand TAGS. The applied tags, if any, are displayed.
Add new tags or modify existing tags, as required.
Click Save Changes.
The list view of the Data Stores page shows updated information.
Removing Data Stores
You can remove a data store in the Data Stores screen. To remove a data store follow these steps:
Click the overflow icon () corresponding to the desired data store.
In the shortcut menu that is displayed, select the Remove option.
If the data store has scans associated with it, a Remove Data Store message box with the following information will be displayed:
"This Data Store cannot be removed. Take into consideration that this Data Store is currently assigned to one or more scans. Remove or replace the Data Store from the associated scan/s or delete the scan/s, then try again." The list of associated scans is displayed below.
In this case, click the Cancel button in the message box, follow the above recommendations, and retry the data store removal operation.
If the data store has no scans associated with it, a Remove Data Store message box with the following information will be displayed:
"Remove Data Store? Are you sure you want to remove this data store? This action cannot be undone."
Confirm the data store removal by clicking the Remove button in the warning message dialogue box. To cancel the operation, click the Cancel button.
Automatic Agent Selection
Data stores that do not have a DDC Agent installed on the same host require using a DDC Agent as a proxy to get from the CM appliance to the data store endpoint. To achieve this, data stores select agents automatically.
Note
To control the agents that can scan a particular Data Store, please check that the desired agent has granted the access to it. At the same time, block connections from any other agent at network layer.
When a data store is added, the following situations can occur:
DDC searches for a compatible agent: When DDC searches for a compatible Agent, a rotating spinner next to the data store's name is displayed. If you hover the mouse over the spinner, "Waiting for Agent" is shown.
DDC finds a compatible agent: When a compatible agent is found, no spinner is seen next to the name. You can now test its connectivity with the Agent by clicking the "Test Connection" button inside the data store's settings. Refer to "Editing Data Stores" on page 1 for details.
DDC does not find a compatible agent: DDC retries the agent selection for seven days. If cannot find a compatible agent in seven days, an error icon is displayed. If you hover the mouse over the icon, it states "Agent not available". The "Find Agent" button to relaunch the Agent selection is visible on clicking the overflow icon () next to the data store.
To relaunch automatic agent selection for a data store:
In the Data Discovery application, click the overflow icon () corresponding to the desired data store. A shortcut menu appears.
Click Find Agent.
Note
Instructions to install and configure DDC Agents can be found in the Data Discovery and Classification Deployment Guide.
Port
11117
on the CM appliance must be accessible from DDC Agent hosts.Data store endpoint needs to be accessible from DDC Agent hosts.
To proxy requests to database stores, a Windows-based DDC Agent is required.
To proxy requests to Hadoop data stores, a Linux-based DDC Agent is required.
When the DDC Agent is properly identified, the data store status changes to ready. At this point, it is now possible to run scans against this data store.
Automatic agent selection algorithm only considers DDC Agents with "Local Storage Only" enabled for Local Storage Data Stores. Refer to Viewing List of Agents for details.
General Information
The General Info screen in the Add Data Store wizard allows you to specify the name, description, branch location, and sensitivity level of your data store. More details below:
Name - the name of your data store. The name must be longer than two characters and up to 64 characters.
Description - the description for the data store (up to 250 characters).
Branch Location - select a branch location from the drop-down list. If no branch location is available, you have to create it. See Managing Branch Locations for details.
Sensitivity Level - select a sensitivity level from the drop-down list. A sensitivity level suggests to DDC what level of sensitivity is acceptable to find in this data store. For details, see Sensitivity Levels.
Enable Data Store - when selected it means that this data store is available for scans. The Enable Data Store check box is selected by default. If the check box is cleared, the data store is disabled (not available) for scans.
Note
The Enable Data Store check box is selected by default. This means that this data store is available for scans. If the check box is cleared, the data store is disabled (not available) for scans.
Tags and Access Control
The Add Tags & Access Control screen in the Add Data Store wizard allows you to grant access rights to your data store and add tags. More details below:
ACCESS - select user groups that can access the data store. Access to a data store provides ability to see reports that include scans of that data store. The available options are:
All groups: All groups of users can access the data store through reports. This is the default setting.
Selected group/s: Specified user defined groups can access the data store through reports. When this option is selected, select a group from the drop-down list. This list shows existing user defined groups. The user defined groups must already exist on CipherTrust Manager. If no user defined groups exist, ask the administrator to create a group. If needed, you can select multiple groups. Start typing the name of the desired group and select from the suggested groups.
TAGS - select a tag from the Add Tag drop-down list. Please check the list of prebuilt tags in Predefined Tags.
Tip
New tags can also be added. Start typing a new tag, and click the New: <new_tag> link that appears below the drop-down list.
Add as many tags as needed.
To remove a tag, click the close icon in the tag name.
In the General Info screen of the wizard, specify the name, description, branch location, and sensitivity level for your data store. See "Configuring a Data Store - General Information" for details.
In the Add Tags & Access Control screen of the wizard, grant access rights to your data store and add metadata. See "Configuring a Data Store – Tags and Access Control" for details.
Click Save to create the data store. At any time during the configuration you can click Back to go to any of the previous wizard screens to update the configuration. The newly created data store appears on the Data Stores page. By default, data stores are displayed in alphabetic order by name. Depending on the number of entries per page, you might need to navigate to other pages to view the newly created data store.