Creating LDT GuardPoints
Steps to create GuardPoints on individual clients and client groups are similar. GuardPoints can be created on the GuardPoints tab of individual clients and client groups.
Creating LDT GuardPoints
To create an LDT GuardPoint on a client:
Open the Transparent Encryption application.
Select the client or client group on which you want to create a GuardPoint.
Click a client under the Client Name column (Clients > Clients).
Click a client group under the Client Group Name column (Clients > Client Groups).
On the GuardPoints tab, click Create GuardPoint.
Select a Policy. This is a mandatory field.
Click Select next to the Policy field.
Select a Live Data Transformation policy. If no policy exists, create one, as described in Creating Policies.
Click Select.
Select the Type of device to protect. This is a mandatory field. Depending on the platform, the options for an LDT policy are:
Type Windows Linux Description Auto Directory Yes Yes Select for file system directories. Manual Directory No Yes Select for file system directories to be guarded manually. Note
Manual Directory is guarded and unguarded (for example, mounted and unmounted) by running the
secfsd -guard
andsecfsd -unguard
commands. Do not run themount
andumount
commands to swap GuardPoint nodes in a cluster configuration.Specify the Path to be protected. This is a mandatory field. Options to specify the GuardPoint paths are:
Enter/Browse Path: Select this option, and enter the GuardPoint paths by either typing or clicking the Browse button.
Click Browse to select a path by browsing the client file system. This method prevents typographical errors and verifies client availability. This is the recommended method to specify individual paths.
File system of a client that is not registered with the CipherTrust Manager cannot be browsed.
Alternatively, if you know the path, manually enter full paths of one or more directories in the given text box. Enter one path per line.
Note
A maximum of 200 GuardPaths can be specified using the Enter/Browse Path option.
Upload CSV: Select this option and click Browse to upload the CSV file containing the list of one or more directories. This is the recommended method to specify a large number of paths in one step.
Note
• If a manually entered path does not yet exist, be sure to enter the path correctly. The CipherTrust Manager does not parse manually entered paths for correct syntax.
• See Considerations Before Creating GuardPoints for what to be aware of before creating a GuardPoint.
• If multiple paths are specified, they will all be protected by the same policy.
• A maximum of 1000 GuardPaths per CSV file can be uploaded.Configure the Preserve Sparse Region toggle. The toggle is turned on by default.
Caution
If you turn off the Preserve Sparse Region toggle, you are prompted to confirm the action. This is an irreversible action.
(Optional, Windows only) Select Secure Start to enable the Secure Start feature. By default, the check box is clear.
If you plan not to enable the Secure Start now, you can do that later, as described in Enabling Secure Start for GuardPoints.
Click Create. A message appears prompting to confirm the reuse of these GuardPoint settings on another path.
Click Yes to use the same settings on another path. The Use Settings on Another Path dialog box is displayed. Perform the following steps:
Specify a new Path.
Click Add Path. The newly added path appears under the Paths list on the left. Similarly, add as many paths as required.
Click OK.
Click No if you do not want to use the same settings on another path.
Depending on the number of paths you add to a GuardPoint, a status information message may appear. Refer to GuardPoint Status Information for details.
The newly created GuardPoint appears on the GuardPoints tab. The status remains Unknown
until the client sends the response after processing the GuardPoint request. Click the Refresh GuardPoints icon () to view the updated status.
Status of a GuardPoint can be checked at any time on the GuardPoints tab. Refer to Viewing GuardPoint Status for details.
An LDT GuardPoint is applied automatically according to the QoS settings configured in the linked profile. Refer to Creating a Profile and Setting Quality of Service Configuration.