Creating IDT GuardPoints
Steps to create GuardPoints on individual clients and client groups are similar. GuardPoints can be created on the GuardPoints tab of individual clients and client groups.
Before proceeding, review the "CipherTrust InPlace Data Transformation for Linux" section of the CTE Agent for Linux Advanced Configuration and Integration Guide. Make sure to fulfill the IDT requirements.
To create an IDT GuardPoint:
Open the Transparent Encryption application.
Select the client or client group on which you want to create a GuardPoint.
Click a client under the Client Name column (Clients > Clients).
Click a client group under the Client Group Name column (Clients > Client Groups).
On the GuardPoints tab, click Create GuardPoint.
Select a Policy. This is a mandatory field.
Click Select next to the Policy field.
Select an In-place Data Transformation policy. If no policy exists, create one, as described in Creating Policies.
Click Select.
Note
When an IDT policy is selected, the read-only In-place Data Transformation toggle is displayed on the Create GuardPoint dialog box.
Select the Type of device to protect. This is a mandatory field. The options for a In-place Data Transformation policy are:
Type Description Auto Raw or Block Device Select for IDT policies for raw (block) devices. Manual Raw or Block Device Select for IDT policies for raw (block) devices to be guarded manually. Note
Manual Raw or Block Device are guarded and unguarded (for example, mounted and unmounted) by running the
secfsd -guard
andsecfsd -unguard
commands. Do not run themount
andumount
commands to swap GuardPoint nodes in a cluster configuration.Specify the Path to be protected. This is a mandatory field. Options to specify the GuardPoint paths are:
Enter/Browse Path: Select this option, and enter the GuardPoint paths by either typing or clicking the Browse button.
Note
A maximum of 200 GuardPaths can be specified using the Enter/Browse Path option.
Click Browse to select a path by browsing the client file system. This method prevents typographical errors and verifies client availability. This is the recommended method to specify individual paths.
File system of a client that is not registered with the CipherTrust Manager cannot be browsed.
Alternatively, if you know the path, manually enter full paths of one or more directories in the given text box. Enter one path per line.
Upload CSV: Select this option and click Browse to upload the CSV file containing the list of one or more directories. This is the recommended method to specify a large number of paths in one step.
Note
• If a manually entered path does not yet exist, be sure to enter the path correctly. The CipherTrust Manager does not parse manually entered paths for correct syntax.
• See Considerations Before Creating GuardPoints for what to be aware of before creating a GuardPoint.
• If multiple paths are specified, they will all be protected by the same policy.
• A maximum of 1000 GuardPaths per CSV file can be uploaded.Click Create. A message appears prompting to confirm the reuse of these GuardPoint settings on another path.
Click Yes to use the same settings on another path. The Use Settings on Another Path dialog box is displayed. Perform the following steps:
Specify a new Path.
Click Add Path. The newly added path appears under the Paths list on the left. Similarly, add as many paths as required.
Click OK.
Click No if you do not want to use the same settings on another path.
Depending on the number of paths you add to a GuardPoint, a status information message may appear. Refer to GuardPoint Status Information for details.
The newly created GuardPoint appears on the GuardPoints tab. The status remains Unknown
until the client sends the response after processing the GuardPoint request. Click the Refresh GuardPoints icon () to view the updated status.
Status of a GuardPoint can be checked at any time on the GuardPoints tab. Refer to Viewing GuardPoint Status for details.
A use case of IDT GuardPoints is protection of Teradata appliances. Refer to Protecting Teradata Appliances for details.