Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Use Cases involving Efficient Storage GuardPoints

Use Case 2: Device-Level GuardPoints

search

Please Note:

Use Case 2: Device-Level GuardPoints

Protect structured or unstructured data stored in data files. The data files are organized inside one or more directories or folders within a file system namespace, such as NTFS or ReFS, without any protection on the folders or the file system namespace. In this use case, the file system resides in the device guarded as Efficient Storage using a policy with a key rule and no user specified access rule. Access rules are not applicable in this use case and should not be used.

File system resides in device guarded as ES GuardPoint

Example

In the following example, the Windows Administrator has created a new 10 MG VHD in the Windows Disk Management tool. This VHD is called Disk 3, and it has not yet been initialized.

The Windows Administrator then uses voradmin esg list disk to get the CTE device name for the new disk and initializes it using the voradmin esg config new command, as shown: 

 voradmin esg list disk

Disk###  Device Name                        Boot Disk  Size       Status     Partition  Read Only  SERIAL NUMBER
-------  ---------------------------------  ---------  ---------  ---------  ---------  ---------  -------------
Disk0    \Device\Ide\IdeDeviceP0T0L0-0      Yes        127.0 GB   Online     MBR        No                      
Disk1    \Device\00000032                   No         49.9 GB    Online     MBR        No                    
Disk2    \Device\00000033                   No         50.9 GB    Online     MBR        No                     
Disk3    \Device\00000051                   No         10.0 GB    Online     MBR        No                              
C:\>voradmin esg config new \Device\00000051=NewDisk3
Disk is initialized successfully with CTE ESG protection.

The Administrator guards the new disk through the CipherTrust Manager, and uses the voradmin esg status command to make sure the new disk has been successfully guarded. 

 voradmin esg status

Disk###  Device Name                        Boot Disk  ESG Device label           Guard Status   Xform Status
-------  ---------------------------------  ---------  -------------------------  -------------  -------------
Disk0    \Device\Ide\IdeDeviceP0T0L0-0      Yes        NA                         unguarded
Disk1    \Device\00000032                   No         esg-disk1-demo             guarded         Completed
Disk2    \Device\00000033                   No         esg-disk2-demo             guarded         Completed
Disk3    \Device\00000051                   No         NewDisk3                   guarded         NA

After the device has been guarded, the Administrator returns to the Windows Disk Manager and selects Action > Rescan Disks to make sure the Windows Disk Manager is synchronized with CTE. They then initialize the disk, create a new volume for it, and format it. Notice that the new volume size is slightly smaller than the original 10 GB because CTE has reserved room for the CTE Private Region.

On this page