Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Use Cases involving Efficient Storage GuardPoints

Use Case 2: Device-Level GuardPoints

search

Please Note:

Use Case 2: Device-Level GuardPoints

Protect structured or unstructured data stored in data files. The data files are organized inside one or more directories or folders within a file system namespace, such as NTFS or ReFS, without any protection on the folders or the file system namespace. In this use case, the file system resides in the device guarded as Efficient Storage using a policy with a key rule and no user specified access rule. Access rules are not applicable in this use case and should not be used.

File system resides in device guarded as ES GuardPoint

copy link to clipboardExample

In the following example, the Windows Administrator has created a new 10 MG VHD in the Windows Disk Management tool. This VHD is called Disk 3, and it has not yet been initialized.

The Windows Administrator then uses voradmin esg list disk to get the CTE device name for the new disk and initializes it using the voradmin esg config new command, as shown: 

voradmin esg list disk

Disk###  Device Name                        Boot Disk  Size       Status     Partition  Read Only  SERIAL NUMBER
-------  ---------------------------------  ---------  ---------  ---------  ---------  ---------  -------------
Disk0    \Device\Ide\IdeDeviceP0T0L0-0      Yes        127.0 GB   Online     MBR        No
Disk1    \Device\00000032                   No         49.9 GB    Online     MBR        No
Disk2    \Device\00000033                   No         50.9 GB    Online     MBR        No
Disk3    \Device\00000051                   No         10.0 GB    Online     MBR        No
C:\>voradmin esg config new \Device\00000051=NewDisk3
Disk is initialized successfully with CTE ESG protection.

The Administrator guards the new disk through the CipherTrust Manager, and uses the voradmin esg status command to make sure the new disk has been successfully guarded. 

voradmin esg status

Disk###  Device Name                        Boot Disk  ESG Device label           Guard Status   Xform Status
-------  ---------------------------------  ---------  -------------------------  -------------  -------------
Disk0    \Device\Ide\IdeDeviceP0T0L0-0      Yes        NA                         unguarded
Disk1    \Device\00000032                   No         esg-disk1-demo             guarded         Completed
Disk2    \Device\00000033                   No         esg-disk2-demo             guarded         Completed
Disk3    \Device\00000051                   No         NewDisk3                   guarded         NA

After the device has been guarded, the Administrator returns to the Windows Disk Manager and selects Action > Rescan Disks to make sure the Windows Disk Manager is synchronized with CTE. They then initialize the disk, create a new volume for it, and format it. Notice that the new volume size is slightly smaller than the original 10 GB because CTE has reserved room for the CTE Private Region.

On this page