Manually Running dataxform on Specific Files
Use the following procedure to manually execute dataxform on a specific set of files in a GuardPoint.
-
Back up the data in the GuardPoint.
-
If specific files are to be encrypted, create a file list.
A file list is a text file that consists of the full path name of each file to be transformed. Enter one file path per line. If a file list is not specified, dataxform will rekey all the files in the GuardPoint. -
Log on to the Management Console as an administrator of type Security Administrator with Host role permissions or type All.
Existing active GuardPoints must be disabled before running a manual data transformation.
-
For an existing GuardPoint, disable it. For new GuardPoints, go to the next step.
-
Open the GuardPoint tab of the host with the GuardPoint to be transformed. The applied policies and GuardPoints of the host are displayed.
-
Disable the GuardPoint that is currently in effect. Select the Select check box for the GuardPoint and click Disable.
-
Confirm that the GuardPoint is disabled:
-
For Linux and UNIX systems: execute the
secfsd -status guard
command repeatedly until the GuardPoint is no longer displayed. -
For Windows systems: on the task bar, right-click the Vormetric Tray Icon and click View > File System > GuardPoints until the GuardPoint is no longer displayed.
-
-
-
Create a dataxform policy and apply it to the now disabled or newly created GuardPoint. The dataxform policy specifies the following:
-
Action: key_op
-
Effect: apply_key, permit
-
Key Selection Rules key: The original key currently in use. Use clear_key if unencrypted.
-
Data Transformation Rules key: The new key. Use clear_key if decrypting.
-
-
Confirm that the GuardPoint is re-enabled:
-
For Linux and UNIX systems: execute the
secfsd -status guard
command repeatedly until the GuardPoint is displayed. -
For Windows systems: On the task bar, right-click the Vormetric Tray Icon and click View > File System > GuardPoints until the GuardPoint is displayed.
-
-
Execute the dataxform command with the desired options on the host system. For example:
#dataxform --rekey_list --file_list dx_fileList.txt --gp /home/apps/apps1/data --dir_recovery /root --dir_recovery allows you to specify where dataxform status files are placed.
-
(Optional) Monitor dataxform progress on the host system.
# tail -f /var/log/vormetric/vordxf_path_usr.log
-
Wait until dataxform completes.
-
Disable or delete the dataxform policy and replace with a production policy. Reboot the host if you cannot disable or delete the rekey policy
Do not apply a policy that is configured for encryption to a directory that contains unencrypted files because, when apply_key is configured, the unencrypted files are encrypted when they are accessed. The data will be unusable if read and corrupted if saved.