Removing CTE-LDT from a Host
Once you have registered a host and enabled CTE-LDT, you cannot disable the CTE-LDT feature by unchecking the CTE-LDT box. You must unregister the host from the CipherTrust Manager, then register it again without CTE-LDT. When you remove the CTE-LDT feature from a host entirely, the host’s CTE-LDT license becomes available for use on another host.
-
Stop all applications from accessing data in CTE-LDT GuardPoints on the host.
-
Migrate data in every CTE-LDT GuardPoint using the steps described in the section Remove Protection from a GuardPoint.
Potential data loss. Ensure that you have decrypted the data and, optionally, copied it out of the GuardPoint. Once the CTE Agent software is removed, access to data is no longer controlled by CTE. If the data was encrypted, it remains encrypted, and there is no way to read it.
-
Remove the GuardPoints on the host from the CipherTrust Manager.
-
Remove the CTE-LDT metadata from those GuardPoints.
-
Remove the MDS files associated with those GuardPoints, if necessary. See Deleting CTE-LDT Metadata (Linux) for more information.
-
-
Remove the host from the CipherTrust Manager. For details, see the CTE Agent for Linux Advanced Configuration and Integration Guide or the CTE Agent for Windows Advanced Configuration and Integration Guide.
-
Re-install the agent on the host.
-
Register the host with the CipherTrust Manager. This time, do not select the CipherTrust Transparent Encryption - Live Data Transformation option. See Enabling CTE-LDT on a Protected Host.