Creating a LDT GuardPoint for DFS(R)

Log into one of the DFS(R) servers in your network as an administrator.

For each GuardPoint that you intend to set up on the server, exclude the matching DfsrPrivate directory from the LDT process using the voradmin ldt exlist add <guard path> command.

For example, if you are going to guard D:\data, G:\HR Files, and the entire F: drive, you would use the following commands:

voradmin ldt exlist add D:\data\DfsrPrivate
voradmin ldt exlist add G:\HR Files\DfsrPrivate
voradmin ldt exlist add F:\DfsrPrivate

To make sure LDT is ignoring the proper directories, use the voradmin ldt exlist get command:

voradmin ldt exlist get

Live Data Transformation exclusion list. Following ${gp}s will be excluded from the Live Data Transformation.

G:\HR Files\DfsrPrivate
D:\data\DfsrPrivate
F:\DfsrPrivate

Reboot all of the LDT agent hosts before you create any LDT GuardPoints.

Repeat the previous steps on each server in your configuration before you create any LDT GuardPoints.

After you have excluded all DfsrPrivate directories on all servers from LDT processing, log into your key manager and set your LDT properties. When you begin the initial encryption, Thales recommends that you throttle the LDT processing speed with a CPU cap of 20%. You can increase this cap as more of the data is encrypted and there are fewer deltas between the DFS staging area and the production area.

To set the cap, launch the CTE application and create a Profile with the appropriate Quality of Service configuration parameters. Then make sure that all clients in the DFS(R) configuration use that profile.

Create the required LDT GuardPoints using the Live Data Transformation policy you created.

Create the same set of GuardPoints, using the same Live Data Transformation policies, on each server in the configuration. For example, if you set up the following GuardPoints for the first server:

You must then set up the same six GuardPoints, using the same two LDT policies, on each server in the configuration.