Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Using the LDT Encryption Method

Creating a LDT GuardPoint for DFS(R)

search

Please Note:

Creating a LDT GuardPoint for DFS(R)

Warning

Before you can create an LDT GuardPoint, you must set LDT to ignore the DFS(R) private directory that Microsoft automatically creates when you create a DFS(R) replication point. The private directory should not be encrypted by LDT.

  1. Log into one of the DFS(R) servers in your network as an administrator.

  2. For each GuardPoint that you intend to set up on the server, exclude the matching DfsrPrivate directory from the LDT process using the voradmin ldt exlist add <guard path> command.

    For example, if you are going to guard D:\data, G:\HR Files, and the entire F: drive, you would use the following commands:

    voradmin ldt exlist add D:\data\DfsrPrivate
voradmin ldt exlist add G:\HR Files\DfsrPrivate
voradmin ldt exlist add F:\DfsrPrivate

    To make sure LDT is ignoring the proper directories, use the voradmin ldt exlist get command:

    voradmin ldt exlist get

Live Data Transformation exclusion list. Following ${gp}s will be excluded from the Live Data Transformation.

G:\HR Files\DfsrPrivate
D:\data\DfsrPrivate
F:\DfsrPrivate

  3. Reboot all of the LDT agent hosts before you create any LDT GuardPoints.

  4. Repeat the previous steps on each server in your configuration before you create any LDT GuardPoints.

  5. After you have excluded all DfsrPrivate directories on all servers from LDT processing, log into your key manager and set your LDT properties. When you begin the initial encryption, Thales recommends that you throttle the LDT processing speed with a CPU cap of 20%. You can increase this cap as more of the data is encrypted and there are fewer deltas between the DFS staging area and the production area.

    To set the cap, launch the CTE application and create a Profile with the appropriate Quality of Service configuration parameters. Then make sure that all clients in the DFS(R) configuration use that profile.

  6. Create the required LDT GuardPoints using the Live Data Transformation policy you created.

    Create the same set of GuardPoints, using the same Live Data Transformation policies, on each server in the configuration. For example, if you set up the following GuardPoints for the first server:

    Guard Path LDT Policy Name
    D:\data LDT-Policy-Main
    D:\data\DfsrPrivate LDT-Policy-Main
    F:\ LDT-Policy-Main
    F:\DfsrPrivate LDT-Policy-Main
    G:\HR Files LDT-Policy-HR
    G:\HR Files\DfsrPrivate LDT-Policy-HR

    You must then set up the same six GuardPoints, using the same two LDT policies, on each server in the configuration.

On this page