Create a GuardPoint
-
Stop all applications that are accessing the device you want to protect. In this example, we are going to protect the following directories with the same policy and encryption key:
Linux Windows • /dir/hr/files
• /dir/accounting/files
• /dir/shared/hr
• /dir/shared/accounting• C:\HR Files\
• C:\Accounting Files\
• C:\Shared Resources\HR\
• C:\Shared Resorces\Accounting\Tip
If you want to encrypt data without taking the device offline, you must use CipherTrust Transparent Encryption - Live Data Transformation.
-
In the Applications page of the CipherTrust Manager Console, select the CTE application.
-
In the Clients table, click on the name of the client you want to protect.
-
Above the GuardPoints table, click Create GuardPoint.
-
In the Create GuardPoint page:
a. In the Policy field, select the policy you created earlier.
b. In the Type field, select the type of device. You can guard a directory or a raw/block device. For this example, select Auto Directory.
c. In the Path field, enter the directories you want to protect with this policy or click Browse to select them from a explorer window.
If you want to enter multiple paths, put each path on its own line. For example:
Linux:
Windows:
d. Click Create.
e. If you want to use the same policy and GuardPoint type on another path, click Yes when prompted. Otherwise, click No. For this example, click No.
The CipherTrust Manager pushes the GuardPoint configuration to the client.
-
Type the following to transform the data:
# dataxform --rekey --print_stat --preserve_modified_time --gp <pathToGP>
When the data transformation has finished, applications can resume accessing the now-protected data. (See the “CTE Data Transformation Guide” for more information.)