Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Common Dataxform Examples

Manually Running Data Transformation on Specific Files

search

Please Note:

Manually Running Data Transformation on Specific Files

Use the following procedure to manually execute dataxform on a specific set of files in a GuardPoint.

  1. Back up the data in the GuardPoint.

  2. If specific files are to be encrypted, create a file list.
    A file list is a text file that consists of the full path name of each file to be transformed. Enter one file path per line. If a file list is not specified, dataxform will rekey all the files in the GuardPoint.

  3. Log on to the Management Console as an administrator of type Security Administrator with Host role permissions or type All.

    Note

    Existing active GuardPoints must be disabled before running a manual data transformation.

  4. For an existing GuardPoint, disable it. For new GuardPoints, go to the next step.

    1. Open the GuardPoint tab of the host with the GuardPoint to be transformed. The applied policies and GuardPoints of the host are displayed.

    2. Unguard the GuardPoint that is currently in effect. Select the Select check box for the GuardPoint and click Unguard.

    3. Confirm that the GuardPoint is disabled:

      • For Linux and UNIX systems: execute the secfsd -status guard command repeatedly until the GuardPoint is no longer displayed.

      • For Windows systems: on the task bar, right-click the Vormetric Tray Icon and click View > File System > GuardPoints until the GuardPoint is no longer displayed.

  5. Create a dataxform policy and apply it to the now disabled or newly created GuardPoint. The dataxform policy specifies the following:

    • Action: key_op

    • Effect: apply_key, permit

    • Key Selection Rules key: The original key currently in use. Use clear_key if unencrypted.

    • Data Transformation Rules key: The new key. Use clear_key if decrypting.

  6. Confirm that the GuardPoint is re-enabled:

    • For Linux and UNIX systems: execute the secfsd -status guard command repeatedly until the GuardPoint is displayed.

    • For Windows systems: On the task bar, right-click the Vormetric Tray Icon and click View > File System > GuardPoints until the GuardPoint is displayed.

  7. Execute the dataxform command with the desired options on the host system. For example:

    #dataxform --rekey_list --file_list dx_fileList.txt
--gp /home/apps/apps1/data --dir_recovery /root
--dir_recovery allows you to specify where dataxform status files are placed.

  8. (Optional) Monitor dataxform progress on the host system.

    # tail -f /var/log/vormetric/vordxf_path_usr.log

  9. Wait until dataxform completes.

  10. Delete the dataxform policy and replace with a production policy. Reboot the host if you cannot disable or delete the rekey policy

    Caution

    Do not apply a policy that is configured for encryption to a directory that contains unencrypted files because, when apply_key is configured, the unencrypted files are encrypted when they are accessed. The data will be unusable if read and corrupted if saved.

On this page