Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Common Dataxform Examples

Running Automatic Data Transformation

search

Please Note:

Running Automatic Data Transformation

You can automatically transform your GuardPoint data by creating a dataxform policy and placing a file called dataxform_auto_config in the top-level directory of the GuardPoint.

The dataxform_auto_config file consists of one or two lines. The first line is mandatory. It specifies an internally used version number. Currently, the internal version number is 1. Set the first line to “version=1”. The second line is optional. The second line lists additional dataxform parameters. By default, dataxform executes the --rekey and --gp options. These options rekey all the files in the GuardPoint. Do not enter the --rekey_list, --file_list, or --gp options in the dataxform_auto_config file. An example dataxform_auto_config file is shown below:

version=1
--thd 4 --preserve_modified_time

Automatic Data Transformation Notes and Limitations

  • Low-power systems can run out of memory while running dataxform. If entries like "[VMD] [ERROR] [1933564] [DXF4328E] Kernel component gave unexpected status 4." and "[VMD] [ERROR] [3670108] [DXF4300E] Out of Memory" are sent to the system messages file, lower the --thd parameter value. It will take longer to run, but dataxform will use less memory and should complete successfully.

  • Automatic dataxform processes directories and files according to the native sort order of the system. Automatic dataxform is aware of the files currently being processed. If the automatic dataxform process is interrupted, you can restart it and it will resume from roughly where it had left off. It will resume within a range of files generally equal to the number of open threads that were running, using the files listed in ./dataxform_status-_gp and ./dataxform_status-alt-_gp, and based on the system sort order. We strongly recommend that no one access the GuardPoint during data transformation because depending where dataxform is in the list of directories and files to process, the directories and files that you create can be skipped, and changes that you make to the files can go unnoticed. You will then have to manually transform the new or modified files. Additionally, if you do not configure manual dataxform properly, it is easy to rekey a file twice, thus corrupting that file. Automatic dataxform, on the other hand, is easier to recover.

To run automatic dataxform

  1. Back up and block all access to the GuardPoint.

  2. Create a dataxform_auto_config file.

  3. Log on to the Management Console as an administrator of type Security Administrator with Host role permissions or type All.

  4. Open the GuardPoint tab of the host with the GuardPoint to be transformed. The applied policies and GuardPoints of the host are displayed.

  5. Unguard the GuardPoint that is currently in effect. Select the Select option for the GuardPoint. Click Unguard.

  6. (Optional) Enter the df command on the host system repeatedly until the secfs mount for the GuardPoint is no longer displayed, or execute the “secfsd -status guard” command repeatedly until the GuardPoint is no longer displayed.

  7. Copy the dataxform_auto_config file into the GuardPoint. Data transformation should start within seconds.

  8. Apply the dataxform policy to the now disabled GuardPoint.

    (Optional) Execute the “secfsd -status guard” command repeatedly on the host system until the GuardPoint and rekey policy are displayed. You can also keep clicking the Refresh button in the Edit Host window, GuardPoint tab, until the green status ball is displayed.

  9. (Optional) Monitor dataxform progress on the host system.

    # tail -f /var/log/vormetric/vordxf_path_usr.log

  10. Check log files to verify successful dataxform completion.

    The /var/log/vormetric/vordxf_path_usr.log file lists the success or failure of dataxform, the files that were affected, and the actions taken. Refer to Using dataxform_status* Files for details.

    Check the rekey status in the Logs window.

  11. Delete the dataxform policy. Reboot the host if you cannot disable or delete the rekey policy.

  12. Delete the dataxform_auto_config file from the GuardPoint.

    If you do not delete the dataxform_auto_config file, the next time you apply a rekey policy to the GuardPoint, data transformation will begin immediately. It is better to copy the file into the GuardPoint when you are ready.

  13. Apply a production policy to the GuardPoint. If the dataxform policy used an encryption key, be sure to use the same key in the production policy.

Caution

Do not apply a policy that is configured for encryption to a directory that contains unencrypted files because, when apply_key is configured, the unencrypted files are encrypted when they are accessed. The data will be unusable if read and corrupted if saved.

On this page