Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Common Dataxform Examples

Running Automatic Data Transformation

search

Please Note:

Running Automatic Data Transformation

You can automatically transform your GuardPoint data by creating a dataxform policy and placing a file called dataxform_auto_config in the top-level directory of the GuardPoint.

The dataxform_auto_config file consists of one or two lines. The first line is mandatory. It specifies an internally used version number. Currently, the internal version number is 1. Set the first line to “version=1”. The second line is optional. The second line lists additional dataxform parameters. By default, dataxform executes the --rekey and --gp options. These options rekey all the files in the GuardPoint. Do not enter the --rekey_list, --file_list, or --gp options in the dataxform_auto_config file. An example dataxform_auto_config file is shown below:

version=1
--thd 4 --preserve_modified_time

Automatic Data Transformation Notes and Limitations

  • Low-power systems can run out of memory while running dataxform. If entries like "[VMD] [ERROR] [1933564] [DXF4328E] Kernel component gave unexpected status 4." and "[VMD] [ERROR] [3670108] [DXF4300E] Out of Memory" are sent to the system messages file, lower the --thd parameter value. It will take longer to run, but dataxform will use less memory and should complete successfully.

  • Automatic dataxform processes directories and files according to the native sort order of the system. Automatic dataxform is aware of the files currently being processed. If the automatic dataxform process is interrupted, you can restart it and it will resume from roughly where it had left off. It will resume within a range of files generally equal to the number of open threads that were running, using the files listed in ./dataxform_status-_gp and ./dataxform_status-alt-_gp, and based on the system sort order. As noted before, all user and/or application access to the GuardPoint is blocked during the data transformation process until the process completes. As such, any access to the files in the GuardPoint must be avoided in the event of the automatic dataxform process aborting.

To run automatic dataxform

  1. Back up and block all access to the GuardPoint.

  2. Create a dataxform_auto_config file.

  3. Log on to the Management Console as an administrator of type Security Administrator with Host role permissions or type All.

  4. Open the GuardPoint tab of the host with the GuardPoint to be transformed. The applied policies and GuardPoints of the host are displayed.

  5. Unguard the GuardPoint that is currently in effect. Select the Select option for the GuardPoint. Click Unguard.

  6. (Optional) Enter the df command on the host system repeatedly until the secfs mount for the GuardPoint is no longer displayed, or execute the “secfsd -status guard” command repeatedly until the GuardPoint is no longer displayed.

  7. Copy the dataxform_auto_config file into the GuardPoint. Data transformation should after the dataxform policy is applied to the GuardPoint.

  8. On the key manager, apply the dataxform policy to the now unguarded GuardPoint.

    (Optional) Execute the “secfsd -status guard” command repeatedly on the host system until the GuardPoint and rekey policy are displayed. You can also keep clicking the Refresh button in the Edit Host window, GuardPoint tab, until the green status ball is displayed.

  9. (Optional) Monitor dataxform progress on the CTE host system.

    # tail -f /var/log/vormetric/vordxf_path_usr.log

  10. Check log files on the CTE host to verify successful dataxform completion.

    The /var/log/vormetric/vordxf_path_usr.log file lists the success or failure of dataxform, the files that were affected, and the actions taken. Refer to Using dataxform_status* Files for details.

    Check the rekey status in the Logs window.

  11. Delete the dataxform policy by unguarding the GuardPoint on the key manager. Reboot the host if you cannot delete the rekey policy and then retry deleting the dataxform policy.

  12. Delete the dataxform_auto_config file from the GuardPoint on the CTE host. If you do not delete the dataxform_auto_config file, the next time you apply a rekey policy to the GuardPoint, data transformation will begin immediately.

  13. Apply a production policy to the GuardPoint. If the dataxform policy used an encryption key, be sure to use the same key in the production policy.

On this page