dataxform Space Requirements
Because it transforms data in place, dataxform must run to completion once it starts. If the utility does not run to completion, some files will have been completely transformed, some will not have been transformed, and some will only be partially transformed. Transformed files will be encrypted with the transformation key, not-yet-transformed ones with the pre-transformation production key, and those undergoing transformation will be in an indeterminate encryption state. To enable successful completion of an interrupted transformation, dataxform adopts two strategies:
-
Master file list
Before transforming the files in a set, the utility makes a disk-based list of path names. The list determines the order of transformation, and is also used to determine the restart point if transformation is interrupted. When dataxform finishes transforming a file set, it deletes the master file list, so only temporary storage for the list is required. -
Status logging
Each time dataxform finishes transforming a file, the utility records the status of the transformation in the diskbased status file. Status includes the path names of files being transformed at the time of recording. This enables dataxform to restart after interruption and recover incompletely transformed files from a backup.
For large directories (e.g., those containing 100,000 or more files) the size of the dataxform file list can run to tens of gigabytes (the size is largely determined by file path name lengths). By default, dataxform stores its master file list in the directory in which it writes log entries. Before running dataxform, the protected host administrator should ascertain that the file system containing the logging directory contains sufficient space to hold a list of full path names within the GuardPoint (see Monitoring dataxform). If this is not practical, the administrator can designate an alternate location for the list and status files as a dataxform command line option.
