Removing LDT from a Host

Once you have registered a host and enabled LDT, you cannot disable the LDT feature by unchecking the LDT box. You must unregister the host from the CipherTrust Manager, then register it again without LDT. When you remove the LDT feature from a host entirely, the host’s LDT license becomes available for use on another host.

1. Stop all applications from accessing data in LDT GuardPoints on the host.

2. Migrate data in every LDT GuardPoint using the steps described in the section Remove Protection from a GuardPoint.

   Warning

   Potential data loss. Ensure that you have decrypted the data and, optionally, copied it out of the GuardPoint. Once the CTE Agent software is removed, access to data is no longer controlled by CTE. If the data was encrypted, it remains encrypted, and there is no way to read it.

3. Remove the GuardPoints on the host from the CipherTrust Manager.

   1. Remove the LDT metadata from those GuardPoints.

   2. Remove the MDS files associated with those GuardPoints, if necessary. See Deleting LDT Metadata (Linux) for more information.

4. Remove the host from the CipherTrust Manager. For details, see the CTE Agent for Linux Advanced Configuration and Integration Guide or the CTE Agent for Windows Advanced Configuration and Integration Guide.

5. Re-install the agent on the host.

6. Register the host with the CipherTrust Manager. This time, do not select the CipherTrust Transparent Encryption - Live Data Transformation option. See Enabling LDT on a Protected Host.