Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

Creating GuardPoints

Creating Standard GuardPoints

search

Please Note:

Creating Standard GuardPoints

Steps to create GuardPoints on individual clients and client groups are similar. GuardPoints can be created on the GuardPoints tab of individual clients and client groups.

Creating Standard GuardPoints on Local Paths

To create a GuardPoint:

  1. Open the Transparent Encryption application.

  2. Select the client or client group on which you want to create a GuardPoint.

    • Click a client under the Client Name column (Clients > Clients).

    • Click a client group under the Client Group Name column (Clients > Client Groups).

  3. On the GuardPoints tab, click Create GuardPoint.

  4. Select a Policy. This is a mandatory field.

    1. Click Select next to the Policy field.

    2. Select a Standard policy. If no policy exists, create one, as described in Creating Policies.

    3. Click Select.

  5. Select the Type of device to protect. This is a mandatory field. Depending on the platform, the options for a Standard policy are:

    TypeWindowsLinuxDescription
    Auto DirectoryYesYesSelect for file system directories.
    Manual DirectoryNoYesSelect for file system directories to be guarded manually.
    Auto Raw or Block DeviceYesYesSelect for standard policies for raw (block) devices.
    Manual Raw or Block DeviceNoYesSelect for standard policies for raw (block) devices to be guarded manually.

    Manual Directory and Manual Raw or Block Device are guarded and unguarded (for example, mounted and unmounted) by running the secfsd -guard and secfsd -unguard commands. Do not run the mount and umount commands to swap GuardPoint nodes in a cluster configuration.

  6. Specify the Path to be protected. This is a mandatory field. Options to specify the GuardPoint paths are:

    • Enter/Browse Path: Select this option, and enter the GuardPoint paths by either typing or clicking the Browse button.

      A maximum of 200 GuardPaths can be specified using the Enter/Browse Path option.

      Browse Method

      1. Click Browse to select a path by browsing the client file system. This method prevents typographical errors and verifies client availability. This is the recommended method to specify individual paths.

        File system of a client that is not registered with the CipherTrust Manager cannot be browsed.

      2. In the Search Local Path field, specify a starting path and click Refresh or select from the on-screen file system browser.

      3. Click Add.

      Manual Method

      Alternatively, if you know the path, manually enter full paths of one or more directories in the given text box. Enter one path per line.

    • Upload CSV: Select this option and click Browse to upload the CSV file containing the list of one or more directories. This is the recommended method to specify a large number of paths in one step.

    • If a manually entered path does not yet exist, be sure to enter the path correctly. The CipherTrust Manager does not parse manually entered paths for correct syntax.
    • See Considerations Before Creating GuardPoints for what to be aware of before creating a GuardPoint.
    • If multiple paths are specified, they will all be protected by the same policy.
    • A maximum of 1000 GuardPaths per CSV file can be uploaded.

  7. (Optional, Linux only) Select Auto Mount to specify an automount path. For a regular (non-auto) mount path, make sure that the check box is clear.

  8. (Optional, Windows only) Select Secure Start to enable the Secure Start feature. By default, the check box is clear.

    If you plan not to enable the Secure Start now, you can do that later.

  9. (Optional, Windows only). Select Multifactor Authentication.

  10. Click Create. A message appears prompting to confirm the reuse of these GuardPoint settings on another path.

    • Click Yes to use the same settings on another path. The Use Settings on Another Path dialog box is displayed. Perform the following steps:

      1. In the Search Local Path field, specify a starting path and click Refresh or select from the on-screen browser.

      2. Click Add Path. The newly added path appears under the Paths list on the left. Similarly, add as many paths as required.

      3. Click OK.

    • Click No if you do not want to use the same settings on another path.

Depending on the number of paths you add to a GuardPoint, a status information message may appear. Refer to GuardPoint Status Information for details.

The newly created GuardPoint appears on the GuardPoints tab. The status remains Unknown until the client sends the response after processing the GuardPoint request. Click the Refresh GuardPoints icon (GuardPoint Status Information) to view the updated status.

Status of a GuardPoint can be checked at any time on the GuardPoints tab. Refer to Viewing GuardPoint Status for details.

GuardPoint Status Information

  • When you add multiple paths to a GuardPoint:

    • If the GuardPoint is created successfully for all paths, a message is displayed at the top right corner of the screen.

    • If the GuardPoint creation failed for all paths, an error message is displayed stating that none of the GuardPoints could be created. Fix the issues and retry for failed GuardPoints.

    • If the GuardPoint is disabled or failed for at least one of the paths (for example, when a path is already guarded), an error message is displayed stating that some of the GuardPoints could not be created. Fix the issues and retry for failed GuardPoints.

      The message shows the number of created and failed GuardPoints. The list of failed GuardPaths with their respective failure reasons is also displayed.

    To download the CSV file with the list of failed GuardPoints, click the Save Error Details link at the top of the error message.

  • When you add only one path, and the GuardPoint for that path fails, then an error message is displayed stating the reason of failure.

Refer to Creating Standard GuardPoints on Network Paths for information on creating Standard GuardPoints on network paths.

Creating Standard GuardPoints on Network Paths

To create a GuardPoint:

  1. Open the Transparent Encryption application.

  2. Click Clients > Clients. The list of registered clients is displayed.

  3. Under Client Name, click the client on which you want to create a GuardPoint.

  4. On the GuardPoints tab, click Create GuardPoint.

  5. Select a Policy. This is a mandatory field.

    1. Click Select next to the Policy field.

    2. Select a Standard policy. If no policy exists, create one, as described in Creating Policies.

    3. Click Select.

  6. Select the Type of device to protect. This is a mandatory field. Depending on the platform, the options for a Standard policy are:

    TypeWindowsLinuxDescription
    Auto DirectoryYesYesSelect for file system directories.
    Manual DirectoryNoYesSelect for file system directories to be guarded manually.
    Auto Raw or Block DeviceYesYesSelect for standard policies for raw (block) devices.
    Manual Raw or Block DeviceNoYesSelect for standard policies for raw (block) devices to be guarded manually.

    Manual Directory and Manual Raw or Block Device are guarded and unguarded (for example, mounted and unmounted) by running the secfsd -guard and secfsd -unguard commands. Do not run the mount and umount commands to swap GuardPoint nodes in a cluster configuration.

  7. Specify the Path to be protected. This is a mandatory field. Options to specify the GuardPoint paths are:

    • Enter/Browse Path: Select this option, and enter the GuardPoint paths by either typing or clicking the Browse button.

      A maximum of 200 GuardPaths can be specified using the Enter/Browse Path option.

      Browse Method

      1. In the text box, type the Windows network share (in the format, \\nas-machine-hostname\share or \\nas-machine-ip\share).

      2. Click Browse if you want to specify a lower-level network path. This method prevents typographical errors and verifies client availability. This is the recommended method to specify individual paths.

        File system of a client that is not registered with the CipherTrust Manager cannot be browsed.

      3. Select Network Path as the Path Type.

      4. Specify the User Name and Password to access the desired network path on the NAS machine.

      5. (Optional) Specify the Domain where the NAS machine exists.

      6. In the Search Network Path field, specify a starting path and click Refresh or select from the on-screen network path browser.

      7. Click Add.

      Manual Method

      Alternatively, if you know the network path, manually enter full network paths in the given text box. Enter one path per line.

    • Upload CSV: Select this option and click Browse to upload the CSV file containing the list of one or more directories. This is the recommended method to specify a large number of paths in one step.

    • If a manually entered path does not yet exist, be sure to enter the path correctly. The CipherTrust Manager does not parse manually entered paths for correct syntax.
    • See Considerations Before Creating GuardPoints for what to be aware of before creating a GuardPoint.
    • If multiple paths are specified, they will all be protected by the same policy.
    • A maximum of 1000 GuardPaths per CSV file can be uploaded.

  8. (Optional, Linux only) Select Auto Mount to specify an automount path. For a regular (non-auto) mount path, make sure that the check box is clear.

  9. (Optional, Windows only) Select Secure Start to enable the Secure Start feature. By default, the check box is clear.

    If you plan not to enable the Secure Start now, you can do that later.

  10. (Optional, Windows only). Select Multifactor Authentication.

  11. Click Create. A message appears prompting to confirm the reuse of these GuardPoint settings on another path.

    • Click Yes to use the same settings on another path. The Use Settings on Another Path dialog box is displayed. Perform the following steps:

      1. Select Network Path as the Path Type.

      2. Specify the following:

        • User Name and Password to access the desired network path on the NAS machine.

        • (Optional) Domain where the NAS machine exists.

      3. In the Search Network Path field, specify a starting network path and click Refresh or select from the on-screen browser.

      4. Click Add Path. The newly added path appears under the Paths list on the left. Similarly, add as many paths as required.

      5. Click OK.

    • Click No if you do not want to use the same settings on another path.

Depending on the number of paths you add to a GuardPoint, a status information message may appear. Refer to GuardPoint Status Information for details.

The newly created GuardPoint appears on the GuardPoints tab. The status remains Unknown until the client sends the response after processing the GuardPoint request. Click the Refresh GuardPoints icon (GuardPoint Status Information) to view the updated status.

Status of a GuardPoint can be checked at any time on the GuardPoints tab. Refer to Viewing GuardPoint Status for details.

Refer to Creating Standard GuardPoints on Local Paths for information on creating Standard GuardPoints on local filesystem paths.