Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Common Data Transformation Examples

Manually Running Data Transformation on Specific Files

search

Please Note:

Manually Running Data Transformation on Specific Files

Use the following procedure to manually execute dataxform on a specific set of files in a GuardPoint.

  1. Back up the data in the GuardPoint.

  2. If specific files are to be encrypted, create a file list.
    A file list is a text file that consists of the full path name of each file to be transformed. Enter one file path per line. If a file list is not specified, dataxform will rekey all the files in the GuardPoint.

  3. Log on to the CipherTrust Manager management console as an administrator.

    Note

    Existing active GuardPoints must be unguarded before running a manual data transformation.

  4. For an existing GuardPoint, unguard it. For new GuardPoints, go to the next step.

    1. Open the GuardPoint tab of the host with the GuardPoint to be transformed. The applied policies and GuardPoints of the host are displayed.

    2. Unguard the GuardPoint that is currently in effect. Select the Select check box for the GuardPoint and click Unguard.

    3. Confirm that the GuardPoint is unguarded on the CTE host:

      • For Linux and UNIX systems: execute the secfsd -status guard command repeatedly until the GuardPoint is no longer displayed.

      • For Windows systems: on the task bar, right-click the Vormetric Tray Icon and click View > File System > GuardPoints until the GuardPoint is no longer displayed.

  5. Create a dataxform policy and apply it to the now unprotected or newly created GuardPoint. The dataxform policy specifies the following:

    • Action: key_op

    • Effect: apply_key, permit

    • Key Selection Rules key: The original key currently in use. Use clear_key if unencrypted.

    • Data Transformation Rules key: The new key. Use clear_key if decrypting.

  6. Confirm that the GuardPoint is re-enabled on the CTE host:

    • For Linux and UNIX systems: execute the secfsd -status guard command repeatedly until the GuardPoint is displayed.

    • For Windows systems: On the task bar, right-click the Vormetric Tray Icon and click View > File System > GuardPoints until the GuardPoint is displayed.

  7. Execute the dataxform command with the desired options on the host system. For example:

    #dataxform --rekey_list --file_list dx_fileList.txt
--gp /home/apps/apps1/data --dir_recovery /root
--dir_recovery allows you to specify where dataxform status files are placed.

  8. (Optional) Monitor dataxform progress on the host system.

    # tail -f /var/log/vormetric/vordxf_path_usr.log

  9. Wait until dataxform completes.

  10. Delete the dataxform policy and replace with a production policy. Reboot the host if you cannot delete the rekey policy

    Caution

    Do not apply a policy that is configured for encryption to a directory that contains unencrypted files because, when apply_key is configured, the unencrypted files are encrypted when they are accessed. The data will be unusable if read and corrupted if saved.

On this page