Versions Compared

Old Version 23

changes.mady.by.user Former user

Saved on

compared with

New Version 24

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article explains how to encrypt data using the in-place data transformation, which is also known as dataxform. 

At a high level, you will: 

  • Shut down the database software
  • Place a transformation policy in the directory
  • Implement encryption 
  • Remove the transformation policy
  • Add the operational policy 
  • Restart the database software
     
Note

During this process, the database software will shut down, which means access to the files in the database will be prevented.

Note

Armor recommends that you use the Copy Method for encryption because this method:

  • Reduces the amount of time spent setting the customized Dataxform policy on the GuardPoints on the DSM
  • Prevents any user error when you enter the text command to rekey the data
  • Ensures that the encrypted files are accessible before you remove the non-encrypted / original files

...

Before you begin, you must have: 

  • General understanding of the Vormetric product
  • Strong understanding of how to create GuardPoints in DSM
  • Strong undrestanding of how to create policies in DSM
  • A production key available to use

...

  1. You can add the  .\dataxform --rekey flag to read data with the clear key and write back in with the production key (encrypting the data in place).
  2. You can add --print_state to retrieve a printout of how many files are going to be encrypted and periodic updates of how much data has been encrypted so far. 
    1. The command would be .\dataxform --rekey --print_stat --gp <directory path>
  3. You can add the --cleanup_on_success flag to clean up the temporary files created during the DataXform process and are not necessarily needed in the future. 
    1. The command would be: .\dataxform --rekey --print_stat --cleanup_on_success –gp <direcotry path>
  4. You can add the --preserve_modified_time flag to preserve the current time stamp of the files being encrypted, instead of changing the time stamp to when DataXform ran. 
    1. The command would be: .\dataxform ­­--rekey ­­--print_stat --cleanup_on_success --preserve_modified_time --gp <directory>

...

  • If successful, you will see a text output similar to the screenshot below. 
  • If unsuccessful, make sure there are two dashes before each flag and that the words are spelled correctly. 

...

  1. If you are logged out of the DSM console, after you login, click the Hosts tab, select the desired Host Name, and then click Guard FS.

...

Was this helpful?