Versions Compared

Old Version 49

changes.mady.by.user Development Operations (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user Rakesh Kulkarni

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article explains what Vormetric GuardPoints are and how GuardPoints can be used to protect and encrypt data.


Video Tutorial

...

Widget Connector
overlayyoutube
_templatecom/atlassian/confluence/extra/widgetconnector/templates/youtube.vm
width400px
urlhttps://www.youtube.com/watch?v=sWszjVFGI-Q
height300px


Prerequisites

...

Before you begin, you must:


What are GuardPoints?

...

A GuardPoint is a folder or directory path that Vormetric protects and controls. Once a policy is selected and applied to a folder, that path is considered a GuardPoint.

Note

Keep in mind the following notes about GuardPoints:

  • Once a folder becomes a GuardPoint, the policy assigned to that GuardPoint will control what can access that GuardPoint.

  • The policy that controls access to the GuardPoint does not replace the operating system permissions; however, the policy can replace the operating system permissions.

  • Applying a Guard Point to a folder does not mean the data inside is encrypted.

    • The data will need to be encrypted by one of two methods, Copy Method or Data Transformation.


Guarding Data vs. Encrypting Data

...

When you create a GuardPoint to protect (or guard) a folder that contains plain text data, the policy associated with that GuardPoint will control the access to that folder; however, a guarded folder does not encrypt data. As a result, you must manually encrypt the data.

Vormetric offers two methods to encrypt data: the Copy Method and the Data Transform Method. The primary difference between the two methods is that the Copy Method requires you to move the data and the Data Transform Method does not.

The steps below focus on the Copy Method. The Data Transformation method will be covered in a separate article.


Copy Method for Encryption

Note

Before you follow the Copy Method, you must:

  • Create a new folder on your virtual machine outside of the intended GuardPoint. All data inside the intended GuardPoint will be moved temporarily into this temporary folder.

  • Processes and users that are accessing the intended GuardPoint will need to be stopped, such as databases, open files, user sessions, etc.

  • You will need to have at least one Learn Mode policy already configured.

The encryption agent on the host machine needs exclusive rights to the folder in order to successfully guard (or unguard) a folder via the Data Security Manager (DSM) console.

To encrypt data via the Copy Method:

  1. Log into the DSM as a Security Administrator.

  2. Stop all processes and users on the host machine from accessing the intended GuardPoint.

  3. On the host machine, move all data out of the intended GuardPoint into a temporary folder.

    Note
    Make sure that folder permissions have not changed. The move-and-copy process can sometimes alter file/folder permissions.


  4. In the top menu, click Hosts, and then click the host name of the machine where you want to create a GuardPoint.

    Image Added

  5. Click the Guard FS tab.

    • If you have other GuardPoints configured on this machine, those GuardPoints will be listed here.

    Image Added

  6. Click the Guard button.

    Image Added

  7. In Policy, select the desired policy.

    Image Added

  8. Click Browse to remotely access the directory structure of the host machine.

  9. Locate and select the folder to guard, and then click OK. If you do not see the OK button, you may need to scroll down.

    Image Added

  10. Confirm the desired directory path, and then click OK.

    Image Added

  11. The newly created GuardPoint will be listed and contain a red status in a table with other GuardPoints. Click Refresh to manually refresh the screen. When the GuardPoint has been pushed into the machine, the status will turn green.

    Image Added

  12. After the status turns green, copy the data back into the GuardPoint.

    • If the status does not turn green, there may be a person or process still accessing the folder. The encryption key that is applied in the Learn Mode policy will encrypt the data as the data is being transferred back into the GuardPoint.

    • If you copy the data, you still have a clear text copy of the data in the temporary folder. After you confirm that services are running as expected, you can delete the temporary folder.

  13. The next steps will include tuning the policy and will be covered in another article.




Topics Discussed

Table of Contents
maxLevel3
minLevel3