General Assumptions
- You want to configure policy in such a way that transparent encryption / decryption only happens for authorized applications
- You have already configured your Smartcrypt TDE Manager and have successfully connected a Smartcrypt TDE Agent to it
- You are familiar with how TDE Actions work
Encrypting Structured Data
e.g. You want to protect Microsoft SQL Server 2012 databases
Create a Smartpoint
- Select the TDE tab
- Select the Smartpoints tab
- Click the Add Smartpoint button
- Select the Device/Server you wish to create a new Smartpoint on
- Define the path you wish to protect
- Select the encryption key you wish to use
- Select the Default Policy (we will change this in the next section)
- Click Save
Assign a Policy
- Select the Smartpoint Policies tab
- Choose to edit the Default Policy
- Set the Default Action to Deny (This means no processes can navigate the file system location defined in the Smartpoint for which this policy is attached)
- Add Application Exception(s) for the SQL Server Agent/Server processes by specifying the full path to the executables. (Note: your paths may be different)
- Set the Action for these exceptions to Encrypt/Decrypt. (Note: This ensures that only your database application server and associated processes are allowed to access the file system location defined in the Smartpoint for which this policy is attached.
- Add an Application Exception for Windows Explorer and set its action to Encrypt/Decrypt. (Note: If Windows Explorer is not enabled for encrypt/decrypt you will be unable to browse, copy, delete files in any locations protected by this policy.)
- Add Application Exceptions for any other processes that you wish to access the Smartpoint.
- e.g. Add your backup software agent for Raw access
- e.g. Add your database query tool(s) for Raw or Encrypt/Decrypt access to perform verification testing
Encrypting Unstructured Data
Create a Smartpoint
- TODO
Assign a Policy
- TODO