Skip to main content
Complete the following steps to deploy the Transparent Data Protection (TDP) service in CryptoHub:
1
Log in to the CryptoHub under dual control using your administrator identities.
2
Select the Transparent Data Protection (TDP) service and select [ Deploy ].
3
Configure the following Service Setup settings:
  • Service Name: The name of the service. You can leave as the default.
  • Service Category: The category the service falls under. Leave as default.
  • Select [ Next ].
4
Configure the following Access Control settings:
  • Authorized Resources: The role you are logged in with has access to the service by default.
  • Add Additional Resources: Optional
  • Select [ Next ].
5
Configure the Authenticationsettings to determine how users authenticate to access encrypted files. The two options are Kerberos or Local authentication.Local authentication uses local Windows accounts to manage access to encrypted files. Users are authenticated by using their local Windows credentials.Kerberos authentication uses Windows Active Directory to manage access to encrypted files. Users are authenticated by using their domain credentials.
Active Directory configuration is required for Kerberos authentication. Go to Identity & Access Management, then go to the Active Directory tab to set this up.
  • Select Local or Kerberos authentication and select [ Next ].
6
Configure the Path Rules:
  • Select [ Add Path Rule ].
  • Enter role or group names from Active Directory for broad access.
  • Enter Active Directory or individual usernames to grant access.
  • Choose Directory to encrypt a specific folder and/or file types, or select Path Match to manually define rules for pattern matching.
  • Additional Actions are supported for Path Rules, which include IP and Time-based access restrictions.
  • After you finish configuring rules, select [ Add ].
7
Select [ Deploy ].
Here are some useful concepts to understand when configuring Path Rules:Glob characters are special symbols used to specify patterns for file matching. They come in the following types:
  • *Double Asterisk ( \ ): This is a recursive glob
    • Usage: Can appear only once per rule and must be the entire element.
    • Function: Matches any files or directories recursively.
    • Example: C:\Bob\somefile matches any files named somefile under the Bob directory, regardless of how deep the file is nested.
  • Single Asterisk ( \ ): This is a non-recursive glob
    • Usage: Can be used multiple times within a rule.
    • Function: Matches any characters in a single directory level.
    • Example*: C:\Bobtest matches any files or directories in Bob that contain test in their names.
You can mix both types of glob characters to create more flexible patterns:
  • C:\Bob\ is equivalent to C:\Bob\\, matching all files and directories under “Bob” recursively.
  • C:\Bob\*\test\* matches any files or directories that start with test at any depth within Bob, and any files or directories within them.