> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Deploy the service

> Procedural guide to deploy the Transparent Data Protection (TDP) service in CryptoHub.

Complete the following steps to deploy the **Transparent Data Protection (TDP)** service in CryptoHub:

<Steps>
  <Step>
    Log in to the CryptoHub under dual control using your administrator identities.
  </Step>

  <Step>
    Select the **Transparent Data Protection (TDP)** service and select **\[ Deploy ]**.
  </Step>

  <Step>
    Configure the following **Service Setup** settings:

    * **Service Name**: The name of the service. You can leave as the default.
    * **Service Category**: The category the service falls under. Leave as default.
    * Select **\[ Next ]**.
  </Step>

  <Step>
    Configure the following **Access Control** settings:

    * **Authorized Resources**: The role you are logged in with has access to the service by default.
    * **Add Additional Resources**: Optional
    * Select **\[ Next ]**.
  </Step>

  <Step>
    Configure the **Authentication** settings to determine how users authenticate to access encrypted files. The two options are **Kerberos** or **Local** authentication.

    **Local authentication** uses local Windows accounts to manage access to encrypted files. Users are authenticated by using their local Windows credentials.

    **Kerberos authentication** uses Windows Active Directory to manage access to encrypted files. Users are authenticated by using their domain credentials.

    <Warning>
      Active Directory configuration is required for Kerberos authentication. Go to Identity & Access Management, then go to the Active Directory tab to set this up.
    </Warning>

    * Select **Local** or **Kerberos** authentication and select **\[ Next ]**.
  </Step>

  <Step>
    Configure the **Path Rules**:

    * Select **\[ Add Path Rule ]**.
    * Enter **role** or **group names** from Active Directory for broad access.
    * Enter Active Directory or individual **usernames** to grant access.
    * Choose **Directory** to encrypt a specific folder and/or file types, or select **Path Match** to manually define rules for pattern matching.
    * Additional **Actions** are supported for **Path Rules**, which include **IP** and **Time-based** access restrictions.
    * After you finish configuring rules, select **\[ Add ]**.
  </Step>

  <Step>
    Select **\[ Deploy ]**.
  </Step>
</Steps>

<Note>
  Here are some useful concepts to understand when configuring Path Rules:

  Glob characters are special symbols used to specify patterns for file matching. They come in the following types:

  * \*Double Asterisk ( \ ): This is a recursive glob
    * Usage: Can appear only once per rule and must be the entire element.
    * Function: Matches any files or directories recursively.
    * Example: `C:\Bob\somefile` matches any files named `somefile` under the `Bob` directory, regardless of how deep the file is nested.
  * Single Asterisk ( \ ): This is a non-recursive glob
    * Usage: Can be used multiple times within a rule.
    * Function: Matches any characters in a single directory level.
    * Example\*: `C:\Bobtest` matches any files or directories in `Bob` that contain `test` in their names.

  You can mix both types of glob characters to create more flexible patterns:

  * `C:\Bob\` is equivalent to `C:\Bob\\`, matching all files and directories under "Bob" recursively.
  * `C:\Bob\*\test\*` matches any files or directories that start with `test` at any depth within `Bob`, and any files or directories within them.
</Note>
