Configure monitored folders
As mentioned in the Overview section of the main page of this administrative guide, file encryption works by having an input folder where you move files to be encrypted and an output folder where you move the files after encryption. This process requires monitoring the Input folder for new file uploads. We support the following folder monitoring methods: KMES-monitored folders and Agent-monitored folders. In both scenarios, encryption occurs on the .
With -monitored folders, the mounts to a folder share by using SFTP or CIFS. Then, you create a File Encryption Profile on the that defines what folder to monitor, the parameters of what to encrypt, and where to save the file after encryption (either locally in a data partition on the or on a folder share).
Go to Data Protection > File Encryption and select [ Add ].
In the Info tab of the File Encryption Profile window, notice that in the Key mode drop-down list, you can select Version 1 or Version 2.
If you select Version 1, when you select [ Choose ] in the Key field, you can see and select only File Encryption v1 keys.
If you select Version 2, when you select [ Choose ] in the Key field, you can see and select only File Encryption v2 keys.
After entering a name for the File Encryption Profile and selecting a file encryption key, go to the Input tab.
Refer to the File Encryption Techniques section of this guide to understand the differences between File Encryption v1 and File Encryption v2 keys.
In the Input tab, select a file share in the Source drop-down list.
When you select a file share as the Source, the following fields display:
Field
Description
Extension
Directory
Select [ Browse ], and in the file browser, select the input directory you want the KMES to monitor.
Subfolders
Delete original
Exclude
Note
Asterisks represent a wildcard character. For example, an exclude pattern could be entered as somedir/someotherdir/*.txt. The path is relative to the input directory.
In the Output tab, the following fields display if you select a file share as the input source in the previous step:
Field
Description
Destination
Extension
Specify the file extension you want to use for encrypted files (such as .enc).
Directory
Overwrite
In this drop-down list, you can select either Disabled, Overwrite, or Version.
If you select Disabled and a file exists in the output directory under the same name, the does not overwrite the existing file.
Include Path
If you select this checkbox, file headers include the full file path rather than the original file name only.
Select [ OK ] to finish creating the File Encryption Profile.
With Agent-monitored folders, you can deploy an agent (a lightweight application running on a Windows or Linux system) on servers or individual workstations. Then, administrators can configure them on an individual basis by using a GUI-based application or for batch deployment by using a configuration text file. Just as with -monitored folders, you must create a File Encryption Profile on the that defines what folder to monitor, the parameters of what to encrypt, and where to save the file after it is encrypted. The difference is that the input and output folder locations for Agent-monitored folders are both on the server or workstation that is running the agent.
Perform the following steps to configure an Agent-monitored folder:
Go to Data Protection > File Encryption, and select [ Add ].
In the Info tab of the File Encryption Profile window, notice that in the Key mode drop-down list, you can select Version 1 or Version 2.
If you select Version 1, when you select [ Choose ] in the Key field, you can see and select only File Encryption v1 keys.
If you select Version 2, when you select [ Choose ] in the Key field, you can see and select only File Encryption v2 keys.
After entering a name for the File Encryption Profile and selecting a file encryption key, go to the Input tab.
Refer to the File Encryption Techniques section of this administrative guide to understand the differences between File Encryption v1 and File Encryption v2 keys.
In the Input tab, select Agent in the Source drop-down list. When you select Agent as the Source, the following fields display:
Field
Description
Extension
The agent determines which files to encrypt within a directory based on the file extension. In this field, specify a valid file extension (such as .txt, .pdf).
Directory
Enter the full path to the input directory you want the agent to monitor.
Subfolders
Select this checkbox if you want the agent to also monitor subfolders within the main input directory.
Delete original
Select this checkbox if you want the agent to delete the original unencrypted file after moving the encrypted version of the file to the configured output directory.
Requires authorization
Exclude
Add the names of all files and folders in the input directory that you want the agent to exclude from being encrypted.
Note
Asterisks represent a wildcard character. For example, you can enter an exclude pattern as somedir/someotherdir/*.txt. The path is relative to the input directory.
Hostname Whitelist
Add the hostnames of all computers and servers running the File Encryption Agent.
In the Output tab, the following fields display if you selected Agent as the input source in the previous step:
Field
Description
Destination
This field is grayed out because the only supported Destination for agent-based monitoring is on the computer/server running the agent.
Extension
Specify the file extension you want to use for encrypted files (such as .enc).
Directory
Enter the full path to the output directory where you want the agent to save encrypted files.
Overwrite
In this drop-down list, you can select either Disabled, Overwrite, or Version.
If you select Disabled and a file exists in the output directory under the same name, the agent does not overwrite it.
If you select Overwrite, the agent overwrites the existing file.
If you select Version, the agent saves versions of files under different names.
Include Path
If you select this checkbox, file headers include the full file path rather than the original file name only.
Select [ OK ] to finish creating the File Encryption Profile.