Encrypting the data
This procedure shows you how to encrypt all your MSDP data. Be aware you can run the encryption_reporting tool in step 4 at any time. It's an independent tool that is used to report the unencrypted data.
Encrypting all MSDP data
- Enforce encryption in MSDP if it's not enforced.
Add the encrypt keyword to the ServerOptions option in
contentrouter.cfg, and restart MSDP to enforce encryption. Please ensure that no conflict or duplicate keywords are present before adding it. A conflict keyword is noencrypt. For the details of enabling or enforcing encryption, please refer to the following:If Instant Access or Universal Share is configured, you must change
vpfsd_config.jsonand restart VpFS to enable encryption separately. You must also create checkpoints for all the VpFS shares after encryption is enabled. - If the rolling data conversion is in progress, wait until it finishes.
- Run the Encryption Crawler process until it finishes.
More information about how to run, tune, and monitor the progress of Encryption Crawler is available.
- Run the reporting tool encryption_reporting to determine if there are any existing data containers with unencrypted data.
More information about how to run the reporting tool is available.
- If unencrypted data is reported, run the encryption_reporting tool again with the --encrypt option and wait until it finishes.
Running the encryption_reporting tool with this option, encrypts the identified data containers by the reporting process.
If the tool with option --encrypt reports errors on encrypting the data containers, check the tool logs and MSDP logs for the reasons. When the errors are confirmed, repeat step 4 and step 5 if necessary.