You can apply an encryption policy to your virtual application pattern or virtual system pattern to
enable or disable encryption of data that is stored on disk.
Before you begin
You must be assigned either the Workload resources administration role with full permissions or
the Create new patterns role to
complete this task.
About this task
You can specify the file or directory paths to include in
or exclude from being encrypted. Encryption policies can be applied
at the application level, or they can be applied to a component.Note: Some
encryption products might offer the option to use script packages
instead of an encryption policy. This script package option is not
supported for encrypting virtual application patterns or virtual system patterns in Cloud Pak System Software.
Procedure
- Click Patterns, and select Virtual Application Patterns or Virtual System Patterns.
- Select a pattern type and then select a virtual application pattern or virtual system pattern.
- Click Open.
On the
Pattern Builder pane,
add the encryption policy either globally at the application level,
or to a specific component that supports the policy.
When you apply
a policy globally, it is applied to all components in the pattern
that support it. If you apply a policy to a specific component and
also apply it to the whole pattern, the configuration of the component-specific
policy overrides the application level policy.
Note: If a warning
icon displays next to the encryption policy, the required configuration
of the pattern type, system plug-in, or both, is not complete. Ask
your system administrator to complete this configuration before you
apply the policy.
- Configure the attributes for the encryption policy. The
attributes for an encryption policy vary depending on your encryption
software, but might be similar to the following examples:
- Encryption Paths to Include: Specifies
the paths to include for encryption. Separate each path with a comma.
For example, /opt/ibm, /opt/myApp.
Note: Child
paths to the specified path, such as /opt/myApp/childPath,
are also encrypted. If you do not want the child path to be encrypted,
add it to the field where you specify encryption paths to exclude.
- Encryption Paths to Exclude: Specifies
the paths to exclude for encryption. Separate each path with a comma.
For example, /opt/ibm/do_not_encrypt, /opt/myApp/installFiles/do_not_encrypt.
Results
When you deploy the virtual application pattern or virtual system pattern,
application data that is stored on disk in the specified directories
is encrypted.