Enabling data encryption for virtual application patterns and virtual system patterns

You can apply an encryption policy to your virtual application pattern or virtual system pattern to enable or disable encryption of data that is stored on disk.

Before you begin

You must be assigned either the Workload resources administration role with full permissions or the Create new patterns role to complete this task.

About this task

You can specify the file or directory paths to include in or exclude from being encrypted. Encryption policies can be applied at the application level, or they can be applied to a component.
Note: Some encryption products might offer the option to use script packages instead of an encryption policy. This script package option is not supported for encrypting virtual application patterns or virtual system patterns in Cloud Pak System Software.

Procedure

  1. Click Patterns, and select Virtual Application Patterns or Virtual System Patterns.
  2. Select a pattern type and then select a virtual application pattern or virtual system pattern.
  3. Click Open.
    On the Pattern Builder pane, add the encryption policy either globally at the application level, or to a specific component that supports the policy.

    When you apply a policy globally, it is applied to all components in the pattern that support it. If you apply a policy to a specific component and also apply it to the whole pattern, the configuration of the component-specific policy overrides the application level policy.

    Note: If a warning icon displays next to the encryption policy, the required configuration of the pattern type, system plug-in, or both, is not complete. Ask your system administrator to complete this configuration before you apply the policy.
  4. Configure the attributes for the encryption policy. The attributes for an encryption policy vary depending on your encryption software, but might be similar to the following examples:
    • Encryption Paths to Include: Specifies the paths to include for encryption. Separate each path with a comma. For example, /opt/ibm, /opt/myApp.
      Note: Child paths to the specified path, such as /opt/myApp/childPath, are also encrypted. If you do not want the child path to be encrypted, add it to the field where you specify encryption paths to exclude.
    • Encryption Paths to Exclude: Specifies the paths to exclude for encryption. Separate each path with a comma. For example, /opt/ibm/do_not_encrypt, /opt/myApp/installFiles/do_not_encrypt.

Results

When you deploy the virtual application pattern or virtual system pattern, application data that is stored on disk in the specified directories is encrypted.