Quorums
This feature allows an administrator to configure a system (or quorum) that can have multiple approvers for an operation. These approvers need to approve the operations before they can be successfully executed.
Note
If you are using connectors and direct NAE scripts, do not enable the DeleteKey
and AddUserToGroup
quorums.
Operations Supported by Quorums
Operation | Authorized Group(s) for Approval |
---|---|
Deletekey | Key Admins |
AddUserToGroup | User Admins |
DownloadBackupKey [Root Domain Only] | Restore Admins and Backup Admins |
RestoreBackup [Root Domain Only] | Restore Admins |
DeleteDomain | Domain Admins |
ManagePolicyAttachment | admin |
DeletePolicy | admin |
DownloadBackupKeyDomain | Domain Backup Admins and Domain Restore Admins |
RestoreBackupDomain | Domain Restore Admins |
DeleteClientCTE | CTE Admins |
DeleteClientGroupCTE | CTE Admins |
UpdateClientGroupCTE | CTE Admins |
DeleteGuardPointCTE | CTE Admins |
UpdatePolicyCTE | CTE Admins |
DeleteGoogleWorkspaceCSEEndpoint | CCKM Admins |
The authorized group(s) for quorum approval associated with operations are configurable. To configure, refer to Updating Quorum Profile.
CTE and CTE UserSpace support CipherTrust Manager's quorum feature. Refer to the Quorum Control section for details on supported CTE and CTE UserSpace operations and resources.
Managing Quorum on Policies
The CipherTrust Manager allows you to enable quorum for:
These policies can be system policies, user policies, or quorum policies.
Once a quorum is enabled for ManagePolicyAttachment and DeletePolicy, the activation and deactivation of a quorum for any supported operation has to go through the quorum's approval process, similar to any other operation on the CipherTrust Manager.
Caution
Do not enable quorum on the ManagePolicyAttachment
and DeletePolicy
operations until all the CipherTrust Manager nodes in a cluster are upgraded to 2.10 or a higher version.
Note
It is recommended to enable quorum on both DeletePolicy
and ManagePolicyAttachment
operations together in the same order to bring the entire policy creation and deletion under quorum.
ManagePolicyAttachment
The ManagePolicyAttachment operation gives you a provision to enable a quorum for:
Creating policy attachments
Deleting policy attachments
When you activate a quorum, a policy and a policy attachment is created internally. If you want to bring activation of a quorum policy under a quorum, activate the quorum on the ManagePolicyAttachment.
DeletePolicy
The DeletePolicy operation is used to enable quorum on policy deletion. When you deactivate a quorum, a policy is deleted internally. If you want to bring deactivation of a quorum policy under a quorum, activate the quorum on the DeletePolicy action.
Refer to Enabling Quorum on ManagePolicyAttachment and DeletePolicy for more details.
Quorum Policies
To enable the quorum for any operation, first you need to activate the quorum policy. After the quorum policy is active for an operation, a quorum gets created in a pre-active
state on performing the corresponding operation. To activate a quorum policy, refer to Activating the Quorum Policy.
For more details on quorum policies, refer to Managing Quorums Policies using ksctl.
Quorum Profile
It's a configuration that defines the expiration time, number of approvals, and the voter groups for a quorum. For more details on quorum profile, refer to Managing Quorums Profiles using ksctl.
States & Life-cycle of a Quorum Request
If an administrator has configured a quorum for any operation and the user initiates that operation, then that operation is denied and leads to creation of a quorum request.
The quorum request life-cycle is as follows:
The quorum is created in a
pre-active
state. A quorum or a quorum request can have one of these six states at a time as depicted in the below diagram.Note
The user/requester of this quorum must activate the quorum before any of the approvers can review the quorum request.
Once the quorum is in the
active
state, it is available to the approvers to review it. The user/requester can optionally add a reason for initiating the request while activating it.When the required approvals are granted, the quorum is set to an
approved
state.A quorum request is set to an
executed
state if the operation has been completed with an approved quorum.A deny vote forces a quorum to be in a
denied
state implying that the operation can not be performed and the quorum is terminated.
In case, if a quorum already exists for the same operation, the status of the existing quorum is used to determine the outcome of the operation. Any approver can vote either to approve or deny a quorum request. A note can be added with the vote for additional information.
Note
A quorum in a pre-active
state is prone to an expedited expiry. It expires after 15 minutes of creation, if not activated.
Note
Every quorum expires after seven (7) days of the creation and this leads to the termination of that quorum.
Managing Quorums Policies using ksctl
The following operations can be performed:
Activate the quorum policy
Get status of the quorum policy
Deactivate the quorum policy
Activating the Quorum Policy
To create a policy supporting quorum and activating the policy, run:
Syntax
Example Request 1
Example Response
Getting Status of the Quorum Policy
To know whether the quorum policy is in active state or inactive state, run:
Syntax
Example Request
Example Response
The 'active' field represents whether policy is active. It returns true
if the quorum policy is active and false
otherwise.
Deactivating the Quorum Policy
To deactivate the already active quorum policy for any specific operation, run:
Syntax
Example Request
Example Response
There will be no response if quorum policy is deactivated successfully.
Enabling Quorum on ManagePolicyAttachment and DeletePolicy
Enabling a quorum on ManagePolicyAttachment and DeletePolicy brings activation/deactivation of a quorum policy under a quorum. It implies that you won't be able to activate/deactivate any quorum on your own without creating a quorum for that request.
Let's consider a scenario where you have activated a quorum for the "DeleteKey" operation. Currently, you are allowed to deactivate the created quorum.
However, if a quorum is enabled on ManagePolicyAttachment and DeletePolicy, you cannot activate/deactivate any quorum.
Now, let's enable a quorum on both ManagePolicyAttachment and DeletePolicy operations. To do so, run the following commands:
For ManagePolicyAttachment
Response
For DeletePolicy
Response
Now, if you try to deactivate the quorum for "DeleteKey" created above, an error is thrown as shown below and the deactivation of quorum is not allowed:
Managing Quorums using ksctl
The following operations can be performed:
Activate quorum
Approve quorum
Deny quorum
List/Search quorums
Get quorum
Delete quorum
Revoke vote
Activating Quorums
To activate a quorum, run:
Syntax
It changes the state of the quorum from pre-active
to active
. A quorum can be approved only when it is in the active
state.
After quorum is active, it is available for the approval process.
Example Request
Example Response
Note
The requester of the operation is also the owner of the associated quorum. Only the requester/owner has permission to activate the associated quorum.
Approving Quorums
To approve a quorum, run:
Syntax
When all the required approvals are available, then quorum moves to the approved
state and you can re-initiate the associated operation.
Example Request
Example Response
There will be no response if quorum is approved successfully.
Denying Quorums
To deny a approval to a quorum, run:
Syntax
This command moves a quorum to the denied
state. This is a terminal state and quorum is unusable after deny.
Example Request
Example Response
There will be no response if quorum is denied successfully.
Getting List of Quorums
To get the list of quorums, run:
Syntax
Example Request
Example Response
Getting Details of Quorums
To get details of a quorum, run:
Syntax
Example Request
Example Response
Deleting Quorums
To delete a quorum, run:
Syntax
Example Request
There will be no response if quorum is deleted successfully.
Note
The requester of the operation is the owner of the associated quorum. Only the requester/owner has permission to delete the quorum.
Revoking Vote for Quorums
To revoke your vote from an already approved quorum, run:
Syntax
If the number of approvals falls below the required approvals, the quorum moves back to the active
state.
Example Request
Example Response
There will be no response if vote is revoked successfully.
Managing Quorum Profiles using ksctl
The following operations can be performed:
Get quorum profile
List/Search quorum profiles
Update quorum profile
Getting Details of the Quorum Profile
To get the details of quorum profile, run:
Syntax
Example Request
Example Response
Getting List of Quorum Profiles
To get the list of all quorum profiles, run:
Syntax
Example Request
Example Response
Updating Quorum Profile
To update the quorum profile, run:
Syntax
Example Request 1
Example Response 1
Example Request 2
Example Response 2