Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CTE-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Widows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

CCKM Administration

Migrate from CCKM Appliance

search

Please Note:

print

Migrate from CCKM Appliance

This section describes steps to export migration data from a CCKM Appliance with Data Security Manager (DSM) as a key source to CCKM on a CipherTrust Manager (referred to as CCKM Embedded).

Before proceeding with migration:

  • Note that the origin of migrated keys might not match between the CCKM Embedded and CCKM Appliance due to different terminologies used by these solutions.

  • Pause all the schedules in the CCKM Appliance until the migration is complete, otherwise, the CCKM Appliance and CipherTrust Manager might have data mismatch after migration. After the migration is successful, you should enable all the schedules on the CipherTrust Manager.

  • Perform synchronization of all the clouds in the CCKM Appliance, if required. However, you can also perform synchronization on the CipherTrust Manager after the migration is complete and the connection name is updated in containers.

  • Ensure that Azure backup blobs exist on the DSM for all Azure keys.

copy link to clipboardMinimum Supported Versions

  • CCKM Appliance 1.10.4

  • Data Security Manager 6.4.3

  • CipherTrust Manager 2.11.0

copy link to clipboardSupported Clouds

The migration only supports AWS Cloud, Azure Cloud, Google Cloud, Salesforce, and Salesforce Sandbox data.

Note

Migration of IBM Cloud and Salesforce Government Cloud data is not supported.

copy link to clipboardPrerequisites

  • CCKM Appliance is configured with a supported DSM version

  • IP address, admin credentials, and SSL certificate of the CCKM Appliance

  • CCKM Appliance is accessible from the CipherTrust Manager. By default, the CipherTrust Manager connects to the CCKM Appliance on port 443. If the CCKM Appliance is not running on the default port (443), you need to specify the custom port along with the IP address in the steps described below.

  • DSM servers are accessible from the CipherTrust Manager

  • The CipherTrust Manager is backed up (for rollback, if required)

copy link to clipboardSteps

The high-level steps involved are:

  1. Generate RSA Key Pair

  2. Download Export File

  3. Upload Export File

  4. Apply Migration Data

  5. Check Migration Status

  6. Add Connection

  7. Update Containers

The steps above apply to root domain only. To perform migration on a child domain, refer to Migration from CCKM Appliance to Child Domain.

copy link to clipboardGenerate RSA Key Pair

Exporting migration data from CCKM Appliance requires an RSA key pair (public and private) on the CipherTrust Manager. The public key is used to encrypt the data while the private key is used to decrypt the exported data.

To generate an RSA key pair, run the ksctl keys create command:

./ksctl-linux-amd64 keys create --name <rsa-key-name> --alg <key-algorithm> --size <key-size>

Here,

  • --name: Name for RSA key pair.

  • --alg: Algorithm for the RSA key pair.

  • --size: Size for the key pair.

Example:

./ksctl-linux-amd64 keys create --name rsa-key --alg RSA --size 4096

Output:

{
    "id": "b4336425a98541b68a105326be8abd777ac994f789ac46c2a79dd202bd4c33c1",
    "uri": "kylo:kylo:vault:keys:rsa-key-v0",
    "account": "kylo:kylo:admin:accounts:kylo",
    "application": "ncryptify:gemalto:admin:apps:kylo",
    "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
    "createdAt": "2021-05-07T03:55:47.519466Z",
    "name": "rsa-key",
    "updatedAt": "2021-05-07T03:55:47.519466Z",
    "usage": "sign",
    "usageMask": 3,
    "meta": {
        "ownerId": "local|5e3b45c6-6f26-4413-9752-e6fd15418a61"
    },
    "version": 0,
    "algorithm": "RSA",
    "size": 4096,
    "unexportable": false,
    "undeletable": false,
    "neverExported": true,
    "neverExportable": false,
    "emptyMaterial": false,
    "publickey": "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwfd4fDEgdJydUPOkPpAL\nriQW+IpwM9oSte//pv45UXpw0wkag1FbSmEUQQMf02KdRW5so+4jrkX44gQhmDTA\namrpijweJa0HzkaqnTkMtCUtFP9nbx33JiWRSYSKqXsEJho+P9SqXz45uxf7iis5\n4NF0SpZSIYi3COH4xtJ7hK+6BXbLXBZHVpfQ6LN8p/+WDwcIIkSyWGQxj4V0xTwV\nfNBNoQrXvanrEX+nide28vuX1bJ1UzglhUwcFT12VZL8KIrkviCKMwkBNIuuiXgh\nbtYGBy84ZbPjREgaodbaU45vj38/dpusL75Q2hkUdv5mYvTqN+OPVbJrTTQFzGfw\nM3Pt86iBFfu3XH/ZMH4dbV3HHXJP7+mHI3cOhUlvojwx9hnKygn3fY4Darx/N0yr\niCp6Sz7FI3sExAAIeF+AJ7zqyXK6a/NGve5gAqt1w3fnOYIFeD8f6oXOYBFFniu3\n3uX//4WcNdgyTXKXhDsZAtaLqmHv9jIwGZ0pTlj8xefZPbkoDNON3uC92b0tzI7F\n7+IqOiEf5bg4huU/EJh8emYgU8mPZGpwPtPVUFiKmOY7EbvHS1C6RIqRE1hnCZAa\nZSMup6LLzZGvk6SM0339c5gDJuS+kGkYK/fOwuWJ7qO5m+T/27J1IoNna6JuZ9el\nZDMxs7Rqj4cdezaa3CTV4l8CAwEAAQ==\n-----END PUBLIC KEY-----\n",
    "defaultIV": "78f83dddc0ee01a2ab3ff579c908a33a",
    "sha1Fingerprint": "878bcd84e81c4170",
    "sha256Fingerprint": "c9c2d321b21d34a3e82460df8839e55f3ebca977766658d830d5100fb29bed75",
    "objectType": "Private Key",
    "activationDate": "2021-05-07T03:55:43.229267Z",
    "state": "Active",
    "aliases": [
        {
            "alias": "rsa-key",
            "type": "string",
            "index": 0
        }
    ],
    "links": [
        {
            "id": "6dc578f7-1864-43a7-899a-5035d54f1772",
            "uri": "kylo:kylo:vault:links:6dc578f7-1864-43a7-899a-5035d54f1772",
            "account": "kylo:kylo:admin:accounts:kylo",
            "application": "ncryptify:gemalto:admin:apps:kylo",
            "devAccount": "ncryptify:gemalto:admin:accounts:gemalto",
            "createdAt": "2021-05-07T03:55:47.531762Z",
            "updatedAt": "2021-05-07T03:55:47.531762Z",
            "type": "publicKey",
            "source": "kylo:kylo:vault:keys:rsa-key-v0",
            "sourceID": "b4336425a98541b68a105326be8abd777ac994f789ac46c2a79dd202bd4c33c1",
            "target": "kylo:kylo:vault:keys:rsa-key-pub-v0",
            "targetID": "bd3e3bfa246f470ea6327646b3db359fcb882a6e2a6d4f839c2138569d99e395",
            "index": 0
        }
    ],
    "uuid": "4b9e7c53-40d7-44b7-9fa1-31cf8d0237d3",
    "muid": "4b9e7c53-40d7-44b7-9fa1-31cf8d0237d3e129ed33-317d-4584-9cbf-d0e882f58fca"
}

In the sample output above, "sourceID": "b4336425a98541b68a105326be8abd777ac994f789ac46c2a79dd202bd4c33c1" is the private key ID. The "targetID": "bd3e3bfa246f470ea6327646b3db359fcb882a6e2a6d4f839c2138569d99e395" under "links" is the public key ID, which is used to download the export file.

copy link to clipboardDownload Export File

As a CipherTrust Manager administrator, download the migration data (the export file) from the CCKM Appliance. This file contains migration data to be uploaded to CCKM Embedded.

Run the command:

./ksctl-linux-amd64 migrations download --cckm-host  "<cckm-ip-or-hostname>" --cckm-user "<cckm-user>" --cckm-certificate "<certificate-file-content>" --public-key-id "<public-key-id>"

Here,

  • --cckm-host: IP address or hostname of the CCKM Appliance.

  • --cckm-user: Admin user of the CCKM Appliance.

  • --cckm-certificate: SSL certificate downloaded from the CCKM Appliance.

    By default, the content of the SSL certificate spans over multiple new lines. However, to input the certificate as an inline argument, the certificate content needs to be converted into the single-line format where every new line is represented by \n.

    To covert the certificate into the single-line format:

    1. Download the certificate in a file (say certificate.cert).

    2. Store the certificate file at a location on your machine, for example, at /root/cert/.

    3. Run the following command:

      awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' <full-path-to-certificate-file>

      For example, to convert your certificate file (/root/cert/certificate.cert), run the command:

      awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' /root/cert/certificate.cert

      The above command returns the certificate in the single-line format, as shown below:

      -----BEGIN CERTIFICATE-----\nMIIDhjCCAm6gAwIBAgIGCBPpf2sUMA0GCSqGSIb3DQEBDAUAMC8xIDAeBgNVBAMT\nF0NHIENBIFMgb24gcGt2LWNsdXN0ZXIxMQswCQYDVQQGEwJVUzAeFw0yMTAzMDMw\nNzI0MDVaFw0zMTAzMDQwNzI0MDVaMCQxFTATBgNVBAMTDHBrdi1jbHVzdGVyMTEL\nMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOh14c\nhxamUh7eO/TzdS016djkaL8x1a/uljy8RediBA2W5Yrmm4sTBxO/PFZ0l+OwyzYe\n7VqsCG3P5+lsTiXw2VlXKT7qyiil7P8ParCoKt6v5fp6BjtDZzq7q3uG8daZqL4M\nKrAiI8rcGPDgsAex/kSPAB4di1AFjDDNv7SCiet5kWJq8YeTZEuwYa8rxLi2QEqJ\n4h/mHDqD35jNiSf4FRksWfUwtsY652XIfBvPdnwkpsA/+kENO4Aiuve9CSvyIBmR\nKaqBwnmYdQZaBJGFKEvjnARtSMMwCUlLxikQCiUk1BaW9H7f/WQUuNh7xManRb7w\ndNkhqAhSPyqgjz/TAgMBAAGjgbIwga8wFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEw\nDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0OBBYEFFnFr/+FuXPw\n02+F2es0v8/XeGvzkuy55dTO7SwhLGTKiuv5L2ADawGQmlNQ7thNUN2P\n-----END CERTIFICATE-----\n

    4. Copy the returned single-line certificate content. You need to paste this content as the value for --cckm-certificate.

  • --public-key-id: ID of the local (public) key of the RSA key pair generated in Generate RSA Key Pair.

The command prompts for the password. Enter the password of the CCKM Appliance user (cckm-user).

Example:

./ksctl-linux-amd64 migrations download --cckm-host "127.0.0.1" --cckm-user "admin" --cckm-certificate  "-----BEGIN CERTIFICATE-----\nMIIDhjCCAm6gAwIBAgIGCBPpf2sUMA0GCSqGSIb3DQEBDAUAMC8xIDAeBgNVBAMT\nF0NHIENBIFMgb24gcGt2LWNsdXN0ZXIxMQswCQYDVQQGEwJVUzAeFw0yMTAzMDMw\nNzI0MDVaFw0zMTAzMDQwNzI0MDVaMCQxFTATBgNVBAMTDHBrdi1jbHVzdGVyMTEL\nMAkGA1UEBhMCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOh14c\nhxamUh7eO/TzdS016djkaL8x1a/uljy8RediBA2W5Yrmm4sTBxO/PFZ0l+OwyzYe\n7VqsCG3P5+lsTiXw2VlXKT7qyiil7P8ParCoKt6v5fp6BjtDZzq7q3uG8daZqL4M\nKrAiI8rcGPDgsAex/kSPAB4di1AFjDDNv7SCiet5kWJq8YeTZEuwYa8rxLi2QEqJ\n4h/mHDqD35jNiSf4FRksWfUwtsY652XIfBvPdnwkpsA/+kENO4Aiuve9CSvyIBmR\nKaqBwnmYdQZaBJGFKEvjnARtSMMwCUlLxikQCiUk1BaW9H7f/WQUuNh7xManRb7w\ndNkhqAhSPyqgjz/TAgMBAAGjgbIwga8wFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEw\nDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0OBBYEFFnFr/+FuXPw\n02+F2es0v8/XeGvzkuy55dTO7SwhLGTKiuv5L2ADawGQmlNQ7thNUN2P\n-----END CERTIFICATE-----\n" --public-key-id  "bd3e3bfa246f470ea6327646b3db359fcb882a6e2a6d4f839c2138569d99e395"

Output:

CCKM enterprise user password:
File is downloading.
File downloaded successfully: migration_20210621143427.json

An export file named "migration_<TIMESTAMP>.json" (for example, migration_20210621143427.json) is created and downloaded to your machine.

Note

After downloading the migration data (the export file), open the file and check whether it contains a "containers" tag at the beginning of the file.

copy link to clipboardUpload Export File

As a CipherTrust Manager administrator, upload the downloaded export file to CCKM Embedded.

Run the command:

./ksctl-linux-amd64 migrations upload --file <export-file-name>

Here,

  • --file: Name of the export file.

Example:

./ksctl-linux-amd64 migrations upload --file migration_20210621143427.json

Output:

{
    "id": "26304f13-5626-419b-bd81-459fda7fdb68",
    "file_size": 21712358,
    "created_at": "2021-05-07T04:55:33.251439962Z",
    "checksum_sha256":"3e853d19e1d4a3687dfcf7bde5fc6bb192c19345462c5f4ae05c481acf26968b",
    "product": "CCKM"
}

Note down the "id" value, "26304f13-5626-419b-bd81-459fda7fdb68". It is required when applying the migration data. Now, you need to apply the migration data to CCKM Embedded (refer to Migrate Complete Data).

copy link to clipboardApply Migration Data

The migration data can be applied to CCKM Embedded in two ways:

Note

In a clustered CipherTrust Manager environment, apply the migration data on one node only. Migrated data is automatically replicated to other nodes of the cluster.

copy link to clipboardMigrate Data of Set of Containers

This method requires a list of containers. After the exported file is uploaded to the CipherTrust Manager, you can get the list of containers and select the containers to be migrated.

To migrate the data of a set of containers:

  1. List the migrated containers.

    Run the command:

    ./ksctl-linux-amd64 migrations containers list –id <export-file-id>

    Here,

    • --id: ID of the uploaded export file. Refer to Upload Export File for the ID of the export file.

    Example:

    ./ksctl-linux-amd64 migrations containers list --id 26304f13-5626-419b-bd81-459fda7fdb68

    Output:

    {
    "Containers": [
        {
            "id": "b10ba3f2-b835-485d-b09a-07d4c002ff97",
            "type": "aws",
            "name": "805182230944",
            "tenant": "805182230944"
        },
        {
            "id": "0de664f3-7c70-4fae-9213-4e16bb99a4fc",
            "type": "aws",
            "name": "556782317223",
            "tenant": "556782317223"
        },
        {
            "id": "3f2b09ba-485d-b835-b09a-07d4c002ff97",
            "type": "salesforce",
            "name": "0056A0000011XDvQAM",
            "tenant": "0056A0000011XDvQAM"
        },
        {
            "id": "4f4b11ba-c385-456d-b09a-07d4c002ff97",
            "type": "salesforcesandbox",
            "name": "0056A0000011ABvZCM",
            "tenant": "0056A0000011ABvZCM"
        },
        {
            "id": "0941754d-9cb9-4b32-a241-59f7a4703756",
            "type": "azure",
            "name": "pkv-premium",
            "tenant": "d27d849e-e487-4b0e-a54c-a71e67687d10"
        }
}

    This command returns the list of containers with their IDs. From this list, you can select the containers to be migrated.

  2. Select the desired containers to be migrated. In this example, we will migrate the containers with the IDs "b10ba3f2-b835-485d-b09a-07d4c002ff97" and "0941754d-9cb9-4b32-a241-59f7a4703756".

  3. Apply the migration to migrate the desired container.

    Run the command:

    ./ksctl-linux-amd64 migrations apply --id <export-file-id> --private-key-id <private-key-id>  --migrate-cckm-source-keys --containers "<container1-id>,<container2-id>,...,<containerN-id>"

    Here,

    • --id: ID of the uploaded export file. Refer to Upload Export File for the ID of the export file.

    • --private-key-id: ID of the private key of the RSA key pair. Refer to Generate RSA Key Pair for the private key ID.

    • --migrate-cckm-source-keys: Tag to migrate the source keys.

    • --containers: Comma-separated Azure/AWS container IDs.

    Example:

    ./ksctl-linux-amd64 migrations apply --id 26304f13-5626-419b-bd81-459fda7fdb68 --private-key-id b4336425a98541b68a105326be8abd777ac994f789ac46c2a79dd202bd4c33c1 --migrate-cckm-source-keys --containers "b10ba3f2-b835-485d-b09a-07d4c002ff97,0941754d-9cb9-4b32-a241-59f7a4703756",

    Output:

    {
    "id": "26304f13-5626-419b-bd81-459fda7fdb68",
    "file_size": 22940401,
    "created_at": "2021-05-06T14:19:54.76812635Z",
    "status": "In progress",
    "checksum_sha256": "3386289c00e7e8bf7ad70a5ca12d0852913c0fb3a54f584c28460aa9cd65383e",
    "product": "CCKM"
}

    The container migration data is applied. It might take some time to complete. Verify the migration status. Refer to Check Migration Status for details.

copy link to clipboardMigrate Complete Data

To migrate the complete data, run the command:

./ksctl-linux-amd64 migrations apply --id <export-file-id> --private-key-id <private-key-id> --migrate-cckm-source-keys

Here,

  • --id: ID of the uploaded export file. Refer to Upload Export File for the ID of the export file.

  • --private-key-id: ID of the private key of the RSA key pair. Refer to Generate RSA Key Pair for the private key ID.

  • --migrate-cckm-source-keys: Tag to migrate the source keys.

Example:

./ksctl-linux-amd64 migrations apply --id 26304f13-5626-419b-bd81-459fda7fdb68 --private-key-id b4336425a98541b68a105326be8abd777ac994f789ac46c2a79dd202bd4c33c1 --migrate-cckm-source-keys

Output:

{
    "id": "26304f13-5626-419b-bd81-459fda7fdb68",
    "file_size": 22940401,
    "created_at": "2021-05-06T14:19:54.76812635Z",
    "status": "In progress",
    "checksum_sha256": "3386289c00e7e8bf7ad70a5ca12d0852913c0fb3a54f584c28460aa9cd65383e",
    "product": "CCKM"
}

copy link to clipboardCheck Migration Status

After you have applied the migration data, verify the migration status by running the ksctl migrations status command.

Example:

./ksctl-linux-amd64 migrations status

Output:

{
    "id": "9c9149ad-901b-405f-aefd-b279e6257f97",
    "overall_status": "Completed",
    "source": "CCKM",
    "cckm_azure_keys": {
    "status": "Completed",
    "num_processed": 100,
    "num_failed": 0,
    "num_ignored": 0 },
    "cckm_sfdc_keys": {
    "status": "Completed",
    "num_processed": 100,
    "num_failed": 0,
    "num_ignored": 0 },
    "cckm_aws_keys": {
    "status": "Completed",
    "num_processed": 100,
    "num_failed": 0,
    "num_ignored": 0 },
    "cckm_dsm_keys": {
    "status": "Completed",
    "num_processed": 100,
    "num_failed": 0,
    "num_ignored": 0 }
}

In the sample output above, "overall_status": "Completed" indicates that migration of CCKM Appliance to CCKM Embedded is successful. Also, verify that migration status of different clouds and key sources such as "cckm_azure_keys", "cckm_aws_keys", and "cckm_dsm_keys" is "Completed".

In the output, "num_ignored" indicates the number of Azure keys for which blobs are present on the DSM but the keys have been deleted.

After the migration status is "Completed", you can add connection to supported clouds to perform operations on the added data.

After migration, you can see the migrated keys on the Keys page of the CipherTrust Manager GUI. The migrated keys are added with the prefix Migration-DSM-.

copy link to clipboardAdd Connection

Add connection to the desired clouds on the CipherTrust Manager. Refer to Connection Manager for details on connection management.

copy link to clipboardUpdate Containers

After the connection is created, update connection in AWS KMS, Azure key vaults, Salesforce organizations, and Google key rings on the Containers tab. After the update, keys in supported clouds can be managed from CCKM Embedded.

For Salesforce, you also need to synchronize certificates and update endpoints linked with the organizations.

  • Synchronize certificates: After migration, the certificates linked with the cache-only keys and schedulers are not synchronized. You need to manually synchronize them on CCKM. Refer to Prepare the Cache-Only Key Integration for details.

  • Update endpoints: The endpoint URLs used in Named Credentials for cache-only keys before migration will not work after migration. This is because the Callout URL check performed by Salesforce while fetching the cache-only keys will fail. So, you need to update the endpoint URLs in Named Credential on Salesforce and create the same endpoints on CCKM.

    Alternatively, you can create new endpoint URLs on Salesforce and CCKM and use them.

    Refer to Prepare the Cache-Only Key Integration and Edit a Salesforce Cache-Only Key Endpoint for details.

  • Migrate Cloud Keys Only: Refer to this section for instructions on migrating only the cloud keys from a CCKM Appliance to a CipherTrust Manager.

  • Migrate DSM Source Keys: Refer to this section if you have already migrated cloud keys from a CCKM Appliance to a CipherTrust Manager, with DSM as a key source. Now, they want to migrate the DSM source keys to the CipherTrust Manager.

  • Migrate from CCKM Appliance with CipherTrust Manager as Key Source: Refer to this section to migrate the CipherTrust Manager source keys from a CCKM Appliance to a CipherTrust Manager. Follow instructions in this topic to migrate both cloud keys and the CipherTrust Manager source keys from CCKM Appliance to the CipherTrust Manager.

On this page