Deleting Clients

Only CipherTrust Manager administrators can delete clients. When a client is deleted from the CipherTrust Manager, the client moves to the Expunged state and the CTE Agent is notified to drop client configuration. The CTE Agent installations on the client continue to run, complete with the applied policies. To completely remove a CTE Agent from the client, uninstall the Agent from the client system.

When Agent uninstallation is initiated, the client record is deleted from the CipherTrust Manager. The CipherTrust Manager pushes the configuration change to the CTE Agent running on that client. As a result, the following occur on the client:

• CTE Agent certificates are deleted.

• The URL line is removed from the agent.conf file.

• The GuardPoints are removed.

• The client is no longer recognized by the CipherTrust Manager. If the CTE Agent tries to communicate with the CipherTrust Manager, the connection is refused.

Deleted Client Indicators

A client is successfully deleted from the CipherTrust Manager GUI if:

• CipherTrust Manager URL is deleted from the CTE Agent agent.conf file.

• Certificates are removed from the ./agent/pem directory.

However, if the client is deleted and its identity is changed while it is offline:

• The GuardPoints are not removed

• The certificates remain intact in the ./agent/pem directory

• The agent.conf file remains unchanged

• But the Agent and CipherTrust Manager still cannot communicate with each other.

Logging for the CTE Agent on the CipherTrust Manager is also affected if an offline client is deleted. When the client comes online, log messages about the denied connection can be viewed only by CipherTrust Manager administrators of type System or All (when not in a domain). This is because the CipherTrust Manager:

• No longer has the client's record.

• Does not know which domain and the group the client belongs to.

• Cannot send messages to the appropriate log service.