Sharing Resources Across Domains
CTE clients having sensitive data can be shared across multiple departments and teams. Every department manages their data security requirements through different domains on the CipherTrust Manager. So, such a machine having sensitive data at multiple locations needs to be protected by different security administrators with different kinds of policies.
CipherTrust Manager supports sharing of CTE clients and client groups across multiple domains. Different domain administrators can apply different GuardPoints on the same client from their domains. On the client, there will be a single security configuration with all types of protection policies applied to multiple paths irrespective of the domains they are created in.
Note
If multiple domains with the same name exist in the domain hierarchy, clients and client groups are shared with the first domain found with that name.
The GuardPoints created on the clients and client groups in one domain (called native domain) will also be visible in other (nonnative) domains but in read-only mode.
Sharing a Client Across Domains
A shared client will be visible in read-only mode in all the domains where it is shared. The GuardPoints can be created on the shared client from any of the linked domains. These GuardPoints will be visible in read-only mode in all the linked domains except their native domains (where the GuardPoints are created). All the valid operations on the GuardPoints will be allowed from the native domains.
This functionality is transparent to the CTE client, that is, the client will receive a single security configuration having GuardPoint details of all the domains.
The following diagram shows the client-sharing workflow:
To share a client across domains:
Open the Transparent Encryption application. The Clients page is displayed. This page lists the clients added to this CipherTrust Manager appliance.
Under Client Name, click the desired client.
In the mini detail view, select Domain Sharing.
Alternatively, to enable domain sharing on a client, click the expand icon () corresponding to the desired client, select Domain Sharing in the mini detail view, and click Apply.
Click Apply. Now, the Sharing tab is displayed.
On the Sharing tab, click Share With Other Domains. The Share With Other Domains dialog box is displayed.
Under Domain Name, select the domains with which you want to share the client. The dialog box also provides an option to select all the domains, if required.
Click Share.
The client is shared across selected domains of the CipherTrust Manager.
Removing Client Sharing from Domains
Removing Individual Domains
To remove client sharing from a domain:
Open the Transparent Encryption application. The Clients page is displayed.
Click Clients > Clients.
Under Client Name, click the desired client. The detail view of the Clients page is displayed.
Click the Sharing tab.
Under Domain Name, select the check box corresponding to the desired domain.
Click Remove. A dialog box appears prompting to confirm the action. Deleting this domain is permanent and cannot be undone.
Click Delete.
The client is no longer shared with the selected domain.
Removing Multiple Domains
To remove client sharing from multiple domains:
Open the Transparent Encryption application. The Clients page is displayed.
Click Clients > Clients.
Under Client Name, click the desired client. The detail view of the Clients page is displayed.
Click the Sharing tab.
Under Domain Name, select the check box corresponding to the desired domains. To select all domains visible on the page, select the top check box to the left of the Domain Name heading.
Click the delete icon (). A dialog box appears stating that deleting the selected domains is permanent and cannot be undone.
Click Delete.
The client is no longer shared with the selected domains.
Sharing a Client Group Across Domains
A shared client group will be visible in read-only mode in all the domains where it is shared. The GuardPoints can be created on the shared client group from any of the linked domains. These GuardPoints will be visible in read-only mode in all the linked domains except their native domains (where the GuardPoints are created). All the valid operations on the GuardPoints will be allowed from the native domains.
Clients can be added to the shared client group from all the linked domains (including the native domain). All the GuardPoints added to the client group (from all the domains) will be propagated to the clients in the group.
Propagation of client settings and other configuration (like LDT suspend/resume) is passed on to all the clients in the group irrespective of the domain.
To share a client group across domains:
Open the Transparent Encryption application. The Clients page is displayed. This page lists the clients added to this CipherTrust Manager appliance.
Click Clients > Client Groups.
Under Client Group Name, click the desired client group.
In the mini detail view, select Domain Sharing.
Alternatively, to enable domain sharing on a client group, click the expand icon () corresponding to the desired group, select Domain Sharing in the mini detail view, and click Apply.
Click Apply. Now, the Sharing tab is displayed.
On the Sharing tab, click Share With Other Domains. The Share With Other Domains dialog box is displayed.
Under Domain Name, select the domains with which you want to share the client group. The dialog box also provides an option to select all the domains, if required.
Click Share.
The client group is shared across selected domains of the CipherTrust Manager.
Note
If a client group is shared across domains, then deleting its native domain member clients returns the "resource not found" error.
Removing Group Sharing from Domains
Removing Individual Domains
To remove group sharing from a domain:
Open the Transparent Encryption application. The Clients page is displayed.
Click Clients > Client Groups.
Under Client Group Name, click the desired client group. The detail view of the Client Groups page is displayed.
Click the Sharing tab.
Under Domain Name, select the check box corresponding to the desired domain.
Click Remove. A dialog box appears stating that deleting the selected domain is permanent and cannot be undone.
Click Delete.
The client group is no longer shared with the selected domain.
Removing Multiple Domains
To remove group sharing from multiple domains:
Open the Transparent Encryption application. The Clients page is displayed.
Click Clients > Client Groups.
Under Client Group Name, click the desired client group. The detail view of the Client Groups page is displayed.
Click the Sharing tab.
Under Domain Name, select the check box corresponding to the desired domains. To select all domains visible on the page, select the top check box to the left of the Domain Name heading.
Click the delete icon (). A dialog box appears stating that deleting the selected domains is permanent and cannot be undone.
Click Delete.
The client group is no longer shared with the selected domains.