Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTE Administration

Communication with CipherTrust Manager

search

Please Note:

Communication with CipherTrust Manager

A REST-based connection is created from a CTE client to the CipherTrust Manager. Although the connection is one-way, it imitates a two-way connection-like interaction between the CTE client and the CipherTrust Manager.

How the Communication Works

  1. The CTE client registers with the CipherTrust Manager using a registration token and fingerprint of the server's "web" interface certificate.

  2. When the CTE client registers, the CipherTrust Manager sends the security configuration to the CTE client. This configuration includes the list of nodes in the CipherTrust Manager cluster.

  3. The CTE client sends the connection request to every node of the CipherTrust Manager cluster.

  4. Every node holds the connection request until either of the following happens:

    • Any event that requests configuration push to the CTE client

    • A timeout of three minutes

For example, in a five-node CipherTrust Manager cluster, after registration with a particular node, the CTE client:

  1. Receives security configuration from that CipherTrust Manager node.

  2. Establishes a connection with all five nodes of the cluster.

  3. If a directory browse operation is triggered on any of the cluster nodes, the node sends the browse request to the connection held by it.

  4. The CTE client responds to the browse request and sends a new connection request.

When a CipherTrust Manager Node is Down

If a CipherTrust Manager node goes down:

  1. If any other node pushes the security configuration to the CTE client due to some event (for example, policy change etc.), the security configuration does not include details of the failed node in it. With the new security configuration, the CTE client identifies the new node list and does not send the request to failed node.

  2. Until the updated node list is pushed to the CTE client through the security configuration, the CTE client keeps on sending the connection requests to the failed node, which in turn, is going to fail.

When a New Node is Added to the Cluster

Whenever a new node is added to the CipherTrust Manager cluster:

  1. The CipherTrust Manager sends the updated node list to the CTE client.

  2. The CTE client establishes the connection with the new node and existing nodes in the list.

On this page