ProtectFile Administration
This document describes how to manage client profiles and ProtectFile clients on CipherTrust Manager. The guide also provides instructions to encrypt local file systems and network shares using encryption keys stored on the CipherTrust Manager.
It is assumed, for the purpose of this document, that the reader has already configured the CipherTrust Manager appliance.
Note
This document, may at times, abbreviate ProtectFile client to client.
Organization
The ProtectFile Administrator Guide contains the following chapters:
Interfaces: Provides an overview of the CipherTrust Manager interfaces—Command Line Interface (CLI), REST Application Programming Interface (REST API), and Graphical User Interface (GUI).
Client Profiles: Describes client profiles.
Clients: Describes clients.
Access: Describes access policy groups, access policies, group types, and access policies for processes, group association.
Keys: Provides information on keys used for encrypting data using ProtectFile.
Rules: Describes encryption rules, migration process, and subdirectories ignored during encryption.
Client-Rule Associations: Describes a client-rule association and cryptographic operations and their state flow.
Network Shares: Describes how to create a network share, prerequisites to protect a network share, and how to link a network share with a client.
Clusters: Describes how to create a cluster and how to link a client to a cluster.
Operations: Describes the process to register a ProtectFile client with the CipherTrust Manager. The chapter also provides instructions on how to protect local file systems and network shares using ProtectFile.
Migration from KeySecure Classic to CipherTrust Manager: Migrate encrypted ProtectFile clients from KeySecure Classic to CipherTrust Manager (formerly known as Next Generation KeySecure).
Migrating ProtectFile to CipherTrust Transparent Encryption: Migrate Linux and Windows file servers, databases, clusters, etc, which are using ProtectFile for transparent encryption of data, to CipherTrust Transparent Encryption with the CM platform.
User Roles
The ProtectFile has different kinds of users with different responsibilities in administering and using the system.
Note
It is critical that credentials for these users be kept in a secure location. If a credential is compromised an attacker could gain access to sensitive data.
ProtectFile Administrator
There is a System Defined Group named ProtectFile Admins. Users within the ProtectFile Admins group are ProtectFile Administrators.
A ProtectFile Administrator is responsible for creating and managing the following ProtectFile resources:
Client profiles and clients
Network shares, and share-clients and share-rules associations
Clusters, and cluster-clients and cluster-rules associations
Access policies, access policy groups, and their associations
Rules and client-rule associations
Client Registration Tokens (with additional rights of System Defined Group named "CA Admins")
ProtectFile User
There is a System Defined Group named ProtectFile Users. CipherTrust Manager clients enrolled for ProtectFile are part of this group.