CTE Administration
This document describes the CipherTrust Manager interfaces to use CTE. The document explains the CTE concepts such as clients and client groups, signature sets, security rules, and GuardPoints. Next, the document describes how to manage clients and client groups, signature sets, security policies on the CipherTrust Manager. Finally, the document describes how to manage GuardPoints.
It is assumed, for this document, that you have already configured the CipherTrust Manager appliance. Refer to the CipherTrust Manager product documentation for instructions.
The next step is to activate and install the CTE license. Refer to Licensing for details.
After the license is installed, you can configure CTE Agents. Refer to the CTE Agent Quick Start Guide specific to your platform for details. Installation of the CTE Agents is required for protecting directories and files stored on clients.
Organization
This document contains the following sections:
Overview: Provides a high-level overview of the CTE solution.
Interfaces: Provides an overview of the CipherTrust Manager interfaces—Command Line Interface (CLI), REST Application Programming Interface (REST API), and Graphical User Interface (GUI).
Concepts: Describes CTE concepts such as clients, client groups, GuardPoints, policies, and security rules.
Data Transformation: Provides an overview of the data transformation process.
Managing Profiles: Describes how to configure client log criteria, client Syslog settings, Quality of Service (QoS), multifactor authentication (MFA), ransomeware protection (RWP), and server settings etc.
Managing Clients: Describes how to add, register, and manage clients on the CipherTrust Manager.
Managing LDT Communication Groups: Describes how to manage LDT communication groups on the CipherTrust Manager.
Managing Client Groups: Describes how to manage client groups on the CipherTrust Manager.
Managing Signature Sets: Describes how to create signature sets and how to sign and re-sign files in a signature set. The chapter also describes how to stop file signing and how to delete signatures and signature sets on the CipherTrust Manager.
Managing Policies: Describes rules and effects of security policies, and provides instructions to create, configure, import, and export security policies on the CipherTrust Manager.
Managing GuardPoints: Describes how to create, view, and delete GuardPoints on the CipherTrust Manager. The chapter provides information on automatic and manual GuardPoints and provides steps to configure Windows network drives.
Managing Kubernetes Storage Groups and Clients: Describes how to manage Kubernetes (K8s) storage groups, manage K8s clients, apply GuardPolicies to storage groups, and protect K8s clients.
Sharing Resources Across Domains: Describes how to share CTE resources across CipherTrust Manager domains.
Multifactor Authentication: Describes how Multifactor Authentication (MFA) works for CTE clients and GuardPoints.
Communication with CipherTrust Manager: Describes how communication takes place between the CTE clients and CipherTrust Manager.
Configuring Cluster Node Preference: Describes how to configure preferred nodes of a CipherTrust Manager cluster for sending status updates from CTE clients.
Backup and Restore: Describes how to back up CTE policies and restore them to other CipherTrust Managers.
Integrating CTE Logging with Splunk: Describes how to integrate the CTE audit logging with Splunk.
Migrating CTE Configuration from Data Security Manager: Describes how to migrate CTE configuration from the DSM to the CipherTrust Manager.
Migration Summary: Provides a summary of the CTE resources migrated from the DSM to CipherTrust Manager, mapping of the resources that are handled differently between the two key managers. Also, the section provides any constraints applicable to the migrated resources and describes how to interpret the migration status.
Migrating ProtectFile to CipherTrust Transparent Encryption: Thales CipherTrust Transparent Encryption solutions provide state-of-the-art encryption solutions that cover all of the use cases for ProtectFile and other legacy applications. This guide helps you to migrate from ProtectFile and legacy applications, to CipherTrust Transparent Encryption or CipherTrust Transparent Encryption Userspace. The PFMigrate docs have been moved to their own site. This site contains the documentation for all use cases for PFMigrate.
Permissions: Describes the complete permissions required to perform create, read, update, and delete operations on CTE resources.
Quorum Control: Describes the quorum control for CTE operations and resources.
Confidential Computing: Describes support for Confidential Computing with Intel Trust Domain Extensions (TDX) attestation.
Ransomware Protection: Describes how to protect CTE clients from Ransomware.
Unique to Client Keys: Describes how to make a key unique to a client.
Load Balancer: Describes how to configure the load balancer for CTE on CipherTrust Manager.
Operations: Describes the operations that the CTE Server Administrator performs on the CipherTrust Manager. These operations include registering CTE clients with the CipherTrust Manager, using external CA certificates, re-registering the clients, and protecting file system on a CTE client.
Certificate Renewal: Describes how the CTE clients are automatically notified of any changes in the client certificate or the web interface certificate.
Common Scenarios: Describes the common encryption scenarios in which the paths can be encrypted using the CTE solution.
Reports: Describes how to generate and download CTE reports.
Troubleshooting: Describes how to handle the issues that you might face when using CTE with the CipherTrust Manager.
API Examples: Provides examples to use CTE APIs to perform tasks such as decrypting LDT-protected GuardPoints.
API Response Codes: Describes the response codes returned by the CTE APIs with corresponding messages, and possible corrective actions to be taken for them.