Network Shares
In a NAS environment where an unsupported operating system or firmware is running on the NAS server, installing CTE UserSpace becomes impossible, and network shares and the encryptor client come into play.
The network shares that need to be encrypted are added to the CipherTrust Manager and mounted on the clients where they are accessed. All these clients must be registered with the CipherTrust Manager so that users can access encrypted directories.
Encryptor clients are used in a NAS scenario. A registered CTE UserSpace client that is designated to perform encryption of existing data is called an encryptor client. The encryptor client is essential because the CipherTrust Manager cannot migrate the NAS share itself and needs a CTE UserSpace agent to do so. When an encryptor client is assigned, it performs special tasks such as initial migration of data or key rotation. Outside these cases, the encryptor client does nothing and is a normal client with CTE UserSpace installation accessing the share.
Prerequisites
The IP address, hostname, and Fully Qualified Domain Name (FQDN) of the NAS server must be fully resolvable at CTE UserSpace clients.
It is recommended that NAS server's IP address remains static. If the IP address is changed, the network share becomes inaccessible. Either use the hostname or manually change the IP address on the CipherTrust Manager.
Before applying a NAS rule from a client running CTE UserSpace, the network share must be mounted at the specific path on the client. Refer to the "Mounting the Network Share" section in the CTE UserSpace Clients User's Guide for details.
Creating a Network Share
The following table lists the parameters that are required when creating or managing a network share on the CipherTrust Manager:
| Parameter | Description |
|---|---|
| Name | Friendly name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory. |
| IP Address or Hostname | IP address or hostname of the NAS server where NAS path is shared. This field is mandatory. |
| Share Name | Path shared on the NAS server. This field is mandatory. |
| Share Type | Type of the network share—NFS. This field is mandatory. CTE UserSpace does not support SMB shares. |
| Encryptor Client | Name of the client that will perform initial encryption of data on the network share. If an encryptor client is not specified, data on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later. This document, may at times, abbreviate "encryptor client" to encryptor. |
| Auto Mount | (Not applicable to CTE UserSpace) Whether a network share is automatically mounted through Autofs. The default value is false. |
CTE UserSpace provides options to view existing network shares, view and modify their details, and delete them when they are no longer required.
Linking a Network Share with a Client
A network share needs to be linked with client instances so that authorized client users can access data stored on it. This is called client-network share association. Each client, where the network share will be accessed, must be registered with the CipherTrust Manager.
A network share is automatically linked to the encryptor client if the encryptor is specified during the creation of the network share.
CTE UserSpace provides options to view the list of network shares linked with a client, and the list of clients accessing a particular network share.
