Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

ProtectV Administration

Configuring Key Management Settings

search

Please Note:

Configuring Key Management Settings

Key management refers to configuring in-transit key wrapping, Windows auto protection, key rotation (rekey), and auto keys deletion. A ProtectV administrator can configure these features on the Settings page of the CipherTrust Manager console.

In-transit Key Wrapping

Enabling In-transit Key Wrapping

To enable in-transit key wrapping:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the ProtectV application.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane.

    Settings page

    This page contains the following tabs:

    TabDescription
    KeysProvides options to configure key wrapping, Windows auto protection, key rotation, and automatic key deletion. This is the default tab.
    KeystoreProvides options to configure a remote keystore.
    AutoscaleProvides options to enable or disable global autoscaling.

  4. On the Keys tab, click the toggle switch next to Key Wrapping to turn it ON. This enables key wrapping. By default, key wrapping is OFF (disabled).

    Key wrapping set to on

Disabling In-transit Key Wrapping

To disable in-transit key wrapping:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the ProtectV application.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane. By default, the Keys tab is displayed.

    Keys tab

  4. Click the toggle switch next to Key Wrapping to turn it OFF. This disables key wrapping.

    Key wrapping set to off

Windows Auto Protection

Note

Windows Auto Protection is applicable to Windows clients.

Disabling Windows Auto Protection

By default, Windows auto protection is enabled for all clients (turned ON). A ProtectV administrator can turn off this feature on the CipherTrust Manager console.

To disable Windows auto protection:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the ProtectV application.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane. By default, the Keys tab is displayed.

    Settings page

  4. Click the Windows Auto Protection toggle switch to turn it OFF.

    Windows auto protection set to off

This disables Windows automatic protection.

Enabling Windows Auto Protection

By default, Windows auto protection is ON (enabled). If the feature is disabled (turned OFF), a ProtectV administrator can enable it on the CipherTrust Manager console.

To enable Windows auto protection:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the ProtectV application.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane. By default, the Keys tab is displayed.

  4. Click the Windows Auto Protection toggle switch to turn it ON.

    Windows autoprotection set to on

This enables Windows automatic protection.

Rekey (Key Rotation)

Configuring Rekey

To configure rekey:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the ProtectV application.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane. By default, the Keys tab is displayed.

    Settings page

  4. Click the Key Rotation toggle switch to turn it ON. This enables key rotation.

    Key Rotation set to on

  5. Specify the Rekey Interval after which the partition key should be changed automatically. By default, the partition key will be changed after 180 days.

  6. Click Save. A green mark indicates that key rotation is effective.

    Save button

The partition key will be changed after the specified rekey interval (now onward).

Disabling Rekey

To disable key rotation:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the ProtectV application.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane. By default, the Keys tab is displayed. It shows the current key rotation settings.

    Keys page with key rotation settings

  4. Click the Key Rotation toggle switch to turn it OFF.

    Key rotation set to off

This disables key rotation.

Automatic Key Deletion

ProtectV provides an option to configure automatic deletion of encryption keys on deletion of the associated ProtectV Client images.

By default, this option is disabled. In this case, the keys with which an image’s partitions are encrypted will not be deleted if the image is deleted. However, when the option is enabled, deletion of the encrypted image will automatically delete the linked encryption keys.

Enabling Automatic Key Deletion

To enable automatic key deletion:

  1. Log on to the CipherTrust Manager GUI.

  2. Open the ProtectV application.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane. By default, the Keys tab is displayed.

    Settings page

  4. Click the Key Auto Delete toggle switch to turn it ON.

    Key Auto Delete set to on

This enables automatic keys deletion with the deletion of associated ProtectV images. Subsequent deletion of encrypted images will automatically delete the linked encryption keys.

Disabling Auto Keys Deletion

To disable automatic keys deletion:

  1. Log on to the CipherTrust Manager GUI.

  2. Click the ProtectV tab. A shortcut menu appears in the left pane.

  3. In the left pane, click Settings. The Settings page is displayed in the right pane. By default, the Keys tab is displayed. It shows that automatic keys deletion is enabled.

  4. Click the Key Auto Delete toggle switch to turn it OFF.

    Key auto delete set to off

This disables automatic keys deletion with the deletion of associated ProtectV images. Subsequent deletion of encrypted images will not delete the linked encryption keys.

On this page