Managing Instances

Managing instances involves viewing their details, encrypting or decrypting entire instances, and encrypting or decrypting their specific partitions. It also involves detaching partitions from one instance and attaching them to other instances.

Viewing Details of an Instance

To view details of an instance:

1. Log on to the CipherTrust Manager GUI.

2. Open the ProtectV application. The Images page is displayed on the right.

   

3. Under Name, click a link to view running instances of the image.

   Alternatively, click the overflow () icon corresponding to the desired image and click List Instances.

   

   Note

   If there are any instances (clones) based on an instance, the overflow () icon is replaced by the List Instances button. The Delete option is available for instances that have no clones based on them.

   The Instances page is displayed.

   ()

   This page shows the following details.

   Item	Description
   Name	Name of the instance.
   IP	IP address assigned to the instance.
   Authorized	Displays whether the instance is authorized for encryption key. • If turned ON, then only the instance will be granted encryption keys. The instance will be up only after receiving the encryption key. • If turned OFF, then the instance will not be granted encryption keys; the instance will remain inaccessible.
   Encryption Enabled	Displays whether the partitions of the image will be encrypted. Use the toggle switch to turn the setting ON or OFF. If turned ON, then only partitions on instances based on this image will be encrypted.
   Alerts	Indicates whether there is any alert related to the instance. A ProtectV administrator needs to take appropriate actions.
   Expand Icon ()	Displays the following details: • Last Connected: When the instance was connected the last time. • OS: Operating system running on the instance—Linux or Windows. • Client Version: Version of the ProtectV Client installed. The icon turns to the Collapse icon (). Click it to hide the above infrmation.
   Overflow Icon ()	Displays additional information.

Viewing Partitions of an Instance

To view details of an instance:

1. Log on to the CipherTrust Manager GUI.

2. Open the ProtectV application. The Images page is displayed on the right.

   

3. Under Name, click a link to view running instances of the image. The Instances page is displayed.

   

4. Under Name, click a link to view partitions of the instance.

   Alternatively, click the overflow ( ) icon corresponding to the desired image and click List Instance Partitions.

   

   The Instance Partitions page is displayed.

   

   This page shows the following details:

   Item	Description
   Status	Encryption status of the partition. The locked icon indicates that the partition is encrypted. An unlocked icon indicates that the partition is not yet encrypted.
   Disks	Name of the partition.
   Local Name	Friendly name for the partition.
   Encrypt	Encrypt/decrypt the partition. Use the toggle switch to mark the partition for encryption or decryption. It also allows you to encrypt the partition that you decrypted manually.
   Size	Size of the partition.
   Refuse It / Allow It	(Available for encrypted partitions) Refuse or allow encryption key to the partition. • Refuse It: Refuse encryption key to the partition. After clicking, the button changes to Allow It. • Allow It: Allow encryption key to the partition. After clicking, the button changes to Refuse It.
   Expand Icon ()	Displays the following details: • Key: Name of the encryption key. • Last Rekeyed: Date and time when the encryption key was changed. The icon turns to the Collapse icon (). Click it to hide the above infrmation.

Decrypting Instances

On the CipherTrust Manager console, you can decrypt either entire instances or their specific partitions. By default, all partitions of instances are designated for decryption. All partitions of the instance become plaintext after decryption. This section describes steps to decrypt entire instances.

To decrypt an encrypted instance:

1. Log on to the CipherTrust Manager console.

2. Open the ProtectV application. The Images page is displayed on the right.

3. Under Name, click a link to view running instances of the image. The Instances page is displayed.

   

4. Click the Encryption Enabled toggle switch to turn it OFF.

   

Decryption of the instance will happen on the next reboot. Until the instance is rebooted, it remains encrypted. After the instance is rebooted, verify the successful decryption on the CipherTrust Manager.

After decryption, the instance remains registered with the CipherTrust Manager. The ProtectV Client can now be uninstalled from the instance. Refer to "Uninstalling SafeNet ProtectV Clients" in the ProtectV Clients Administrator Guide for details.

Clones of a Decrypted Client Instance

When a decrypted instance is cloned, ProtectV encrypts the cloned instance during the first reboot. If needed, decrypt the cloned instance, as described in Decrypting Instances.

Decrypting/Encrypting Specific Partitions

In addition to decrypting or encrypting entire instances, you can decrypt or encrypt specific partitions of instances on the CipherTrust Manager console.

• A Linux instance requires reboot to initiate encryption after it is registered. Before the instance is rebooted, you can specify which partitions to encrypt on the CipherTrust Manager.

• If Windows Auto Protection is enabled, which is the default setting, encryption of a Windows instance starts as soon as it is registered successfully. By default, all partitions of the client instance will be encrypted. After the first encryption, you can specify partitions for decryption. Similarly, you can specify which decrypted partitions to encrypt.

• If Windows Auto Protection is disabled, encryption of a newly registered Windows client instance will not start automatically. You can select specific partitions for encryption for the first time, as described below. Encryption of selected partitions will start after the client instance is rebooted.

To decrypt/encrypt a partition of a client instance:

1. Log on to the CipherTrust Manager GUI.

2. Open the ProtectV application. The Images page is displayed on the right.

3. Under Name, click a link to view running instances of the image. The Instances page is displayed.

   

4. Under Name, click a link to view partitions of the instance. The Instance Partitions page is displayed.

   

   • Clicking the Encrypt toggle switch corresponding to an encrypted partition marks it for decryption. The Encrypt toggle switch turns OFF. The partition will be decrypted on the next client reboot. Until the client instance is rebooted successfully, it remains encrypted (status remains locked). After the instance is rebooted, you can verify the successful decryption on the CipherTrust Manager.

   • Clicking the Encrypt toggle switch corresponding to a decrypted partition marks it for encryption. The Encrypt toggle switch turns ON. The partition will be encrypted on the next client reboot. Until the client instance is rebooted successfully, it remains decrypted (status remains unlocked). After the instance is rebooted, you can verify the successful encryption on the CipherTrust Manager.

   Note

   Clicking the toggle switch does not start encryption or decryption immediately. The operation is performed only after the instance is rebooted.

Attaching/Detaching Partitions

Encrypted partitions can be detached from one instance and attached to another instance encrypted with ProtectV. However, encryption keys will not be automatically available to these partitions. If needed, manually allow encryption keys to these partitions.

To allow the encryption key to the attached partition:

1. Log on to the CipherTrust Manager GUI.

2. Open the ProtectV application. The Images page is displayed on the right.

3. Under Name, click a link to view running instances of the image. The Instances page is displayed.

   

4. Under Name, click a link to view partitions of the instance. The Instance Partitions page is displayed.

   

5. Click the Allow It button corresponding to the encrypted partition newly attached to the instance. The encryption key is allowed to the partition, and the button becomes Refuse It.

   

Clicking the Refuse It button for an encrypted partition revokes the encryption key from the partition.