Application Data Protection Administration
Application Data Protection solution provides centralized configuration and policy management and unified display for all the application and its associated clients on the CipherTrust Manager. Currently, the Application Data Protection solution provides central management only for DPG.
The Application Data Protection solution consists of:
Central management
Single pane of glass
Central Management
Stores the configurations and policies on the CipherTrust Manger. These configurations and policies are created and managed by the Application Data Protection Administrator. They are shared with associated client when a new client is created or when an Application Data Protection Administrator modifies these configurations and polices. To use the centralized management, the clients must be registered on the CipherTrust Manager.
Let's consider a scenario where the user's environment has 10 instances of application protected by DPG. Now, the user wants to update the symmetric cache expiry interval for all these nodes. In the past, the user would have to manually change every configuration file which is a tedious task, but with central management in picture, the symmetric cache expiry interval is updated only in the configuration and is reflected on all the instances mapped to that configuration. Central management minimizes the manual intervention.
The main objectives of central management are:
Defining application to be protected
Generating registration token
Registering clients on the CipherTrust Manager
Retrieving client configuration/policies from the CipherTrust Manager and using it for cryptographic operations
Updating configuration and policies as needed
How it works
The following diagram shows the basic flow of Application Data Protection solution:
The Application Data Protection Administrator defines an application and decides how to protect it.
The Application Data Protection Administrator gives the registration token to DevOps to insert it into the orchestrator.
The orchestrator deploys the DPG, fetches the configuration/policies from the CipherTrust Manager using the token and shares these details with the DPG.
Using the token, the client register itself on the CipherTrust Manager.
Single pane of glass
Provides a unified view for all the applications that are defined on the CipherTrust Manager. With all the associated clients (protecting applications) at one place, it becomes easy for the Application Data Protection Administrator to manage and keep track of them. To know more about this topic, refer to Single Pane of Glass.
User Roles
The Application Data Protection tile has the following groups with different responsibilities in administering and using the system.
'Application Data Protection Admins' group
There is a group named "Application Data Protection Admins*". Users within this group are Application Data Protection Administrators.
The Application Data Protection Administrator is responsible for creating and managing resources in the Application Data Protection tile:
Protection Policy
Character set
Application
'Application Data Protection Clients' group
There is a group named "Application Data Protection Clients". The users and clients who are part of this group only have read access to the Application Data Protection tile resources.
What's Next
In the following sections, you will learn about:
Interfaces: Provides an overview of the CipherTrust Manager interfaces — REST Application Programming Interface (REST API) and Graphical User Interface (GUI).
Managing Applications: Describes what Application is and how to create, modify, and delete an Application on the CipherTrust Manager. This section also describes about DPG Policy and how to retrieve Registration token.
Managing Character Sets: Describes how to create, modify, and delete character sets.
Managing Protection Polices: Describes what protection policy is and how to create, modify, and delete these policies.
Single Pane of Glass: How to manage all the application and its associated clients on the CipherTrust Manager.
Heartbeat Configuration: Describes the concept of heartbeat.
