Clusters
A cluster is a group of clients that share the same encryption rules. A designated encryptor client (one cluster node) performs initial encryption. The encryptor client in the cluster distributes the policies to the other cluster nodes configured on the CipherTrust Manager. This must be the active node for active-passive configuration to work. In active-passive mode, the encrypted directory is on a file system activated exclusively on one the active node of the cluster.
Note
In an active-passive NFS export configuration, locally encrypted paths are not supported.
This section describes the prerequisites needed to protect clusters of CTE UserSpace clients. Also, the section describes how to create a cluster and link clients to it.
Prerequisites
Coordinate with the client administrator to ensure the following:
CTE UserSpace is installed on all nodes that will form the cluster. Refer to "Installing CTE UserSpace" in clients guide for details.
All CTE UserSpace nodes that will form the cluster are registered with the CipherTrust Manager.
The shared mounted location to protect exists on all clients.
Refer to "File Systems" in the CTE UserSpace Release Notes for the list of file systems for which CTE UserSpace supports the active-active or active-passive cluster configuration on cluster nodes.
The following cluster packages are installed on all nodes that will from the cluster:
Package RHEL 7 Red Hat Enterprise Linux High Availability (for RHEL X Server) rhel-ha-for-rhel-7-server-rpms Red Hat Enterprise Linux Resilient Storage (for RHEL X Server) rhel-rs-for-rhel-7-server-rpms Refer to RHEL HA Installation for details.
Refer to the "Deploying CTE UserSpace on Clusters" in the clients documentation for active-passive and active-active use cases.
Managing Clusters
CTE UserSpace provides options to create new clusters, view existing clusters, view and modify their details, and delete them when they are no longer required.
Creating a Cluster
When creating a cluster, specify the name for the cluster and the encryptor client for the cluster.
To create a cluster:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Clusters.
Specify a Friendly Name for the cluster. The cluster will be identified by this name on the CipherTrust Manager. This field is mandatory.
Specify Linux as the Cluster OS Type. All clients that will from the cluster must be running this operating system. The default operating system is Windows.
Select an Encryptor Client. This client will perform encryption of data shared among clients in the cluster. If an encryptor client is not specified, data on the clients in the cluster cannot be encrypted. However, you can modify the cluster to specify the encryptor client later.
This document, may at times, abbreviate "encryptor client" to encryptor.
Click Create.
The cluster is created.
Viewing Clusters
CTE UserSpace provides options to view existing clusters and their details. Filter clusters based on characters in their and encryptor client names, and cluster OS type (Any, Windows, or Linux).
To view existing clusters:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Clusters. The Clusters page shows the list of added clusters. The following details are displayed:
Parameter Description Friendly Name Friendly name for the cluster. The cluster is identified by this name on the CipherTrust Manager. Cluster OS Type Operating system running on all clients in the cluster. Linux is displayed for CTE UserSpace clusters. Encryptor Client Name of the client that performs encryption of data shared among clients in the cluster. If an encryptor client is not specified, data on the clients in the cluster cannot be encrypted. However, you can modify the cluster to specify the encryptor client later. Windows Cluster Name Not applicable to CTE UserSpace.
Deleting Clusters
You can delete a cluster from the CipherTrust Manager when it is no longer required. Before deleting a cluster, make sure that neither a client nor a rule is linked to it. Refer to Unbinding a Cluster from a Client for details.
To delete a cluster:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Clusters. The Clusters page shows the list of existing clusters.
Click the overflow icon () corresponding to the cluster you want to delete.
Click Delete. A dialog box is displayed prompting you to confirm the action. Deletion of a cluster is permanent and cannot be undone.
Click Delete.
The cluster is deleted.
Linking a Client with a Cluster
After a cluster is created, clients can be added to it to complete the cluster. This is called cluster-client association. Each client in the cluster must be registered with the CipherTrust Manager.
In a cluster, encryption rules are deployed on paths shared among all clients in the cluster. The encryptor client specified during the creation of a cluster is automatically linked to the cluster.
CTE UserSpace provides options to view the list of clients linked with a cluster.
A client-cluster association can be created on the Clients or Clusters page.
On the Clusters Page
To link a cluster with a client:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Clusters. The Clusters page shows the list of existing clusters.
Under Clients for Cluster "<cluster-name>", click the Add a Client to this Cluster link. The "Adding the Client to Cluster <cluster-name>" page shows the list of available clients.
Select the desired client.
Click Add Client To Cluster. You might need to scroll down the page.
The client-cluster association is created. The cluster is displayed under Clients for Cluster "<cluster-name>".
On the Clients Page
To link a cluster with a client:
Open the ProtectFile & Transparent Encryption UserSpace application. The Clients page is displayed.
Under Client Name, click the desired client.
Under Clusters for Client "<client-name>", click the Add this Client to a Cluster link. The list of available clusters is displayed.
Optionally, create a new cluster by clicking New Cluster. You might need to scroll down the page.
Select the desired cluster.
Click Add Client To Cluster. You might need to scroll down the page.
The client-cluster association is created. The cluster is displayed under Clusters for Client "<client-name>".
Unbinding a Client from a Cluster
A client-cluster association can be removed on the Clients or Clusters page.
On the Clusters Page
To unbind a cluster with a client:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Clusters. The Clusters page shows the list of existing clusters.
Under Clients for Cluster "<cluster-name>", click the overflow icon () corresponding to the client you want to unlink the cluster from.
click Unbind.
The client-cluster association is removed. The cluster is removed from Clients for Cluster "<cluster-name>".
On the Clients Page
To unlink (unbind) a client-cluster association:
Open the ProtectFile & Transparent Encryption UserSpace application. The Clients page is displayed.
Under Client Name, click the desired client.
Under Clusters for Client "<client-name>", click the overflow icon () corresponding to the cluster you want to unlink the client from.
Click Unbind.
The client-cluster association is removed. The cluster is removed from Clusters for Client "<client-name>".