Network Shares
In a NAS environment where an unsupported operating system or firmware is running on the NAS server, installing CTE UserSpace becomes impossible, and network shares and the encryptor client come into play.
The network shares that need to be encrypted are added to the CipherTrust Manager and mounted on the clients where they are accessed. All these clients must be registered with the CipherTrust Manager so that users can access encrypted directories.
Encryptor clients are used in a NAS scenario. A registered CTE UserSpace client that is designated to perform encryption of existing data is called an encryptor client. The encryptor client is essential because the CipherTrust Manager cannot migrate the NAS share itself and needs a CTE UserSpace agent to do so. When an encryptor client is assigned, it performs special tasks such as initial migration of data or key rotation. Outside these cases, the encryptor client does nothing and is a normal client with CTE UserSpace installation accessing the share.
Prerequisites
The IP address, hostname, and Fully Qualified Domain Name (FQDN) of the NAS server must be fully resolvable at CTE UserSpace clients.
It is recommended that NAS server's IP address remains static. If the IP address is changed, the network share becomes inaccessible. Either use the hostname or manually change the IP address on the CipherTrust Manager.
Before applying a NAS rule from a client running CTE UserSpace, the network share must be mounted at the specific path on the client. Refer to the "Mounting the Network Share" section in the CTE UserSpace Clients User's Guide for details.
Managing Network Shares
CTE UserSpace provides options to view existing network shares, view and modify their details, and delete them when they are no longer required.
Creating a Network Share
CTE UserSpace provides options to view existing network shares, view and modify their details, and delete them when they are no longer required.
To create a network share:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Shares. The Shares page shows the list of added network shares.
Click New Share. You might need to scroll down the page.
Under the New Share section, specify the following details:
Parameter Description Friendly Name Friendly name to display on the CipherTrust Manager to uniquely identify a network share. This field is mandatory. IP Host Name IP address or hostname of the NAS server where the NAS path is shared. This field is mandatory. Share Name Path shared on the NAS server. This field is mandatory. Type Type of the network share, NFS. This field is mandatory.
CTE UserSpace does not support SMB shares.Encryptor Client Name of the client that will perform initial encryption of data on the network share. If an encryptor client is not specified, data on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later.
This document, may at times, abbreviate "encryptor client" to encryptor.Auto Mount (Not applicable to CTE UserSpace) Whether a network share is automatically mounted through Autofs. By default, the check box is clear. This field is applicable to NFS shares. Click Create.
The newly added network share is added to the shares list.
Viewing Network Shares
CTE UserSpace provides options to view existing network shares and their details. Filter shares based on characters in their and encryptor client names, and share type (Any, SMB, or NFS).
To view existing network shares:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Shares. The Shares page shows the list of added network shares. The following details are displayed:
Parameter Description Friendly Name Friendly name on the CipherTrust Manager to uniquely identify a network share. IP Host Name IP address or hostname of the NAS server where the NAS path is shared. Share Name Path shared on the NAS server. Type Type of the network share, NFS. CTE UserSpace does not support SMB shares. Username (Applicable to SMB shares.) User of the SMB share. CTE UserSpace does not support SMB shares. Encryptor Client Name of the client that performs initial encryption of data on the network share. If an encryptor client is not specified, data on the network share cannot be encrypted. However, you can modify the network share to specify the encryptor client later. DFS Not applicable to CTE UserSpace. DFS Alias Not applicable to CTE UserSpace. Auto Mount Not applicable to CTE UserSpace. Whether a network share is automatically mounted through Autofs, Yes or No. This field is applicable to NFS shares.
Modifying Network Shares
After a network share is created, you can modify its details except the share name. However, only the shares that are not linked to any client can be modified. Refer to Unbinding a Network Share from a Client for details.
To edit a share:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Shares. The Shares page shows the list of existing shares.
Click the overflow icon () corresponding to the share you want to modify.
Click Edit. The Shares > <share-name> screen shows the share details.
Click Edit.
Modify the share details. Refer to Creating a Network Share for details.
Click Save.
The share details are modified.
Deleting Network Shares
You can delete a network share from the CipherTrust Manager when it is no longer required. However, only the shares that are not linked to any client can be deleted. Refer to Unbinding a Network Share from a Client for details.
To delete a share:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Shares. The Shares page shows the list of existing shares.
Click the overflow icon () corresponding to the share you want to delete.
Click Delete. A dialog box is displayed prompting you to confirm the action. Deletion of a share is permanent and cannot be undone.
Click Delete.
The share is deleted.
Network Share-Client Associations
A network share needs to be linked with client instances so that authorized client users can access data stored on it. This is called client-network share association. Each client, where the network share will be accessed, must be registered with the CipherTrust Manager.
A network share is automatically linked to the encryptor client if the encryptor is specified during the creation of the network share.
CTE UserSpace provides options to view the list of network shares linked with a client, and the list of clients accessing a particular network share.
Linking a Network Share with a Client
A client-share association can be created on the Clients or Shares page.
On the Shares Page
To create a client-share association:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Shares. The Shares page shows the list of existing shares.
Under Friendly Name, click the desired share.
Under Clients for Share "<share-name>", click the Add a Client to this Share link.
Select the desired client.
Click Add Client To Share.
The client-share association is created.
On the Clients Page
To link a network share with a client:
Open the ProtectFile & Transparent Encryption UserSpace application. The Clients page is displayed.
Under Client Name, click the desired client.
Under Shares for Client "<client-name>", click the Add this Client to a Share link. The list of available shares is displayed.
Optionally, create a new share by clicking New Share. You might need to scroll down the page.
Select the desired share.
Click Add Client To Share. You might need to scroll down the page.
The client-share association is created. The share is displayed under Shares for Client "<client-name>".
Unbinding a Network Share from a Client
A client-share association can be created on the Clients or the Shares page.
On the Shares Page
To unlink (unbind) a client-share association:
Open the ProtectFile & Transparent Encryption UserSpace application.
In the left pane, click Shares. The Shares page shows the list of existing shares.
Under Friendly Name, click the desired share.
Under Clients for Share
, click the overflow icon () corresponding to the client you want to unbind the share from. Click Unbind.
The client-share association is removed. The share is removed from Shares for Client "<client-name>".
On the Clients Page
To unbind (unlink) a client-share association:
Open the ProtectFile & Transparent Encryption UserSpace application. The Clients page is displayed.
Under Client Name, click the desired client.
Under Shares for Client "<client-name>", click the overflow icon () corresponding to the share you want to unlink.
Click Unbind.
The client-share association is removed. The share is removed from Shares for Client "<client-name>".