Application Data Protection Administration
The Application Data Protection tile in CipherTrust Manager Products list provides centralized configuration and policy management as well as a unified display for all the application configurations with their associated data protection connector on the CipherTrust Manager. Currently, the Application Data Protection tile provides central management only for CipherTrust Data Protection Gateway (DPG).
The Application Data Protection tile consists of:
Central management: a single place to configure data protection for applications and databases.
Single Pane of Glass: a dashboard that quickly shows the current status of all the applications or databases under protection. It also displays the status of each connector in use.
Central management
Application Data Protection tile in CipherTrust Manager Products stores the configurations and policies for all the applications and databases under protection. These configurations and policies are created and managed by the Application Data Protection Administrator. They are shared with the associated clients when a new connector is registered or a running connector is notified of change through the heartbeat mechanism. To use centralized management, the connectors must be registered on CipherTrust Manager.
Let's consider a scenario where the user's environment has 10 instances of application protected by CipherTrust Data Protection Gateway (DPG). Now, the admin wants to update the symmetric cache expiry interval for all these nodes. In the past, the admin would have to manually change every configuration file, which is a tedious task, but with central management in picture, the symmetric cache expiry interval is updated in the configuration and, upon save, is updated in all running instances of the connector mapped to that configuration. Central management minimizes manual intervention.
The main objectives of central management are:
Defining application or database to be protected
Generating a registration token
Registering connector on the CipherTrust Manager using the registration token
Retrieving configurations and policies for the the connector the from CipherTrust Manager and using them for any cryptographic operations
Updating configuration and policies as needed
How it works
The following diagram shows the basic flow of Application Data Protection solution:
The Application Data Protection Administrator defines an application and how to protect data associated to that application.
The Administrator receives a registration token when configuration is done.
The Application Data Protection Administrator gives the registration token to the DevOps team to insert it into their orchestrator configuration for application deployment.
The orchestrator deploys application with its associated connector (in this case, DPG). The connector uses the registration token to register with CipherTrust Manager.
The connector fetches the configuration and policies associated to the application.
Single pane of glass
The Application Data Protection tile in CipherTrust Manager Products provides a unified view for all the applications that are defined on the CipherTrust Manager. With all the associated connectors (protecting applications) at one place, it becomes easy for the Application Data Protection Administrator to manage and keep track of them. To know more about this topic, refer to Single Pane of Glass.
User roles
The Application Data Protection tile has the following groups with different responsibilities in administering and using the system.
'Application Data Protection Admins' group
There is a group named "Application Data Protection Admins*". Users within this group are Application Data Protection Administrators.
The Application Data Protection Administrator is responsible for creating and managing resources in the Application Data Protection tile:
Defining application, including
configuring connector settings
configuring protection policy
creating user sets
configuring access policies
creating character set
'Application Data Protection Connectors' group
There is a group named "Application Data Protection Connectors". The users and clients who are part of this group only have read access to the Application Data Protection tile resources.
What's next
In the following sections, you will learn about:
Interfaces: Provides an overview of the CipherTrust Manager interfaces - REST Application Programming Interface (REST API) and Graphical User Interface (GUI).
Managing Applications: Describes what Application is and how to create, modify, and delete an Application on the CipherTrust Manager. This section also describes about DPG Policy and how to retrieve Registration token.
Managing Character Sets: Describes how to create, modify, and delete character sets.
Managing Protection Polices: Describes what protection policy is and how to create, modify, and delete these policies.
Managing Access Polices: Describes what access policy is and how to create, modify, and delete these policies.
Managing User Set: Describes how to create and delete user set.
Managing Masking Formats: Describes how to use the predefined masking formats and how to create your own masking format.
Single Pane of Glass: How to manage all the application and its associated connectors on the CipherTrust Manager.
Heartbeat Configuration: Describes the concept of heartbeat.