Your suggested change has been received. Thank you.


Suggest A Change….


Install Virtual CipherTrust Manager

Oracle Cloud Deployment


Please Note:

Oracle Cloud Deployment

Minimum Requirements

To deploy a CipherTrust Manager instance, the following minimum requirements apply:

  • Boot Disk: 1 volume, minimum size: (46.6 GB for evaluation purposes, 100 GB for production)

  • Memory: 16 GB

  • vCPUs: 2

  • NICs: 1

These minimum system requirements are for a system with light to moderate load. For applications that heavily load the system, additional memory and CPU allocation are required. The system volume holds all data as well as backups.

Deploying in Oracle Cloud

Steps for deploying a CipherTrust Manager instance in Oracle Cloud:

  1. Contact Thales customer support to request a virtual CipherTrust Manager image for Oracle Cloud.

    Customer support will provide an Object Storage URL needed to import the image.

  2. Log in to Oracle Cloud.

  3. Click menu button on top left corner, then navigate to Core Infrastructure > Compute > Custom Images.

  4. Under List Scope, select the desired Compartment to import the image into.

  5. Click Import Image.

    The Import Image dialog opens.

  6. Provide details to import the Virtual CipherTrust Manager image.

    1. Set a meaningful Name.

    2. Set the Operating System to Ubuntu.

    3. Select Import from an Object Storage URL and provide the Object Storage URL obtained in step 1.

    4. Set the Image Type to QCOW2.

    5. Set the Launch Mode to Paravirtualized mode.

    6. Click Import Image.

  7. On the Custom Image details page, find the Work Requests resource, and the Create image operation. Wait for the listed State to show as Succeeded and the listed % Complete to reach 100%.

    At this point, the Create Instance button becomes enabled.

  8. Click Create Instance to launch a Virtual CipherTrust Manager from the imported image.

    The Create Compute Image page displays.


    Do not alter default settings except as indicated in the below steps. For example, Boot Volume and Live Migration settings should be left as default.

  9. In the Placement section, select the desired Availability Domain.

    To learn more about Availability Domains, click here.

  10. Select the desired Shape.

    To learn more about Compute Shapes, click here.

  11. In the Networking section, specify/select the following settings:

    • Virtual Cloud Network Compartment

    • Select a Virtual Cloud Network

    • Subnet Compartment

    • Subnet

    • Use Network Security Groups to control traffic (optional)

      It is recommended to use a Network Security Group to monitor/control the network traffic. To learn more about Network Security Groups, click here.

    • Depending on your requirements, select one of the following:

      • Assign a Public IP Address
        To make this instance accessible through internet.

      • Do Not Assign a Public IP Address
        To make this instance accessible through private network only.

  12. In the Add SSH Keys section, use one of the following options:

    We support OpenSSH format for the public key, and OpenSSH, PKCS1, or PKCS8 format for the private key. RSA is the supported key algorithm. We recommend RSA 4096, with RSA 2048 as a minimum size for adequate security.

    • Generate SSH Keys

      Use this option to generate the SSH keys on-the-go. Then download the keys using the links provided.

    • Use SSH Key Files

      If you already have SSH key files, then select this option and then upload the public key file.

    • Paste SSH Keys

      If you already have SSH key files, then paste the contents of the public key file in the field provided.

      You can add additional keys, if required. To learn how to generate a SSH Key pair, click here.

      If it is desired to specify custom Cloud-Init configuration, then click Show Advanced Options, go to Management tab, and paste your Cloud-InIt configuration script.

  13. Click Create.

    The Oracle Cloud Instance will be created. Use its public/private IP to access CipherTrust Manager.

  14. Connect to the CipherTrust Manager Web Page.

    1. Select the resource with the IP address, in this example: Keysecure-k170v-test-ip.

      Resource IP address

    2. Browse to this IP address (in this example enter The Log In screen appears.

      CipherTrust Login Page

  15. Log in using the initial default credentials: Username = admin, Password = admin

    The following notice is displayed:

    Change password warning

    If the default credentials do not work, you may need to retrieve an autogenerated password, as described in changing the initial password.

  16. Enter a new password using this default Password Policy:

    Min length: 8
    Max length: 30
    Min number of upper cases: 1
    Min number of lower cases: 1
    Min number of digits: 1
    Min number of other characters: 1

    A new Login screen appears.

  17. Using your new password, log in again. The CipherTrust Manager Web Page appears.

    Home Screen

  18. At this point, it's strongly recommended to configure an NTP server.

    1. Navigate to Admin Settings > NTP.

    2. Enter in an NTP Server hostname.

    3. For an authenticated NTP Server, enter in a symmetric key value in the NTP Key field.

    4. Click the +Add NTP Server button.

    See Network Time Protocol Server Configuration for more details.

Virtual CipherTrust Manager launches in Community Edition, with some restrictions on functionality. You can activate a 90 day trial evaluation for full functionality. To activate your instance with a trial evaluation, or a term or perpetual license, see Licensing.