Your suggested change has been received. Thank you.


Suggest A Change….


Install Virtual CipherTrust Manager

Oracle Cloud Deployment


Please Note:

Oracle Cloud Deployment

Minimum Requirements

To deploy a CipherTrust Manager instance, the following minimum requirements apply:

  • Boot Disk: 1 volume, minimum size: (46.6 GB for evaluation purposes, 100 GB for production)

  • Memory: 16 GB

  • vCPUs: 2

  • NICs: 1

These minimum system requirements are for a system with light to moderate load. For applications that heavily load the system, additional memory and CPU allocation are required. The system volume holds all data as well as backups.

Deploying in Oracle Cloud

Steps for deploying a CipherTrust Manager instance in Oracle Cloud:

  1. Log in to Oracle Cloud.

  2. Click menu button on top left corner, then navigate to Core Infrastructure > Compute > Instances.

  3. Click Create Instance.
    Create Compute Instance page opens.

  4. Specify a name for the instance.

  5. Click Change Image.
    Browse All Images popup opens.

    1. Go to the Custom Images tab.

    2. Select the desired image.

    3. Click Select Image.

  6. Select the desired Availability Domain.

    To learn more about Availability Domains, click here.

  7. Select the desired Shape.

    To learn more about Compute Shapes, click here.

  8. In the Configure Networking section, specify/select the following settings:

    • Virtual Cloud Network Compartment

    • Select a Virtual Cloud Network

    • Subnet Compartment

    • Subnet

    • Use Network Security Groups to control traffic (optional)

      It is recommended to use a Network Security Group to monitor/control the network traffic. To learn more about Network Security Groups, click here.

    • Depending on your requirements, select one of the following:

      • Assign a Public IP Address
        To make this instance accessible through internet.

      • Do Not Assign a Public IP Address
        To make this instance accessible through private network only.

  9. In the Boot Volume section, specify/select the following options:

    • Specify a Custom Boot Volume Size

      To deploy a Thales CipherTrust Manager instance, the system volume requirements must be at least 100 GB in a production environment and 46.6 GB when evaluating the product. Volume Size affects the Boot Volume performance. To learn more, click here.

    • Use In-Transit Encryption

      To read more about Oracle's In-Transit or At-Rest Encryption, click here.

    • Encrypt this volume with a key that you manage
      Select this option if you wish to encrypt the data in this volume using your own Vault service encryption key. After selecting this checkbox, specify the following:

      • Vault compartment

      • Vault (containing the master encryption key you want to use)

      • Master Encryption Key Compartment

      • Master Encryption Key

      If this option is enabled, both at-rest encryption and in-transit encryption are performed using this key.

  10. In the Add SSH Keys section, use one of the following options:

    We support OpenSSH format for the public key, and OpenSSH, PKCS1, or PKCS8 format for the private key. RSA is the supported key algorithm. We recommend RSA 4096, with RSA 2048 as a minimum size for adequate security.

    • Generate SSH Keys

      Use this option to generate the SSH keys on-the-go. Then download the keys using the links provided.

    • Use SSH Key Files

      If you already have SSH key files, then select this option and then upload the public key file.

    • Paste SSH Keys

      If you already have SSH key files, then paste the contents of the public key file in the field provided.

      You can add additional keys, if required. To learn how to generate a SSH Key pair, click here.

      If it is desired to specify custom Cloud-Init configuration, then click Show Advanced Options, go to Management tab, and paste your Cloud-InIt configuration script.

  11. Click Create. The Oracle Cloud Instance will be created. Use its public/private IP to access CipherTrust Manager.

  12. Connect to the CipherTrust Manager Web Page.

    1. Select the resource with the IP address, in this example: Keysecure-k170v-test-ip.

      Resource IP address

    2. Browse to this IP address (in this example enter The Log In screen appears.

      CipherTrust Login Page

  13. Log in using the initial default credentials: Username = admin, Password = admin

    The following notice is displayed:

    Change password warning

    If the default credentials do not work, you may need to retrieve an autogenerated password, as described in changing the initial password.

  14. Enter a new password using this default Password Policy:

    Min length: 8
    Max length: 30
    Min number of upper cases: 1
    Min number of lower cases: 1
    Min number of digits: 1
    Min number of other characters: 1

    A new Login screen appears.

  15. Using your new password, log in again. The CipherTrust Manager Web Page appears.

    Home Screen

  16. At this point, it's strongly recommended to configure an NTP server.

    1. Navigate to Admin Settings > NTP.

    2. Enter in an NTP Server hostname.

    3. For an authenticated NTP Server, enter in a symmetric key value in the NTP Key field.

    4. Click the +Add NTP Server button.

    See Network Time Protocol Server Configuration for more details.

Virtual CipherTrust Manager launches in Community Edition, with some restrictions on functionality. You can activate a 90 day trial evaluation for full functionality. To activate your instance with a trial evaluation, or a term or perpetual license, see Licensing.