Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

Administration
Release Notes

All

All

Advanced Topics

CT-VL Services

Please Note:

Administration
Quick Start
Alternative Deployments
- CT-VL Deployment Prerequisites
- Installing CT-VL as a Virtual Machine on VMware vSphere
- Installing CT-VL on Bare Metal
- Installing CT-VL on AWS Cloud
- Installing CT-VL on Azure Cloud
- Installing CT-VL on Azure Stack Hub
- Installing CT-VL on Hyper-V
- Installing CT-VL on KVM
- Installing CT-VL on Google Cloud Platform
- Installing CT-VL on Alibaba Cloud
Tasks
- Configuring CT-VL through the Command Line
- Registering CT-VL VM with CipherTrust Manager
- Configuring CT-VL Nodes
- Configuring an AD/LDAP Server
- Configuring ADFS and LDAP for OAuth
- Configuring LDAP Settings.ini File
- Working with CT-VL GUI
- Dashboard API Monitoring
- Administrator History Logs
- Backing Up and Restoring CT-VL
- Upgrading CT-VL
- Monitoring Through SNMP
Examples
- Cryptographic Operation Examples
- Key Management Examples
- Versioned Key Management Examples
- Tokenization Examples
Advanced Topics
- CT-VL CLI Reference
- CT-VL Services
- CT-VL Key Cache
- Key Types and Input Sizes
- Creating Static and Dynamic Keys
- Tokenization Groups, Templates, and Masks
- Understanding CT-VL Authentication and Authorization
- CT-VL CLI Navigation Summary and Guidelines
- Tokenization Setup Workflow in CT-VL GUI
- CT-VL Tokenization REST APIs
- CT-VL Admin REST APIs
- CT-VL with Multiple Key Managers
Troubleshooting

CT-VL
Administration
Advanced Topics
CT-VL Services

CT-VL Services

CipherTrust Vaultless Tokenization (CT-VL) is a platform-independent appliance (virtual machine or bare-metal) that offers REST-API services to protect sensitive data.

CT-VL Core Services

CT-VL offers the following service category for handling sensitive data:

Tokenization service: Tokenization is frequently used for sensitive data such as credit card numbers, social security numbers, drivers licenses, or other personally identifiable information (PII). Data masking can be applied to any detokenized data to hide sections of the data from different groups of users.

For example, less-privileged database users might view only the last four digits of a detokenized credit card number, while a more privileged user could view the entire card number.

The CipherTrust Tokenization REST APIs are used to integrate this functionality into a developer’s application.

Components in a CT-VL Deployment

CT-VL deployment consists of the following components:

CipherTrust Vaultless Tokenization Server
CipherTrust Manager
LDAP/Active Directory Server (optional)
Remote Logging Server (optional)
Load Balancer (optional)
SNMP Server (optional)

Tokenization

Replaces sensitive data in databases with tokens. This reduces the number of places in which plain text credit card numbers reside, and thus reduces the scope of complying with the Payment Card Industry Data Security Standard (PCI DSS) and corporate security policies.
Preserves the format of data in a way that reduces the operational impact associated with encryption and other obfuscation techniques. For example, you can tokenize a credit card field in a database, yet keep the tokenized information in a format that is compatible with associated applications.
Enables outsourcing application testing and running analytics without giving access to sensitive assets because the format of the data has been preserved. To outsource, you can create a copy of the production database and give that copy to the outsourced development team.
Creates strong separation of duties between privileged administrators and data owners. In this way, IT administrators, such as hypervisor, cloud, storage, and system administrators can perform their tasks without access to the sensitive data residing on those systems.
Enables dynamic data masking—the ability to establish varying levels of data redaction for different database users. For example, you can enable customer service personnel to access the last four digits of a customer’s credit card number, while an accounts payable representative can access the full credit card number.
Integrates tokenization users with existing LDAP-based identity directories. Security teams can efficiently set granular tokenization policies for specific users and groups.
Provides high-performance cryptographic operations to protect sensitive data: encrypt, decrypt, sign, and verify. CT-VL allows batch encryption and decryption of data in bulk to achieve high performance.
Provides an alternative way of managing keys on the CipherTrust Manager.

On this page

CT-VL

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Support Contacts
- Text Conventions
Legal

© Copyright 2019-2025, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com