Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Alternative Deployment Methods

Deploy DPG as a Standalone Container

search

Please Note:

Deploy DPG as a Standalone Container

This section describes the steps necessary to deploy DPG as a container in Docker.

Prerequisites

This deployment scenario assumes that:

  • Docker Container runtime environment (CRE) is ready.

  • Your Kubernetes environment and orchestrator have access to the ciphertrust-data-protection-gateway repository. For any repositories related issue, contact dpg.admin@thalesgroup.com.

    This repository contains the following images:

    • DPG (with latest tag): thalesgroup/ciphertrust-data-protection-gateway:latest

    • Sample Application Server (with appserver tag): thalesgroup/ciphertrust-data-protection-gateway:appserver

  • CipherTrust Manager is up and running. Refer to CipherTrust Manager Deployment for details.

Steps to Deploy DPG as a Standalone Container

  1. Define Application and generate registration token on the CipherTrust Manager. Refer to Application Protection Administrator Guide for details.

  2. Pull the DPG image to the container environment as shown below:

    docker pull thalesgroup/ciphertrust-data-protection-gateway:latest

  3. Run DPG in container environment, as shown below:

    docker run -d --name < name> -p <host-port>:<DPG_port> -e "KMS=<ipaddress/hostname>" -e "TLS_ENABLED=false" -e "CERT_PATH=<cert value>" -e "KEY_PATH=<key value>" -e "REG_TOKEN=<registrationtoken>" -e "DESTINATION_URL=<destinationurl>" -e "DPG_PORT=<DPG_port>" <DPG-image-name>

    Here,

    • KMS: IP address/Hostname of the CipherTrust Manager.

    • CERT_PATH: The text of the TLS certificate in .PEM format. This variable is required only if TLS_ENABLED is set to true.

    • KEY_PATH: The private key associated with the TLS certificate. This variable is required only if TLS_ENABLED is set to true.

    • REG_TOKEN: Registration token used to register a DPG client on the CipherTrust Manager.

    • DESTINATION_URL: URL of the Application Server including the application port.

    • DPG_PORT: The port on which the DPG container is exposed; default is 8990.

    • host-port: The port on which the application is targeted.

    • <DPG-image-name>: Path including the name of the DPG image.

After the DPG service is running, it gets all associated policies and configurations from the CipherTrust Manager. The client must send request to DPG instead of the Application Server. DPG will perform cryptographic operations and send requests to the Application Server.

On this page