CTE UserSpace Administration

This document describes the CipherTrust Data Security Platform Service interfaces to use CTE UserSpace. The document explains the CTE UserSpace concepts such as clients and client groups, signature sets, security rules, and GuardPoints. Next, the document describes how to manage clients and client groups, signature sets, security policies on the CipherTrust Data Security Platform Service. Finally, the document describes how to manage GuardPoints.

After you have completed server-side configuration on the CipherTrust Data Security Platform Service, you can configure CTE UserSpace Agents.

Refer to the CTE Agent Quick Start Guide specific to your platform for details. Installation of the CTE UserSpace Agents is required for protecting directories and files stored on clients.

CDSPaaS supports CTE UserSpace Agent 10.4 and above. Each CDSPaaS service supports up to 50 clients. We recommend up to 100 guardpoints per client. Contact Thales to set up deployments with more than 50 clients or more than 5000 guardpoints.

Note

This document uses the terms "CTE UserSpace" and "CTE" interchangeably to refer to CTE UserSpace.

Organization

This document contains the following sections:

• Overview: Provides a high-level overview of the CTE UserSpace solution.

• Concepts: Describes CTE UserSpace concepts such as clients, client groups, GuardPoints, policies, and security rules.

• Data Transformation: Provides an overview of the data transformation process.

• Managing Profiles: Describes how to configure client log criteria and client Syslog settings.

• Managing Clients: Describes how to add, register, and manage clients on the CipherTrust Data Security Platform Service appliance.

• Managing Client Groups: Describes how to manage client groups on the CipherTrust Data Security Platform Service appliance.

• Managing Signature Sets: Describes how to create signature sets and how to sign and re-sign files in a signature set. The chapter also describes how to stop file signing and how to delete signatures and signature sets on the CipherTrust Data Security Platform Service appliance.

• Managing Policies: Describes rules and effects of security policies, and provides instructions to create, configure, import, and export security policies on the CipherTrust Data Security Platform Service appliance.

• Managing GuardPoints: Describes how to create, view, and delete GuardPoints on the CipherTrust Data Security Platform Service appliance. The chapter provides information on automatic and manual GuardPoints.

• Multifactor Authentication: Describes how Multifactor Authentication (MFA) works for CTE clients and GuardPoints.

• Integrating CTE Logging with Splunk: Describes how to integrate the CTE audit logging with Splunk.

• Permissions: Describes the complete permissions required to perform create, read, update, and delete operations on CTE resources.

• Quorum Control: Describes the quorum control for CTE operations and resources.

• Operations: Describes the operations that the CTE Server Administrator performs on the CipherTrust Data Security Platform Service. These operations include registering CTE clients with the CipherTrust Data Security Platform Service, using external CA certificates, reregistering the clients, and protecting file system on a CTE client.

• Common Scenarios: Describes the common encryption scenarios in which the paths can be encrypted using the CTE solution.

• Reports: Describes how to generate and download CTE reports.

• Troubleshooting: Describes how to handle the issues that you might face when using CTE with the CipherTrust Data Security Platform Service.

• API Examples: Provides examples to use CTE APIs to perform tasks such as protecting GuardPoints.

• API Response Codes: Describes the response codes returned by the CTE APIs with corresponding messages, and possible corrective actions to be taken for them.