Managing LDT Communication Groups
An LDT communication group contains a group of LDT-enabled CTE clients that can communicate with each other. An LDT communication group is mandatory when using a multi-node solution for LDT over NFS/CIFS. The CipherTrust Data Security Platform Service pushes the LDT communication group details to all clients in the group.
Note
-
The LDT communication groups are applicable to the LDT-enabled CTE clients.
-
A client can be added to only one LDT communication group at a time.
-
For successful communication among clients in an LDT communication group, make sure that clients are registered with the CipherTrust Data Security Platform Service using their hostnames or IP addresses.
Warning
All the clients guarding a common share must be part of the same LDT communication group, otherwise, data may be corrupted. If you need to change the LDT communication group of a client, ensure that the client no longer guards the common share.
For example, if 10 clients will be guarding a common share, add all of them to the same LDT communication group only. To change the LDT communication group of one of these clients, ensure that the client no longer guards the share. However, to change the LDT communication group of all 10 clients, it is recommended to take the GuardPoint offline, change the LDT communication group, and reapply the GuardPoint.
Creating an LDT Communication Group
To create an LDT communication group:
-
Open the Transparent Encryption application.
-
In the left pane, click Clients > LDT Communication Groups.
-
Click Create LDT Communication Group. The Create LDT Communication Group wizard is displayed.
-
On the General Info screen:
-
Specify a Name for the LDT communication group. The name must start with a letter or number and can only have alphanumeric characters, periods (
.
), underscores (_
), pipes (|
), and hyphens (-
). -
Provide a Description for the LDT communication group.
-
Click Next.
-
-
On the Add Clients screen:
-
Select the clients to be added to the LDT communication group. Use the Client Name filter to search for the desired clients. Only the clients that are not part of an LDT communication group are displayed. Also, the Windows clients that have the LDT Access Only check box selected cannot be added to the LDT communication group.
To select all clients visible on the page, select the top check box to the left of the Client Name heading.
-
Click Next. The Confirmation screen is displayed.
-
-
Verify the group details.
If the details are incorrect or you want to modify them, click Back and update the details.
-
Click Create. The LDT communication group is created and displayed in the LDT communication groups list.
An association is created between the CTE clients that you selected for the group and the LDT communication group. The LDT communication group is listed under the LDT COMMUNICATION GROUP section on the Membership tab of the client.
Editing an LDT Communication Group
After an LDT communication group is created, you can modify its description. The name of the group cannot be modified.
To edit an existing LDT communication group:
-
Open the Transparent Encryption application.
-
Click Clients > LDT Communication Groups. The list of existing LDT communication groups is displayed.
-
Under Name, click the overflow icon () corresponding to the desired LDT communication group.
-
Click Edit.
-
Change the Description of the group.
-
Click Update.
The LDT communication group description is updated.
Adding Clients to an LDT Communication Group
You can add clients to an LDT communication group during or after the group creation. A client can be added to only one LDT communication group at a time.
To add clients to an existing LDT communication group:
-
Open the Transparent Encryption application.
-
Click Clients > LDT Communication Groups. The list of existing LDT communication groups is displayed.
-
Under Name, click the desired LDT communication group. The Member Clients list shows the list of clients in the group.
-
Click Add Clients. The Add Clients dialog box is displayed.
-
Select the clients to be added to the LDT communication group. Use the Client Name filter to search for the desired clients. Only the clients that are not part of an LDT communication group are displayed. Also, the Windows clients that have the LDT Access Only check box selected cannot be added to the LDT communication group.
If no client exists, you can create one by clicking Create Client. Refer to Adding Clients Manually for details.
To select all clients visible on the page, select the top check box to the left of the Client Name heading.
-
Click Save.
The selected clients are added to the LDT communication group and are displayed in the Member Clients list.
Removing Clients from an LDT Communication Group
If needed, you can remove LDT clients from an LDT communication group. However, if a client associated with an LDT communication group contains an active LDT over NFS/SMB GuardPoint, do not remove the client from the LDT communication group directly.
Note
To remove a client from an LDT communication group gracefully:
-
Disable or unguard the LDT over NFS/SMB GuardPoint on the client. Refer to Disabling GuardPoints and Removing GuardPoints for details.
-
Remove the client from the LDT communication group, as described below.
To remove clients from an existing LDT communication group:
-
Open the Transparent Encryption application.
-
Click Clients > LDT Communication Groups. The list of existing LDT communication groups is displayed.
-
Under Name, click the desired LDT communication group. The Member Clients list shows the list of clients in the group.
-
Click the overflow icon () corresponding to the client you want to remove from the group.
-
Click Remove. Removal of a client is permanent and cannot be undone.
-
Click Remove to confirm the action.
The client is removed from the LDT communication group.
Deleting an LDT Communication Group
To delete an LDT communication group:
-
Open the CipherTrust Transparent Encryption application.
-
In the left pane, click Clients > LDT Communication Groups. The list of existing LDT communication groups is displayed.
-
Under Name, click the overflow icon () corresponding to the desired LDT communication group.
-
Click Delete. Deletion of an LDT communication group is permanent and cannot be undone.
-
Click Delete to confirm the action.
The LDT communication group is deleted.