CTE Administration
This document describes the CipherTrust Data Security Platform Service interfaces to use CTE. The document explains the CTE concepts such as clients and client groups, signature sets, security rules, and GuardPoints. Next, the document describes how to manage clients and client groups, signature sets, security policies on the CipherTrust Data Security Platform Service. Finally, the document describes how to manage GuardPoints.
After you have completed server-side configuration on the CipherTrust Data Security Platform Service, you can configure CTE Agents.
Refer to the CTE Agent Quick Start Guide specific to your platform for details. Installation of the CTE Agents is required for protecting directories and files stored on clients.
CDSPaaS supports CTE Agent for Windows 7.6.0-132 and above and CTE Agent for Linux 7.6.0-134 and above. Each CDSPaaS service supports up to 50 clients. We recommend up to 100 guardpoints per client. Contact Thales to set up deployments with more than 50 clients or more than 5000 guardpoints.
Organization
This document contains the following sections:
-
Overview: Provides a high-level overview of the CTE solution.
-
Concepts: Describes CTE concepts such as clients, client groups, GuardPoints, policies, and security rules.
-
Data Transformation: Provides an overview of the data transformation process.
-
Managing Profiles: Describes how to configure client log criteria, client Syslog settings, Quality of Service (QoS), multifactor authentication (MFA), ransomeware protection (RWP) for Windows clients, and server settings etc.
-
Managing Clients: Describes how to add, register, and manage clients on the CipherTrust Data Security Platform Service.
-
Managing LDT Communication Groups: Describes how to manage LDT communication groups on the CipherTrust Data Security Platform Service.
-
Managing Client Groups: Describes how to manage client groups on the CipherTrust Data Security Platform Service.
-
Managing Signature Sets: Describes how to create signature sets and how to sign and re-sign files in a signature set. The chapter also describes how to stop file signing and how to delete signatures and signature sets on the CipherTrust Data Security Platform Service.
-
Managing Policies: Describes rules and effects of security policies, and provides instructions to create, configure, import, and export security policies on the CipherTrust Data Security Platform Service.
-
Managing GuardPoints: Describes how to create, view, and delete GuardPoints on the CipherTrust Data Security Platform Service. The chapter provides information on automatic and manual GuardPoints and provides steps to configure Windows network drives.
-
Multifactor Authentication: Describes how Multifactor Authentication (MFA) works for CTE clients and GuardPoints.
-
Integrating CTE Logging with Splunk: Describes how to integrate the CTE audit logging with Splunk.
-
Permissions: Describes the complete permissions required to perform create, read, update, and delete operations on CTE resources.
-
Quorum Control: Describes the quorum control for CTE operations and resources.
-
Ransomware Protection: Describes how to protect CTE clients from Ransomware.
-
Unique to Client Keys: Describes how to make a key unique to a client.
-
Operations: Describes the operations that the CTE Server Administrator performs on the CipherTrust Data Security Platform Service. These operations include registering CTE clients with the CipherTrust Data Security Platform Service, using external CA certificates, re-registering the clients, and protecting file system on a CTE client.
-
Common Scenarios: Describes the common encryption scenarios in which the paths can be encrypted using the CTE solution.
-
Reports: Describes how to generate and download CTE reports.
-
Troubleshooting: Describes how to handle the issues that you might face when using CTE with the CipherTrust Data Security Platform Service.
-
API Examples: Provides examples to use CTE APIs to perform tasks such as decrypting LDT-protected GuardPoints.
-
API Response Codes: Describes the response codes returned by the CTE APIs with corresponding messages, and possible corrective actions to be taken for them.