Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Get Started with CipherTrust Data Security Platform Services

search

Get Started with CipherTrust Data Security Platform Services

CipherTrust Data Security Platform Services (CDSPaaS) is offered through the Data Protection on Demand (DPoD) marketplace.

Required Purchased Services

There are two services to purchase associated with CDSPaaS. Contact a Thales service representative to purchase them.

  • Key Management Service - allows you to create and manage keys, as well as carry out administration tasks such as user management. The Key Management Service is mandatory to use the any of the connector offerings in the CipherTrust service.

  • Connector or API Service - allows you to manage and monitor various key management and encryption use cases within the product portfolio. CDSPaaS currently supports a CipherTrust Cloud Key Management (CCKM) service, CipherTrust Transparent Encryption (CTE) flex basic service, CTE for Ransomware (CTE-RWP) flex utility service, and CTE Live Data Transformation (CTE-LDT) flex utility service.

    The number of connector or API services to purchase is based on your projected consumption of use case specific objects. If you find that you need more connector services later, you can configure more connector/API endpoints. Your Thales account team then contacts you to review your connector service usage. The account team can add connector services mid-term and match the new connector services' end date with the existing connector services.

These services can be made for the following terms:

  • Monthly

  • Annually

  • 3 years - For this term, you can pay either on an annualized basis, or for the entire term up front.

CCKM Services

The following table indicates the clouds and objects associated with the CCKM service. One of each of these CDSPaaS KMS container objects corresponds to one CCKM service.

Cloud Cloud Key Management System (KMS) Cloud-related KMS Container Object on CDSPaaS
Amazon Web Services (AWS) AWS KMS AWS accounts
Google Cloud Google Cloud KMS - Customer-managed Encryption Keys (CMEK) and External Key Manager (EKM) key types only Projects
Google Workspace Client Side Encryption (CSE) Endpoints
Microsoft Azure Azure Key Vault Subscriptions
Oracle Oracle Vaults and External Vaults OCI Tenancies
Salesforce Salesforce Shield KMS Organization IDs
SAP SAP Data Custodian Applications

Note

  • A single Google Project can have both CMEK and EKM keys. This requires one CCKM service.

  • A single AWS Account can have a combination of Bring Your Own Key (BYOK), CloudHSM, and External Key Store (XKS) use cases. This requires one CCKM service.

CTE Flex Basic Service

For basic CTE service, the number of service endpoints running the CTE Windows Agent or CTE Linux Agent counts toward the Flex Basic Service. Both physical and cloud-based endpoints are counted.

CTE-RWP and CTE-LDT Flex Utilities Service

  • CTE-RWP: One Ransomware protection-enabled service consumes one CTE-RWP Flex Utility Service.

    The CTE-RWP Flex Utility Service is independent of the CTE Flex Basic Service. You can have one or both of those services depending on which protection type you need. To use both basic file system protection and Ransomware protection with a CTE for Windows client, you need both a CTE Flex Basic Service and a CTE-RWP Flex Utility Service.

  • CTE-LDT: Live Data Transformation is an add-on service, additional to the CTE Flex Basic Service. A CTE Flex Basic Service is required to add a CTE-LDT Flex Utility Service.

Provision a CipherTrust Service

  1. Register a DPoD subscriber tenant through either of the following URLs, depending on your region. A DPoD subscriber tenant is a DPoD instance, with its own unique URL subdomain, where users consume services, including CDSPaaS.

    URL Region
    https://thales.na.market.dpondemand.io/signup North America
    https://thales.eu.market.dpondemand.io/signup Europe

    An associated DPoD subscriber tenant hostname and Tenant Administrator account is created on DPoD. You are taken to your DPoD subscriber tenant login page.

    Tip

    When you create the CipherTrust service on DPoD, you can select a different cloud region to deploy the service in. The cloud region of the service has more of an effect on network latency for CDSPaaS than the DPoD subscriber tenant region.

  2. Log in to your DPoD subscriber tenant as the Tenant Administrator.

  3. Provision the CipherTrust Service on DPoD to make a CDSPaaS tenant with an automatically generated tenant name. A CDSPaaS tenant is a logical boundary for each customer, cryptographically isolated from other customers by a unique Luna Cloud HSM partition and master encryption key.

    1. Navigate to Services, select Add Service and select the CipherTrust Data Security Platform service.

    2. Enter your configuration details in the Add Service wizard and click Finish to confirm.

      Note

      • The service name you provide here is a convenience for display in DPoD. The CDSPaaS tenant name used in the CDSPaaS interfaces is different.

      • The DPoD user who provisions the service becomes the initial Application Administrator for the CDSPaaS service. Application administrators are ultimately responsible for creating and assigning CDSPaaS resources.

  4. Click the service name in DPoD to launch CDSPaaS web console UI in a separate browser tab.

    The URL is of the form <hostname>/?tenant=<generated_tenant_name>. The hostname depends on your region.

    Hostname Region
    https://us1.ciphertrust.dpondemand.io North America
    https://ciphertrust.dpondemand.io Europe

    The tenant cannot be renamed.

    Tip

    • Bookmark this URL for quick access to the CipherTrust service later.

    • You need the hostname value to register a CTE agent.

  5. On the login page, click Log In with DPoD.

  6. If you are directed to a second login page with the DPoD tenant name, enter the Email and Password of the DPoD user who provisioned the CDSPaaS tenant.

CDSPaaS User Interfaces

On first login to the UI, you are presented with the CipherTrust Data Security Platform Service Management Console, with the administrative navigation menu on the left, and application products in the center.

CipherTrust products page, with admin navigation menu on the left and application products in the center

Note

Only the CipherTrust Cloud Key Management (CCKM) and CipherTrust Transparent Encryption (CTE) applications are available at this time.

Caution

CipherTrust Transparent Encryption is currently available on a technical preview basis. Technical previews are intended for evaluation in non-production environments. A technical preview introduces new, limited functionality for customer feedback as we work on the feature. Details and functionality are subject to change. This includes API endpoints, UI elements, and CLI commands. We cannot guarantee that data created as part of a technical preview will be retained after the feature is finalized.

A CLI and REST API are also available for CipherTrust Data Security Platform Service.

Consult the CipherTrust Manager Administration Guide for information on the administrative features.

Consult the CCKM Administration Guide for information on CCKM workflows and use cases.

Consult the CTE Administration Guide on CipherTrust Transparent Encryption workflows and use cases.

On this page