Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

CTE with Microsoft DFSR

Configure DFS(R)

search

Please Note:

printsuggest an editpdf paneldownload

Configure DFS(R)

Note

The following instructions were written for Windows 2016. If you are using a subsequent version, steps may differ slightly. See Distributed File System Replication for more information.

  1. Launch the Server Manager applet.

  2. Select Tools > DFS Management.

  3. Right-click on Replication and select New Replication Group …

  4. For replication group, select Multipurpose Replication Group. Then click Next.

  5. Enter a Replication Group name and the Domain name. Click Browse to select the domain. Then click Next.

  6. In the Replication Group Members window, click Add and enter all of the DFS(R) replication group member servers. Then click Next.

  7. Select the replication topology. Then click Next.

  8. Set the replication schedule. Then click Next.

  9. In the Primary Member section, select the Primary DFS(R) node. Then click Next.

  10. In Folders to Replicate, click Add.

  11. Click Browse and navigate to the folder on the primary node to place under DFS(R) replication.

  12. Once the path is set, click Permissions.

  13. Change the permissions or keep the existing folder permissions. Click OK.

  14. On the local path for other members, click Edit.

  15. Click Browse and select the target replication folder on the replication group member.

    Note

    If the path is different from the Primary member, then you cannot use CipherTrust Client Groups. You must set GuardPoints separately on individual member nodes.

  16. Browse the folder structure for the member node and select the target replication folder. Click OK.

  17. If the target replication folder displays correctly, click OK to continue. If it does not, click Browse and reset the folder.

  18. Review the configuration and click Create if it all looks correct.

  19. Click Close for a successful DFS(R) deployment.

copy link to clipboardConfigure Namespace

DFS(R) namespace allows you to access the data remotely, through a network share path. For CipherTrust Transparent Encryption, it must have a policy that has a security rule that contains a user set. The user set must include privileged users linked to the process ntoskrnl.exe. This provides additional security for sensitive data protected on a DFS(R) folder.

  1. In the DFS management tool, right-click on Namespace and select New Namespace…

  2. Click Browse and search for the replication group member to host the namespace.

  3. Select the node that will host the DFS(R) Namespace. Click OK and Next.

  4. Enter a name for the Namespace and click Next.

  5. Accept the default for the Domain-based namespace and click Next.

  6. Review the settings and click Create to create the Namespace.

  7. After a successful outcome, click Close.

copy link to clipboardInstall the DFS(R) Role and Features

Consult the Microsoft documentation to install DFS by using Server Manager

copy link to clipboardStopping and Starting the DFS Services

When setting up the topology, you will have to start and stop the DFS services. Following are the steps to stop and start the DFS services on a DFS management node. On all the nodes in a DFS(R) topology, there are two services running:

  • DFS Namespace Service

  • DFS Replication Service

Both of these services must be stopped before you can apply a CTE GuardPoint successfully:

  1. Right-click on the start menu and click Run.

  2. Type services.msc and hit enter. This launches the Services Management Console.

  3. Locate the DFS Namespace and DFS Replication Services.

  4. Select each one individually and click Stop.

On this page