Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTE with Microsoft DFSR

Configure DFS(R)

search

Please Note:

Configure DFS(R)

Note

The following instructions were written for Windows 2016. If you are using a subsequent version, steps may differ slightly. See Distributed File System Replication for more information.

  1. Launch the Server Manager applet.

  2. Select Tools > DFS Management.

  3. Right-click on Replication and select New Replication Group …

  4. For replication group, select Multipurpose Replication Group. Then click Next.

  5. Enter a Replication Group name and the Domain name. Click Browse to select the domain. Then click Next.

  6. In the Replication Group Members window, click Add and enter all of the DFS(R) replication group member servers. Then click Next.

  7. Select the replication topology. Then click Next.

  8. Set the replication schedule. Then click Next.

  9. In the Primary Member section, select the Primary DFS(R) node. Then click Next.

  10. In Folders to Replicate, click Add.

  11. Click Browse and navigate to the folder on the primary node to place under DFS(R) replication.

  12. Once the path is set, click Permissions.

  13. Change the permissions or keep the existing folder permissions. Click OK.

  14. On the local path for other members, click Edit.

  15. Click Browse and select the target replication folder on the replication group member.

    Note

    If the path is different from the Primary member, then you cannot use CipherTrust Client Groups. You must set GuardPoints separately on individual member nodes.

  16. Browse the folder structure for the member node and select the target replication folder. Click OK.

  17. If the target replication folder displays correctly, click OK to continue. If it does not, click Browse and reset the folder.

  18. Review the configuration and click Create if it all looks correct.

  19. Click Close for a successful DFS(R) deployment.

Configure Namespace

DFS(R) namespace allows you to access the data remotely, through a network share path. For CipherTrust Transparent Encryption, it must have a policy that has a security rule that contains a user set. The user set must include privileged users linked to the process ntoskrnl.exe. This provides additional security for sensitive data protected on a DFS(R) folder.

  1. In the DFS management tool, right-click on Namespace and select New Namespace…

  2. Click Browse and search for the replication group member to host the namespace.

  3. Select the node that will host the DFS(R) Namespace. Click OK and Next.

  4. Enter a name for the Namespace and click Next.

  5. Accept the default for the Domain-based namespace and click Next.

  6. Review the settings and click Create to create the Namespace.

  7. After a successful outcome, click Close.

Install the DFS(R) Role and Features

Consult the Microsoft documentation to install DFS by using Server Manager

Stopping and Starting the DFS Services

When setting up the topology, you will have to start and stop the DFS services. Following are the steps to stop and start the DFS services on a DFS management node. On all the nodes in a DFS(R) topology, there are two services running:

  • DFS Namespace Service

  • DFS Replication Service

Both of these services must be stopped before you can apply a CTE GuardPoint successfully:

  1. Right-click on the start menu and click Run.

  2. Type services.msc and hit enter. This launches the Services Management Console.

  3. Locate the DFS Namespace and DFS Replication Services.

  4. Select each one individually and click Stop.

On this page