Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

CTE Use Cases

Sharing and Reading Encrypted Data with Windows and Linux Clients

search

Please Note:

printsuggest an edit

Sharing and Reading Encrypted Data with Windows and Linux Clients

This Use Case describes how to read and share encrypted data from a Windows or Linux client sharing a CTE GuardPoint and an LDT policy where the Windows and Linux Clients share the same storage.

copy link to clipboardRequirements & Specifications

Software Minimum Version
CipherTrust Manager v2.17 or subsequent versions
CipherTrust Transparent Encryption v7.6.0 or subsequent versions
Windows Windows 10, Windows 11, Windows 2016 or subsequent versions
Linux All versions and kernels supported by CTE

copy link to clipboardPrerequisites

  1. Create Windows AccessOnly clients.

  2. Create Linux Clients.

  3. Have a CipherTrust Manager setup and ready to accept CipherTrust Transparent Encryption clients.

  4. Install CTE agent for Windows or Linux on the clients and register the CTE clients to the CipherTrust Manager.

  5. Create an LDT policy on CipherTrust Manager.

copy link to clipboardOverview

In this scenario:

  • The Linux and Windows clients share storage.

  • The Linux and Windows clients will reside in separate client groups.

  • The Linux clients will reside in both an LDT Communication Group and a client group.

  • The Linux client will encrypt the file. The Linux LDT primary has to completely finish initial transformation before any Windows client can guard.

  • The Windows clients will not reside in an LDT Communication Group.

  • The Windows clients must be Windows AccessOnly clients.

  • The Windows AccessOnly clients can access and read and write the content, but LDT will never run on them.

copy link to clipboardCreating the Setup

  1. Create an LDT Communication Group for the Linux clients.

  2. Add the Linux clients to the LDT Communication Group.

  3. On CipherTrust Manager, create a Windows Client Group and a Linux Client Group.

  4. Add the Windows AccessOnly clients to the Windows Client Group.

  5. Add the Linux clients to the Linux client group.

  6. Create the GuardPoint ONLY in the Linux Client Groups using the LDT policy on CipherTrust Manager.

    1. Select the LDT policy that you created.

    2. Mount the same path on each client machine, for example: /root/lw/CTE/gp1

  7. Once Linux has fully completed initial data transformation, and the status is REKEYED, then create the GuardPoint in the Windows Client Group. All Windows access-only clients will now be able to guard and access the files.

    a. Select the LDT policy that you created.

    b. Guard the path on Windows clients, for example: \192.168.11.50\cifs28_wg_ldtnas01\vgp

Now both the Windows AccessOnly clients, and the Linux clients, can access and read the files in the GuardPoint.

copy link to clipboardLimitations

When rotating an encryption key, you must disable the GuardPoint from the Windows AccessOnly client group first. After rekey is completed, enable/guard the AccessOnly node GuardPoint again.

copy link to clipboardReference

On this page