Sharing and Reading Encrypted Data with Windows and Linux Clients
This Use Case describes how to read and share encrypted data from a Windows or Linux client sharing a CTE GuardPoint and an LDT policy where the Windows and Linux Clients share the same storage.
Requirements & Specifications
Software | Minimum Version |
---|---|
CipherTrust Manager | v2.17 or subsequent versions |
CipherTrust Transparent Encryption | v7.6.0 or subsequent versions |
Windows | Windows 10, Windows 11, Windows 2016 or subsequent versions |
Linux | All versions and kernels supported by CTE |
Prerequisites
-
Create Windows AccessOnly clients.
-
Create Linux Clients.
-
Have a CipherTrust Manager setup and ready to accept CipherTrust Transparent Encryption clients.
-
Install CTE agent for Windows or Linux on the clients and register the CTE clients to the CipherTrust Manager.
Overview
In this scenario:
-
The Linux and Windows clients share storage.
-
The Linux and Windows clients will reside in separate client groups.
-
The Linux clients will reside in both an LDT Communication Group and a client group.
-
The Linux client will encrypt the file. The Linux LDT primary has to completely finish initial transformation before any Windows client can guard.
-
The Windows clients will not reside in an LDT Communication Group.
-
The Windows clients must be Windows AccessOnly clients.
-
The Windows AccessOnly clients can access and read and write the content, but LDT will never run on them.
Creating the Setup
-
Create an LDT Communication Group for the Linux clients.
-
Add the Linux clients to the LDT Communication Group.
-
On CipherTrust Manager, create a Windows Client Group and a Linux Client Group.
-
Add the Windows AccessOnly clients to the Windows Client Group.
-
Add the Linux clients to the Linux client group.
-
Create the GuardPoint ONLY in the Linux Client Groups using the LDT policy on CipherTrust Manager.
-
Select the LDT policy that you created.
-
Mount the same path on each client machine, for example:
/root/lw/CTE/gp1
-
-
Once Linux has fully completed initial data transformation, and the status is REKEYED, then create the GuardPoint in the Windows Client Group. All Windows access-only clients will now be able to guard and access the files.
a. Select the LDT policy that you created.
b. Guard the path on Windows clients, for example: \192.168.11.50\cifs28_wg_ldtnas01\vgp
Now both the Windows AccessOnly clients, and the Linux clients, can access and read the files in the GuardPoint.
Limitations
When rotating an encryption key, you must disable the GuardPoint from the Windows AccessOnly client group first. After rekey is completed, enable/guard the AccessOnly node GuardPoint again.