Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Upgrading CTE agent in an LDT Communication Group

New Terminology

search

Please Note:

printsuggest an editpdf paneldownload

New Terminology

The architecture design changes introduces new terminologies. It is critical to understand these new terms.

copy link to clipboardNew LDT Communication Group Terms

  • Triad nodes

    The triad nodes are the first three servers in the LDT Communication Group.

  • Subordinate nodes

    The subordinate nodes are the remaining nodes in the LDT Communication Group.

copy link to clipboardGuardPoint Terms

  • Primary node

    The node that performs LDT rekeying of data.

  • Secondary node

    All of the other clients in the LDT GuardPoint Group are assigned as secondary nodes.

    Note

    They do not participate in rekeying data. Secondary nodes can be promoted to primary nodes if a primary node fails.

  • LDT GuardPoint Group

    An LDT GuardPoint Group contains a collection of LDT-enabled CTE clients that are all on the same network, managed by one CipherTrust Manager, guarding a common NFS/CIFS share and can communicate with each other over that network. An LDT GuardPoint Group enables the primary host of an LDT GuardPoint Group to communicate with the secondary hosts that are members of that LDT GuardPoint Group.

copy link to clipboardCTE Terminology

Following is a complete list of CTE terms which includes the new LDT terms.

The guide uses the following terminology:

Term Description
CTE CipherTrust Transparent Encryption is a suite of products that allow you to encrypt and guard your data. The main software component of CTE is the CTE Agent, which must be installed on every host whose devices you want to protect.
Notes
• This suite was originally called Vormetric Transparent Encryption (VTE), and some of the names in the suite still use "Vormetric".
• For example, the default installation directory is /opt/vormetric/DataSecurityExpert/agent/ for Linux and AIX, and C:\Program Files\Vormetric\DataSecurityExpert\agent\ for Windows.
CTE Agent The software that you install on a physical or virtual machine in order to encrypt and protect the data on that machine. After you have installed the CTE Agent on the machine, you can use CTE to protect any number of devices or directories on that machine.
CTE Capabilities CipherTrust Transparent Encryption agent version-specific features like Multi-Factor Authentication.
CTE-K8s CipherTrust Transparent Encryption for Kubernetes. Policy-based encryption of data stored on persistent volumes
CTE-RWP or RWP CipherTrust Transparent Encryption with Ransomware Protection. Ransomware protection for volume-level (Windows)/GuardPoint (Linux) data storage through process behavior monitoring and analytics.
CTE UserSpace (CTE-U) CipherTrust Transparent Encryption (formerly known as ProtectFile FUSE). File system level encryption and access control solution for Linux servers.
Data Transformation Encrypting or decrypting data.
Domain Sharing This allows Clients in one domain to get cross-domain resources, specifically GPs.
GuardPath A directory to which a CTE Kubernetes data protection and encryption policy has been applied. CTEK8s will control access to, and monitor changes in, this device and directory, encrypting new or changed information as needed.
GuardPoint A device, or directory, to which a CTE data protection and encryption policy has been applied. CTE will control access to, and monitor changes in, this device and directory, encrypting new or changed information as needed.
Host /Client In this documentation, host and client are used interchangeably to refer to the physical or virtual machine on which the CTE Agent is installed.
In-place Data transformation Encryption mechanism for block devices.
Key Manager An appliance that stores and manages data encryption keys, data access policies, administrative domains, and administrator profiles. Thales offers CipherTrust Manager, a key manager for use with CTE.
LDT (Live Data Transformation) After initial GuardPoint enablement, LDT performs initial encryption, or rekeying, in the background, unnoticed by users. The data stays live and available. This accelerates CTE deployments and eliminates the need to block applications and user access to data during encryption or rekey operations, which can inconvenience users and affect operational efficiency.
LDT Communication (Comm) Group A group of LDT clients who communicate with each other, and are responsible for, initial data transformation and future key rotation of CIFS/NFS GuardPoints.
LDT GuardPoint Group An LDT GuardPoint Group contains a collection of LDT-enabled CTE clients that are all on the same network, managed by one CipherTrust Manager, guarding a common NFS/CIFS share and can communicate with each other over that network. An LDT GuardPoint Group enables the primary host of an LDT GuardPoint Group to communicate with the secondary hosts that are members of that LDT GuardPoint Group.
LDT Primary node The LDT GuardPoint Group node that performs LDT rekeying of data.
LDT Secondary node All of the other clients in the LDT GuardPoint Group are assigned as secondary nodes. Note: Secondary nodes do not participate in rekeying data, however, they can be promoted to primary nodes if a primary node fails.
LDT Subordinate nodes The subordinate nodes are the remaining nodes in the LDT Communication Group.
LDT Triad nodes The triad nodes are the first three servers in the LDT Communication Group.
Learn Mode Logging mode for audit logs to help generate security policies. Learn Mode allows access to guarded paths while logging access details. Users can analyze the content users and processes are accessing, the data used, and define GuardPoint policies accordingly.
MFA Multifactor authorization ensures that the access credentials presented belong to the actual person. After logging in to the system, when a user tries to access a CipherTrust Transparent Encryption GuardPoint, it triggers a second factor authorization to verify the user with a second form of authentication, like sending a passcode to the users's registered cell phone, that they then have to input into the application.
Profile Shared configuration resource for Client logging, Quality of Service, Multi-Factor Authentication, Ransomware Protection and key manager communication settings.
Signature The hash of an entity. Where Entity can be the process or the docker image.
Versioned key and Key versions Keys whose name remains the same but keybytes are different for each different version.

On this page