Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Getting Started

Restrictions

search

Please Note:

Restrictions

Remember the following restrictions when using CTE-LDT:

  • CTE-LDT does not support nested GuardPoints, where a GuardPoint is contained inside another GuardPoint.

  • For HA clusters, CTE-LDT only supports the Asymmetric (active/passive) configuration. CTE-LDT does not support Symmetric (active/active) configuration.

  • If you want to create CTE-LDT GuardPoints on Linux NFS shares or Windows CIFS shares, you must register the host with CipherTrust Manager and add the host to an LDT communication group.

  • LDT does not support Auto Raw or Block Device GuardPoints.

Windows Only Limitations

CTE-LDT supports GuardPoints on CIFS network shared directories with the following restrictions:

  • If any files are opened exclusively by another application, CTE-LDT cannot rekey those files until the other applications have released the lock.

  • If a backup is taken at the snapshot level, CTE metadata is also backed up. If a restore operation tries to restore CTE metadata, CTE agent does not allow this operation and the metadata restore fails. Do not restore the CTE metadata, or ignore the error from the restore utility, if the CTE metadata restore fails.

  • CTE-LDT on a ReFS file system runs slowly because of limited support from the Extended Attributes on the ReFS file system.

Note

Customers running older versions of ReFS.sys on Windows Server 2012 R2 should be aware of the memory growth issue encountered by the Thales engineering team. This issue seems to occur only when CTE-LDT is running on a large number of files. As the system memory consumption by REFS file system increases, it can eventually make the system unresponsive. This issue does not occur with the recent versions of ReFS file system drivers available on Windows Server 2016. After consulting with Microsoft, they suggest that all customers migrate to Windows Server 2016 if they are using ReFS file.

Protecting local directories and CIFS shares Simultaneously with LDT policies

  1. Ensure that CTE Windows is running with the VMLFS driver.

  2. To check the currently installed drivers, type:

    fltmc

  3. If the output table contains vmlfs, the driver is set properly. If not, type the following, in an administrative command prompt, to switch to the VMLFS driver:

    voradmin config enable vmlfs

    Note

    • The above command requires all directories to be unguarded before switching the driver

    • The system requires a reboot after the driver has been changed

Linux Only Limitations

  • CTE-LDT does not support Linux auto-mounted file systems.

  • CTE-LDT support is limited to ext3, ext4, and XFS file systems when user_xattr mount option is enabled.

  • CTE-LDT does not support system hibernation (pm-hibernate) on Linux hosts where CTE-LDT is in use.

  • You cannot use CTE-LDT and Docker container on the same host.

  • You cannot use CTE-LDT and OpenShift container on the same host.

On this page