Restrictions
Remember the following restrictions when using CTE-LDT:
-
CTE-LDT does not support nested GuardPoints, where a GuardPoint is contained inside another GuardPoint.
-
For HA clusters, CTE-LDT only supports the Asymmetric (active/passive) configuration. CTE-LDT does not support Symmetric (active/active) configuration.
-
If you want to create CTE-LDT GuardPoints on Linux NFS shares or Windows CIFS shares, you must register the host with CipherTrust Manager and add the host to an LDT communication group.
Windows Only Limitations
CTE-LDT supports GuardPoints on CIFS network shared directories with the following restrictions:
-
You cannot guard both CIFS shares with CTE-LDT and local directories on the same host (even if the local directories use a Standard CTE policy). Instead, you must choose one or the other when you install the CTE Agent. In addition, if you want to upgrade an existing CTE Agent to support CTE-LDT CIFS share GuardPoints, you must first remove any existing GuardPoints, uninstall the CTE Agent, and then install the latest CTE Agent in its place.
For details, see Installing and Registering the CTE Agent Software on Windows and Upgrading an Existing CTE Agent to Support NFS/CIFS Shares.
-
Only unstructured data can be encrypted.
-
If any files are opened exclusively by another application, CTE-LDT cannot rekey those files until the other applications have released the lock.
-
If a backup is taken at the snapshot level, CTE metadata is also backed up. If a restore operation tries to restore CTE metadata, CTE agent does not allow this operation and the metadata restore fails. Do not restore the CTE metadata, or ignore the error from the restore utility, if the CTE metadata restore fails.
-
CTE-LDT on a ReFS file system runs slowly because of limited support from the Extended Attributes on the ReFS file system.
Customers running older versions of ReFS.sys on Windows Server 2012 R2 should be aware of the memory growth issue encountered by the Thales engineering team. This issue seems to occur only when CTE-LDT is running on a large number of files. As the system memory consumption by REFS file system increases, it can eventually make the system unresponsive. This issue does not occur with the recent versions of ReFS file system drivers available on Windows Server 2016. After consulting with Microsoft, they suggest that all customers migrate to Windows Server 2016 if they are using ReFS file.
Linux Only Limitations
-
CTE-LDT does not support Linux auto-mounted file systems.
-
CTE-LDT support is limited to
ext3
,ext4
, andXFS
file systems whenuser_xattr
mount option is enabled. -
CTE-LDT does not support system hibernation (
pm-hibernate
) on Linux hosts where CTE-LDT is in use. -
You cannot use CTE-LDT and Docker container on the same host.
-
You cannot use CTE-LDT and OpenShift container on the same host.