Terminology and Components
CTE-U Terminology
The guide uses the following terminology:
| Term | Description |
|---|---|
| CTE UserSpace | CipherTrust Transparent Encryption is a suite of products that allows you to encrypt and guard your data. The main software component of CTE UserSpace is the CTE UserSpace Agent, which must be installed on every host whose devices you want to protect. |
| CTE UserSpace Agent | The software that you install on a physical or virtual machine in order to encrypt and protect the data on that machine. After you have installed the CTE UserSpace Agent on the machine, you can use CTE UserSpace to protect any number of devices or directories on that machine. |
| key manager | An appliance that stores and manages data encryption keys, data access policies, administrative domains, and administrator profiles. Thales offers CipherTrust Manager: a key manager for use with CTE UserSpace. |
| host / client | In this documentation, host and client are used interchangeably to refer to the physical or virtual machine on which the CTE UserSpace Agent is installed. |
| GuardPoint | A device or directory to which a CTE UserSpace data protection and encryption policy has been applied. CTE UserSpace will control access to, and monitor changes in, this device and directory, encrypting new or changed information as needed. |
CTE-U Components
The CTE UserSpace solution consists of two parts:
-
The CTE UserSpace Agent software that resides on each protected virtual or physical machine (host). The CTE UserSpace Agent performs the required data encryption and enforces the access policies sent to it by the key manager. The communication between the CTE UserSpace Agent and the key manager is encrypted and secure.
After the CTE UserSpace Agent has encrypted a device on a host, that device is called a GuardPoint. You can use CTE UserSpace to create GuardPoints on servers on-site, in the cloud, or a hybrid of both.
-
A key manager that stores and manages data encryption keys, data access policies, administrative domains, and administrator profiles. After you install the CTE UserSpace Agent on a host and register it with a key manager, you can use the key manager to specify which devices on the host that you want to protect, what encryption keys are used to protect those devices, and what access policies are enforced on those devices.
CipherTrust Manager can be set up as either a security-hardened physical appliance or a virtual appliance. It provides access to the protected hosts though a browser-based, graphical user interface as well as an API and a CLI.
