Configuring
Suggest editsThe following diagram shows the basic flow of the CTE solution.
Prerequisites
Implementing the CipherTrust Transparent Encryption (CTE) solution requires the following components:
- Postgres server installed and operational
- CipherTrust Manager installed and operational
- A CTE agent installed on the Postgres host registered to the CipherTrust Manager
Postgres host
Make sure that the Postgres server is installed and running.
For CentOS 7, you need to install the following repository:
CipherTrust Manager
Make sure that CipherTrust Manager is installed and running.
Configuring CipherTrust Manager
Log in to the CipherTrust Manager (CM) web UI. Then:
Create a registration token.
Navigate to Key and Access Management and select Registration Tokens. This token is used for the CTE agent enrollment to CM.
To create a registration token, select New Registration Token.
The screenshot shows a registration token created with the name edb.
Create user sets.
Navigate to CTE and select Policies > Policy Elements > User Sets.
To create the user set, select Create User Set.
Create the Postgres, EnterpriseDB, and Barman user sets as shown in the following screenshots.
- Create a policy by navigating back to Policies and selecting Create Policy.
The following screenshots show the live data transformation (LDT) policies postgres-policy, epas-policy, and barman-policy.
Note
The policies include the user sets Postgres and EnterpriseDB created in Step 2 and the same key rule for the policies:
Installing CTE agent
Refer to the following guides from Thales for installing the CTE agent on the Postgres host:
Note
You need the registration token and host address of the CipherTrust Manager during the installation.
After the CTE agent is successfully installed, verify the Postgres host is registered with CM.
- Log in to the CM web UI and navigate to CTE.
- Select Clients. The client status appears as Healthy. (You might have to wait a few seconds for the status to update).
The screenshot shows clients registered with the CipherTrust Manager.
- On this page
- Prerequisites
- Configuring CipherTrust Manager
Could this page be better? Report a problem or suggest an addition!