CTE UserSpace Administration
This document describes the CipherTrust Manager interfaces to use CTE UserSpace. The document explains the CTE UserSpace concepts such as clients and client groups, signature sets, security rules, and GuardPoints. Next, the document describes how to manage clients and client groups, signature sets, security policies on the CipherTrust Manager. Finally, the document describes how to manage GuardPoints.
- It is assumed, for this document, that you have already configured the CipherTrust Manager appliance. Refer to the CipherTrust Manager product documentation for instructions. 
- The next step is to activate and install the CTE UserSpace license. Refer to Licensing for details. 
- After the license is installed, you can configure CTE UserSpace Agents. Refer to the CTE Agent Quick Start Guide specific to your platform for details. Installation of the CTE UserSpace Agents is required for protecting directories and files stored on clients. 
Note
This document uses the terms "CTE UserSpace" and "CTE" interchangeably to refer to CTE UserSpace.
Organization
This document contains the following sections:
- Overview: Provides a high-level overview of the CTE UserSpace solution. 
- Interfaces: Provides an overview of the CipherTrust Manager interfaces—Command Line Interface (CLI), REST Application Programming Interface (REST API), and Graphical User Interface (GUI). 
- Concepts: Describes CTE UserSpace concepts such as clients, client groups, GuardPoints, policies, and security rules. 
- Data Transformation: Provides an overview of the data transformation process. 
- Managing Profiles: Describes how to configure client log criteria, client Syslog settings, multifactor authentication (MFA), and server settings etc. 
- Managing Clients: Describes how to add, register, and manage clients on the CipherTrust Manager appliance. 
- Managing Client Groups: Describes how to manage client groups on the CipherTrust Manager appliance. 
- Managing Signature Sets: Describes how to create signature sets and how to sign and re-sign files in a signature set. The chapter also describes how to stop file signing and how to delete signatures and signature sets on the CipherTrust Manager appliance. 
- Managing Policies: Describes rules and effects of security policies, and provides instructions to create, configure, import, and export security policies on the CipherTrust Manager appliance. 
- Managing GuardPoints: Describes how to create, view, and delete GuardPoints on the CipherTrust Manager appliance. The chapter provides information on automatic and manual GuardPoints. 
- Sharing Resources Across Domains: Describes how to share CTE resources across CipherTrust Manager domains. 
- Multifactor Authentication: Describes how Multifactor Authentication (MFA) works for CTE clients and GuardPoints. 
- Communication with CipherTrust Manager: Describes how communication takes place between the CTE clients and CipherTrust Manager. 
- Configuring Cluster Node Preference: Describes how to configure preferred nodes of a CipherTrust Manager cluster for sending status updates from CTE clients. 
- Backup and Restore: Describes how to back up CTE policies and restore them to other CipherTrust Manager appliances. 
- Integrating CTE Logging with Splunk: Describes how to integrate the CTE audit logging with Splunk. 
- Migrating ProtectFile to CipherTrust Transparent Encryption: Thales CipherTrust Transparent Encryption solutions provide state-of-the-art encryption solutions that cover all of the use cases for ProtectFile and other legacy applications. This guide helps you to migrate from ProtectFile and legacy applications, to CipherTrust Transparent Encryption or CipherTrust Transparent Encryption Userspace. The PFMigrate docs have been moved to their own site. This site contains the documentation for all use cases for PFMigrate. 
- Permissions: Describes the complete permissions required to perform create, read, update, and delete operations on CTE resources. 
- Quorum Control: Describes the quorum control for CTE operations and resources. 
- Confidential Computing: Describes support for Confidential Computing with Intel Trust Domain Extensions (TDX) attestation. 
- Operations: Describes the operations that the CTE Server Administrator performs on the CipherTrust Manager. These operations include registering CTE clients with the CipherTrust Manager, using external CA certificates, reregistering the clients, and protecting file system on a CTE client. 
- Certificate Renewal: Describes how the CTE clients are automatically notified of any changes in the client certificate or the web interface certificate. 
- Common Scenarios: Describes the common encryption scenarios in which the paths can be encrypted using the CTE solution. 
- Reports: Describes how to generate and download CTE reports. 
- Troubleshooting: Describes how to handle the issues that you might face when using CTE with the CipherTrust Manager. 
- API Examples: Provides examples to use CTE APIs to perform tasks such as protecting GuardPoints. 
- API Response Codes: Describes the response codes returned by the CTE APIs with corresponding messages, and possible corrective actions to be taken for them. 
- How to Configure the External CA for CTE: Describes how to configure an external CA for CTE. 
- How to Change Local CA or External CA for CTE: Describes how to change a local or an external CA for CTE.