ProtectV Administration

This document describes how to manage ProtectV clients, client instances, keys, keystores, and key ACLs on CipherTrust Manager. The guide also provides instructions to encrypt client volumes using encryption keys stored on the CipherTrust Manager.

It is assumed, for the purpose of this document, that the reader has already configured the CipherTrust Manager appliance.

This document, may at times, abbreviate ProtectV client to client.

Instructions in this document apply to both Windows and Linux clients unless explicitly stated otherwise.

Organization

The ProtectV Administrator Guide contains the following chapters:

• Interfaces: Provides an overview of the CipherTrust Manager interfaces—Graphical User Interface (GUI), Command Line Interface (CLI), and REST Application Programming Interface (REST API).

• Concepts: Describes ProtectV concepts such as clients, client instances, keys, keystores, and key ACLs.

• Operations: Describes the process to register a ProtectV client with the CipherTrust Manager.

• Managing Images: Describes how to manage ProtectV images.

• Managing Instances: Describes how to manage ProtectV instances.

• Viewing Encryption Keys: Describes how to view encryption keys.

• Configuring a Keystore: Describes how to view encryption keys.

• Configuring Key Management Settings: Describes how to configure key management settings.

• Configuring Global Autoscaling: Describes how to configure global autoscaling.

• Using Proxy with ProtectV Clients: Describes how to use proxy with ProtectV clients.

User Roles

The ProtectV has different kinds of users with different responsibilities in administering and using the system.

It is critical that credentials for these users be kept in a secure location. If a credential is compromised an attacker could gain access to sensitive data.

ProtectV Administrator

There is a System Defined Group named "ProtectV Admins". Users within this group are ProtectV Administrators.

A ProtectV Administrator is responsible for:

• Managing ProtectV server settings

• Managing ProtectV clients and their instances

• Managing Client Registration Tokens (with additional rights of System Defined Group named "CA Admins")

ProtectV Client

There is a System Defined Group named "ProtectV Clients". Clients enrolled for ProtectV are part of this group.

ProtectV User

There is a System Defined Group named "ProtectV Users". Users within this group can manage ProtectV clients and their instances. This user can be common for all clients or different for each client.