Communication with CipherTrust Manager
A REST-based connection is created from a CTE client to the CipherTrust Manager. Although the connection is one-way, it imitates a two-way connection-like interaction between the CTE client and the CipherTrust Manager.
How the Communication Works
The CTE client registers with the CipherTrust Manager using a registration token and fingerprint of the server's "web" interface certificate.
When the CTE client registers, the CipherTrust Manager sends the security configuration to the CTE client. This configuration includes the list of nodes in the CipherTrust Manager cluster.
The CTE client sends the connection request to every node of the CipherTrust Manager cluster.
Every node holds the connection request until either of the following happens:
Any event that requests configuration push to the CTE client
A timeout of three minutes
For example, in a five-node CipherTrust Manager cluster, after registration with a particular node, the CTE client:
Receives security configuration from that CipherTrust Manager node.
Establishes a connection with all five nodes of the cluster.
If a directory browse operation is triggered on any of the cluster nodes, the node sends the browse request to the connection held by it.
The CTE client responds to the browse request and sends a new connection request.
When a CipherTrust Manager Node is Down
If a CipherTrust Manager node goes down:
If any other node pushes the security configuration to the CTE client due to some event (for example, policy change etc.), the security configuration does not include details of the failed node in it. With the new security configuration, the CTE client identifies the new node list and does not send the request to failed node.
Until the updated node list is pushed to the CTE client through the security configuration, the CTE client keeps on sending the connection requests to the failed node, which in turn, is going to fail.
When a New Node is Added to the Cluster
Whenever a new node is added to the CipherTrust Manager cluster:
The CipherTrust Manager sends the updated node list to the CTE client.
The CTE client establishes the connection with the new node and existing nodes in the list.