The world of cyber crime keeps evolving in more insidious ways; everyday we hear about a new instance of a company or customer falling victim to a ransom demand. Let’s learn how you can easily protect your data, applications, or network traffic using Thales CipherTrust.
There are many aspects of cyber crime and security breaches that can damage an unprepared organisation. Some of the impacts can be:
- Loss of customer confidence
- Shareholders losing trust
- Negative media exposure
- and more
Although you cannot reduce to zero the chances of a cyber attack or security breach, you can reduce the surface area of your data that is exposed to attack. There are strategies that you can use to defend your organisation.
In this blog post, I will take you through the steps to deploy Thales CipherTrust Data Security Platform on your local data center. Before we get started with our deployment, let’s learn a little bit about Thales CipherTrust, beginning with a short description.
What is the Thales CipherTrust Data Security Platform?
I will not pretend that I am currently an expert in the finer details of the product; however, I have spent the last several months becoming very familiar with it; and am excited about its potential. To avoid reinventing the wheel, let’s just read the definition from the Thales website:
“The CipherTrust Data Security Platform is an integrated suite of data-centric security products and solutions that unify data discovery, protection and control in one platform.”
I am impressed by the simplicity, flexibility and comprehensive list of functions; key management, data encryption, application encryption, API and Restful API support encryption, and containers encryption. We won’t cover all these in this first blog post; I will take you through each of them to demonstrate their use cases. Shown below is a simple illustration from the website to show the functions and their relationships.
So now let’s get back to our deployment. As this is the first blog post of a series of posts describing the manager’s features, here we will focus on the deployment as our first step.
Downloading the CipherTrust Manager
The good news is that you can easily deploy the CipherTrust Manager (CM) on Microsoft Azure, Amazon Web Services (AWS), Google Cloud, and VMware. In this blog post, we will focus on an on-premises installation; for this, we will be installing on VMware. You will be able to acquire the OVA (Open Virtual Appliance) file from the Thales support portal. Once the OVA file has been downloaded, you will go back to our VMware vCenter to run through the import process.
Deploy your CM OVA
From your VMware vCentre, browse to “Deploy OVA Template“, then follow the straightforward process:
Chose your OVA file
Provide the name of the Manager/VM and where to deploy
Select compute resources
Select the network
Review your configuration and Deploy
The deployment will take sometime; so have your cup of coffee while you wait patiently until the deployment of the OVA has completed successfully.
Initial Configuration
After the OVA deployment has completed, you are ready to configure the appliance manager IP address and password; the minimum to get us started. Open the VMware Remote Console and use “ksadmin” as a user name. On the first login, you are required to provide your own password:
After you have completed your new password configuration, you will be asked to change the IP address to a static IP address; the setup is asking that you do not use the default IP address if you do not have a DHCP service running. As this is a production appliance, it is important to assign a fixed IP address.
Before we spend any more time on the configuration, let’s check the name of the vNIC that the new appliance will be using. As we are installing in a VMware environment, we can expect an ens32 adapter name; but let’s run the “device show” command anyway, just to check:
nmcli device show | grep GENERAL.DEVICE
To retrieve the connection name needed to change the IP address, run the following command:
nmcli conn
Note: The connection name “Wired connection 1” shown in this example will likely be a different name in your deployment.
Now we are ready to change the IP address to suite your IP range and company network policy; use the following command:
nmcli conn modify “Wired connection 1” ipv4.method manual ipv4.addresses 192.168.xxx.1x/24 ipv4.gateway 192.168.xxx.xx ipv4.dns 192.168.xxx.xxTo confirm the configuration was applied correctly, use the following command:
nmcli device show ens3Now you are ready to head to your browser and access the appliance through the web interface using the IP address you just applied.
Connect to the CM web interface
When accessing your CM web interface for the first time, you will be greeting with the follwoing screen:
Do not stress at the error, you need only to generate an SSH public key and use it with your deployment. As this is a lab deployment, I used the following link to generate a private and public key; when you do it, be sure to save both.
Note: In this step, you need the public key: Generate SSH Key Pair Online (wpoven.com)
After entering your public key, you will be required to change the default password from “admin” to your own password:
After you have provided the new password, you are now ready to access the appliance dashboard:
To begin working with the appliance, you must head up to “Administrator – Licensing” and then apply the evaluation license by clicking on the button at the top right corner of the screen.
Conclusion
Following those straightforward steps I have described above, you will be in a position to begin deploying the Thales CipherTrust Manager, or Security Platform, which I will describe in my future blog posts. I will show you several use cases, starting with Files/directory encryption, application level encryption, Restful and API integration encryption, and of course, Veeam Backup and Replication, and Microsoft Azure integration.
What do you think?
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.