Post configuration checklist

To confirm that CipherTrust Manager is set up correctly, verify that you completed the tasks in this checklist.

No hardening can be applied to Thales KMS. Providing access to the Thales KMS console or root breaks FIPS compatibility.

Credentials & SSH Key Management

Before completing the installation, ensure the following steps are taken to avoid irreversible data loss:

Save and document credentials, private keys, storage location, and access procedures for future reference.
Acknowledge that loss of credentials or SSH key is unrecoverable by Thales or Verint.
Understand that data protected by CipherTrust encryption keys will be inaccessible if credentials are lost.
Communicate this risk clearly to all stakeholders involved in setting up and maintenance.

Checklist

Provide the customer with the CipherTrust admin and Enterprise Manager admin user names and passwords.
Provide the customer with the CipherTrust CLI logon username and password must be provided to the customer.
Give the customer the SSH key.
Verify that the customer has secured the license file provided by Verint.
On both CipherTrust KMS servers, make sure that the backup keys are handed over to the customer.
Verify schedule backups are configured and functional on both CipherTrust KMS.
Preserve the external backup storage server (SCP server) credentials or SSH key.
For High Availability, make sure that both CipherTrust Manager nodes are in sync.
Update the configuration for CipherTrust Manager through Enterprise Manager.
Restart the Recorder KMS service on all application servers after the configuration has been successfully pushed to all application servers.
Verify the Test KMS to prove access to CipherTrust KMS from the application servers.