Workflow: Configure CipherTrust Manager

Follow this workflow for the first-time configuration of CipherTrust Manager. These steps ensure a secure and fully operational environment.

Before you begin 

Prepare for deployment of CipherTrust Manager KMS

Workflow 

  1. Complete first-time logon to Web UI and replace SSH key

    After deploying CipherTrust Manager, you must immediately sign in to the CipherTrust Manager Web Interface to initialize the system. For physical appliances and private clouds (VMware and Hyper-V), this includes a mandatory, one-time replacement of the default SSH key. For all deployments, you are prompted to change the default admin password. Finally, as a best practice, confirm SSH access using the new key.

  2. Complete first-time logon to Console

    Log into the CipherTrust Manager Console for the first time using the ksadmin user account. The CipherTrust Manager Console, accessed using the ksadmin account, provides system-level access for initial setup, access to kscfg, system recovery, and reset operations. Access methods vary by deployment type: physical appliance, private cloud, or public cloud.

  3. Configure the host name

    Configure the hostname of the virtual machine (VM) that hosts CipherTrust Manager.

  4. Configure a static IP address

    To avoid issues in a High Availability (HA) enviroment, configure a static IP address on each CipherTrust Manager node.

  5. Create a user

    You need to create a user which can be used to connect between CipherTrust and application server (WFO).

  6. Upload CipherTrust Manager license

    To access all administration features—such as creating domains, clustering, and scheduling—you must obtain and activate a valid, permanent license from Verint Support for each CipherTrust Manager server (or virtual instance). When you sign in to CipherTrust Manager Web Interface for the first time, add the license to display the menu items available based on your license file.

  7. Set the time server (NTP)

    You must have the correct time set on your CipherTrust Manager as this affects system functions, such as protected host registration, log timestamps, High Availability (HA) cluster synchronization, and certificate exchange. Although configuring a network time protocol (NTP) server is not mandatory, it is recommended. For HA setup, the NTP server is mandatory.

  8. Create an admin domain

    Every CipherTrust Manager appliance has a root domain by default. Although you can create additional child domains, only one child domain is required for Verint encryption. A domain administrator role controls the creation, deletion, update, and user assignment of domains.

  9. Generate a certificate signing request

    A web server certificate, such as Certificate Signing Request (CSR) is required for communication between Application server and CipherTrust KMS. You must get the certificate signed and update it on the web interface.

  10. Add the CipherTrust KMS Backup Key

    CipherTrust Manager users, such as System Administrators, who are authorized to perform backup, can perform system backups and restores. Domain administrators are not authorized to perform system backups.

  11. Configure retention period for audit records

    Audit records can be retrieved and searched using the CipherTrust Manager. You can query these records, but their availability depends on the configured retention period, after which they are deleted.

  12. Complete the Post configuration checklist

    13. To confirm that CipherTrust Manager is set up correctly, verify that you completed the tasks in this checklist.