Workflow: Migrate keys from Thales DSM to CipherTrust Manager

Follow this workflow to migrate encryption keys from Thales Vormetric Data Security Manager (DSM) 6.4.7 to CipherTrust Manager 2.19.0.

Workflow 

1. Meet the Requirements for key migration from Thales DSM to CipherTrust Manager

   To migrate keys successfully from Thales Vormetric Data Security Manager (DSM) to CipherTrust Manager, make sure to meet these requirements.

2. Download the following KBs from the Verint portal, and install them on the Verint Application server.

   • WFM Kit 1030 or higher

   • Latest Security Kit

   • EM - KB225013 or higher

   • Recorder data center APIs - KB223024 or higher

   • EM DB server - KB222695 or higher

3. Workflow: Export keys from Thales KMS

   In Thales DSM, create a wrapper key for two custodians and export the wrapper key to an archive file, then extend the key rotation schedule to prevent keys from rotating during the migration to CipherTrust Manager.

4. Workflow: Install CLI Toolkit (ksctl)

   Install the ksctl CLI tool to manage and control a remote CipherTrust Manager KMS . Ksctl is required for importing keys and must be executed from a local machine—not directly on the CipherTrust Manager itself.

5. Workflow: Import keys to CipherTrust Manager

   To import the DSM wrapper key archive to a target CipherTrust Manager node, run the key migration commands in ksctl. Plan for approximately one minute per 1,000 keys.

6. Configure the Verint Security settings.

   In Enterprise Manager, update the Security settings for CipherTrust Manager.