Manualshelf

Appliance Trim Kit User Manual

ManualsBrandsBlack Box ManualsKitchen ApplianceET0010A
21222324252627282930
EncrypTight Deployment Planning
26 EncrypTight User Guide
“Management Station Connections” on page 26
The EncrypTight software includes ETEMS for appliance configuration, ETPM for policy
management, and a local ETKMS. The local ETKMS deploys keys and policies to all of the PEPs that
it manages and checks the PEPs’ status. The management station also uses other services such as
NTP, syslog, and SNMP.
“ETPM to ETKMS Connections” on page 26
The ETPM passes metapolicies to the ETKMSs and checks the status of the PEPs through the
ETKMSs.
“External ETKMS to ETKMS Connections” on page 29
When multiple ETKMSs are used in a system, the ETKMSs must be able to share keys. If you set up
a ETKMS to serve as a backup for another ETKMS, the backup ETKMS periodically checks the
status of the primary ETKMS in case of ETKMS failure.
“ETKMS to PEP Connections” on page 31
Each ETKMS deploys keys and policies to all of the PEPs that it manages and checks the PEPs
status.
Management Station Connections
Keep the following items in mind when setting up your management connections:
PEPs can be managed in-line or out-of-band. When managing the PEPs in-line, management traffic
flows through the data path. In distributed key deployments, enable the Pass TLS traffic in the clear
option on the PEPs to ensure proper communication between the PEP and other EncrypTight
components. This is configured on the Features tab of the ETEMS Appliance editor.
The PEP management ports and management services such as NTP, syslog, and SNMP must be
directly addressable on the same network.
EncrypTight to PEP connections when using a local ETKMS:
The EncrypTight software includes ETEMS, ETPM and local ETKMS. When you use a local
ETKMS, the ETKMS software runs as a separate process on the same workstation as the ETPM
software. In this scenario, ETPM communicates directly with the ETKMS without using a network
connection.
The communications between the local ETKMS and the PEPs require a connection between an
Ethernet port on the management workstation and the management port on each PEP. For these
connections, follow the same general guidelines as external ETKMSs, outlined in “ETKMS to PEP
Connections” on page 31. The only difference is that the connections originate from the management
workstation and not an external ETKMS.
ETPM to ETKMS Connections
The ETPM sends metapolicies to the ETKMSs and checks the status of the PEPs through the ETKMSs.
The communications between EncrypTight components depend on a connection between the Ethernet
ports on each device. External ETKMSs can be located on the same subnetwork with the ETPM, or the
ETPM and ETKMSs can be located on different subnetworks. If you use a local ETKMS, ETPM
communicates directly with the ETKMS without using a network connection.