Black Box ET0010A User Manual
EncrypTight Deployment Planning
26
EncrypTight User Guide
●
The EncrypTight software includes ETEMS for appliance configuration, ETPM for policy
management, and a local ETKMS. The local ETKMS deploys keys and policies to all of the PEPs that
it manages and checks the PEPs’ status. The management station also uses other services such as
NTP, syslog, and SNMP.
management, and a local ETKMS. The local ETKMS deploys keys and policies to all of the PEPs that
it manages and checks the PEPs’ status. The management station also uses other services such as
NTP, syslog, and SNMP.
●
The ETPM passes metapolicies to the ETKMSs and checks the status of the PEPs through the
ETKMSs.
ETKMSs.
●
When multiple ETKMSs are used in a system, the ETKMSs must be able to share keys. If you set up
a ETKMS to serve as a backup for another ETKMS, the backup ETKMS periodically checks the
status of the primary ETKMS in case of ETKMS failure.
a ETKMS to serve as a backup for another ETKMS, the backup ETKMS periodically checks the
status of the primary ETKMS in case of ETKMS failure.
●
Each ETKMS deploys keys and policies to all of the PEPs that it manages and checks the PEPs
status.
status.
Management Station Connections
Keep the following items in mind when setting up your management connections:
●
PEPs can be managed in-line or out-of-band. When managing the PEPs in-line, management traffic
flows through the data path. In distributed key deployments, enable the Pass TLS traffic in the clear
option on the PEPs to ensure proper communication between the PEP and other EncrypTight
components. This is configured on the Features tab of the ETEMS Appliance editor.
flows through the data path. In distributed key deployments, enable the Pass TLS traffic in the clear
option on the PEPs to ensure proper communication between the PEP and other EncrypTight
components. This is configured on the Features tab of the ETEMS Appliance editor.
●
The PEP management ports and management services such as NTP, syslog, and SNMP must be
directly addressable on the same network.
directly addressable on the same network.
●
EncrypTight to PEP connections when using a local ETKMS:
The EncrypTight software includes ETEMS, ETPM and local ETKMS. When you use a local
ETKMS, the ETKMS software runs as a separate process on the same workstation as the ETPM
software. In this scenario, ETPM communicates directly with the ETKMS without using a network
connection.
The communications between the local ETKMS and the PEPs require a connection between an
Ethernet port on the management workstation and the management port on each PEP. For these
connections, follow the same general guidelines as external ETKMSs, outlined in
The EncrypTight software includes ETEMS, ETPM and local ETKMS. When you use a local
ETKMS, the ETKMS software runs as a separate process on the same workstation as the ETPM
software. In this scenario, ETPM communicates directly with the ETKMS without using a network
connection.
The communications between the local ETKMS and the PEPs require a connection between an
Ethernet port on the management workstation and the management port on each PEP. For these
connections, follow the same general guidelines as external ETKMSs, outlined in
. The only difference is that the connections originate from the management
workstation and not an external ETKMS.
ETPM to ETKMS Connections
The ETPM sends metapolicies to the ETKMSs and checks the status of the PEPs through the ETKMSs.
The communications between EncrypTight components depend on a connection between the Ethernet
ports on each device. External ETKMSs can be located on the same subnetwork with the ETPM, or the
ETPM and ETKMSs can be located on different subnetworks. If you use a local ETKMS, ETPM
communicates directly with the ETKMS without using a network connection.
The communications between EncrypTight components depend on a connection between the Ethernet
ports on each device. External ETKMSs can be located on the same subnetwork with the ETPM, or the
ETPM and ETKMSs can be located on different subnetworks. If you use a local ETKMS, ETPM
communicates directly with the ETKMS without using a network connection.