Release Note for CTE v7.8.0 for Linux

This release of CipherTrust Transparent Encryption (CTE) for Linux adds new features, fixes known defects and addresses known vulnerabilities.

New Features and Enhancements

LDT: Reducing LGS message traffic

    Allows for scaling of LDT deployments while reducing the LGS message traffic which manages the bottleneck for stability during high traffic deployments. Also for windows AccessOnly mode nodes.

Benchmark Tool for Measuring Throughput

New Platform Supported

Automount Support on LDT

Resolved Issues

Known Issues

• AGT-28604: Linux GlusterFS Trash Translate does not work if .trashcan directory is outside of GuardPoint

  CTE has an issue with subdirectories in Gluster FS. If a file deleted from a GuardPoint is moved to a subdirectory that is outside of the GuardPoint, then it shows only the garbage values because it is encrypted.

  Currently, CipherTrust Transparent Encryption does not support the GlusterFS Trash Translator.

• AGT-62836: The command to get the vm process logs dumped the logs into vorvmd during the first association of a FAM policy with CTE

  These logs are generated when a FAM policy is pushed for the first time. They do not affect the functioning of FAM, or any other feature, and can be ignored.

• AGT-65002: LDT-AutoFS: Not Removing Shadow directory after auto unmount of NAS mount point

  Unmounting automount directories, configured as a CTE AutoGuard GuardPoint under an LDT policy protection, does not remove the mount point subdirectories that are dynamically created when mount points are auto-mounted.

• AGT-65138: Files corrupted after restored from backup version key into exclude clear key then rotate key

  Avoid restoring encrypted files, from a backup, into a directory which contains an LDT Exclusion key rule with clear_key. Although there is no issue with accessing such files after they are restored from a backup, those files will not be transformed to clear_key at the time of next rekey process across the GuardPoint. Consequently, the files appear to have been corrupted.

• AGT-65631: COS | Internal server error observed if awscli is higher 2.23.0

  Starting with AWS CLI v2.23.0 and continuing with subsequent versions, AWS implemented enhanced and more efficient checksum algorithms. Therefore, customers needs to utilize an earlier version of the AWS CLI to accommodate this change. Use a version of awscli that is a previous version to v2.23.0.

• AGT-66297: No error message reported when accessing auto mount GuardPoint that's in "needs LDT recovery" state

  ** Work-around**

  Use secfsd -status guard to check the state of the GuardPoint prior to using it. An error message will be added in a future version.

• AGT-66365: Files marked for lazy_rekey, during the initial rekey, change to rekey_error during the next key rotation

  For files that are set to clear key with lazy_rekey and rekey-status=none, these files does not show attributes after unguarding the GuardPoint which means that the attributes were all internal for these files.

• AGT-66367: Secondary host does not trigger a single file rekey when clear_key files marked with lazy_rekey

  When trying to generate clear_key files marked with lazy_rekey after renaming files consecutively during the initial rekey, single file rekey is not triggered when secondary host accesses these files.

End of Life

Due to the end of life status of DSM, CTE no longer ships with VMSSC.