Management at Scale with tiCrypt
Managing a handful of users across a few projects is straightforward. Managing hundreds — or thousands — across dozens of projects, each with its own compliance requirements, VM infrastructure, and access controls, is a different challenge entirely. tiCrypt is built for the latter.
This post walks through the features that make large-scale management practical: bulk user operations, system-wide controls, VM administration, and the tools that tie it all together.
Global Management
At scale, performing actions one user or one project at a time is not sustainable. tiCrypt's Management section is designed around bulk operations that reduce repetitive work and minimize the risk of human error.
Announcements and Communication
When coordinating across large teams, clear communication channels matter. tiCrypt provides several ways to reach users at scale:
Global Announcements allow Project Managers and Admins to send secured messages to all users or admins within the system. This is especially useful before deploying large projects or rolling out changes that affect multiple teams. See Make an Announcement in a Project from Management for setup instructions.
Bulk Email offers a quick way to reach project members outside the platform. Admins can copy or download all project member email addresses with a single click, making it easy to send communications through external channels. See Bulk Email a User from the Vault.
Global Login Messages let you display a system-wide notice on the login screen — ideal for planned maintenance windows, outage notifications, or major project updates. Messages support custom colors, symbols, and display frequency settings. See Display a Global Login Message.
Global Terms of Service prompts can surface important policy updates or operational notices (e.g., "The system will be offline for 14 days for scheduled maintenance") that every user must acknowledge. See Implement Terms of Service into the System.
User Profiles and Role Management
Organizing a large user base manually is tedious and error-prone. User Profiles solve this by letting you define reusable personas — bundles of roles and permissions — that can be applied to users in bulk.
For example, in a project with over 1,000 users, you might create profiles based on management requirements, compliance tiers, or access levels. Once defined, these profiles can be assigned to multiple users at once, ensuring consistent permissions across the board.
Use with care. Misconfigured profiles can unintentionally block user actions. Always review the permissions a profile grants before applying it broadly.
See Create a User Profile and Apply User Profiles.
Beyond profiles, tiCrypt supports several other bulk role and status operations:
- Change roles in bulk — Promote or demote multiple users simultaneously. See Change Role of a User in Management.
- Change states in bulk — Set users to inactive when they leave the organization, or activate new users and set them to escrow on next login. See Change State of a User from Management.
- Refresh user information — Sync all user data at once, useful before generating audit reports. See Refresh a User's Information from the Vault.
Certifications
Projects with classified or tagged data often require users to hold specific certifications before gaining access to certain security levels.
Add multiple certifications at once to certify a group of users for a security requirement within a given security level. See Certify User(s) with a Certification for a Security Requirement.
Bulk-expire certifications when requirements change. This revokes access for all affected users in a single action. See Mark a User Certification as Expired.
Project Membership
Adding users to projects is one of the most common administrative tasks, and tiCrypt makes it efficient at any scale:
- Add multiple users to a single project. See Add User(s) to a Project from Management.
- Add multiple users to multiple projects at once — select the target projects first, then add members. See Add User(s) to a Project from Management.
- Assign sub-admins to multiple projects in bulk. See Assign a Project to Sub-Admin.
Bulk Deletion
Super-admins can delete most objects in bulk from the Management section. The exception is cryptographically enhanced objects (Groups, VMs, Drives, etc.), which can only be deleted by their owner.
Bulk deletion applies to users, sub-admin rights, user profiles, teams, projects, and user certifications. See the relevant documentation for each object type.
Data Export
Admins and project managers can export data from the Management and Virtual Machines sections in JSON or CSV format. Export options are available for most tiCrypt objects, with the choice to export all items, only visible items, or a specific selection. See Export a System Service in CSV Format and Export a System Service in JSON Format.
Escrow Operations
tiCrypt supports bulk operations for escrow user management:
- Create deletion requests for an entire group of escrow users at once. See Delete an Existing Escrow User.
- Execute signed certificates in bulk — super-admins can upload site-key admin-signed certificates into tiCrypt for multiple users simultaneously. See Execute a Signed Escrow Certificate.
Virtual Machine Management at Scale
Managing VMs individually becomes impractical as infrastructure grows. tiCrypt provides bulk VM operations across hosts, projects, and user access.
Host-Level Operations
- Change host states in bulk — When hosts need maintenance or updates that require disconnecting all VMs, super-admins can update host states across the board. See Change the State of a Libvirt Host.
- Check host utilization — This operation runs against all hosts by default, giving super-admins a system-wide view of resource usage across VMs, cores, memory, and devices. See Check the Utilization of VMs, Cores, Memory, and Devices on a Libvirt Host.
- Shut down all VMs on a host — For urgent situations that require a complete shutdown of a host's VMs. All unsaved work will be lost. See Shut Down All VMs in a Libvirt Host.
Hardware Setup Management
Hardware setups define the templates and configurations available to VMs. tiCrypt supports several bulk operations for managing them:
- Manage user or team access across multiple hardware setups. See Manage User Access in a VM Hardware Setup.
- Change images across setups. See Change the Image of an Existing VM Hardware Setup.
- Replace instructions across setups. See Replace Instructions in a VM Hardware Setup.
Running VM Operations
- Tag multiple running VMs to a project — Useful when a project requires many VMs to be associated with it simultaneously. See Set Project in a Running VM Configuration from Management.
- Shut down running VMs in bulk — Once a project wraps up and data is saved to drives, shut down all associated VMs at once. See Shut Down a Running VM Configuration from Management.
- Power up service VMs simultaneously — Bring all service VMs online at once when launching a large project. See Power Up a Service VM.
- Fetch Libvirt XML descriptions — Compare XML configurations across service VMs. See View the Libvirt XML Description of a Service VM.
- Restart service VM controllers in bulk — Apply updates or resolve errors across service VMs. See Restart Controller of a Service VM.
VM User Profiles
Just as system-level User Profiles organize users across projects, VM User Profiles organize permissions within the virtual machine environment. These profiles decouple VM-level roles from system-level roles, enabling flexible access control:
- A system super-admin can be a standard VM user if their VM profile is configured that way.
- A standard system user can hold a VM manager role within a specific machine.
Each user can hold one VM profile per virtual machine, and profiles can be assigned to multiple users at once. See Add User Profiles in a Virtual Machine and What is the Purpose of VM Profiles?.
Access Directories
For large VM groups, access directories control which users can reach shared directories. Four access levels are available:
- Everybody — All VM users.
- Nobody — Only the VM owner.
- Managers — Only users with a manager role in the VM.
- Custom — Specific users designated by the VM owner or managers.
See Create an Access Directory for a Virtual Machine Group.
Drive Operations
- Bulk attach and mount drives — Attach unlimited ready drives to a VM as read-write or read-only. Keep resource utilization and VM architecture best practices in mind when attaching many drives. See Attach a Drive to an Existing VM.
- Bulk change project tags on drives. Note: all selected drives must currently be tagged to the same project. See Add or Change a Project in a Drive.
- Bulk add users to a VM. See Add Users to a Virtual Machine.
- Unshare drives from all users — Lets the drive owner make a drive private in a single action. See Unshare the Drive from Everyone Else.
- Bulk SFTP transfer — For ingesting large research datasets into projects. Create an endpoint first, then transfer data at scale. See Create an SFTP Inbox.
The Terminals
When managing complex workflows across many VMs, the Terminals feature provides a consolidated view of all running VMs. It allows you to monitor and interact with multiple machines simultaneously — a valuable tool when orchestrating large-scale operations. See Access the Terminals.
Designed for Scale
tiCrypt's management tools are built around a simple principle: any action you can perform on one object, you should be able to perform on many. From user onboarding and certification management to VM lifecycle operations and data export, bulk actions are native to the platform — not an afterthought. The result is a system that remains manageable whether you're running a small team or a large, multi-project deployment.