Oracle Cloud Deployment
Minimum Requirements
To deploy a CipherTrust Manager instance, the following minimum requirements apply:
Boot Disk: 1 volume, minimum size: (46.6 GB for evaluation purposes, 100 GB for production)
Memory: 16 GB
vCPUs: 2
NICs: 1
Note
These minimum system requirements are for a system with light to moderate load. For applications that heavily load the system, additional memory and CPU allocation are required. The system volume holds all data as well as backups.
Deploying in Oracle Cloud
Steps for deploying a CipherTrust Manager instance in Oracle Cloud:
Contact Thales customer support to request a virtual CipherTrust Manager image for Oracle Cloud.
Customer support will provide an Object Storage URL needed to import the image.
Log in to Oracle Cloud.
Click menu button on top left corner, then navigate to Core Infrastructure > Compute > Custom Images.
Under List Scope, select the desired Compartment to import the image into.
Click Import Image.
The Import Image dialog opens.
Provide details to import the Virtual CipherTrust Manager image.
Set a meaningful Name.
Set the Operating System to Ubuntu.
Select Import from an Object Storage URL and provide the Object Storage URL obtained in step 1.
Set the Image Type to QCOW2.
Set the Launch Mode to Paravirtualized mode.
Click Import Image.
On the Custom Image details page, find the Work Requests resource, and the Create image operation. Wait for the listed State to show as
Succeeded
and the listed % Complete to reach100%
.At this point, the Create Instance button becomes enabled.
Click Create Instance to launch a Virtual CipherTrust Manager from the imported image.
The Create Compute Image page displays.
Note
Do not alter default settings except as indicated in the below steps. For example, Boot Volume and Live Migration settings should be left as default.
In the Placement section, select the desired Availability Domain.
Note
To learn more about Availability Domains, click here.
Select the desired Shape.
Note
To learn more about Compute Shapes, click here.
In the Networking section, specify/select the following settings:
Virtual Cloud Network Compartment
Select a Virtual Cloud Network
Subnet Compartment
Subnet
Use Network Security Groups to control traffic (optional)
Note
It is recommended to use a Network Security Group to monitor/control the network traffic. To learn more about Network Security Groups, click here.
Depending on your requirements, select one of the following:
Assign a Public IP Address
To make this instance accessible through internet.Do Not Assign a Public IP Address
To make this instance accessible through private network only.
In the Add SSH Keys section, use one of the following options:
Note
We support OpenSSH format for the public key, and OpenSSH, PKCS1, or PKCS8 format for the private key. RSA is the supported key algorithm. We recommend RSA 4096, with RSA 2048 as a minimum size for adequate security.
Generate SSH Keys
Use this option to generate the SSH keys on-the-go. Then download the keys using the links provided.
Use SSH Key Files
If you already have SSH key files, then select this option and then upload the public key file.
Paste SSH Keys
If you already have SSH key files, then paste the contents of the public key file in the field provided.
Note
You can add additional keys, if required. To learn how to generate a SSH Key pair, click here.
Tip
If it is desired to specify custom Cloud-Init configuration, then click Show Advanced Options, go to Management tab, and paste your Cloud-InIt configuration script.
Click Create.
The Oracle Cloud Instance will be created. Use its public/private IP to access CipherTrust Manager.
Connect to the CipherTrust Manager Web Page.
Select the resource with the IP address, in this example: Keysecure-k170v-test-ip.
Browse to this IP address (in this example enter https://40.117.142.62). The Log In screen appears.
Log in using the initial default credentials: Username = admin, Password = admin
The following notice is displayed:
Note
If the default credentials do not work, you may need to retrieve an autogenerated password, as described in changing the initial password.
Enter a new password using this default Password Policy:
Min length: 8 Max length: 30 Min number of upper cases: 1 Min number of lower cases: 1 Min number of digits: 1 Min number of other characters: 1
A new Login screen appears.
Using your new password, log in again. The CipherTrust Manager Web Page appears.
At this point, it's strongly recommended to configure an NTP server.
Navigate to Admin Settings > NTP.
Enter in an NTP Server hostname.
For an authenticated NTP Server, enter in a symmetric key value in the NTP Key field.
Click the +Add NTP Server button.
See Network Time Protocol Server Configuration for more details.
Note
Virtual CipherTrust Manager launches in Community Edition, with some restrictions on functionality. You can activate a 90 day trial evaluation for full functionality. To activate your instance with a trial evaluation, or a term or perpetual license, see Licensing.