Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Additional Deployment Methods

Install CDP on a SQL Server node configured with availability group

search

Please Note:

Install CDP on a SQL Server node configured with availability group

CDP for MSSQL allows installing CDP on database that is configured for Availability Group feature of SQL Server. This database is a different instance of SQL Server where full installation of CDP is performed.

Prerequisite

Complete installation of same CDP version must be performed on the SQL Server instance. Refer to Quick Start for details.

Note

Availability Group installation is supported from SQL Server 2012 onward.

Steps

Only the program files (DLL, properties file, etc.) are installed on the machine hosting the Availability Group enabled database and creates a login called SafeNetCLRLogin. SafeNetCLRLogin is mapped to an asymmetric key used to sign assembly SafeNetCLR in metadata.

  1. Double-click the setup.exe to launch the CipherTrust Database Protection for MS SQL Server InstallShield Wizard and click Next.

  2. On the License Agreement screen of the InstallShield Wizard, select the I accept the terms of the license agreement option and click Next.

  3. On the Setup Type screen of the InstallShield Wizard, select Files Only (Availability Group )- Installs Failover Mode and Creates CLRSecurityLogin and click Next.

  4. On the Choose Destination Location screen of the InstallShield Wizard, provide a destination for the setup and files and click Next.

For a list of files the installer loads, see Installed Files.

  1. On the Database Connection screen of the InstallShield Wizard, enter the database connection parameters and click Next.

    The following table lists the parameters that are required when creating database connection.

    ParameterDescription
    Server Hostname or IP AddressThe hostname or IP address of the machine where SQL Server is installed. The default is local. In case of SQL Cluster setup, the IP address of the virtual server should be specified here.
    Instance NameThe default instance name is MSSQLSERVER. It might be the case that there are multiple instances of the database installed on your local machine.
    SQL Server Authentication or Windows AuthenticationType of authentication to install CDP.
    When the Windows Authentication option is selected, the logged in user’s Windows authentication is used to connect to the database.
    Database User NameSpecify the database user name when using SQL Server authentication. In case of Windows authentication, the logged in user’s name is displayed. The user name used for the database connection must be a member of the sysadmin fixed server role to permit the creation of extended stored procedures.
    Database PasswordThe password for the database user specified above.
    For Windows authentication, it is not editable as the logged in Windows user’s password is used.

  2. On the NAE Server Configuration screen of the Installation Wizard, enter the parameters to configure NAE Server and click Next.

    The following table lists the parameters that are required for NAE Server configuration.

    ParameterDescription
    IP address of NAE ServerThe IP address of the NAE Server(s) that this client sends requests to. If you have a cluster of NAE Servers that you send requests to, specify the entire cluster here. You should separate IP addresses with a colon.
    You must specify an IP address and not a hostname.
    NAE Server PortThe port on which your NAE Server is listening to client requests; the default port is 9000.
    Connection ProtocolThe protocol on which the NAE Server is establishing client connections. The default is TCP/IP. If you are setting up your CipherTrust Manager for the first time, it is recommended that you first establish connections over TCP/IP, and then gradually move on to SSL.

    If you select Connection Protocol as SSL, following screen appears.

    The following table lists the parameters required for configuring SSL connection.

    ParameterDescription
    Server side authentication onlySelect this option if you want only server side authentication to establish SSL connection between the NAE Server and the client. On selecting this option, client side authentication related parameters: Client Certificate File, Private Key File, Private Key Passphrase, and Confirm Passphrase are disabled.
    CA Certificate FileLocation of the CA certificate that signed the certificate, which the NAE Server presents during the SSL handshake. This parameter is required for the client to trust the server. Rest of the parameters are required only if the NAE Server is enforcing client certification authentication, which means that the client must provide a certificate trusted by the server to establish a connection with that server.
    Client Certificate FileThe location of the client certificate used to establish SSL connections with the NAE Server.
    Private Key FileThe private key associated with the certificate.
    Private Key PassphraseThe passphrase associated with the certificate.
    Confirm PassphraseRe-enter the passphrase.

  3. On the Provider Configuration screen of the Installation Wizard, enter the CDP configuration information and click Next.

    The following table lists the parameters required for configuring provider.

    ParameterDescription
    Connection PoolDetermines the number of connections that are reserved for the stored procedures and UDFs to connect to the database. The default value is 10.
    Logging LevelDetermines the level of logging that you want for CDP. The default is Log Errors and Warnings.
    Log File DirectorySpecifies a name, and possibly a path, for the log file. The default is: C:\Program Files (x86)\CipherTrust\CDP_MSSQLServer\MSSQLSERVER
    Log Rotation FrequencySpecifies whether logs are rotated daily or once they reach a certain size. The default is Daily.
    Maximum Log File SizeSpecifies a size at which log files are rotated. This parameter is disregarded if the Log_Rotation is set to anything other than “SIZE.” The default is 100k (KB).

    The installer now has all of the necessary information.

  4. On the Ready to Install the Program screen of the Installation Wizard, click Install.

    The installer displays the progress of the installation.

    Note

    When prompted, click Yes to restart the SQL Server service. It might take a few seconds. If you click No, a message appears stating, “SQL Server (<instance_name>) has not been restarted. Please restart it manually at a later time for database changes to take effect.” Click OK to continue.

    If for some reason, the SQL Server service could not be restarted by the installer (for example, if the dependent service, SQL Server Agent, is started), then a message appears stating, “Failed to stop service, Please restart the service manually.” Click OK to continue. You can restart the service after installation for the database changes to take effect.

  5. After the files are installed, click Finish to complete the installation.

Installed Files

The following sections describe what gets installed with CDP. In addition to the metadata installed in the database, the following program files are installed in the local file system. The default directory for these files is: C:\Program Files (x86)\CipherTrust\CDP_MSSQLServer\MSSQLSERVER.

FilesDescription
BrowseForFile.dllUsed by the installer to select an installation directory.
CipherTrust.icoIcon associated with CDP.
CDP_MSSQLServer.propertiesConfigurable properties file that determines how CDP interacts with the NAE Server.
ingicspwrapper.dllUsed to integrate with CSP layer. During installation this file is moved to C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn.
A copy of this file is also available in the installation directory.
IngIntegratedCore.dllContains entry points for stored procedures and UDFs.
sqlservr.exe.configUsed by the installer to store the names of registry keys and entries. During installation this file is moved to C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn.
CDPSQLServer.txtUsed by the CDP for SQL Server to store log information.

Apart from these installed files, the installer does the following during a full installation:

  • Creates tables, stored procedures, and user defined functions in the database you specify. The tables and stored procedures start with “ING_....” For example, ING_AUTHORIZED_USER is one of the tables that gets installed.

  • Creates one stored procedure (ing_get_metadata_info) in the master database.

  • Creates one stored procedure (ing_reload_propertyfile_value) in the metadata.

  • Creates an assembly called SafeNetCLR in metadata. This assembly is marked as UNSAFE to gain ‘external access’ required to work with KS/DS.

  • Creates a Login SafeNetClrLogin which is mapped to an asymmetric key used to sign assembly SafeNetCLR.

  • Makes entries in the Microsoft Windows registry.

  • Installs a properties file called CDP_MSSQLServer.properties in the installation directory.

  • Installs a utility in the install directory that can be used to issue certificate requests. The files associated with the certificate request utility are openssl.conf and req.exe.

  • Trustworthy property of the metadata is kept as FALSE.

On this page