Install CDP on a passive machine in a SQL Server cluster

Prerequisites

• Install CDP (Full installation) on the active node. Refer to Quick Start for details.

• While installing CDP on active node, make the passive node inactive. This step will ensure that:

  • the MS SQL instance restarts on the same node itself when the CDP installer prompts to restart the instance during installation.

  • the MS SQL instance does not move from one node to another.

Steps

The active and passive nodes share the same database. So, when you install CDP on a passive node, only the programs files such as DLL and properties file are installed on the passive node.

1. Double-click the setup.exe to launch the CipherTrust Database Protection for MS SQL Server InstallShield Wizard and click Next.

   

   Note

   If the installer detects that CDP is already installed on some instance of SQL Server, the installer prompts you to install CDP on other instances of SQL Server or to update/maintain the existing installation.

2. Select Install a new instance of this application and click Next.

   Note

   If the installer does not detect CDP, then the above prompt does not appear.

3. On the License Agreement screen of the InstallShield Wizard, select the I accept the terms of the license agreement option and click Next.

   

4. On the Setup Type screen of the InstallShield Wizard, select Files Only (Cluster)- Installs Failover Mode and Files and click Next.

   

5. On the Choose Destination Location screen of the InstallShield Wizard, provide a destination for the setup and files and click Next.

   

6. On the Database Connection screen of the InstallShield Wizard, enter the database connection parameters and click Next.

   The following table lists the parameters that are required when creating database connection.

   Parameter	Description
   Server Hostname or IP Address	The hostname or IP address of the machine where SQL Server is installed. The default is local. In case of SQL Cluster setup, the IP address of the virtual server should be specified here.
   Instance Name	Specify the instance name. Use the instance name specified for the active node in the cluster.
   Database Name	Enter the name of the database where the metadata is installed. Use the database name specified for the active node in the cluster.

7. On the NAE Server Configuration screen of the Installation Wizard, enter the parameters to configure NAE Server and click Next.

   

   The following table lists the parameters that are required for NAE Server configuration.

   Parameter	Description
   IP address of NAE Server	The IP address of the NAE Server(s) that this client sends requests to. If you have a cluster of NAE Servers that you send requests to, specify the entire cluster here. You should separate IP addresses with a colon. You must specify an IP address and not a hostname.
   NAE Server Port	The port on which your NAE Server is listening to client requests; the default port is 9000.
   Connection Protocol	The protocol on which the NAE Server is establishing client connections. The default is TCP/IP. If you are setting up your CipherTrust Manager for the first time, it is recommended that you first establish connections over TCP/IP, and then gradually move on to SSL.

   If you select Connection Protocol as SSL, following screen appears.

   

   The following table lists the parameters required for configuring SSL connection.

   Parameter	Description
   Server side authentication only	Select this option if you want only server side authentication to establish SSL connection between the NAE Server and the client. On selecting this option, client side authentication related parameters: Client Certificate File, Private Key File, Private Key Passphrase, and Confirm Passphrase are disabled.
   CA Certificate File	Location of the CA certificate that signed the certificate, which the NAE Server presents during the SSL handshake. This parameter is required for the client to trust the server. Rest of the parameters are required only if the NAE Server is enforcing client certification authentication, which means that the client must provide a certificate trusted by the server to establish a connection with that server.
   Client Certificate File	The location of the client certificate used to establish SSL connections with the NAE Server.
   Private Key File	The private key associated with the certificate.
   Private Key Passphrase	The passphrase associated with the certificate.
   Confirm Passphrase	Re-enter the passphrase.

8. On the Provider Configuration screen of the Installation Wizard, enter the CDP configuration information and click Next.

   

   The following table lists the parameters required for configuring provider.

   Parameter	Description
   Connection Pool	Determines the number of connections that are reserved for the stored procedures and UDFs to connect to the database. The default value is 10.
   Logging Level	Determines the level of logging that you want for CDP. The default is Log Errors and Warnings.
   Log File Directory	Specifies a name, and possibly a path, for the log file. The default is: C:\Program Files (x86)\CipherTrust\CDP_MSSQLServer\MSSQLSERVER
   Log Rotation Frequency	Specifies whether logs are rotated daily or once they reach a certain size. The default is Daily.
   Maximum Log File Size	Specifies a size at which log files are rotated. This parameter is disregarded if the Log_Rotation is set to anything other than “SIZE.” The default is 100k (KB).

   The installer now has all of the necessary information.

9. On the Ready to Install the Program screen of the Installation Wizard, click Install.

   

   The installer displays the progress of the installation.

   When prompted, click Yes to restart the SQL Server service. It might take a few seconds. If you click No, a message appears stating, “SQL Server (<instance_name>) has not been restarted. Please restart it manually at a later time for database changes to take effect.” Click OK to continue.