Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Administration

Quick Start

search

Please Note:

Quick Start

This article covers the steps required for full installation. A full installation can be done on any instance of SQL Server on which CDP has not already been installed.

Prerequisites

  • User should have rights to authenticate either using SQL Server Authentication or Windows Authentication.

    • For SQL Server Authentication, database user name and password are required.

    • For Windows Authentication, user’s Windows authentication is used.

  • You can install CDP in any database. It is recommended that you create a new database and install CDP for MSSQL there.

  • The database user or the Window’s user must be a member of the sysadmin group to permit the creation of extended stored procedures.

Steps

  1. Extract the CDP for MSSQL software. The following structure is created:

    FileDescription
    setup.exeContains file used to perform full installations, failover installations, and upgrades.
    ToolsContains PassPhraseSecure.exe to obfuscate the password, openssl.conf and req.exe to create certificate requests, and SetColumnUtility folder which contains the utility to set multiple column properties for migration.
    upgradeScriptsContains the .bat files to upgrade CDP when the SQL Server is upgraded from a lower version to higher version.

  2. Double-click the setup.exe to launch the CipherTrust Database Protection for MS SQL Server InstallShield Wizard and click Next.

    Note

    If CDP is already installed, the installer prompts the user to opt any of the following options:

    • install a new instance of this application

    • upgrade the instance

  3. On the License Agreement screen of the InstallShield Wizard, select the I accept the terms of the license agreement option and click Next.

  4. On the Setup Type screen of the InstallShield Wizard, select Complete Install- Includes DB and Files and click Next.

    For other options, refer to Additional Deployment Methods.

  5. On the Choose Destination Location screen of the InstallShield Wizard, provide a destination for the setup and files and click Next.

    By default, the setup and files are installed at: C:\Program Files(x86)\CipherTrust\CDP_MSSQLServer. For a list of files the installer loads, see Installed Files.

  6. On the Instance ID screen of the InstallShield Wizard, confirm the Instance ID for this installation and click Next.

    Thales recommends that you accept the default Instance ID. Once you accept the Instance ID, you should not change it. If you change your Instance ID, you must drop and recreate any existing user mappings for this SQL Server instance from the CipherTrust Manager UI.

    If you receive the following error message: Unable to open OLE32.DLL. Can’t find file!

    Click OK and manually enter an instance ID of at least 8 characters in length.

    Note

    You might change the default Instance ID if the database is involved in replication activities such as log shipping. In that case, the Instance ID should be modified so that all databases in the replication group have the same Instance ID.

  7. On the Database Connection screen of the InstallShield Wizard, enter the database connection parameters and click Next.

    The following table lists the parameters that are required when creating database connection.

    ParameterDescription
    Server Hostname or IP AddressThe hostname or IP address of the machine where SQL Server is installed. The default is local. In case of SQL Cluster setup, the IP address of the virtual server should be specified here.
    Instance NameThe default instance name is MSSQLSERVER. It might be the case that there are multiple instances of the database installed on your local machine.
    SQL Server Authentication or Windows AuthenticationType of authentication to install CDP for MSSQL.
    When the Windows Authentication option is selected, the logged in user’s Windows authentication is used to connect to the database.
    Database User NameSpecify the database user name when using SQL Server authentication. In case of Windows authentication, the logged in user’s name is displayed. The user name used for the database connection must be a member of the sysadmin fixed server role to permit the creation of extended stored procedures.
    Database PasswordThe password for the database user specified above.
    For Windows authentication, it is not editable as the logged in Windows user’s password is used.

  8. On the Select Database screen of the InstallShield Wizard, select the Database Name where you want to install the metadata and click Next.

  9. On the NAE Server Configuration screen of the Installation Wizard, enter the parameters to configure NAE Server and click Next.

    The following table lists the parameters that are required for NAE Server configuration.

    ParameterDescription
    IP address of NAE ServerThe IP address of the NAE Server(s) that this client sends requests to. If you have a cluster of NAE Servers that you send requests to, specify the entire cluster here. You should separate IP addresses with a colon.
    You must specify an IP address and not a hostname.
    NAE Server PortThe port on which your NAE Server is listening to client requests; the default port is 9000.
    Connection ProtocolThe protocol on which the NAE Server is establishing client connections. The default is TCP/IP. If you are setting up your CipherTrust Manager for the first time, it is recommended that you first establish connections over TCP/IP, and then gradually move on to SSL.

    If you select Connection Protocol as SSL, following screen appears.

    The following table lists the parameters required for configuring SSL connection.

    ParameterDescription
    Server side authentication onlySelect this option if you want only server side authentication to establish SSL connection between the NAE Server and the client. On selecting this option, client side authentication related parameters: Client Certificate File, Private Key File, Private Key Passphrase, and Confirm Passphrase are disabled.
    CA Certificate FileLocation of the CA certificate that signed the certificate, which the NAE Server presents during the SSL handshake. This parameter is required for the client to trust the server. Rest of the parameters are required only if the NAE Server is enforcing client certification authentication, which means that the client must provide a certificate trusted by the server to establish a connection with that server.
    Client Certificate FileThe location of the client certificate used to establish SSL connections with the NAE Server.
    Private Key FileThe private key associated with the certificate.
    Private Key PassphraseThe passphrase associated with the certificate.
    Confirm PassphraseRe-enter the passphrase.

  10. On the Provider Configuration screen of the Installation Wizard, enter the CDP configuration information and click Next.

    The following table lists the parameters required for configuring provider.

    ParameterDescription
    Connection PoolDetermines the number of connections that are reserved for the stored procedures and UDFs to connect to the database. The default value is 10.
    Logging LevelDetermines the level of logging that you want for CDP for MSSQL. The default is Log Errors and Warnings.
    Log File DirectorySpecifies a name, and possibly a path, for the log file. The default is: C:\Program Files (x86)\CipherTrust\CDP_MSSQLServer\MSSQLSERVER
    Log Rotation FrequencySpecifies whether logs are rotated daily or once they reach a certain size. The default is Daily.
    Maximum Log File SizeSpecifies a size at which log files are rotated. This parameter is disregarded if the Log_Rotation is set to anything other than “SIZE.” The default is 100k (KB).

    The installer now has all of the necessary information.

  11. On the Ready to Install the Program screen of the Installation Wizard, click Install.

  12. The installer needs to copy the libcrypto-3-x64.dll and libssl-3-x64.dll files to C:\Windows\system32. As per Windows' design any file copied to C:\Windows\system32 gets redirected to C:\Windows\SysWOW64. On the Setup Status screen of the Installation Wizard:

    • Click Yes to disable the redirector from copying the files to the SysWOW64 directory.

    • Click No to manually copy libcrypto-3-x64.dll and libssl-3-x64.dll from C:\Program Files (x86)\CipherTrust\CDP_MSSQLServer\MSSQLSERVER to C:\Windows\system32 and click OK. Instead of manually copying the files, you can also add the installation path of CDP_MSSQLServer to the list of system variables.

    Note

    When prompted, click Yes to restart the SQL Server service. It might take a few seconds. If you click No, a message appears stating, “SQL Server (<instance_name>) has not been restarted. Please restart it manually at a later time for database changes to take effect.” Click OK to continue.

    If for some reason, the SQL Server service could not be restarted by the installer (for example, if the dependent service, SQL Server Agent, is started), then a message appears stating, “Failed to stop service, Please restart the service manually.” Click OK to continue. You can restart the service after installation for the database changes to take effect.

  13. After the files are installed, click Finish to complete the installation.

Installed Files

The following sections describe what gets installed with CDP. In addition to the metadata installed in the database, the following program files are installed in the local file system. The default directory for these files is: C:\Program Files (x86)\CipherTrust\CDP_MSSQLServer\MSSQLSERVER.

FilesDescription
BrowseForFile.dllUsed by the installer to select an installation directory.
CipherTrust.icoIcon associated with CDP.
CDP_MSSQLServer.propertiesConfigurable properties file that determines how CDP interacts with the NAE Server.
ingicspwrapper.dllUsed to integrate with CSP layer. During installation this file is moved to C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn.
A copy of this file is also available in the installation directory.
IngIntegratedCore.dllContains entry points for stored procedures and UDFs.
sqlservr.exe.configUsed by the installer to store the names of registry keys and entries. During installation this file is moved to C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn.
CDPSQLServer.txtUsed by the CDP for SQL Server to store log information.

Apart from these installed files, the installer does the following during a full installation:

  • Creates tables, stored procedures, and user defined functions in the database you specify. The tables and stored procedures start with “ING_....” For example, ING_AUTHORIZED_USER is one of the tables that gets installed.

  • Creates one stored procedure (ing_get_metadata_info) in the master database.

  • Creates one stored procedure (ing_reload_propertyfile_value) in the metadata.

  • Creates an assembly called SafeNetCLR in metadata. This assembly is marked as UNSAFE to gain ‘external access’ required to work with KS/DS.

  • Creates a Login SafeNetClrLogin which is mapped to an asymmetric key used to sign assembly SafeNetCLR.

  • Makes entries in the Microsoft Windows registry.

  • Trustworthy property of the metadata is kept as FALSE.

To know more about what gets created in database, refer to Database Objects and Tables and Views.

After you have installed the CDP, you can customize it to meet the needs of your environment. To customize the software, you need to modify the properties file. To configure CDP_MSSQLServer.properties file, refer to Configuration Parameters.

If you want to encrypt your data, we recommend you to first go through the Planning Encryption article.

On this page