Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Installing and Registering CTE

Installation on Linux

search

Please Note:

Installation on Linux

note

Note

Do not install CTE on network-mounted volumes like NFS.

copy link to clipboardPrerequisites

Make sure you have the following information from the CM Administrator:

  • The registration token for the CipherTrust Manager with which you plan to register the CTE Agent.

  • The name of the profile you intend to assign to the client if you want to use a profile other than the default client profile.

  • Optionally, the name of the host group you want this client to be a part of.

copy link to clipboardPort Selection

The following port information applies to both Windows and Linux systems.

copy link to clipboardCommunication through a Firewall

If a protected client must communicate with CipherTrust Manager through a firewall, see the CipherTrust Manager documentation to determine which of the ports must be opened through the firewall.

copy link to clipboardCommunication with CipherTrust Manager

The default port for http communication between CipherTrust Manager and the CTE Agent is 443. If this port is already in use, you can set the port to a different number during the CTE Agent installation.

copy link to clipboardCommunication for LDT over CIFS/NFS

All nodes that intend to use LDT over CIFS/NFS GuardPoint must have the following ports open:

  • 7024

  • 7025

Note

When you are registering a CipherTrust Transparent Encryption client with CipherTrust Manager, you can manually include a destination port number, (Default: 443). If you enter a port value, using the syntax <hostname or IP address>:<port number> then CipherTrust Transparent Encryption does not perform a port scan. CipherTrust Transparent Encryption uses the port number provided to verify the target server type using a TLS operation.

If you do not enter a port number, CipherTrust Transparent Encryption performs a port scan to check which ports are listening, including port 443.

copy link to clipboardProcedure

  1. Log on to the host where you will install the CTE Agent as root. You cannot install the CTE Agent without root access.

  2. Copy or mount the installation file to the host system. If necessary, make the file executable with the chmod command.

  3. Install the CTE Agent. A typical installation uses the following syntax:

    ./vee-fs-<release>-<build>-<system>.bin

    For example: 

    ./vee-fs-7.3.0-135-rh8-x86_64.bin

    To install the CTE Agent in a custom directory, use the -d <custom-dir> option. For example:

    ./vee-fs-7.3.0-135-rh8-x86_64.bin -d /home/my-cte-dir/
    note

    Note

    If possible, Thales recommends that you use the default directory /opt/vormetric.

    To view all installer options, use the -h parameter. For example:

    ./vee-fs-7.3.0-135-rh8-x86_64.bin -h

  4. The Thales License Agreement displays. When prompted, type Y and press Enter to accept.

    The install script installs the CTE Agent software in either /opt/vormetric or your custom installation directory and then prompts you about registering the CTE Agent with a key manager.

    Welcome to the CipherTrust Transparent Encryption File System Agent Registration Program.

Agent Type: CipherTrust Transparent Encryption File System Agent
Agent Version: <Release.build-number>

In order to register with a CipherTrust Manager you need a valid registration token from the CM.

Do you want to continue with agent registration? (Y/N) [Y]:

  5. Type N and press Enter to end the installation procedure without registering the CTE Agent with either key manager.

  6. Enter Y to continue with the registration process. The install script prompts you to enter the host name or IP address of the CipherTrust Manager with which you want to register CTE. For example:

    Do you want to continue with agent registration? (Y/N) [Y]: Y

Please enter the primary key manager host name: 10.3.200.141
    note

    Note

    The default communication port is 443. If you want to specify a different communication port, enter it with the primary key manager host name in the format: <hostName>:<port#>

    You entered the host name 10.3.200.141<br>
Is this host name correct? (Y/N) [Y]: Y

  7. Enter the client host name when prompted.

    Please enter the host name of this machine, or select from the following list.

[1] sys31186.qa.com
[2] 10.3.31.186

Enter a number, or type a different host name or IP address in manually:
What is the name of this machine? [1]: 2
You selected "10.3.31.186".

  8. Enter the CipherTrust Manager registration token, profile name, host group and host description. If you omit the profile name, CipherTrust Manager associates the default client profile with this client.

    Please enter the registration token: 12345
Please enter the profile name for this host: My-Profile
Please enter the host group name for this host, if any:
Please enter a description for this host: RHEL7 system West Coast Datacenter

Token            : 12345
Profile name     : My-Profile
Host Group       : (none)
Host description : RHEL7 system West Coast Datacenter
Are the above values correct?  (Y/N) [Y]: Y

  9. At the hardware association prompt, select whether you want to enable the hardware association feature to prevent cloning. The default is Y (enabled):

    It is possible to associate this installation with the hardware of this machine.  If selected, the agent will not contact the key manager or use any cryptographic keys if any of this machine's hardware is changed.  This
can be rectified by running this registration program again.
Do you want to enable this functionality?  (Y/N) [Y]: Y

  10. At the LDT prompt, specify that you want this client to use CTE-LDT by typing Y and pressing Enter:

    Do you want this host to have LDT support enabled on the server? (Y/N) [N]: Y

  11. If you are planning to create GuardPoints on NFS shares, enter the name of the LDT Communication Group that this node will join.

    Enter the LDT Communication Group name: LCG1
    warning

    Warning

    The registration token, profile name, client group name and LDT Communication Group name are case-sensitive. If any of these are entered incorrectly, the client registration will not succeed. If the registration fails, click Back in the installer and verify that the case is correct for all entries on this page.

  12. At the Cloud Object Storage (COS) prompt, specify whether you want this client to use CTE COS.

    Do you want to configure this host for Cloud Object Storage? (Y/N) [N]:

  13. CTE finishes the installation and registration process.

    Generating key pair for the kernel component...done.
Extracting SECFS key
Generating EC certificate signing request for the vmd...done.
Signing certificate...done.
Enrolling agent with service on 10.3.200.141...done.
Successfully registered the CipherTrust Transparent Encryption CTE Agent with the CipherTrust Manager on 10.3.200.141.

Installation success.

  14. In CipherTrust Manager, change the client password using the manual password creation method. This password allows users to access encrypted data if the client is ever disconnected from the CipherTrust Manager. For details on changing the password, see the CipherTrust Manager documentation.

On this page