Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Configuring CTE for Linux with CipherTrust Manager

Silent Installation for CTE or CTE-U on Linux

search

Please Note:

Silent Installation for CTE or CTE-U on Linux

This section describes how to perform a silent (unattended) installation on CTE or CTE-U on a single host. The silent installation automates the installation process by storing the answers to installation and registration questions in a separate file that you create. It installs CTE/CTE-U on the host, and registers the host with the CipherTrust Manager you specify in the silent installation file. You can also use the silent installation to install CTE/CTE-U, on multiple hosts simultaneously.

Prerequisites

The following prerequisites must be met for CTE/CTE-U to install and register to CipherTrust Manager properly:

Procedure

  1. Log on as an administrator to the host where you will install CTE/CTE-U.

  2. Create a parameter file and store it on your system, or copy an existing file from another location. The file can contain any of the following parameters:

    SERVER_HOSTNAME

    Required if you want to register CTE with a CipherTrust Manager.

    SERVER_IP

    Alternative for hostname when registering.

    REG_TOKEN

    The registration token for the CipherTrust Manager with which you plan to register this client. Required for registration.

    HOST_PROFILE

    Specifies the client profile in the CipherTrust Manager that will be associated with this client. If this value is omitted, the CipherTrust Manager uses the default client profile.

    TMPDIR

    Specifies a custom temporary directory that the installer can use during the installation process. If this value is omitted, the installer uses the default temporary directory.

    AGENT_HOST_NAME

    FQDN of the host on which the CTE Agent is being installed. If this value is not specified, the installer uses the host's IP address.

    AGENT_USEIP

    Use the IP address of the protected host instead of host name. Used when hostname is not supplied.

    AGENT_HOST_PORT

    Specifies the port number for this CTE Agent to use.

    HOST_GROUP

    Specifies the optional host/client group with which this host/client will be associated.

    HOST_DESC

    Specifies a description for the host. This description is displayed in the CipherTrust Manager. If an entry for this host already exists, and the host already has a description, CipherTrust Manager does not overwrite the existing description, even if this option is specified.

    USEHWSIG

    Set this value to 1 when you want to associate this installation with the machine hardware for cloning prevention.

    CA_CERT

    Set to provide CA certificate data to CipherTrust Manager.

    CA_FILE

    Set to provide a CA certificate file to CipherTrust Manager.

    ENABLE_CLOUD

    Set to enable cloud in the Key Manager.

    ENABLE_LDT

    Set this value to 1 to automatically enable and register CTE-LDT (Live Data Transformation) for this host on your key manager during the silent install.

    LDTGROUP_NAME

    Set the LDT Communication Group for LDT over NFS/CIFS.

    ENABLE_ES

    Set this value to 1 automatically enable and register CTE-Efficient Storage for this host on your key manager during the silent install.

    CERT_FIELD_PARAM

    Example 1: Registering with CipherTrust Manager

    The following example contains just the required information for registration with CipherTrust Manager. In this case, the client will be registered with the CipherTrust Manager using its IP address instead of its host name:

    SERVER_HOSTNAME=Key-Mgmt-Server.example.com
REG_TOKEN=12345
AGENT_HOST_NAME=10.192.80.86

    Example 2: Registering with CipherTrust Manager

    The following example specifies the required registration information, adds a host name and description, enables hardware association, and CTE-LDT. In this case, the client will be registered with the CipherTrust Manager using its host name instead of the IP address:

    SERVER_HOSTNAME=Key-Mgmt-Server.example.com
REG_TOKEN=12345
AGENT_HOST_NAME=myagent.example.com
HOST_DESC="West Coast Server 12"
USEHWSIG=1
CERT_FIELD_PARAM="/C=US/ST=California/L=San Jose/O=Thales eSecurity/OU=Vormetrics/CN=localhost/emailAddress=admin@thalegroup.com"
SUBJECT_ALT_NAME_PARAM="DNS:www.thalesgroup.com,email:admin@thalesgroup.com"

    CERT_FIELD_PARAM

    Example: Registering with CipherTrust Manager

    The following example specifies the required registration information, adds a host name and description, enables hardware association, CTE-LDT. In this case, the client will be registered with the CipherTrust Manager using its host name instead of the IP address:

        SERVER_HOSTNAME=Key-Mgmt-Server.example.com
    REG_TOKEN=12345
    AGENT_HOST_NAME=myagent.example.com
    HOST_DESC="West Coast Server 12"
    USEHWSIG=1
    CERT_FIELD_PARAM="/C=US/ST=California/L=San Jose/O=Thales eSecurity/OU=Vormetrics/CN=localhost/emailAddress=admin@thalegroup.com"
    SUBJECT_ALT_NAME_PARAM="DNS:www.thalesgroup.com,email:admin@thalesgroup.com"

  3. Copy or mount the installation file to the host system. The installation file is in the format:

    vee-fs-<release>-<build>-<system>.bin

    cte-fuse_<version>.<build>_<processor>.rpm

  4. Run the installer using the following syntax:

    ./vee-fs-<release>-<build>-<system>.bin [-d <custom-dir>] -s <install-file>

    where:

    • -d <custom-dir> is an optional parameter that specifies the installation directory for CTE. If you omit this parameter, CTE is installed in: /opt/vormetric/DataSecurityExpert/agent/

    • -s <install-file> indicates that you want to install CTE silently using the installation options file <install-file>

    For example, if the installation options file is called /tmp/unattended.txt, you would enter:

    ./vee-fs-7.3.0-135-rh8-x86_64.bin -s /tmp/unattended.txt

        rpm -i cte-fuse_<version>.<build>_<processor>.rpm

    • Invoke Registration for CTE-U:

      /opt/vormetric/DataSecurityExpert/agent/vmd/bin/register_host silent <silent_reg_file>

    Note

    You can also invoke registration by replacing 'register_host' with the following two options:

    • REG_HOST_CLEAN: Register and remove certificates used for communication

    • REG_HOST_SILENT_<fileName>: Use silent/non-interactive mode; get name=value input from

  5. Verify the installation by checking the CTE/CTE-U processes on the host:

    • Run vmd -v to check that the version of CTE/CTE-U matches that just installed.

    • Run vmsec status to display CTE kernel status. (CTE only)

    • Look at the log files in /var/log/vormetric, especially install.fs.log.<date> and vorvmd_root.log.

  6. In CipherTrust Manager, change the client password using the manual password creation method. This password allows users to access encrypted data if the client is ever disconnected from the CipherTrust Manager. For details on changing the password, see the CipherTrust Manager documentation.

On this page