Silent Installation on AIX

This section describes how to perform a silent (unattended) installation of the CTE on a single host. The silent installation automates the installation process by storing the answers to installation and registration questions in a separate file that you create. You can also use the silent installation to install CTE on multiple hosts simultaneously.

The silent install method installs CTE on the host, and registers the host with the CipherTrust Manager you specify in the silent installation file.

Prerequisites

The following prerequisites must be met for CTE/CTE-U to install and register to CipherTrust Manager properly:

• CipherTrust Manager installed and configured. See CipherTrust Manager Documentation for more information.

• CipherTrust Manager must contain a Client Profile. See Changing the Profile for more information.

• CipherTrust Manager must contain a registration token. See Creating a Registration Token.

• Optionally, the name of the host group you want this client to be a part of.

Procedure

1. Log on as an administrator to the host where you will install CTE.

2. Create a parameter file and store it on your system, or copy an existing file from another location. The file can contain any of the following parameters:

   SERVER_HOSTNAME

   Required if you want to register CTE with a CipherTrust Manager.

   SERVER_IP

   Alternative for hostname when registering.

   REG_TOKEN

   The registration token for the CipherTrust Manager with which you plan to register this client. Required for registration.

   HOST_PROFILE

   Specifies the client profile in the CipherTrust Manager that will be associated with this client. If this value is omitted, the CipherTrust Manager uses the default client profile.

   TMPDIR

   Specifies a custom temporary directory that the installer can use during the installation process. If this value is omitted, the installer uses the default temporary directory.

   AGENT_HOST_NAME

   FQDN of the host on which the CTE Agent is being installed. If this value is not specified, the installer uses the host's IP address.

   AGENT_USEIP

   Use the IP address of the protected host instead of host name. Used when hostname is not supplied.

   AGENT_HOST_PORT

   Specifies the port number for this CTE Agent to use.

   HOST_GROUP

   Specifies the optional host/client group with which this host/client will be associated.

   HOST_DESC

   Specifies a description for the host. This description is displayed in the CipherTrust Manager. If an entry for this host already exists, and the host already has a description, CipherTrust Manager does not overwrite the existing description, even if this option is specified.

   USEHWSIG

   Set this value to 1 when you want to associate this installation with the machine hardware for cloning prevention.

Example 1: Registering with CipherTrust Manager

The following example contains just the required information for registration with CipherTrust Manager. In this case, the client will be registered with the CipherTrust Manager using its IP address instead of its host name:

    :::yaml
    SERVER_HOSTNAME=Key-Mgmt-Server.example.com
    REG_TOKEN=12345
    AGENT_HOST_NAME=10.192.80.86

Example 2: Registering with CipherTrust Manager

The following example specifies the required registration information, adds a host name and description, and enables hardware association. In this case, the client will be registered with the CipherTrust Manager using its host name instead of the IP address:

    :::yaml
    SERVER_HOSTNAME=Key-Mgmt-Server.example.com
    REG_TOKEN=12345
    AGENT_HOST_NAME=myagent.example.com
    HOST_DESC="West Coast Server 12"
    USEHWSIG=1
    CERT_FIELD_PARAM="/C=US/ST=California/L=San Jose/O=Thales eSecurity/OU=Vormetrics/CN=localhost/emailAddress=admin@thalegroup.com"
    SUBJECT_ALT_NAME_PARAM="DNS:www.thalesgroup.com,email:admin@thalesgroup.com"

1. Copy or mount the CTE installation file to the host system. The installation file is in the format vee-fs-<release>-<build>-<system>.bin.

2. Run the installer using the following syntax:

    ./vee-fs-<release>-<build>-<system>.bin [-d <custom-dir>] -s <install-file>
   

   where:

   • -d <custom-dir> is an optional parameter that specifies the installation directory for CTE. If you omit this parameter, CTE is installed in /opt/vormetric/DataSecurityExpert/agent/.

   • -s <install-file> indicates that you want to install silently using the installation options file <install-file>

   For example, if the installation options file is called /tmp/unattended.txt, you would enter:

    ./vee-fs-7.2.0-56-aix71.bin -s /tmp/unattended.txt
   

3. Verify the installation by checking CTE processes on the host:

   • Run vmd -v to check the version of CTE matches that just installed.

   • Run vmsec status to display CTE kernel status.

   • Look at the log files in /var/log/vormetric, especially install.fs.log.<date> and vorvmd_root.log.

4. In CipherTrust Manager, change the client password using the manual password creation method. This password allows users to access encrypted data if the client is ever disconnected from the CipherTrust Manager. For details on changing the password, see the CipherTrust Manager documentation.