Installation Prerequisites
The following prerequisites must be met for CTE to install and register to CipherTrust Manager properly:
-
CipherTrust Manager installed and configured.
-
CipherTrust Manager must contain a Client Profile. See Changing the Profile for more information.
-
CipherTrust Manager must contain a registration token. See Creating a Registration Token.
-
Optionally, the name of the host group you want this client to be a part of.
-
CipherTrust Manager must contain an LDT Communication Group if you will use CTE to guard data over CIFS/NFS shares using LDT policies. See Managing LDT Communication Groups for more information.
Port Configuration Requirements
The following port information applies to both Windows and Linux systems.
Communication through a Firewall
If a protected client must communicate with CipherTrust Manager through a firewall, see the CipherTrust Manager documentation to determine which of the ports must be opened through the firewall.
Communication with CipherTrust Manager
The default port for http communication between CipherTrust Manager and the CTE Agent is 443. If this port is already in use, you can set the port to a different number during the CTE Agent installation.
Communication for LDT over CIFS/NFS
All nodes that intend to use LDT over CIFS/NFS GuardPoint must have the following ports open:
-
7024
-
7025
Note
When you are registering a CipherTrust Transparent Encryption client with CipherTrust Manager, you can manually include a destination port number, (Default: 443). If you enter a port value, using the syntax <hostname or IP address>:<port number>
then CipherTrust Transparent Encryption does not perform a port scan. CipherTrust Transparent Encryption uses the port number provided to verify the target server type using a TLS operation.
If you do not enter a port number, CipherTrust Transparent Encryption performs a port scan to check which ports are listening, including port 443.
Recommendations and Considerations
-
The host on which you want to install CTE must support AES-NI hardware encryption. If it does not, any attempt to install or upgrade CTE to release 7.0.0, or any subsequent version, will fail.
-
Thales recommends that you install CTE in the default location.
-
Do not install CTE on network-mounted volumes such as NFS.
-
Make the Installation root directory
/opt
a real directory. If/opt
is a symlink, you must use the-d
option to specify the installation directory, which must be a real directory.For example:
./vee-fs-7.2.0-128-rh8-x86_64.bin -d /home/hello/
Network Setup Requirements
-
The IP addresses, routing configurations, and DNS addresses must allow connectivity of the CipherTrust Manager to all clients where you install CTE.
-
If the host is a virtual machine, the VM must be deployed and running.
Recommendations and Considerations
-
The host on which you want to install CTE must support AES-NI hardware encryption. If it does not, any attempt to install or upgrade CTE to release 7.0.0, or any subsequent version, will fail.
-
The IP addresses, routing configurations, and DNS addresses must allow connectivity of the Windows system on which you plan to install CTE to the CipherTrust Manager. After the Windows system is registered as a client with the CipherTrust Manager, the client must be able to poll the CipherTrust Manager in case there are any changes to the encryption keys, policies, or GuardPoints.
-
CipherTrust Transparent Encryption must also allow for connectivity of the CipherTrust Manager to all of the clients where you install CTE, as well as communication between different CTE clients that plan to enable LDT over NFS/CIFS.
-
If the system is a virtual machine, the VM must be deployed and running.
LDT over CIFS/NFS is not supported with DSM.