Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

CTE for Cloud Object Storage

CTE COS S3 Installation Overview

search

Please Note:

printsuggest an editpdf paneldownload

CTE COS S3 Installation Overview

In order to configure CTE COS S3, you must complete the following tasks.

Note

The AWS CLI is used as a sample application to explain the detailed installation procedure.

  1. Install the required packages for CTE COS S3. For details, see Install Required Linux Packages

  2. Install CTE and generate the local COS Proxy CA Certificate. For details, see Install CTE with COS Service

    Note

    You can only install the Cloud Object Storage feature during CTE installation. You cannot install it post installation.

  3. Configure the client to use the COS Proxy CA Certificate. For details, see Configure the AWS CLI to use the COS Root CA Certificate.

  4. Configure the client to use the COS proxy port. For details, see Configure the AWS CLI Network Proxy.

  5. Configure CTE COS S3 with AWS Credentials. For details, see Configure CTE COS S3.

  6. Optionally configure Role & IAM policies for CTE COS S3 for guarded buckets. For details, see Optionally Configure a CTE COS S3 Role for Guarded Buckets.

  7. Configure the guarded buckets. For details, see Guard an AWS Bucket.

copy link to clipboardInstall Required Linux Packages

CTE COS S3 requires the following prerequisite packages:

  • boost-regex

  • boost-system

  • boost-thread

  • libcurl

  • libtool-ltdl

  • libxml2

  • epel-release.

  • cryptopp // This package must be installed after epel-release.

  • log4cpp // This package must be installed after epel-release.

For example:

sudo yum install boost-regex boost-system boost-thread libcurl libtool-ltdl libxml2 epel-release
sudo yum install cryptopp log4cpp

CTE COS S3 supports both Python2 and Python3. If both versions of Python are available, CTE COS S3 will use Python3. For either Python package, you also need to install the Python modules "boto3" and "future" after you install the main python package.

copy link to clipboardExample for Python2

sudo yum install python-pip
sudo pip install boto3 future

copy link to clipboardExample for Python3

sudo yum install python3 python3-pip
sudo pip3 install boto3 future

copy link to clipboardInstall CTE with COS Service

Note

  • You can only install the Cloud Object Storage feature during CTE installation. You cannot install it post installation.

  • Do not change the default CTE installation directory. CTE must be installed in the default location if you enable Cloud Object Storage.

When the installer asks about Cloud Object Storage, type Y and follow the prompts as shown.

Do you want this host to have Cloud support enabled on the server? (Y/N) [N]: Y

CTE COS CA Cert is located in /opt/vormetric/DataSecurityExpert/agent/squid/etc/cosCA.crt
Clients must be updated to use the new CA Certificate

Generating certificate signing request for the kernel component...done.
Signing certificate...done.
Generating EC certificate signing request for the vmd...done.Signing certificate...done.
Generating EC certificate signing request for the vmd...done.
Signing certificate...done.

The following is the fingerprint of the EC CA certificate. Please verify that it matches the fingerprint shown on the Dashboard page of the Management Console.
If they do not match, it can indicate an unsuccessful setup or an attack.
B0:93:C7:67:07:C9:CB:09:E2:21:F1:5C:8A:C8:79:8F:03:86:21:F2
Do the fingerprints match? (Y/N) [N]: Y

Successfully registered the CipherTrust Encryption Expert File System Agent with the primary CipherTrust Data Security Server on security.manager.example.com.
Starting CTE Cloud Service
Installation success.

copy link to clipboardEnable COS on an Agent with no COS Service

To enable COS on a system that has CTE installed but no COS Service:

  1. Uninstall CTE completely.

  2. Reinstall CTE and select Yes when asked:

    Do you want to configure this host for Cloud Object Storage? (Y/N) [N]: Y

copy link to clipboardUninstall COS from an Agent

Currently, the only method for uninstalling COS is as follows:

  1. Uninstall CTE completely.

  2. Delete the host/client from CM.

  3. Re-register the host/client.

  4. Reinstall CTE and select NO when asked:

    Do you want to configure this host for Cloud Object Storage? (Y/N) [N]: N

On this page