CTE COS S3 Installation Overview
In order to configure CTE COS S3, you must complete the following tasks.
Note
The AWS CLI is used as a sample application to explain the detailed installation procedure.
-
Install the required packages for CTE COS S3. For details, see Install Required Linux Packages
-
Install CTE and generate the local COS Proxy CA Certificate. For details, see Install CTE with COS Service
Note
You can only install the Cloud Object Storage feature during CTE installation. You cannot install it post installation.
-
Configure the client to use the COS Proxy CA Certificate. For details, see Configure the AWS CLI to use the COS Root CA Certificate.
-
Configure the client to use the COS proxy port. For details, see Configure the AWS CLI Network Proxy.
-
Configure CTE COS S3 with AWS Credentials. For details, see Configure CTE COS S3.
-
Optionally configure Role & IAM policies for CTE COS S3 for guarded buckets. For details, see Optionally Configure a CTE COS S3 Role for Guarded Buckets.
-
Configure the guarded buckets. For details, see Guard an AWS Bucket.
Install Required Linux Packages
CTE COS S3 requires the following prerequisite packages:
-
boost-regex
-
boost-system
-
boost-thread
-
lib-curl
-
libtool-ltdl
-
libxml2
-
epel-release
. -
cryptopp
// This package must be installed afterepel-release
. -
log4cpp
// This package must be installed afterepel-release
.
For example:
sudo yum install boost-regex boost-system boost-thread libcurl libtool-ltdl libxml2 epel-release
sudo yum install cryptopp log4cpp
CTE COS S3 supports both Python2 and Python3. If both versions of Python are available, CTE COS S3 will use Python3. For either Python package, you also need to install the Python modules "boto3
" and "future
" after you install the main python package.
-
Example for Python2:
sudo yum install python-pip sudo pip install boto3 future
-
Example for Python3:
sudo yum install python3 python3-pip sudo pip3 install boto3 future
Install CTE with COS Service
Note
-
You can only install the Cloud Object Storage feature during CTE installation. You cannot install it post installation.
-
Do not change the default CTE installation directory. CTE must be installed in the default location if you enable Cloud Object Storage.
When the installer asks about Cloud Object Storage, type Y and follow the prompts as shown.
Do you want this host to have Cloud support enabled on the server? (Y/N) [N]: Y
CTE COS CA Cert is located in /opt/vormetric/DataSecurityExpert/agent/squid/etc/cosCA.crt
Clients must be updated to use the new CA Certificate
Generating certificate signing request for the kernel component...done.
Signing certificate...done.
Generating EC certificate signing request for the vmd...done.Signing certificate...done.
Generating EC certificate signing request for the vmd...done.
Signing certificate...done.
The following is the fingerprint of the EC CA certificate. Please verify that it matches the fingerprint shown on the Dashboard page of the Management Console.
If they do not match, it can indicate an unsuccessful setup or an attack.
B0:93:C7:67:07:C9:CB:09:E2:21:F1:5C:8A:C8:79:8F:03:86:21:F2
Do the fingerprints match? (Y/N) [N]: Y
Successfully registered the CipherTrust Encryption Expert File System Agent with the primary CipherTrust Data Security Server on security.manager.example.com.
Starting CTE Cloud Service
Installation success.
Enable COS on an Agent with no COS Service
To enable COS on a system that has CTE installed but no COS Service:
-
Uninstall CTE completely.
-
Reinstall CTE and select Yes when asked:
Do you want to configure this host for Cloud Object Storage? (Y/N) [N]: Y
Uninstall COS from an Agent
Currently, the only method for uninstalling COS is as follows:
-
Uninstall CTE completely.
-
Delete the host/client from CM.
-
Re-register the host/client.
-
Reinstall CTE and select NO when asked:
Do you want to configure this host for Cloud Object Storage? (Y/N) [N]: N