Interactive Installation on AIX

The AIX typical install is an interactive script that asks you a series of questions during the installation. You can also install CTE using a silent installer which pre-packages the install information. This allows you to install CTE on a large number of hosts. (For more information, see Silent Installation on AIX).

After you install CTE, you are prompted to register it immediately with a key manager. CTE must be registered with a key manager before you can protect any of the devices on the host. However, you may postpone the registration if you plan to register CTE later.

Before You Begin

The following prerequisites must be met for CTE/CTE-U to install and register to CipherTrust Manager properly:

• CipherTrust Manager installed and configured. See CipherTrust Manager Documentation for more information.

• CipherTrust Manager must contain a Client Profile. See Changing the Profile for more information.

• CipherTrust Manager must contain a registration token. See Creating a Registration Token.

• Optionally, the name of the host group you want this client to be a part of.

Procedure

1. Log on to the host where you will install the CTE Agent as root. You cannot install the CTE Agent without root access.

2. Copy or mount the installation file to the host system. If necessary, make the file executable with the chmod command.

3. Install the CTE Agent. A typical installation uses the following syntax:

    ./vee-fs-<release>-<build>-<system>.bin
   

   For example:

    ./vee-fs-7.2.0-56-aix71.bin
   

   To install the CTE Agent in a custom directory, use the -d <custom-dir> option. For example:

    ./vee-fs-7.2.0-56-aix71.bin -d /home/my-cte-dir/
   

   Note

   If possible, Thales recommends that you use the default directory /opt/vormetric.

   To view all installer options, use the -h parameter. For example:

    ./vee-fs-7.2.0-56-aix71.bin -h
   

4. The Thales License Agreement displays. When prompted, type Y and press Enter to accept.

   The install script installs the CTE Agent software in either /opt/vormetric or your custom installation directory and then prompts you about registering the CTE Agent with a key manager.

   Welcome to the CipherTrust Transparent Encryption File System Agent Registration Program.

    Agent Type: CipherTrust Transparent Encryption File System Agent
    Agent Version: <Release.build-number>
   
    In order to register with a CipherTrust Manager you need a valid registration token from the CM.
   
    Do you want to continue with agent registration? (Y/N) [Y]:
   

5. Enter Y to continue with the registration process. The install script prompts you to enter the host name or IP address of the CipherTrust Manager with which you want to register CTE.

   The default communication port is 443. If you want to specify a different communication port, enter it with the primary key manager host name in the format: <hostName>:<port#>

   For example:

   Do you want to continue with agent registration? (Y/N) [Y]: Y
   
   Please enter the primary key manager host name: 10.3.200.141:8445
   
   You entered the host name 10.3.200.141
   Is this host name correct? (Y/N) [Y]: Y
   

6. Enter the client host name when prompted.

   Please enter the host name of this machine, or select from the following list.
   
   [1] sys31186.qa.com
   [2] 10.3.31.186
   
   Enter a number, or type a different host name or IP address in manually:
   What is the name of this machine? [1]: 2
   You selected "10.3.31.186".
   

7. Enter the CipherTrust Manager registration token, profile name, host group and host description. If you omit the profile name, CipherTrust Manager associates the default client profile with this client.

   Please enter the registration token: 12345
   Please enter the profile name for this host: My-Profile
   Please enter the host group name for this host, if any:
   Please enter a description for this host: West Coast Datacenter server 5
   
   Token            : 12345
   Profile name     : My-Profile
   Host Group       : (none)
   Host description : West Coast Datacenter server 5
   Are the above values correct?  (Y/N) [Y]: Y
   

8. At the hardware association prompt, select whether you want to enable the hardware association feature to prevent cloned machines from accessing the key manager (for details, see Hardware Association (Cloning Prevention) Option). The default is Y (enabled):

   It is possible to associate this installation with the hardware of this machine. If selected, the agent will not contact the key manager or use any cryptographic keys if any of this machine's hardware is changed. This can be rectified by running this registration program again. Do you want to enable this functionality? (Y/N) [Y]: Y

   Warning

   The registration token, profile name, client group name are case-sensitive. If any of these are entered incorrectly, the client registration will not succeed. If the registration fails, click Back in the installer and verify that the case is correct for all entries on this page.

9. CTE finishes the installation and registration process.

   Generating key pair for the kernel component...done.
   Extracting SECFS key
   Generating EC certificate signing request for the vmd...done.
   Signing certificate...done.
   Enrolling agent with service on 10.3.200.141...done.
   Successfully registered the CipherTrust Transparent Encryption File System Agent with the
   CipherTrust Manager on 10.3.200.141.
   
   Installation success.
   

10. If you are using CipherTrust Manager version 2.2 or later, you can now use CipherTrust Manager to administer CTE on the client.

    If you are using CipherTrust Manager version 2.1 or earlier, change the client password using the manual password creation method. This password allows users to access encrypted data if the client is ever disconnected from the CipherTrust Manager. For details on changing the password, see the CipherTrust Manager documentation.