Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CTE Agent Linux and Windows Quick Start Guide

Installation Prerequisites

search

Please Note:

Installation Prerequisites

The following prerequisites must be met for CTE to install and register to CipherTrust Manager properly:

Minimum Hardware Requirements for CTE

The following requirements are the minimum for CTE. When you add LDT, or third-party applications, you need to add more storage and RAM. Refer to the LDT guide for LDT requirements and the third-party software for their requirements.

Component CPU CPU Cores RAM Storage (Free Space)
CTE-Windows Intel/AMD x64 with AES-NI support 4 cores 8 GB 1GB
CTE-Linux Intel/AMD x64 with AES-NI support 4 cores 8 GB 1GB
CTE-AIX IBM PowerPC8 or higher 4 cores 8 GB 1GB

Port Configuration Requirements

The following port information applies to both Windows and Linux systems.

Communication through a Firewall

If a protected client must communicate with CipherTrust Manager through a firewall, see the CipherTrust Manager documentation to determine which of the ports must be opened through the firewall.

Communication with CipherTrust Manager

The default port for http communication between CipherTrust Manager and the CTE Agent is 443. If this port is already in use, you can set the port to a different number during the CTE Agent installation.

Communication for LDT over CIFS/NFS

All nodes that intend to use LDT over CIFS/NFS GuardPoint must have the following ports open:

  • 7024

  • 7025

Note

When you are registering a CipherTrust Transparent Encryption client with CipherTrust Manager, you can manually include a destination port number, (Default: 443). If you enter a port value, using the syntax <hostname or IP address>:<port number> then CipherTrust Transparent Encryption does not perform a port scan. CipherTrust Transparent Encryption uses the port number provided to verify the target server type using a TLS operation.

If you do not enter a port number, CipherTrust Transparent Encryption performs a port scan to check which ports are listening, including port 443.

Recommendations and Considerations

  • The host on which you want to install CTE must support AES-NI hardware encryption. If it does not, any attempt to install or upgrade CTE to release 7.0.0, or any subsequent version, will fail.

  • Thales recommends that you install CTE in the default location.

  • Do not install CTE on network-mounted volumes such as NFS.

  • Make the Installation root directory /opt a real directory. If /opt is a symlink, you must use the -d option to specify the installation directory, which must be a real directory.

    For example:

    ./vee-fs-7.7.0-87-rh8-x86_64.bin -d /home/hello/

Network Setup Requirements

  • The IP addresses, routing configurations, and DNS addresses must allow connectivity of the CipherTrust Manager to all clients where you install CTE.

  • If the host is a virtual machine, the VM must be deployed and running.

Recommendations and Considerations

  • The host on which you want to install CTE must support AES-NI hardware encryption. If it does not, any attempt to install or upgrade CTE to release 7.0.0, or any subsequent version, will fail.

  • The IP addresses, routing configurations, and DNS addresses must allow connectivity of the Windows system on which you plan to install CTE to the CipherTrust Manager. After the Windows system is registered as a client with the CipherTrust Manager, the client must be able to poll the CipherTrust Manager in case there are any changes to the encryption keys, policies, or GuardPoints.

  • CipherTrust Transparent Encryption must also allow for connectivity of the CipherTrust Manager to all of the clients where you install CTE, as well as communication between different CTE clients that plan to enable LDT over NFS/CIFS.

  • If the system is a virtual machine, the VM must be deployed and running.

On this page