Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

CTE Agent Linux and Windows Quick Start Guide

Installation Prerequisites

search

Please Note:

printsuggest an editpdf paneldownload

Installation Prerequisites

The following prerequisites must be met for CTE to install and register to CipherTrust Manager properly:

copy link to clipboardMinimum Hardware Requirements for CTE

The following requirements are the minimum for CTE. When you add LDT, or third-party applications, you need to add more storage and RAM. Refer to the LDT guide for LDT requirements and the third-party software for their requirements.

Component CPU CPU Cores RAM Storage (Free Space)
CTE-Windows Intel/AMD x64 with AES-NI support 4 cores 8 GB 1GB
CTE-Linux Intel/AMD x64 with AES-NI support 4 cores 8 GB 1GB
CTE-AIX IBM PowerPC8 or higher 4 cores 8 GB 1GB

copy link to clipboardPort Configuration Requirements

The following port information applies to both Windows and Linux systems.

copy link to clipboardCommunication through a Firewall

If a protected client must communicate with CipherTrust Manager through a firewall, see the CipherTrust Manager documentation to determine which of the ports must be opened through the firewall.

copy link to clipboardCommunication with CipherTrust Manager

The default port for http communication between CipherTrust Manager and the CTE Agent is 443. If this port is already in use, you can set the port to a different number during the CTE Agent installation.

copy link to clipboardCommunication for LDT over CIFS/NFS

All nodes that intend to use LDT over CIFS/NFS GuardPoint must have the following ports open:

  • 7024

  • 7025

Note

When you are registering a CipherTrust Transparent Encryption client with CipherTrust Manager, you can manually include a destination port number, (Default: 443). If you enter a port value, using the syntax <hostname or IP address>:<port number> then CipherTrust Transparent Encryption does not perform a port scan. CipherTrust Transparent Encryption uses the port number provided to verify the target server type using a TLS operation.

If you do not enter a port number, CipherTrust Transparent Encryption performs a port scan to check which ports are listening, including port 443.

copy link to clipboardRecommendations and Considerations

  • The host on which you want to install CTE must support AES-NI hardware encryption. If it does not, any attempt to install or upgrade CTE to release 7.0.0, or any subsequent version, will fail.

  • Thales recommends that you install CTE in the default location.

  • Do not install CTE on network-mounted volumes such as NFS.

  • Make the Installation root directory /opt a real directory. If /opt is a symlink, you must use the -d option to specify the installation directory, which must be a real directory.

    For example:

    ./vee-fs-7.7.0-87-rh8-x86_64.bin -d /home/hello/

copy link to clipboardNetwork Setup Requirements

  • The IP addresses, routing configurations, and DNS addresses must allow connectivity of the CipherTrust Manager to all clients where you install CTE.

  • If the host is a virtual machine, the VM must be deployed and running.

copy link to clipboardRecommendations and Considerations

  • The host on which you want to install CTE must support AES-NI hardware encryption. If it does not, any attempt to install or upgrade CTE to release 7.0.0, or any subsequent version, will fail.

  • The IP addresses, routing configurations, and DNS addresses must allow connectivity of the Windows system on which you plan to install CTE to the CipherTrust Manager. After the Windows system is registered as a client with the CipherTrust Manager, the client must be able to poll the CipherTrust Manager in case there are any changes to the encryption keys, policies, or GuardPoints.

  • CipherTrust Transparent Encryption must also allow for connectivity of the CipherTrust Manager to all of the clients where you install CTE, as well as communication between different CTE clients that plan to enable LDT over NFS/CIFS.

  • If the system is a virtual machine, the VM must be deployed and running.

On this page