Installing and Registering the CTE Agent Software on Windows
The following prerequisites must be met for CTE to install and register to CipherTrust Manager properly:
Prerequisites
The following prerequisites must be met for CTE to install and register to CipherTrust Manager properly:
-
CipherTrust Manager installed and configured. See CipherTrust Manager Documentationfor more information.
-
CipherTrust Manager must contain a Client Profile. See Changing the Profile for more information.
-
CipherTrust Manager must contain a registration token. See Creating a Registration Token.
-
Optionally, the name of the host group you want this client to be a part of.
-
CipherTrust Manager must contain an LDT Communication Group if you will use CTE to guard data over CIFS/NFS shares using LDT policies. See Managing LDT Communication Groupsfor more information.
Installation
-
Log on to the host as a Windows user with System Administrator privileges.
-
Copy the CTE installation file onto the Windows system.
-
Double-click the installation file. The InstallShield Wizard for CipherTrust Transparent Encryption opens.
-
Verify the version of CTE you are installing and click Next.
-
On the License Agreement page, accept the License Agreement and click Next.
-
On the Destination Folder page, click Next to accept the default folder or click Change to select a different folder. When you are done, click Next.
Note
-
Thales recommends that you install CTE in the default installation directory,
C:\Program Files\Vormetric\DataSecurityExpert\agent\
-
You must install the CTE Agent on the same drive as Windows. For example, if Windows is installed on the
C:
drive, you must install the CTE Agent on theC:
drive.
-
-
On the Ready to Install page, click Install. When the installation is finished, the Install Shield Wizard Completed window opens.
Registration
The following procedure describes how to register the CTE Agent after installation is complete.
Use the register_host
utility to create certificate requests, exchange certificates between the CipherTrust Manager and the host, to enable ransomware detection, and to register CTE on the CipherTrust Manager. After the host is registered, if you selected to enable file system encryption, you can configure CTE, apply GuardPoints, or perform database backups. If you selected ransomware protection, you can apply the protection to volumes. Run the register_host
utility in text mode on a terminal window.
Caution
The default host registration timeout is 10 minutes. If the host is unable to reach the CipherTrust Manager within the allotted period because of an extremely slow network connection, set the REGISTER_HOST_TIMEOUT
environment variable to extend the registration timeout. The variable value is an integer expressed in seconds. You might also have to extend the default TCP timeout.
-
Log on to the host as a Windows user with administrative privileges.
-
Launch the CTE Registration Wizard using one of the following methods:
-
In the system tray, right click the CipherTrust Lock icon and select Register Host.
-
Run
...\register_host.exe -vmd -silent
.
-
-
Reboot the system. CTE automatically displays the registration wizard if CTE is not already registered.
-
In the Register Host dialog box, verify the host's machine name and click Next.
-
On the Gathering agent information page, select one or both of the following options and click Next.
-
File System: Allows you to protect and encrypt CTE files with policies
-
Ransomware Protection: Protects volumes from ransomware
-
-
On the Gathering Key Manager information page, enter the FQDN or IP address of the primary CipherTrust Manager.
The default communication port is 443. If you want to specify a different communication port, enter it with the primary key manager host name in the format:
: . For example:10.3.200.141:8445When you are done, click Next. CTE communicates with the selected CipherTrust Manager to validate what features have been licensed and are available to the CTE Agent.
-
On the Gathering host information page:
-
Specify the host name or IP address of the client. You can select the host name from the drop-down list or type it in the field.
-
To prevent cloning, select Enable Hardware Association. For details, see Hardware Association Feature.
-
If you want to have CipherTrust Transparent Encryption - Live Data Transformation available on the client, select Enable LDT Feature. For details on CTE-LDT, see CTE-Live Data Transformation with CipherTrust Manager.
-
If you want the node to be an LDT AccessOnly node, select Enable LDT AccessOnly Feature.
-
Specify the host name or IP address of the client. You can select the host name from the drop-down list or type it in the field.
-
To prevent cloning, select Enable Hardware Association. For details, see Hardware Association Feature.
When you are done, click Next.
-
-
On the Gathering registration information page, enter the following:
-
Registration token: The registration token for the CipherTrust Manager with which you want to register this host.
-
Profile name: The name of the profile that you want to associate with this host. This name must match exactly the name of the profile in the CipherTrust Manager. If you do not specify a profile name, the CipherTrust Manager associates the default client profile with this client.
-
Host group (optional): The name of the client group to which the client will be added.
-
Host description (optional): A user-defined description of the client. This description will be displayed in the CipherTrust Manager.
-
LDT Communication Group: If you are planning on using LDT over CIFS/NFS on a CipherTrust Manager, enter the name of the LDT Communications Group that this node will join. See Adding Clients to an LDT Communication Group for more information.
-
Registration token: The registration token for the CipherTrust Manager with which you want to register this host.
-
Profile name: The name of the profile that you want to associate with this host. This name must match exactly the name of the profile in the CipherTrust Manager. If you do not specify a profile name, the CipherTrust Manager associates the default client profile with this client.
-
Host group (optional): The name of the client group to which the client will be added.
-
Host description (optional): A user-defined description of the client. This description will be displayed in the CipherTrust Manager.
Warning
The registration information is case-sensitive. If any of it is entered incorrectly, the client registration will not succeed. If the registration fails, click Back in the installer and verify that the case is correct for all entries on this page.
When you are done, click Register. CTE contacts the CipherTrust Manager and attempts to register the client with the specified options. The Register Host dialog box displays a message with the results of the registration request.
If the registration completed successfully, click Finish.
-
-
Restart the client to complete the installation process on the client.
-
After the host has rebooted, you can verify the installation by checking CTE processes:
-
In the system tray of the protected host, right-click the CipherTrust Lock icon.
-
Select Status. Review the information in the Status window to confirm that the correct CTE version is installed and registered.
-
If you are using CipherTrust Manager version 2.2 or later, you can now use CipherTrust Manager to administer CTE on the client.
If you are using CipherTrust Manager version 2.1 or earlier, change the client password using the manual password creation method. This password allows users to access encrypted data if the client is ever disconnected from the CipherTrust Manager. For details on changing the password, see the CipherTrust Manager documentation.
-
-