Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Configuring CTE for Linux with CipherTrust Manager

Installation Prerequisites

search

Please Note:

Installation Prerequisites

This section lists the tasks you must complete, and the information you must obtain, before installing CTE.

Recommendations and Considerations

  • The host on which you want to install CTE must support AES-NI hardware encryption. If it does not, any attempt to install or upgrade CTE to release 7.0.0 or later will fail.

  • Thales recommends that you install CTE in the default location.

  • Make the Installation root directory /opt a real directory. If /opt is a symlink, you must use the -d option to specify the installation directory, which must be a real directory.

    For example:

    ./vee-fs-7.2.0-128-rh8-x86_64.bin -d /home/hello/

  • Ensure read/write permission is granted to other users accessing your shared resource.

Network Setup Requirements

Recommendations and Considerations

  • The host on which you want to install CTE must support AES-NI hardware encryption. If it does not, any attempt to install or upgrade CTE to release 7.0.0, or any subsequent version, will fail.

  • Thales recommends that you install CTE in the default location.

  • Do not install CTE on network-mounted volumes such as NFS.

  • Make the Installation root directory /opt a real directory. If /opt is a symlink, you must use the -d option to specify the installation directory, which must be a real directory.

    For example:

    ./vee-fs-7.2.0-128-rh8-x86_64.bin -d /home/hello/

Port Configuration Requirements

The following port information applies to both Windows and Linux systems.

Communication through a Firewall

If a protected client must communicate with CipherTrust Manager through a firewall, see the CipherTrust Manager documentation to determine which of the ports must be opened through the firewall.

Communication with CipherTrust Manager

The default port for http communication between CipherTrust Manager and the CTE Agent is 443. If this port is already in use, you can set the port to a different number during the CTE Agent installation.

Communication for LDT over CIFS/NFS

All nodes that intend to use LDT over CIFS/NFS GuardPoint must have the following ports open:

  • 7024

  • 7025

Note

When you are registering a CipherTrust Transparent Encryption client with CipherTrust Manager, you can manually include a destination port number, (Default: 443). If you enter a port value, using the syntax <hostname or IP address>:<port number> then CipherTrust Transparent Encryption does not perform a port scan. CipherTrust Transparent Encryption uses the port number provided to verify the target server type using a TLS operation.

If you do not enter a port number, CipherTrust Transparent Encryption performs a port scan to check which ports are listening, including port 443.

On this page