Silent Installation for CTE or CTE-U on Linux
This section describes how to perform a silent (unattended) installation on CTE or CTE-U on a single host. The silent installation automates the installation process by storing the answers to installation and registration questions in a separate file that you create. It installs CTE/CTE-U on the host, and registers the host with the CipherTrust Manager you specify in the silent installation file. You can also use the silent installation to install CTE/CTE-U, on multiple hosts simultaneously.
Prerequisites
The following prerequisites must be met for CTE/CTE-U to install and register to CipherTrust Manager properly:
-
CipherTrust Manager installed and configured. See CipherTrust Manager Documentation for more information.
-
CipherTrust Manager must contain a Client Profile. See Changing the Profile for more information.
-
CipherTrust Manager must contain a registration token. See Creating a Registration Token.
-
Optionally, the name of the host group you want this client to be a part of.
Procedure
-
Log on as an administrator to the host where you will install CTE/CTE-U.
-
Create a parameter file and store it on your system, or copy an existing file from another location. The file can contain any of the following parameters:
Parameter | Description |
---|---|
AGENT_HOST_NAME | FQDN of the host on which the CTE Agent is being installed. If this value is not specified, the installer uses the host's IP address. |
AGENT_HOST_PORT | Specifies the port number for this CTE Agent to use. |
AGENT_USEIP | Use the IP address of the protected host instead of host name. Used when hostname is not supplied. |
CA_CERT | Set to provide CA certificate data to CipherTrust Manager. |
CA_FILE | Set to provide a CA certificate file to CipherTrust Manager. |
CERT_FIELD_PARAM | Installer option. Default behavior is to use hard-coded values for Root Certificate fields. Uses the same voradmin cos ca_cert create <Certificate Parameters> |
ENABLE_CLOUD | Set to enable cloud in the Key Manager. |
ENABLE_HOST_CHECKS | When using CipherTrust Data Security Platform Services (CDSPaaS), set this value to 1 to enable SSL certificate host name checks. Set to 0 to disable. Default: 0 . This also forces CTE to enable the verify peer feature during registration. Use only when the CDSPaaS web server certificates contain the target DNS name or IP address. |
ENABLE_LDT | Set this value to 1 to automatically enable and register CTE-LDT (Live Data Transformation) for this host on your key manager during the silent install. |
HOST_DESC | Specifies a description for the host. This description is displayed in the CipherTrust Manager. If an entry for this host already exists, and the host already has a description, CipherTrust Manager |
HOST_GROUP | Specifies the optional host/client group with which this host/client will be associated. |
HOST_PROFILE | Specifies the client profile in the CipherTrust Manager that will be associated with this client. If this value is omitted, the CipherTrust Manager uses the default client profile. |
LDTGROUP_NAME | Set the LDT Communication Group for LDT over NFS/CIFS. |
REG_TOKEN | The registration token for the CipherTrust Manager with which you plan to register this client. Required for registration. |
SERVER_HOSTNAME | Required if you want to register CTE with a CipherTrust Manager. |
SERVER_IP | Alternative for hostname when registering. |
TMPDIR | Specifies a custom temporary directory that the installer can use during the installation process. If this value is omitted, the installer uses the default temporary directory. |
USEHWSIG | Set this value to 1 when you want to associate this installation with the machine hardware for cloning prevention. |
Example 1: Registering with CipherTrust Manager
The following example contains just the required information for registration with CipherTrust Manager. In this case, the client will be registered with the CipherTrust Manager using its IP address instead of its host name:
SERVER_HOSTNAME=Key-Mgmt-Server.example.com
REG_TOKEN=12345
AGENT_HOST_NAME=10.192.80.86
Example 2: Registering with CipherTrust Manager
The following example specifies the required registration information, adds a host name and description, enables hardware association, and CTE-LDT. In this case, the client will be registered with the CipherTrust Manager using its host name instead of the IP address:
SERVER_HOSTNAME=Key-Mgmt-Server.example.com
REG_TOKEN=12345
AGENT_HOST_NAME=myagent.example.com
HOST_DESC="West Coast Server 12"
USEHWSIG=1
CERT_FIELD_PARAM="/C=US/ST=California/L=San Jose/O=Thales eSecurity/OU=Vormetrics/CN=localhost/emailAddress=admin@thalegroup.com"
SUBJECT_ALT_NAME_PARAM="DNS:www.thalesgroup.com,email:admin@thalesgroup.com"
-
Copy or mount the installation file to the host system. The installation file is in the format:
vee-fs-<release>-<build>-<system>.bin
cte-fuse_<version>.<build>_<processor>.rpm
-
Run the installer using the following syntax:
./vee-fs-<release>-<build>-<system>.bin [-d <custom-dir>] -s <install-file>
where:
-
-d <custom-dir>
is an optional parameter that specifies the installation directory for CTE. If you omit this parameter, CTE is installed in:/opt/vormetric/DataSecurityExpert/agent/
-
-s <install-file>
indicates that you want to install CTE silently using the installation options file<install-file>
For example, if the installation options file is called
/tmp/unattended.txt
, you would enter:./vee-fs-7.3.0-135-rh8-x86_64.bin -s /tmp/unattended.txt
rpm -i cte-fuse_<version>.<build>_<processor>.rpm
-
Invoke Registration for CTE-U:
/opt/vormetric/DataSecurityExpert/agent/vmd/bin/register_host silent <silent_reg_file>
Note
You can also invoke registration by replacing 'register_host' with the following two options:
REG_HOST_CLEAN
: Register and remove certificates used for communicationREG_HOST_SILENT_<fileName>
: Use silent/non-interactive mode; get name=value input from
-
-
Verify the installation by checking the CTE/CTE-U processes on the host:
-
Run
vmd -v
to check that the version of CTE/CTE-U matches that just installed. -
Run
vmsec status
to display CTE kernel status. (CTE only) -
Look at the log files in
/var/log/vormetric
, especiallyinstall.fs.log.<date>
andvorvmd_root.log
.
-
-
In CipherTrust Manager, change the client password using the manual password creation method. This password allows users to access encrypted data if the client is ever disconnected from the CipherTrust Manager. For details on changing the password, see the CipherTrust Manager documentation.