Installation Prerequisites
This section lists the installation requirements and options you should consider before installing CTE.
Installation Method Options
Requirements
There are two methods for installing CTE:
-
Interactive installation: This is the most common and recommended type of installation. Use this for installing CTE on one host at a time using a standard InstallShield installation and registration wizard. See Interactive Installation on Windows.
-
Silent installation: Create pre-packaged installations by providing information and answers to the installation questions. Use silent installations when installing on a large number of hosts. See Silent Installation on Windows.
Network Setup Requirements
-
The IP addresses, routing configurations, and DNS addresses must allow connectivity of the Windows system on which you plan to install CTE to the CipherTrust Manager. After the Windows system is registered as a client with the CipherTrust Manager, the client must be able to poll the CipherTrust Manager in case there are any changes to the encryption keys, policies, or GuardPoints.
-
It must also allow for connectivity of the CipherTrust Manager to all clients where you install CTE as well as communication between different CTE clients that plan to enable LDT over NFS/CIFS.
-
If the system is a virtual machine, the VM must be deployed and running.
Port Configuration Requirements
The following port information applies to both Windows and Linux systems.
Communication through a Firewall
If a protected client must communicate with CipherTrust Manager through a firewall, see the CipherTrust Manager documentation to determine which of the ports must be opened through the firewall.
Communication with CipherTrust Manager
The default port for http communication between CipherTrust Manager and the CTE Agent is 443. If this port is already in use, you can set the port to a different number during the CTE Agent installation.
Communication for LDT over CIFS/NFS
All nodes that intend to use LDT over CIFS/NFS GuardPoint must have the following ports open:
-
7024
-
7025
Note
When you are registering a CipherTrust Transparent Encryption client with CipherTrust Manager, you can manually include a destination port number, (Default: 443). If you enter a port value, using the syntax <hostname or IP address>:<port number> then CipherTrust Transparent Encryption does not perform a port scan. CipherTrust Transparent Encryption uses the port number provided to verify the target server type using a TLS operation.
If you do not enter a port number, CipherTrust Transparent Encryption performs a port scan to check which ports are listening, including port 443.
Hardware Association Feature
CTE’s hardware association feature associates the installation of CTE with the machine’s hardware. When enabled, hardware association prohibits cloned or copied versions of CTE from contacting the key manager and acquiring cryptographic keys. Hardware association works on both virtual machines and hardware clients.
You can enable hardware association during CTE registration process. You can disable hardware association by re-running the registration program.
To verify if hardware association (cloning prevention) is enabled on the protected client, access the Windows command line and run the vmsec.exe hwok command. The default location of vmsec.exe is C:\Program Files\Vormetric\DataSecurityExpert\agent\vmd\bin.
To change the status from enable to disable or vice versa:
-
Open the system tray and right-click on the CipherTrust Lock icon.
-
Select Register Host.
-
Follow the prompts to re-register CTE with the CipherTrust Manager.
-
Select Enable hardware association in the wizard.
