Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Silent Installation on Windows

Silent Installation Using the exe File

search

Please Note:

Silent Installation Using the exe File

The following sections discuss how to install CTE for Windows silently and then register the CTE Agent with a CipherTrust Manager using the exe file. To install silently using the MSI file or using the Microsoft System Center Configuration Manager (SCCM), see Silent Installation Using the MSI File.

Prerequisites

The following prerequisites must be met for CTE to install and register to CipherTrust Manager properly:

  • CipherTrust Manager installed and configured.

  • CipherTrust Manager must contain a Client Profile. See Changing the Profile for more information.

  • CipherTrust Manager must contain a registration token. See Creating a Registration Token.

  • Optionally, the name of the host group that you want this client to be a member.

  • CipherTrust Manager must contain an LDT Communication Group if you will use CTE to guard data over CIFS/NFS shares using LDT policies. See Managing LDT Communication Groupsfor more information.

Procedure

  1. Log on to the host as a Windows user with System Administrator privileges.

  2. Copy the CTE installation exe file onto the Windows system.

  3. Run the installation file using the following syntax:

    msiexec.exe /l* c:\temp\cte-install.log /i <Installation_executable> /s /v /qn REGISTERHOSTOPTS="\Options\"

    where:

    • /s (required) specifies that this is a silent install.

    • /v (required) specifies that you want to pass command line options and values of public properties through to the installer.

    • ENABLE_LDT_CIFS=Yes is an optional parameter that indicates you plan to use CTE-LDT with CIFS share GuardPoints on this host with a CipherTrust Manager. If you specify this option, you will not be able to guard any local directories on this host, even if those directories use a Standard CTE policy. Only CTE-LDT GuardPoints on CIFS shares will be supported for this host.

    • /qn (required) specifies that the install should be non-interactive and that no GUI should be displayed.

    • INSTALLDIR=\"install-dir\" is an optional parameter specifying the installation directory you want to use. If you omit this parameter, CTE installs in the directory C:\Program Files\Vormetric\DataSecurityExpert\agent\

    Note

    Thales recommends that you install CTE in the default directory if at all possible.

    • REGISTERHOSTOPTS=\"Options\" (required if you want to register CTE) is a list of options that you want the installer to use. The common options are:

      CipherTrust Manager host name

      Required if you want to register CTE with a CipherTrust Manager.

      -agent=your.agent.name.com

      FQDN of the host on which the CTE Agent is being installed. If this value is not specified, the installer uses the host's IP address.

      -description

      Specifies a description for the host. This description is displayed in the CipherTrust Manager. If an entry for this host already exists, and the host already has a description, CipherTrust Manager does not overwrite the existing description, even if this option is specified.

      -enableldt

      Specify this option to automatically enable and register CTE-LDT (Live Data Transformation) for this host on your key manager during the silent install.

      -accessonly

      Enables access-only mode for LDT. (Default is full access mode.) In access-only mode, nodes are not be allowed to become part of an LDT Communication Group or participate in data transformation, but they will continue to access a protected LDT CIFS GuardPoint.

      -hostgroup

      Specifies the optional host/client group with which this host/client will be associated.

      -log

      Record installation steps in a log file.

      -port=port

      Specifies the port number this CTE Agent should use.

      -profile

      Specifies the client profile in the CipherTrust Manager that will be associated with this client. If this value is omitted, the CipherTrust Manager uses the default client profile.

      -silent

      Make this a silent installation.

      -token

      The registration token for the CipherTrust Manager with which you plan to register this client. Required for registration.

      -usehwsig

      Specify this option when you want to associate this installation with the machine hardware for cloning prevention.

      -useip

      Use the IP address of the protected host instead of host name. Used when -agent is not supplied.

      -vmd

      Defines what kind of agent is being installed.

    Note

    If you want to enter an option with spaces in any value, it must be surrounded by two double-quotes with an escape character () before each double-quote. If the syntax is incorrect, the installation will fail.

Example: Custom Install Directory and Host Description with Spaces

The following example specifies that:

  • The CTE Agent will be installed in the custom directory C:\cte\custom dir.

  • The CipherTrust Manager host name is my-key-mgr.example.com.

  • The CipherTrust Manager registration token is 12345 ( -token parameter).

  • The host will be registered using the host name my-host.example.com ( -agent parameter).

  • The host will be registered with the description This host was silently installed ( -description parameter). Again, the spaces in the description require the same syntax as in the installation directory name. For example: -description=\"\"This host was silently installed\"\"

    Note

    The examples below are shown on several lines for readability. When you enter the command, all parameters should be on the same line.

    msiexec.exe /l* /i vee-fs-7.3.0-135-win64.exe /s /v" /qn 
INSTALLDIR=\"\"C:\cte\custom dir\"\" registerhostopts=\"my-key-mgr.example.com  agent=my-host.example.com  token=12345  
description=\"\"This host was silently installed\"\"""

Example: LDT, LDT AccessOnly and Hardware Acceleration

The following example specifies that:

  • The CTE Agent will be installed in the default installation directory (the INSTALLDIR parameter is omitted).

  • The CipherTrust Manager host name is my-key-mgr.example.com.

  • The host will be registered using its IP address and not its host name ( -useip parameter`.

  • The CTE-LDT (-enableldt parameter), LDT AccessOnly (-accessonly), and hardware association (-usehwsig parameter) features are enabled.

    vee-fs-7.3.0-135-win64.exe /s /v" /qn 
registerhostopts=\"my-key-mgr.example.com  token=12345 -useip -enableldt -accessonly -usehwsig\""

Example: LDT over CIFS/NFS

The following example specifies that:

  • The CTE Agent will be installed in the default installation directory (the INSTALLDIR parameter is omitted).

  • The CipherTrust Manager host name is my-key-mgr.example.com.

  • The host will be registered using its IP address and not its host name ( -useip parameter).

  • The CTE-LDT ( -enableldt parameter) and LDT Group ( -ldtgroup parameter) features are enabled.

     vee-fs-7.3.0-135-win64.exe /s /v" /qn 
        registerhostopts=\"my-key-mgr.example.com  token=12345 -useip -enableldt -ldtgroup=\"\"LDT-CG1\"\"

On this page