Silent Installation Using the MSI File
The following sections discuss how to install CTE for Windows silently and then register the CTE Agent with a CipherTrust Manager using the MSI file. To install silently using the exe file, see Silent Installation Using the exe File.
Prerequisites
The following prerequisites must be met for CTE to install and register to CipherTrust Manager properly:
-
CipherTrust Manager installed and configured.
-
CipherTrust Manager must contain a Client Profile. See Changing the Profile for more information.
-
CipherTrust Manager must contain a registration token. See Creating a Registration Token.
-
Optionally, the name of the host group you want this client to be a part of.
-
CipherTrust Manager must contain an LDT Communication Group if you will use CTE to guard data over CIFS/NFS shares using LDT policies. See Managing LDT Communication Groupsfor more information.
Procedure
-
Log on to the host as a Windows user with System Administrator privileges.
-
Copy the CTE installation
exe
file onto the Windows system. -
Run the installation file using the following syntax:
msiexec.exe /i <Installation_executable> /qn INSTALLDIR=\"install-dir\" REGISTERHOSTOPTS="REGISTERHOSTOPTS_Options"
where:
-
/i
(required) enables CTE installation. -
ENABLE_LDT_CIFS=Yes
is an optional parameter that indicates you plan to use CTE-LDT with CIFS share GuardPoints on this host with a CipherTrust Manager. If you specify this option, you will not be able to guard any local directories on this host, even if those directories use a Standard CTE policy. Only CTE-LDT GuardPoints on CIFS shares will be supported for this host. -
/qn
(required) specifies that the install should be non-interactive and that no GUI should be displayed. -
INSTALLDIR=\"install-dir\"
is an optional parameter specifying the installation directory you want to use. If you omit this parameter, CTE installs in the directoryC:\Program Files\Vormetric\DataSecurityExpert\agent\
Note
Thales recommends that you install CTE in the default directory if at all possible.
-
REGISTERHOSTOPTS=\"Options\"
(required if you want to register CTE) is a list of options that you want the installer to use. The common options are:CipherTrust Manager host name
Required if you want to register CTE with a CipherTrust Manager.
-agent=your.agent.name.com
FQDN of the host on which the CTE Agent is being installed. If this value is not specified, the installer uses the host's IP address.
-description
Specifies a description for the host. This description is displayed in the CipherTrust Manager. If an entry for this host already exists, and the host already has a description, CipherTrust Manager does not overwrite the existing description, even if this option is specified.
-enableldt
Specify this option to automatically enable and register CTE-LDT (Live Data Transformation) for this host on your key manager during the silent install.
-accessonly
Enables access-only mode for LDT. (Default is full access mode.) In access-only mode, nodes are not be allowed to become part of an LDT Communication Group or participate in data transformation, but they will continue to access a protected LDT CIFS GuardPoint.
**--enable_host_check | -disable_host_check
When using CipherTrust Data Security Platform Services (CDSPaaS), set this value to 1 to enable SSL certificate host name checks. Set to 0 to disable. Default: 0. This also forces CTE to enable the verify peer feature during registration. Use only when the CDSPaaS web server certificates contain the target DNS name or IP address.
-hostgroup
Specifies the optional host/client group with which this host/client will be associated.
-log
Record installation steps in a log file.
-port=port
Specifies the port number this CTE Agent should use.
-profile
Specifies the client profile in the CipherTrust Manager that will be associated with this client. If this value is omitted, the CipherTrust Manager uses the default client profile.
-silent
Make this a silent installation.
-token
The registration token for the CipherTrust Manager with which you plan to register this client. Required for registration.
-usehwsig
Specify this option when you want to associate this installation with the machine hardware for cloning prevention.
-useip
Use the IP address of the protected host instead of host name. Used when
-agent
is not supplied.-vmd
Defines what kind of agent is being installed.
-
Example: Custom Install Directory and Host Description with Spaces
The following example specifies that:
-
The CTE Agent will be installed in the custom directory
C:\cte\custom dir
. The spaces in the installation directory name require it to be in double-quotes. For example:INSTALLDIR="C:\cte\custom dir
". -
The CipherTrust Manager host name is
my-key-mgr.example.com
. -
The CipherTrust Manager registration token is
12345
(-token
parameter). -
The host will be registered using the host name
my-host.example.com
(-agent
parameter). -
The host will be registered with the description
This host was silently installed
(-description
parameter). Because description is inside a double-quoted string, you must escape the double-quotes-description=\"This host was silently installed\"
Note
The examples below are shown on several lines for readability. When you enter the command, all parameters should be on the same line.
msiexec.exe /i vee-fs-7.6.0-87-win64.msi /qn
INSTALLDIR="C:\cte\custom dir" registerhostopts="my-key-mgr.example.com
-agent=my-host.example.com -token=12345 -description=Description_without_spaces_and_no_double_quotes"
To pass arguments successfully, you must use a hyphen and the equal sign.
Warning
Once the above command is executed, the server reboots automatically. To avoid automatic reboot (i.e. restarting manually), use the msiexec /norestart
parameter. An example below:
msiexec.exe /i vee-fs-7.3.0-135-win64.exe /qn /norestart INSTALLDIR="C:\cte\custom dir" registerhostopts="my-key-mgr.example.com -agent=my-host.example.com -token=12345 -description=Description_without_spaces_no_double_quotes"
Example: CTE-LDT, LDT AccessOnly and Hardware Acceleration
The following example specifies that:
-
The CTE Agent will be installed in the default installation directory (the INSTALLDIR parameter is omitted).
-
The CipherTrust Manager host name is
my-key-mgr.example.com
. -
The host will be registered using its IP address and not its host name (
-useip
parameter). -
The CTE-LDT (
-enableldt
parameter), LDT AccessOnly (-accessonly
), and hardware association (-usehwsig
parameter) features are enabled.msiexec.exe /i vee-fs-7.6.0-87-win64.msi /qn registerhostopts="my-key-mgr.example.com -token=12345 -useip -enableldt -accessonly -usehwsig"