Installation and Registration

During the installation, you would be asked a series of questions. After the installation, you would be prompt to immediately register the CTE-U with a key manager. CTE-U must be registered with a key manager before you can protect any of the devices on the host.

Prerequisites

• CipherTrust Manager installed and configured. See CipherTrust Manager Documentation for more information.

• CipherTrust Manager must contain a Client Profile. See Changing the Profile for more information.

• CipherTrust Manager must contain a registration token. See Creating a Registration Token.

Procedure

1. Log on to the host where you will install the CTE UserSpace Agent as root. You cannot install the CTE-U Agent without root access.

2. Copy or mount the installation file to the host system.

3. Install CTE UserSpace:

   Default Directory

   rpm -ivh <cteu-version>.<build>.rpm (Red hat)

   Example

   rpm -ivh cte-fuse_10.1.0.52.rpm

   Non-Default

   rpm -ivh <cteu-version>.<build>.rpm --relocate <default path>=<non-default path>

   Example

   rpm -ivh cte-fuse_10.1.0.52.rpm --relocate /opt/vormetric/DataSecurityExpert/agent=/cteu/agent

   Ubuntu

   apt install <cteu-version>.<build>.deb (Ubuntu)

   Example

   apt install ./cte-fuse_10.1.0.52.deb (Ubuntu)

   Caution

   CTE-U does not support customer paths for Ubuntu installation. You must use the default path.

4. The install script installs the CTE-U Agent software, and any missing dependencies, in either /opt/vormetric or your custom installation directory, and then prompts you to register the CTE UserSpace Agent with a key manager by running /opt/vormetric/DataSecurityExpert/agent/vmd/bin/register_host.

   Welcome to the CipherTrust Transparent Encryption File System Agent Registration Program.
   
   Agent Type: CipherTrust Transparent Encryption File System Agent
   
   Agent Version: 10.0.0.54
   
   In order to register the CipherTrust Transparent Encryption File System Agent with a Key Manager
   
   1. you must know the host name of the machine running the DSM (the host name is displayed on the Dashboard window of the Management Console), and
   
   2. unless you intend to use the 'shared secret' registration method, the agent's host machine must be pre-configured on the DSM as a host with the 'Reg. Allowed' checkbox enabled for this agent type on the Hosts window of the Management Console.
   
   In order to register with a Key Manager you need a valid registration token from the CM.
   
   Do you want to continue with agent registration? (Y/N) [Y]:
   

5. Enter Y to continue with the registration process. The install script prompts you to enter the host name or IP address of the CipherTrust Manager with which you want to register CTE-U.

   For example:
   
   Do you want to continue with agent registration? (Y/N) [Y]: Y
   
   Please enter the primary key manager host name: 10.3.200.141:8445
   
   You entered the host name 10.3.200.141<br>
   Is this host name correct? (Y/N) [Y]: Y
   

6. Enter the client host name when prompted.

   Please enter the host name of this machine, or select from the following
   list.
   
   [1] sys31186.qa.com
   [2] 10.3.31.186
   
   Enter a number, or type a different host name or IP address in manually:<br>
   What is the name of this machine? [1]: 2
   You selected "10.3.31.186".
   

7. Enter the CipherTrust Manager registration token, profile name, host group and host description. If you omit the profile name, CipherTrust Manager associates the default client profile with this client.

   Please enter the registration token: 12345
   Please enter the profile name for this host: My-Profile
   Please enter the host group name for this host, if any:
   Please enter a description for this host: West Coast Datacenter server 5
   
   Token : 12345
   Profile name : My-Profile
   Host Group : (none)
   Host description : West Coast Datacenter server 5
   Are the above values correct? (Y/N) [Y]: Y
   

8. CTE-U finishes the installation and registration process.

   Generating key pair for the kernel component...done.<br>
   Extracting SECFS key<br>
   Generating EC certificate signing request for the vmd...done.<br>
   Signing certificate...done.<br>
   Enrolling agent with service on 10.3.200.141...done.<br>
   Successfully registered the CipherTrust Transparent Encryption File System Agent with the<br>
   CipherTrust Manager on 10.3.200.141.
   
   Installation success.