CipherTrust Teradata Protection Installation Checklist

Use this table to verify prerequisites and collect the information you need for the installation.

CipherTrust Manager (CM) FQDN

1. Connect to your CipherTrust Manager instance:

   ssh -i {key file} ksadmin@ip.address
   

2. Use the hostname command to view the hostname:

   ksadmin@keysecure:~$ hostname
   

Teradata Node Name Resolution

You can map a Teradata node name to an IP address using a Domain Name Server (DNS). DNS is the most preferred method of host name resolution. If you use DNS to resolve host names, use the FQDN for the host names.

Using the Admin CLI

Access the CLI menu as follows:

1. Start the serial console application.

2. If the login prompt is not displayed, press the Enter key to wake up the connection.

3. Sign in to the appliance. The default System Administrator name and password are cliadmin and cliadmin123.

Example

At the prompt, type cliadmin followed by the password.

network$ agentip show
agent ip address support : off
SUCCESS: agent ip address support showed.
network$ agentip on
WARNING: The Security Server will restart automatically after enabling
agent IP address support!
Continue? (yes|no)[no]:yes
SUCCESS: Agent IP address support is enabled and the server restarted.
network$ agentip show
agent ip address support : on
SUCCESS: Agent IP address support showed.
network

Obtaining a Data Encryption Key for your CTP Deployment

Creating a Data Encryption Key

1. Go to Keys > Agent Keys > Keys in the Management Console to open the Agent Keys window.

2. Click Add to open the Add Agent Key window.

3. Enter a key name, description, and security algorithm.

   Name	Name of key. 64 character limit.
   Description	Optional key description. 265 character limit.
   Template	A key template with a set of predefined attributes. To create a valid Teradata key, select Default_SQL_Symmetric_Key_Template and do not change any of the custom attribute values.
   Algorithm	Algorithm used to create the key.
   Key Type	Location for the encryption key. Stored on Server keys are downloaded to non-persistent memory on the host. Cached on Host downloads and stores (in an encrypted form) the key in persistent memory on the host. For performance reasons, Cached on Host is highly recommended for Teradata installations. For Fast Mode (configuration file setting udfaes on), key type Cached on Host is MANDATORY.
   Unique to Host	This checkbox is displayed when Cached on Host is selected. When enabled, it makes the encryption key unique. The key is downloaded to the host, encrypted using the host password, and stored. These keys are used for locally attached devices, as files encrypted by them can be read only by one machine. Do not enable this checkbox for cloned systems, RAID configurations, clustered environments, or any environment that uses host mirroring. Requires that Key Creation Method is set to Generate.
   Key Creation Method	Select to generate a key using a random seed Generate or by Manual Input.
   Expiry Date	Date the key expires.
   Key Refreshing Period (minutes)	Used only with Oracle Database TDE and Microsoft SQL Server TDE. How long to keep the key in the local key cache before it is refreshed? Example: Name: Key1 Description: Teradata key Algorithm: AES256 All other values are the default.

4. Click OK. Your new key is created and displayed in the Agent Keys window.

5. Create as many keys as desired.

Configure NAE Interface Mode on CipherTrust Manager

If using the CipherTrust Manager, configure the NAE interface mode:

1. Sign in to the CipherTrust Manager.

2. Go to Admin Setting > System > Interfaces.

3. Select the appropriate NAE interface mode:

   1. For TCP communication: Select any No TLS mode.

   2. For SSL communication: Select any mode except No TLS.