Black Box The EncrypTight manual

B L A C K B O X ® The Encr yp Tight ™ Man ager Inst al la tion Guide pro vid es detail ed i n f or ma ti on on ho w t o instal l and conf igure Encr yp Tight Manager sof t ware. EncrypT ight Installation Guide E T 0 010 A E T 010 0 A E T 10 0 0 A ET 1 0000 A Ord er toll -free in th e U.S. : Call 87 7 - 877- BBOX (ou t side U. S. c all 724 - 7 4 [...]

[...]

EncrypTight Manager Installation Guide 3 T able Of Content s About This Document ................................ ..................................................... ..............5 EncrypTight Manager 3.3 Installation Options ................................................ ..............7 Virtual Machine Options ................................[...]

4 EncrypTight Manager Installation Guide Procedure 0. copying drives wit h dd (only for non-RAID s ystems!!!!) ................. .......... 27 Procedure 1. Backing up the entire filesys te m ............. ................ ................ ................. 27 Procedure 2. Restoring the co mplete filesys tem, including the OS ....... ...............[...]

EncrypTight Manager Installation Guide 5 Preface About This Document Purpose The EncrypT ight Manager Insta llation Guide provides detailed i nformation on how to in stall and configure EncrypT ight Manager software. Intended Audience This document is intended for network man agers and security administr ators wh o are familiar with setting up and [...]

Preface 6 EncrypTight Manager Installation Guide Black Box Corporation 1000 Park Drive Lawrence, P A 15055-1018 email: info@b lackbox.com Cont acting Customer Support T echnical support services are accessible through the Black Box support center . FREE technical suppo rt 24 hours a day , 7 da y s a week: Call 724-746-5500 or fax 724-746 -0746 US ([...]

EncrypTight Manager 3.3 Installation Options EncrypTight Manager Installation Guide 7 EncrypT ight Manager 3.3 Inst allation Options • V irtual Machines • EncrypT ight-Manager-3.3-standalone • EncrypT ight-Manager-3.3 • single server • cluster high availabilit y • single server disaster recovery • Hardware • EncrypT ight-Manager-3.3[...]

8 EncrypTight Manager Installation Guide EncrypT ight-Manager-3.3 • A vailable in 32 and 64 bit architectures • Expects to be run in an environment where the VM has at least 2GB of RAM and 40GB of disk • This virtual machine is set up so that when it first boot s it will initialize the operating system for use by EncrypTight Manager. It will [...]

Firewall Information EncrypTight Manager Installation Guide 9 Firewall Information Servers in cl uster must hav e the follow ing ports avai lable: TCP 21 TCP 2221 TCP 22 TCP 80 TCP 8080 TCP 443 TCP 8443 TCP 8764 TCP 5432 TCP 47788 TCP 47799 UDP 45588 UDP 46688 UDP 45599 UDP 46699 NOTE These ports are made available b y default. Inst allation Exampl[...]

10 EncrypTight Manager Installation Guide Figure 1 EncrypT ight Manager Con sole view Configuring Networking Parameters Once the machine is running, you can configure networking parameters. This includes assigning a st atic IP address, netmask, and gateway address. T o configure a n IP address and netm ask: 1 Click in the console windo w to activat[...]

Installation Examples EncrypTight Manager Installation Guide 11 4T y p e 1 and press Enter to exit the menu. Note that you can use the same menu to assign a host name, specify a DNS server , set up a proxy server , or view the current networking configurati on. Running the Inst allation Script Once the virtual machine has been deploy ed and network[...]

12 EncrypTight Manager Installation Guide • Modify the /opt/scrip ts/policyserver-init.conf and set the fo llowing. Emacs, na no, and vi are available on the OS. ######################################################################## ####### ####### ####### Cluster options ####### # ## for a clustered installation node1 and node2 must be set the[...]

Installation Examples EncrypTight Manager Installation Guide 13 NOTE Support for a crossover cable conn ection between node1 and node2 has been added in the hardware cluster installation. ######################################################################## ####### ####### ####### Cluster options ####### # ## for a clustered installation node1 a[...]

14 EncrypTight Manager Installation Guide Disaster Recovery Option If this cluster is going to have a disaster recov ery site assigned to it then you need t o modify the following section of the /opt/scripts/policyserver-init.conf: ######################################################################## ####### ####### ####### Disaster Recovery opt[...]

Installation Examples EncrypTight Manager Installation Guide 15 Ordering of actions is import ant. Y ou should install in the following steps: 1 Power on both servers 2 Assign IP to server #1 3 Assign IP to server #2 4 Make sure that server #1 can see server #2 on the network 5 Run /etc/init.d/policyserver-install on server #1 ( same order of IP ad[...]

16 EncrypTight Manager Installation Guide ## comma separated list of hosts to check # heartbeatHosts= # # ######################################################################## ####### Run the installation script on the Main site: /etc/init.d/policyserver-ins tall Disaster Recovery Site • Assign an IP to the DR site install ation. • Modify th[...]

EncrypTight Manager Upgrade of an Existing ETM Instance EncrypTight Manager Installation Guide 17 > /etc/init.d/policyserver s top Once that is down you can see that the di saster recovery picks up rekeys by viewing the DR logs on the DR Machine: > tail -f /opt/jboss/server/ policyserver/log/server.log T o bring the Main Site back up use the [...]

18 EncrypTight Manager Installation Guide Optional - V erify the downloaded upgrade bin f ile. • Download and scp the public key pubkey .txt over to the ETM server . # scp pubkey.txt root@19 2.168.X.X:/opt/upgrade/ • Scp the external signature for the upgrade bin: # scp policyserver-upgra de-<VERSION>.bin.asc root@192.168.X.X:/op t/upgrad[...]

EncrypTight Manager Upgrade of an Existing ETM Instance EncrypTight Manager Installation Guide 19 **************************** ***************************************** **** ******** UPGRADE: Examining System, Please Wait... **************************** ***************************************** **** **************************** ********************[...]

20 EncrypTight Manager Installation Guide Finished server backup Running through the upgrades available **************************** ***************************************** ** Performing upgrade to 3.1 Application upgrade... upgrade ../../common/ear/cip her.ear /opt/jboss/server/policyserver/de ploy/ upgrade jbossweb.jar /opt/jb oss/server/policy[...]

EncrypTight Manager Upgrade of an Existing ETM Instance EncrypTight Manager Installation Guide 21 Upgrading the policyserver-i nit.conf Upgrading the database schem a sql Upgrading the system scripts ############################ ######################################### ## Upgrade process complete. A pplication version is: 3.2.3971 ################[...]

22 EncrypTight Manager Installation Guide gpg: Signature made Mon 12 Dec 2011 03:19:38 PM EST using DSA key ID 9B705669 gpg: Good signature from "Black Box (Policy Server) <support@blac kbox.com>" gpg: WARNING: This key i s not certified with a trusted signature! gpg: There is n o indication that the signature belongs t o the owner.[...]

EncrypTight Manager Upgrade of an Existing ETM Instance EncrypTight Manager Installation Guide 23 YOU MUST wait for the upgrade to complet e before continuing EXAMPLE : Upgrade from 3.2.3 971 to 3.3.4364: [root@PIT -ETM-N1 upgrade]# ./po licyserver-upgrade-3.3.4364.bin V erifying archive integ rity ... All good. Uncompressing Upgrade to 3.3.4364...[...]

24 EncrypTight Manager Installation Guide scp_host not set, no t scp-ing /opt/upgradebackup/db-back up-2012-02-15-18-54-v.sq l.gz backup anywhere keeping backup 1: /opt/upgra debackup/db-backup-2012-02-15-18-54-v.sql .gz Finished db-backup done. Backing up the server dirs: / opt/ftpserverdir /opt/filestore /opt/jbos s/server/p olicyserver... tar cf[...]

Backup and Restore of EncrypTight Manager EncrypTight Manager Installation Guide 25 [root@PIT-ETM-N1 upgrade ]# /etc/init.d/policyserver start Server is starting, chec k the log files for application status 2 Start the policyserver on EncrypT ight Manager Cluster Node 2 YOU MUST wait for the startu p to complete before continuing [root@PIT-ETM-N2 u[...]

26 EncrypTight Manager Installation Guide Backup component s provided by ETM EncrypT ight Manager provides mechanisms for backing up its datab ase, and also for backing up the ETM software. Customers who do not do fu ll server backups regularly can use those tools to ensure that they can recover as close to a point of failure as possi ble, while ba[...]

Backup and Restore of EncrypTight Manager EncrypTight Manager Installation Guide 27 Other hardware component failures If some component other than a drive has failed, that component could be replaced in the field, or the server could be RMA'd back to Black Box. Damage to the ETM sof tware or dat abase If some damage is done to the ETM installa[...]

28 EncrypTight Manager Installation Guide tar cvpzf backup.tgz --exclude=/proc --exclude=/los t+found --exclude=/backup.tgz --exclude=/mnt --exclude=/sy s / Please familiarize yourself with the tar command and its arguments. The man pages are included in the ETM distro. As noted above, the dd operation for non-RAID con f igured servers also serves [...]

Backup and Restore of EncrypTight Manager EncrypTight Manager Installation Guide 29 • Backup Server scp User • Backup Server scp Password Also note that the ETM root di r is /opt/jboss/server/po licyserver, and that the /opt/scripts directory is a symlink to /opt/jbo ss/server/policyserver/scripts, so that di rectory will be backed up. It cont [...]

30 EncrypTight Manager Installation Guide If you changed the database userid or password, you wil l have to supply those opti ons as well. [root@policyserver log]# /op t/scripts/db-import.sh --help db-import.sh --help --dbUser=dbUser --dbPass=dbPassword --dbType=dbType --importFile=importFile --disasterServer=[true/f alse] Cluster notes Restoring a[...]

Appendices EncrypTight Manager Installation Guide 31 Appendices Hardware Disaster Recovery Cluster Inst all If you are going to have the disaster recovery cl us ter on node1 = 192.168.80.3 and node2 = 192 .168.80.4 then you would run like this on both installs: • Modify the /opt/scrip ts/policyserver-init.conf and set the fo llowing. Emacs, na no[...]

32 EncrypTight Manager Installation Guide ######################################################################## ####### ######################################################################## ####### ####### ####### VM tuning options ####### # ## max number of workder threads in the application server, MUST be more than 2 x mdbQueueThreads maxS[...]

Appendices EncrypTight Manager Installation Guide 33 UDP 45599 UDP 46699 Ordering of actions is import ant. Y ou should install in the following steps: 1 Power on both servers 2 Assign IP to server #1 3 Assign IP to server #2 4 Make sure that server #1 can see server #2 on the network 5 Run /etc/init.d/policyserver-install on server #1 ( same order[...]

34 EncrypTight Manager Installation Guide EncrypT ight Manager OV A Deployment Using vS phere Client Applications Y ou need to install vSphere Clien t onto your workstation. The vSphere Client software is only available for Windows platforms. Open up the VMware vSphere Client software. Y ou will see the login prompt for the client to connect to the[...]

Appendices EncrypTight Manager Installation Guide 35 Figure 3 Inst alling the CSM OV A Click on the menu opti on File -> Deploy OVF T emplate... This will bring up the O VF T emplate Deploy dialog:[...]

36 EncrypTight Manager Installation Guide Figure 4 Deploy OVF T e mplate Select the "Deploy from fi le" option. Copy and paste the ova link that i s generated from the CSM build server . Select Next. Y ou will see the OVF T em plate Details[...]

Appendices EncrypTight Manager Installation Guide 37 Figure 5 OVF T emplate Det ails Select Next. Y ou will see the Name and Location. Here you will enter a Name for yo ur virtual machine that will be created. Use th e following naming convention: INITIALS-B UILDNUMBER-SE R VERNUMBER Example : So for User “XX” deploying an ova build 2653 server[...]

38 EncrypTight Manager Installation Guide Figure 6 Name and Location Select Next. Y ou will see the Host / Cluster selection. Se lect the Simulators -> v mhost1.blackbox.com[...]

Appendices EncrypTight Manager Installation Guide 39 Figure 7 Host / Cluster Select Next. Y ou will see the Resource Pool selection. Select the vmhost1 .blackbox.com -> CSM T esting vmhost1.blackbox.com[...]

40 EncrypTight Manager Installation Guide Figure 8 Resource Pool Select Next. Y ou will see the Datastore selection. Y ou can select any of the available Datastores. Ensure there is at least 45G of Free space available.[...]

Appendices EncrypTight Manager Installation Guide 41 Figure 9 Dat astore Select Next. Y ou will see the Ready to Complete screen.[...]

42 EncrypTight Manager Installation Guide Figure 10 Ready to Complete Select Next. Now vSphere will import the ova into the CSM T esting Reso urce Pool. Y ou will see a dialog w ith the progress and a complete message once it is done. Y ou can close the complete message. Y ou can select the newly created VM under the CS M T esting tree and p ower i[...]

Appendices EncrypTight Manager Installation Guide 43 Figure 1 1 Basic T asks Once the VM begins to power up yo u right click on the VM and select “Op en Console”. Y ou will see the VM operati ng system boot u p and get to the main blue screen.[...]

44 EncrypTight Manager Installation Guide Figure 12 Main Screen Setup Networking Once you are on the main blue screen of the virtual machine appliance you can click yo ur mouse inside of it. The virtual machine now has control of your mous e. Y ou will have to type "Ctrl+Alt " to release the mouse from it. Y ou can use the arrow keys in t[...]

Appendices EncrypTight Manager Installation Guide 45 Figure 13 Main Network Config Now you will be able to en ter your IPv4 address informatio n: Configure an IPv4 address for eth0? y /n n: y Use a DHCPv4 Server instead of a static IPv4 address? y/n n: n IPv4 Address []: 192.168.4.X Netwmask []: 255.255.192 .0 Is this correct? y/n y: y Make sure yo[...]

46 EncrypTight Manager Installation Guide Figure 14 Default Gateway Enter 0 for the interface to configure. Enter 192.168.1.1 for the Gatewa y . (Optional) If you need to setup DNS fo r external acce ss from the VM select option 4 from the menu and enter the DNS IP settings. ( Use 192.168.1 .10 and 192.168.4.2 for DN S servers if you require DNS) S[...]

[...]

72 4 - 7 4 6 -5500 | blac kbo x.c om About Bl ack B ox Black Box Net work Ser vices is your source for an ex tensive range of net working and infra struc ture product s. Y ou’ ll find ever y thing from cabinet s and racks and power and surge protection product s to media converters and Ethernet switches all suppor ted by free , live 24 / 7 T ech [...]