Linux Installation Prerequisites

Make sure the version of Linux running on the target system is supported for data encryption. For details, see Supported Platforms.
Make sure the default language for the Linux operating system is English. The Entrust Policy Agent uses scripts that parse the output of Linux commands, and those scripts may give unexpected results if the command output is in a language other than English.
Make sure that the tar utility is installed. If you see this error, then tar is not installed:

Uncompressing hcs-client-agent-10.4.7-550001852.run ... Extraction failed.
Make sure that Entrust Cryptographic Security Platform Vault is installed and the cluster is configured properly as described in Basic Cryptographic Security Platform Vault Configuration. The cluster must be healthy. You cannot register the Policy Agent with a degraded Cryptographic Security Platform Vault cluster.
Have the following information available:
- The IP addresses of all Cryptographic Security Platform Vault nodes with which you want to register the Policy Agent, or one IP address and the name of the Cluster Node Mapping you want to use on this VM. Registering the Policy Agent with multiple Cryptographic Security Platform Vault nodes provides a failover mechanism in case one of the Cryptographic Security Platform Vault nodes is unreachable.
- The credentials for a Cryptographic Security Platform Vault webGUI user account with Cloud Admin privileges.
- The name of the Cryptographic Security Platform Vault Cloud VM Set with which you want to associate the VM. You cannot encrypt the disks or drives until the VM has been registered with a Cloud VM Set in Cryptographic Security Platform Vault. For details, see Creating a Cloud VM Set for the Cryptographic Security Platform Vault for VM Encryption.
Select an authentication method. The options are:
- Standard Authentication — This is the most secure authentication method. You create a certificate in the Cryptographic Security Platform Vault webGUI which you then copy to the target system. After you install the Policy Agent software, you specify the name and location of the certificate file during registration. You also create a passphrase during the Policy Agent registration that you must then enter in the Cryptographic Security Platform Vault webGUI.
- Simplified Authentication — This method involves authenticating the VM with Cryptographic Security Platform Vault through the VM itself. It allows you to skip downloading a certificate and logging into Cryptographic Security Platform Vault during the authentication process, but it does require you to enter the Cryptographic Security Platform Vault credentials directly into the VM and to have a Cloud VM Set already created. You should only use this method if your VM is secure.
- Automated Authentication — This method involves adding the Cryptographic Security Platform Vault username and password on the hcl command line using the hcl register -a command. This method is the least secure and should be used with caution due to the fact that the Cryptographic Security Platform Vault username and password must be included on the command line or in the script.
RHEL 10 Caveats—If you plan to use RHEL 10 with the Linux Policy Agent, please be aware of the following:
- The 'htroot setup' job will fail if network is set to DHCP. This is because system device encryption is not supported with DHCP. To fix this issue, please use static IP configuration during setup.
- The 'htdrv prepare' job may fail to install the EPEL package. To fix this issue, run the following command manually:
  
  rpm -Uvh "https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm"
  
  Then you can rerun the 'htdrv prepare' job.
- The upgrade process using Leaap will fail if the root disk is encrypted. To fix this issue, boot into RHEL 9 from the GRUB menu to rescue the VM.
  
  To avoid this issue do the following:
  1. Decrypt the root disk before upgrading.
  2. Perform a clean upgrade to RHEL 10.
  3. Re-encrypt the root disk after the upgrade is complete.