Linux Installation Prerequisites

  • Make sure the version of Linux running on the target system is supported for data encryption. For details, see Supported Platforms.
  • Make sure the default language for the Linux operating system is English. The Entrust KeyControl Policy Agent uses scripts that parse the output of Linux commands, and those scripts may give unexpected results if the command output is in a language other than English.

  • Make sure that the tar utility is installed. If you see this error, then tar is not installed:

    Uncompressing hcs-client-agent-10.4.3-550001852.run ... Extraction failed.

  • Make sure that Entrust KeyControl is installed and the cluster is configured properly as described in Basic KeyControl Configuration. The cluster must be healthy. You cannot register the Policy Agent with a degraded KeyControl cluster.

  • Have the following information available:

    • The IP addresses of all KeyControl nodes with which you want to register the Policy Agent, or one IP address and the name of the KeyControl Mapping you want to use on this VM. Registering the Policy Agent with multiple KeyControl nodes provides a failover mechanism in case one of the KeyControl nodes is unreachable.
    • The credentials for a KeyControl webGUI user account with Cloud Admin privileges.
    • The name of the KeyControl Cloud VM Set with which you want to associate the VM. You cannot encrypt the disks or drives until the VM has been registered with a Cloud VM Set in KeyControl. For details, see Creating a Cloud VM Set for the KeyControl Vault for VM Encryption.
  • Select an authentication method. The options are:

    • Standard Authentication — This is the most secure authentication method. You create a certificate in the KeyControl webGUI which you then copy to the target system. After you install the Policy Agent software, you specify the name and location of the certificate file during registration. You also create a passphrase during the Policy Agent registration that you must then enter in the KeyControl webGUI.

    • Simplified Authentication — This method involves authenticating the VM with KeyControl through the VM itself. It allows you to skip downloading a certificate and logging into KeyControl during the authentication process, but it does require you to enter the KeyControl credentials directly into the VM and to have a Cloud VM Set already created. You should only use this method if your VM is secure.

    • Automated Authentication — This method involves adding the KeyControl username and password on the hcl command line using the hcl register -a command. This method is the least secure and should be used with caution due to the fact that the KeyControl username and password must be included on the command line or in the script.