This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Installing the ESA

Installing the latest version of the ESA

The ESA appliance can be installed on any of the following platforms.

  • On-premise (ISO)
  • Cloud platforms
    • Amazon Web Services (AWS)
    • Microsoft Azure
    • Google Cloud Platform (GCP)
  • VMWare (OVA)

1 - Installing the ESA On-Premise

The following steps explain the installation of the ESA ISO image on-premise.

1. Starting the installation

To install the ESA:

  1. Insert the ESA installation media in the system disk drive.

  2. Boot the system from the disk drive.

    The following screen appears.

  3. Press ENTER to start the installation.

    The following screen appears.

    The system will detect the number of hard drives that are present. If there are multiple hard drives, then it will allow you to choose the hard drive where you want to install the OS partition and the /opt partition.

    If there are multiple hard drives, then the following screen appears.

    For storing the operating system-related data, select the hard drive where you want to install the OS partition and select OK.

    The following screen appears.

    For storing the logs, configuration data, and so on select the hard drive where you want to install the /opt partition and select OK.

2. Selecting Network Interface Cards (NICs)

The Network Interface Card (NIC) is a device through which appliances, such as, the ESA or the DSG, connect to each other on a network. You can configure multiple network interface cards (NICs) on the appliance.

The ethMNG interface is generally used for managing the appliance and ethSRV interface is used for binding the appliances for using other services.

For example, the appliance can use the ethMNG interface for the ESA Web UI and the ethSRV interface for enabling communication with different applications in an enterprise.

The following task describes how to select management interfaces.

To select multiple NICs:

  1. If there are multiple NICs, then the following screen appears.

  2. Select the required NIC for management interface.

  3. Choose Select and press ENTER.

3. Configuring Network Settings

After selecting the NIC for management, you configure the network for the ESA. During the network configuration, the system tries to connect to a DHCP server to obtain the hostname, default gateway, and IP addresses for the ESA. If the DHCP is not available, then you can configure the network information manually.

To configure the network settings:

  1. If the DHCP server is configured, then the following screen containing the network information appears.

  2. If the DHCP server is not available, then the following screen appears.

    The Network Configuration Information screen appears.

  3. Select Manual and press ENTER.

    The following screen appears.

    1. Select DHCP / Static address to configure the DHCP / Static address for the ESA and choose Edit.

    2. Select Static address and choose Update.

    3. If you want to change the hostname of the ESA, then perform the following steps.

      1. Select Hostname and select Edit.
      2. Change the Hostname and select OK.

    4. Select Management IP to configure the management IP address for the ESA and choose Edit.

      1. Add the IP address assigned to the ethMNG interface. This IP address configures the ESA to use the Web UI.
      2. Enter the Netmask. The ethMNG interface must be connected to the LAN with this Netmask value.
      3. Select OK.

    5. Select Default Route to configure the default route for the ESA and press Edit.

      1. Enter the IP address for the default network traffic.
      2. Select Apply.

    6. Select Domain Name and press Edit.

      1. Enter the Domain Name. For example, protegrity.com.
      2. Press Apply.

    7. Select Name Servers and press Edit.

      1. Add the IP address of the name server.
      2. Press OK.

    8. If you want to configure the NTP, then perform the following steps.

      1. Select Time Server (NTP), and press Edit.
      2. Add NTP time server on a TCP/IP network.
      3. Select Apply.

  4. Select Apply.

    The network settings are configured.

4. Configuring Time Zone

After you configure the network settings, the Time Zone screen appears. This section explains how to set the time zone.

To set the Time Zone:

  1. On the Time Zone screen, select the time zone.

  2. Press Next.

    The time zone is configured.

5. Configuring the Nearest Location

After configuring the time zone, the Nearest Location screen appears.

To Set the Nearest Location:

  1. On the Nearest Location screen, enter the nearest location in GMT or UTC.

  2. Press OK.

    The following screen appears.

    This screen also allows you to update the default settings of date and time, keyboard manufacturer, keyboard model, and keyboard layout.

6. Updating the Date and Time

To Update the Date and Time:

  1. Press SPACE and select Update date and time.

  2. Press ENTER.

    The following screen appears.

  3. Select the date.

  4. Select Set Date and press ENTER.

    The next screen appears.

  5. Set the time.

  6. Click Set Time and press ENTER.

    The date and time settings are configured.

7. Updating the Keyboard Settings

To Update the Keyboard Settings:

  1. Select Update Keyboard or Console settings.

  2. Press ENTER.

  3. Select the vendor and press the SPACEBAR.

  4. Select Next.

    If you select Generic, then a window with the list of generic keyboard models appears.

  5. Select the model you use and press Next.

  6. On the next window, select the keyboard language. The default is English (US).

  7. Select Next.

  8. On the next window, select the console font. The default is Lat15-Fixed16.

  9. Press Next.

    A confirmation message appears.

  10. Press OK to confirm.

8. Configuring GRUB Settings

On the ESA, GRUB version 2 (GRUB2) is used for loading the kernel. If you want to protect the boot configurations, then you can secure it by enforcing a username and password combination for the GRUB menu.

During installation for the ESA on-premise, a screen to configure GRUB credentials appears. If you want to protect the boot configurations, then you can secure it by enforcing a username and password combination for the GRUB menu. While installing the ESA v9.2.0.0, you can secure the GRUB menu by creating a username and setting password as described in the following task.

To configure GRUB settings:

  1. From the GRUB Credentials page, press the SPACEBAR to select Enable.

    Grub Settings

    By default the Disable is selected. If you continue to choose Disable, then the security for the GRUB menu is disabled. It is recommended to enable GRUB to secure the ESA.

    You can enable this feature from the CLI Manager after the installation is completed. On the CLI Manager, navigate to Administration > GRUB Credential Settings to enable the GRUB settings.

    For more information about GRUB, refer to the section Securing the GRand Unified Bootloader (GRUB).

  2. Select OK.

    The following screen appears.

  3. Enter a username in the Username text box.

    Note:

    The requirements for the Username are as follows:

    • It should contain a minimum of three and maximum of 16 characters
    • It should not contain numbers and special characters

  4. Enter a password in the Password and Re-type Password text boxes.

    Note:

    The requirements for the Password are as follows:

    • It must contain at least eight characters
    • It must contain a combination of alphabets, numbers, and printable characters

  5. Select OK and press ENTER.

    A message Credentials for the GRUB menu has been set successfully appears.

  6. Select OK.

9. Setting up Users and Passwords

Only authorized users can access the ESA. The Protegrity Data Security Platform defines a list of roles for each user who can access the ESA. These are system users and LDAP administrative users who have specific roles and permissions. When you install the ESA, the default users configured are as follows:

  • root: Super user with access to all commands and files.
  • admin: User with administrative privileges to perform all operations.
  • viewer: User who can view, but does not have edit permissions.
  • local_admin: Local administrator that can be used when the admin user is not accessible.

After completing the server settings, the Users Passwords screen appears that allows you set the passwords for the users.

To set the LDAP Users Passwords:

  1. Add the passwords of the users.

    Note: Ensure that the passwords for the users comply with the password polices.

    For more information about the password policies, refer to the section Password Policy Configuration in the Protegrity Enterprise Security Administrator Guide 9.2.0.0.

  2. Select Apply.

    The user passwords are set.

10. Licensing

After the ESA components are installed, the Temporary License screen appears. This system takes time. It is recommended to wait for few minutes before proceeding.

Note: After the ESA is installed, you must apply for a valid license within 30 days.

Temporary License Information Screen

For more information about licenses, refer Licensing.

11. Installing Products

In the final steps of installing the ESA, you are prompted to select the components to install.

To select products to install:

  1. Press space and select the necessary products to install the following products.

    Install or Repair Products Screen

  2. Click OK.

    The selected products are installed.

  3. After installation is completed, the following screen appears.

    Welcome to Protegrity Appliance

  4. Select Continue to view the CLI Login screen.

2 - Installing ESA on Cloud Platforms

Installing the ESA on Cloud platforms, such as, AWS, Azure, or GCP.

This section describes installing the ESA on Cloud platforms, such as, Amazon Web Services (AWS), Azure, or Google Cloud Platform (GCP). For installing the ESA on cloud platforms, you must mount the image containing the ESA on a cloud instance or a virtual machine. After mounting the image, you must run the finalization procedure to install the ESA components.

Installing ESA on AWS

The following steps must be completed to run an ESA on AWS:

  1. Verifying the prerequisites.
  2. Obtaining the AMI.
  3. Creating an instance of the ESA from the AMI.
  4. Configuring the various inbound and outbound ports in the VPC.
  5. Logging to the AWS instance using the SSH Client.
  6. Finalizing the AWS instance.
  7. Logging into ESA.

Installing ESA on Azure

The following steps must be completed to run an ESA on Azure:

  1. Verifying the prerequisites.
  2. Creating a Resource Group.
  3. Creating a Storage Account.
  4. Creating a Container.
  5. Obtaining the Azure BLOB.
  6. Create an image from the BLOB.
  7. Create a VM from the image.
  8. Accessing the ESA.
  9. Finalizing the installation of ESA on the instance.
  10. Logging into ESA.

Installing ESA on GCP

The following steps must be completed to run an ESA on GCP:

  1. Verifying the prerequisites.
  2. Configuring the Virtual Private Cloud (VPC).
  3. Obtaining the GCP Image.
  4. Converting the Raw Disk to a GCP Image.
  5. Loading the ESA from a GCP Image.
  6. Finalizing the installation of ESA on the instance.
  7. Logging into ESA.

3 - Installing ESA on VMware

Installing the ESA using a OVA template

This section describes the process to install the ESA using an OVA template.

For more information about the compatible VMware version, refer to the Release Notes of the relevant release.

3.1 - Creating an OVA Template

Steps to create an OVA template.

Perform the steps to create an Open Virtual Appliance (OVA) template:

  1. Log in to the VMware Client console.

  2. Navigate to Inventories > VMs and Templates.

  3. From the left navigation pane, select the required project.

  4. Right-click the project name and select Deploy OVF Template….
    The Deploy OVF Template screen appears.

  5. From Select an OVF template, select the preferred method to upload the .ova file.
    The .ova file can be accessed using the URL or by uploading a local file.

  6. Click Next.

  7. From Select a name and folder, enter the name of the virtual machine in the Virtual machine name field and select the location for virtual machine. Click Next.

  8. From Select a destination compute resource, select the required compute resource. Click Next.

  9. From Review details, verify the publisher, download size, and size on disk. Click Next.

  10. From Select storage, select the required disk formats, VM Storage Policy, Show datastores from Storage DRS clusters, and datastore to store the deployed OVF or OVA template.

  11. Click Next.

  12. From Select network, select the required network. Click Next.

  13. From Ready to complete, verify the details and click Finish.

    This may take sometime to successfully complete the creation of virtual machine. Ensure to proceed only once the virtual machine is created successfully.

  14. After the instance is successfully created, from the left navigation pane, select the virtual machine name.

  15. Right-click the virtual machine name and select Convert to Template.
    A Confirm Convert dialog box appears.

  16. Click Yes.

    The OVA template is successfully created.

3.2 - Creating a Virtual Machine using OVA template

Steps to create a virtual machine using the OVA template.

Perform the steps to create a virtual machine using the OVA template:

  1. Navigate to Inventories > VMs and Templates.

  2. From the left navigation pane, select the required project.

  3. Select the required OVA template.

  4. Right-click the template name, and select New VM from This Template.

  5. From Select a name and folder, enter the name of the virtual machine in the Virtual machine name field and select the location for virtual machine. Click Next.

  6. From Select a destination compute resource, select the required compute resource. Click Next.

  7. From Select storage, select the required storage.
    Select the required disk formats, VM Storage Policy, Show datastores from Storage DRS clusters, and datastore to store the deployed OVF or OVA template.

  8. Click Next.

  9. From Select clone options, select the required clone options.

  10. If the Customize the operating option is selected, then the Customize guest OS screen appears.
    Configure the required OS for the virtual machine. Click Next.

  11. If the Customize this virtual machine’s hardware option is selected, then the Customize hardware screen appears.
    Configure the required hardware for the virtual machine. Click Next.

  12. From Ready to complete, verify the details and click Finish.

    The virtual machine is created successfully.

3.3 - Installing the ESA on the Virtual Machine

Steps to install the ESA on the virtual machine.

1. Starting the installation

Ensure that the virtual machine is powered on before starting the installation process.

To install the ESA:

  1. Select the virtual machine.

  2. Click LAUNCH WEB CONSOLE.

2. Configuring Network Settings

After selecting the NIC for management, configure the network for the ESA. During the network configuration, the system tries to connect to a DHCP server to obtain the hostname, default gateway, and IP addresses for the ESA. If the DHCP is not available, then you can configure the network information manually.

To configure the network settings:

  1. If the DHCP server is configured, then the screen containing the network information appears.

  2. If the DHCP server is not available, then the Network Configuration Information screen appears.

  3. Select Manual and press ENTER.

    1. Select DHCP / Static address to configure the DHCP / Static address for the ESA and choose Edit.

    2. Select Static address and choose Update.

    3. If you want to change the hostname of the ESA, then perform the following steps.

      1. Select Hostname and select Edit.
      2. Change the hostname and select OK.

    4. Select Management IP to configure the management IP address for the ESA and select Edit.

      1. Add the IP address assigned to the ethMNG interface. This IP address configures the ESA to use the Web UI.
      2. Enter the Netmask. The ethMNG interface must be connected to the LAN with this Netmask value.
      3. Select OK.

    5. Select Default Route to configure the default route for the ESA and select Edit.

      1. Enter the IP address for the default network traffic.
      2. Select Apply.

    6. Select Domain Name and select Edit.

      1. Enter the domain name. For example, protegrity.com.
      2. Select Apply.

    7. Select Name Servers and select Edit.

      1. Add the IP address of the name server.
      2. Select OK.

    8. To configure the NTP, then perform the following steps.

      1. Select Time Server (NTP), and press Edit.
      2. Add NTP time server on a TCP/IP network.
      3. Select Apply.

  4. Select Apply.

    The network settings are configured.

3. Configuring Time Zone

After you configure the network settings, the Time Zone screen appears.

To set the Time Zone:

  1. On the Time Zone screen, select the time zone.

  2. Select Next.

    The time zone is configured.

4. Configuring the Nearest Location

After configuring the time zone, the Nearest Location screen appears.

To Set the Nearest Location:

  1. On the Nearest Location screen, select the nearest location.

  2. Select OK.
    The Initial Server Settings screen appears.
    This screen also allows you to update the default settings of date and time, keyboard manufacturer, keyboard model, and keyboard layout.

  3. Edit the required settings. Select OK.

5. Updating the Date and Time

To Update the Date and Time:

  1. Press SPACE and select Update date and time.

  2. Press ENTER.

  3. Select the date.

  4. Select Set Date and press ENTER.

  5. Set the time.

  6. Click Set Time and press ENTER.

    The date and time settings are configured.

6. Configuring GRUB Settings

On the ESA, GRUB version 2 (GRUB2) is used for loading the kernel. If you want to protect the boot configurations, then you can secure it by enforcing a username and password combination for the GRUB menu.

During installation for the ESA on-premise, a screen to configure GRUB credentials appears. If you want to protect the boot configurations, then you can secure it by enforcing a username and password combination for the GRUB menu. While installing the ESA, the GRUB menu can be secured by creating a username and setting password as described in the following task.

To configure GRUB settings:

  1. From the GRUB Credentials page, press the SPACEBAR to select Enable.

    By default the Disable is selected. If you continue to choose Disable, then the security for the GRUB menu is disabled. It is recommended to enable GRUB to secure the ESA.

    You can enable this feature from the CLI Manager after the installation is completed. On the CLI Manager, navigate to Administration > GRUB Credential Settings to enable the GRUB settings.

    For more information about GRUB, refer to the section Securing the GRand Unified Bootloader (GRUB).

  2. Select OK.

  3. Enter a username in the Username text box.

    The requirements for the Username are as follows:

    • It should contain a minimum of three and maximum of 16 characters.
    • It should not contain numbers and special characters

  4. Enter a password in the Password and Re-type Password text boxes.

    The requirements for the Password are as follows:

    • It must contain at least eight characters.
    • It must contain a combination of alphabets, numbers, and printable characters.

  5. Select OK and press ENTER.

    A message Credentials for the GRUB menu has been set successfully appears.

  6. Select OK.

7. Setting up Users and Passwords

Only authorized users can access the ESA. The Protegrity Data Security Platform defines a list of roles for each user who can access the ESA. These are system users and LDAP administrative users who have specific roles and permissions. When you install the ESA, the default users configured are as follows:

  • root: Super user with access to all commands and files.
  • admin: User with administrative privileges to perform all operations.
  • viewer: User who can view, but does not have edit permissions.
  • local_admin: Local administrator that can be used when the admin user is not accessible.

After completing the server settings, the Users Passwords screen appears that allows you set the passwords for the users.

To set the LDAP user passwords:

  1. Add the passwords of the users.

    Ensure that the passwords for the users comply with the password polices.

    For more information about the password policies, refer Password Policy Configuration

  2. Select Apply.

    The user passwords are set.

8. Licensing

After the ESA components are installed, the Temporary License screen appears. This screen takes time. It is recommended to wait for few minutes before proceeding.

After the ESA is installed, you must apply for a valid license within 30 days.

For more information about licenses, refer Licensing.

9. Installing Products

In the final steps of installing the ESA, select the components to install.

To select products to install:

  1. Press space to select and install the required products.

  2. Click OK.

    The selected products are installed.
    After installation is completed, the Welcome to Protegrity Appliance screen appears.

  3. Select Continue to view the CLI Login screen.