Preparing the Environment

1: Extracting the Installation Package
2: Installing the Log Forwarder
3: Installing the Resilient Package Agent

The following sub-sections explain how to install each of Teradata Data Warehouse Protector components, Log Forwarder, and the RPAgent individually. Installing components one by one ensures proper configuration and functionality.

1 - Extracting the Installation Package

Extract the installation package to access the scripts required to install the components and the protector.

To extract the files from the installation package:

Login to the database server as the user with the required permissions.
Navigate to the directory where the installation package is downloaded.
For example, /opt/protegrity/.

To extract the contents of the installation package, run the following command:

tar -xvf DatabaseProtector_SLES-ALL-64_x86-64_Teradata-ALL-64_<DBP_version>.tgz

Press ENTER.
The commands extracts the signature files from the package.
```
DatabaseProtector_SLES-ALL-64_x86-64_Teradata-ALL-64_<DBP_version>.tgz
signatures/DatabaseProtector_SLES-ALL-64_x86-64_Teradata-ALL-64_<DBP_version>.sig
```
Note: For more information about the steps to verify the signed Teradata Data Warehouse protector build, refer to Verification of Signed Protector Build.

To extract the contents of the installation package, run the following command:

tar -xvf DatabaseProtector_SLES-ALL-64_x86-64_Teradata-ALL-64_<DBP_version>.tgz

Press ENTER.
The commands extracts the following files:

Install_TeradataProtector_Linux_x64_<DBP_version>.sh
LogforwarderSetup_Linux_x64_<DBP_version>.sh
RPAgentSetup_Linux_x64_<DBP_version>.sh
PepTeradataSetup_Linux_x64_<DBP_version>.sh
PepTeradata_UDTSetup_Linux_x64_<DBP_version>.sh
U.S.Patent.No.6,321,201.Legend.txt

2 - Installing the Log Forwarder

This section provides instructions to manually install the Log Forwarder on the Teradata database server.

Note: To automate the installation process, use the master installation script provided in the build: Install_TeradataProtector_Linux_x64_<DBP_version>.sh For more information, refer to the following sections:
Installing the Protector on Single Node
Installing the Protector on Multi Node

To install the Log Forwarder:

Log in to the server as the user with the required permissions.
Navigate to the directory where the installation files are extracted.
For example, /opt/protegrity/.
To install the Log Forwarder, run the following command:
```
./LogforwarderSetup_Linux_x64_<DBP_version>.sh
```

Press ENTER. The prompt to enter the audit store endpoint appears.

Enter the audit store endpoint (host), alternative (host:port) to use another port than the default port 9200 :

Enter the IP address of the audit store.

Press ENTER. The prompt to enter additional endpoint appears.

Audit store endpoints: <Audit_store_IP_address>:9200
Do you want to add another audit store endpoint? [y/n]:

To skip adding additional endpoints, type no.

Press ENTER. The prompt to continue the installation appears.

These audit store endpoints will be added:
<Audit_store_IP_address>:9200

Type 'y' to accept or 'n' to abort installation:

To continue the installation, type yes.
Press ENTER. The script extracts the files and installs the Log Forwarder.
```
Unpacking...
Extracting files...
Protegrity Log Forwarder installed in /opt/protegrity/logforwarder.
```
Note: For manual installation, the script will install the component under the specified directory only.
Navigate to the /opt/protegrity/logforwarder/bin/ directory.
To start the Log Forwarder, run the following command:
```
./logforwarderctrl start
```

Press ENTER.
The command starts the Log Forwarder.

[ info] switching to background mode (PID=8329)
Logforwarder started, PID (<process_ID>) written to PID file /opt/protegrity/logforwarder/
bin/fluent-bit.pid

3 - Installing the Resilient Package Agent

This section provides instructions to manually install the RPAgent on the Teradata database server.

Note: To automate the installation process, use the master installation script provided in the build: Install_TeradataProtector_Linux_x64_<DBP_version>.sh
For more information, refer to the following sections:
Installing the Protector on Single Node
Installing the Protector on Multi Node

The Resilient Package (RP) Agent downloads the certificates. These certificates are further used to authenticate the login credentials, public or private keys, and certify the code reliability.

Prerequsites: The core libraries integrated with the build uses the secure mode to validate and download the certificates from ESA. To enable the secure mode:

Before proceeding with the RPA installation in secure mode, ensure that the required CA certificate is available and trusted on the system.
Download the certificate from ESA.
Note: For more information about downloading certificates from ESA, refer to Manage Certificates.
After obtaining the certificate, configure the environment variable
Variable Value
SSL_CERT_FILE Is the full path to the certificate file.
Ensure to include ESA hostname or IP address in ESA TLS certificate (CN or SAN).
Ensure the ESA hostname or IP addres is resolvable from the RPAgent host.

Variable	Value
`SSL_CERT_FILE`	Is the full path to the certificate file.

To install the RPAgent:

Log in to the server as the user with the required permissions.
Navigate to the directory where the installation files are extracted. For example, /opt/protegrity/.
To install the RP Agent, run the following command:
```
./RPAgentSetup_Linux_x64_<DBP_version>.sh
```
Press ENTER.
The prompt to enter the host name or the IP address of the ESA appears.
```
Please enter upstream host name or IP address[]:
```
Enter the hostname for ESA.
Note: Failure to specify the hostname will use the insecure mode to validate the certificates. Protegrity does not recommend using the insecure mode to validate and download the certificates from ESA.
Press ENTER.
The prompt to enter the username for downloading the certificate appears.
```
Please enter the user name for downloading certificates[]:
```
Enter the username to download the certificates.
Press ENTER.
The prompt to enter the password for downloading the certificate appears.
```
Please enter the password for downloading certificates []:
```
Enter the password to download the certificates.

Press ENTER.
The installer extracts the files and downloads the certificates.

Unpacking...
Extracting files...
Certificate validation successful.
Obtaining token from <ESA_Hostname>:25400...
Downloading certificates from <ESA_Hostname>:25400...
% Total    % Received % Xferd  Average Speed  Time    Time    Time   Current
                                Dload  Upload  Total   Spent   Left   Speed
100  11264 100  11264   0      0  51225      0                              0

Extracting certificates...
Certificates successfully downloaded and stored in /opt/protegrity/rpagent/data

Protegrity RPAgent installed in /opt/protegrity/rpagent.

Note: If the JWT token is not specified while downloading the certificates, the RPAgent automatically retrieves the token from ESA. Note: For manual installation, the script will install the component under the specified directory only.

Navigate to the /opt/protegrity/rpagent/bin/ directory.
To start the RPAgent, run the following command:
```
./rpagentctrl start
```
Press ENTER.
The command starts the RPAgent successfully and a confirmation message appears.
```
Starting rpagent
```
To verify the status of the RPAgent, run the following command:
```
./rpagentctrl status
```
Press ENTER.
The status of the RPAgent service appears.
```
rpagent is running (pid=<process_ID>)
```