Date post: | 23-May-2018 |
Category: |
Documents |
Upload: | trannguyet |
View: | 219 times |
Download: | 2 times |
Trend Micro Incorporated reserves the right to make changes to this document and tothe cloud service described herein without notice. Before installing and using the cloudservice, review the readme files, release notes, and/or the latest version of the applicabledocumentation, which are available from the Trend Micro website at:
http://docs.trendmicro.com/en-us/enterprise/cloud-app-encryption-for-office-365.aspx
© 2015 Trend Micro Incorporated. All Rights Reserved.Trend Micro, the Trend Micro t-ball logo, and Cloud App Encryption are trademarks or registered trademarks of TrendMicro Incorporated. All other product or company names may be trademarks orregistered trademarks of their owners.
Document Part No.: APEM26769_141031
Release Date: February 2015
Protected by U.S. Patent No.: Patents pending.
This documentation introduces the main features of the cloud service and/or providesinstallation instructions for a production environment. Read through the documentationbefore installing or using the cloud service.
Detailed information about how to use specific features within the cloud service may beavailable at the Trend Micro Online Help Center and/or the Trend Micro KnowledgeBase.
Trend Micro always seeks to improve its documentation. If you have questions,comments, or suggestions about this or any Trend Micro document, please contact us [email protected].
Evaluate this documentation on the following site:
http://docs.trendmicro.com/en-us/survey.aspx
i
Table of ContentsPreface
Preface ................................................................................................................. iii
Documentation .................................................................................................. iv
Audience ............................................................................................................. iv
Document Conventions .................................................................................... v
About Trend Micro ........................................................................................... vi
Chapter 1: IntroductionCloud App Encryption .................................................................................. 1-2
Cloud App Encryption Key Server ............................................................. 1-2
Deployment Overview ................................................................................... 1-4
Chapter 2: RequirementsSystem Requirements ..................................................................................... 2-2
Port Requirements .......................................................................................... 2-3
Chapter 3: DeploymentDeployment Process ...................................................................................... 3-2
Best Practices for Deployment ..................................................................... 3-2
Installing the Cloud App Encryption Key Server Operating System .... 3-3
Configuring the Key Management Environment .................................... 3-13
Important Note ............................................................................................ 3-14
Chapter 4: IntegrationLocating the Public Certificate File .............................................................. 4-2
Enabling / Disabling SSH .................................................................... 4-2
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
ii
Public Certificate Example ............................................................................ 4-3
Integrating with Cloud App Encryption for Office 365 .......................... 4-5
Chapter 5: Key MaintenanceDestroying Keys .............................................................................................. 5-2
Destroying the Encryption Key ........................................................... 5-2
Encryption Key Backup and Restore .......................................................... 5-3Creating an Encryption Key Backup ................................................... 5-3Restoring an Encryption Key from a Backup .................................... 5-3
Unreachable Keys ........................................................................................... 5-5
Appendix A: Command Line InterfaceUsing the CLI ................................................................................................. A-2
Entering the CLI ............................................................................................ A-2
Command Line Interface Commands ........................................................ A-3CLI Command Reference .................................................................... A-3
Appendix B: Additional ResourcesConsole and Proxy Addresses by Region ................................................... B-2
Appendix C: Glossary
IndexIndex .............................................................................................................. IN-1
iii
Preface
PrefaceWelcome to the Trend Micro Cloud App Encryption Key Server Deployment Guide.This guide explains how to deploy Cloud App Encryption Key Server in yourenvironment on-premises and then integrate as a Key Management InteroperabilityProtocol (KMIP) server with Cloud App Encryption for Office 365 in the cloud.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
iv
DocumentationThe documentation set for Cloud App Encryption for Office 365 includes thefollowing:
TABLE 1. Product Documentation
DOCUMENT DESCRIPTION
Cloud App Encryption KeyServer Deployment Guide
Explains how to deploy Cloud App Encryption Key Serverin your environment on-premises and then integrate withCloud App Security for Office 365 in the cloud.
Third-Party KMIP ServerIntegration Guide
Explains how integrate a third-party Key ManagementInteroperability Protocol (KMIP) server with Cloud AppSecurity for Office 365 in the cloud.
Online Help Web-based documentation that is accessible from theCloud App Encryption management console.
The Online Help contains explanations of Cloud AppEncryption components and features, as well asprocedures needed to configure Cloud App Encryption.
Support Portal The Support Portal is an online database of problem-solving and troubleshooting information. It provides thelatest information about known product issues. To accessthe Support Portal, go to the following website:
http://esupport.trendmicro.com
View and download Cloud App Encryption documentation from the Trend MicroDocumentation Center:
http://docs.trendmicro.com/en-us/enterprise/cloud-app-security-for-office-365.aspx
AudienceThe Cloud App Encryption for Office 365 documentation is written for ITadministrators and security analysts. The documentation assumes that the reader has anin-depth knowledge of networking and information security, including the followingtopics:
Preface
v
• Network topologies
• Email routing
• SMTP
• Encryption fundamentals
The documentation does not assume the reader has any knowledge of sandboxenvironments or threat event correlation.
Document ConventionsThe documentation uses the following conventions:
TABLE 2. Document Conventions
CONVENTION DESCRIPTION
UPPER CASE Acronyms, abbreviations, and names of certaincommands and keys on the keyboard
Bold Menus and menu commands, command buttons, tabs,and options
Italics References to other documents
Monospace Sample command lines, program code, web URLs, filenames, and program output
Navigation > Path The navigation path to reach a particular screen
For example, File > Save means, click File and then clickSave on the interface
Note Configuration notes
Tip Recommendations or suggestions
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
vi
CONVENTION DESCRIPTION
Important Information regarding required or default configurationsettings and product limitations
WARNING! Critical actions and configuration options
About Trend MicroAs a global leader in cloud security, Trend Micro develops Internet content security andthreat management solutions that make the world safe for businesses and consumers toexchange digital information. With over 20 years of experience, Trend Micro providestop-ranked client, server, and cloud-based solutions that stop threats faster and protectdata in physical, virtual, and cloud environments.
As new threats and vulnerabilities emerge, Trend Micro remains committed to helpingcustomers secure data, ensure compliance, reduce costs, and safeguard business integrity.For more information, visit:
http://www.trendmicro.com
Trend Micro and the Trend Micro t-ball logo are trademarks of Trend MicroIncorporated and are registered in some jurisdictions. All other marks are the trademarksor registered trademarks of their respective companies.
1-1
Chapter 1
Introduction
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
1-2
Cloud App EncryptionTrend Micro Cloud App Encryption keeps Office 365 data private through independentemail encryption. By integrating cloud-to-cloud with Microsoft Office 365, Cloud AppEncryption requires no email traffic rerouting and transparently preserves user andadministrative functionality.
Cloud App Encryption Key ServerCloud App Encryption Key Server enhances Cloud App Encryption for Office 365 byseparately managing the encryption keys for Exchange Online. Deploy Cloud AppEncryption to maintain data ownership and control with independent data encryption.
Cloud App Encryption Key Server controls the encryption key lifecycle, includingencryption key creation and destruction. Cloud App Encryption Key Server alsosupports backing up and restoring encryption keys to save configurations or to migrate aconfiguration to another server.
Introduction
1-3
The following illustration shows the network topology after deploying Cloud AppEncryption Key Server on-premises.
FIGURE 1-1. Trend Micro Cloud App Encryption Key Server
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
1-4
NoteCloud App Encryption Key Server utilizes Key Management Interoperability Protocol(KMIP) technology. KMIP is an open source communication protocol between keymanagement systems (servers) and encryption systems (clients). By abstracting the task ofmanaging keys from the applications that use them, KMIP technology, like otherencryption technologies, allows Trend Micro to separately manage your keys in the cloud oron-premises while maintaining encryption in the cloud.
The KMIP effort is governed by the Organization for the Advancement of StructuredInformation Standards (OASIS). For details, see https://www.oasis-open.org/committees/kmip/charter.php.
Deployment Overview
Procedure
1. Review the requirements.
Learn about the system requirements and port information.
See Requirements on page 2-1.
2. Configure the Cloud App Encryption Key Server environment.
Install the operating system, create a certificate, and configure additional settings.
See Deployment Process on page 3-2.
3. Integrate with Cloud App Encryption.
Specify the Cloud App Encryption Key Server IP address, port, and public servercertificate information in the Cloud App Encryption console.
See Integration on page 4-1.
2-1
Chapter 2
Requirements
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
2-2
System RequirementsThe following table provides the recommended and minimum system requirements forrunning Cloud App Encryption Key Server.
TABLE 2-1. System Requirements
SPECIFICATION DESCRIPTION
Hypervisor VMware™ ESXi™
• 5.1
• 5.0
Operating System A separate operating system is not required. Cloud AppEncryption Key Server provides a self-contained installation usingthe CentOS Linux operating system. This dedicated operatingsystem installs with Cloud App Encryption Key Server.
CPU • Recommended: Four virtual core processors
• Minimum: Two virtual core processors
Memory • Recommended: 2 GB RAM
• Minimum: 1 GB RAM
Disk Space • Recommended: 200 GB
• Minimum: 100 GB
NoteThe Cloud App Encryption Key Server installation programautomatically partitions the detected disk space as perrecommended Linux practices.
Monitor Monitor that supports 800 x 600 resolution with 256 colors orhigher.
Requirements
2-3
Port RequirementsThe following table shows the ports required for Cloud App Encryption Key Server andthe purpose.
TABLE 2-2. Ports used by Cloud App Encryption for Office 365
PORT PROTOCOL FUNCTION PURPOSE
5696 KMIP Listening
Outbound
Allow connections from Trend MicroCloud App Encryption for Office 365key requests and other commands.
3-1
Chapter 3
Deployment
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
3-2
Deployment Process
Procedure
1. Do any of the following to obtain an SSL certificate and private key.
• Automatically generate a certificate when you install Cloud App EncryptionKey Server.
• Create your own certificate.
• Obtain a certificate from a Certificate Authority (CA), such as VeriSign.
2. Prepare the virtual machine to meet system requirements.
See Requirements on page 2-1.
3. Install the Cloud App Encryption Key Server operating system.
See Installing the Cloud App Encryption Key Server Operating System on page 3-3.
4. Configure the Cloud App Encryption Key Server key management environment.
See Configuring the Key Management Environment on page 3-13.
Best Practices for DeploymentBefore proceeding to installation and deployment, note the following best practices:
• The SSL certificate should be from a real Certificate Authority (CA). Examplesinclude VeriSign or an internal CA.
• Cloud App Encryption Key Server uses a PostgreSQL database. If you are notusing an ESX cluster, follow the VMware guidelines available at:
https://www.vmware.com/support/pubs/
• Size the virtual disk for future use. The installed system uses less than 900 MB.Trend Micro recommends using a 100 GB thin provisioned drive to handle growthpotential.
Deployment
3-3
• Make sure to back up your encryption key after deploying Cloud App EncryptionKey Server. For details, see Encryption Key Backup and Restore on page 5-3.
• Cloud App Encryption Key Server maintains your actual encryption keys. Keepsecurity paramount. Be mindful of technologies with unintended side effects thatcan leak information.
Installing the Cloud App Encryption KeyServer Operating System
WARNING!The installation deletes existing data and partitions from the selected device. Back upexisting data before installing Cloud App Encryption Key Server.
Procedure
1. Go to the Trend Micro Download Center.
http://downloadcenter.trendmicro.com/
2. Select Cloud App Encryption Key Server from the list.
3. Download the Cloud App Encryption Key Server ISO file.
4. Power on the virtual machine.
5. Configure the virtual machine to boot from the ISO file .
6. Restart the virtual machine.
The server boots from the Cloud App Encryption Key Server ISO file and theinstallation begins.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
3-4
The Cloud App Encryption Key Server Installation Menu screen appears.
7. Select Install Server.
Deployment
3-5
After the setup initializes, the Trend Micro License Agreement screen appears.
8. Click Accept to continue.
9. Select the appropriate keyboard language.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
3-6
10. Click Next
11. Select the drive location to install Cloud App Encryption Key Server.
Deployment
3-7
12. Click Next.
A warning message about removing all partitions (ALL DATA) on the selectionappears.
13. Click Yes to continue.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
3-8
The Cloud App Encryption Key Server install program scans the system todetermine that the hardware meets minimum specifications.
14. Click Next.
15. Specify the network interface settings and general settings.
Deployment
3-9
16. Click Next.
17. Select a time zone.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
3-10
18. Click Next.
19. Specify the administrator account (root) credentials. This account can access theoperating system shell and has all rights on the server. This is the most powerfuluser in the system.
Deployment
3-11
20. Click Next.
The Summary screen appears.
21. Review the summary and then click Next to begin the installation.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
3-12
22. At the warning message, click Continue.
After formatting the device, the program installs the operating system. Cloud AppEncryption Key Server installs after the server restarts.
23. When the installation confirmation appears, click Reboot.
Deployment
3-13
24. Disconnect the Cloud App Encryption Key Server ISO file to preventreinstallation.
Configuring the Key Management EnvironmentAfter completing the installation, the server restarts and loads the Command LineInterface (CLI). Configure Cloud App Encryption Key Server certificate settings tocomplete the installation. If you do not already have a certificate, you can generate oneduring the setup process.
Procedure
1. Log on Cloud App Encryption Key Server with the default credentials.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
3-14
• User name: root
• Password: <password specified at installation>
2. Type the following command:
/opt/trend/keyserver/script/kmip_setup.sh
3. Follow the on-screen prompts.
• If you do not have a certificate, the script can create one during theconfiguration process. Required information includes:
• Location
• Organization
• Server host name
• Email address
• PostgreSQL account credentials
• If you already have a certificate, make sure to have the public and private keyinformation available.
The initial configuration is complete.
Log on to the Command Line Interface (CLI) later to perform additional configurationsor maintenance tasks.
Important NoteIf the external KMIP server (Cloud App Encryption Key Server or a third-party KMIPserver) goes down and cannot communicate with Cloud App Encryption for Office 365,encryption and decryption stop. Email messages remain in whatever encrypted ordecrypted state they were when the server stopped communication.
4-1
Chapter 4
Integration
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
4-2
Locating the Public Certificate File
Procedure
1. Log on Cloud App Encryption Key Server with the default credentials.
• User name: root
• Password: <password specified at installation>
2. Enable SSH.
See Enabling / Disabling SSH on page 4-2.
3. Use an SSH client (example: PuTTy) to log on Cloud App Encryption Key Server.
4. Locate the certificate at:
/var/app_data2/server.pem
5. Copy the contents of the certificate to a text file stored on the local disk.
Tip
You may need to enable SSH to copy and paste from the virtual machine.
6. Disable SSH.
See Enabling / Disabling SSH on page 4-2.
WARNING!
Not disabling SSH after configuring the key management environment risks security.
Enabling / Disabling SSHYou may need to temporarily disable SSH while importing a certificate signed by anexternal Certificate Authority into Cloud App Encryption Key Server. SSH is not
Integration
4-3
required to import the certificate. Cloud App Encryption Key Server also supportsdirect USB connections.
Enabling SSH allows:
• Using an SSH client to remotely access Cloud App Encryption Key Server
• Importing an external certificate with a secure copy tool such as SCP (Secure CopyProtocol)
Procedure
• Enable SSH:
a. cp -f /etc/ssh/sshd_config /etc/ssh/sshd_config.bk
b. vi /etc/ssh/sshd_config to set “UsePAM yes” and “PermitRootLoginyes”
c. service sshd start
• Disable SSH:
a. service sshd stop
b. rm –f /etc/ssh/sshd_config
c. cp -f /etc/ssh/sshd_config.bk /etc/ssh/sshd_config
Public Certificate ExampleThe highlighted content in the following image represents the public certificateinformation required to configure encryption.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
4-4
FIGURE 4-1. Highlighted Content Required for Encryption
Integration
4-5
Integrating with Cloud App Encryption forOffice 365
Procedure
1. Log on to Cloud App Encryption for Office 365.
See Console and Proxy Addresses by Region on page B-2.
2. Go to Encryption.
3. Select Click here to choose.
4. Select Maintain encryption keys in your own network.
5. Specify the server settings.
OPTION DESCRIPTION
FQDN or IPaddress
Specify the Cloud App Encryption Key Server fully-qualifieddomain name or IP address.
Port Specify the port used to connect to Cloud App Encryption KeyServer. The default port is 5696.
Public servercertificate
Copy the contents of the certificate file. Make sure to only includethe certificate information and not the private key.
For information about locating the certificate file, see Locating thePublic Certificate File on page 4-2.
Clientcertificate
Download the Trend Micro client certificate if you must change theclient certificate used when you deployed Cloud App EncryptionKey Server. Reasons include:
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
4-6
OPTION DESCRIPTION
• Expired certificated
• Updated / Modified Cloud App Encryption certificate
NoteTrend Micro provides the client certificate when you install CloudApp Encryption Key Server.
6. Click Generate Key.
5-1
Chapter 5
Key Maintenance
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
5-2
Destroying KeysDestroying the encryption key has a significant impact. Destroyed encryption keys cannever be restored and email messages remain in their encrypted state forever. Users willbe unable to decrypt and read email messages with the revoked encryption key. Destroythe encryption key if your organization plans to stop using Office 365 and wants to keepencrypted email messages in the cloud that can never be decrypted.
• Destroying encryption keys has the same affect as decommissioning a KMIPserver. Cloud App Encryption for Office 365 may malfunction if you do notprovide a new encryption key after destroying the existing key.
• Destroying encryption keys from a third-party server causes Cloud AppEncryption for Office 365 to immediately stop encrypting or decrypting emailmessages.
Destroying the Encryption Key
Procedure
1. Log on to Cloud App Encryption for Office 365.
2. Go to Encryption.
3. Select Maintain encryption keys in your own network.
4. Click Destroy Key.
WARNING!
Clicking Destroy Key permanently deletes the encryption key. This cannot beundone. Encrypted email messages will remain in an encrypted state forever.
5. At the warning message, type your password and then click Destroy Key.
Key Maintenance
5-3
Encryption Key Backup and RestoreYou cannot back up or restore an encryption key through the Cloud App Encryptionconsole. Access the Cloud App Encryption Key Server through SSH or a direct VGAconnection to perform backup and restore operations.
Creating an Encryption Key Backup
Backing up the encryption key offers the following benefits:
• Ensures that you can build a new instance and import the backed up encryptionkey if the Cloud App Encryption Key Server instance crashes.
• Allows you to import the encryption key from another Cloud App Encryption KeyServer instance.
Backing up the encryption key calls a PostGreSQL utility to back up the entire database.
Procedure
1. Log on Cloud App Encryption Key Server with the default credentials.
• User name: root
• Password: <password specified at installation>
2. Type the following command:
/opt/trend/keyserver/script/db_backup_restore.sh backup
3. Follow the on-screen prompts.
Cloud App Encryption Key Server stores the backup file at /var/app_data/ .
Restoring an Encryption Key from a Backup
Restoring up the encryption key offers the following benefits:
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
5-4
• Allows you to restore the encryption key on another server
• Ensures that you have a backup server if the Cloud App Encryption Key Serverinstance crashes.
Restoring an encryption key calls a PostGreSQL utility to restore the entire database.Any existing encryption key is overwritten by the restored encryption key. Afterrestoring the encryption key, you cannot decrypt email messages that were encryptedusing the previous encryption key.
Note
The backup file must be in .tar file format.
Important
Restoring the encryption key overwrites any existing encryption key. After restoring theencryption key, users will be unable to decrypt any email messages that were encrypted withthe previous encryption key. If you do not make a backup of the previous encryption key,then those email message can never be decrypted.
Procedure
1. Log on Cloud App Encryption Key Server with the default credentials.
• User name: root
• Password: <password specified at installation>
2. Type the following command:
/opt/trend/keyserver/script/db_backup_restore.sh restore<full_file_path_and_file_name>
Example:
/opt/trend/keyserver/script/db_backup_restore.shrestore /tmp/KeyServer_db_kmip_ 1379552900_10.64.72.122.tar
Key Maintenance
5-5
3. Follow the on-screen prompts.
Unreachable KeysIf the external KMIP server (Cloud App Security Key Server or a third-party KMIPserver) goes down and cannot communicate with Cloud App Encryption for Office 365,encryption and decryption stop. Email messages remain in whatever encrypted ordecrypted state they were when the server stopped communication.
A-1
Appendix A
Command Line Interface
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-2
Using the CLIUse the Command Line Interface (CLI) to perform the following tasks:
• Configure the Cloud App Encryption Key Server environment
• Make an encryption key backup
• Restore an encryption key
• Configure network settings, such as the device IP address and host name
• Restart the device
• View device status
• Debug and troubleshoot the device
Note
Do not enable scroll lock on your keyboard when using HyperTerminal. If scroll lock isenabled, you cannot enter data.
Entering the CLITo log on to the CLI, either connect directly to the server or connect using SSH. Not allcommands appear when you log on with the root account. Use the enable account(Privileged Mode) to access privileged commands.
WARNING!
Enter the shell environment only if your support provider instructs you to performdebugging operations.
Procedure
• To connect directly to the server:
Command Line Interface
A-3
a. Connect a monitor and keyboard to the server.
b. Log on to the CLI in Privileged Mode.
User name: enable
Password: <root password defined at installation>
NoteTo log on without being in Privileged Mode, use root for the user name.
• To connect using SSH:
a. Verify the computer you are using can ping the Cloud App Encryption KeyServer instance IP address.
b. Use an SSH client to connect to the Cloud App Encryption instance IPaddress and TCP port 22.
Command Line Interface CommandsThe Cloud App Encryption Key Server CLI commands are separated into twocategories: normal and privileged commands. Normal commands are basic commandsto obtain specific low security risk information and to perform simple tasks. Privilegedcommands provide full configuration control and advanced monitoring and debuggingfeatures. Privileged commands are protected by an additional layer of credentials: theEnable account and password.
CLI Command ReferenceThe following tables explain the CLI commands.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-4
configure network dns
TABLE A-1. configure network dns ipv4
Configures IPv4 DNS settings for the device.
Syntax:
configure network dns ipv4 <dns1> <dns2>
View Privileged
Parameters <dns1>: Primary IPv4 DNS server
<dns2>: Secondary IPv4 DNS server
NoteUse a space to separate the primary and secondary DNSvalue.
Examples:
To configure the primary DNS with an IP address of 192.168.10.21:
configure network dns ipv4 192.168.10.21
To configure the primary and secondary DNS with the following values:
• Primary DNS: 192.168.10.21
• Secondary DNS: 192.168.10.22
configure network dns ipv4 192.168.10.21 192.168.10.22
configure network hostname
Configures the host name for the device.
Syntax:
configure network hostname <hostname>
View Privileged
Command Line Interface
A-5
Parameters <hostname>: The host name or fully qualified domain name(FQDN) for the device
Examples:
To change the host name of the device to test.host.com:
configure network hostname test.example.com
configure network interface
TABLE A-2. configure network interface ipv4
Configures the IPv4 address for the network interface card (NIC).
Syntax:
configure network interface ipv4 <interface> <ip> <mask>
View Privileged
Parameters <interface>: NIC name
<ip>: IPv4 address for the interface
<mask>: Network mask for the NIC
Examples:
To configure an NIC with the following values:
• Interface: eth0
• IP address: 192.168.10.10
• Subnet mask: 255.255.255.0
configure network interface ipv4 eth0 192.168.10.10 255.255.255.0
configure network route add
TABLE A-3. configure network route add ipv4
Adds a new route entry
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-6
Syntax:
configure network route add ipv4 <ip_prefixlen> <via> <dev>
View Privileged
Parameters <ip_prefixlen>: Destination network ID with format IPv4_Address/Prefixlen
<via>: IPv4 address of the next hop
<dev>: Device name
Example:
To add a new route entry:
configure network route add ipv4 172.10.10.0/24 192.168.10.1 eth1
configure network route default
TABLE A-4. configure network route default ipv4
Sets the default route for the device
Syntax:
configure network route default ipv4 <gateway>
View Privileged
Parameter <gateway>: IPv4 address of default gateway
Example:
To set the default route for the device:
configure network route default ipv4 192.168.10.1
configure network route del
TABLE A-5. configure network route del ipv4
Deletes a route for the device
Command Line Interface
A-7
Syntax:
configure network route del ipv4 <ip_prefixlen> <via> <dev>
View Privileged
Parameters <ip_prefixlen>: Destination network ID with format IPv4_Address/Prefixlen
<via>: IPv4 address of the next hop
<dev>: Device name
Example:
To delete a route for the device:
configure network route del ipv4 172.10.10.0/24 192.168.10.1 eth1
configure service ssh disable
Disables SSH on all network interface cards (NIC).
Syntax:
configure service ssh disable
View Privileged
Parameters None
Examples:
To disable SSH on all NICs:
configure service ssh disable
configure service ssh enable
Enables SSH on one specific network interface card (NIC).
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-8
Syntax:
configure service ssh enable <interface>
View Privileged
Parameters <interface>: The name of the NIC
Examples:
To enable SSH on NIC eth0:
configure service ssh enable eth0
configure system date
Configures the time and date and saves the data in CMOS.
Syntax:
configure system date <date> <time>
View Privileged
Parameters <date>: Set the date using the following format: yyyy-mm-dd
<time>: Set the time with the following format: hh:mm:ss
Examples:
To set the date to August 12, 2010 and the time to 3:40 PM:
configure system date 2010-08-12 15:40:00
configure system password enable
To change the password required to enter Privileged mode.
Syntax:
configure system password enable
View Privileged
Command Line Interface
A-9
Parameters None
Examples:
To change the password required to enter Privileged mode
configure system password enable
configure system timezone
Configures the time zone used by the device.
Syntax:
configure system timezone <region>/<city>
View Privileged
Parameters <region>: Region name
<city>: City name
Examples:
To configure the device to use the time zone for the following location:
Region: America
City: New York
configure system timezone America/New_York
TABLE A-6. Time Zone Setting Examples
REGION/COUNTRY CITY
Africa Cairo
Harare
Nairobi
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-10
REGION/COUNTRY CITY
America Anchorage
Bogota
Buenos_Aires
Caracas
Chicago
Chihuahua
Denver
Godthab
Lima
Los_Angeles
Mexico_City
New_York
Noronha
Phoenix
Santiago
St_Johns
Tegucigalpa
Command Line Interface
A-11
REGION/COUNTRY CITY
Asia Almaty
Baghdad
Baku
Bangkok
Calcutta
Colombo
Dhaka
Hong_Kong
Irkutsk
Jerusalem
Kabul
Karachi
Katmandu
Krasnoyarsk
Kuala_Lumpur
Kuwait
Magadan
Manila
Muscat
Rangoon
Seoul
Shanghai
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-12
REGION/COUNTRY CITY
Asia (Continued) Singapore
Taipei
Tehran
Tokyo
Yakutsk
Atlantic Azores
Australia Adelaide
Brisbane
Darwin
Hobart
Melbourne
Perth
Europe Amsterdam
Athens
Belgrade
Berlin
Brussels
Bucharest
Dublin
Moscow
Paris
Command Line Interface
A-13
REGION/COUNTRY CITY
Pacific Auckland
Fiji
Guam
Honolulu
Kwajalein
Midway
US Alaska
Arizona
Central
East-Indiana
Eastern
Hawaii
Mountain
Pacific
enable
Enters privileged mode so privileged commands can be provided.
Syntax:
enable
View Root
Parameters None
Examples:
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-14
To enter privileged mode:
enable
exit
Exits privileged mode.
Exits the session for those not in privileged mode.
Syntax:
exit
View Root/Privileged
Parameters None
Examples:
To exit privileged mode or to exit the session when not in privileged mode:
exit
help
Displays the CLI help information.
Syntax:
help
View Privileged/Root
Parameters None
Examples:
To display the CLI help information:
help
Command Line Interface
A-15
history
Displays the current session's command line history.
Syntax:
history [limit]
View Privileged/Root
Parameters [limit]: Specifies the size of the history list for the current session
Specifying "0" retains all commands for the session.
Examples:
To specify six commands for the size of the history list:
history 6
logout
Logs out of the current CLI session.
Syntax:
logout
View Root
Parameters None
Examples:
To logout from the current session:
logout
ping
Pings a specified host.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-16
Syntax:
ping [-c num_echos] [-i interval] <dest>
View Root
Parameters [-c num_echos]: Specifies the number of echo requests to besent. Default value is 5.
[-i interval]: Specifies the delay interval in seconds between eachpacket. Default value is 1 second.
<dest>: Specifies the destination hostname or IP address
Examples:
To ping the IP address 192.168.1.1:
ping 192.168.1.1
To ping the host remote.host.com:
ping remote.host.com
reboot
Reboots the device immediately or after a specified delay.
Syntax:
reboot [time]
View Privileged
Parameters [time]: Specifies the delay, in minutes, to reboot the device
Examples:
To reboot the device immediately:
reboot
To reboot the device after 5 minutes:
reboot 5
Command Line Interface
A-17
resolve
Resolves an IPv4 address from a hostname or resolves a hostname from an IPv4address.
Syntax:
resolve <dest>
View Privileged
Parameter <dest>: Specifies the IPv4 address or hostname to resolve
Examples:
To resolve the hostname from IP address 192.168.10.1:
resolve 192.168.10.1
To resolve the IP address from hostname parent.host.com:
resolve parent.host.com
show storage statistic
Displays the file system disk space usage.
Syntax:
show storage statistic [partition]
View Root
Parameters [partition]: Specify a partition. This is optional.
Examples:
To display the file system disk space usage of the device:
show storage statistic
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-18
show network
Displays various network configurations.
Syntax:
show network [arp | connections | dns | hostname | interface | route]
View Root
Parameters arp: Displays the Address Resolution Protocol (ARP) tables.
connections: Displays the device’s current network connections.
dns: Displays the device’s DNS IP address.
dns primary: Displays the device’s primary DNS IP address.
dns secondary: Displays the device’s secondary DNS IP address.
hostname: Displays the device’s hostname.
interface: Displays the network interface card (NIC) status andconfiguration.
route: Displays IP address route table.
Examples:
To display the ARP tables:
show network arp
To display the device’s current network connections:
show network connections
To display the DNS configuration:
show network dns
To display the hostname of the device:
show network hostname
To display the NIC status and configuration:
show network interface
Command Line Interface
A-19
To display the IP address route table:
show network route
show kernel
Displays the device’s OS kernel information.
Syntax:
show kernel {messages | modules | parameters | iostat}
View Root
Parameters messages: Displays kernel messages.
modules: Displays kernel modules.
parameters: Displays kernel parameters.
iostat: Displays CPU statistics and I/O statistics for devices andpartitions.
Examples:
To display the OS kernel’s messages:
show kernel messages
To display the OS kernel’s modules:
show kernel modules
To display the OS kernel’s parameters:
show kernel parameters
To display device CPU statistics and I/O statistics:
show kernel iostat
show service
Displays the SSH service status.
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-20
Syntax:
show service [ssh]
View Root
Parameters ssh: Displays the status of SSH.
Examples:
To display the SSH status:
show service ssh
show memory
Displays the device’s system memory information.
Syntax:
show memory [statistic]
View Root
Parameters statistic: Displays system memory statistics
Examples:
To display system memory statistics:
show memory statistic
show process
Displays the status of processes currently running.
Syntax:
show process [top]
View Root
Command Line Interface
A-21
Parameters [top]: Displays the status of processes currently running andsystem related processes
Examples:
To display the status of processes currently running:
show process
show system
Displays various system settings.
Syntax:
show system [date | timezone | uptime | version]
View Root
Parameters date: Displays the current time and date.
timezone: Displays the device’s time zone settings.
uptime: Displays how long the device has been running.
version: Displays version number for the device.
Examples:
To display the current time and date of the device:
show system date
To display the device’s timezone settings:
show system timezone
To display how long the system has been running:
show system uptime
To display system’s version number:
show system version
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
A-22
shutdown
Specifies shutting down the device immediately or after a specified delay.
Syntax:
shutdown [time]
View Privileged
Parameters [time]: Shuts down the device after a specified delay in minutes.
Examples:
To shut down the device immediately:
shutdown
To shut down the device after a 5 minute delay:
shutdown 5
traceroute
Displays the tracking route to a specified destination.
Syntax:
traceroute [-h hops] <dest>
View Root
Parameters [-h hops]: Specifies the maximum number of hops to thedestination. The minimum number is 6.
<dest>: Specifies the remote system to trace
Examples:
To display the route to IP address 172.10.10.1 with a maximum of 6 hops:
traceroute 172.10.10.1
Command Line Interface
A-23
To display the route to IP address 172.10.10.1 with a maximum of 30 hops:
traceroute -h 30 172.10.10.1
B-1
Appendix B
Additional Resources
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
B-2
Console and Proxy Addresses by RegionThe email proxy address for MAPI, EAS, and OWA connections and the administrativeconsole depends on the AWS datacenter for the region. The following table explains theemail proxy and administrative console addresses by region.
TABLE B-1. Console Addresses by Region
REGION DATACENTER LOCATION ADDRESS
Europe Ireland admin-eu.tmcae.trendmicro.com
North America Oregon admin.tmcae.trendmicro.com
TABLE B-2. Email Proxy Addresses by Region
REGION DATACENTER LOCATION ADDRESS
Europe Ireland EAS: eas-eu.tmcae.trendmicro.com
MAPI: mapi-eu.tmcae.trendmicro.com
OWA: owa-eu.tmcae.trendmicro.com
North America Oregon EAS: eas.tmcae.trendmicro.com
MAPI: mapi.tmcae.trendmicro.com
OWA: owa.tmcae.trendmicro.com
TABLE B-3. Autodiscover Proxy Addresses by Region
REGION DATACENTER LOCATION ADDRESS
Europe Ireland http://autodiscover-eu.tmcae.trendmicro.com
North America Oregon http://autodiscover.tmcae.trendmicro.com
C-1
Appendix C
Glossary
Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide
C-2
Cryptographic EngineAs an integral component of Cloud App Encryption for Office 365, theCryptographic Engine uses an industry standard algorithm to encrypt anddecrypt email from Microsoft Office 365. The Delegate Listener Component(Delegate Accounts) directs the Cryptographic Engine to encrypt emailmessages on arrival, while the Protocol Proxy Component (email proxy)directs the engine to decrypt email messages for retrieval.
Delegate AccountA Delegate Account is not associated with an actual person. A DelegateAccount is a tenant account that Cloud App Encryption requires to integratewith Microsoft Office 365 services.
Create a Delegate Account in Microsoft Office 365 for Cloud AppEncryption to access your Microsoft Office 365 mailbox accounts for emailencryption. The Delegate Account must have the “ApplicationImpersonation”and “Mailbox Search” roles assigned to it.
EASExchange ActiveSync (EAS) is an XML-based protocol that communicatesover HTTP (or HTTPS) designed for the synchronization of email, contacts,calendar, tasks and notes from a messaging server to a mobile device. Theprotocol also provides mobile device management and policy controls.
Exchange Admin CenterAccessed through the Microsoft Office 365 Admin Center (Admin >Exchange), this web-based management console is where you manage itemsrelated to email that you cannot manage through the Microsoft Office 365Admin Center. This includes the management of recipients, permissions,
Glossary
C-3
compliance management, organization, protection, mail flow, mobile devices,public folders, and unified messaging.
MAPIMessaging Application Programming Interface (MAPI) is a protocol used byMicrosoft Outlook to communicate with Microsoft Exchange servers.
Office 365 Admin CenterLaunched from the top right corner of the navigation bar, the Admin Centeris where you can perform various administrative tasks for Office 365, whichinclude system setup, reports, email services, users and groups, domains,product subscriptions and licenses, policies, service support requests, andadditional account services requests.
OWAOutlook Web App (OWA) is used to access email (including support for S/MIME), calendars, contacts, tasks, documents (used with SharePoint or in2010, Office Web Apps), and other mailbox content when access to theMicrosoft Outlook Windows client is unavailable.
Trend Micro Key Management ServiceThis service, hosted in the cloud, manages the encryption keys necessary toprotection Microsoft Office 365 email accounts with email encryption anddecryption.
IN-1
IndexCcommand line interface
entering the shell environment, A-2Command Line Interface
accessing, A-2using, A-2
CPU requirements, 2-2
Ddisk space requirements, 2-2
Mmemory requirements, 2-2minimum requirements, 2-2
Rrequirements, 2-2
Sshell environment, A-2system requirements, 2-2