• Contents
• 1.0 Introduction
• 1.1 Audience
• 1.2 Overview
• 1.3 The Chain of Trust
• 1.4 Deployment Scenarios
• 1.5 Workflow
• 2.0 Cloud Integrity Technology Components
• 2.1 Attestation Server
• 2.2 Trust Agent
• 3.0 Cloud Integrity Technology Setup
• 3.1 Preparing the Build Environment
• 3.1.1 Installing the Required Packages
• 3.1.2 Installing the Java Development Kit (JDK)
• 3.1.3 Installing Apache Maven 3.3.3
• 3.1.4 Editing setting.xml
• 3.1.5 Modifying Environment Files
• 3.2 CIT Source Code
• 3.2.1 Downloading the Source Code
• 3.2.2 Building the Source Code
• 3.3 Building External Artifacts
• 3.3.1 Prerequisites
• 3.3.2 Build
• 3.3.3 Binary Locations
• 3.4 Installing the Attestation Server
• 3.4.1 Package Dependencies
• 3.4.2 Supported Operating Systems
• 3.4.3 Recommended Hardware
• 3.4.4 Installation
• 3.5 Installing the Trust Agent
• 3.5.1 Installing the Trust Agent - Linux (TPM 1.2)
• 3.5.1.1 Package Dependencies
• 3.5.1.2 Supported Operating Systems
• 3.5.1.3 Prerequisites
• 3.5.1.4 Installation
• 3.5.2 Installing the Trust Agent - Linux (TPM 2.0)
• 3.5.2.1 Package Dependencies
• 3.5.2.2 Supported Operating Systems
• 3.5.2.3 Prerequisites
• 3.5.2.4 Installation
• 3.5.3 Installing the Trust Agent - Windows (TPM 1.2/2.0)
• 3.5.3.1 Package Dependencies
• 3.5.3.2 Supported Operating Systems
• 3.5.3.3 Prerequisites
• 3.5.3.4 Installation
• 4.0 Getting Started
• 4.1 Portal Overview
• 4.2 Whitelist
• 4.2.1 Importing Whitelist MLEs
• 4.2.2 Importing Whitelist MLE Values from a Windows Trust Agent Host
• 4.2.3 Importing Whitelist MLE Values from a KVM or Xen Trust Agent Host
• 4.2.4 Importing Whitelist MLE Values from a Citrix Xen Trust Agent Host
• 4.2.5 Importing Whitelist MLE Values from an ESXi Host
• 4.2.6 Edit/View MLE
• 4.2.7 Edit OS
• 4.2.8 Edit OEM
• 4.3 Host Management
• 4.3.1 Importing Hosts
• 4.3.2 Registering Hosts Using a Flat File
• 4.3.3 Registering ESXi Hosts by Cluster
• 4.3.4 Manual Host Registration
• 4.3.5 Trust Dashboard
• 4.3.6 Trust Assertion Details
• 4.3.7 Trust Report
• 4.3.8 Asset Tag Provisioning
• 4.3.8.1 Push Provisioning Method (Manual Certificate Creation)
• 4.3.8.2 Push Provisioning Method (Automated)
• 4.3.8.3 Pull Provisioning Method
• 4.3.8.4 PXE Image Configuration (Pull Provisioning)
• 4.3.8.5 Asset Tag Provisioning Agent Script (PXE)
• 4.3.8.6 Asset Tag Visibility and Attestation
• 4.3.9 Bulk Trust Refresh
• 4.3.10 Reports
• 4.3.11 Administration
• 4.3.11.1 User Account Registration
• 4.3.11.2 Description of Cloud Integrity Technology Roles
• 4.3.11.3 New User Creation
• 4.3.11.4 View Certificates
• 4.3.11.5 TLS Policy Management
• 5.0 Configuration
• 5.1 PCR Definitions
• Legacy Usage (TPM1.2)
• Details and Authorities Usage (TPM2.0)
• 5.2 Tested Platforms
• 5.3 Whitelisting Guidelines
• 5.4 MLE Administration
• 5.5 TLS Policy Overview
• 5.5.1 TLS Policy Types
• 5.5.2 Policy Scope
• 5.5.3 Default Policy Selection.
• 5.5.4 Cloud Integrity Technology 1.x Behavior
• 5.6 Database Configuration for Remote Database Servers
• 5.7 SSL Changes from CIT 1.x to CIT 2.x
• 5.8 Command-Line Interface
• 5.8.1 Attestation Service
• 5.8.1.1 Check Server Version
• 5.8.1.2 Check Server Status
• 5.8.1.3 Start and Stop the Server
• 5.8.1.4 Change the Database Password and Update Configuration Files
• 5.8.1.5 Output Attestation Service SSH Key and SAML Certificate Fingerprints
• 5.8.1.6 Detect and Output Currently-Installed Version of and Installation Location Java
• 5.8.1.7 Detect and Output Currently Installed Version and installation location of Tomcat
• 5.8.1.8 Generate a New Tomcat SSL Certificate
• 5.8.1.9 Check the Status of the Tomcat Web Server
• 5.8.1.10 Backup and Restore All Keys, Certificates, and Secrets Used by the Attestation Service
• 5.8.1.11 Execute All Setup Tasks
• 5.8.1.12 Execute Specific Setup Tasks
• 5.8.1.13 Validate a Setup Task Without Executing It
• 5.8.1.14 Force Execution of a Setup Task Even if It is Already Validated
• 5.8.1.15 Continue Executing Subsequent Setup Tasks Even if One Fails
• 5.8.1.16 Uninstall
• 5.8.1.17 Help
• 5.8.2 Trust Agent
• 5.8.2.1 Start
• 5.8.2.2 Stop
• 5.8.2.3 Restart
• 5.8.2.4 Status
• 5.8.2.5 Version
• 5.8.2.6 Authorize
• 5.8.2.7 Setup
• 5.8.2.8 Uninstall
• 5.8.2.9 Help
• 5.9 Installation and Configuration Options
• 5.9.1 Attestation Service
• 5.9.1.1 Installation Options
• Table 1. Installation Options (set in mtwilson.env)
• 5.9.1.2 Configuration Options
• Table 2. mtwilson.properties
• Table 3. audit-handler.properties
• Table 4. attestation-service.properties
• Table 5. wlm-service.properties
• Table 6. management-service.properties
• Table 7. mtwilson-portal.properties
• 5.9.2 Trust Agent - Linux
• Table 8. Directory Structure
• Table 9. trustagent.env
• Table 10. /opt/trustagent/configuration/trustagent.properties
• 5.9.3 Trust Agent - Windows
• Table 11. Directory Structure
• Table 12. trustagent.env
• 5.10 Security Configuration
• 5.10.1 Attestation Service
• 5.10.1.1 Encrypting the Configuration Files
• 5.10.1.2 Changing the Database Password
• 5.10.2 Trust Agent
• 5.10.2.1 Encrypting the Trust Agent Configuration Files
• 5.11 High Availability Guidelines
• 5.11.1 Attestation Service
• 5.11.1.1 Prerequisites
• 5.11.1.2 Deployment Instructions
• 5.11.1.3 Failover
• 6.0 Uninstallation
• 6.1 Attestation Service
• 6.2 Trust Agent
• 6.2.1 Uninstalling the Linux Trust Agent
• 6.2.2 Uninstalling the Windows Trust Agent
• 7.0 Troubleshooting Guide
• Table 13. Troubleshooting Commands
• 8.0 TXT/TPM Prerequisites and Activation
• 8.1 Trusted Boot Provisioning
• 8.1.1 Linux (TPM 1.2) - Ubuntu
• Prerequisites Packages Installation
• 8.1.2 Linux (TPM 1.2) – RHEL 7
• Updating GRUB2 Menu
• 8.1.3 Linux (TPM 2.0) - Ubuntu
• 8.1.4 Linux (TPM 2.0) – RHEL
• 8.1.5 Microsoft Hyper-V 2012 Server (TPM 1.2/2.0)
• 8.1.6 Microsoft Windows Server 2012 (TPM 1.2/2.0)
• 9.0 Frequently Asked Questions
• Legal