![[The AI Show Episode 143]: ChatGPT Revenue Surge, New AGI Timelines, Amazon’s AI Agent, Claude for Education, Model Context Protocol & LLMs Pass the Turing Test](https://www.marketingaiinstitute.com/hubfs/ep%20143%20cover.png)
![[DEALS] Microsoft Visual Studio Professional 2022 + The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From Accountant to Data Engineer with Alyson La [Podcast #168]](https://cdn.hashnode.com/res/hashnode/image/upload/v1744420903260/fae4b593-d653-41eb-b70b-031591aa2f35.png?#)
.png?#)
![What Google Messages features are rolling out [April 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/12/google-messages-name-cover.png?resize=1200%2C628&quality=82&strip=all&ssl=1)
![iPadOS 19 Will Be More Like macOS [Gurman]](https://www.iclarified.com/images/news/97001/97001/97001-640.jpg)
![Apple TV+ Summer Preview 2025 [Video]](https://www.iclarified.com/images/news/96999/96999/96999-640.jpg)
![Apple Watch SE 2 On Sale for Just $169.97 [Deal]](https://www.iclarified.com/images/news/96996/96996/96996-640.jpg)
THALES CipherTrust Manager Installation on Private Cloud Guide 2025
We assume that you have already downloaded the CipherTrust Manager OVA file. IF NOT then please follow this link OVA file download. Passing the cloud-init file for a Private Cloud Image When using the disk image, how the cloud-init data is passed to CipherTrust Manager depends on the virtualization platform - please refer to documentation or notes for your specific cloud environment. The following are two examples of passing cloud-init data when using a disk image, one using 'libvirt' and one using VMware/vSphere. You can view official documentation here THALES CipherTrust Manager. Using VMware/vSphere This example describes how to deploy CipherTrust Manager on VMware with a static IP configuration. In general, if you have virtual machines you intend to use frequently or for extended periods of time, it can be convenient to assign a static IP address, or configure DHCP server to always assign the same IP address, to each of these virtual machines. For virtual machines that you do not expect to keep for extended periods of time, use DHCP and let it allocate P addresses for these machines. Use the following procedure to deploy CipherTrust Manager on VMware with a static IP configuration. Note: This procedure includes preparation of a cloud-init configuration file used to set up a static IP address during launch of the CipherTrust Manager. Get CipherTrust Manager installation file for VMware from Gemalto Support Portal. Deploy OVA in ESXi Server. Select "Deploy OVF Template". On the Select an OVF template page, choose OVA file and select NEXT. Deploy Template On the Select a name and folder page, select the name of the virtual machine and its location. Validate the CipherTrust Manager Virtual Machine Configuration. On the Select a compute resource page, select the destination compute resource (if applicable). Note Error: If you see an error, please perform the following steps: Use ovftool.exe to convert ova file into uncompressed file(s). Execute the following command: ovftool.exe --lax Note OVF with compressed disk is not supported on newer version of Vsphere client. It may work on older versions. Repeat Step 2 with a new installer file. On the Review details page, verify the template details of the CipherTrust Manager image and if correct, select NEXT. Review Details On the Select storage page, select the storage location to install the CipherTrust Manager and then select NEXT. On the Select network page, select the network and then select FINISH. Warning Caution: Do not launch/start the machine at this time. Prepare the cloud-init configuration. Add a CD drive to the VM. Before booting up the VM, prepare the cloud-init configuration. The following cloud-init example configures the VM's eth0 port with a static IP address. Copy this example and edit it for your desired network settings. #cloud-config keysecure: netcfg: iface: name: eth0 type: static address: 192.168.1.150 netmask: 255.255.255.0 gateway: 192.168.1.1 dns1: 192.168.1.100 Warning Note: Cloud-init configuration files use YAML syntax; indentation is important and tabs cannot be used. Convert the string to base64. To convert to base64, use the openssl command: openssl base64 -in -out Save this base64 string to use in next steps. Add the base64 configuration to the VM. This step shows vSphere web client (Flash) version as demonstration. You may find similar options in other clients. Select: > virtual machine > Configure > Settings > vApp Options Press Edit button on the top right on this page. Under OVF Settings, select the ISO Image check box, which is next to OVF environment transport. On the same page, expand "Properties" to add configuration. Press the New button to add a property for the configuration. On following screen, there are two fields which need to be changed. Label: user-data Default value: Note: Key ID will change automatically when you change Label. Press OK to save the Property Settings. Then press OK again to save the vApp Options page. Launch the instance. The VM should boot up configured with a static IP. Important If you you're VM didn't pick the configuration using the base64 format. Then you can use my alternate step. Only follow if you were unsuccessful in configuring your YAML using base64 encoding. Injecting cloud-init conf using ISO file CTM.yaml: Make your network configuration file as mentioned below, to add other configurations in this please visit this link: #cloud-config keysecure: netcfg: iface: name: eth0 type: static address: 192.168.1.150 netmask: 255.255.255.0 gateway: 192.168.1.1 dns1: 192.168.1.100 Meta-data: Create a meta-data file and provide instance parameters, for example: instance-id: Creating I
We assume that you have already downloaded the CipherTrust Manager OVA file. IF NOT then please follow this link OVA file download.
Passing the cloud-init file for a Private Cloud Image
When using the disk image, how the cloud-init data is passed to CipherTrust Manager depends on the virtualization platform - please refer to documentation or notes for your specific cloud environment.
The following are two examples of passing cloud-init data when using a disk image, one using 'libvirt' and one using VMware/vSphere.
You can view official documentation here THALES CipherTrust Manager.
Using VMware/vSphere
This example describes how to deploy CipherTrust Manager on VMware with a static IP configuration. In general, if you have virtual machines you intend to use frequently or for extended periods of time, it can be convenient to assign a static IP address, or configure DHCP server to always assign the same IP address, to each of these virtual machines.
For virtual machines that you do not expect to keep for extended periods of time, use DHCP and let it allocate P addresses for these machines.
Use the following procedure to deploy CipherTrust Manager on VMware with a static IP configuration.
Note: This procedure includes preparation of a cloud-init configuration file used to set up a static IP address during launch of the CipherTrust Manager.
Get CipherTrust Manager installation file for VMware from Gemalto Support Portal.
Deploy OVA in ESXi Server.
Select "Deploy OVF Template".
On the Select an OVF template page, choose OVA file and select NEXT.
Deploy Template
On the Select a name and folder page, select the name of the virtual machine and its location.
Validate the CipherTrust Manager Virtual Machine Configuration. On the Select a compute resource page, select the destination compute resource (if applicable).
Note
Error: If you see an error, please perform the following steps:
Use ovftool.exe to convert ova file into uncompressed file(s).
Execute the following command:
ovftool.exe --lax
Note
OVF with compressed disk is not supported on newer version of Vsphere client. It may work on older versions.
Repeat Step 2 with a new installer file.
On the Review details page, verify the template details of the CipherTrust Manager image and if correct, select NEXT.
Review Details
On the Select storage page, select the storage location to install the CipherTrust Manager and then select NEXT.
On the Select network page, select the network and then select FINISH.
Warning
Caution: Do not launch/start the machine at this time.
Prepare the cloud-init configuration.
Add a CD drive to the VM.
Before booting up the VM, prepare the cloud-init configuration. The following cloud-init example configures the VM's eth0 port with a static IP address. Copy this example and edit it for your desired network settings.
#cloud-config
keysecure:
netcfg:
iface:
name: eth0
type: static
address: 192.168.1.150
netmask: 255.255.255.0
gateway: 192.168.1.1
dns1: 192.168.1.100
Warning
Note: Cloud-init configuration files use YAML syntax; indentation is important and tabs cannot be used.
Convert the string to base64. To convert to base64, use the openssl command:
openssl base64 -in -out
Save this base64 string to use in next steps.
Add the base64 configuration to the VM. This step shows vSphere web client (Flash) version as demonstration. You may find similar options in other clients.
Select: > virtual machine > Configure > Settings > vApp Options
Press Edit button on the top right on this page.
Under OVF Settings, select the ISO Image check box, which is next to OVF environment transport.
On the same page, expand "Properties" to add configuration.
Press the New button to add a property for the configuration. On following screen, there are two fields which need to be changed.
Label: user-data
Default value:
Note: Key ID will change automatically when you change Label.
Press OK to save the Property Settings.
Then press OK again to save the vApp Options page.
Launch the instance. The VM should boot up configured with a static IP.
Important
If you you're VM didn't pick the configuration using the base64 format. Then you can use my alternate step. Only follow if you were unsuccessful in configuring your YAML using base64 encoding.
Injecting cloud-init conf using ISO file
CTM.yaml:
Make your network configuration file as mentioned below, to add other configurations in this please visit this link:
#cloud-config
keysecure:
netcfg:
iface:
name: eth0
type: static
address: 192.168.1.150
netmask: 255.255.255.0
gateway: 192.168.1.1
dns1: 192.168.1.100
Meta-data:
Create a meta-data file and provide instance parameters, for example:
instance-id:
Creating ISO file:
- Use any available linux command line.
- Make sure genisoimage utility is installed.
- Create the ISO file using the following command.
genisoimage -o config.iso -volid cidata -joliet -rock
- This command will give you a file named config.iso.
- Attaching the ISO file
- Upload the given config.iso file into your VMware Datastore. Attach the ISO file to the CipherTrust Manager VM by editing settings.
Important
Make sure your CD/DVD Drive Connect on Power On checkbox is checked.
Now start the VM and check if it picked up the configurations.
Example using 'libvirt'
When launching a virtual machine with the Qcow2 image using 'libvirt', the cloud-init data has to be passed in as an ISO file. The ISO can be generated as follows:
Prepare the user-data file as follows:
Rename the file config.data to user-data.
Because the user's SSH key is used for wrapping a layer of encryption keys, it must be added to the cloud-init config. So, the 'user-data' file should look like:
#cloud-config
hostname:
diskenc:
encrypt: true
ssh_authorized_keys:
-
Note: 'ssh_authorized_keys' can be configured with multiple ssh public keys.
Create a meta-data file and provide instance parameters, for example:
instance-id:
Create an ISO image file:
- Make sure genisoimage utility is installed.
- Create the ISO file.
genisoimage -o config.iso -volid cidata -joliet -rock user-data meta-data
Launch instance using virt-install. OpenStack example:
virt-install --virt-type kvm --name --ram 2048 --disk path=,size=16,format=qcow2 --disk path= --network network=default --graphics vnc,listen=0.0.0.0 --noautoconsole --os-type=linux --os-variant= ubuntu16.04 --import
Verifying if VM configurations
After logging in using the ksadmin user and setting a new password you can follow the steps to verify your configurations.
Viewing Cloud-init Logs
In my case I edited the VM IP address, gateway and DNS server. In most cases logs of every configurations done on this VM is stored in
/var/log/cloud-init.log
cd /var/log/
less cloud-init.log
# I want to search if my IP was set to static
/static
# You can search for anything else related to you
This will give the following output.
Other ways to verify your network configurations.
# Find your network device
nmcli device show | head -n 10
# Mine was ens32 consult your network configuration file
nmcli device show ens32
