Trend Micro Incorporated reserves the right to make...

Trend Micro Incorporated reserves the right to make changes to this document and tothe cloud service described herein without notice. Before installing and using the cloudservice, review the readme files, release notes, and/or the latest version of the applicabledocumentation, which are available from the Trend Micro website at:

http://docs.trendmicro.com/en-us/enterprise/cloud-app-encryption-for-office-365.aspx

© 2015 Trend Micro Incorporated. All Rights Reserved.Trend Micro, the Trend Micro t-ball logo, and Cloud App Encryption are trademarks or registered trademarks of TrendMicro Incorporated. All other product or company names may be trademarks orregistered trademarks of their owners.

Document Part No.: APEM26769_141031

Release Date: February 2015

Protected by U.S. Patent No.: Patents pending.



This documentation introduces the main features of the cloud service and/or providesinstallation instructions for a production environment. Read through the documentationbefore installing or using the cloud service.

Detailed information about how to use specific features within the cloud service may beavailable at the Trend Micro Online Help Center and/or the Trend Micro KnowledgeBase.

Trend Micro always seeks to improve its documentation. If you have questions,comments, or suggestions about this or any Trend Micro document, please contact us [email protected].

Evaluate this documentation on the following site:

http://docs.trendmicro.com/en-us/survey.aspx

mailto:%[email protected]

http://docs.trendmicro.com/en-us/survey.aspx

i

Table of ContentsPreface

Preface ................................................................................................................. iii

Documentation .................................................................................................. iv

Audience ............................................................................................................. iv

Document Conventions .................................................................................... v

About Trend Micro ........................................................................................... vi

Chapter 1: IntroductionCloud App Encryption .................................................................................. 1-2

Cloud App Encryption Key Server ............................................................. 1-2

Deployment Overview ................................................................................... 1-4

Chapter 2: RequirementsSystem Requirements ..................................................................................... 2-2

Port Requirements .......................................................................................... 2-3

Chapter 3: DeploymentDeployment Process ...................................................................................... 3-2

Best Practices for Deployment ..................................................................... 3-2

Installing the Cloud App Encryption Key Server Operating System .... 3-3

Configuring the Key Management Environment .................................... 3-13

Important Note ............................................................................................ 3-14

Chapter 4: IntegrationLocating the Public Certificate File .............................................................. 4-2

Enabling / Disabling SSH .................................................................... 4-2

Trend Micro Cloud App Encryption for Office 365 Key Server Deployment Guide

ii

Public Certificate Example ............................................................................ 4-3

Integrating with Cloud App Encryption for Office 365 .......................... 4-5

Chapter 5: Key MaintenanceDestroying Keys .............................................................................................. 5-2

Destroying the Encryption Key ........................................................... 5-2

Encryption Key Backup and Restore .......................................................... 5-3Creating an Encryption Key Backup ................................................... 5-3Restoring an Encryption Key from a Backup .................................... 5-3

Unreachable Keys ........................................................................................... 5-5

Appendix A: Command Line InterfaceUsing the CLI ................................................................................................. A-2

Entering the CLI ............................................................................................ A-2

Command Line Interface Commands ........................................................ A-3CLI Command Reference .................................................................... A-3

Appendix B: Additional ResourcesConsole and Proxy Addresses by Region ................................................... B-2

Appendix C: Glossary

IndexIndex .............................................................................................................. IN-1

iii

Preface

PrefaceWelcome to the Trend Micro Cloud App Encryption Key Server Deployment Guide.This guide explains how to deploy Cloud App Encryption Key Server in yourenvironment on-premises and then integrate as a Key Management InteroperabilityProtocol (KMIP) server with Cloud App Encryption for Office 365 in the cloud.


iv

DocumentationThe documentation set for Cloud App Encryption for Office 365 includes thefollowing:

TABLE 1. Product Documentation

DOCUMENT DESCRIPTION

Cloud App Encryption KeyServer Deployment Guide

Explains how to deploy Cloud App Encryption Key Serverin your environment on-premises and then integrate withCloud App Security for Office 365 in the cloud.

Third-Party KMIP ServerIntegration Guide

Explains how integrate a third-party Key ManagementInteroperability Protocol (KMIP) server with Cloud AppSecurity for Office 365 in the cloud.

Online Help Web-based documentation that is accessible from theCloud App Encryption management console.

The Online Help contains explanations of Cloud AppEncryption components and features, as well asprocedures needed to configure Cloud App Encryption.

Support Portal The Support Portal is an online database of problem-solving and troubleshooting information. It provides thelatest information about known product issues. To accessthe Support Portal, go to the following website:

http://esupport.trendmicro.com

View and download Cloud App Encryption documentation from the Trend MicroDocumentation Center:

http://docs.trendmicro.com/en-us/enterprise/cloud-app-security-for-office-365.aspx

AudienceThe Cloud App Encryption for Office 365 documentation is written for ITadministrators and security analysts. The documentation assumes that the reader has anin-depth knowledge of networking and information security, including the followingtopics:

http://esupport.trendmicro.com

http://docs.trendmicro.com/en-us/enterprise/cloud-app-security-for-office-365.aspx

Preface

v

• Network topologies

• Email routing

• SMTP

• Encryption fundamentals

The documentation does not assume the reader has any knowledge of sandboxenvironments or threat event correlation.

Document ConventionsThe documentation uses the following conventions:

TABLE 2. Document Conventions

CONVENTION DESCRIPTION

UPPER CASE Acronyms, abbreviations, and names of certaincommands and keys on the keyboard

Bold Menus and menu commands, command buttons, tabs,and options

Italics References to other documents

Monospace Sample command lines, program code, web URLs, filenames, and program output

Navigation > Path The navigation path to reach a particular screen

For example, File > Save means, click File and then clickSave on the interface

Note Configuration notes

Tip Recommendations or suggestions


vi

CONVENTION DESCRIPTION

Important Information regarding required or default configurationsettings and product limitations

WARNING! Critical actions and configuration options

About Trend MicroAs a global leader in cloud security, Trend Micro develops Internet content security andthreat management solutions that make the world safe for businesses and consumers toexchange digital information. With over 20 years of experience, Trend Micro providestop-ranked client, server, and cloud-based solutions that stop threats faster and protectdata in physical, virtual, and cloud environments.

As new threats and vulnerabilities emerge, Trend Micro remains committed to helpingcustomers secure data, ensure compliance, reduce costs, and safeguard business integrity.For more information, visit:

http://www.trendmicro.com

Trend Micro and the Trend Micro t-ball logo are trademarks of Trend MicroIncorporated and are registered in some jurisdictions. All other marks are the trademarksor registered trademarks of their respective companies.

http://www.trendmicro.com

1-1

Chapter 1

Introduction


1-2

Cloud App EncryptionTrend Micro Cloud App Encryption keeps Office 365 data private through independentemail encryption. By integrating cloud-to-cloud with Microsoft Office 365, Cloud AppEncryption requires no email traffic rerouting and transparently preserves user andadministrative functionality.

Cloud App Encryption Key ServerCloud App Encryption Key Server enhances Cloud App Encryption for Office 365 byseparately managing the encryption keys for Exchange Online. Deploy Cloud AppEncryption to maintain data ownership and control with independent data encryption.

Cloud App Encryption Key Server controls the encryption key lifecycle, includingencryption key creation and destruction. Cloud App Encryption Key Server alsosupports backing up and restoring encryption keys to save configurations or to migrate aconfiguration to another server.

Introduction

1-3

The following illustration shows the network topology after deploying Cloud AppEncryption Key Server on-premises.

FIGURE 1-1. Trend Micro Cloud App Encryption Key Server


1-4

NoteCloud App Encryption Key Server utilizes Key Management Interoperability Protocol(KMIP) technology. KMIP is an open source communication protocol between keymanagement systems (servers) and encryption systems (clients). By abstracting the task ofmanaging keys from the applications that use them, KMIP technology, like otherencryption technologies, allows Trend Micro to separately manage your keys in the cloud oron-premises while maintaining encryption in the cloud.

The KMIP effort is governed by the Organization for the Advancement of StructuredInformation Standards (OASIS). For details, see https://www.oasis-open.org/committees/kmip/charter.php.

Deployment Overview

Procedure

1. Review the requirements.

Learn about the system requirements and port information.

See Requirements on page 2-1.

2. Configure the Cloud App Encryption Key Server environment.

Install the operating system, create a certificate, and configure additional settings.

See Deployment Process on page 3-2.

3. Integrate with Cloud App Encryption.

Specify the Cloud App Encryption Key Server IP address, port, and public servercertificate information in the Cloud App Encryption console.

See Integration on page 4-1.

https://www.oasis-open.org/committees/kmip/charter.php

https://www.oasis-open.org/committees/kmip/charter.php

2-1

Chapter 2

Requirements


2-2

System RequirementsThe following table provides the recommended and minimum system requirements forrunning Cloud App Encryption Key Server.

TABLE 2-1. System Requirements

SPECIFICATION DESCRIPTION

Hypervisor VMware™ ESXi™

• 5.1

• 5.0

Operating System A separate operating system is not required. Cloud AppEncryption Key Server provides a self-contained installation usingthe CentOS Linux operating system. This dedicated operatingsystem installs with Cloud App Encryption Key Server.

CPU • Recommended: Four virtual core processors

• Minimum: Two virtual core processors

Memory • Recommended: 2 GB RAM

• Minimum: 1 GB RAM

Disk Space • Recommended: 200 GB

• Minimum: 100 GB

NoteThe Cloud App Encryption Key Server installation programautomatically partitions the detected disk space as perrecommended Linux practices.

Monitor Monitor that supports 800 x 600 resolution with 256 colors orhigher.

Requirements

2-3

Port RequirementsThe following table shows the ports required for Cloud App Encryption Key Server andthe purpose.

TABLE 2-2. Ports used by Cloud App Encryption for Office 365

PORT PROTOCOL FUNCTION PURPOSE

5696 KMIP Listening

Outbound

Allow connections from Trend MicroCloud App Encryption for Office 365key requests and other commands.

3-1

Chapter 3

Deployment


3-2

Deployment Process

Procedure

1. Do any of the following to obtain an SSL certificate and private key.

• Automatically generate a certificate when you install Cloud App EncryptionKey Server.

• Create your own certificate.

• Obtain a certificate from a Certificate Authority (CA), such as VeriSign.

2. Prepare the virtual machine to meet system requirements.

See Requirements on page 2-1.

3. Install the Cloud App Encryption Key Server operating system.

See Installing the Cloud App Encryption Key Server Operating System on page 3-3.

4. Configure the Cloud App Encryption Key Server key management environment.

See Configuring the Key Management Environment on page 3-13.

Best Practices for DeploymentBefore proceeding to installation and deployment, note the following best practices:

• The SSL certificate should be from a real Certificate Authority (CA). Examplesinclude VeriSign or an internal CA.

• Cloud App Encryption Key Server uses a PostgreSQL database. If you are notusing an ESX cluster, follow the VMware guidelines available at:

https://www.vmware.com/support/pubs/

• Size the virtual disk for future use. The installed system uses less than 900 MB.Trend Micro recommends using a 100 GB thin provisioned drive to handle growthpotential.

https://www.vmware.com/support/pubs/

Deployment

3-3

• Make sure to back up your encryption key after deploying Cloud App EncryptionKey Server. For details, see Encryption Key Backup and Restore on page 5-3.

• Cloud App Encryption Key Server maintains your actual encryption keys. Keepsecurity paramount. Be mindful of technologies with unintended side effects thatcan leak information.

Installing the Cloud App Encryption KeyServer Operating System

WARNING!The installation deletes existing data and partitions from the selected device. Back upexisting data before installing Cloud App Encryption Key Server.

Procedure

1. Go to the Trend Micro Download Center.

http://downloadcenter.trendmicro.com/

2. Select Cloud App Encryption Key Server from the list.

3. Download the Cloud App Encryption Key Server ISO file.

4. Power on the virtual machine.

5. Configure the virtual machine to boot from the ISO file .

6. Restart the virtual machine.

The server boots from the Cloud App Encryption Key Server ISO file and theinstallation begins.


3-4

The Cloud App Encryption Key Server Installation Menu screen appears.

7. Select Install Server.

Deployment

3-5

After the setup initializes, the Trend Micro License Agreement screen appears.

8. Click Accept to continue.

9. Select the appropriate keyboard language.


3-6

10. Click Next

11. Select the drive location to install Cloud App Encryption Key Server.

Deployment

3-7

12. Click Next.

A warning message about removing all partitions (ALL DATA) on the selectionappears.

13. Click Yes to continue.


3-8

The Cloud App Encryption Key Server install program scans the system todetermine that the hardware meets minimum specifications.

14. Click Next.

15. Specify the network interface settings and general settings.

Deployment

3-9

16. Click Next.

17. Select a time zone.


3-10

18. Click Next.

19. Specify the administrator account (root) credentials. This account can access theoperating system shell and has all rights on the server. This is the most powerfuluser in the system.

Deployment

3-11

20. Click Next.

The Summary screen appears.

21. Review the summary and then click Next to begin the installation.


3-12

22. At the warning message, click Continue.

After formatting the device, the program installs the operating system. Cloud AppEncryption Key Server installs after the server restarts.

23. When the installation confirmation appears, click Reboot.

Deployment

3-13

24. Disconnect the Cloud App Encryption Key Server ISO file to preventreinstallation.

Configuring the Key Management EnvironmentAfter completing the installation, the server restarts and loads the Command LineInterface (CLI). Configure Cloud App Encryption Key Server certificate settings tocomplete the installation. If you do not already have a certificate, you can generate oneduring the setup process.

Procedure

1. Log on Cloud App Encryption Key Server with the default credentials.


3-14

• User name: root

• Password: <password specified at installation>

2. Type the following command:

/opt/trend/keyserver/script/kmip_setup.sh

3. Follow the on-screen prompts.

• If you do not have a certificate, the script can create one during theconfiguration process. Required information includes:

• Location

• Organization

• Server host name

• Email address

• PostgreSQL account credentials

• If you already have a certificate, make sure to have the public and private keyinformation available.

The initial configuration is complete.

Log on to the Command Line Interface (CLI) later to perform additional configurationsor maintenance tasks.

Important NoteIf the external KMIP server (Cloud App Encryption Key Server or a third-party KMIPserver) goes down and cannot communicate with Cloud App Encryption for Office 365,encryption and decryption stop. Email messages remain in whatever encrypted ordecrypted state they were when the server stopped communication.

4-1

Chapter 4

Integration


4-2

Locating the Public Certificate File

Procedure


• User name: root


2. Enable SSH.

See Enabling / Disabling SSH on page 4-2.

3. Use an SSH client (example: PuTTy) to log on Cloud App Encryption Key Server.

4. Locate the certificate at:

/var/app_data2/server.pem

5. Copy the contents of the certificate to a text file stored on the local disk.

Tip

You may need to enable SSH to copy and paste from the virtual machine.

6. Disable SSH.

See Enabling / Disabling SSH on page 4-2.

WARNING!

Not disabling SSH after configuring the key management environment risks security.

Enabling / Disabling SSHYou may need to temporarily disable SSH while importing a certificate signed by anexternal Certificate Authority into Cloud App Encryption Key Server. SSH is not

Integration

4-3

required to import the certificate. Cloud App Encryption Key Server also supportsdirect USB connections.

Enabling SSH allows:

• Using an SSH client to remotely access Cloud App Encryption Key Server

• Importing an external certificate with a secure copy tool such as SCP (Secure CopyProtocol)

Procedure

• Enable SSH:

a. cp -f /etc/ssh/sshd_config /etc/ssh/sshd_config.bk

b. vi /etc/ssh/sshd_config to set “UsePAM yes” and “PermitRootLoginyes”

c. service sshd start

• Disable SSH:

a. service sshd stop

b. rm –f /etc/ssh/sshd_config

c. cp -f /etc/ssh/sshd_config.bk /etc/ssh/sshd_config

Public Certificate ExampleThe highlighted content in the following image represents the public certificateinformation required to configure encryption.


4-4

FIGURE 4-1. Highlighted Content Required for Encryption

Integration

4-5

Integrating with Cloud App Encryption forOffice 365

Procedure

1. Log on to Cloud App Encryption for Office 365.

See Console and Proxy Addresses by Region on page B-2.

2. Go to Encryption.

3. Select Click here to choose.

4. Select Maintain encryption keys in your own network.

5. Specify the server settings.

OPTION DESCRIPTION

FQDN or IPaddress

Specify the Cloud App Encryption Key Server fully-qualifieddomain name or IP address.

Port Specify the port used to connect to Cloud App Encryption KeyServer. The default port is 5696.

Public servercertificate

Copy the contents of the certificate file. Make sure to only includethe certificate information and not the private key.

For information about locating the certificate file, see Locating thePublic Certificate File on page 4-2.

Clientcertificate

Download the Trend Micro client certificate if you must change theclient certificate used when you deployed Cloud App EncryptionKey Server. Reasons include:


4-6

OPTION DESCRIPTION

• Expired certificated

• Updated / Modified Cloud App Encryption certificate

NoteTrend Micro provides the client certificate when you install CloudApp Encryption Key Server.

6. Click Generate Key.

5-1

Chapter 5

Key Maintenance


5-2

Destroying KeysDestroying the encryption key has a significant impact. Destroyed encryption keys cannever be restored and email messages remain in their encrypted state forever. Users willbe unable to decrypt and read email messages with the revoked encryption key. Destroythe encryption key if your organization plans to stop using Office 365 and wants to keepencrypted email messages in the cloud that can never be decrypted.

• Destroying encryption keys has the same affect as decommissioning a KMIPserver. Cloud App Encryption for Office 365 may malfunction if you do notprovide a new encryption key after destroying the existing key.

• Destroying encryption keys from a third-party server causes Cloud AppEncryption for Office 365 to immediately stop encrypting or decrypting emailmessages.

Destroying the Encryption Key

Procedure

1. Log on to Cloud App Encryption for Office 365.

2. Go to Encryption.

3. Select Maintain encryption keys in your own network.

4. Click Destroy Key.

WARNING!

Clicking Destroy Key permanently deletes the encryption key. This cannot beundone. Encrypted email messages will remain in an encrypted state forever.

5. At the warning message, type your password and then click Destroy Key.

Key Maintenance

5-3

Encryption Key Backup and RestoreYou cannot back up or restore an encryption key through the Cloud App Encryptionconsole. Access the Cloud App Encryption Key Server through SSH or a direct VGAconnection to perform backup and restore operations.

Creating an Encryption Key Backup

Backing up the encryption key offers the following benefits:

• Ensures that you can build a new instance and import the backed up encryptionkey if the Cloud App Encryption Key Server instance crashes.

• Allows you to import the encryption key from another Cloud App Encryption KeyServer instance.

Backing up the encryption key calls a PostGreSQL utility to back up the entire database.

Procedure


• User name: root



/opt/trend/keyserver/script/db_backup_restore.sh backup


Cloud App Encryption Key Server stores the backup file at /var/app_data/ .

Restoring an Encryption Key from a Backup

Restoring up the encryption key offers the following benefits:


5-4

• Allows you to restore the encryption key on another server

• Ensures that you have a backup server if the Cloud App Encryption Key Serverinstance crashes.

Restoring an encryption key calls a PostGreSQL utility to restore the entire database.Any existing encryption key is overwritten by the restored encryption key. Afterrestoring the encryption key, you cannot decrypt email messages that were encryptedusing the previous encryption key.

Note

The backup file must be in .tar file format.

Important

Restoring the encryption key overwrites any existing encryption key. After restoring theencryption key, users will be unable to decrypt any email messages that were encrypted withthe previous encryption key. If you do not make a backup of the previous encryption key,then those email message can never be decrypted.

Procedure


• User name: root



/opt/trend/keyserver/script/db_backup_restore.sh restore<full_file_path_and_file_name>

Example:

/opt/trend/keyserver/script/db_backup_restore.shrestore /tmp/KeyServer_db_kmip_ 1379552900_10.64.72.122.tar

Key Maintenance

5-5


Unreachable KeysIf the external KMIP server (Cloud App Security Key Server or a third-party KMIPserver) goes down and cannot communicate with Cloud App Encryption for Office 365,encryption and decryption stop. Email messages remain in whatever encrypted ordecrypted state they were when the server stopped communication.

A-1

Appendix A

Command Line Interface


A-2

Using the CLIUse the Command Line Interface (CLI) to perform the following tasks:

• Configure the Cloud App Encryption Key Server environment

• Make an encryption key backup

• Restore an encryption key

• Configure network settings, such as the device IP address and host name

• Restart the device

• View device status

• Debug and troubleshoot the device

Note

Do not enable scroll lock on your keyboard when using HyperTerminal. If scroll lock isenabled, you cannot enter data.

Entering the CLITo log on to the CLI, either connect directly to the server or connect using SSH. Not allcommands appear when you log on with the root account. Use the enable account(Privileged Mode) to access privileged commands.

WARNING!

Enter the shell environment only if your support provider instructs you to performdebugging operations.

Procedure

• To connect directly to the server:


A-3

a. Connect a monitor and keyboard to the server.

b. Log on to the CLI in Privileged Mode.

User name: enable

Password: <root password defined at installation>

NoteTo log on without being in Privileged Mode, use root for the user name.

• To connect using SSH:

a. Verify the computer you are using can ping the Cloud App Encryption KeyServer instance IP address.

b. Use an SSH client to connect to the Cloud App Encryption instance IPaddress and TCP port 22.

Command Line Interface CommandsThe Cloud App Encryption Key Server CLI commands are separated into twocategories: normal and privileged commands. Normal commands are basic commandsto obtain specific low security risk information and to perform simple tasks. Privilegedcommands provide full configuration control and advanced monitoring and debuggingfeatures. Privileged commands are protected by an additional layer of credentials: theEnable account and password.

CLI Command ReferenceThe following tables explain the CLI commands.


A-4

configure network dns

TABLE A-1. configure network dns ipv4

Configures IPv4 DNS settings for the device.

Syntax:

configure network dns ipv4 <dns1> <dns2>

View Privileged

Parameters <dns1>: Primary IPv4 DNS server

<dns2>: Secondary IPv4 DNS server

NoteUse a space to separate the primary and secondary DNSvalue.

Examples:

To configure the primary DNS with an IP address of 192.168.10.21:

configure network dns ipv4 192.168.10.21

To configure the primary and secondary DNS with the following values:

• Primary DNS: 192.168.10.21

• Secondary DNS: 192.168.10.22

configure network dns ipv4 192.168.10.21 192.168.10.22

configure network hostname

Configures the host name for the device.

Syntax:

configure network hostname <hostname>

View Privileged


A-5

Parameters <hostname>: The host name or fully qualified domain name(FQDN) for the device

Examples:

To change the host name of the device to test.host.com:

configure network hostname test.example.com

configure network interface

TABLE A-2. configure network interface ipv4

Configures the IPv4 address for the network interface card (NIC).

Syntax:

configure network interface ipv4 <interface> <ip> <mask>

View Privileged

Parameters <interface>: NIC name

<ip>: IPv4 address for the interface

<mask>: Network mask for the NIC

Examples:

To configure an NIC with the following values:

• Interface: eth0

• IP address: 192.168.10.10

• Subnet mask: 255.255.255.0

configure network interface ipv4 eth0 192.168.10.10 255.255.255.0

configure network route add

TABLE A-3. configure network route add ipv4

Adds a new route entry


A-6

Syntax:

configure network route add ipv4 <ip_prefixlen> <via> <dev>

View Privileged

Parameters <ip_prefixlen>: Destination network ID with format IPv4_Address/Prefixlen

<via>: IPv4 address of the next hop

<dev>: Device name

Example:

To add a new route entry:

configure network route add ipv4 172.10.10.0/24 192.168.10.1 eth1

configure network route default

TABLE A-4. configure network route default ipv4

Sets the default route for the device

Syntax:

configure network route default ipv4 <gateway>

View Privileged

Parameter <gateway>: IPv4 address of default gateway

Example:

To set the default route for the device:

configure network route default ipv4 192.168.10.1

configure network route del

TABLE A-5. configure network route del ipv4

Deletes a route for the device


A-7

Syntax:

configure network route del ipv4 <ip_prefixlen> <via> <dev>

View Privileged

Parameters <ip_prefixlen>: Destination network ID with format IPv4_Address/Prefixlen

<via>: IPv4 address of the next hop

<dev>: Device name

Example:

To delete a route for the device:

configure network route del ipv4 172.10.10.0/24 192.168.10.1 eth1

configure service ssh disable

Disables SSH on all network interface cards (NIC).

Syntax:


View Privileged

Parameters None

Examples:

To disable SSH on all NICs:


configure service ssh enable

Enables SSH on one specific network interface card (NIC).


A-8

Syntax:

configure service ssh enable <interface>

View Privileged

Parameters <interface>: The name of the NIC

Examples:

To enable SSH on NIC eth0:

configure service ssh enable eth0

configure system date

Configures the time and date and saves the data in CMOS.

Syntax:

configure system date <date> <time>

View Privileged

Parameters <date>: Set the date using the following format: yyyy-mm-dd

<time>: Set the time with the following format: hh:mm:ss

Examples:

To set the date to August 12, 2010 and the time to 3:40 PM:

configure system date 2010-08-12 15:40:00

configure system password enable

To change the password required to enter Privileged mode.

Syntax:


View Privileged


A-9

Parameters None

Examples:

To change the password required to enter Privileged mode


configure system timezone

Configures the time zone used by the device.

Syntax:

configure system timezone <region>/<city>

View Privileged

Parameters <region>: Region name

<city>: City name

Examples:

To configure the device to use the time zone for the following location:

Region: America

City: New York

configure system timezone America/New_York

TABLE A-6. Time Zone Setting Examples

REGION/COUNTRY CITY

Africa Cairo

Harare

Nairobi


A-10

REGION/COUNTRY CITY

America Anchorage

Bogota

Buenos_Aires

Caracas

Chicago

Chihuahua

Denver

Godthab

Lima

Los_Angeles

Mexico_City

New_York

Noronha

Phoenix

Santiago

St_Johns

Tegucigalpa


A-11

REGION/COUNTRY CITY

Asia Almaty

Baghdad

Baku

Bangkok

Calcutta

Colombo

Dhaka

Hong_Kong

Irkutsk

Jerusalem

Kabul

Karachi

Katmandu

Krasnoyarsk

Kuala_Lumpur

Kuwait

Magadan

Manila

Muscat

Rangoon

Seoul

Shanghai


A-12

REGION/COUNTRY CITY

Asia (Continued) Singapore

Taipei

Tehran

Tokyo

Yakutsk

Atlantic Azores

Australia Adelaide

Brisbane

Darwin

Hobart

Melbourne

Perth

Europe Amsterdam

Athens

Belgrade

Berlin

Brussels

Bucharest

Dublin

Moscow

Paris


A-13

REGION/COUNTRY CITY

Pacific Auckland

Fiji

Guam

Honolulu

Kwajalein

Midway

US Alaska

Arizona

Central

East-Indiana

Eastern

Hawaii

Mountain

Pacific

enable

Enters privileged mode so privileged commands can be provided.

Syntax:

enable

View Root

Parameters None

Examples:


A-14

To enter privileged mode:

enable

exit

Exits privileged mode.

Exits the session for those not in privileged mode.

Syntax:

exit

View Root/Privileged

Parameters None

Examples:

To exit privileged mode or to exit the session when not in privileged mode:

exit

help

Displays the CLI help information.

Syntax:

help

View Privileged/Root

Parameters None

Examples:

To display the CLI help information:

help


A-15

history

Displays the current session's command line history.

Syntax:

history [limit]

View Privileged/Root

Parameters [limit]: Specifies the size of the history list for the current session

Specifying "0" retains all commands for the session.

Examples:

To specify six commands for the size of the history list:

history 6

logout

Logs out of the current CLI session.

Syntax:

logout

View Root

Parameters None

Examples:

To logout from the current session:

logout

ping

Pings a specified host.


A-16

Syntax:

ping [-c num_echos] [-i interval] <dest>

View Root

Parameters [-c num_echos]: Specifies the number of echo requests to besent. Default value is 5.

[-i interval]: Specifies the delay interval in seconds between eachpacket. Default value is 1 second.

<dest>: Specifies the destination hostname or IP address

Examples:

To ping the IP address 192.168.1.1:

ping 192.168.1.1

To ping the host remote.host.com:

ping remote.host.com

reboot

Reboots the device immediately or after a specified delay.

Syntax:

reboot [time]

View Privileged

Parameters [time]: Specifies the delay, in minutes, to reboot the device

Examples:

To reboot the device immediately:

reboot

To reboot the device after 5 minutes:

reboot 5


A-17

resolve

Resolves an IPv4 address from a hostname or resolves a hostname from an IPv4address.

Syntax:

resolve <dest>

View Privileged

Parameter <dest>: Specifies the IPv4 address or hostname to resolve

Examples:

To resolve the hostname from IP address 192.168.10.1:

resolve 192.168.10.1

To resolve the IP address from hostname parent.host.com:

resolve parent.host.com

show storage statistic

Displays the file system disk space usage.

Syntax:

show storage statistic [partition]

View Root

Parameters [partition]: Specify a partition. This is optional.

Examples:

To display the file system disk space usage of the device:

show storage statistic


A-18

show network

Displays various network configurations.

Syntax:

show network [arp | connections | dns | hostname | interface | route]

View Root

Parameters arp: Displays the Address Resolution Protocol (ARP) tables.

connections: Displays the device’s current network connections.

dns: Displays the device’s DNS IP address.

dns primary: Displays the device’s primary DNS IP address.

dns secondary: Displays the device’s secondary DNS IP address.

hostname: Displays the device’s hostname.

interface: Displays the network interface card (NIC) status andconfiguration.

route: Displays IP address route table.

Examples:

To display the ARP tables:

show network arp

To display the device’s current network connections:

show network connections

To display the DNS configuration:

show network dns

To display the hostname of the device:

show network hostname

To display the NIC status and configuration:

show network interface


A-19

To display the IP address route table:

show network route

show kernel

Displays the device’s OS kernel information.

Syntax:

show kernel {messages | modules | parameters | iostat}

View Root

Parameters messages: Displays kernel messages.

modules: Displays kernel modules.

parameters: Displays kernel parameters.

iostat: Displays CPU statistics and I/O statistics for devices andpartitions.

Examples:

To display the OS kernel’s messages:

show kernel messages

To display the OS kernel’s modules:

show kernel modules

To display the OS kernel’s parameters:

show kernel parameters

To display device CPU statistics and I/O statistics:

show kernel iostat

show service

Displays the SSH service status.


A-20

Syntax:

show service [ssh]

View Root

Parameters ssh: Displays the status of SSH.

Examples:

To display the SSH status:

show service ssh

show memory

Displays the device’s system memory information.

Syntax:

show memory [statistic]

View Root

Parameters statistic: Displays system memory statistics

Examples:

To display system memory statistics:

show memory statistic

show process

Displays the status of processes currently running.

Syntax:

show process [top]

View Root


A-21

Parameters [top]: Displays the status of processes currently running andsystem related processes

Examples:

To display the status of processes currently running:

show process

show system

Displays various system settings.

Syntax:

show system [date | timezone | uptime | version]

View Root

Parameters date: Displays the current time and date.

timezone: Displays the device’s time zone settings.

uptime: Displays how long the device has been running.

version: Displays version number for the device.

Examples:

To display the current time and date of the device:

show system date

To display the device’s timezone settings:

show system timezone

To display how long the system has been running:

show system uptime

To display system’s version number:

show system version


A-22

shutdown

Specifies shutting down the device immediately or after a specified delay.

Syntax:

shutdown [time]

View Privileged

Parameters [time]: Shuts down the device after a specified delay in minutes.

Examples:

To shut down the device immediately:

shutdown

To shut down the device after a 5 minute delay:

shutdown 5

traceroute

Displays the tracking route to a specified destination.

Syntax:

traceroute [-h hops] <dest>

View Root

Parameters [-h hops]: Specifies the maximum number of hops to thedestination. The minimum number is 6.

<dest>: Specifies the remote system to trace

Examples:

To display the route to IP address 172.10.10.1 with a maximum of 6 hops:

traceroute 172.10.10.1


A-23

To display the route to IP address 172.10.10.1 with a maximum of 30 hops:

traceroute -h 30 172.10.10.1

B-1

Appendix B

Additional Resources


B-2

Console and Proxy Addresses by RegionThe email proxy address for MAPI, EAS, and OWA connections and the administrativeconsole depends on the AWS datacenter for the region. The following table explains theemail proxy and administrative console addresses by region.

TABLE B-1. Console Addresses by Region

REGION DATACENTER LOCATION ADDRESS

Europe Ireland admin-eu.tmcae.trendmicro.com

North America Oregon admin.tmcae.trendmicro.com

TABLE B-2. Email Proxy Addresses by Region


Europe Ireland EAS: eas-eu.tmcae.trendmicro.com

MAPI: mapi-eu.tmcae.trendmicro.com

OWA: owa-eu.tmcae.trendmicro.com

North America Oregon EAS: eas.tmcae.trendmicro.com

MAPI: mapi.tmcae.trendmicro.com

OWA: owa.tmcae.trendmicro.com

TABLE B-3. Autodiscover Proxy Addresses by Region


Europe Ireland http://autodiscover-eu.tmcae.trendmicro.com

North America Oregon http://autodiscover.tmcae.trendmicro.com

C-1

Appendix C

Glossary


C-2

Cryptographic EngineAs an integral component of Cloud App Encryption for Office 365, theCryptographic Engine uses an industry standard algorithm to encrypt anddecrypt email from Microsoft Office 365. The Delegate Listener Component(Delegate Accounts) directs the Cryptographic Engine to encrypt emailmessages on arrival, while the Protocol Proxy Component (email proxy)directs the engine to decrypt email messages for retrieval.

Delegate AccountA Delegate Account is not associated with an actual person. A DelegateAccount is a tenant account that Cloud App Encryption requires to integratewith Microsoft Office 365 services.

Create a Delegate Account in Microsoft Office 365 for Cloud AppEncryption to access your Microsoft Office 365 mailbox accounts for emailencryption. The Delegate Account must have the “ApplicationImpersonation”and “Mailbox Search” roles assigned to it.

EASExchange ActiveSync (EAS) is an XML-based protocol that communicatesover HTTP (or HTTPS) designed for the synchronization of email, contacts,calendar, tasks and notes from a messaging server to a mobile device. Theprotocol also provides mobile device management and policy controls.

Exchange Admin CenterAccessed through the Microsoft Office 365 Admin Center (Admin >Exchange), this web-based management console is where you manage itemsrelated to email that you cannot manage through the Microsoft Office 365Admin Center. This includes the management of recipients, permissions,

Glossary

C-3

compliance management, organization, protection, mail flow, mobile devices,public folders, and unified messaging.

MAPIMessaging Application Programming Interface (MAPI) is a protocol used byMicrosoft Outlook to communicate with Microsoft Exchange servers.

Office 365 Admin CenterLaunched from the top right corner of the navigation bar, the Admin Centeris where you can perform various administrative tasks for Office 365, whichinclude system setup, reports, email services, users and groups, domains,product subscriptions and licenses, policies, service support requests, andadditional account services requests.

OWAOutlook Web App (OWA) is used to access email (including support for S/MIME), calendars, contacts, tasks, documents (used with SharePoint or in2010, Office Web Apps), and other mailbox content when access to theMicrosoft Outlook Windows client is unavailable.

Trend Micro Key Management ServiceThis service, hosted in the cloud, manages the encryption keys necessary toprotection Microsoft Office 365 email accounts with email encryption anddecryption.

IN-1

IndexCcommand line interface

entering the shell environment, A-2Command Line Interface

accessing, A-2using, A-2

CPU requirements, 2-2

Ddisk space requirements, 2-2

Mmemory requirements, 2-2minimum requirements, 2-2

Rrequirements, 2-2

Sshell environment, A-2system requirements, 2-2

Trend Micro Incorporated reserves the right to make...

Documents

Transcript of Trend Micro Incorporated reserves the right to make...