Table Of Contents
Installing the Cisco Trust Agent on Macintosh Operating Systems
System Requirements for Mac OS X
CTA Scripting Interface Feature
Installation Files
Installing Cisco Trust Agent
General Installation Instructions
Extracting the Installation Image and Accepting the EULA
Installing CTA from the Command Line
Installing CTA Using an Installation Wizard
Installing CTA Using a Custom Installation Package
Creating a Custom Installation Package
Repairing or Upgrading an Existing CTA Installation
Verifying Cisco Trust Agent Installation
Uninstalling Cisco Trust Agent
Uninstalling CTA and the CTA Scripting Interface
Uninstalling Only the CTA Scripting Interface
Installing the Cisco Trust Agent on Macintosh Operating Systems
This chapter provides system requirement and installation information for installing Cisco Trust Agent (CTA) on Macintosh operating systems. Read this entire chapter before beginning the installation. There are advanced installation options detailed later in this chapter that you may want to use. For example, before deploying CTA on your network, you can create a custom installation package which allows you to set CTA configuration parameters and install certificates and plug-ins. Proceeding in this manner could save you configuration time during the CTA deployment process.
See these other chapters for installation instructions for different operating systems:
•
Chapter 2, "Installing the Cisco Trust Agent on Linux Operating Systems"
•Chapter 4, "Installing the Cisco Trust Agent on Windows Operating Systems"
This chapter contains the following sections:
•System Requirements for Mac OS X
•CTA Scripting Interface Feature
•Installation Files
•Installing Cisco Trust Agent
–General Installation Instructions
–Extracting the Installation Image and Accepting the EULA
–Installing CTA from the Command Line
–Installing CTA Using an Installation Wizard
–Installing CTA Using a Custom Installation Package
•Repairing or Upgrading an Existing CTA Installation
•Verifying Cisco Trust Agent Installation
•Uninstalling Cisco Trust Agent
–Uninstalling CTA and the CTA Scripting Interface
–Uninstalling Only the CTA Scripting Interface
System Requirements for Mac OS X
Before installing Cisco Trust Agent on a Mac OS X Operating system, verify that the target system meets the following requirements:
System Component
|
Requirement
|
System
|
•G3 processor and later
•Network connection
|
Free Hard Disk Space
|
20 MB minimum
|
Memory
|
256 MB RAM
|
Listening Port
|
By default, Cisco Trust Agent listens on UDP port 21862.
You can change this port number, if necessary. See "The ctad.ini Configuration File" section on page 5-2.
|
Operating System and Language Support
|
All available internationalized versions of Mac OS X 10.3.9 and 10.4 operating systems support CTA 2.1.
Note Support for a localized operating system is different from localized version of CTA. The CTA interface and messages are presented in English.
|
CTA Scripting Interface Feature
The Scripting Interface feature allows software developers to write their own scripts to relay posture information, collected on the system, to CTA. The scripts would perform the equivalent function of a posture plugin. Users will not need this feature unless they intend to write posture scripts.
The Scripting Interface is an optional Feature of CTA.
Installation Files
The installation files for CTA for Mac are contained in the ctaadminex-darwin-2.1.103.0.tar.gz file. That file may be downloaded from Cisco.com. Follow the procedures in "Installing Cisco Trust Agent" for descriptions of the files contained in the ctaadminex-darwin-2.1.103.0.tar.gz file and their uses.
Installing Cisco Trust Agent
In order to install Cisco Trust Agent you log in as the administrative user on the machine.
General Installation Instructions
Step 1 Download the ctaadminex-darwin-2.1.103.0.tar.gz from Cisco.com and follow the procedures in "Extracting the Installation Image and Accepting the EULA" section.
Step 2 Install CTA using any of these methods:
•Installing CTA from the Command Line
•Installing CTA Using an Installation Wizard
•Installing CTA Using a Custom Installation Package
Step 3 Install Cisco Secure Access Control Server (ACS) root certificate on the end-point if it is not distributed as part of a custom installation package. See "About The ACS Server Root Certificate" section on page 8-3 for information about installing this certificate separately.
Step 4 Verify CTA installation using the "Verifying Cisco Trust Agent Installation" section.
Extracting the Installation Image and Accepting the EULA
After downloading the ctaadminex-darwin-2.1.103.0.tar.gz file from Cisco.com, use this procedure to extract the CTA installation files and accept the end-user license agreement (EULA).
Step 1 Open a terminal window.
Step 2 Using the CD command, change the directory to that which contains the ctaadminex-darwin-2.1.103.0.tar.gz file.
Step 3 At the prompt, type:
tar zxvf ctaadminex-darwin-2.1.103.0.tar.gz
and press <Return>. The ctaadminex.sh file is extracted and placed in the same directory as the ctaadminex-darwin-2.1.103.0.tar.gz file.
Step 4 At the prompt, type ./ctaadminex.sh and press <Return>.
Step 5 When prompted, accept the EULA agreement by entering "y" and pressing <Return>. The cta-darwin-2.1.103.0.dmg is unpacked and placed in the same directory as the ctaadminex.sh file.
Step 6 At the prompt, type open cta-darwin-2.1.103.0.dmg and press <Return>. The CiscoTrustAgent volume icon is placed on the desktop and the cta-darwin-2.1.103.0.dmg disk image is visible in Finder.
Installing CTA from the Command Line
Step 1 Follow the procedure in the "Extracting the Installation Image and Accepting the EULA" section.
Step 2 Open a terminal window on the end point.
Step 3 At the prompt, use the CD command to change the directory to /Volumes/CiscoTrustAgent.
Step 4 To install CTA, at the prompt, on one line, type the following:
sudo installer -verbose -pkg /Volumes/CiscoTrustAgent/CiscoTrustAgent.mpkg/ -target /Volumes/Macintosh\ /HD
and press <Return>.
Step 5 When prompted, enter the Administrative user's password. CTA is installed. At the end of a successful installation you will see the message, "The install was successful."
Step 6 (Optional) To install Cisco Trust Agent Scripting Interface feature, at the prompt, on one line, type the following:
sudo installer -verbose -pkg /Volumes/CiscoTrustAgent/CiscoTrustAgent.mpkg/CiscoTrustAgentSI.pkg/ -target /Volumes/Macintosh\ /HD
and press <Return>. At the end of a successful installation you will see the message, "The install was successful."
Step 7 Verify the installation of CTA using the "Verifying Cisco Trust Agent Installation" section.
Step 8 Exit the /Volumes/CiscoTrustAgent directory by typing CD .. at the prompt and pressing <Return>.
Step 9 At the prompt, type hdiutil detach /Volumes/CiscoTrustAgent and press <Return>. You will receive messages in the terminal window that the volume was unmounted and ejected. Also the CiscoTrustAgent volume icon will be removed.
Step 10 If a CA certificate or a matching root certificate from the Cisco Secure ACS server has not been installed on the network client on which you just installed CTA, you must install one or the other certificates. This enables CTA to establish a secure form of communication with the Cisco Secure ACS server. Refer to the "Installing or Updating a Certificate on Mac OS X Operating System" section on page 8-4 for more information.
Installing CTA Using an Installation Wizard
Step 1 Follow the procedure in the "Extracting the Installation Image and Accepting the EULA" section.
Step 2 Double-click the CiscoTrustAgent volume icon on the desktop.
Step 3 Double-click the CiscoTrustAgent.mpkg icon in the Finder window that opens.
Step 4 Click Continue in the Welcome window.
Step 5 Click Continue in the Software License Agreement window.
Step 6 Click Agree to accept the license for Cisco Trust Agent.
Step 7 Select the drive on which you want to install CTA in the Select a Destination window.
Note You may not install CTA on drives or disk images that display the red exclamation mark symbol.
Step 8 Click Continue. The Easy Install window opens.
Step 9 Click Customize to install the Scripting Interface or skip to Step 11.
Step 10 In the Custom Install window, check the box next to Scripting Interface for Cisco Trust Agent to install that feature.
Step 11 Click Install to continue with the installation.
Step 12 Type the Administrator's password when prompted and click OK.
Step 13 After CTA has been installed you receive the message, "The software was successfully installed."
Step 14 Click Close.
Step 15 Eject the CiscoTrustAgent volume on the desktop by dragging its icon to the trash.
Installing CTA Using a Custom Installation Package
Use this section as an example of how to create a customized CTA installation on Macintosh systems.
The cta-darwin-2.1.103.0.dmg disk image contains the CiscoTrustAgent.mpkg package which you use to install Cisco Trust Agent. The cta-darwin-2.1.103.0.dmg disk image can be modified by adding configuration .ini files, posture plugins, and certificate files to it. This customized Cisco Trust Agent package can be distributed by a software deployment mechanism, such as a script or a software deployment tool.
After the software deployment mechanism distributes the customized cta-darwin-2.1.103.0.dmg disk image to the remote network clients, it runs the CiscoTrustAgent.mpkg package. The CTA installation file copies the contents of the disk image to the proper locations on the remote network client. The software deployment mechanism does not need to recompile the CTA installation file to create a custom installation.
The customization choices in this procedure are optional. However, you will find that including some of these customizations is worthwhile. CTA is not a centrally managed product. If you do not plan to use the product defaults, it is to your benefit to pre-configure all available product settings before deploying CTA.
Please read this entire procedure before beginning. There are options detailed later in the instructions that you should be aware of before beginning.
Creating a Custom Installation Package
Step 1 Before you create the custom installation package, install CTA on the client you will use to create the custom package. This will install the template ctad.ini file and give you exposure to the CTA installation process. Use the "Installing CTA Using an Installation Wizard" section to install CTA.
Step 2 Use the procedure in "Extracting the Installation Image and Accepting the EULA" section to extract the cta-darwin-2.1.103.0.dmg disk image and accept the EULA for all users.
Step 3 Double-click the CiscoTrustAgent volume on the desktop.
Step 4 Customize the /Volumes/CiscoTrustAgent/certs directory by copying the root certificate for your Cisco Secure ACS server, or other certificates, to this directory. During installation, any certificates in this directory are added to the systems root certificate store.
If your Cisco Secure ACS server uses self-signed certificates, see the Cisco Secure ACS documentation for information about obtaining the certificate; if you use a CA server, refer to your CA server documentation.
Note This step is optional if a CA certificate or ACS root certificate have already been distributed to the network clients receiving this customized CTA installation. If these certificates have not been distributed, and you choose not to add them to the customized disk image, you will need to distribute and install either the CA certificate or ACS root certificate before the client can communicate with the NAC infrastructure.
Step 5 Customize the /Volumes/CiscoTrustAgent/plugins directory by copying third party plugins that you want to provision at installation time into this directory.
Step 6 Create a new ctad.ini file and copy it into the /Volumes/CiscoTrustAgent directory at the same level as the CiscoTrustAgent.mpkg package. This file is used to configure CTA communication settings, user notifications, and certificate validation rules. If you want to change the default communication settings, such as the port number CTA listens over, the maximum number of sessions, or session time-out values, include this file. Refer to Chapter 5, "Configuring Cisco Trust Agent" for instructions on how you should create and format this file.
Step 7 Create a new ctalogd.ini file and copy it to the /Volumes/CiscoTrustAgent directory at the same level as the CiscoTrustAgent.mpkg package. This file is used to enable and disable CTA logging. Refer to Chapter 6, "Cisco Trust Agent Event Logging"for instructions on how you should create and format this file.
Step 8 A software deployment mechanism deploys the custom-cta-darwin-2.1.103.0.dmg disk image to the appropriate network clients and saves it in a local directory.
Step 9 The software deployment mechanism installs CTA and its customizations by following the "Installing CTA from the Command Line" section.
Repairing or Upgrading an Existing CTA Installation
Use this procedure to reinstall CTA or to add the CTA Scripting Interface to an existing CTA installation.
Step 1 Use the procedure in "Extracting the Installation Image and Accepting the EULA" section to extract the cta-darwin-2.1.103.0.dmg disk image and accept the EULA.
Step 2 Open Finder and navigate to the directory where cta-darwin-2.1.103.0.dmg is stored.
Step 3 Double-click cta-darwin-2.1.103.0.dmg. The CiscoTrustAgent volume icon appears on the desktop.
Step 4 Double-click the CiscoTrustAgent volume icon.
Step 5 Double-click the CiscoTrustAgent.mpkg icon in the Finder window that opens.
Step 6 Click Continue in the Welcome window.
Step 7 Click Continue in the Software License Agreement window.
Step 8 Click Agree to accept the license for Cisco Trust Agent.
Step 9 Select the drive on which you want to install CTA in the Select a Destination window.
Step 10 Click Continue. The Easy Install window opens.
Step 11 To install the Scripting Interface feature, click Customize or skip to step Step 13.
Step 12 In the Custom Install window, check the box next to Scripting Interface for Cisco Trust Agent to install that feature.
Step 13 Click Upgrade to continue with the easy installation of the window.
Step 14 Type the Administrator's password when prompted and click OK.
Step 15 After CTA has been installed you receive the message, "The software was successfully installed."
Step 16 Click Close.
Step 17 Eject the CiscoTrustAgent volume on the desktop by dragging its icon to the trash.
Verifying Cisco Trust Agent Installation
After Cisco Trust Agent has been installed you will find the following directory structures containing CTA's executable files:
•/opt/CiscoTrustAgent
•/opt/PostureAgent
To verify that the Cisco Trust Agent is running, follow this procedure:
Step 1 Open a terminal window on the system.
Step 2 Type ps -ax | grep cta and press <Enter.>
Step 3 Verify that the following daemons are running:
•/opt/CiscoTrustAgent/sbin/ctad
•ctalogd
•ctapsd
•ctaeoud
If these daemons are not running, try rebooting the system. If the daemons still do not run, try reinstalling the application.
Uninstalling Cisco Trust Agent
There are two uninstallation procedures for CTA. You may uninstall CTA and the Scripting Interface or you may uninstall the Scripting Interface alone.
Uninstalling CTA and the CTA Scripting Interface
Step 1 Open a terminal window on the target system.
Step 2 At the prompt, type CD /opt/CiscoTrustAgent and press <Return>.
Step 3 At the prompt, run the following command:
sudo ./cta_uninstall.sh
Step 4 Enter the Administrative user's password when prompted.
Step 5 To uninstall CTA and the CTA Scripting Interface without further prompting, type y when prompted.
After Cisco Trust Agent has been successfully uninstalled, you receive the message, "Cisco Trust Agent has been successfully uninstalled."
Note Certificates, plugin files, and customized configuration files are not deleted when CTA is uninstalled; they remain on the client.
Uninstalling Only the CTA Scripting Interface
Step 1 Open a terminal window on the target system.
Step 2 At the prompt, type CD /opt/CiscoTrustAgent and press <Return>.
Step 3 At the prompt, run the following command:
sudo ./cta_uninstall.sh --SI
Step 4 Enter the Administrative user's password when prompted.
Step 5 When prompted, type y to uninstall Cisco Trust Agent.
Step 6 After a successful uninstallation, you receive the message, "Cisco Trust Agent Scripting Interface has been successfully uninstalled."
Feedback
