Using the HIPS Server to Create a Client Installation Package › Create a Client Installation Package

Create a Client Installation Package

You can create a CA HIPS client installation package using the CA HIPS server. You create this installation package so that the certificates specific to your deployment are appended to the installation. The installation package includes the server information specific to your system running HIPS. The package also includes any deployed policy so clients can be protected the moment the HIPS client is installed.

Use the CA HIPS server interface to define the command-line parameters of the HIPS client installation. The parameters let you control certain aspects of the installation. For example, you can set the parameters to create a silent installation package, invisible on the client end. You can also create a CA HIPS client that does not have a user interface.

To use multiple servers with the default (HTTPS) protocol, all servers must be installed using the same root certificate. Clients cannot connect to servers that use different root certificates. For example, if you create a client package on server1.yourcompany.com without defining any additional servers, you will not be able to use that client package with otherserver.othercompany.com.

Important! Creating a new CA HIPS client installation image deletes the existing installation image.

To create a CA HIPS client installation package

1. Log in to the CA HIPS server.

   The Dashboard appears.

2. Click Main.

   The Main menu appears.

3. (Optional). Change the default client communication parameters.

   Note: Define these parameters before creating a client installation package.

4. Click Global Settings.

   The Global Settings pane appears.

5. Click Client Installation.

   The Client Installation pane appears.

6. Select the check boxes of any of the following parameters:
   • Silent installation

     Installs the CA HIPS client software on the client computer without notifying or requiring any interaction from the user. Selecting Silent installation also enables control of whether the client computer reboots after the installation is complete.

   • Do not show installation in Add/Remove Programs

     Prevents the installed CA HIPS software from appearing in the client computer's add/remove programs window.

   • Do not install user interface

     Prevents installation of the CA HIPS client interface on the computer.

   • Do not install Firewall module

     Disables firewall rules and rule objects on the CA HIPS client. Network traffic to or from the CA HIPS client is not protected.

   • Do not install IDS/IPS module

     Disables IDS/IPS rules and rule groups. The CA HIPS client is not protected against intrusions.

   • Do not install OS System Security module

     Disables the OS system security rules, rule sets, and guards. The operating system and files on the CA HIPS client are not protected.

   • No device guard protection

     Disables device-protection rules, rule objects, and guards on the CA HIPS client.

7. Click Build HIPS Engine Install.

   The client installation package is created.

   Note: The client installation package is in the following location on the CA HIPS server:

   %ProgramFiles%\CA\HIPS Management Server\internal\Client\build\client.zip

8. (Optional) Click Get HIPS Engine Install to open the .zip file or save it in another location.

   Note: When you create a new policy, this client.zip file is deleted. You will have to create a new client.zip. Also the CA HIPS server creates the CA HIPS client packages, but does not install them. See the CA Host-Based Intrusion Prevention System Implementation Guide for instructions on installing the CA HIPS client installation package on client computers.