This task consists of two steps. First, you install Baffle Manager on a virtual machine (VM), then you unlock and configure Baffle Manager.

Before You Begin

It's important that you verify that your site meets the Baffle Prerequisites and Requirements.

Step 1: Install Baffle Manager

This step walks you through the process of installing Baffle Manager on a virtual machine (VM).

To install Baffle Manager, do the following:

1. Log in to your VM and install CentOS 7 or 7.5.
   IMPORTANT! DO NOT use CentOS 8.1.
2. Ensure that the locale is set. If not, use the following commands:
   LC_ALL=en_US.UTF-8
   LANG=en_US.UTF-8
3. Copy the latest version of Baffle Manager to your VM.
4. Unpack the tar file into the /tmp directory using the following command:
   tar xvf BM-DEPLOY-Build-Release-Baffle.<versionNumber>.tar.gz -C /tmp
5. Change your current directory to the installation path: cd /tmp/BM-DEPLOY
6. Enter the following command to get the Baffle Manager instance Private IP address: -i hostname
7. Open the .env file in an ascii editor, such as vi, and enter the Private IP address as the environment variable: "PRIVATE_IP="
8. Run the following installation script: sudo ./baffle_manager_docker.sh
9. Wait for the install to finish, then access the Baffle Manager with a web browser via HTTPS. Use the public IP address of the instance, for example, https://10.10.10.10.
   
   TIP: If you are unable to connect to the instance via HTTPS, check your security group inbound rules. Also ensure that your instance has finished initializing.
   
   Because the instance is bootstrapped with a self-signed certificate, you will receive an invalid CA warning. Select the browser option to “proceed”. You will have the opportunity to upload and use your organization’s certificate later in this section.

Step 2: Configure Baffle Manager

This step walks you through the process of configuring the Baffle Manager for your environment. 

To configure Baffle Manager, do the following:

1. Configure System Settings. You will be prompted for hostname and domain settings.  All system users must have this domain name as part of this email going forward.
   
   
   
   
2. Configure Email Settings. This allows Baffle Manager to send emails to provide notifications and for password resets. Enter the SMTP server to use as well as the credential to use to authentication to the SMTP server.
   
   
   
   
3. Create Admin Account. The screen below prompts you to create the initial Baffle Manager administrator account. This account is used to configure the subsequent components such as the key management store, data store connections, and Baffle Shields. 
   
   
   
   
4. Configure Credential Keystore. This configuration screen establishes an encrypted credential store for any system access credential or access key that the Baffle Manager or Baffle Shield utilize. The default name is “baffle_credential_store” and cannot be changed.
   
   Select LOCAL for Keystore type.  Enter the Baffle Secret Key in the text field. NOTE: The Baffle Secret Key must contain at least 10 characters, a mixture of upper and lower case, including at least 1 number. The Secret Key is used to generate a random key to encrypt the Keystore Config Password.  For Config Password, enter a secure password or passphrase to secure the actual keystore.
   
   
   
   
5. Install SSL Certificate. This configuration step allows you to install an SSL certificate to secure access to the Baffle Manager web interface.  Upload the certificate and key file for your organization or respective CA to enable SSL for the Baffle Manager console.
   
   
   
   
6. Enter the login credentials for the Baffle Admin account you created and click SIGN IN. 
   
   
   

Next Steps

• Continue with Connect to a Keystore.