0% found this document useful (0 votes)
28 views74 pages

Sdi Install 5 0

Uploaded by

Oscar Tercero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
28 views74 pages

Sdi Install 5 0

Uploaded by

Oscar Tercero
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 74

Symantec Data Insight

Installation Guide

5.0

Symantec Proprietary and Confidential


August 2015
Symantec Data Insight Installation Guide
Documentation version: 5.0.2

Legal Notice
Copyright © 2015 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, the Checkmark Logo, Veritas, and the Veritas Logo are
trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and
other countries. Other names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED


CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Symantec as on premises
or hosted services. Any use, modification, reproduction release, performance, display or
disclosure of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.

Symantec Proprietary and Confidential


Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

http://www.symantec.com

Symantec Proprietary and Confidential


Technical Support
Technical Support maintains support centers globally. Technical Support’s primary
role is to respond to specific queries about product features and functionality. The
Technical Support group also creates content for our online Knowledge Base. The
Technical Support group works collaboratively with the other functional areas within
the company to answer your questions in a timely fashion.
Our support offerings include the following:
■ A range of support options that give you the flexibility to select the right amount
of service for any size organization
■ Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
■ Premium service offerings that include Account Management Services
For information about our support offerings, you can visit our website at the following
URL:
support.symantec.com
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.

Contacting Technical Support


Customers with a current support agreement may access Technical Support
information at the following URL:
support.symantec.com
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be at
the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
■ Product release level
■ Hardware information
■ Available memory, disk space, and NIC information

Symantec Proprietary and Confidential


■ Operating system
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Technical Support
■ Recent software configuration changes and network changes

Licensing and registration


If your product requires registration or a license key, access our technical support
Web page at the following URL:
support.symantec.com

Customer service
Customer service information is available at the following URL:
support.symantec.com
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Advice about technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs, DVDs, or manuals

Symantec Proprietary and Confidential


Support agreement resources
If you want to contact us regarding an existing support agreement, please contact
the support agreement administration team for your region as follows:

Asia-Pacific and Japan [email protected]

Europe, Middle-East, and Africa [email protected]

North America and Latin America [email protected]

Symantec Proprietary and Confidential


Contents

Technical Support .............................................................................................. 4

Chapter 1 Understanding the Symantec Data Insight


architecture .................................................................... 10
About Symantec Data Insight ......................................................... 10
About the Management Server ........................................................ 13
About the Collector worker node ...................................................... 13
About the Collector ................................................................. 14
About the Scanner .................................................................. 14
About the Indexer worker node ........................................................ 15
About the Self-Service Portal node ................................................... 15
About Communication Service ........................................................ 16
About the DataInsightWatchdog service ............................................ 16
About the DataInsightWorkflow service ............................................ 17
About Symantec Data Insight installation tiers .................................... 17
About three-tier installation ....................................................... 17
About two-tier installation ......................................................... 18
About single-tier installation ...................................................... 18

Chapter 2 Preinstallation ..................................................................... 19

Preinstallation steps ...................................................................... 19


Operating system requirements ....................................................... 20
System requirements for Symantec Data Insight components ................ 21
Supported file servers and platforms ................................................ 23
Supported browsers ...................................................................... 24
List of ports ................................................................................. 25
Web server version ....................................................................... 26

Chapter 3 Installing Symantec Data Insight ..................................... 27


About installing Symantec Data Insight ............................................. 27
Performing a single-tier installation ................................................... 28
Performing a two-tier installation ...................................................... 28
Performing a three-tier installation .................................................... 29
Installing the Management Server .................................................... 29

Symantec Proprietary and Confidential


Contents 8

Installing the worker node .............................................................. 32


Installing the Self-Service Portal ..................................................... 34
Installing a Linux Indexer worker node .............................................. 35

Chapter 4 Upgrading Symantec Data Insight .................................. 40

Upgrading Data Insight to 5.0 .......................................................... 40


Upgrading the product data using the Upgrade Data Wizard .................. 43
Names and locations of cache files .................................................. 44
Upgrading the Data Insight Web service for SharePoint ........................ 45

Chapter 5 Post-installation configuration ........................................ 46


Post-installation configuration ......................................................... 46
Registering the worker node and the Portal node ................................ 46
About post-installation security configuration for Management
Server .................................................................................. 48
About SSL client/server certificates ............................................ 48
Generating Management Console certificate ................................ 48
Configuring your corporate firewall ................................................... 54

Chapter 6 Installing Windows File Server agent .............................. 55


About Windows File Server agent .................................................... 55
Installing Windows File Server agent manually ................................... 56
Configuring the Windows File Server using
ConfigureWindowsFileServer.exe .............................................. 57

Chapter 7 Getting started with Data Insight .................................... 60


About the Data Insight Management Console ..................................... 60
Logging in to the Data Insight Management Console ........................... 60
Logging out of the Data Insight Management Console .......................... 61
Displaying online help ................................................................... 61

Chapter 8 Uninstalling Symantec Data Insight ................................ 62


Uninstalling Symantec Data Insight ................................................. 62

Appendix A Installing Data Insight using response files .................. 64


About response files ..................................................................... 64
Installing Data Insight using response files ......................................... 64
Sample response files ................................................................... 65

Symantec Proprietary and Confidential


Contents 9

Index .................................................................................................................... 73

Symantec Proprietary and Confidential


Chapter 1
Understanding the
Symantec Data Insight
architecture
This chapter includes the following topics:

■ About Symantec Data Insight

■ About the Management Server

■ About the Collector worker node

■ About the Indexer worker node

■ About the Self-Service Portal node

■ About Communication Service

■ About the DataInsightWatchdog service

■ About the DataInsightWorkflow service

■ About Symantec Data Insight installation tiers

About Symantec Data Insight


Symantec Data Insight is a solution for unstructured data governance. It monitors
file system activity and helps answer questions such as who is using the data, who
owns the data and who has access to the data. Data Insight gives you full visibility
into data access, which helps drive security remediation and compliance efforts.
Based on a distributed client-server architecture, a typical Data Insight deployment
consists of the following:

Symantec Proprietary and Confidential


Understanding the Symantec Data Insight architecture 11
About Symantec Data Insight

■ Management Server
See “About the Management Server” on page 13.
■ Collector worker nodes
See “About the Collector worker node” on page 13.
■ Indexer worker nodes
See “About the Indexer worker node” on page 15.
■ Self-Service Portal nodes
See “About the Self-Service Portal node” on page 15.
The way you deploy Symantec Data Insight depends on the size of your organization,
the geographical distribution of your datacenters, and the number of storage devices
that you want Data Insight to monitor.
See “About Symantec Data Insight installation tiers” on page 17.
Figure 1-1 illustrates the Data Insight architecture.

Symantec Proprietary and Confidential


Understanding the Symantec Data Insight architecture 12
About Symantec Data Insight

Figure 1-1 Data Insight architecture

Self-Service Portal
Portal
clients HTTPS

HTTPS
CEE

EMC Collector
Filer HTTPS

FPolicy Management
HTTPS
Server
NetApp Collector HTTPS
Filer HTTPS Indexer

Web service

SharePoint Collector
Farm HTTPS

HTTPS HTTPS

Windows Collector Indexer AD / LDAP / NIS / NIS+


File Server

HTTPS Directory
Service
RPC
HTTPS
Hitachi NAS Collector

HTTPS
HTTPS
Indexer

Unix Server Collector


(with VxFS)

Symantec Proprietary and Confidential


Understanding the Symantec Data Insight architecture 13
About the Management Server

About the Management Server


The Management Server is the main component of a Data Insight deployment and
hosts the product's web interface. In the single tier deployment, you can also
configure the Management Server to connect to multiple storage devices to extract
access events and store the extracted data locally to answer queries. Your
deployment can only have one Management Server. It also runs the action
framework that helps you to take remedial action on your data and enables you to
send archiving requests to Symantec Enterprise Vault.
The Data Insight Management Server performs the following functions:
■ Hosts the Web-based graphical user interface (GUI).
■ Scans directory services to obtain information about users in the organization
and correlates this information with the access events.
■ Ensures that the configuration data on the worker nodes is synchronized with
the Management Server's configuration data.
■ Authenticates the Data Insight users. It also runs the DataInsightWorkflow service
that enables actions on your data.
Users interact with Data Insight primarily through the Data Insight management
console. In this interaction, the user connects to the Web server through a Web
browser. By default, the Web server runs on HTTPS port 443.

About the Collector worker node


The Collector worker node is a host machine that scans file system and SharePoint
site collection hierarchies in your environment and collects access events from
Network Attached Storage (NAS) devices. Data Insight uses this information to
perform advanced reporting on the business owners of data and the access history
of data. By scanning for file metadata and security descriptors, it reports on the
loopholes of permissions on files and folders. The details that are captured by the
Collector node also help you find stale and orphan files in the scanned data
repositories.
You can have multiple Collector worker nodes attached to the Management Server
for load balancing. You can configure each collector node to connect to a subset
of storage devices to extract file system metadata and extract access events from
these devices. Each filer or Web application can have exactly one Collector node
associated with it.

Note: Symantec recommends that the Collector worker nodes share a fast network
with the storage devices.

Symantec Proprietary and Confidential


Understanding the Symantec Data Insight architecture 14
About the Collector worker node

A Collector worker node consists of the following components:


■ Collector
■ Scanner

About the Collector


The Collector (Audit Pre-processor) is a Data Insight process that enables you to
collect and parse access events from various storage repositories. The Collector
examines the access events available on these storage systems to parse the events
that report the read, write, create, delete, and rename activity on files or folders.
The access events are processed in batches that consist of several thousand events.
Each batch of events that are collected in a cycle is stored in a separate file with
appropriate timestamp that indicates the ending time of the last entry in that batch.
This data is pruned based on exclude rules or events that are not from the configured
shares or site collections, and is then segregated on a per-share basis. These files
are periodically shipped to the appropriate Indexer node.
Data Insight collects information about access events from various storage
repositories through exposed vendor APIs.
For detailed instructions on enabling audit service, see the Symantec Data Insight
Administrator's Guide.

About the Scanner


The Scanner is a Data Insight process that scans enterprise data repositories by
mounting CIFS and NFS network shares or accessing SharePoint servers using
the Data Insight Web Service. The Scanner captures the file or folder hierarchy of
a share or site collection and helps you collect in-depth information about files and
folders.
Note that the Scanner is a scheduled process. Schedule of the scan can be
controlled at the worker node level, filer/Web application level, or the share/site
collection level. For detailed information on administration topics (including how to
schedule scanning) see the Symantec Data Insight Administrator's Guide.
Depending on how the scans are scheduled, the Scanner stores the collected data
in separate database files, with appropriate timestamps. For each subsequent scan,
Scanner only scans the files that are added or modified since the last full scan.
These files are eventually uploaded to the Indexer node using the Communication
Service.
See “About the Indexer worker node” on page 15.
The Scanner captures information about the following attributes for each file or
directory:

Symantec Proprietary and Confidential


Understanding the Symantec Data Insight architecture 15
About the Indexer worker node

■ The size of a file.


■ The access time.
■ The creation time.
■ The modification time.
■ The Security ID of the file owner (SID).
■ The Access Control Lists (ACLs)
The details the Scanner captures helps in the computation of metadata-based data
ownership.

About the Indexer worker node


The access events and filesystem metadata that are collected from the storage
repositories are periodically uploaded to the Indexer node. You can choose to have
multiple indexers for load balancing purposes. Each storage repository can have
exactly one Indexer node associated with it. The indexer performs the following
functions:
■ Uses the data from the collector process and scanner to create index files.
■ Uses the index files to generate report output and service queries from the
Management Console.

About the Self-Service Portal node


The Self-Service portal provides an interface for custodians of data to take remedial
actions on the data classified by Symantec Data Loss Prevention. It also lets
custodians confirm ownership to folders that they own, and review entitlements to
those folders and classify sensitive files for retention based on thier business value.
Custodians take these actions based on workflows setup by the Data Insight
administrator guided by specific business requirements of the organization.
The Portal node is attached to the Management Server and runs the
DataInsightWorkflow and DataInsightPortal services. The portal interface, which is
separate from the main Data Insight console, can be customized and branded as
per customer's requirements.
The Self-Service Portal requires an Add-on license separate from Symantec Data
Loss Prevention and Data Insight license. The Portal is available beginning
Symantec Data Insight version 4.5. You can use the portal for remediating incidents
pulled from Data Loss Prevention 12.5 or later.

Symantec Proprietary and Confidential


Understanding the Symantec Data Insight architecture 16
About Communication Service

For information about configuring and using the Self-Service Portal, see the
Self-Service Portal Quick Reference Guide.

About Communication Service


Each node in a Data Insight deployment runs a process called Communication
Service. This service is responsible for all inter-node communication. Communication
Service uses Secure Sockets Layer (SSL) to secure communication between the
Data Insight nodes. The SSL keys are generated during installation.
By default, Communication Service connects through sever port 8383. This port
must be visible to bi-directional HTTPS traffic between all Data Insight nodes. The
service is also responsible for scheduling various tasks on a Data Insight node,
which include, scheduling file system scans and uploading files to the Indexer worker
node.

About the DataInsightWatchdog service


The DataInsightWatchdog service monitors the disk usage on the Windows File
Server agent node and prevents it from running out of disk space by implementing
safeguards. When the disk usage crosses the configured threshold the
DataInsightWatchdog service initiates the following safeguards:.
■ Ensures that the Communication service stops all activities that generate data
that can be reconstructed. For example, scanning.
■ Deletes all scan snapshot files, files in the scanner/err folder, and the volume
usage database files in the outbox folder. Deleting these files creates additional
disk space so that event monitoring can continue.
■ If the threshold is crossed again, and there is no other data that can be deleted,
the DataInsightWatchdog service stops the DataInsightWinnas service, which
in turn stops all event monitoring.
■ If the size of the <DATADIR>/data folder continues to grow, the
DataInsightWatchdog service completely stops the Communication service.
The safeguard mode is reset once the disk space is available over the specified
threshold. The DataInsightWinnas service and the Communication service, if
stopped, is started, and scanning resumes normally.
When the Windows File Server agent is in the safeguard mode, its status appears
as Failed on the Data Insight servers listing page on the Management Console.
In addition to enforcing safeguards on the Windows File Server nodes, the
DataInsightWatchdog service also runs on each Data Insight server. The service

Symantec Proprietary and Confidential


Understanding the Symantec Data Insight architecture 17
About the DataInsightWorkflow service

monitors the CPU, disk, and memory on each node. If CPU, disk, and memory are
consistently high for a server, the service sends out notifications to configured email
recipients.
The node safeguard feature is enabled by default with specific default values. You
can configure the thresholds for initiating the safeguard mode from the Settings >
Global Settings > Scanning and Event Monitoring page of the Management
Console.
For more information about configuring the threshold values for initiating the
safeguard mode, see the Data Insight Administrator's Guide.

About the DataInsightWorkflow service


DataInsightWorkflow service is responsible for execution of all actions initiated from
the Management Console or the Portal server, such as remediation of Data Loss
Prevention (DLP) incidents, handling permission remediation, archiving data, and
running custom action scripts to manage data. The service runs on the Management
Server and the Portal nodes. By default, the DataInsightWorkflow service runs on
port 8686.
The DataInsightWorkflow service is a multi-threaded execution framework which
executes actions in parallel.

About Symantec Data Insight installation tiers


Symantec Data Insight supports three different installation types: three-tier, two-tier,
and single tier. Your installation type depends on the total number of storage devices
that you want Data Insight to scan and their geographical distribution. Single-tier
installations are used for Proof of Concept (POC) deployments or smaller setups.
The type and scope of deployment should be determined with the help of Symantec.

About three-tier installation


To implement the three tier installation, you must install the Management server,
the Collector worker node, and the Indexer worker node on separate computers.
Depending on the size of your organization, you can choose to have multiple
Collector and Indexer worker nodes. When your storage repositories span
datacenters that are geographically apart, you need multiple Collector worker nodes.
When you have a very large number of storage repositories, you need multiple
Indexer worker nodes. However, it is recommended that the Management Server
and Indexer worker nodes must be co-located on the same network.

Symantec Proprietary and Confidential


Understanding the Symantec Data Insight architecture 18
About Symantec Data Insight installation tiers

About two-tier installation


To implement the two-tier installation, you must install the Management Server and
the Collector worker nodes on separate computers. When your storage repositories
span datacenters that are geographically apart, you need multiple Collector worker
nodes. In this mode, the Management Server also functions as the Indexer.

About single-tier installation


To implement the single-tier installation, you must install only the Management
Server. In this mode, the Management Server functions as the Collector as well as
the Indexer. Use single-tier installation only for POC deployments or smaller setups.

Note: You can start out with a single-tier deployment and gradually add worker
nodes to transition your system to a two-tier or a three-tier setup as the number of
sites and storage repositories increase.

Symantec Proprietary and Confidential


Chapter 2
Preinstallation
This chapter includes the following topics:

■ Preinstallation steps

■ Operating system requirements

■ System requirements for Symantec Data Insight components

■ Supported file servers and platforms

■ Supported browsers

■ List of ports

■ Web server version

Preinstallation steps
Before you install the Symantec Data Insight servers, verify the following installation
prerequisites:
■ Verify the server system requirements.
See “System requirements for Symantec Data Insight components” on page 21.
■ Gather the required materials.
■ The Data Insight host has a minimum of 10 GB of available disk space.
■ The Management Server node can connect to the domain controller of each
domain that needs to be scanned.
■ The Data Insight server that hosts the Collector worker node can connect to the
filers that it is supposed to monitor.
■ A bi-directional network connection on port 8383 exists between the Management
Server and the worker node(s), and between the worker node(s).

Symantec Proprietary and Confidential


Preinstallation 20
Operating system requirements

■ The firewall is configured to allow https/http access to the required ports. The
Management Server should also be allowed access to http://sort.symantec.com,
either directly or through a proxy, to get patch notifications.
■ The keystore file (commd.keystore) that enables secure communication between
the worker node and the Management Server is copied to the worker node from
the Management Server.
See “Registering the worker node and the Portal node” on page 46.
■ You have obtained the credentials required during software installation. These
credentials are required to log into the Data Insight Console after the installation.

Note: Additional credentials are required when you configure storage repositories
and directory services, and for scanning of shares or site collections. For a list
of these credentials, see the Symantec Data Insight Administrator's Guide.

■ Prepare for SMTP Alerting. When installing the Management Server, ensure
that you have the details of your SMTP server and authentication details, if any,
available.

■ Prepare for Exclude Rules. Gather a list of paths to be excluded while scanning.
For access events, gather a list of IP addresses, user accounts, or file extensions
whose access events should be ignored. For more details, see the Symantec
Data Insight Administrator's Guide.

Operating system requirements


Table 2-1 provides an overview of Symantec Data Insight operating system
requirements:

Table 2-1 Symantec Data Insight operating system requirements

Operating system supported Notes

Windows Server 2008 Windows Server 2008 (64-bit ) Standard Edition


and Enterprise Edition

Windows Server 2008 R2 (64-bit) Standard Edition


and Enterprise Edition

Windows Server 2012 Windows Server 2012 (64-bit )

Windows Server 2012 R2 (64-bit )

Symantec Proprietary and Confidential


Preinstallation 21
System requirements for Symantec Data Insight components

Table 2-1 Symantec Data Insight operating system requirements (continued)

Operating system supported Notes

Red Hat Enterprise Linux Version 5.0 update 5 or higher

Version 6.0 update 3 or later

Version 7

Only 64 bit packages are supported.


Note: RHEL version 5.0 update 5 or higher is only
supported if you are upgrading from an earlier
version of Data Insight.

VMware 64 bit on Windows 2008

64 bit on Windows 2012

Red Hat Enterprise Linux version 6 update 3 or


later

Red Hat Enterprise Linux version 7


Note: You must ensure that VMware Tools is
installed on VMware virtual machines.

Note: 32-bit on Windows 2008 is supported only for backward compatibility with
Windows File Server nodes installed with Data Insight versions 4.0 and 4.5.

System requirements for Symantec Data Insight


components
Table 2-2 lists the minimum system requirements for Symantec Data Insight
components.

Table 2-2 Minimum system requirements for Symantec Data Insight


components

Component System requirements

Management Server ■ Windows Server 2008 or 2008 R2, 2012 or 2012 R2.
The operating system must be 64 bit.
■ 8 GB RAM
■ 4 CPUs

Symantec Proprietary and Confidential


Preinstallation 22
System requirements for Symantec Data Insight components

Table 2-2 Minimum system requirements for Symantec Data Insight


components (continued)

Component System requirements

Indexer worker node ■ Windows Server 2008, or 2008 R2, 2012 or 2012 R2.
The operating system must be 64 bit.
Red Hat Enterprise Linux version 5.0 update 5 or higher,
version 6.0 update 3 or higher, or version 7.0; 64 bit only.
■ 8 GB RAM
■ 4 CPUs

RHEL version 5.0 update 5 or higher is only supported if


you are upgrading from an earlier version of Data Insight.

Collector worker node ■ Windows Server 2008, or 2008 R2; 64 bit


Windows Server 2012 or Windows Server 2012 R2. The
operating system must be 64 bit.
■ 4 GB RAM
■ 2 CPUs

Self-Service Portal node ■ Windows Server 2008, Windows Server 2008 R2,
Windows Server 2012, Windows Server 2012 R2.
The operating system must be 64 bit.
■ 8 GB RAM
■ 4 CPUs

Windows File Server agent ■ Windows Server 2008. The operating system; 64 bit
node Windows Server 2012 or Windows Server 2012R2. The
operating system must be 64 bit.
■ 4 GB RAM
■ 2 CPUs

Note: 32-bit on Windows 2008 is supported only for


backward compatibility with Windows File Server nodes
installed with Data Insight versions 4.0 and 4.5.

SharePoint Web Service Microsoft SharePoint 2007, SharePoint 2010, or SharePoint


2013

Note: The type and scope of deployment should be determined with the help of
Symantec.

Symantec Proprietary and Confidential


Preinstallation 23
Supported file servers and platforms

Supported file servers and platforms


Table 2-3 lists the Network Attached Storage (NAS) devices and SharePoint
platforms that Data Insight supports.

Table 2-3 Supported file servers and platforms

Device Version

Hitachi NAS Hitachi NAS 12.x.

NetApp ONTAP From version 7.3.5 to version 8.1.x

ONTAP 8.0.x and ONTAP 8.1.x are supported in 7-mode


only.

ONTAP 8.2.x is supported in 7-mode and Cluster-Mode.

EMC Celerra Version 5.6.45 or higher, VNX

EMC Isilon OneFS version 7.1 or higher

Windows File Server Windows Server 2008, or 2008 R2, 32 bit and 64 bit

Windows Server 2012, or 2012 R2 64 bit


Note: 32-bit on Windows 2008 is supported only for
backward compatibility with Windows File Server nodes
installed with Data Insight versions 4.0 and 4.5.

Veritas File System (VxFS) 6.0.1 or higher, configured in standalone or clustered mode
server using Symantec Cluster Server (VCS)
Note: For VCS support, Clustered File System (CFS) is
not supported.

Microsoft SharePoint Microsoft SharePoint Server 2007

Microsoft SharePoint Server 2010

Microsoft SharePoint Server 2013

Box (Cloud-based content -


manangement platform)

Symantec Data Loss Prevention Versions 12.0.1, 12.5, and 14.0


(DLP)

Symantec Enterprise Vault Versions 10.0.4, 11.0, and 11.0.1

Note the following:

Symantec Proprietary and Confidential


Preinstallation 24
Supported browsers

■ Symantec strongly recommends that you upgrade your NetApp filer to the latest
available firmware. Symantec recommends ONTAP 7.3.5 or higher.
■ For all supported versions of 7-mode NetApp filers, Data Insight supports CIFS
protocol over NTFS and NFS protocol v3. NFS v4 is not supported.
For supported versions of Cluster-Mode NetApp filers, Data Insight supports
only CIFS protocol over NTFS. NFS protocol is not supported.
Data Insight supports the following volume/qtree styles:
■ NTFS and Mixed for CIFS protocol.
■ UNIX and Mixed for NFS protocol on 7-mode Netapp filers only.

■ For all supported versions of EMC Celerra/VNX and EMC Isilon, Data Insight
supports only CIFS protocol over NTFS. NFS protocol is not supported. Data
Insight supports the latest Common Event Enabler (CEE), version 6.3.1. Data
Insight still supports the older version of CEE and VEE, but Symantec
recommends that you move to the latest EMC Common Event Enabler, which
you can download from the EMC website
■ To use the Self-Service Portal to remediate DLP incidents, ensure that Symantec
Data Loss Prevention (DLP) version 12.5 or higher is installed. Data Insight
uses the DLP Smart Response Rules to remediate incidents, which are
introduced in DLP version 12.5.

Supported browsers
Table 2-4 provides an overview of the browser support for Symantec Data Insight

Table 2-4 Symantec Data Insight Supported browsers

Browser Versions

Internet Explorer ■ Version 10 and version 11.

Mozilla Firefox ■ Version 38.0 or higher

Google Chrome ■ Version 43.0.2357.124 or higher

Note: Symantec recommends that you install the latest available version of a
browser.

Symantec Proprietary and Confidential


Preinstallation 25
List of ports

List of ports
This section lists the default ports used by various Data Insight services, and devices
that Data Insight communicates with.
See “Configuring your corporate firewall” on page 54.

Table 2-5 List of default ports

Component Default Port

Management Server Management Console, HTTPS port 443

Communication service, HTTPS port 8383

DataInsightConfig service, port 8282

Workflow Service HTTPS, port 8686

Standard RPC ports 139 and 445

Collector worker node\ Indexer plus Collector Communication service, HTTPS port 8383
worker node
Standard RPC ports 139 and 445

DataInsightConfig service, port 8282

NetApp Cluster-Mode service, TCP port 8787


(configurable)

Generic Collector service, HTTPS port 8585


(configurable)

Indexer worker node Communication service, HTTPS port 8383

DataInsightConfig service, port 8282

File Server For Net App filers - HTTP port 80 (optional),


standard RPC ports 139 and 445, and 2049
(TCP,UDP) and 111 (TCP,UDP) for NFS

For NetApp Cluster-Mode, HTTP port 80

On EMC Control Station - HTTP port 80 and


HTTPS port 443

On Windows File Servers managed without


an agent - Standard RPC ports 139 and 445

For Veritas File System servers - HTTPS port


5634, and 2049 (TCP,UDP) and 111
(TCP,UDP) for NFS

Symantec Proprietary and Confidential


Preinstallation 26
Web server version

Table 2-5 List of default ports (continued)

Component Default Port

Windows File Server agent node Communication Service, HTTPS port 8383

DataInsightConfig service, port 8282

Standard RPC ports 139 and 445

SharePoint Web Service SharePoint Web Service is accessed over


the same port as the configured Web
Applications. This port on the SharePoint Web
Servers should be accessible from the
Collector node.

LDAP Directory Server Port 389 or 636 (for TLS)

NIS Server Ports 111 (TCP,UDP), 714 (TCP), 711 (UDP)

NIS+ Server in NIS compatibility mode Ports 111 (TCP,UDP), 714 (TCP), 711 (UDP)

Symantec Data Loss Prevention (DLP) HTTPS port 443

Symantec Enterprise Vault Server HTTP port 80 or as configured by Enterprise


Vault Server web service.

Self-Service Portal server Portal Service, HTTPS port 443

Workflow Service, HTTPS port 8686

DataInsightConfig, service port 8282

Communication service, HTTPS port 8383

Note: The default ports for Data Insight components are configurable at the time of
installation.

Web server version


Symantec Data Insight uses Apache Tomcat 7.0.53.

Symantec Proprietary and Confidential


Chapter 3
Installing Symantec Data
Insight
This chapter includes the following topics:

■ About installing Symantec Data Insight

■ Performing a single-tier installation

■ Performing a two-tier installation

■ Performing a three-tier installation

■ Installing the Management Server

■ Installing the worker node

■ Installing the Self-Service Portal

■ Installing a Linux Indexer worker node

About installing Symantec Data Insight


You can perform a three-tier, two-tier, or single-tier installation of Symantec Data
Insight.
Note the following:
■ At the end of the installation process, Data Insight creates a file
install_summary.html in the DataInsight\log\install folder. This file
records all the selections that are made on the installation wizard for a particular
node.
■ Data Insight records the upgrade history for the node in the
install_history.log file in the DataInsight\log\install folder.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 28
Performing a single-tier installation

Both the files provide information that enable you to troubleshoot errors that may
occur during the installation process.

Performing a single-tier installation


The computer on which you install Symantec Data Insight must contain only the
software that is required to run the product. Symantec does not support installing
Symantec Data Insight on a computer with non-essential applications.
To perform a single-tier installation
1 Perform the preinstallation steps.
See “Preinstallation steps” on page 19.
2 Install the Management Server.
See “Installing the Management Server” on page 29.
Optionally install one or more Portal nodes.
See “Installing the Self-Service Portal ” on page 34.
3 Perform other post-installation configuration.
See “Post-installation configuration” on page 46.

Performing a two-tier installation


To perform a two-tier installation
1 Perform the preinstallation steps.
See “Preinstallation steps” on page 19.
2 Install the Management Server.
See “Installing the Management Server” on page 29.
Optionally install one or more Portal nodes.
See “Installing the Self-Service Portal ” on page 34.
3 Install one or more Collector worker nodes.
See “Installing the worker node ” on page 32.
4 Register the worker nodes with the Management Server.
See “Registering the worker node and the Portal node” on page 46.
5 Perform other post-installation configuration.
See “Post-installation configuration” on page 46.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 29
Performing a three-tier installation

Note: Choose the two-tier installation mode when your filers are distributed across
geographically remote locations that are far away from the Management Server.
Install at least one Collector for each remote location. For example, the main data
center of your organization is in New York, with additional filers in Singapore and
Australia. In this case, the Management Server must be located in New York and
there must be at least one Collector each in Singapore and Australia.

Performing a three-tier installation


To perform a three-tier installation
1 Perform the preinstallation steps.
See “Preinstallation steps” on page 19.
2 Install the Management Server.
See “Installing the Management Server” on page 29.
Optionally install one or more Portal nodes.
See “Installing the Self-Service Portal ” on page 34.
3 Install one or more Collector worker nodes.
See “Installing the worker node ” on page 32.
4 Install one or more Indexer worker nodes.
See “Installing the worker node ” on page 32.
See “Installing a Linux Indexer worker node” on page 35.
5 Register the worker nodes with the Management Server.
See “Registering the worker node and the Portal node” on page 46.
6 Perform other post-installation configuration.
See “Post-installation configuration” on page 46.

Installing the Management Server


Symantec recommends that you disable any antivirus, pop-up blocker, and registry
protection software before you begin the Symantec Data Insight installation process.
Throughout the installation process, the setup wizard displays installation information
and options. Use the following options to navigate through the installation process:

Symantec Proprietary and Confidential


Installing Symantec Data Insight 30
Installing the Management Server

To install the Management Server


1 Log on (or remote logon) as Administrator to the computer that is intended for
the Management Server.
2 To launch the installer, double-click
Symantec_Data_Insight_windows_5_0_0_N_x64.exe,

where,
■ N is the build number.
If UAC is enabled, right-click on the installer and choose the Run as
administrator option for elevated administrative rights during the installation.

3 On the Welcome to the Symantec Data Insight Setup Wizard window, click
Next.
Symantec recommends that you let the installation process complete once you
start it. You can uninstall the software after the installation is complete.
4 In the License Agreement window, select I accept the agreement, and click
Next.
5 In the Select Destination Directory window, browse to the directory in which
you want Data Insight to be installed. By default, the destination directory is
C:\Program Files\Symantec\DataInsight.

6 In the Configure Type of Install window, select Management Server.


Select a location with enough free space and high-performance disks. It is
recommended that you choose a location other than the system volume for
the data directory.
Click Next.
7 In the Configure Data Directory window, select the location where you want
to store the product data.
Click Next.
8 In the Management Server Properties window, enter the following details:

Management Server The Fully Qualified host name (FQHN) of the current host.
Address
The remote worker nodes use this address to
communicate with the Management Server

Web Server port The secure (HTTPS) Web server port on which you can
access the Web interface of the Management Server.

The installer validates whether the appropriate ports are free to accept
connections.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 31
Installing the Management Server

9 Select the Add Domain <Name of domain> to the list of domains scanned
by Data Insight checkbox, if you want the Management Server to automatically
start scanning the Active Directory domain which the Management Server is
a part of. If the Management Server is not part of any Active Directory domain,
this option is disabled.
For information on customizing the Active Directory domains to be scanned,
see the Symantec Data Insight Administrator's Guide.
Click Next.
10 In the Configure Networking window, enter the following information, and
click Next:

Communication Service See “About Communication Service” on page 16.


Port

Configuration Service Port Configuration service is a process that provides interface


to configuration and other product data stored on the local
system. This service port does not need to be accessible
outside the host machine.

11 In the Configure Product Administrator window, enter the following


information , and click Next:
■ Name of the user who can log in to Symantec Data Insight with Product
Administrator privileges
■ Name of the domain to which the user belongs

Note: The product administrator must be a local user or must belong to the
same domain as the Management Server.

12 Review the options that you have selected in the installation wizard in
Installation Summary window.
13 To start the installation process, click Begin Install.
14 The Installing window appears and displays a progress bar.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 32
Installing the worker node

15 The Completing the Symantec Data Insight setup wizard window provides you
an option to start Data Insight Services.
Before you start services, Symantec recommends that you check for available
patches at https://sort.symantec.com. If there is a patch available, install the
patch first and then start the services.
The next screen provides you an option to launch the Management Server on
exit. Select this option to launch the Console and complete setting up the
Management Server.
16 To exit setup, click Finish.

Note: Once you install the Management Server, log on to the Management Server
to configure the SMTP settings and other product users, as necessary.

Installing the worker node


Throughout the installation process, the setup wizard displays installation information
and options. Use the following options to navigate through the installation process:
Installing the worker node
1 Log on (or remote logon) as Administrator to the computer that is intended for
the worker node.
2 Double-click Symantec_Data_Insight_windows_5_0_0_N_x64.exe to launch
the installer.
Where, N is the build number.
If UAC is enabled, right-click on the installer and choose the Run as
administrator option for elevated administrative rights during the installation.
3 The Welcome to the Symantec Data Insight Setup Wizard window appears.
Click Next.
4 In the License Agreement window, select I accept the agreement, and click
Next.
5 In the Select Destination Directory window, browse to the directory in which
you want Data Insight to be installed. By default, the destination directory is
C:\Program Files\Symantec\DataInsight.

Note: You cannot install the worker node on the same machine as the
Management Server.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 33
Installing the worker node

6 Depending on your deployment scenario, in the Configure Type of Install


window, select Indexer and Collector or Collector as the installation option.
7 Click Next.
8 In the Configure Data Directory window, browse to the location where you
want to store the product data.
Select a location with enough free space and high-performance disks. It is
recommended that you choose a location other than the system volume for
the data directory.
9 In the Worker Node Address window, enter the Fully Qualified Host Name
(FQHN) of the server. This name must be resolvable from the Management
Server and the other worker nodes.
10 In the Configure Networking window, enter the following information:

Communication Service Port See “About Communication Service” on page 16.

Configuration Service Port Configuration service is a process that provides


interface to configuration and other product data stored
on the local system. This service port does not need to
be accessible outside the host machine.

Note: The installer validates whether the appropriate ports are free to accept
connections.

11 Review the options that you have selected in the installation wizard in
Installation Summary window.
12 To start the installation process, click Begin Install.
13 To register the worker node with the Management Server after you exit setup,
select the Launch Worker Node Registration Wizard after exit checkbox.
See “Registering the worker node and the Portal node” on page 46.
14 To exit setup, click Finish.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 34
Installing the Self-Service Portal

Installing the Self-Service Portal


Installing the Self-Service Portal
1 Log on (or remote logon) as Administrator to the computer that is intended as
the Portal.
2 Double-click
Symantec_Data_Insight_windows_5_0_0_N_x64_architecture.exe to launch
the installer.
where, N is the build number.
If UAC is enabled, right-click on the installer and choose the Run as
administrator option for elevated administrative rights during the installation.
3 The Welcome to the Symantec Data Insight Setup Wizard window appears.
Click Next.
4 In the License Agreement window, select I accept the agreement, and click
Next.
5 In the Select Destination Directory window, browse to the directory in which
you want Data Insight to be installed. By default, the destination directory is
C:\Program Files\Symantec\DataInsight.

Note: You cannot install the portal node on the same computer as the
Management Server.

6 Depending on your deployment scenario, in the Configure Type of Install


window, select Self-Service Portal as the installation option.
7 Click Next.
8 In the Configure Data Directory window, browse to the location where you
want to store the product data.
Select a location with enough free space and high-performance disks. It is
recommended that you choose a location other than the system volume for
the data directory.
9 In the Worker Node Address window, enter the Fully Qualified Host Name
(FQHN) of the host. This host name must be resolvable from the Management
Server and the other worker nodes.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 35
Installing a Linux Indexer worker node

10 In the Configure Networking window, enter the following information:

Communication Service Port See “About Communication Service” on page 16.

Configuration Service Port Configuration service is a process that provides


interface to configuration and other product data that
is stored on the local system. This service port does
not need to be accessible outside the host machine.

11 In the Configure Self-Service Portal window, enter the port numbers for the
Self-Service Portal service and the Workflow service. By default the port
numbers are 443 for the Portal service and 8686 for the Workflow service.

Note: The installer validates whether the appropriate ports are free to accept
connections.

12 Review the options that you have selected in the installation wizard in
Installation Summary window.
13 To start the installation process, click Begin Install.
14 To register the worker node with the Management Server after you exit setup,
select the Launch Worker Node Registration Wizard after exit check box.
See “Registering the worker node and the Portal node” on page 46.
15 To exit setup, click Finish.
Emails for remediation tasks are sent to data owners from the Portal Server. Ensure
that you can connect to the configured SMTP server from the Portal server. Similarly,
for incident remediation, the Portal node communicates with the DLP server. Ensure
that the portal node can connect to the DLP server.

Installing a Linux Indexer worker node


You can choose to install the Indexer on a server installed with Red Hat Enterprise
Linux 5.0. The Linux indexer works exactly the same way as the Windows indexer.
Before you install the Indexer on the Linux server, ensure the following:
■ The compat-expat1 RPM resource package is installed on the server.
■ The firewall is configured to allow access to port 8383 between the Management
Server, Indexer, and Collector.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 36
Installing a Linux Indexer worker node

Installing the worker node


1 SSH to the Linux server where you want to install the worker node . You can
install the package either as root or as non-root user. Ensure that you are
logged in as that user.
2 Run the following command to launch the installer package:
sh Symantec_Data_Insight_linux_5_0_0<N>_<RHELVER>_x64.sh, where N
is the build number, and RHELVER is RHEL6 or RHEL7 depending on the
version of your operating system.
3 The Welcome to the Symantec Data Insight Setup Wizard window appears.
Click Next.
4 In the License Agreement window, select I accept the agreement, and click
Next.
5 In the Select Destination Directory window, browse to the directory in which
you want the Indexer to be installed. By default, the destination directory is
/opt/DataInsight.

When installing as non-root, ensure that the user has write privileges to the
install location.
6 Click Next.
7 In the Configure Data Directory window, browse to the location where you want
to store the product data.
Select a location with enough free space and high-performance disks.
8 In the Worker Node address window, enter the Fully Qualified Host Name
(FQHN) or IP address of the host. Ensure that the Management Server and
the other worker nodes are able to resolve this hostname.
9 In the Configure Networking window, enter the following information:

Communication Service Port See “About Communication Service” on page 16.

Configuration Service Port Configuration service is a process that provides


interface to configuration and other product data stored
on the local system. This service port does not need to
be accessible outside the host machine.

Note: The installer validates whether the appropriate ports are free to accept
connections.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 37
Installing a Linux Indexer worker node

10 To register the worker node with the Management Server after you exit setup,
select the Launch Worker Node Registration Wizard after exit checkbox.
See “Registering the worker node and the Portal node” on page 46.
11 To exit setup, click Finish.

Symantec Proprietary and Confidential


Installing Symantec Data Insight 38
Installing a Linux Indexer worker node

12 Optionally, to use an alternate location for the log files, edit the following files
that are located in the /opt/DataInsight/conf directory, to replace
/opt/DataInsight/log with the new log location:

cli_logging.properties

dscli_logging.properties

commd_logging.properties

watchdog_logging.properties

webserver_logging.properties

Export the new log directory using the following command:


export MATRIX_LOG_DIR=/DataInsight/log

Add the export entry to .bash_profile file of the user to reflect the change
when you restart the system.
Execute the following command to update the profile path:
source .bash_profile

Note: If you are installing Data Insight as non-root and have , but have, at an
earlier time, installed and run the services as root, you must first delete the
following files:
rm /tmp/i4jdaemon__DIdata_DataInsight_bin_DataInsightComm

rm /tmp/i4jdaemon__DIdata_DataInsight_bin_DataInsightWatchdog

rm /var/run/queryd.pid

Symantec Proprietary and Confidential


Installing Symantec Data Insight 39
Installing a Linux Indexer worker node

13 When installing as a non-root user, after you have registered this node with
the Management Server, add following entries to /etc/rc.local to
automatically start the services after you restart the system:

su – <name of non-root user>

# export MATRIX_LOG_DIR=/DataInsight/log (Optional)

/opt/DataInsight/bin/DataInsightConfig start

/opt/DataInsight/bin/DataInsightComm start

/opt/DataInsight/bin/DataInsightWatchdog start

logout

To stop services during shutdown, add the following entries to


/etc/rc.local.shutdown:

/opt/DataInsight/bin/DataInsightWatchdog stop

/opt/DataInsight/bin/DataInsightComm stop

/opt/DataInsight/bin/DataInsightConfig stop

Symantec Proprietary and Confidential


Chapter 4
Upgrading Symantec Data
Insight
This chapter includes the following topics:

■ Upgrading Data Insight to 5.0

■ Upgrading the product data using the Upgrade Data Wizard

■ Names and locations of cache files

■ Upgrading the Data Insight Web service for SharePoint

Upgrading Data Insight to 5.0


You can upgrade an existing Data Insight Server with Symantec Data Insight
versions 4.0.x and 4.5.x to 5.0. Data Insight does not support upgrading a version
before 4.0 directly to 5.0. If the server is installed with a version before 4.0, you
must upgrade to version 4.0 or 4.5 before you can upgrade to 5.0.
All Data Insight worker nodes must be at the same level of major version as the
Management Server. Windows file server agents can be one level lower than the
Management Server version. Thus, Management Server 5.0 is compatible with the
4.5 and 4.0 version of Windows File Server agents. This gives you enough time to
plan the upgrade of your Windows File Server agents.
Before you begin the upgrade to Symantec Data Insight 5.0, note the following:
■ As a best-practice measure, Symantec recommends that you take a backup of
the server's data folder.
■ In case of a multi-node setup, the upgrade setup must be run first on the
Management Server, then on the Indexer nodes, followed by the Collector nodes.

Symantec Proprietary and Confidential


Upgrading Symantec Data Insight 41
Upgrading Data Insight to 5.0

You can upgrade the Windows File Server agent only after upgrading the
Collector nodes.
■ If you have archived older index segments, ensure that you restore the archived
segments before upgrading the server.
■ If you are upgrading the server using a Remote Desktop Connection (RDC),
ensure that you do not set automatic log-off for the session.
■ The upgrade from 3.0.1 is likely to take a longer time since new cache files are
generated on each index folder for a share for the first time
See “Names and locations of cache files” on page 44.
■ The size of the data directory on the Indexer nodes increases by about 5% after
the upgrade from 3.0.1. The increase in size depends on the time period
configured for capturing activity data. The increase in the size of the data
directory may also vary depending on the number of audit events that are
captured on configured shares.
Ensure that you complete the following tasks after the upgrade:
■ Configure the primary attributes that are used to classify users for the purpose
of generating advanced analytics data.
■ Configure the time period for computing advanced analytics.
■ Refresh the Data Insight Dashboard data.
■ Verify that the .Net Framework version 4.5 is installed on the following:
■ Collector nodes monitoring the Windows SharePoint servers and the EMC
Isilon filers.
■ The Management Server serving an Enterprise Vault server.

For information about configuring settings for advanced analytics, see the Symantec
Data Insight Administrator's Guide.
To upgrade Data Insight to 5.0:
1 Log in as Administrator to the server that you want to upgrade.
2 When the setup prompts you to upgrade from current version to 5.0, click Yes.
3 In the Welcome to the Symantec Data Insight Setup Wizard window, click
Next.
4 In the License Agreement window, select I accept the agreement, and click
Next.

Symantec Proprietary and Confidential


Upgrading Symantec Data Insight 42
Upgrading Data Insight to 5.0

5 You must upgrade the product data before you start Data Insight services. In
the Completing the Symantec Data Insight 5.0 Upgrade Wizard window,
select the Launch the Upgrade Data Wizard check box.
6 Click Finish to exit the setup.
To upgrade a Linux Indexer
1 In case of a Linux indexer, log in as the appropriate user (root or non-root)
configured to run the product.
Note that if you had earlier installed the Linux Indexer as root and later switched
to using a non-root user, you must perform the following steps before you start
the Linux installer for upgrade. If you do not perform these steps, the installer
you launch with non-root credentials cannot detect the previous version of Data
Insight on the server.
■ Log in to the machine as root user.
■ Copy the following file to a temporary location:
~/.java/.userPrefs/com/install4j/installations/prefs.xml.

■ Log out and log back in as the non-root user.


■ Create the following directory:
~/.java/.userPrefs/com/install4j/installations/

■ Change to the directory you have created.


■ Take a backup of prefs.xml.
■ Overwrite prefs.xml in this folder with the one you copied to the prefs.xml
that was copied to the temporary location.

2 To launch the Symantec Data Insight 5.0 installer, double-click


Symantec_DataInsight_linux_5_0_0_N_RHEL6_x64.exe, or
Symantec_DataInsight_linux_5_0_0_N_RHEL7_x64.exe where,

N is the build number.

3 When the setup prompts you to upgrade from current version to 5.0, click Yes.

Note: On Linux, if the installer does not prompt you for upgrade because it
does not detect the earlier version of Data Insight on the machine, ensure that
you first follow the instructions in 1.

See “Upgrading the product data using the Upgrade Data Wizard” on page 43.

Symantec Proprietary and Confidential


Upgrading Symantec Data Insight 43
Upgrading the product data using the Upgrade Data Wizard

Note: You can also upgrade the Windows File Server agent and Collector nodes
using the Management Console. For more details, see the Symantec Data Insight
Administration Guide.

Upgrading the product data using the Upgrade Data


Wizard
Before you upgrade data, Symantec recommends that you check for product updates
on https://sort.symantec.com. If updates are available, you must apply the product
update, and then proceed to upgrade the data.
To upgrade the product data using the Upgrade Data Wizard
1 Launch the Upgrade Data wizard.
2 On the Upgrade Product Data window, select the Make temporary backup
of data before upgrading check box.
Symantec recommends that you take a backup of the product data before
starting the data upgrade. Taking a backup ensures that the original data can
be restored from backup if the upgrade fails. Data Insight deletes the backup
after the upgrade completes successfully.
3 Create the backup of the product data. To select a backup location, browse to
the location where you want the backup data to be stored.
Before you begin the upgrade, ensure that there is enough free space available
in the target location to take a backup. Data Insight requires that your system
must have free space to accommodate your data directory and an additional
5% of data size for the upgrade to succeed. If enough free space is not
available, the upgrade wizard fails. If the upgrade fails, relaunch the upgrade
wizard by executing the command INSTALL_DIR\bin\UpgradeData.exe
(Windows) or /opt/DataInsight/bin/UpgradeData (Linux).
4 Select the following check boxes:
■ Automatically restore original data from backup if upgrade fails
■ Delete backup on successful upgrade

5 If an index is taking a long time to upgrade, or if the upgrade of an index is fails


for some unknown reason, you can enter the number of such indexes in the
Skip indexes field. Specify a comma-separated list of the indexes you want
to skip. The wizard skips the specified indexes and continues with the data
upgrade process.

Symantec Proprietary and Confidential


Upgrading Symantec Data Insight 44
Names and locations of cache files

6 Specify the number of index upgrade failures after which the installer must exit
the data upgrade process.
7 You can upgrade up to 10 indexes in parallel. Select a number from the Number
of indexes to upgrade in parallel drop-down.
Just before an index is upgraded, a copy of that index is saved in the same
folder where the index resides. This requires additional disk space during the
upgrade. Total additional disk space depends on the number of indexes being
upgraded in parallel. If you are short on disk space on data volume, you can
select the option to Skip index back up before upgrade. Selecting this option
can also make the upgrade process faster. You should select this option only
if you have a backup of your data directory so that indexes that fail to upgrade
can be restored at a later time.
8 Click Upgrade Now to start the data upgrade process.
9 The Data Upgrade window appears and displays a progress bar while upgrading
the product data. The time taken in the upgrade process depends upon the
size of the data.
10 On successful completion of the data upgrade, click OK.
11 On the Start Data Insight Services window, select Start Data Insight Services
now. Click Next.
12 Click Finish to exit the wizard.

Names and locations of cache files


Data Insight generates cache files on the Indexer node at the time of installation or
upgrade.
Data Insight creates the following persistent activity index files in each index folder
for a share:
■ activityidx.info

■ dir-activity.idx.<timestamp>

■ file-activity.idx.<timestamp>

The persistent cache files contain pre-calculated summary information about users
and their activity on the files and folders during the time period configured for
advanced analytics. The indexer process uses the information in these files to
expedite the process of servicing queries related to activity, reports, and Social
Network Graph.
Each index folder for a share may also contain the following temporary files:

Symantec Proprietary and Confidential


Upgrading Symantec Data Insight 45
Upgrading the Data Insight Web service for SharePoint

Table 4-1
Name Description

file-activity.idx.<timestamp>.<version> Uncompressed versions of the


file-activity.idx.<timestamp> and
dir-activity.idx.mmap.<timestamp>.<version>
dir-activity.idx.<timestamp> files.

Since the activity index files are stored in a


compressed form on disk, Data Insight
creates the uncompressed files when any
process attempts to read the activity index.
The files remain on disk while the process is
reading the files, and are deleted when the
process finishes reading the activity index.

rolldir-activity.idx.<timestamp>.<version> Temporary file created when Data Insight rolls


up the activity count for folders. The file
remains on the disk while the process is
reading the files, and are deleted when the
process finishes reading the activity index.

file-activity.idx.tmp.<timestamp>.<version> Temporary files created when Data Insight


calculates owners for files and folders. The
file-activity.idx.attr.<timestamp>.<version>
files remain on disk while the query or report
dir-activity.idx.attr.<timestamp>.<version> processes the share. Data Insight deletes
these files once the share is processed.

If the process that creates these temporary files stops unexpectedly, Data Insight
deletes these files during the next run of the IndexWriterJob or the ActivityIndexJob
processes on the shares.

Upgrading the Data Insight Web service for


SharePoint
Data Insight does not support an automatic upgrade of the Data Insight Web service
on the SharePoint server. To upgrade to the latest version, uninstall the previous
version from the SharePoint server and install the latest version.
For detailed information on installing the Data Insight SharePoint Web service, see
the Symantec Data Insight Administrator's Guide.

Symantec Proprietary and Confidential


Chapter 5
Post-installation
configuration
This chapter includes the following topics:

■ Post-installation configuration

■ Registering the worker node and the Portal node

■ About post-installation security configuration for Management Server

■ Configuring your corporate firewall

Post-installation configuration
You must complete the following configuration after you finish installing Symantec
Data Insight:
■ Register the worker node with the Management Server.
See “Registering the worker node and the Portal node” on page 46.
■ Configure post-installation security settings.
See “About post-installation security configuration for Management Server”
on page 48.
■ Configure your corporate firewall.
See “Configuring your corporate firewall” on page 54.

Registering the worker node and the Portal node


You must register the worker node and the portal node with the Management Server
to enable communication between them.

Symantec Proprietary and Confidential


Post-installation configuration 47
Registering the worker node and the Portal node

You do not need to perform these steps if you have upgraded a worker node.
To register the worker and portal nodes with the Management Server
1 Do one of the following:
■ To launch the Worker Node Registration Wizard immediately after
completing the Worker Node installation wizard, select the Launch Worker
Node Registration Wizard after exit checkbox.
■ To register the worker node at a later time, execute
RegisterWorkerNode.exe located in the Data Insight installation bin
directory.

2 In the Register Worker Node with Management Server window, enter the
following information:
■ Fully Qualified Host Name (FQHN) of the Management Server host
■ Location of the Communication Service keystore file
The keystore file, commd.keystore, enables secure communication between
worker nodes and the Management Server. It is present in the keys
subfolder of the Management Server's data directory. You must manually
copy the keystore file from the Management Server machine to a temporary
location on the worker node. By default the data directory is located on the
Management Server at C:\DataInsight\data. It might be different for your
setup. You can locate the data directory by reading the file C:\Program
Files\Symantec\DataInsight\datadir.conf on the Management Server
or by running the configdb -d command.

3 Click Register Now.


4 After the successful registration of the worker node, delete the commd.keystore
file from the temporary location.
5 On the Start Data Insight Services window, select Start Data Insight Services
now.
6 On the Completing the node registration screen, click Finish.
You must log in to the Data Insight Management Server to complete further
configuration of the worker node.

Symantec Proprietary and Confidential


Post-installation configuration 48
About post-installation security configuration for Management Server

About post-installation security configuration for


Management Server
Symantec Data Insight secures communications between all Data Insight servers.
This task is accomplished by encrypting the transmitted data and requiring servers
to authenticate with each other.
The following sections describe the Symantec Data Insight security configuration
and how to change the default security configuration.

About SSL client/server certificates


Symantec Data Insight secures all data flowing between the Management Server
and the Worker nodes using the Secure Socket Layer/Transport Layer Security
(SSL/TLS) protocol. The SSL/TLS protocol not only encrypts the data that is
transmitted, Symantec Data Insight also uses it for mutual authentication between
servers.
Data Insight implements authentication with the mandatory use of client and
server-side certificates or keys. Connections between the Data Insight servers use
a single, self-signed certificate. The Management Server generates the certificate
at install time and is unique to your deployment. It is present on the Management
Server node in the keys folder under the data folder. The file is called
commd.keystore. When you configure worker nodes, this file must be manually
copied over to the new worker node before installation.

Generating Management Console certificate


The Management Server provides a Web interface (administration console) for
reporting and administration purposes. You access this interface with a Web browser.
The Management Server and browser communicate through an SSL connection.
To ensure confidentiality, all communication between the Management Server and
the browser is encrypted using a symmetric key. To initiate a connection, the
Management Server and browser negotiate the encryption algorithm (algorithm,
key size, and encoding) and encryption key to use.
By default, connections between the Management Server and the browser use a
single, self-signed certificate. The Management Server generates the certificate at
install time and is unique to your deployment. The certificate is present on the
Management Server node in a folder called keys under the data folder. The file is
called webserver.keystore. While this certificate is secure, you get a warning
message in the browser when accessing the Web interface because it is a
self-signed certificate. To avoid getting this warning, Symantec recommends that

Symantec Proprietary and Confidential


Post-installation configuration 49
About post-installation security configuration for Management Server

you generate a unique certificate for your organization’s installation. This new
certificate replaces the default certificate.
To generate a unique Management Console certificate
1 Collect the following information to generate a certificate request:
■ Common name
The fully qualified DNS name of the Management Server. This name must
be the actual name of the server that is accessible by all the clients.
■ Organization name
For example, Symantec, Inc.
■ Organizational unit (optional)
■ City
For example, San Francisco
■ State
For example, CA
■ Country
For example, US
■ Expiration
Expiration time in days (90)

2 Use keytool.exe to create the self-signed certificate (keystore file), which you
need to generate the Certificate Signing Request (CSR). keytool.exe is a
utility for managing keys and certificates. These items are used in
self-authentication or data integrity and authentication services, using digital
signatures. Certificates also enable users to cache the public keys of their
communicating peers.
To create this file, go to the root directory of the Symantec Data Insight
installation and perform the following steps in this order:
■ From a command window, go to the installdir\DataInsight\jre\bin
directory, where installdir is the directory into which you installed the
Management Server.
■ Run the following command with the information collected in 1:

keytool -genkey -alias tomcat -keyalg RSA -validity 730 -keysize 1024
-keypass changeit -keystore webserver.keystore -storepass changeit
-storetype JKS -dname cn=common_name,o=organization_name,
ou=organization_unit,l=city,s=state,c=US

Symantec Proprietary and Confidential


Post-installation configuration 50
About post-installation security configuration for Management Server

The -storepass changeit command sets the password to changeit. Enter


this password if you are prompted for a password after running the command.
This command creates the self-signed certificate (webserver.keystore) in the
installdir\DataInsight\jre\bin directory.

Note: Symantec recommends that you set the password as changeit. If you
want to use a different password, perform the additional steps mentioned in
11 before you start the DataInsightWeb service.

3 Generate the certificate signing request (CSR) file. The CSR file is the request
that you submit to the Signature Authority to obtain a signed certificate.
From the installdir\DataInsight\jre\bin directory and run the following
command:

keytool -certreq -alias tomcat -keyalg RSA -keystore webserver.keystore


-storetype JKS -storepass changeit -file "DataInsight.csr"

If you are prompted for a password, press Enter. This command creates a file
called DataInsight.csr. You submit this file to the Signature Authority.
4 To generate a certificate you send the .CSR file to a Certified Signature
Authority (your own or a third party, such as VeriSign).
To obtain a signed certificate from your internal Signature Authority, contact
your system administrator for instructions.
For the VeriSign Signature Authority, perform one of the following actions:
■ Current Customers
If you are a current VeriSign customer, go to the following page and buy
an additional certificate:
http://www.symantec.com/ssl-certificates/?themeid=verisign-ssl-certificates&inid=vrsn_ss_Index
You need your Common Name, Order Number, or serial number to begin
the transaction, as well as the CSR.
■ New customers
If you are not a current customer and want to purchase the signed certificate
from VeriSign, go to the following page:
http://www.VeriSign.com/products-services/security-services/ssl/buy-ssl-certificates/index.html.
To purchase the signed certificate, you need the following information, in
addition to the CSR:
■ The length of time for the certificate (one year or two years).
■ The number of servers that host a single domain (up to five servers).

Symantec Proprietary and Confidential


Post-installation configuration 51
About post-installation security configuration for Management Server

■ The server platform.


■ The organization, organizational unit, country, state, or locality (all spelled
without abbreviations).
■ Payment information and a billing contact.
■ The common name. This name is the host name and domain name,
such as www.company.com or company.com.
■ An email where VeriSign can reach you to validate the information.
■ Documentation to demonstrate that your organization is legitimate.

To obtain signed certificates from other Signature Authorities, go to their Web


sites and follow the instructions to enroll and obtain a signed certificate. This
process is similar to the VeriSign process. However, check with the organization
to identify any additional environment information that may be needed for the
certificate.
The certified Signature Authority sends you the signed certificate (this process
might take 3-5 days). Internal Signature Authorities must return the root
certificate along with the signed certificate.
5 Place the signed certificate into the directory
(installdir\datainsight\jre\bin) with the webserver.keystore file. To
email the certificate, paste it into a text document exactly as it appears on the
screen. Include the top line and bottom line (-----Begin Certificate----- and
-----End Certificate-----). Make sure that no extra lines, spaces, trailing carriage
returns, or characters have been inadvertently added. Save this file in the same
directory where the webserver.keystore file is located. If the signed certificate
is provided as an attachment to an email, copy this file into the same directory
where the webserver.keystore file is located.
6 Keep a copy of both the webserver.keystore file and the signed certificate
file in a separate, secure location.

Symantec Proprietary and Confidential


Post-installation configuration 52
About post-installation security configuration for Management Server

7 Confirm the signed certificate is correct. Open a command prompt and run the
following command to view the certificate’s fingerprint(s)
keytool -printcert -file signed_certificate_filename

The following is an example output:

Owner: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll

Issuer: CN=ll, OU=ll, O=ll, L=ll, S=ll, C=ll

Serial Number: 59092b34

Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13

PST 1997

Certificate Fingerprints:

MD5: 11:81:AD:92:C8:E5:0E:A2:01:2E:D4:7A:D7:5F:07:6F SHA1:


20:B6:17:FA:EF:E5:55:8A:D0:71:1F:E8:D6:9D:C0:37 37:13:0E:5E:FE

8 Call or email the person who sent the certificate and compare the fingerprint(s)
you see with the fingerprint(s) they sent you. If the fingerprint(s) are not exactly
equivalent, the certificate may have been replaced in transit by an attacker’s
certificate.
If you used an Internal Signing Authority, also view the fingerprint(s) of the root
certificate using the same -printcert command.
keytool -printcert -file

name_of_root_certificate_provided_by_internal_signature_authority
Compare the displayed fingerprint with the well-known fingerprint (obtained
from a newspaper or the root CA’s Web page). Contact the certificate’s issuer
if you have questions.
When you execute the command, the -importcert command prints out the
certificate information and prompts you to verify it.
9 Return to the installdir\DataInsight\jre\bin directory and update the
local webserver.keystore file with the signed certificate as follows:
■ Internal signature authority
Use the following command to update the webserver.keystore file with
the root certificate:

<INSTALL_DIR>\DataInsight\jre\bin\keytool.exe -importcert -file


root_certificate_filename -keystore webserver.keystore

Symantec Proprietary and Confidential


Post-installation configuration 53
About post-installation security configuration for Management Server

-storepass changeit

Use the following command to update the webserver.keystore file with the
signed certificate:

<INSTALL_DIR>\DataInsight\jre\bin\keytool
-importcert -alias tomcat -keystore webserver.keystore -trustcacerts
-file signed_certificate_filename

■ VeriSign or third-party signature authority


Use the following command to update the local webserver .keystore file
with the signed certificate:

<INSTALL_DIR>\DataInsight\jre\bin\keytool
-importcert -alias tomcat -keystore webserver.keystore -trustcacerts
-file signed_certificate_filename

10 Copy the updated webserver.keystore file into the $datadir\keys directory.


By default, $datadir is located at C:\DataInsight\data. Note that this
operation overwrites an existing file of the same name in that location. Rename
the existing file if you want to keep it.
11 If you have used a password other than changeit in 2, perform the following
additional steps:
■ Log into the Management Server with Administrator privileges.
■ Open a command prompt window, and change to the bin directory in the
installation folder for Data Insight. By default, the bin directory is located at
C:\Program Files\Symantec\DataInsight\bin.

■ Execute the following command:


configdb.exe -O -J matrix.webserver.keystore.password -j
<new_password>

12 Restart the Data Insight Web service by performing the following steps in the
specified order:
■ net stop DataInsightWeb

■ net start DataInsightWeb

Symantec Proprietary and Confidential


Post-installation configuration 54
Configuring your corporate firewall

Configuring your corporate firewall


The instructions in this section assume that the Management Server and Worker
nodes are installed inside your corporate LAN behind a firewall. If this is the case,
update your corporate firewall settings as follows:
■ Allow 2-way connections between the Management Server and the worker
nodes and between worker nodes. Configure your firewall to accept connections
on the port you entered for the Communication Service when installing the
Management Server and worker nodes. By default, the Communication Service
communicates over port 8383. You can configure the servers to use any other
port. Traffic on this port is HTTPS.
You should also allow outgoing connection from the Management Server to
https://sort.symantec.com. Data Insight downloads patch information from the
SORT web site to notify you of product updates.
■ Allow Windows Remote Desktop Client connections (TCP port 3389). This
feature can be useful for setup purposes.
■ The web interface of the Management Server runs on port 443 (configurable at
the time of installation). Port 443 is also used for the Portal service on the
Self-Service Portal server. This port must be opened at the Management Server
to allow HTTPS communication between browsers and the Web server and the
portal server.
■ The DataInsightWorkflow Service runs on HTTPS port 8686. This port must be
opened on the Portal server to allow HTTPS communication between Portal
server and the Management Server.

Symantec Proprietary and Confidential


Chapter 6
Installing Windows File
Server agent
This chapter includes the following topics:

■ About Windows File Server agent

■ Installing Windows File Server agent manually

■ Configuring the Windows File Server using ConfigureWindowsFileServer.exe

About Windows File Server agent


Symantec Data Insight requires an agent to be installed on a Windows File Server
machine if you want to monitor access events on the file server. Data Insight can
automatically install the agent on the Windows File Server when adding the file
server using the Console.
For detailed information about automatically installing the agent on the Windows
File Server, see the Symantec Data Insight Administrator's Guide.
Optionally, you can choose to install the agent manually on the file server.

Symantec Proprietary and Confidential


Installing Windows File Server agent 56
Installing Windows File Server agent manually

To configure a Windows File Server manually


1 Install the Windows File Server agent on the file server machine.
See “Installing Windows File Server agent manually” on page 56.
2 Register the agent with the Management Server using the
RegisterWorkerNode.exe utility. During registration, you can specify the
address of the worker node that is intended to be the Collector node of this file
server. Registration takes place through the Collector worker node. Registering
the agent ensures that the file server can communicate with the Collector
worker node.
The procedure to registration of Windows File Server agent is the same as
registering a worker node.
See “Registering the worker node and the Portal node” on page 46.
3 Add the file server to the Management Server using the
ConfigureWindowsFileServer.exe utility.

See “Configuring the Windows File Server using


ConfigureWindowsFileServer.exe” on page 57.
4 If the file server is clustered using MSCS, do the following:.
■ Install the agent on each node of the cluster.
■ Register each node with the Management Server using its physical host
address.
■ Run ConfigureWindowsFileServer.exe from each cluster node after
registering the node.

Installing Windows File Server agent manually


To install the Windows File Server agent manually
1 Locate the agent installer binary from the agent bundle that ships with the
product. The agent bundle is a compressed file that contains the agent installer
along with some installation templates. It is called
Symantec_DataInsight_windows_winnas_5.0_X_arch.zip.

2 Select the proper bundle based on the architecture of your file server and unzip
it in a temporary location to get the installer binary.
3 Log on (or remote logon) as Administrator to the Windows file server, where
you intend to install the agent.
4 Double-click the agent installer to launch it.

Symantec Proprietary and Confidential


Installing Windows File Server agent 57
Configuring the Windows File Server using ConfigureWindowsFileServer.exe

5 The Welcome to the Symantec Data Insight Setup Wizard window appears.
Click Next.
6 In the License Agreement window, select I accept the agreement, and click
Next.
7 In the Select Destination Directory window, browse to the directory in which
you want Data Insight to be installed. By default, the destination directory is
C:\Program Files\Symantec\DataInsight.

8 In the Configure Data Directory window, browse to the location where you
want to store the product data. Select a location with enough free space.
9 In the Configure Networking window, enter the following information:
■ Communication Service Port
See “About Communication Service” on page 16.
■ Configuration Service port
Configuration service is a process that provides interface to configuration
and other product data that is stored on the local system. This service port
does not need to be accessible outside the host machine.

Note: The installer validates whether the appropriate ports are free to accept
connections.

10 To start the installation process, click Next.


11 To register the worker node with the Management Server after you exit setup,
select the Launch Worker Node Registration Wizard after exit checkbox.
See “Registering the worker node and the Portal node” on page 46.
12 To exit setup, click Finish.

Configuring the Windows File Server using


ConfigureWindowsFileServer.exe
Run the ConfigureWindowsFileServer.exe utility to configure the file server from
the file server machine. You must run this utility after you have registered the agent
node with the Management Server to add the file server to the Management Server
configuration. Data Insight starts monitoring this file server after you have completed
this step.

Symantec Proprietary and Confidential


Installing Windows File Server agent 58
Configuring the Windows File Server using ConfigureWindowsFileServer.exe

To configure the Windows File Server from the file server machine
1 Double-click ConfigureWindowsFileServer.exe located in the bin folder of
the installation.
The File Server Configuration Wizard appears.
2 Select This File Server is a part of MSCS cluster check box if this node is a
part of an MSCS cluster. If you select this option, specify name of this cluster
in the Cluster Name text box. You must enter the exact same name in this field
when you run this utility on all nodes of this cluster.
3 Select the Collector worker node for this file server using the Collector Node
drop-down. All communication with this file server happens through the
associated Collector node.
4 Select Automatically discover shares on this filer check box if you want
Data Insight to automatically discover shares on this filer and add them to the
configuration.

Note: If this filer is a Clustered file server, you need to log into the Console
later and specify credentials of an Administrative user on this cluster before
discovery can happen.
You can optionally specify shares that need to be ignored during discovery by
specifying matching patterns in the adjoining text box.

5 Select Scan new shares immediately check box to add newly added shares
to the scan queue immediately without waiting for the normal full scan schedule.
However, scanning will still take place only during the times scanning is
permitted on the node.
6 Click Configure Now button to finish the configuration. The utility will contact
the Management Server through the selected Collector node and add the file
server to the Management Server. If this is a clustered file server and the filer
has already been added through the first node, this step associates this
additional cluster node with the existing filer configuration.
Alternately, you can choose to not run this utility post-registration, and configure
the Windows File Server agent from the Management Console.
To configure the Windows File Server agent from the Management console
1 Register the Windows File Server agent with the Management Server.
2 Log on to the Management Console.

Symantec Proprietary and Confidential


Installing Windows File Server agent 59
Configuring the Windows File Server using ConfigureWindowsFileServer.exe

3 From the Settings > Filers page, select Add New Filer and from the
drop-down, select Windows File Server.
On the Add New Windows File Server page, clear the Let Data Insight install
the agent automatically check box.
4 Select this node from the list view control to associate this node with the file
server.

Symantec Proprietary and Confidential


Chapter 7
Getting started with Data
Insight
This chapter includes the following topics:

■ About the Data Insight Management Console

■ Logging in to the Data Insight Management Console

■ Logging out of the Data Insight Management Console

■ Displaying online help

About the Data Insight Management Console


Users interact with Data Insight primarily through the Data Insight Management
Console. The Data Insight Console is a graphical user interface that provides a
central point to view storage resources that Data Insight monitors, schedule
processes, and view reports, among other features. The Console is automatically
installed with the Management Server. You access the Console through a Web
browser that has a network connection to the Management Server. By default, the
Management Server runs on HTTPS port 443.

Logging in to the Data Insight Management Console


To log on to the console from the Management Server or a worker node
1 Do one of the following:
■ Click the shortcut created on the Desktop during installation.

Symantec Proprietary and Confidential


Getting started with Data Insight 61
Logging out of the Data Insight Management Console

■ Click Start > Programs > Symantec > Symantec Data Insight > Data
Insight Console.

2 On the Login screen, enter the credentials of a user with privileges to log in to
the Management Server.
3 Enter the name of the domain to which the user belongs.
4 Click Submit.
The Management Console appears.
To log on to the console from a machine other than the Management Server or the
worker nodes
1 Open a Web browser and enter https://<ms_host>:<ms_port>. For example,
https://datainsight.company.com:443.
2 On the Login screen, enter the credentials of a user with privileges to log in to
the Management Server.
3 Enter the name of the domain to which the user belongs.
4 Click Submit.
The Management Console appears.

Logging out of the Data Insight Management Console


To log out
1 Click logout at the top right of the screen.
2 Click OK to go back to the login screen.

Displaying online help


To access online help, click the Help button in the upper-right corner of any screen
in the Management Console. Symantec Data Insight displays the help in a separate
window. The online help shows the table of contents in the left pane and
context-sensitive help in the right pane.

Symantec Proprietary and Confidential


Chapter 8
Uninstalling Symantec Data
Insight
This chapter includes the following topics:

■ Uninstalling Symantec Data Insight

Uninstalling Symantec Data Insight


To uninstall Data Insight
1 If you created shortcuts during the installation, select Start > All Programs >
Symantec Data Insight > Symantec Data Insight Uninstaller.
If no shortcuts exist, open the Add or Remove Programs control from the
Windows Control Panel, and select the Symantec Data Insight entry. Then
click Change/Remove.
Optionally, you can uninstall Symantec Data Insight using the uninstall.exe file.
This file is located in the Data Insight installation folder (for example,
C:\Program Files\Symantec\DataInsight). On Linux, execute the script
/opt/DataInsight/uninstall to launch the uninstall program.
2 In the Delete Data window, select the Delete all product data checkbox to
remove all configuration as well as audit log data collected and stored by the
product. Do not select this option, if you are attempting to repair the installation
by uninstalling and reinstalling the software.
3 Click Next to uninstall.
The uninstaller removes all Symantec Data Insight components.
4 Click Finish to complete the uninstall process.

Symantec Proprietary and Confidential


Uninstalling Symantec Data Insight 63
Uninstalling Symantec Data Insight

5 If you uninstall a worker node, log in to the Management Console, click the
Settings tab.
6 Navigate to the Data Insight Servers page, select the worker node, and click
Delete.

Symantec Proprietary and Confidential


Appendix A
Installing Data Insight using
response files
This appendix includes the following topics:

■ About response files

■ Installing Data Insight using response files

■ Sample response files

About response files


The installer or the product installation script generates a response file during any
installation, configuration, upgrade, or uninstall procedure. The response file contains
the configuration information that you entered during the procedure.
You can use the response file for future installation procedures. The response file
passes arguments to the script to automate the installation of that product. You can
edit the file to automate installation and configuration of additional systems.

Installing Data Insight using response files


Typically, you can use the response file that the installer generates after you install
Data Insight on a system to install Data Insight on other systems.
To install using response files
1 Make sure the systems where you want to install Data Insight meet the
installation requirements.
2 Make sure the pre-installation tasks are completed.

Symantec Proprietary and Confidential


Installing Data Insight using response files 65
Sample response files

3 Create and copy the response file to the system where you want to install Data
Insight.
4 Navigate to the directory that contains the installation program.
5 Start the installation as follows:
Symantec_DataInsight_windows_5_0_N_x64.exe –q –console –varfile
<path_to_varfile> –wait [timeout in seconds], where N is the build
number.
6 If installing a worker node, register the worker node using the following
command:
RegisterWorkerNode.exe –q –console –varfile
<path_to_register_varfile> –wait [timeout in seconds]

Note: Before you launch the registration wizard, you must copy
$data/keys/commd.keystore file to the worker node to a temporary location,
for example,.C:\temp\commd.keystore.

Sample response files


The following example shows a response file for the Management Server:
# Installation folder
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight

# Data folder
matrix.datadir=C\:\\DataInsight\\data

# Name for Management Server node


matrix.nodename=host.company.com

matrix.console.name=host.company.com

# Ports for DataInsightWeb, DataInsightComm, DataInsightConfig


matrix.webserver.port$Long=443

matrix.commd.port$Long=8383

matrix.queryd.port$Long=8282

matrix.install.mode=ms

matrix.worker.iswinnas$Boolean=false

Symantec Proprietary and Confidential


Installing Data Insight using response files 66
Sample response files

# Username/Domain for initial administration


matrix.initial.admin.login=Administrator

matrix.initial.admin.domain=WISDOM

matrix.initial.admin.isgroup$Boolean=false

# If the Management Server is part of Active Directory domain, specify if


Management Server domain should be scanned
matrix.scan.ad$Boolean=true

# Specify if anonymous usage collection should be enabled


matrix.enable.omniture$Boolean=true

# Specify whether services should be started after installation


matrix.ms.startServices$Boolean=true

sys.programGroupAllUsers$Boolean=true

createDesktopLinkAction$Boolean=true

createQuicklaunchIconAction$Boolean=true

sys.programGroupDisabled$Boolean=false

matrix.launch.console$Boolean=false

The following example shows a response file for installing a Collector node:
# Installation folder
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight

# Data folder
matrix.datadir=C\:\\DataInsight\\data

#Address for Collector node


matrix.nodename=host.company.com

matrix.worker.name=host.company.com

# Ports for DataInsightComm, DataInsightConfig


matrix.commd.port$Long=8383

matrix.queryd.port$Long=8282

matrix.install.mode=worker

matrix.worker.isindexer$Boolean=true

createQuicklaunchIconAction$Boolean=true

Symantec Proprietary and Confidential


Installing Data Insight using response files 67
Sample response files

sys.programGroupDisabled$Boolean=true

createDesktopLinkAction$Boolean=true

sys.programGroupAllUsers$Boolean=true

matrix.launch.register$Boolean=false

The following example shows a response file for launching the worker node
registration wizard:
# Address of the Management Server
matrix.console.name=<IP address of the Management Server>

#Path to commd.keystore
matrix.ms.keystore=C\:\\DataInsight\\data\\commd.keystore

# Whether services should be started after registration


matrix.worker.startServices$Boolean=true

matrix.launch.console$Boolean=false

The following example shows a response file for installing a server with the Collector
and Indexer roles:
# Installation folder
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight

# Data folder
matrix.datadir=C\:\\DataInsight\\data

#Address for Collector node


matrix.nodename=host.company.com matrix.worker.name=host.company.com

# Ports for DataInsightWeb, DataInsightComm, DataInsightConfig


matrix.commd.port$Long=8383

matrix.queryd.port$Long=8282 matrix.install.mode=worker

matrix.worker.isindexer$Boolean=false

createQuicklaunchIconAction$Boolean=true

sys.programGroupDisabled$Boolean=true

createDesktopLinkAction$Boolean=true
sys.programGroupAllUsers$Boolean=true

matrix.launch.register$Boolean=false

Symantec Proprietary and Confidential


Installing Data Insight using response files 68
Sample response files

The following example shows a response file for launching the worker node
registration wizard:
# Address of the Management Server
matrix.console.name=<IP address of the Management Server>

#Path to commd.keystore
matrix.ms.keystore=C\:\\DataInsight\\data\\commd.keystore

# Whether services should be started after registration


matrix.worker.startServices$Boolean=true

matrix.launch.console$Boolean=false

The following example shows a response file for installing a Windows File Server
node:
# Installation folder
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight

matrix.install.mode=worker

matrix.worker.isindexer$Boolean=false

matrix.worker.iscollector$Boolean=true

matrix.worker.iswinnas$Boolean=true

matrix.datadir=C\:\\DataInsight\\data

matrix.worker.name=

matrix.commd.port$Long=8383

matrix.queryd.port$Long=8282

matrix.enable.drwatson$Boolean=true

matrix.launch.register$Boolean=false

matrix.launch.console$Boolean=false

#sys.programGroup.name=Symantec Data Insight

#sys.service.selected.114$Boolean=true

#sys.languageId=en

#sys.programGroup.linkDir=/usr/local/bin

#sys.service.startupType.1393=auto

#sys.programGroup.enabled$Boolean=true

Symantec Proprietary and Confidential


Installing Data Insight using response files 69
Sample response files

#sys.service.selected.1393$Boolean=true

#sys.service.startupType.114=auto

#sys.programGroup.allUsers$Boolean=true

## Registration properties:
#matrix.register.node.during.install$Boolean=true

#matrix.register.node.varfile=${register.varfile}

#matrix.console.name=${collector.host_port}

#matrix.ms.keystore=${commd.keystore}

#matrix.shortcuts$Boolean=true

#matrix.worker.startServices$Boolean=true

#matrix.launch.configure.winnas.filer$Boolean=true

#matrix.launch.console$Boolean=false

The following example shows a response file for configuring a Windows File Server
node:
filer.winnas.clustered$Boolean=false

filer.collector.index$Integer=0

filer.indexer.index$Integer=0

filer.monitorAllShares$Boolean=true

filer.excludeShares=*$

filer.scanNewSharesImmediately$Boolean=true

matrix.launch.console$Boolean=false

The following example shows a response file for installing the Self-Service Portal
node:
sys.programGroupDisabled$Boolean=false

# Installation folder
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight

sys.languageId=en

matrix.portal.port$Long=443

matrix.worker.iswinnas$Boolean=false

matrix.install.mode=worker

Symantec Proprietary and Confidential


Installing Data Insight using response files 70
Sample response files

matrix.worker.winnas.plat=WLH

matrix.datadir=C\:\\DataInsight\\data

createQuicklaunchIconAction$Boolean=true

matrix.nodename=testnode.tulip.local

sys.programGroupName=Symantec Data Insight 5.0

matrix.launch.console$Boolean=false

matrix.launch.register$Boolean=true

matrix.worker.isportal$Boolean=true

matrix.commd.port$Long=8383

sys.programGroupAllUsers$Boolean=true

matrix.worker.name= testnode.tulip.local

createDesktopLinkAction$Boolean=true

matrix.workflowd.port$Long=8686

matrix.queryd.port$Long=8282

sys.adminRights$Boolean=true

The following example shows a response file for launching the worker node
registration wizard to register the Collector, Indexer, Windows File Server, and the
Potal nodes with the Management Console:
matrix.launch.console$Boolean=false

sys.languageId=en

sys.adminRights$Boolean=true

matrix.console.name=10.209.109.239

sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight

matrix.worker.startServices$Boolean=true

matrix.ms.keystore=C\:\\TempDir\\keys\\commd.keystore

Sample response file to upgrade a Collector node


matrix.upgrade$Boolean=true

# Indicates that upgrade has been requested


matrix.upgrade.data.during.install$Boolean=true

# Indicates that data be upgraded automatically during the upgrade

Symantec Proprietary and Confidential


Installing Data Insight using response files 71
Sample response files

matrix.upgrade.backup$Boolean=false

#Indicates if data directory should first be backed up temporarily before the data
is upgraded.
matrix.backup.dir$String=

#Indicates where data should be backed up. If empty or not defined, %tmp% will
be used
matrix.upgrade.backup.restore$Boolean=true

#Indicates if old data should be restored back in case upgrade fails. You must set
matrix.upgrade.backup to true for this to take effect.
matrix.upgrade.backup.delete$Boolean=true

#Indicates if backup copy can be deleted after upgrade is successful. You must set
matrix.upgrade.backup to true for this to take effect.

Sample response file to upgrade a Windows File Server Agent


matrix.upgrade$Boolean=true

# Indicates that upgrade has been requested.


matrix.upgrade.data.during.install$Boolean=true

#Indicates that data be upgraded automatically during the upgrade.


matrix.upgrade.backup$Boolean=false

#Response file if any to be passed to UpgradeData.exe


whenmatrix.upgrade.data.during.install is set to true. This is optional and
is generally not needed.
# The response file supports following variables:
#Format for UpgradeData.exe varfile
## Indicates if data directory should first be backed up temporarily before the data
is upgraded.
matrix.backup.dir$String=

#Indicates where data should be backedup. If empty or not defined, %tmp% is used.
matrix.upgrade.backup.restore$Boolean=true

#Indicates if the old data should be restored in case upgrade fails. You must set
matrix.upgrade.backup to true for this to take effect.

matrix.upgrade.backup.delete$Boolean=true

Symantec Proprietary and Confidential


Installing Data Insight using response files 72
Sample response files

#Indicates if backup copy can be deleted after the upgrade is successful. You need
to set matrix.upgrade.backup to true for this to take effect.

Symantec Proprietary and Confidential


Index

C P
Collector process portal
about 14 installing 34
Collector worker node post-installation configuration 46
Collector 14 security configuration 48
overview 13 preinstallation steps 19
Scanner 14
Communication Service 16 S
corporate firewall
Scanner process
configuring 54
about 14
Self-Service Portal
I services 15
Indexer worker node single-tier installation
overview 15 overview 18
installation performing 28
overview 27 SSL client/server certificates 48
post-installation configuration 46 supported file servers 23
installation tiers 17 Symantec Data Insight
single-tier installation 18 installation 27
three-tier installation 17 installation tiers 17
two-tier installation 18 operating system requirements 20
overview 10
L ports 25
Supported browsers 24
Linux worker node
system requirements for components 21
installing as root 35
uninstalling 62
system requirements 21
M web server version 26
Management Console
generating certificate 48
logging in 60
T
three-tier installation
logging out 61
overview 17
overview 60
performing 29
Management Server
two-tier installation
installing 29
overview 18
overview 13
performing 28
security configuration 48

O U
uninstalling 62
online help 61

Symantec Proprietary and Confidential


Index 74

W
Windows File Server
configuring
silently 58
using configureWindowsFileServer.exe 57
Windows File Server agent
installation overview 55
installing
manual 56
worker node
installing 32
registering 46

Symantec Proprietary and Confidential

You might also like