Sdi Install 5 0
Sdi Install 5 0
Installation Guide
5.0
Legal Notice
Copyright © 2015 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, the Checkmark Logo, Veritas, and the Veritas Logo are
trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and
other countries. Other names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Symantec as on premises
or hosted services. Any use, modification, reproduction release, performance, display or
disclosure of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.
http://www.symantec.com
Customer service
Customer service information is available at the following URL:
support.symantec.com
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Advice about technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs, DVDs, or manuals
Index .................................................................................................................... 73
■ Management Server
See “About the Management Server” on page 13.
■ Collector worker nodes
See “About the Collector worker node” on page 13.
■ Indexer worker nodes
See “About the Indexer worker node” on page 15.
■ Self-Service Portal nodes
See “About the Self-Service Portal node” on page 15.
The way you deploy Symantec Data Insight depends on the size of your organization,
the geographical distribution of your datacenters, and the number of storage devices
that you want Data Insight to monitor.
See “About Symantec Data Insight installation tiers” on page 17.
Figure 1-1 illustrates the Data Insight architecture.
Self-Service Portal
Portal
clients HTTPS
HTTPS
CEE
EMC Collector
Filer HTTPS
FPolicy Management
HTTPS
Server
NetApp Collector HTTPS
Filer HTTPS Indexer
Web service
SharePoint Collector
Farm HTTPS
HTTPS HTTPS
HTTPS Directory
Service
RPC
HTTPS
Hitachi NAS Collector
HTTPS
HTTPS
Indexer
Note: Symantec recommends that the Collector worker nodes share a fast network
with the storage devices.
For information about configuring and using the Self-Service Portal, see the
Self-Service Portal Quick Reference Guide.
monitors the CPU, disk, and memory on each node. If CPU, disk, and memory are
consistently high for a server, the service sends out notifications to configured email
recipients.
The node safeguard feature is enabled by default with specific default values. You
can configure the thresholds for initiating the safeguard mode from the Settings >
Global Settings > Scanning and Event Monitoring page of the Management
Console.
For more information about configuring the threshold values for initiating the
safeguard mode, see the Data Insight Administrator's Guide.
Note: You can start out with a single-tier deployment and gradually add worker
nodes to transition your system to a two-tier or a three-tier setup as the number of
sites and storage repositories increase.
■ Preinstallation steps
■ Supported browsers
■ List of ports
Preinstallation steps
Before you install the Symantec Data Insight servers, verify the following installation
prerequisites:
■ Verify the server system requirements.
See “System requirements for Symantec Data Insight components” on page 21.
■ Gather the required materials.
■ The Data Insight host has a minimum of 10 GB of available disk space.
■ The Management Server node can connect to the domain controller of each
domain that needs to be scanned.
■ The Data Insight server that hosts the Collector worker node can connect to the
filers that it is supposed to monitor.
■ A bi-directional network connection on port 8383 exists between the Management
Server and the worker node(s), and between the worker node(s).
■ The firewall is configured to allow https/http access to the required ports. The
Management Server should also be allowed access to http://sort.symantec.com,
either directly or through a proxy, to get patch notifications.
■ The keystore file (commd.keystore) that enables secure communication between
the worker node and the Management Server is copied to the worker node from
the Management Server.
See “Registering the worker node and the Portal node” on page 46.
■ You have obtained the credentials required during software installation. These
credentials are required to log into the Data Insight Console after the installation.
Note: Additional credentials are required when you configure storage repositories
and directory services, and for scanning of shares or site collections. For a list
of these credentials, see the Symantec Data Insight Administrator's Guide.
■ Prepare for SMTP Alerting. When installing the Management Server, ensure
that you have the details of your SMTP server and authentication details, if any,
available.
■ Prepare for Exclude Rules. Gather a list of paths to be excluded while scanning.
For access events, gather a list of IP addresses, user accounts, or file extensions
whose access events should be ignored. For more details, see the Symantec
Data Insight Administrator's Guide.
Version 7
Note: 32-bit on Windows 2008 is supported only for backward compatibility with
Windows File Server nodes installed with Data Insight versions 4.0 and 4.5.
Management Server ■ Windows Server 2008 or 2008 R2, 2012 or 2012 R2.
The operating system must be 64 bit.
■ 8 GB RAM
■ 4 CPUs
Indexer worker node ■ Windows Server 2008, or 2008 R2, 2012 or 2012 R2.
The operating system must be 64 bit.
Red Hat Enterprise Linux version 5.0 update 5 or higher,
version 6.0 update 3 or higher, or version 7.0; 64 bit only.
■ 8 GB RAM
■ 4 CPUs
Self-Service Portal node ■ Windows Server 2008, Windows Server 2008 R2,
Windows Server 2012, Windows Server 2012 R2.
The operating system must be 64 bit.
■ 8 GB RAM
■ 4 CPUs
Windows File Server agent ■ Windows Server 2008. The operating system; 64 bit
node Windows Server 2012 or Windows Server 2012R2. The
operating system must be 64 bit.
■ 4 GB RAM
■ 2 CPUs
Note: The type and scope of deployment should be determined with the help of
Symantec.
Device Version
Windows File Server Windows Server 2008, or 2008 R2, 32 bit and 64 bit
Veritas File System (VxFS) 6.0.1 or higher, configured in standalone or clustered mode
server using Symantec Cluster Server (VCS)
Note: For VCS support, Clustered File System (CFS) is
not supported.
■ Symantec strongly recommends that you upgrade your NetApp filer to the latest
available firmware. Symantec recommends ONTAP 7.3.5 or higher.
■ For all supported versions of 7-mode NetApp filers, Data Insight supports CIFS
protocol over NTFS and NFS protocol v3. NFS v4 is not supported.
For supported versions of Cluster-Mode NetApp filers, Data Insight supports
only CIFS protocol over NTFS. NFS protocol is not supported.
Data Insight supports the following volume/qtree styles:
■ NTFS and Mixed for CIFS protocol.
■ UNIX and Mixed for NFS protocol on 7-mode Netapp filers only.
■ For all supported versions of EMC Celerra/VNX and EMC Isilon, Data Insight
supports only CIFS protocol over NTFS. NFS protocol is not supported. Data
Insight supports the latest Common Event Enabler (CEE), version 6.3.1. Data
Insight still supports the older version of CEE and VEE, but Symantec
recommends that you move to the latest EMC Common Event Enabler, which
you can download from the EMC website
■ To use the Self-Service Portal to remediate DLP incidents, ensure that Symantec
Data Loss Prevention (DLP) version 12.5 or higher is installed. Data Insight
uses the DLP Smart Response Rules to remediate incidents, which are
introduced in DLP version 12.5.
Supported browsers
Table 2-4 provides an overview of the browser support for Symantec Data Insight
Browser Versions
Note: Symantec recommends that you install the latest available version of a
browser.
List of ports
This section lists the default ports used by various Data Insight services, and devices
that Data Insight communicates with.
See “Configuring your corporate firewall” on page 54.
Collector worker node\ Indexer plus Collector Communication service, HTTPS port 8383
worker node
Standard RPC ports 139 and 445
Windows File Server agent node Communication Service, HTTPS port 8383
NIS+ Server in NIS compatibility mode Ports 111 (TCP,UDP), 714 (TCP), 711 (UDP)
Note: The default ports for Data Insight components are configurable at the time of
installation.
Both the files provide information that enable you to troubleshoot errors that may
occur during the installation process.
Note: Choose the two-tier installation mode when your filers are distributed across
geographically remote locations that are far away from the Management Server.
Install at least one Collector for each remote location. For example, the main data
center of your organization is in New York, with additional filers in Singapore and
Australia. In this case, the Management Server must be located in New York and
there must be at least one Collector each in Singapore and Australia.
where,
■ N is the build number.
If UAC is enabled, right-click on the installer and choose the Run as
administrator option for elevated administrative rights during the installation.
3 On the Welcome to the Symantec Data Insight Setup Wizard window, click
Next.
Symantec recommends that you let the installation process complete once you
start it. You can uninstall the software after the installation is complete.
4 In the License Agreement window, select I accept the agreement, and click
Next.
5 In the Select Destination Directory window, browse to the directory in which
you want Data Insight to be installed. By default, the destination directory is
C:\Program Files\Symantec\DataInsight.
Management Server The Fully Qualified host name (FQHN) of the current host.
Address
The remote worker nodes use this address to
communicate with the Management Server
Web Server port The secure (HTTPS) Web server port on which you can
access the Web interface of the Management Server.
The installer validates whether the appropriate ports are free to accept
connections.
9 Select the Add Domain <Name of domain> to the list of domains scanned
by Data Insight checkbox, if you want the Management Server to automatically
start scanning the Active Directory domain which the Management Server is
a part of. If the Management Server is not part of any Active Directory domain,
this option is disabled.
For information on customizing the Active Directory domains to be scanned,
see the Symantec Data Insight Administrator's Guide.
Click Next.
10 In the Configure Networking window, enter the following information, and
click Next:
Note: The product administrator must be a local user or must belong to the
same domain as the Management Server.
12 Review the options that you have selected in the installation wizard in
Installation Summary window.
13 To start the installation process, click Begin Install.
14 The Installing window appears and displays a progress bar.
15 The Completing the Symantec Data Insight setup wizard window provides you
an option to start Data Insight Services.
Before you start services, Symantec recommends that you check for available
patches at https://sort.symantec.com. If there is a patch available, install the
patch first and then start the services.
The next screen provides you an option to launch the Management Server on
exit. Select this option to launch the Console and complete setting up the
Management Server.
16 To exit setup, click Finish.
Note: Once you install the Management Server, log on to the Management Server
to configure the SMTP settings and other product users, as necessary.
Note: You cannot install the worker node on the same machine as the
Management Server.
Note: The installer validates whether the appropriate ports are free to accept
connections.
11 Review the options that you have selected in the installation wizard in
Installation Summary window.
12 To start the installation process, click Begin Install.
13 To register the worker node with the Management Server after you exit setup,
select the Launch Worker Node Registration Wizard after exit checkbox.
See “Registering the worker node and the Portal node” on page 46.
14 To exit setup, click Finish.
Note: You cannot install the portal node on the same computer as the
Management Server.
11 In the Configure Self-Service Portal window, enter the port numbers for the
Self-Service Portal service and the Workflow service. By default the port
numbers are 443 for the Portal service and 8686 for the Workflow service.
Note: The installer validates whether the appropriate ports are free to accept
connections.
12 Review the options that you have selected in the installation wizard in
Installation Summary window.
13 To start the installation process, click Begin Install.
14 To register the worker node with the Management Server after you exit setup,
select the Launch Worker Node Registration Wizard after exit check box.
See “Registering the worker node and the Portal node” on page 46.
15 To exit setup, click Finish.
Emails for remediation tasks are sent to data owners from the Portal Server. Ensure
that you can connect to the configured SMTP server from the Portal server. Similarly,
for incident remediation, the Portal node communicates with the DLP server. Ensure
that the portal node can connect to the DLP server.
When installing as non-root, ensure that the user has write privileges to the
install location.
6 Click Next.
7 In the Configure Data Directory window, browse to the location where you want
to store the product data.
Select a location with enough free space and high-performance disks.
8 In the Worker Node address window, enter the Fully Qualified Host Name
(FQHN) or IP address of the host. Ensure that the Management Server and
the other worker nodes are able to resolve this hostname.
9 In the Configure Networking window, enter the following information:
Note: The installer validates whether the appropriate ports are free to accept
connections.
10 To register the worker node with the Management Server after you exit setup,
select the Launch Worker Node Registration Wizard after exit checkbox.
See “Registering the worker node and the Portal node” on page 46.
11 To exit setup, click Finish.
12 Optionally, to use an alternate location for the log files, edit the following files
that are located in the /opt/DataInsight/conf directory, to replace
/opt/DataInsight/log with the new log location:
cli_logging.properties
dscli_logging.properties
commd_logging.properties
watchdog_logging.properties
webserver_logging.properties
Add the export entry to .bash_profile file of the user to reflect the change
when you restart the system.
Execute the following command to update the profile path:
source .bash_profile
Note: If you are installing Data Insight as non-root and have , but have, at an
earlier time, installed and run the services as root, you must first delete the
following files:
rm /tmp/i4jdaemon__DIdata_DataInsight_bin_DataInsightComm
rm /tmp/i4jdaemon__DIdata_DataInsight_bin_DataInsightWatchdog
rm /var/run/queryd.pid
13 When installing as a non-root user, after you have registered this node with
the Management Server, add following entries to /etc/rc.local to
automatically start the services after you restart the system:
/opt/DataInsight/bin/DataInsightConfig start
/opt/DataInsight/bin/DataInsightComm start
/opt/DataInsight/bin/DataInsightWatchdog start
logout
/opt/DataInsight/bin/DataInsightWatchdog stop
/opt/DataInsight/bin/DataInsightComm stop
/opt/DataInsight/bin/DataInsightConfig stop
You can upgrade the Windows File Server agent only after upgrading the
Collector nodes.
■ If you have archived older index segments, ensure that you restore the archived
segments before upgrading the server.
■ If you are upgrading the server using a Remote Desktop Connection (RDC),
ensure that you do not set automatic log-off for the session.
■ The upgrade from 3.0.1 is likely to take a longer time since new cache files are
generated on each index folder for a share for the first time
See “Names and locations of cache files” on page 44.
■ The size of the data directory on the Indexer nodes increases by about 5% after
the upgrade from 3.0.1. The increase in size depends on the time period
configured for capturing activity data. The increase in the size of the data
directory may also vary depending on the number of audit events that are
captured on configured shares.
Ensure that you complete the following tasks after the upgrade:
■ Configure the primary attributes that are used to classify users for the purpose
of generating advanced analytics data.
■ Configure the time period for computing advanced analytics.
■ Refresh the Data Insight Dashboard data.
■ Verify that the .Net Framework version 4.5 is installed on the following:
■ Collector nodes monitoring the Windows SharePoint servers and the EMC
Isilon filers.
■ The Management Server serving an Enterprise Vault server.
For information about configuring settings for advanced analytics, see the Symantec
Data Insight Administrator's Guide.
To upgrade Data Insight to 5.0:
1 Log in as Administrator to the server that you want to upgrade.
2 When the setup prompts you to upgrade from current version to 5.0, click Yes.
3 In the Welcome to the Symantec Data Insight Setup Wizard window, click
Next.
4 In the License Agreement window, select I accept the agreement, and click
Next.
5 You must upgrade the product data before you start Data Insight services. In
the Completing the Symantec Data Insight 5.0 Upgrade Wizard window,
select the Launch the Upgrade Data Wizard check box.
6 Click Finish to exit the setup.
To upgrade a Linux Indexer
1 In case of a Linux indexer, log in as the appropriate user (root or non-root)
configured to run the product.
Note that if you had earlier installed the Linux Indexer as root and later switched
to using a non-root user, you must perform the following steps before you start
the Linux installer for upgrade. If you do not perform these steps, the installer
you launch with non-root credentials cannot detect the previous version of Data
Insight on the server.
■ Log in to the machine as root user.
■ Copy the following file to a temporary location:
~/.java/.userPrefs/com/install4j/installations/prefs.xml.
3 When the setup prompts you to upgrade from current version to 5.0, click Yes.
Note: On Linux, if the installer does not prompt you for upgrade because it
does not detect the earlier version of Data Insight on the machine, ensure that
you first follow the instructions in 1.
See “Upgrading the product data using the Upgrade Data Wizard” on page 43.
Note: You can also upgrade the Windows File Server agent and Collector nodes
using the Management Console. For more details, see the Symantec Data Insight
Administration Guide.
6 Specify the number of index upgrade failures after which the installer must exit
the data upgrade process.
7 You can upgrade up to 10 indexes in parallel. Select a number from the Number
of indexes to upgrade in parallel drop-down.
Just before an index is upgraded, a copy of that index is saved in the same
folder where the index resides. This requires additional disk space during the
upgrade. Total additional disk space depends on the number of indexes being
upgraded in parallel. If you are short on disk space on data volume, you can
select the option to Skip index back up before upgrade. Selecting this option
can also make the upgrade process faster. You should select this option only
if you have a backup of your data directory so that indexes that fail to upgrade
can be restored at a later time.
8 Click Upgrade Now to start the data upgrade process.
9 The Data Upgrade window appears and displays a progress bar while upgrading
the product data. The time taken in the upgrade process depends upon the
size of the data.
10 On successful completion of the data upgrade, click OK.
11 On the Start Data Insight Services window, select Start Data Insight Services
now. Click Next.
12 Click Finish to exit the wizard.
■ dir-activity.idx.<timestamp>
■ file-activity.idx.<timestamp>
The persistent cache files contain pre-calculated summary information about users
and their activity on the files and folders during the time period configured for
advanced analytics. The indexer process uses the information in these files to
expedite the process of servicing queries related to activity, reports, and Social
Network Graph.
Each index folder for a share may also contain the following temporary files:
Table 4-1
Name Description
If the process that creates these temporary files stops unexpectedly, Data Insight
deletes these files during the next run of the IndexWriterJob or the ActivityIndexJob
processes on the shares.
■ Post-installation configuration
Post-installation configuration
You must complete the following configuration after you finish installing Symantec
Data Insight:
■ Register the worker node with the Management Server.
See “Registering the worker node and the Portal node” on page 46.
■ Configure post-installation security settings.
See “About post-installation security configuration for Management Server”
on page 48.
■ Configure your corporate firewall.
See “Configuring your corporate firewall” on page 54.
You do not need to perform these steps if you have upgraded a worker node.
To register the worker and portal nodes with the Management Server
1 Do one of the following:
■ To launch the Worker Node Registration Wizard immediately after
completing the Worker Node installation wizard, select the Launch Worker
Node Registration Wizard after exit checkbox.
■ To register the worker node at a later time, execute
RegisterWorkerNode.exe located in the Data Insight installation bin
directory.
2 In the Register Worker Node with Management Server window, enter the
following information:
■ Fully Qualified Host Name (FQHN) of the Management Server host
■ Location of the Communication Service keystore file
The keystore file, commd.keystore, enables secure communication between
worker nodes and the Management Server. It is present in the keys
subfolder of the Management Server's data directory. You must manually
copy the keystore file from the Management Server machine to a temporary
location on the worker node. By default the data directory is located on the
Management Server at C:\DataInsight\data. It might be different for your
setup. You can locate the data directory by reading the file C:\Program
Files\Symantec\DataInsight\datadir.conf on the Management Server
or by running the configdb -d command.
you generate a unique certificate for your organization’s installation. This new
certificate replaces the default certificate.
To generate a unique Management Console certificate
1 Collect the following information to generate a certificate request:
■ Common name
The fully qualified DNS name of the Management Server. This name must
be the actual name of the server that is accessible by all the clients.
■ Organization name
For example, Symantec, Inc.
■ Organizational unit (optional)
■ City
For example, San Francisco
■ State
For example, CA
■ Country
For example, US
■ Expiration
Expiration time in days (90)
2 Use keytool.exe to create the self-signed certificate (keystore file), which you
need to generate the Certificate Signing Request (CSR). keytool.exe is a
utility for managing keys and certificates. These items are used in
self-authentication or data integrity and authentication services, using digital
signatures. Certificates also enable users to cache the public keys of their
communicating peers.
To create this file, go to the root directory of the Symantec Data Insight
installation and perform the following steps in this order:
■ From a command window, go to the installdir\DataInsight\jre\bin
directory, where installdir is the directory into which you installed the
Management Server.
■ Run the following command with the information collected in 1:
keytool -genkey -alias tomcat -keyalg RSA -validity 730 -keysize 1024
-keypass changeit -keystore webserver.keystore -storepass changeit
-storetype JKS -dname cn=common_name,o=organization_name,
ou=organization_unit,l=city,s=state,c=US
Note: Symantec recommends that you set the password as changeit. If you
want to use a different password, perform the additional steps mentioned in
11 before you start the DataInsightWeb service.
3 Generate the certificate signing request (CSR) file. The CSR file is the request
that you submit to the Signature Authority to obtain a signed certificate.
From the installdir\DataInsight\jre\bin directory and run the following
command:
If you are prompted for a password, press Enter. This command creates a file
called DataInsight.csr. You submit this file to the Signature Authority.
4 To generate a certificate you send the .CSR file to a Certified Signature
Authority (your own or a third party, such as VeriSign).
To obtain a signed certificate from your internal Signature Authority, contact
your system administrator for instructions.
For the VeriSign Signature Authority, perform one of the following actions:
■ Current Customers
If you are a current VeriSign customer, go to the following page and buy
an additional certificate:
http://www.symantec.com/ssl-certificates/?themeid=verisign-ssl-certificates&inid=vrsn_ss_Index
You need your Common Name, Order Number, or serial number to begin
the transaction, as well as the CSR.
■ New customers
If you are not a current customer and want to purchase the signed certificate
from VeriSign, go to the following page:
http://www.VeriSign.com/products-services/security-services/ssl/buy-ssl-certificates/index.html.
To purchase the signed certificate, you need the following information, in
addition to the CSR:
■ The length of time for the certificate (one year or two years).
■ The number of servers that host a single domain (up to five servers).
7 Confirm the signed certificate is correct. Open a command prompt and run the
following command to view the certificate’s fingerprint(s)
keytool -printcert -file signed_certificate_filename
Valid from: Thu Sep 25 18:01:13 PDT 1997 until: Wed Dec 24 17:01:13
PST 1997
Certificate Fingerprints:
8 Call or email the person who sent the certificate and compare the fingerprint(s)
you see with the fingerprint(s) they sent you. If the fingerprint(s) are not exactly
equivalent, the certificate may have been replaced in transit by an attacker’s
certificate.
If you used an Internal Signing Authority, also view the fingerprint(s) of the root
certificate using the same -printcert command.
keytool -printcert -file
name_of_root_certificate_provided_by_internal_signature_authority
Compare the displayed fingerprint with the well-known fingerprint (obtained
from a newspaper or the root CA’s Web page). Contact the certificate’s issuer
if you have questions.
When you execute the command, the -importcert command prints out the
certificate information and prompts you to verify it.
9 Return to the installdir\DataInsight\jre\bin directory and update the
local webserver.keystore file with the signed certificate as follows:
■ Internal signature authority
Use the following command to update the webserver.keystore file with
the root certificate:
-storepass changeit
Use the following command to update the webserver.keystore file with the
signed certificate:
<INSTALL_DIR>\DataInsight\jre\bin\keytool
-importcert -alias tomcat -keystore webserver.keystore -trustcacerts
-file signed_certificate_filename
<INSTALL_DIR>\DataInsight\jre\bin\keytool
-importcert -alias tomcat -keystore webserver.keystore -trustcacerts
-file signed_certificate_filename
12 Restart the Data Insight Web service by performing the following steps in the
specified order:
■ net stop DataInsightWeb
2 Select the proper bundle based on the architecture of your file server and unzip
it in a temporary location to get the installer binary.
3 Log on (or remote logon) as Administrator to the Windows file server, where
you intend to install the agent.
4 Double-click the agent installer to launch it.
5 The Welcome to the Symantec Data Insight Setup Wizard window appears.
Click Next.
6 In the License Agreement window, select I accept the agreement, and click
Next.
7 In the Select Destination Directory window, browse to the directory in which
you want Data Insight to be installed. By default, the destination directory is
C:\Program Files\Symantec\DataInsight.
8 In the Configure Data Directory window, browse to the location where you
want to store the product data. Select a location with enough free space.
9 In the Configure Networking window, enter the following information:
■ Communication Service Port
See “About Communication Service” on page 16.
■ Configuration Service port
Configuration service is a process that provides interface to configuration
and other product data that is stored on the local system. This service port
does not need to be accessible outside the host machine.
Note: The installer validates whether the appropriate ports are free to accept
connections.
To configure the Windows File Server from the file server machine
1 Double-click ConfigureWindowsFileServer.exe located in the bin folder of
the installation.
The File Server Configuration Wizard appears.
2 Select This File Server is a part of MSCS cluster check box if this node is a
part of an MSCS cluster. If you select this option, specify name of this cluster
in the Cluster Name text box. You must enter the exact same name in this field
when you run this utility on all nodes of this cluster.
3 Select the Collector worker node for this file server using the Collector Node
drop-down. All communication with this file server happens through the
associated Collector node.
4 Select Automatically discover shares on this filer check box if you want
Data Insight to automatically discover shares on this filer and add them to the
configuration.
Note: If this filer is a Clustered file server, you need to log into the Console
later and specify credentials of an Administrative user on this cluster before
discovery can happen.
You can optionally specify shares that need to be ignored during discovery by
specifying matching patterns in the adjoining text box.
5 Select Scan new shares immediately check box to add newly added shares
to the scan queue immediately without waiting for the normal full scan schedule.
However, scanning will still take place only during the times scanning is
permitted on the node.
6 Click Configure Now button to finish the configuration. The utility will contact
the Management Server through the selected Collector node and add the file
server to the Management Server. If this is a clustered file server and the filer
has already been added through the first node, this step associates this
additional cluster node with the existing filer configuration.
Alternately, you can choose to not run this utility post-registration, and configure
the Windows File Server agent from the Management Console.
To configure the Windows File Server agent from the Management console
1 Register the Windows File Server agent with the Management Server.
2 Log on to the Management Console.
3 From the Settings > Filers page, select Add New Filer and from the
drop-down, select Windows File Server.
On the Add New Windows File Server page, clear the Let Data Insight install
the agent automatically check box.
4 Select this node from the list view control to associate this node with the file
server.
■ Click Start > Programs > Symantec > Symantec Data Insight > Data
Insight Console.
2 On the Login screen, enter the credentials of a user with privileges to log in to
the Management Server.
3 Enter the name of the domain to which the user belongs.
4 Click Submit.
The Management Console appears.
To log on to the console from a machine other than the Management Server or the
worker nodes
1 Open a Web browser and enter https://<ms_host>:<ms_port>. For example,
https://datainsight.company.com:443.
2 On the Login screen, enter the credentials of a user with privileges to log in to
the Management Server.
3 Enter the name of the domain to which the user belongs.
4 Click Submit.
The Management Console appears.
5 If you uninstall a worker node, log in to the Management Console, click the
Settings tab.
6 Navigate to the Data Insight Servers page, select the worker node, and click
Delete.
3 Create and copy the response file to the system where you want to install Data
Insight.
4 Navigate to the directory that contains the installation program.
5 Start the installation as follows:
Symantec_DataInsight_windows_5_0_N_x64.exe –q –console –varfile
<path_to_varfile> –wait [timeout in seconds], where N is the build
number.
6 If installing a worker node, register the worker node using the following
command:
RegisterWorkerNode.exe –q –console –varfile
<path_to_register_varfile> –wait [timeout in seconds]
Note: Before you launch the registration wizard, you must copy
$data/keys/commd.keystore file to the worker node to a temporary location,
for example,.C:\temp\commd.keystore.
# Data folder
matrix.datadir=C\:\\DataInsight\\data
matrix.console.name=host.company.com
matrix.commd.port$Long=8383
matrix.queryd.port$Long=8282
matrix.install.mode=ms
matrix.worker.iswinnas$Boolean=false
matrix.initial.admin.domain=WISDOM
matrix.initial.admin.isgroup$Boolean=false
sys.programGroupAllUsers$Boolean=true
createDesktopLinkAction$Boolean=true
createQuicklaunchIconAction$Boolean=true
sys.programGroupDisabled$Boolean=false
matrix.launch.console$Boolean=false
The following example shows a response file for installing a Collector node:
# Installation folder
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight
# Data folder
matrix.datadir=C\:\\DataInsight\\data
matrix.worker.name=host.company.com
matrix.queryd.port$Long=8282
matrix.install.mode=worker
matrix.worker.isindexer$Boolean=true
createQuicklaunchIconAction$Boolean=true
sys.programGroupDisabled$Boolean=true
createDesktopLinkAction$Boolean=true
sys.programGroupAllUsers$Boolean=true
matrix.launch.register$Boolean=false
The following example shows a response file for launching the worker node
registration wizard:
# Address of the Management Server
matrix.console.name=<IP address of the Management Server>
#Path to commd.keystore
matrix.ms.keystore=C\:\\DataInsight\\data\\commd.keystore
matrix.launch.console$Boolean=false
The following example shows a response file for installing a server with the Collector
and Indexer roles:
# Installation folder
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight
# Data folder
matrix.datadir=C\:\\DataInsight\\data
matrix.queryd.port$Long=8282 matrix.install.mode=worker
matrix.worker.isindexer$Boolean=false
createQuicklaunchIconAction$Boolean=true
sys.programGroupDisabled$Boolean=true
createDesktopLinkAction$Boolean=true
sys.programGroupAllUsers$Boolean=true
matrix.launch.register$Boolean=false
The following example shows a response file for launching the worker node
registration wizard:
# Address of the Management Server
matrix.console.name=<IP address of the Management Server>
#Path to commd.keystore
matrix.ms.keystore=C\:\\DataInsight\\data\\commd.keystore
matrix.launch.console$Boolean=false
The following example shows a response file for installing a Windows File Server
node:
# Installation folder
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight
matrix.install.mode=worker
matrix.worker.isindexer$Boolean=false
matrix.worker.iscollector$Boolean=true
matrix.worker.iswinnas$Boolean=true
matrix.datadir=C\:\\DataInsight\\data
matrix.worker.name=
matrix.commd.port$Long=8383
matrix.queryd.port$Long=8282
matrix.enable.drwatson$Boolean=true
matrix.launch.register$Boolean=false
matrix.launch.console$Boolean=false
#sys.service.selected.114$Boolean=true
#sys.languageId=en
#sys.programGroup.linkDir=/usr/local/bin
#sys.service.startupType.1393=auto
#sys.programGroup.enabled$Boolean=true
#sys.service.selected.1393$Boolean=true
#sys.service.startupType.114=auto
#sys.programGroup.allUsers$Boolean=true
## Registration properties:
#matrix.register.node.during.install$Boolean=true
#matrix.register.node.varfile=${register.varfile}
#matrix.console.name=${collector.host_port}
#matrix.ms.keystore=${commd.keystore}
#matrix.shortcuts$Boolean=true
#matrix.worker.startServices$Boolean=true
#matrix.launch.configure.winnas.filer$Boolean=true
#matrix.launch.console$Boolean=false
The following example shows a response file for configuring a Windows File Server
node:
filer.winnas.clustered$Boolean=false
filer.collector.index$Integer=0
filer.indexer.index$Integer=0
filer.monitorAllShares$Boolean=true
filer.excludeShares=*$
filer.scanNewSharesImmediately$Boolean=true
matrix.launch.console$Boolean=false
The following example shows a response file for installing the Self-Service Portal
node:
sys.programGroupDisabled$Boolean=false
# Installation folder
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight
sys.languageId=en
matrix.portal.port$Long=443
matrix.worker.iswinnas$Boolean=false
matrix.install.mode=worker
matrix.worker.winnas.plat=WLH
matrix.datadir=C\:\\DataInsight\\data
createQuicklaunchIconAction$Boolean=true
matrix.nodename=testnode.tulip.local
matrix.launch.console$Boolean=false
matrix.launch.register$Boolean=true
matrix.worker.isportal$Boolean=true
matrix.commd.port$Long=8383
sys.programGroupAllUsers$Boolean=true
matrix.worker.name= testnode.tulip.local
createDesktopLinkAction$Boolean=true
matrix.workflowd.port$Long=8686
matrix.queryd.port$Long=8282
sys.adminRights$Boolean=true
The following example shows a response file for launching the worker node
registration wizard to register the Collector, Indexer, Windows File Server, and the
Potal nodes with the Management Console:
matrix.launch.console$Boolean=false
sys.languageId=en
sys.adminRights$Boolean=true
matrix.console.name=10.209.109.239
sys.installationDir=C\:\\Program Files\\Symantec\\DataInsight
matrix.worker.startServices$Boolean=true
matrix.ms.keystore=C\:\\TempDir\\keys\\commd.keystore
matrix.upgrade.backup$Boolean=false
#Indicates if data directory should first be backed up temporarily before the data
is upgraded.
matrix.backup.dir$String=
#Indicates where data should be backed up. If empty or not defined, %tmp% will
be used
matrix.upgrade.backup.restore$Boolean=true
#Indicates if old data should be restored back in case upgrade fails. You must set
matrix.upgrade.backup to true for this to take effect.
matrix.upgrade.backup.delete$Boolean=true
#Indicates if backup copy can be deleted after upgrade is successful. You must set
matrix.upgrade.backup to true for this to take effect.
#Indicates where data should be backedup. If empty or not defined, %tmp% is used.
matrix.upgrade.backup.restore$Boolean=true
#Indicates if the old data should be restored in case upgrade fails. You must set
matrix.upgrade.backup to true for this to take effect.
matrix.upgrade.backup.delete$Boolean=true
#Indicates if backup copy can be deleted after the upgrade is successful. You need
to set matrix.upgrade.backup to true for this to take effect.
C P
Collector process portal
about 14 installing 34
Collector worker node post-installation configuration 46
Collector 14 security configuration 48
overview 13 preinstallation steps 19
Scanner 14
Communication Service 16 S
corporate firewall
Scanner process
configuring 54
about 14
Self-Service Portal
I services 15
Indexer worker node single-tier installation
overview 15 overview 18
installation performing 28
overview 27 SSL client/server certificates 48
post-installation configuration 46 supported file servers 23
installation tiers 17 Symantec Data Insight
single-tier installation 18 installation 27
three-tier installation 17 installation tiers 17
two-tier installation 18 operating system requirements 20
overview 10
L ports 25
Supported browsers 24
Linux worker node
system requirements for components 21
installing as root 35
uninstalling 62
system requirements 21
M web server version 26
Management Console
generating certificate 48
logging in 60
T
three-tier installation
logging out 61
overview 17
overview 60
performing 29
Management Server
two-tier installation
installing 29
overview 18
overview 13
performing 28
security configuration 48
O U
uninstalling 62
online help 61
W
Windows File Server
configuring
silently 58
using configureWindowsFileServer.exe 57
Windows File Server agent
installation overview 55
installing
manual 56
worker node
installing 32
registering 46