Veritas Enterprise Vault™ Compliance Accelerator Installation Guide

Last Published:
Product(s): Enterprise Vault (12.1)
  1. Introducing Compliance Accelerator
    1.  
      Key features of Compliance Accelerator
    2.  
      About the Compliance Accelerator components
    3. Product documentation
      1.  
        White papers on the Veritas Support website
  2. Preparing to install Compliance Accelerator
    1. Configuration options for Compliance Accelerator
      1.  
        Compliance Accelerator configuration for large installations
      2.  
        Compliance Accelerator configuration for smaller installations
    2.  
      Supported versions of Enterprise Vault in Compliance Accelerator environments
    3. Prerequisites for Compliance Accelerator
      1.  
        Prerequisites for the SQL Server computer
      2.  
        Prerequisites for the Compliance Accelerator server computer
      3.  
        Prerequisites for the Enterprise Vault server computer
      4.  
        Prerequisites for Compliance Accelerator client computers
    4.  
      Configuring Outlook to enable the processing of items with many attachments or many recipients
    5.  
      Setting the Windows and ASP.NET Temp folder permissions
    6. Security requirements for temporary folders
      1.  
        Granting additional users and groups access to the temporary folders
    7.  
      Disabling networking facilities that can disrupt a Compliance Accelerator environment
    8.  
      Disabling the Windows Search Service on the Compliance Accelerator server
    9.  
      Ensuring that the Windows Server service is running on the Compliance Accelerator server
    10.  
      Configuring the SQL Server Agent service
    11.  
      Assigning SQL Server roles to the Vault Service account
    12.  
      Verifying that Enterprise Vault expands distribution lists
  3. Installing Compliance Accelerator
    1. Installing the Compliance Accelerator server software
      1.  
        Allowing Enterprise Vault to communicate with Compliance Accelerator through the Windows firewall
      2.  
        Creating the configuration database and customer databases
      3.  
        Uploading the Compliance Accelerator report templates
      4. Configuring Compliance Accelerator for use in a SQL Server AlwaysOn environment
        1.  
          Using SQL Server Reporting Services in an AlwaysOn environment
      5. Installing Compliance Accelerator in a clustered environment
        1.  
          Configuring Compliance Accelerator for use in a Network Load Balancing cluster
      6.  
        Maximizing security in your Compliance Accelerator databases
    2. Installing the Compliance Accelerator client software
      1.  
        Modifying the configuration file for the Compliance Accelerator client
      2.  
        Using the MSI installer package to install the Compliance Accelerator client
    3.  
      Uninstalling Compliance Accelerator
  4. Appendix A. Ports that Compliance Accelerator uses
    1.  
      Default ports for Compliance Accelerator
    2.  
      Changing the ports that Compliance Accelerator uses
  5. Appendix B. Troubleshooting
    1.  
      Error messages appear in the event log when upgrading to Compliance Accelerator 12.1
    2.  
      Enterprise Vault Accelerator Manager service not created
    3.  
      Enterprise Vault Accelerator Manager service does not start
    4.  
      "Access is denied" message is displayed when you try to create a customer database on a UAC-enabled computer
    5.  
      Home page of Compliance Accelerator website not found
    6.  
      Cannot create or upgrade Compliance Accelerator customer databases when Symantec Endpoint Protection is running
    7.  
      Permissions error when uninstalling the Compliance Accelerator client from a UAC-enabled computer
    8.  
      Uninstalling the Compliance Accelerator client from a shared location may prevent other users from starting the client

Creating the configuration database and customer databases

After you have installed the Compliance Accelerator server software, you must set up the required configuration and customer databases with the Accelerator Manager website.

The configuration database specifies the locations of the customer databases, and it stores details of the SQL Server, database files, and log files to use. Each customer database stores details of departments, user roles, search results, and more.

You can set up one configuration database only, but you can set up multiple customer databases. The configuration database can reside on one SQL Server, and the customer databases can reside on a different SQL Server. You may find it useful to set up multiple customer databases if, for example, you want to separate the groups who are to perform searches in Compliance Accelerator. Suppose that your legal department and human resources department both need to perform searches. These two departments may not be able to share roles in a Compliance Accelerator system. Setting up two customers lets both departments use Compliance Accelerator without needing access to the same Compliance Accelerator setup.

Before you proceed, note the following:

  • If you have installed Compliance Accelerator on a server in which User Account Control (UAC) is enabled, you must open the Accelerator Manager website with administrator privileges.

  • If Symantec Endpoint Protection is running on your Compliance Accelerator server, we recommend that you shut it down temporarily.

To create the configuration database

  1. If you have yet to display the Accelerator Manager website, browse to the following location:

    http://server_name/EVBAAdmin

    where server_name is the name of the server on which you installed the Compliance Accelerator server software.

  2. In the Configuration Database Details page, enter your preferred details, and then click OK.

    SQL Server

    Specifies the name or IP address of the SQL Server computer. You can specify the IP address in either IPv4 or IPv6 format. SQL instances are supported.

    Alternatively, in SQL Server environments where the database is part of an AlwaysOn availability group or failover cluster instance (FCI), you can specify the virtual network name or IP address of the availability group listener or FCI. For guidelines on deploying databases in AlwaysOn environments, see the following article on the Microsoft website:

    https://msdn.microsoft.com/library/ff878487.aspx

    You must append the port number if you have chosen to use a non-default port. For example, SQLServer,1234.

    Database name

    Specifies the name of the configuration database. The name cannot contain any of the following characters:

    \ / : * ? " < > | '

    Note:

    Compliance Accelerator and Discovery Accelerator cannot share the same configuration database. So, if you previously created the configuration database for one application, you must create a new database with a different name when setting up the other application.

    Use Existing Database

    Instructs Compliance Accelerator to use the specified existing database instead of creating a new one. If you choose this option, the remaining boxes in the page are unavailable.

    Data File Folder

    Specifies a location for the configuration database file. This location should be a valid, existing path on the SQL Server computer. A minimum of 300 MB is required for the default configuration database.

    You can specify a local path or a UNC path. For example, you might specify the path as E:\SQLData or \\my_computer\SQLData.

    Log File Folder

    Specifies a location for the database log files. This location should be a valid, existing path on the SQL Server computer. A minimum of 300 MB is required for the database log files.

    You can specify a local path or a UNC path. For example, you might specify the path as E:\SQLLogs or \\my_computer\SQLLogs.

    Initial Database Size

    Sets the initial size in megabytes of the configuration database file. In the Growth % box, you can specify as a percentage of the file size the amount of space that is automatically added to the file each time more is needed.

    Initial Log Size

    Sets the initial size in megabytes of the database log files. In the Growth % box, you can specify as a percentage of the file size the amount of space that is automatically added to a file each time more is needed.

    Windows Authentication

    Specifies whether to use a Microsoft Windows user account to connect to the configuration database. If you uncheck this option, you must set the SQL logon name and password to use for the database connection.

    Connection Time Out

    Specifies the amount of time in seconds to wait for connections to the configuration database to complete before terminating the attempt and generating an error.

    Connection Life Time

    Specifies the time in seconds that a connection to the configuration database is considered valid. When the time has elapsed, the connection is disposed of.

    Max Pool Size

    Specifies the maximum number of database connections that can be simultaneously opened to the configuration database.

  3. When Compliance Accelerator prompts you to do so, restart the Enterprise Vault Accelerator Manager service by using the Services snap-in to Microsoft Management Console.

    Note:

    Restarting the service causes Compliance Accelerator to check the security of various temporary folders that the application uses. If this security check fails, an error event with an ID of 585 is recorded in the Veritas Enterprise Vault event log, and the service does not start.

    See Security requirements for temporary folders.

  4. In the Accelerator Manager website, click Upload License to import your license key file into Compliance Accelerator.

To create the customer databases

  1. In the left pane of the Accelerator Manager website, right-click the server node, and then click New Customer.
  2. Complete the details in the Create Customer page, and then click OK.

    Customer Type

    Indicates that this database is a customer database for Compliance Accelerator.

    Name

    Specifies a unique name for the customer. The name cannot contain any of the following characters:

    \ / : * ? " < > | '

    VaultID(s)

    Identifies the journal mailbox archive that the customer uses. You can obtain the ID by looking at the archive's property page in the Vault Administration Console.

    One customer must have a blank VaultID(s) field to designate that it is the default customer. All other customers must have a unique entry in the field, such as the required ID or a statement such as "Do_Not_Use".

    Directory DNS aliases

    Specifies the DNS alias, server name, or IP address of the Enterprise Vault Directory service computer. You can specify IP addresses in either IPv4 or IPv6 format.

    Take care to specify the correct DNS alias information. If the information is wrong, no vault stores will be visible in any area of the Compliance Accelerator client.

    Administrator User or Group

    Optionally nominates an Active Directory user account or group account as an administrator for the Compliance Accelerator customer database. This user or group has full administrative permissions in the customer database and typically assigns application-wide roles to other users. Specify the account details in the form domain\user_or_group_name; for example, "OurDomain\Marie.Lopez".

    The Vault Service account already has full administrative permissions in the customer database, so there is usually no need to nominate another user or group. However, you may want to do this if your company policy restricts the use of service accounts.

    Note:

    If you choose to nominate an administrator user or group then, using the Compliance Accelerator client, you must also create an employee profile for the user or group in the customer database. For instructions on how to do this, see the Administrator's Guide. By creating an employee profile, you allow the user or group to perform administrative tasks in the customer database, such as deleting departments.

    Enable Customer's tasks

    Enables users to perform activities in the Compliance Accelerator client. If you uncheck this option, only automatic tasks like scheduled searches are permissible.

    IIS section

    Virtual Directory

    Specifies the name of the IIS virtual directory that the Compliance Accelerator reporting functionality uses.

    No two customers can share the same virtual directory name. The directory name must not include space characters or any of the following characters:

    * ? \ / % ' "

    Note that you cannot name the virtual directory for any Compliance Accelerator customer as "EVBAAdmin" because this name is reserved for the Accelerator Manager website.

    IIS Server

    Specifies the name or IP address of the IIS server that is to host the Compliance Accelerator site. You can type the IP address in either IPv4 or IPv6 format. However, you cannot type an IPv6 address that includes colons (:) or is enclosed in square brackets ([]).

    The default entry for this field is the server on which you are running the Accelerator Manager website.

    Manage Virtual Directory

    Lets you administer the virtual directory by using the Compliance Accelerator client. By default, the option is checked.

    Database Details section

    SQL Server

    Specifies the name or IP address of the SQL Server computer on which the customer database is to reside. You can specify the IP address in either IPv4 or IPv6 format. SQL instances are supported.

    Alternatively, in SQL Server 2012 environments where the database is part of an AlwaysOn availability group or failover cluster instance (FCI), you can specify the virtual network name or IP address of the availability group listener or FCI.

    For guidelines on deploying databases in AlwaysOn environments, see the following article on the Microsoft website:

    https://msdn.microsoft.com/library/ff878487.aspx

    You must append the port number if you have chosen to use a non-default port. For example, SQLServer,1234.

    Database

    Specifies the name of the customer database. The name cannot contain any of the following characters:

    \ / : * ? " < > | '

    Use Existing Database

    Instructs Compliance Accelerator to use the specified existing database instead of creating a new one. If you check this option, many of the remaining boxes in the page become unavailable. By default, the option is not checked.

    Data File Folder

    Specifies a location for the configuration database file. This location should be a valid, existing path on the SQL Server computer.

    You can specify a local path or a UNC path. For example, you might specify the path as E:\SQLData or \\my_computer\SQLData.

    Log File Folder

    Specifies a location for the database log files. This location should be a valid, existing path on the SQL Server computer.

    You can specify a local path or a UNC path. For example, you might specify the path as E:\SQLLogs or \\my_computer\SQLLogs.

    Initial Database Size

    Sets the initial size in megabytes of the customer database file. In the Growth % box, you can specify as a percentage of the file size the amount of space that is automatically added to the file each time more is needed.

    Initial Log Size

    Sets the initial size in megabytes of the database log files. In the Growth % box, you can specify as a percentage of the file size the amount of space that is automatically added to a file each time more is needed.

    Windows Authentication

    Specifies whether to use a Microsoft Windows user account to connect to the customer database. If you uncheck this option, you must set the SQL logon name and password to use for the database connection.

    Connection Time Out

    Specifies the amount of time in seconds to wait for connections to the customer database to complete before terminating the attempt and generating an error.

    Connection Life Time

    Specifies the time in seconds that a connection to the customer database is considered valid. When the time has elapsed, the connection is disposed of.

    Max Pool Size

    Specifies the maximum number of database connections that can be simultaneously opened to the customer database.

    DSN

    Specifies the full connection string, or Data Source Name (DSN), to use when connecting to the customer database. The process of creating and connecting to the database automatically fills in this field. Do not modify the details unless Veritas Support advises you to do so.

  3. Wait for Compliance Accelerator to create the customer database. This process can take several minutes to complete.
  4. Repeat steps 1 through 3 for each customer database that you want to create.