Veritas Data Insight Installation Guide

Last Published:
Product(s): Data Insight (7.1)
Platform: Windows
  1. Understanding the Veritas Data Insight architecture
    1.  
      About Veritas Data Insight
    2.  
      About the Management Server
    3. About the Collector worker node
      1.  
        About the Collector
      2.  
        About the Scanner
    4.  
      About the Indexer worker node
    5.  
      About the Classification worker node
    6.  
      About the Self-Service Portal node
    7.  
      About Communication Service
    8.  
      About the DataInsightWatchdog service
    9.  
      About the DataInsightWorkflow service
    10. About Veritas Data Insight installation tiers
      1.  
        About three-tier installation
      2.  
        About two-tier installation
      3.  
        About single-tier installation
  2. Preinstallation
    1.  
      Pre-installation steps
    2.  
      Minimum system requirements
    3.  
      System requirements for classification components
  3. Installing Veritas Data Insight
    1.  
      About installing Veritas Data Insight
    2.  
      Federal Information Processing Standards (FIPS)
    3.  
      Performing a single-tier installation
    4.  
      Performing a two-tier installation
    5.  
      Performing a three-tier installation
    6.  
      Installing the Management Server
    7.  
      Installing the worker node
    8.  
      Installing the Classification Server
    9.  
      Installing the Self-Service Portal
    10.  
      Installing a Linux Indexer worker node
    11.  
      Installing Veritas Data Insight in Azure Cloud Environment
    12.  
      Installing Veritas Data Insight in AWS Cloud Environment
  4. Upgrading Veritas Data Insight
    1.  
      Upgrading Data Insight to 7.1
    2.  
      Upgrading the product data using the Upgrade Data Wizard
    3.  
      Names and locations of cache files
    4.  
      Upgrading the Data Insight web service for SharePoint
  5. Post-installation configuration
    1.  
      Post-installation configuration
    2.  
      Registering the worker node
    3. About post-installation security configuration for Management Server
      1.  
        About SSL client/server certificates
      2.  
        Enabling CA signed certificates for inter-node communication
      3.  
        Generating Management Console certificate
    4.  
      Configuring your corporate firewall
  6. Installing Windows File Server agent
    1.  
      About Windows File Server agent
    2.  
      Installing Windows File Server agent manually
    3.  
      Configuring the Windows File Server using ConfigureWindowsFileServer.exe
  7. Getting started with Data Insight
    1.  
      About the Data Insight Management Console
    2.  
      Logging in to the Data Insight Management Console
    3.  
      Logging out of the Data Insight Management Console
    4.  
      Displaying online help
  8. Uninstalling Veritas Data Insight
    1.  
      Uninstalling Veritas Data Insight
  9. Appendix A. Installing Data Insight using response files
    1.  
      About response files
    2.  
      Installing Data Insight using response files
    3.  
      Sample response files

Enabling CA signed certificates for inter-node communication

If you want to opt for CA signed certificates, perform the following steps on the Management Server

  1. Create a backup of <Data_Dir>\keys\commd.keystore.
  2. Create a backup of <Install_Dir>\jre\lib\security\cacerts.
  3. Import CA Issued Certifcate file (pfx) to the commd keystore. There are separate commands for FIPS and non FIPS mode. Execute either one command as per your FIPS configuration status.

    • For FIPS Mode, execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore "C:\DataInsight\data\keys\commd_new.keystore" -srcalias <certificate Entry Name> -destalias tomcat -deststoretype bcfks -destkeypass changeit -provider com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -providerpath "C:\Program Files\DataInsight\jre\lib\ext\ccj-3.0.1.jar"

    • For Non-FIPS Mode execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore "C:\DataInsight\data\keys\commd_new.keystore" -srcalias <certificate Entry Name> -destalias tomcat -deststoretype jks -destkeypass changeit

  4. Create a copy of <Install_Dir>\jre\lib\security\cacerts and rename the copy as <Install_Dir>\jre\lib\security\cacerts_new.
  5. You need to delete the self-signed certificate from the cacerts keystore by executing a command. There are separate commands for FIPS and non FIPS mode. Execute either one command as per your FIPS configuration status.

    • For FIPS Mode, execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -delete -alias tomcatTrustedCA -storepass changeit -keystore "C:\Program Files\DataInsight\jre\lib\security\cacerts_new" -storetype bcfks -provider com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -providerpath "C:\ProgramFiles\DataInsight\jre\lib\ext\ccj-3.0.1.jar"

    • For Non-FIPS Mode execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -delete -alias tomcatTrustedCA -storepass changeit -keystore "C:\Program Files\DataInsight\jre\lib\security\cacerts_new"

To automatically copy the updated commd.keystore and cacerts from the Management Server to all remote Data Insight Nodes, perform the following steps:

  1. On the Management Server, execute the Batch Script available at <Install_Dir>\bin\certificate_operations.bat
  2. Press 1, which is Copy CA-Signed Certificate to all secondary nodes.
  3. Wait for the utility to complete copying of the Keystores and return to the main screen.
  4. Check if there are any failures reported by the utility. If any, follow the instructions on the screen to resolve it.
  5. Exit the utility.
  6. Restart all Data Insight services on the Management Server using Services.msc.
  7. After 10 minutes, log in to Data Insight and navigate to Settings-> Inventory-> Servers.
  8. Check the Health column of all the remote nodes. If it is green and servers are online, the updated keystore files have been copied successful.
  9. If any of the remote nodes appears offline, restart the DataInsightComm service from services.msc on the remote node.

To manually copy the updated commd.keystore and cacerts from the Management Server to all remote Data Insight nodes, perform the following steps on the Management Server.

  1. Rename <Data_Dir>\data\keys\commd_new.keystore to commd.keystore.
  2. Rename <Install_Dir>\jre\lib\security\cacerts_new to cacerts.
  3. Copy <Data_Dir>\keys\commd.keystore from the Management Server and paste it to the same location on all remote servers.
  4. Copy <Install_Dir>\jre\lib\security\cacerts from the Management Server.

    • For Windows remote servers, paste it to <Install_Dir>\jre\lib\security\cacerts.

    • For Linux remote servers, paste it to <Install_Dir>\jre\jre\lib\security\cacerts

  5. Restart all Data Insight services on the Management Server and all remote Data Insight nodes using services.msc.
  6. After 10 minutes, log in to Data Insight and navigate to Settings-> Inventory-> Servers.
  7. Check the Health column of all the remote nodes. If it is green and servers are online, the updated keystore files have been copied successful.
  8. If any of the remote nodes appears offline, restart the DataInsightComm service from services.msc on the remote node.

To apply the CA provided certificate to secure web portal communications, perform the following steps on the Management Server

Caution:

For signed certificate in .p7b format, See Generating Management Console certificate. and follow the steps given.

  1. Rename C:\DataInsight\data\keys\webserver.keystore to webserver-org.keystore.
  2. Import CA Issued Certifcate file (pfx) to the webserver.keystore.
  3. There are separate commands for FIPS and non FIPS mode. Execute either one command as per your FIPS configuration status.

    • For FIPS Mode, execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore "C:\DataInsight\data\keys\webserver.keystore" -srcalias <certificate Entry Name> -destalias tomcat -deststoretype bcfks -destkeypass changeit -provider com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -providerpath "C:\Program Files\DataInsight\jre\lib\ext\ccj-3.0.1.jar"

    • For Non-FIPS Mode, execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore C:\DataInsight\data\keys\webserver.keystore -srcalias <certificate Entry Name> -destalias tomcat -deststoretype jks -destkeypass changeit

  4. Restart the DataInsightWebService on the Management Server.

To apply the CA provided certificate to secure Self Service portal communications, perform the following steps on the Server designated as the Self Service Portal

  1. Rename C:\DataInsight\data\keys\portal.keystore to portal-org.keystore.
  2. Import CA Issued Certifcate file (pfx) to the webserver portal. There are separate commands for FIPS and non FIPS mode. Execute either one command as per your FIPS configuration status.

    • For FIPS Mode, execute the following command "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore "C:\DataInsight\data\keys\portal.keystore" -srcalias <certificate Entry Name> -destalias tomcat -deststoretype bcfks -destkeypass changeit -provider com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -providerpath "C:\Program Files\DataInsight\jre\lib\ext\ccj-3.0.1.jar"

    • For Non-FIPS Mode execute the following command "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore C:\DataInsight\data\keys\portal.keystore -srcalias <certificate Entry Name> -destalias tomcat -deststoretype jks -destkeypass changeit

  3. Restart the DataInsightPortalService on the Server designated as the Self Service Portal.