Arctera Enterprise Vault™ Insight Surveillance Installation Guide

Last Published:
Product(s): Enterprise Vault (15.2)
  1. Introducing Insight Surveillance
    1.  
      About Insight Surveillance desktop application
    2.  
      About Insight Surveillance web application
    3.  
      Feature comparison: Arctera Insight Surveillance desktop application Vs Arctera Insight Surveillance web application
    4. Product documentation
      1.  
        White papers on the Arctera Support website
  2. Preparing to install Insight Surveillance
    1. Configuration options for Insight Surveillance
      1.  
        Insight Surveillance configuration for large installations
      2.  
        Insight Surveillance configuration for smaller installations
    2.  
      Supported versions of Enterprise Vault in Insight Surveillance environments
    3. Prerequisites for Arctera Insight Surveillance
      1.  
        Prerequisites for the SQL Server computer
      2.  
        Prerequisites for the Arctera Insight Surveillance server computer
      3.  
        Prerequisites for the Enterprise Vault server computer
      4. Prerequisites for Insight Surveillance
        1.  
          Additional requirements for Arctera Insight Surveillance
        2.  
          Set Kerberos Trusted Delegation
    4.  
      Configuring Outlook to enable the processing of items with many attachments or many recipients
    5.  
      Setting the Windows and ASP.NET Temp folder permissions
    6. Security requirements for temporary folders
      1.  
        Granting additional users and groups access to the temporary folders
    7.  
      Disabling networking facilities that can disrupt a Insight Surveillance environment
    8.  
      Disabling the Windows Search Service on the Insight Surveillance server
    9.  
      Ensuring that the Windows Server service is running on the Insight Surveillance server
    10.  
      Configuring the SQL Server Agent service
    11.  
      Assigning SQL Server roles to the Vault Service account
    12.  
      Installing and configuring the SQL full-text search indexing service
    13.  
      Verifying that Enterprise Vault expands distribution lists
    14. Configuring Intelligent Review API Authentication and Authorization
      1.  
        Setting Kerberos trusted delegation between Surveillance Servers and Surveillance Database Servers
      2.  
        Setting Kerberos trusted delegation between Surveillance Servers and Surveillance Database Servers on IP address
  3. Installing Insight Surveillance
    1. Installing the Insight Surveillance server software
      1.  
        Allowing Enterprise Vault to communicate with Insight Surveillance through the Windows firewall
      2.  
        Creating the configuration database and customer databases
      3.  
        Configuring a dedicated server for Intelligent Review processing (optional deployment configuration)
      4. Configuring Insight Surveillance for use in a SQL Server Always On environment
        1.  
          Using SQL Server Reporting Services in an Always On environment
      5. Installing Insight Surveillance in a clustered environment
        1.  
          Configuring Insight Surveillance for use in a Network Load Balancing cluster
      6.  
        Maximizing security in your Insight Surveillance databases
    2.  
      Uninstalling Insight Surveillance
  4. Appendix A. Ports that Insight Surveillance uses
    1.  
      Default ports for Insight Surveillance
    2.  
      Changing the ports that Insight Surveillance uses
  5. Appendix B. Troubleshooting
    1.  
      Error messages appear in the event log when upgrading to Insight Surveillance 15.2
    2.  
      Enterprise Vault eDiscovery Manager service not created
    3.  
      Enterprise Vault eDiscovery Manager service does not start
    4.  
      "Access is denied" message is displayed when you try to create a customer database on a UAC-enabled computer
    5.  
      Cannot create or upgrade Insight Surveillance customer databases when Symantec Endpoint Protection is running
    6.  
      Error messages when the Intelligent Review (IR) API authentication and authorization fails
  6. Appendix C. Installing and configuring the Enhanced Auditing feature
    1.  
      Overview
    2.  
      Prerequisites for the Enhanced Auditing feature
    3.  
      Installing the Enhanced Auditing feature
    4.  
      Post installation steps
    5.  
      Upgrading the Enhanced Auditing setup
    6.  
      Modifying the Enhanced Auditing setup
    7.  
      Repairing the Enhanced Auditing setup
    8.  
      Uninstalling the Enhanced Auditing setup
    9.  
      Managing access from Arctera Insight Surveillance

Additional requirements for Arctera Insight Surveillance

IIS setting for processes on a single server

The default value 1 for the Maximum Worker Processes setting of Application Pool of the SupervisionWeb web application must not be changed so that Arctera Insight Surveillance functions properly while authenticating users.

About Security Certificates

Surveillance generates self-signed certificates for Arctera Insight Surveillance web application during configuration time to ensure all endpoints are encrypted. It is encouraged to replace these with certificates signed by well-known authorities. For details, see the following article for details on how Enterprise Vault configures an SSL Certificate.

https://www.veritas.com/support/en_US/doc/85434533-129299639-0/index

If you are accessing Arctera Insight Surveillance from a computer other than your Surveillance server, you need to import the certificate on that computer and add it to the Trusted Root Certification Authorities store. You also need to configure HTTPS.

Disabling unsafe cryptographic protocols and cipher suites

It is recommended to disable unsafe cryptographic protocols and cipher suites on the server to let users access Arctera Insight Surveillance without exposing your proxy server.

When a application device uses HTTPS to connect to Arctera Insight Surveillance on a proxy server, the application and server negotiate a common cryptographic protocol to secure the channel. If the application and server have multiple protocols in common, Internet Information Services (IIS) tries to secure the channel with one of the protocols that IIS supports. However, some protocols are stronger than others; to maximize the security of your environment, you may therefore want to disable the weak protocols in favor of stronger, Arctera-approved alternatives.

You can comply with Arctera recommendations by configuring the cryptographic protocols and cipher suites on your proxy server as follows:

  • Enable the TLS 1.2 protocols.

  • Disable the TLS 1.0 and 1.1, SSL 2.0 and 3.0 protocols.

  • Disable the RC2, RC4, and DES cipher suites.

The following article in the Microsoft Knowledge Base provides guidelines on how to implement these changes:

http://support.microsoft.com/kb/245030