Arctera Enterprise Vault™ Insight Surveillance Installation Guide

Last Published:
Product(s): Enterprise Vault (15.2)
  1. Introducing Insight Surveillance
    1.  
      About Insight Surveillance desktop application
    2.  
      About Insight Surveillance web application
    3.  
      Feature comparison: Arctera Insight Surveillance desktop application Vs Arctera Insight Surveillance web application
    4. Product documentation
      1.  
        White papers on the Arctera Support website
  2. Preparing to install Insight Surveillance
    1. Configuration options for Insight Surveillance
      1.  
        Insight Surveillance configuration for large installations
      2.  
        Insight Surveillance configuration for smaller installations
    2.  
      Supported versions of Enterprise Vault in Insight Surveillance environments
    3. Prerequisites for Arctera Insight Surveillance
      1.  
        Prerequisites for the SQL Server computer
      2.  
        Prerequisites for the Arctera Insight Surveillance server computer
      3.  
        Prerequisites for the Enterprise Vault server computer
      4. Prerequisites for Insight Surveillance
        1.  
          Additional requirements for Arctera Insight Surveillance
        2.  
          Set Kerberos Trusted Delegation
    4.  
      Configuring Outlook to enable the processing of items with many attachments or many recipients
    5.  
      Setting the Windows and ASP.NET Temp folder permissions
    6. Security requirements for temporary folders
      1.  
        Granting additional users and groups access to the temporary folders
    7.  
      Disabling networking facilities that can disrupt a Insight Surveillance environment
    8.  
      Disabling the Windows Search Service on the Insight Surveillance server
    9.  
      Ensuring that the Windows Server service is running on the Insight Surveillance server
    10.  
      Configuring the SQL Server Agent service
    11.  
      Assigning SQL Server roles to the Vault Service account
    12.  
      Installing and configuring the SQL full-text search indexing service
    13.  
      Verifying that Enterprise Vault expands distribution lists
    14. Configuring Intelligent Review API Authentication and Authorization
      1.  
        Setting Kerberos trusted delegation between Surveillance Servers and Surveillance Database Servers
      2.  
        Setting Kerberos trusted delegation between Surveillance Servers and Surveillance Database Servers on IP address
  3. Installing Insight Surveillance
    1. Installing the Insight Surveillance server software
      1.  
        Allowing Enterprise Vault to communicate with Insight Surveillance through the Windows firewall
      2.  
        Creating the configuration database and customer databases
      3.  
        Configuring a dedicated server for Intelligent Review processing (optional deployment configuration)
      4. Configuring Insight Surveillance for use in a SQL Server Always On environment
        1.  
          Using SQL Server Reporting Services in an Always On environment
      5. Installing Insight Surveillance in a clustered environment
        1.  
          Configuring Insight Surveillance for use in a Network Load Balancing cluster
      6.  
        Maximizing security in your Insight Surveillance databases
    2.  
      Uninstalling Insight Surveillance
  4. Appendix A. Ports that Insight Surveillance uses
    1.  
      Default ports for Insight Surveillance
    2.  
      Changing the ports that Insight Surveillance uses
  5. Appendix B. Troubleshooting
    1.  
      Error messages appear in the event log when upgrading to Insight Surveillance 15.2
    2.  
      Enterprise Vault eDiscovery Manager service not created
    3.  
      Enterprise Vault eDiscovery Manager service does not start
    4.  
      "Access is denied" message is displayed when you try to create a customer database on a UAC-enabled computer
    5.  
      Cannot create or upgrade Insight Surveillance customer databases when Symantec Endpoint Protection is running
    6.  
      Error messages when the Intelligent Review (IR) API authentication and authorization fails
  6. Appendix C. Installing and configuring the Enhanced Auditing feature
    1.  
      Overview
    2.  
      Prerequisites for the Enhanced Auditing feature
    3.  
      Installing the Enhanced Auditing feature
    4.  
      Post installation steps
    5.  
      Upgrading the Enhanced Auditing setup
    6.  
      Modifying the Enhanced Auditing setup
    7.  
      Repairing the Enhanced Auditing setup
    8.  
      Uninstalling the Enhanced Auditing setup
    9.  
      Managing access from Arctera Insight Surveillance

Creating the configuration database and customer databases

After you have installed the Insight Surveillance server software, you must set up the required configuration and customer databases with the eDiscovery Manager website.

The configuration database specifies the locations of the customer databases, and it stores details of the SQL Server, database files, and log files to use. Each customer database stores details of departments, user roles, search results, and more.

You can set up one configuration database only, but you can set up multiple customer databases. The configuration database can reside on one SQL Server, and the customer databases can reside on a different SQL Server. You may find it useful to set up multiple customer databases if, for example, you want to separate the groups who are to perform searches in Insight Surveillance. Suppose that your legal department and human resources department both need to perform searches. These two departments may not be able to share roles in a Insight Surveillance system. Setting up two customers lets both departments use Insight Surveillance without needing access to the same Insight Surveillance setup.

Before you proceed, note the following:

  • If you have installed Insight Surveillance on a server in which User Account Control (UAC) is enabled, you must open the eDiscovery Manager website with administrator privileges.

  • If Symantec Endpoint Protection is running on your Insight Surveillance server, we recommend that you shut it down temporarily.

  • For database safety reasons, you must back up the configuration database on a regular basis.

To create the configuration database

  1. If you have yet to display the eDiscovery Manager website, browse to the following location:

    http://server_name/EVBAAdmin

    Where server_name is the name of the server on which you installed the Insight Surveillance server software.

  2. In the Configuration Database Details page, enter your preferred details, and then click OK.

    SQL Server

    Specifies the name or IP address of the SQL Server computer. You can specify the IP address in either IPv4 or IPv6 format. SQL instances are supported.

    Alternatively, in SQL Server environments where the database is part of an Always On availability group or failover cluster instance (FCI), you can specify the virtual network name or IP address of the availability group listener or FCI. For guidelines on deploying databases in Always On environments, see the following article on the Microsoft website:

    https://msdn.microsoft.com/library/ff878487.aspx

    You must append the port number if you have chosen to use a non-default port. For example, SQLServer,1234.

    Database name

    Specifies the name of the configuration database. The name cannot contain any of the following characters:

    \ / : * ? " < > | '

    Note:

    Surveillance and eDiscovery cannot share the same configuration database. So, if you previously created the configuration database for one application, you must create a new database with a different name when setting up the other application.

    Use Existing Database

    Instructs Insight Surveillance to use the specified existing database instead of creating a new one. If you choose this option, the remaining boxes in the page are unavailable.

    Data File Folder

    Specifies a location for the configuration database file. This location should be a valid, existing path on the SQL Server computer. A minimum of 300 MB is required for the default configuration database.

    You can specify a local path or a UNC path. For example, you might specify the path as E:\SQLData or \\my_computer\SQLData.

    Log File Folder

    Specifies a location for the database log files. This location should be a valid, existing path on the SQL Server computer. A minimum of 300 MB is required for the database log files.

    You can specify a local path or a UNC path. For example, you might specify the path as E:\SQLLogs or \\my_computer\SQLLogs.

    Initial Database Size

    Sets the initial size in megabytes of the configuration database file. In the Growth % box, you can specify as a percentage of the file size the amount of space that is automatically added to the file each time more is needed.

    Initial Log Size

    Sets the initial size in megabytes of the database log files. In the Growth % box, you can specify as a percentage of the file size the amount of space that is automatically added to a file each time more is needed.

    Windows Authentication

    Specifies whether to use a Microsoft Windows user account to connect to the configuration database. If you clear this option, you must set the SQL logon name and password to use for the database connection.

    Connection Time Out

    Specifies the amount of time in seconds to wait for connections to the configuration database to complete before terminating the attempt and generating an error.

    Connection Life Time

    Specifies the time in seconds that a connection to the configuration database is considered valid. When the time has elapsed, the connection is disposed of.

    Max Pool Size

    Specifies the maximum number of database connections that can be simultaneously opened to the configuration database.

  3. Under Database Master Key Configuration, specify the following:

    Database Master Key Password

    Enter Database Master Key Password.

    To encrypt the data of the Configuration Database, type the password to create the SQL Server Database Master Key. Note down this password as it is required while migrating or restoring the configuration database to another SQL server instance.

    This password must comply with the Windows Password Policy of the computer that is running the instance of SQL Server.

    While using the existing database, if the selected database already has the database master key, the application ignores this password and proceeds to the next step. If the selected database does not have the database master key, the application uses the same password to create a new database.

    Note:

    If you are upgrading the database, providing this password is a one-time activity only. You do not need to provide this password during the next upgrade, click Update to start the configuration.

    Confirm Password

    Enter the same Database Master Key Password again for confirmation. The Confirm Password must match the Database Master Key Password.

  4. When Insight Surveillance prompts you to do so, restart the Enterprise Vault eDiscovery Manager service by using the Services snap-in to Microsoft Management Console.

    Note:

    Restarting the service causes Insight Surveillance to check the security of various temporary folders that the application uses. If this security check fails, an error event with an ID of 585 is recorded in the Arctera Enterprise Vault event log, and the service does not start.

    See Security requirements for temporary folders.

  5. In the eDiscovery Manager website, click Upload License to import your license key file into Insight Surveillance.

To create the customer databases

  1. In the left pane of the eDiscovery Manager website, right-click the server node, and then click New Customer.
  2. Complete the details in the Create Customer page, and then click OK.

    Customer Type

    Indicates that this database is a customer database for Insight Surveillance.

    Name

    Specifies a unique name for the customer. The name cannot contain any of the following characters:

    \ / : * ? " < > | '

    VaultID(s)

    Identifies the journal mailbox archive that the customer uses. You can obtain the ID by looking at the archive's property page in the Vault Administration Console.

    One customer must have a blank VaultID(s) field to designate that it is the default customer. All other customers must have a unique entry in the field, such as the required ID or a statement such as "Do_Not_Use".

    Directory DNS aliases

    Specifies the DNS alias, server name, or IP address of the Enterprise Vault Directory service computer. You can specify IP addresses in either IPv4 or IPv6 format.

    Take care to specify the correct DNS alias information. If the information is wrong, no vault stores will be visible in any area of the client.

    Administrator User or Group

    Optionally nominates an Active Directory user account or group account as an administrator for the Insight Surveillance customer database. This user or group has full administrative permissions in the customer database and typically assigns application-wide roles to other users. Specify the account details in the form domain\user_or_group_name; for example, "OurDomain\Marie.Lopez".

    The Vault Service account already has full administrative permissions in the customer database, so there is usually no need to nominate another user or group. However, you may want to do this if your company policy restricts the use of service accounts.

    Note:

    If you choose to nominate an administrator user or group then, using the Insight Surveillance web application, you must also create an employee profile for the user or group in the customer database. For instructions on how to do this, see the Administrator's Guide. By creating an employee profile, you allow the user or group to perform administrative tasks in the customer database, such as deleting departments.

    Enable Customer's tasks

    Enables users to perform activities in the Insight Surveillance web application. If you clear this option, only automatic tasks like scheduled searches are permissible.

    IIS section

    Virtual Directory

    Specifies the name of the IIS virtual directory that the Insight Surveillance reporting functionality uses.

    No two customers can share the same virtual directory name. The directory name must not include space characters or any of the following characters:

    * ? \ / % ' "

    Note that you cannot name the virtual directory for any Insight Surveillance customer as "EVBAAdmin" because this name is reserved for the eDiscovery Manager website.

    IIS Server

    Specifies the name or IP address of the IIS server that is to host the Insight Surveillance site. You can type the IP address in either IPv4 or IPv6 format. However, you cannot type an IPv6 address that includes colons (:) or is enclosed in square brackets ([]).

    The default entry for this field is the server on which you are running the eDiscovery Manager website.

    Manage Virtual Directory

    Lets you administer the virtual directory by using the Insight Surveillance application. By default, the option is selected.

    Database Details section

    SQL Server

    Specifies the name or IP address of the SQL Server computer on which the customer database is to reside. You can specify the IP address in either IPv4 or IPv6 format. SQL instances are supported.

    Alternatively, if the database is part of an Always On availability group or failover cluster instance (FCI), you can specify the virtual network name or IP address of the availability group listener or FCI.

    For guidelines on deploying databases in Always On environments, see the following article on the Microsoft website:

    https://msdn.microsoft.com/library/ff878487.aspx

    You must append the port number if you have chosen to use a non-default port. For example, SQLServer,1234.

    Database

    Specifies the name of the customer database. The name cannot contain any of the following characters:

    \ / : * ? " < > | '

    Use Existing Database

    Instructs Insight Surveillance to use the specified existing database instead of creating a new one. If you select this option, many of the remaining boxes in the page become unavailable. By default, the option is not selected.

    Data File Folder

    Specifies a location for the configuration database file. This location should be a valid, existing path on the SQL Server computer.

    You can specify a local path or a UNC path. For example, you might specify the path as E:\SQLData or \\my_computer\SQLData.

    Log File Folder

    Specifies a location for the database log files. This location should be a valid, existing path on the SQL Server computer.

    You can specify a local path or a UNC path. For example, you might specify the path as E:\SQLLogs or \\my_computer\SQLLogs.

    Initial Database Size

    Sets the initial size in megabytes of the customer database file. In the Growth % box, you can specify as a percentage of the file size the amount of space that is automatically added to the file each time more is needed.

    Initial Log Size

    Sets the initial size in megabytes of the database log files. In the Growth % box, you can specify as a percentage of the file size the amount of space that is automatically added to a file each time more is needed.

    Windows Authentication

    Specifies whether to use a Microsoft Windows user account to connect to the customer database. If you clear this option, you must set the SQL logon name and password to use for the database connection.

    Connection Time Out

    Specifies the amount of time in seconds to wait for connections to the customer database to complete before terminating the attempt and generating an error.

    Connection Life Time

    Specifies the time in seconds that a connection to the customer database is considered valid. When the time has elapsed, the connection is disposed of.

    Max Pool Size

    Specifies the maximum number of database connections that can be simultaneously opened to the customer database.

    DSN

    Specifies the full connection string, or Data Source Name (DSN), to use when connecting to the customer database. The process of creating and connecting to the database automatically fills in this field. Do not modify the details unless Arctera Support advises you to do so.

    Reporting FileGroup Location

    During the fresh Surveillance installation or upgrade, the new Enhanced Reporting feature presents a mandatory field to specify the 'FileGroup' location. This specified FileGroup location serves as the storage for reports-specific data. It is recommended to select storage location other than the CA database location with sufficient storage.

  3. Wait for Insight Surveillance to create the customer database. This process can take several minutes to complete.
  4. Repeat steps 1 through 3 for each customer database that you want to create.

More Information

Cannot create or upgrade Insight Surveillance customer databases when Symantec Endpoint Protection is running