Veritas Data Insight Administrator's Guide

Last Published:
Product(s): Data Insight (6.1.5)
  1. Section I. Getting started
    1. Introduction to Veritas Data Insight administration
      1. About Veritas Data Insight administration
        1.  
          Operation icons on the Management Console
        2.  
          Data Insight administration tasks
        3.  
          Supported data sources and platforms
    2. Configuring Data Insight global settings
      1. Overview of Data Insight licensing
        1.  
          Managing Data Insight licenses
      2.  
        Configuring SMTP server settings
      3. About scanning and event monitoring
        1. Configuring scanning and event monitoring
          1.  
            Considerations for running a parallel scan
      4. About filtering certain accounts, IP addresses, and paths
        1.  
          About exclude rules for access events
        2.  
          About exclude rules for Scanner
        3. Adding exclude rules to Data Insight
          1.  
            Add/Edit Exclude rule for access events options
          2.  
            Add/Edit Exclude rule for Scanner options
      5. About archiving data
        1.  
          About purging data
        2.  
          Configuring data retention settings
      6. About Data Insight integration with Symantec Data Loss Prevention (DLP)
        1.  
          About configuring Data Insight to integrate with Data Loss Prevention (DLP)
        2.  
          Configuring Symantec Data Loss Prevention settings
        3.  
          Importing SSL certificate from the DLP Enforce Server to Data Insight Management Server
        4.  
          About Symantec Data Loss Prevention (DLP) integration with Data Insight
      7.  
        Importing sensitive files information through CSV
      8. Configuring advanced analytics
        1.  
          Choosing custom attributes for advanced analytics
      9. About open shares
        1.  
          Configuring an open share policy
      10.  
        Configuring file groups
      11.  
        Configuring Workspace data owner policy
      12.  
        Configuring Management Console settings
      13. About bulk assignment of custodians
        1.  
          Assigning custodians in bulk using a CSV file
        2.  
          Assigning custodians based on data ownership
      14.  
        Configuring Watchlist settings
  2. Section II. Configuring Data Insight
    1. Configuring Data Insight product users
      1.  
        About Data Insight users and roles
      2.  
        Reviewing current users and privileges
      3. Adding a user
        1.  
          Add or edit Data Insight user options
      4.  
        Editing users
      5.  
        Deleting users
      6.  
        Configuring authorization for Symantec Data Loss Prevention users
    2. Configuring Data Insight product servers
      1.  
        About Data Insight product servers
      2.  
        Adding a new Data Insight server
      3.  
        Managing Data Insight product servers
      4.  
        Viewing Data Insight server details
      5. About node templates
        1.  
          Managing node templates
        2.  
          Adding or editing node templates
      6.  
        Adding Portal role to a Data Insight server
      7.  
        Adding Classification Server role to a Data Insight server
      8.  
        Assigning Classification Server to a Collector
      9.  
        Associating a Classification Server pool to a Collector
      10.  
        Viewing in-progress scans
      11.  
        Configuring Data Insight services
      12.  
        Configuring advanced settings
      13.  
        Monitoring Data Insight jobs
      14.  
        Rotating the encryption keys
      15.  
        Viewing Data Insight server statistics
      16. About automated alerts for patches and upgrades
        1.  
          Viewing and installing recommended upgrades and patches
      17.  
        Deploying upgrades and patches remotely
      18.  
        Using the Upload Manager utility
      19.  
        About migrating storage devices across Indexers
      20.  
        Viewing the status of a remote installation
    3. Configuring saved credentials
      1. About saved credentials
        1.  
          Managing saved credentials
      2.  
        Handling changes in account password
    4. Configuring directory service domains
      1.  
        Fetching users and groups data from NIS+ scanner
      2.  
        Configuring attributes for advanced analytics
      3.  
        Deleting directory service domains
      4.  
        Scheduling scans
      5.  
        Configuring business unit mappings
      6.  
        Importing additional attributes for users and user groups
    5. Configuring containers
      1.  
        About containers
      2. Adding containers
        1.  
          Add new container/Edit container options
      3.  
        Managing containers
  3. Section III. Configuring native file systems in Data Insight
    1. Configuring NetApp file server monitoring
      1.  
        About configuring NetApp file server monitoring
      2.  
        Prerequisites for configuring NetApp file servers
      3.  
        Credentials required for configuring NetApp filers
      4.  
        Credentials required for configuring NetApp NFS filers
      5.  
        Configuring SMB signing
      6.  
        About FPolicy
      7.  
        Preparing Data Insight for FPolicy
      8.  
        Preparing the NetApp filer for Fpolicy
      9.  
        Preparing the NetApp vfiler for Fpolicy
      10.  
        Configuring NetApp audit settings for performance improvement
      11.  
        Preparing a non-administrator domain user on the NetApp filer for Data Insight
      12.  
        Enabling export of NFS shares on a NetApp file server
      13.  
        Excluding volumes on a NetApp file server
      14.  
        Handling NetApp home directories in Data Insight
    2. Configuring clustered NetApp file server monitoring
      1.  
        About configuring a clustered NetApp file server
      2.  
        About configuring FPolicy in Cluster-Mode
      3.  
        Pre-requisites for configuring clustered NetApp file servers
      4.  
        Credentials required for configuring a clustered NetApp file server
      5.  
        Preparing a non-administrator local user on the clustered NetApp filer
      6.  
        Preparing a non-administrator domain user on a NetApp cluster for Data Insight
      7.  
        Preparing Data Insight for FPolicy in NetApp Cluster-Mode
      8.  
        Preparing the ONTAP cluster for FPolicy
      9. About configuring secure communication between Data Insight and cluster-mode NetApp devices
        1.  
          Generating SSL certificates for NetApp cluster-mode authentication
        2.  
          Preparing the NetApp cluster for SSL authentication
      10.  
        Enabling export of NFS shares on a NetApp Cluster-Mode file server
    3. Configuring EMC Celerra or VNX monitoring
      1. About configuring EMC Celerra or VNX filers
        1.  
          About EMC Common Event Enabler (CEE)
        2.  
          Preparing the EMC filer for CEPA
        3.  
          Preparing Data Insight to receive event notification
      2.  
        Credentials required for configuring EMC Celerra filers
    4. Configuring EMC Isilon monitoring
      1.  
        About configuring EMC Isilon filers
      2.  
        Prerequisites for configuration of Isilon or Unity VSA file server monitoring
      3.  
        Credentials required for configuring an EMC Isilon cluster
      4.  
        Configuring audit settings on EMC Isilon cluster using OneFS GUI console
      5.  
        Configuring audit settings on EMC Isilon cluster using the OneFS CLI
      6.  
        Configuring Isilon audit settings for performance improvement
      7.  
        Preparing Veritas Data Insight to receive event notifications from an EMC Isilon or Unity VSA cluster
      8.  
        Creating a non-administrator user for an EMC Isilon cluster
      9.  
        Using SmartConnect mapping for access zones
      10.  
        Purging the audit logs in an Isilon filer
    5. Configuring EMC Unity VSA file servers
      1.  
        About configuring Dell EMC Unity storage platform
      2.  
        Credentials required for configuring an EMC Unity VSA file server
      3.  
        Configuring audit settings on EMC Unity cluster using Unisphere VSA Unity console
    6. Configuring Hitachi NAS file server monitoring
      1.  
        About configuring Hitachi NAS
      2.  
        Credentials required for configuring a Hitachi NAS EVS
      3.  
        Creating a domain user on a Hitachi NAS file server for Data Insight
      4.  
        Preparing a Hitachi NAS file server for file system auditing
      5.  
        Advanced configuration parameters for Hitachi NAS
    7. Configuring Windows File Server monitoring
      1.  
        About configuring Windows file server monitoring
      2.  
        Credentials required for configuring Windows File Servers
      3.  
        Using the installcli.exe utility to configure multiple Windows file servers
      4.  
        Upgrading the Windows File Server agent
    8. Configuring Veritas File System (VxFS) file server monitoring
      1.  
        About configuring Veritas File System (VxFS) file servers
      2.  
        Credentials required for configuring Veritas File System (VxFS) servers
      3.  
        Enabling export of UNIX/Linux NFS shares on VxFS filers
    9. Configuring monitoring of a generic device
      1.  
        About configuring a generic device
      2.  
        Credentials required for scanning a generic device
    10. Managing file servers
      1.  
        About configuring filers
      2.  
        Viewing configured filers
      3. Adding filers
        1.  
          Add/Edit NetApp filer options
        2.  
          Add/Edit NetApp cluster file server options
        3.  
          Add/Edit EMC Celerra filer options
        4.  
          Add/Edit EMC Isilon file server options
        5.  
          Add/Edit EMC Unity VSA file server options
        6.  
          Add/Edit Windows File Server options
        7.  
          Add/Edit Veritas File System server options
        8.  
          Add/Edit a generic storage device options
        9.  
          Add/Edit Hitachi NAS file server options
      4.  
        Custom schedule options
      5.  
        Editing filer configuration
      6.  
        Deleting filers
      7.  
        Viewing performance statistics for file servers
      8.  
        About disabled shares
      9. Adding shares
        1.  
          Add New Share/Edit Share options
      10.  
        Managing shares
      11.  
        Editing share configuration
      12.  
        Deleting shares
      13.  
        About configuring a DFS target
      14.  
        Adding a configuration attribute for devices
      15.  
        Configuring a DFS target
      16.  
        About the DFS utility
      17.  
        Running the DFS utility
      18.  
        Importing DFS mapping
    11. Renaming storage devices
      1.  
        About renaming a storage device
      2.  
        Viewing the device rename status
      3.  
        Considerations for renaming a storage device
  4. Section IV. Configuring SharePoint data sources
    1. Configuring monitoring of SharePoint web applications
      1.  
        About SharePoint server monitoring
      2.  
        Credentials required for configuring SharePoint servers
      3.  
        Configuring a web application policy
      4. About the Data Insight web service for SharePoint
        1.  
          Installing the Data Insight web service for SharePoint
      5. Adding web applications
        1.  
          Add/Edit web application options
      6.  
        Editing web applications
      7.  
        Deleting web applications
      8. Adding site collections
        1.  
          Add/Edit site collection options
      9.  
        Managing site collections
      10.  
        Removing a configured web application
    2. Configuring monitoring of SharePoint Online accounts
      1. About SharePoint Online account monitoring
        1.  
          Prerequisites for configuring SharePoint Online account
      2.  
        Registering Data Insight with Microsoft to enable SharePoint Online account monitoring
      3.  
        Configuring an administrator account for Data Insight
      4. Adding SharePoint Online accounts
        1.  
          Add/Edit SharePoint Online account options
      5.  
        Managing a SharePoint Online account
      6. Adding site collections to SharePoint Online accounts
        1.  
          Add/Edit site collection options
      7.  
        Managing site collections
  5. Section V. Configuring cloud data sources
    1. Configuring monitoring of Box accounts
      1.  
        About configuring Box monitoring
      2.  
        Using a co-admin account to monitor Box resources
      3. Configuring monitoring of cloud sources in Data Insight
        1.  
          Add/Edit Box account
      4.  
        Configuring Box cloud resources through proxy server
    2. Configuring OneDrive account monitoring
      1.  
        About configuring OneDrive monitoring
      2.  
        Registering Data Insight with Microsoft to enable OneDrive account monitoring
      3.  
        Configuring user impersonation in Office 365
      4.  
        Add/Edit OneDrive account
      5. Adding OneDrive user accounts
        1.  
          Add/edit OneDrive user accounts
    3. Managing cloud sources
      1.  
        Viewing configured cloud sources
      2.  
        Managing cloud sources
  6. Section VI. Configuring ECM data sources
    1. Configuring Documentum data source
      1.  
        About Documentum device monitoring
      2.  
        Credentials required for configuring Documentum devices
      3. Configuring Documentum monitoring in Data Insight
        1.  
          Add/Edit Documentum device
      4.  
        Managing ECM Sources
      5. Adding repositories
        1.  
          Add New/Edit Repository options
      6.  
        Managing repositories
  7. Section VII. Health and monitoring
    1. Using Veritas Data Insight dashboards
      1.  
        Viewing the system health overview
      2.  
        Viewing the scanning overview
      3.  
        Viewing the scan status of storage devices
      4.  
        Viewing the scan history of storage devices
    2. Monitoring Data Insight
      1.  
        Viewing events
      2.  
        About high availability notifications
      3.  
        Monitoring the performance of Data Insight servers
      4.  
        Configuring email notifications
      5.  
        Enabling Windows event logging
      6.  
        Viewing scan errors
  8. Section VIII. Alerts and policies
    1. Configuring policies
      1.  
        About Data Insight policies
      2. Managing policies
        1.  
          Create Data Activity Trigger policy options
        2.  
          Create User Activity Deviation policy options
        3.  
          Create Real-time Data Activity User Whitelist-based policy options
        4.  
          Create Real-time Data Activity User Blacklist-based policy options
        5.  
          Create Real-time Sensitive Data Activity policy options
      3.  
        Managing alerts
  9. Section IX. Remediation
    1. Configuring remediation settings
      1. About configuring permission remediation
        1.  
          Managing and configuring permission remediation
        2.  
          Configuring exclusions for permission recommendation
      2.  
        About managing data
      3. About configuring archive options for Enterprise Vault
        1.  
          Adding new Enterprise Vault servers
        2.  
          Managing Enterprise Vault servers
        3.  
          Mapping file server host names
      4. About deleting files from CIFS devices
        1.  
          Configuring deletion of files and folders
        2.  
          Deleting files from the Workspace tab on the Data Insight interface
        3.  
          Deleting files from the Reports tab on the Data Insight interface
      5.  
  10. Section X. Reference
    1. Appendix A. Backing up and restoring data
      1.  
        Selecting the backup and restore order
      2.  
        Backing up and restoring the Data Insight Management Server
      3.  
        Backing up and restoring the Indexer node
    2. Appendix B. Data Insight health checks
      1. About Data Insight health checks
        1.  
          Services checks
        2.  
          Deployment details checks
        3.  
          Generic checks
        4.  
          Data Insight Management Server checks
        5.  
          Data Insight Indexer checks
        6.  
          Data Insight Collector checks
        7.  
          Data Insight Windows File Server checks
        8.  
          Data Insight SharePoint checks
      2.  
        Understanding Data Insight best practices
    3. Appendix C. Command File Reference
      1.  
        fg.exe
      2.  
        indexcli.exe
      3.  
        reportcli.exe
      4.  
        scancli.exe
      5.  
        installcli.exe
    4. Appendix D. Data Insight jobs
      1.  
        Scheduled Data Insight jobs
    5. Appendix E. Troubleshooting
      1.  
        About general troubleshooting procedures
      2.  
        About the Health Audit report
      3.  
        Location of Data Insight logs
      4.  
        Downloading Data Insight logs
      5.  
        Migrating the data directory to a new location
      6. Troubleshooting FPolicy issues on NetApp devices
        1.  
          Viewing FPolicy-related errors and warnings
        2.  
          Resolving FPolicy connection issues
      7.  
        Troubleshooting EMC Celera or VNX configuration issues
      8.  
        Troubleshooting EMC Isilon configuration issues
      9.  
        Troubleshooting SharePoint configuration issues
      10.  
        Troubleshooting Hitachi NAS configuration issues
      11.  
        Troubleshooting installation of Tesseract software
  11.  
    Index

Preparing the NetApp cluster for SSL authentication

You must install the signed digital certificate with the associated private key (<yourKeyFileName>.key) on the NetApp Admin Vserver

Installing the SSL certificate on cluster mode NetApp device

To install the certificate on the NetApp Admin Vserver

  1. Log on to the Admin Vserver, and manually copy over the .key file to the server.
  2. From the command prompt window, navigate to the location where you have saved the .key file.
  3. Run the following command:

    security certificate install -type client-ca -vserver <Host name of AdminVserver>

    Note:

    : If you have a CA-signed SSL certificate, install the root certificate and each intermediate certificate of the CA that signed the certificate by using the command security certificate install command with - type client-ca parameter.

  4. To verify whether the certificate is installed, run the following command:

    security certificate show - vserver <Host name of AdminVserver>

Note:

You should keep a copy of your certificate and private key for future reference. If you revert or downgrade to an earlier release, you must first delete the certificate and private key.

Creating security roles

You must security roles for ONTAPI access with the common name that you have mentioned in the certificate.

Note:

Authentication of a domain user credentials using SSL for monitoring NFS exports is not supported.

To create the security roles

  1. From the command prompt on the Storage Virtual Machine (SVM), run the following commands:

    security login role create -role testrole -cmddirname "version"-access all

    security login role create -role testrole -cmddirname "vserver cifs"-access readonly

    security login role create -role testrole -cmddirname "vserver"-access readonly

    security login role create -role testrole -cmddirname "volume"-access readonly

    security login role create -role testrole - cmddirname "vserver fpolicy policy" -access all

    security login role create -role testrole - cmddirname "vserver fpolicy" -access readonly

    security login role create -role testrole - cmddirname "vserver fpolicy enable" -access all

    security login role create -role testrole - cmddirname "vserver fpolicy disable" -access all

    security login role create -role testrole - cmddirname "statistics" -access readonly

    security login role create -role testrole -cmddirname "vserver nfs" -access all

    security login role create -role testorle -cmddirname "network interface show" -access readonly

    The network interface show privilege automatically assigns the following privileges to the role:

    • network interface create

    • network interface modify

    • network interface modify

  2. To view the security roles that were created, run the following command:

    security login role show - vserver <Host name of AdminVserver>

Creating a security logon

You must create two security logon credentials - one with authmethod as cert and another with authmethod as password.

To create a security logon

  1. Create a security logon with the common name that you have mentioned in the certificate. For the purpose of this procedure, let us assume that the common name is ditest. Run the following commands:

    security login create -username ditest -application ontapi -authmethod cert -role ditest -vserver <Host name of AdminVserver>

    security login create -username ditest -application ontapi -authmethod password -role ditest -vserver <Host name of AdminVserver>

  2. To view the security logon that you created, run the following command:

    security login show - vserver Host name of AdminVserver>

Enabling client authentication on the NetApp cluster

To enable client authentication

  1. Run the following command:

    security ssl modify - vserver <Host name of AdminVserver>

    For example -security ssl modify - vserver < name of admin vserver > -ca < default ontap cert > -serial <default ontap cert> -common-name <default cert name> -server-enabled true -client-enabled true

    Note:

    Default values can be obtained by pressing tab key from Ontap management interface command prompt.

  2. To check the status, run the following command:

    >> security ssl show - vserver <Host name of AdminVserver>

After you install all required certificates, create the appropriate role and logon credentials, and enable client authentication, you can add the NetApp cluster to the Data Insight configuration.