Veritas Data Insight Installation Guide

Last Published:
Product(s): Data Insight (7.0)
Platform: Windows
  1. Understanding the Veritas Data Insight architecture
    1.  
      About Veritas Data Insight
    2.  
      About the Management Server
    3. About the Collector worker node
      1.  
        About the Collector
      2.  
        About the Scanner
    4.  
      About the Indexer worker node
    5.  
      About the Classification worker node
    6.  
      About the Self-Service Portal node
    7.  
      About Communication Service
    8.  
      About the DataInsightWatchdog service
    9.  
      About the DataInsightWorkflow service
    10. About Veritas Data Insight installation tiers
      1.  
        About three-tier installation
      2.  
        About two-tier installation
      3.  
        About single-tier installation
  2. Preinstallation
    1.  
      Pre-installation steps
    2.  
      Minimum system requirements
    3.  
      System requirements for classification components
  3. Installing Veritas Data Insight
    1.  
      About installing Veritas Data Insight
    2.  
      Federal Information Processing Standards (FIPS)
    3.  
      Performing a single-tier installation
    4.  
      Performing a two-tier installation
    5.  
      Performing a three-tier installation
    6.  
      Installing the Management Server
    7.  
      Installing the worker node
    8.  
      Installing the Classification Server
    9.  
      Installing the Self-Service Portal
    10.  
      Installing a Linux Classification Server or Collector worker node
    11.  
      Installing a Linux Indexer worker node
    12.  
      Installing Veritas Data Insight in Azure Cloud Environment
    13.  
      Installing Veritas Data Insight in AWS Cloud Environment
  4. Upgrading Veritas Data Insight
    1.  
      Upgrading Data Insight to 7.0
    2.  
      Upgrading the product data using the Upgrade Data Wizard
    3.  
      Names and locations of cache files
    4.  
      Upgrading the Data Insight web service for SharePoint
  5. Post-installation configuration
    1.  
      Post-installation configuration
    2.  
      Registering the worker node
    3. About post-installation security configuration for Management Server
      1.  
        About SSL client/server certificates
      2.  
        Enabling CA signed certificates for inter-node communication
      3.  
        Generating Management Console certificate
    4.  
      Configuring your corporate firewall
  6. Installing Windows File Server agent
    1.  
      About Windows File Server agent
    2.  
      Installing Windows File Server agent manually
    3.  
      Configuring the Windows File Server using ConfigureWindowsFileServer.exe
  7. Getting started with Data Insight
    1.  
      About the Data Insight Management Console
    2.  
      Logging in to the Data Insight Management Console
    3.  
      Logging out of the Data Insight Management Console
    4.  
      Displaying online help
  8. Uninstalling Veritas Data Insight
    1.  
      Uninstalling Veritas Data Insight
  9. Appendix A. Installing Data Insight using response files
    1.  
      About response files
    2.  
      Installing Data Insight using response files
    3.  
      Sample response files

Enabling CA signed certificates for inter-node communication

If you want to opt for CA signed certificates, perform the following steps on the Management Server

  1. Rename C:\DataInsight\data\keys\commd.keystore to commd-org.keystore
  2. Import CA Issued Certifcate file (pfx) to the commd keystore. There are separate commands for FIPS and non FIPS mode. Execute either one command as per your FIPS configuration status.

    • For FIPS Mode, execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore "C:\DataInsight\data\keys\commd.keystore" -srcalias <certificate Entry Name> -destalias tomcat -deststoretype bcfks -destkeypass changeit -provider com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -providerpath "C:\Program Files\DataInsight\jre\lib\ext\ccj-3.0.1.jar"

    • For Non-FIPS Mode execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore "C:\DataInsight\data\keys\commd.keystore" -srcalias <certificate Entry Name> -destalias tomcat -deststoretype jks -destkeypass changeit

    Note:

    The certificate Entry Name will be provided by the Certification Authority as part of the certificate.

  3. Rename C:\Program Files\DataInsight\jre\lib\security\cacerts to cacerts-org.
  4. You need to delete the self-signed certificate from the cacerts keystore by executing a command. There are separate commands for FIPS and non FIPS mode. Execute either one command as per your FIPS configuration status.

    • For FIPS Mode, execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -delete -alias tomcatTrustedCA -storepass changeit -keystore "C:\Program Files\DataInsight\jre\lib\security\cacerts" -storetype bcfks -provider com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -providerpath "C:\Program Files\DataInsight\jre\lib\ext\ccj-3.0.1.jar"

    • For Non-FIPS Mode execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -delete -alias tomcatTrustedCA -storepass changeit -keystore "C:\Program Files\DataInsight\jre\lib\security\cacerts"

  5. On all Remote Servers, rename C:\DataInsight\data\keys\commd.keystore to commd-org.keystore.
  6. Copy C:\DataInsight\data\keys\commd.keystore from the Management Server to all Remote Servers located at C:\DataInsight\data\keys.
  7. Restart the DataInsight services on the Management Server and all remote servers.

To apply the CA provided certificate to secure web portal communications, perform the following steps on the Management Server

  1. Rename C:\DataInsight\data\keys\webserver.keystore to webserver-org.keystore.
  2. Import CA Issued Certifcate file (pfx) to the commd keystore.
  3. There are separate commands for FIPS and non FIPS mode. Execute either one command as per your FIPS configuration status.

    • For FIPS Mode, execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore "C:\DataInsight\data\keys\webserver.keystore" -srcalias <certificate Entry Name> -destalias tomcat -deststoretype bcfks -destkeypass changeit -provider com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -providerpath "C:\Program Files\DataInsight\jre\lib\ext\ccj-3.0.1.jar"

    • For Non-FIPS Mode, execute the following command: "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore C:\DataInsight\data\keys\webserver.keystore -srcalias <certificate Entry Name> -destalias tomcat -deststoretype jks -destkeypass changeit

  4. Restart the DataInsightWebService on the Management Server.

To apply the CA provided certificate to secure Self Service portal communications, perform the following steps on the Server designated as the Self Service Portal

  1. Rename C:\DataInsight\data\keys\portal.keystore to portal-org.keystore.
  2. Import CA Issued Certifcate file (pfx) to the webserver portal. There are separate commands for FIPS and non FIPS mode. Execute either one command as per your FIPS configuration status.

    • For FIPS Mode, execute the following command "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore "C:\DataInsight\data\keys\portal.keystore" -srcalias <certificate Entry Name> -destalias tomcat -deststoretype bcfks -destkeypass changeit -provider com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -providerpath "C:\Program Files\DataInsight\jre\lib\ext\ccj-3.0.1.jar"

    • For Non-FIPS Mode execute the following command "C:\Program Files\DataInsight\jre\bin\keytool.exe" -importkeystore -srckeystore "<Location of .pfx file>" -destkeystore C:\DataInsight\data\keys\portal.keystore -srcalias <certificate Entry Name> -destalias tomcat -deststoretype jks -destkeypass changeit

  3. Restart the DataInsightPortalService on the Server designated as the Self Service Portal.