Enterprise Vault™ Compliance Accelerator Installation Guide
- Introducing Compliance Accelerator
- Preparing to install Compliance Accelerator
- Configuration options for Compliance Accelerator
- Supported versions of Enterprise Vault in Compliance Accelerator environments
- Prerequisites for Compliance Accelerator
- Configuring Outlook to enable the processing of items with many attachments or many recipients
- Setting the Windows and ASP.NET Temp folder permissions
- Security requirements for temporary folders
- Disabling networking facilities that can disrupt a Compliance Accelerator environment
- Disabling the Windows Search Service on the Compliance Accelerator server
- Ensuring that the Windows Server service is running on the Compliance Accelerator server
- Configuring the SQL Server Agent service
- Assigning SQL Server roles to the Vault Service account
- Installing and configuring the SQL full-text search indexing service
- Verifying that Enterprise Vault expands distribution lists
- Configuring Intelligent Review API Authentication and Authorization
- Installing Compliance Accelerator
- Installing the Compliance Accelerator server software
- Allowing Enterprise Vault to communicate with Compliance Accelerator through the Windows firewall
- Creating the configuration database and customer databases
- Uploading the Compliance Accelerator report templates
- Configuring a dedicated server for Intelligent Review processing (optional deployment configuration)
- Configuring Compliance Accelerator for use in a SQL Server Always On environment
- Installing Compliance Accelerator in a clustered environment
- Maximizing security in your Compliance Accelerator databases
- Installing the Compliance Accelerator client software
- Uninstalling Compliance Accelerator
- Installing the Compliance Accelerator server software
- Appendix A. Ports that Compliance Accelerator uses
- Appendix B. Troubleshooting
- Error messages appear in the event log when upgrading to Compliance Accelerator 14.4
- Enterprise Vault Accelerator Manager service not created
- Enterprise Vault Accelerator Manager service does not start
- "Access is denied" message is displayed when you try to create a customer database on a UAC-enabled computer
- Cannot create or upgrade Compliance Accelerator customer databases when Symantec Endpoint Protection is running
- Permissions error when uninstalling the Compliance Accelerator client from a UAC-enabled computer
- Uninstalling the Compliance Accelerator client from a shared location may prevent other users from starting the client
- Error messages when the Intelligent Review (IR) API authentication and authorization fails
- Appendix C. Installing and configuring the Enhanced Auditing feature
- Overview
- Prerequisites for the Enhanced Auditing feature
- Installing the Enhanced Auditing feature
- Post installation steps
- Upgrading the Enhanced Auditing setup
- Modifying the Enhanced Auditing setup
- Repairing the Enhanced Auditing setup
- Uninstalling the Enhanced Auditing setup
- Managing access from Veritas Advanced Supervision
Additional requirements for Veritas Advanced Supervision
IIS setting for processes on a single server
The default value for the setting of Application Pool of the web application must not be changed so that Veritas Advanced Supervision functions properly while authenticating users.
About Security Certificates
Compliance Accelerator generates self-signed certificates for Veritas Advanced Supervision web application during configuration time to ensure all endpoints are encrypted. It is encouraged to replace these with certificates signed by well-known authorities. For details, see the following article for details on how Enterprise Vault configures an SSL Certificate.
https://www.veritas.com/support/en_US/doc/85434533-129299639-0/index
If you are accessing Veritas Advanced Supervision from a computer other than your Compliance Accelerator server, you need to import the certificate on that computer and add it to the Trusted Root Certification Authorities store. You also need to configure HTTPS.
Disabling unsafe cryptographic protocols and cipher suites
It is recommended to disable unsafe cryptographic protocols and cipher suites on the server to let users access Veritas Advanced Supervision without exposing your proxy server.
When a client device uses HTTPS to connect to Veritas Advanced Supervision on a proxy server, the client and server negotiate a common cryptographic protocol to secure the channel. If the client and server have multiple protocols in common, Internet Information Services (IIS) tries to secure the channel with one of the protocols that IIS supports. However, some protocols are stronger than others; to maximize the security of your environment, you may therefore want to disable the weak protocols in favor of stronger, Veritas-approved alternatives.
You can comply with Veritas recommendations by configuring the cryptographic protocols and cipher suites on your proxy server as follows:
Enable the TLS 1.2 protocols.
Disable the TLS 1.0 and 1.1, SSL 2.0 and 3.0 protocols.
Disable the RC2, RC4, and DES cipher suites.
The following article in the Microsoft Knowledge Base provides guidelines on how to implement these changes: