Symantec Data Insight Upgrade Instructions
Transcription
Symantec Data Insight Upgrade Instructions
Symantec Data Insight Upgrade Instructions Microsoft Windows 1.0.2 Symantec Proprietary and Confidential Symantec Data Insight Upgrade Instructions The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Documentation version: 1.0.2.0 Legal Notice Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Proprietary and Confidential Symantec Corporation 350 Ellis Street Mountain View, CA 94043 http://www.symantec.com Symantec Proprietary and Confidential Technical Support Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates. Symantec’s support offerings include the following: ■ A range of support options that give you the flexibility to select the right amount of service for any size organization ■ Telephone and/or web-based support that provides rapid response and up-to-the-minute information ■ Upgrade assurance that delivers software upgrades ■ Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis ■ Premium service offerings that include Account Management Services For information about Symantec’s support offerings, you can visit our web site at the following URL: www.symantec.com/business/support/ All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy. Contacting Technical Support Customers with a current support agreement may access Technical Support information at the following URL: www.symantec.com/business/support/ Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem. When you contact Technical Support, please have the following information available: ■ Product release level Symantec Proprietary and Confidential ■ Hardware information ■ Available memory, disk space, and NIC information ■ Operating system ■ Version and patch level ■ Network topology ■ Router, gateway, and IP address information ■ Problem description: ■ Error messages and log files ■ Troubleshooting that was performed before contacting Symantec ■ Recent software configuration changes and network changes Licensing and registration If your Symantec product requires registration or a license key, access our technical support web page at the following URL: www.symantec.com/business/support/ Customer service Customer service information is available at the following URL: www.symantec.com/business/support/ Customer Service is available to assist with non-technical questions, such as the following types of issues: ■ Questions regarding product licensing or serialization ■ Product registration updates, such as address or name changes ■ General product information (features, language availability, local dealers) ■ Latest information about product updates and upgrades ■ Information about upgrade assurance and support contracts ■ Information about the Symantec Buying Programs ■ Advice about Symantec's technical support options ■ Nontechnical presales questions ■ Issues that are related to CD-ROMs or manuals Symantec Proprietary and Confidential Support agreement resources If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows: Asia-Pacific and Japan [email protected] Europe, Middle-East, and Africa [email protected] North America and Latin America [email protected] Additional enterprise services Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively. Enterprise services that are available include the following: Managed Services Managed Services remove the burden of managing and monitoring security devices and events, ensuring rapid response to real threats. Consulting Services Symantec Consulting Services provide on-site technical expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring, and management capabilities. Each is focused on establishing and maintaining the integrity and availability of your IT resources. Education Services Education Services provide a full array of technical training, security education, security certification, and awareness communication programs. To access more information about enterprise services, please visit our web site at the following URL: www.symantec.com/business/services/ Select your country or language from the site index. Symantec Proprietary and Confidential Upgrading Symantec Data Insight to 1.0.2 This document includes the following topics: ■ About Symantec Data Insight ■ Upgrading the Data Insight Management Server to 1.0.2 ■ Upgrading a Data Insight worker node to 1.0.2 ■ Running the upgrade script ■ Detecting and repairing a corrupt index About Symantec Data Insight Many organizations struggle with identifying data users and owners for their unstructured data. This challenge is compounded with the fact that organizations lack visibility into the types of content and data that is spread across their computing environment. With Symantec Data Insight, users can monitor file access to automatically identify the data user of a file based on the access history. This method enables more efficient remediation and data management. Symantec Data Insight scans unstructured data systems and collects full access history of users across the data. Symantec Data Insight helps organizations monitor and report on access to sensitive information. Symantec Data Insight helps organizations solve the problem of identifying data owners and responsible parties for information in spite of incomplete or inaccurate metadata or tracking information. This helps support large-scale business owner-driven remediation processes and workflows. Symantec Proprietary and Confidential 8 Upgrading Symantec Data Insight to 1.0.2 Upgrading the Data Insight Management Server to 1.0.2 Data Insight can provide the following information: ■ Who owns the data ■ Who has seen the data ■ Who has access to the data ■ What data is most at-risk ■ Frequency of usage of data The ownership and usage information from Data Insight can be used for the following purposes: ■ Data owner identification Data Insight enables rule-based inference of data owners based on actual usage. Data owner information may not reflect the responsible party. The responsible party or data owner can be a line manager in the business unit, the head of a department, or an information security officer. Symantec Data Insight provides information to tie the most active user of a file to a manager or responsible party for remediation steps. ■ Data leak investigation In the event of a data leak, you may want to know who saw a particular file. On the Symantec Data Insight Management Server, you can view detailed information and an audit history of who accessed the data. ■ Locate at-risk data Data Insight enables organizations to find which shares or folders have overly permissive access rights. With this information, organizations can prioritize risk-reduction efforts such as the discovery of sensitive data or a review of permissions (or access control rights) to limit access to only those individuals who have a business need. Upgrading the Data Insight Management Server to 1.0.2 You can upgrade a Symantec Data Insight 1.0.1 installation to 1.0.2. Before you begin the upgrade to Symantec Data Insight 1.0.2, note the following: ■ You can upgrade a 1.0.1 Management Server to 1.0.2. We do not support upgrading a 1.0 Management Server directly to 1.0.2. If you have a 1.0 Management Server, you need to upgrade to 1.0.1 before you can upgrade to 1.0.2. Symantec Proprietary and Confidential Upgrading Symantec Data Insight to 1.0.2 Upgrading the Data Insight Management Server to 1.0.2 ■ As an optional best-practice measure, Symantec recommends that you backup your data in files in a temporary directory, before you upgrade your software. ■ Upgrade your Management Server before you upgrade any worker node. ■ Run the 1.0.2 upgrade script on all the servers that act as an indexer, that is servers that store access events and scan information of shares. To verify whether a node is an indexer, check to see if the DATA_DIR\indexer\default directory has any directories under it. See “Running the upgrade script” on page 14. ■ The upgrade clears all permissions data from the filers. The permissions data will be available again only after a full scan of all filers is complete. To upgrade the Data Insight Management Server to 1.0.2 1 Log on as Administrator to the server hosting the Management Server. 2 Click Start > Run and type services.msc in the text box. 3 In the Services window, stop the following services: ■ DataInsightWeb ■ DataInsightConfig ■ DataInsightComm ■ DataInsightCelerra (if present) ■ DataInsightFpolicy (if present) 4 Take a backup of the Data Insight logs and crash dumps, if available. These files are available in the DataInsight\log and DataInsight\dumps folders under the install directory. 5 Rename the existing data directory. For example, you can rename C:\DataInsight to C:\DataInsight_Upgrade. 6 From Add/Remove Programs, uninstall Data Insight 1.0.1. For more information, see the Symantec Data Insight Installation Guide. 7 Restart the system. 8 To launch the 1.0.2 installer, double-click Symantec_Data_Insight_1.0.2_N_xPP.exe, where, ■ N is the build number, and ■ PP is the architecture - x86:32 bit, x64:64 bit. Symantec Proprietary and Confidential 9 10 Upgrading Symantec Data Insight to 1.0.2 Upgrading the Data Insight Management Server to 1.0.2 9 On the Welcome to the Symantec Data Insight Setup Wizard window, click Next. Note: Symantec recommends that you let the installation process complete once you start it. You can uninstall the software after the installation is complete. 10 In the License Agreement window, select I accept the agreement, and click Next. 11 In the Select Destination Directory window, browse to the directory in which you want Data Insight to be installed. By default, the destination directory is C:\Program Files\Symantec\DataInsight. 12 In the Configure Type of Install window, select the Install Everything installation option, and click Next. 13 In the Configure Data Directory window, select the same location as the previous data directory. Click Next. 14 In the Management Server Properties window, enter the following details: Management Server Address The Fully Qualified Host Name (FQHN) of the current host. The remote worker nodes use this address to communicate with the Management Server Web Server port The secure (HTTPS) web server port on which you can access the Web interface of the Management Server. Do not select the Scan current Active Directory Domain checkbox at this time. If the Management Server is not part of any Active Directory domain, this option is disabled. Click Next. Symantec Proprietary and Confidential Upgrading Symantec Data Insight to 1.0.2 Upgrading the Data Insight Management Server to 1.0.2 15 In the Configure Networking window, enter the following information, and click Next: Communication Service Port The Communication Service is responsible for all inter-node communication. Communication Service uses Secure Sockets Layer (SSL) to secure communication between the Data Insight nodes. The SSL keys are generated during installation. By default, Communication Service connects through sever port 8383. Configuration Service Port Configuration service is a process that provides interface to configuration and other product data stored on the local system. This service port does not need to be accessible outside the host machine. 16 In the Configure a Product Administrator window, enter the following information , and click Next: ■ Name of the user who can log in to Symantec Data Insight with Product Administrator privileges ■ Name of the domain to which the user belongs Note: The product administrator must be a local user or must belong to the same domain as the Management Server. 17 To disable crash reporting, in the Configure Crash Reporting window, clear the Enable Dr.Watson for Windows checkbox. By default the checkbox is selected. This option is not visible for Microsoft Windows 2008. 18 In the Select Start Menu Folder, select the folder where you want the installer to place the program shortcuts. The option, Create shortcuts for all users, is selected by default. 19 In the Additional Tasks window, select the tasks, as appropriate. 20 To start the installation process, click Next. The Installing window appears and displays a progress bar. 21 The Completing the Symantec Data Insight setup wizard window provides you an option launch the Management Server on exit. Do not select this option. 22 Clear the Start services now checkbox. Symantec Proprietary and Confidential 11 12 Upgrading Symantec Data Insight to 1.0.2 Upgrading a Data Insight worker node to 1.0.2 23 To exit setup, click Finish. 24 Navigate to the location of the Data directory, and delete the newly created DataInsight folder. 25 To restore the previous Data directory, change the name of the data directory renamed in Step 5 to DataInsight. 26 Ensure that the index is not corrupt. For complete steps to detect and repair a corrupt index. See “Detecting and repairing a corrupt index” on page 15. 27 Complete the steps to run the upgrade script. See “Running the upgrade script” on page 14. 28 Start the services in the following sequence: ■ DataInsightConfig ■ DataInsightComm ■ DataInsightWeb Upgrading a Data Insight worker node to 1.0.2 You can upgrade a Data Insight worker node to 1.0.2. To upgrade a worker node 1 Log on (or remote logon) as Administrator to the computer that is intended for the worker node. 2 Click Start > Run and type services.msc in the text box. 3 In the Services window, stop the following services: ■ DataInsight Config ■ DataInsight Comm ■ DataInsight Celerra ■ DataInsight Fpolicy 4 Take a backup of the Data Insight configuration and data files, specifically the Logs and Dumps folders. 5 Rename the DataInsight data directory. For example, you can rename it to DataInsight_Upgrade 6 Uninstall Data Insight 1.0.1. For more information, see the Symantec Data Insight Installation Guide. Symantec Proprietary and Confidential Upgrading Symantec Data Insight to 1.0.2 Upgrading a Data Insight worker node to 1.0.2 7 To launch the installer, double-click Symantec_Data_Insight_version_architecture.exe. 8 On the Welcome to the Symantec Data Insight Setup Wizard window, click Next. 9 In the License Agreement window, select I accept the agreement, and click Next. 10 In the Select Destination Directory window, browse to the directory in which you want Data Insight to be installed. By default, the destination directory is C:/Program Files/Symantec/Data Insight. Note: You cannot install the worker node on the same machine as the Management Server. 11 Depending on your deployment scenario, in the Configure Type of Install window, select Install Indexer and Collector or Install Collector only as the installation option. 12 Click Next. 13 In the Configure Data Directory window, select the same location as the previous data directory. Click Next. 14 In the Worker Node Properties window, enter the Fully Qualified Host Name (FQHN) of the host. This name must be resolvable from the Management Server and the other worker nodes. 15 In the Configure Networking window, enter the following information: Communication Service Port The Communication Service is responsible for all inter-node communication. Communication Service uses Secure Sockets Layer (SSL) to secure communication between the Data Insight nodes. The SSL keys are generated during installation. By default, Communication Service connects through sever port 8383. Configuration Service Port Configuration service is a process that provides interface to configuration and other product data stored on the local system. This service port does not need to be accessible outside the host machine. Note: The installer validates whether the appropriate ports are free to accept connections. Symantec Proprietary and Confidential 13 14 Upgrading Symantec Data Insight to 1.0.2 Running the upgrade script 16 To disable crash reporting, in the Configure Crash Reporting window, uncheck the Enable Dr.Watson for Windows checkbox. By default the checkbox is selected. 17 In the Select Start Menu Folder, select the folder where you want the installer to place the program shortcuts. The option, Create shortcuts for all users, is selected by default. To start the installation process, click Next. 18 To register the worker node with the Management Server after you exit setup, clear the Launch Worker Node Registration Wizard after exit checkbox. Note: You do not need to register the worker node at this time. 19 Clear the Start services now checkbox. 20 To exit setup, click Finish. 21 Navigate to the location of the Data directory, and delete the newly created Data Insight folder. 22 To restore the previous Data directory, change the name of the data directory renamed in Step 5 to DataInsight. 23 Ensure that the index is not corrupt. For complete steps to detect and repair a corrupt index, See “Detecting and repairing a corrupt index” on page 15. 24 Complete the steps to run the upgrade script. See “Running the upgrade script” on page 14. 25 Delete any existing scan files in the inbox or outbox of collector node. Look for files named *_scan.* in DATADIR/inbox and DATADIR/outbox folders. Delete them if these files exist. 26 Enable and start the services in the following sequence: ■ DataInsight Config ■ DataInsight Comm Running the upgrade script After you complete upgrading the Management Server and worker nodes, you must run the upgrade script. Symantec Proprietary and Confidential Upgrading Symantec Data Insight to 1.0.2 Detecting and repairing a corrupt index Note: Run the 1.0.2 upgrade script on all the servers that act as an indexer, that is servers that store access events and scan information of shares. To verify whether a node is an indexer, check to see if the DATA_DIR\indexer\default directory has any directories under it. To run the upgrade script: 1 Open a Windows command prompt, and change to the directory where the upgrade script resides. 2 Type the following command: set PATH=C:\Program Files\Symantec\DataInsight\perl\bin; C:\Program Files\Symantec\DataInsight\bin; %PATH%perl update_1.0.1_1.0.2 <Data Insight Data directory_path> Ensure that you specify the path to the data directory in the following format: "C:/Datainsight/data" Detecting and repairing a corrupt index Complete the following steps to check the status of a index and detect and fix a corrupt index. To check the status of an index 1 Open a command prompt 2 Change to the following directory: cd C:\Program Files\Symantec\DataInsight\bin 3 To navigate to the Data directory, type the following command, and press Enter: ..\perl\bin\perl.exe idxcheck $data > check.txt For example, if your data directory is C:\DataInsight\data, type ..\perl\bin\perl.exe idxcheck C:\DataInsight\data > check.txt. Symantec Proprietary and Confidential 15 16 Upgrading Symantec Data Insight to 1.0.2 Detecting and repairing a corrupt index To detect and fix a corrupt index 1 To locate the corrupt indexes, open check.txt and scroll to the bottom of the file. A sample of the text in the bottom of the file is shown below: SUMMARY: Shares Tracked: 149 Storage Capacity: 8,168,362,782,964 (7.43 TB) Total Directories: 9,703,008 Total Files: 16,868,117 Total Events: 2,047,288 Integrity: 148 IndexDB Size: 3,691,979,776 (3.44 GB) Segments Size: 57,830,691 (55.15 MB) 2 Check if the value for Shares Tracked matches the value of the Integrity property. If not, one or more indexes are corrupt. To detect the index that's corrupt, look for the following text in check.txt: INTEGRITY: failed 3 Make a note of all indexes that are corrupt. 4 Delete all corrupt indexes. For example, if index 136 is corrupt, delete the folder $data\indexer\default\136. 5 Move the input files for the corrupt index from to $data\indexer\err to $data\inbox. When an index gets corrupt, all subsequent input files for that index cannot be processed. These input files are saved in the $data\indexer\err folder. The input files are then reprocessed after they are moved to the $data\inbox. Symantec Proprietary and Confidential