Installing the CCS Suite

Article:HOWTO75238  |  Created: 2012-05-07  |  Updated: 2012-05-08  |  Article URL http://www.symantec.com/docs/HOWTO75238
Article Type
How To


Subject


Installing the CCS Suite

You can install the CCS Manager and the CCS Application Server on a single computer. For a scale-out deployment, you can install the CCS Application Server on one computer and keep adding one more CCS Managers on other computers as per your sizing requirements. Installing more than one CCS Manager is conducive for load sharing and provides better scalability.

If you install the CCS Manager along with the CCS Application Server, using the CCS Suite installer, by default, that CCS Manager is registered in the System Topology in the CCS Console and all roles are assigned to that CCS Manager.

Note:

You can install a CCS Application Server and CCS Agent on a single computer, but you cannot install a CCS Manager and a CCS Agent on a single computer. Therefore, you cannot install a CCS Manager along with the CCS Application Server on a computer that contains a CCS Agent.

Control Compliance Suite makes available a set of predefined Technical Standards, Frameworks and Regulations. The CCS Suite installer installs content for the following Technical Standards and Regulations by default:

CCS Suite installer installs content for the following Technical Standards by default:

  • CIS Solaris 10 Benchmark v4.0

  • CIS Benchmark v1.1.2 for Red Hat Enterprise Linux 5.0 and 5.1

  • CIS Oracle Database Server 11g Security Benchmark v1.0.1

  • CIS Security Configuration Benchmark For Microsoft Windows Server 2008 and Windows Server 2008 R2 v1.1.0

  • Security Essentials for Microsoft SQL Server 2008

CCS Suite installer installs content for the following Regulations by default:

  • COBIT 3rd Edition

  • PCI DSS v2.0

  • IT Control Objectives for Sarbanes-Oxley 2nd Edition

  • HIPAA 45 CFR Part 164 - Security Rule

You can install more content using the CCS Content installer. See Installing the CCS Content.

See the following sections before installing the CCS Suite:

The CCS Suite installs the following components:

  • CCS Application Server

  • CCS Manager

Do the following to install the CCS components:

Note:

The installer places a copy of the installation files in the media cache folder. On the Windows Server 2003 computers, the media cache is in the folder, C:\Documents and Settings\All Users\Application Data\Symantec\CSM-RA\MediaCache.On the Windows Server 2008 computers, the media cache is in the folder, C:\ProgramData\Symantec\CSM-RA\MediaCache. These files require approximately 1.2 GB disk space.

To launch the Installation Wizard

  1. Insert the Symantec Control Compliance Suite 11.0 product disc into the drive on your computer and double-click Setup.exe.

    In the security warning dialog box, click Run.

  2. In the DemoShield, click CCS Suite.

  3. On the splash screen, click Install CCS Suite. The Setup file is located inside the CCS_Reporting folder of the product media.

    Setup prepares the CCS Suite installation wizard and prompts to install any prerequisites, if required. During the prerequisite installation, if the computer prompts you to reboot, restart the computer and launch the setup again.

To install the CCS Suite

  1. In the Welcome panel of the launched Symantec Control Compliance Suite 11.0 installation wizard, read and accept the license agreement, and then click Next.

    The Product Improvement Program is enabled by default. The Product Improvement Program does not collect any personally identifiable data and the participation is optional. If you do not want to share the data with Symantec, then you must opt-out of the program. To opt-out of the product improvement program, uncheck I agree to participate in the Product Improvement Program by sharing the installation and product usage information with Symantec. To opt-out of the product improvement program later, on the CCS Console, go to Settings > General > Product Improvement Program and uncheck Share installation and product usage information with Symantec. For more information about the product improvement program, See Product Improvement Program.

  2. In the Components panel, by default the CCS Manager is selected. You can install both CCS Application Server and CCS Manager, on a single computer. Uncheck CCS Manager if you do not want to install CCS Manager on this computer. To install a stand-alone CCS Manager for a scale-out deployment, See Installing a stand-alone CCS Manager for a scale out deployment of CCS.

  3. Click Next.

  4. In the Licensing panel, click Add Licenses to add licenses for the components that require mandatory licenses to install. You can add more licenses later using the CCS Console.The CCS Core license is required to install the CCS Application Server and the CCS Maintenance license is required to install the default CCS Content during the CCS installation.

    See About licensing of the product components.

  5. Click Next.

  6. In the Prerequisites panel, review the prerequisites that are required for the installation. Install any prerequisite application that is required to be installed. Click Check again to verify whether the installation is successful.

  7. Click Next.

  8. In the Installation Folder panel, review the installation path for product installation.

    Click browse (...) to specify a different installation path to install the product.

    You can change the default location of the Installation files cache folder where the setup files that are cached during installation. Click browse (...) to select a different location to store the setup files.

    Click Refresh disk space information to verify the available disk space on the computer.

  9. Click Next. If you have specified a different installation path, and the installer folder does not exist, the installer prompts you to create the installation folder.

To provide details for installing the components and databases

  1. In the launched Symantec Control Compliance Suite 11.0 installation wizard, perform steps 1 to 9

  2. In the CCS Application Server - Root Certificate panel, enter the required values for the fields to create the root certificate and then click Next.

    The root certificate is required for secure communication between CCS Application Server and CCS Manager. The root certificate is created on the CCS Application Server and contains the details that are used to create certificates for the CCS Manager. You must generate certificates for all CCS Manager installations. The root certificate is created using the CCS Installation Wizard during the installation of the product.

    The certificates that are deployed on the CCS Managers are created using the Certificate Management Console. The Certificate Management Console is installed on the CCS Application Server computer.

    See Creating a certificate for installing a stand-alone CCS Manager.

    The fields for the CCS Application Server - Root Certificate panel and their description is as follows:

    Organization

    The name of your organization.

    Expiration term (years)

    The expiration time period of the root certificate.

    The expiration time period of the root certificate must be more than 10 years.

    Password (Min. 8 char.)

    The password to authenticate the certificate.

    Re-type password

    Re-enter the password that you have typed.

    Signature Algorithm

    The Secure Hash Algorithm (SHA) that is required to create the certificates that use the cryptographic hash functions.

    The following hash functions are used in CCS:

    • sha1RSA

    • sha256RSA

    • sha384RSA

    • sha512RSA

    Note:

    On the Windows Server 2003 computers, the sha256RSA or higher encryption algorithm appears in the drop-down list only if the computer is configured with sha256RSA or higher encryption capability.

    Key Size

    The key that is associated with a signature algorithm. The key sizes are, 2048, 3072, and 4096.

    Note:

    Ensure that computers having the CCS Application Server and CCS Managers support the Signature Algorithm and Key Size.

  3. In the CCS Application Server - Directory Service Configuration panel, enter the required values for the fields and then click Next.

    The fields for the CCS Application Server - Directory Service Configuration panel and their description is as follows:

    User name

    Enter the user name in whose context the Directory Service is run on the computer. The user must be a domain user.

    Or click browse (...) to select the user name.

    Password

    Enter the password that authenticates the specified user account.

    Use the same user account for Application Server

    Check this option if you want to reuse the same user account for configuring the CCS Application Server.

    Directory Service port

    Enter the port number of the computer that hosts the CCS Application Server on which the Directory Service runs.

    By default, the port in which the Directory Service runs is, 12467.

    Encryption Management Service port

    Enter the port number of the computer that hosts the CCS Application Server on which the Encryption Management Service runs.

    By default, the port in which the Encryption Management Service runs is, 12468.

    LDAP port

    Enter the LDAP port number of the computer that hosts the CCS Application Server.

    By default, the Directory Service uses the port 3890 to communicate with the CCS Application Server.

    SSL port

    Enter the SSL port number of the computer that hosts the CCS Application Server. By default, the Directory Service uses the SSL port 6360 to communicate with the CCS Application Server.

    Data Files

    Click browse (...) to change the location where you want to store the data files, which contain the Directory information.

    When you install the CCS Application Server on a domain controller or on any other computer on which the Active Directory is installed, the default port numbers for LDAP is 3890 and for SSL is 6360.

  4. In the CCS Application Server - Encryption Management Service Pass Phrase panel, enter the pass phrase that is used to generate the symmetric keys and click Next.

    The Encryption Management Service uses the symmetric keys generated by the pass phrase to encrypt and decrypt configuration information, including passwords and connection details.

    The pass phrase must be minimum 8 characters long.

    Note:

    You require this pass phrase later to change the service user account, and to make changes to the installation.

    See About the pass phrase.

  5. In the Application Server - Service Configuration panel, enter the required values in the text boxes and click Next.

    The fields of the Application Server - Service Configuration panel and their descriptions are as follows:

    Click Yes in the SSL recommendation dialog box to proceed with the installation.

    To know the special characters that are supported to create the user account for CCS.

    See About using special characters in credentials.

  6. In the Application Server - Production Database panel, enter the required values in the text boxes and click Next.

    The SQL server is used to create the production database on the Application Server computer that stores data, which is queried by the data collectors. The production database must be configured to use the Windows authentication.

    By default, the setup creates a production database, CSM_DB on the computer. If the user account that you specify to log in to the SQL Server, does not have the required privileges to create the database, the setup will not create the database. In this case, you must create the CSM_DB database, and then run the CCS Suite installer.

    The fields of the Application Server - Production Database panel and their descriptions are as follows:

    SQL Server

    Enter the computer name that hosts the SQL server.

    SQL\Instancename,port

    For example, CCSSQL\Instance1.

    Or click browse (...) to locate the SQL Server.

    Computer names must not use any characters that are invalid for a DNS name.

    The list of characters that are not allowed is available at the following location:

    http://support.microsoft.com/kb/909264

    Use SSL

    By default, this option is checked.

    You must have the required SSL certificate for establishing secured communication.

    If you use SSL connections, you must configure them before you install CCS.

    Refer to the Microsoft SQL Server documentation, http://support.microsoft.com/kb/316898 for information about configuring SSL connections.

    Use Windows NT Integrated Security

    Select this option if you have the SQL server installed in the Windows NT Authentication user context.

    Use a SQL user name and password

    Select this option if you have the SQL server installed in the SQL Authentication user context.

    You must specify the authentication details of the user in the respective text boxes.

    Use the same configuration for the reporting database

    Check this option if you want to replicate the same configuration for the Reporting Server.

    By default, this option is checked, which does not invoke the panel, Application Server - Reporting Database on clicking Next. You can uncheck this option to invoke the panel in step 7.

    If you check this option, the setup creates a reporting database, CSM_Reports on the computer. If the user account that you specify to log in to the SQL Server, does not have the required privileges to create the database, the setup will not create the database. In this case, you must create the CSM_Reports database, and then run the CCS Suite installer.

  7. The Application Server - Reporting Database panel is available only if you have unchecked Use the same configuration for the reporting database in step 6

    In the Application Server - Reporting Database panel, enter the requisite values in the text boxes and click Next.

    The SQL server information is used to create the reporting database for the Reporting Server. The reporting database is used to store the reports that are generated for the evaluated data. You can choose either Windows or SQL authentication modes to connect to the SQL server.

    By default, the setup creates a reporting database, CSM_Reports on the computer. If the user account that you specify to log in to the SQL Server, does not have the required privileges to create the database, the setup will not create the database. In this case, you must create the CSM_Reports database, and then run the CCS Suite installer.

    The fields of the Application Server - Reporting Database panel and their descriptions are as follows:

    SQL Server

    Enter the computer name that hosts the SQL server.

    SQL\Instancename,port

    For example, CCSSQL\Instance1.

    Or click browse (...) to locate the SQL Server.

    Computer names must not use any characters that are invalid for a DNS name.

    The list of characters that are not allowed is available at the following location:

    http://support.microsoft.com/kb/909264

    Use SSL

    By default, this option is checked.

    You must have the required SSL certificate for establishing secured communication.

    If you use SSL connections, you must configure them before you install CCS.

    Refer to the Microsoft SQL Server documentation, http://support.microsoft.com/kb/316898 for information about configuring SSL connections.

    Use Windows NT Integrated Security

    Select this option if you have the SQL server installed in the Windows NT Authentication user context.

    Use a SQL user name and password

    Select this option if you have the SQL server installed in the SQL Authentication user context.

    You must specify the authentication details of the user in the respective text boxes.

  8. In the CCS Application Server - Pass Phrase panel, enter the pass phrase that is used to generate the symmetric keys and then click Next.

    The Application Server Service uses the symmetric keys generated by the pass phrase to encrypt and decrypt configuration information, including passwords and connection details.

    The pass phrase must be minimum 8 characters long.

    Note:

    You require this pass phrase later to change the service user account, and to make changes to the installation.

  9. The CCS Manager - Service Configuration panel is available on if you are installing the CCS Application Server and CCS Manager on a single computer and you have checked CCS Manager in the Components panel.

    In the CCS Manager - Service Configuration panel, enter a port for the CCS Manager and then click Next.

    CCS components use this port to communicate with the CCS Manager. The default port is 5600.

  10. In the Summary panel, review the installation details and click Install.

    You can click the link, Export Summary to export the configuration details of all the components that are installed on the computer. The details appear in a browser, after you specify the location to export the summary.

  11. The Install panel indicates the progress of the component installation. After the installation finishes, the Result panel appears.

    If the installation is not successful and a Warning panel displays warning messages or a Result panel displays critical errors, perform the remediation steps displayed in the Detail window to complete the installation.

    You can click the link, Log Files to view the CCS installation log files. The log files are in .csv format. You can use the LogViewer in the <Install_Directory>\Application Server to view the log files. The LogViewer helps you to easily identify warnings and errors using the color codes. Warnings are highlighted in yellow color and errors are highlighted in red color.

  12. In the Result panel, review the installation result and then click Next.

    You can click the link, Log Files to view the CCS installation log files. The log files are in .csv format. You can use the LogViewer in the <Install_Directory>\Application Server to view the log files. The LogViewer helps you to easily identify warnings and errors using the color codes. Warnings are highlighted in yellow color and errors are highlighted in red color.

  13. The Next Steps panel displays the additional steps that you must perform in order to complete the CCS deployment. Perform the next steps and then click Finish.

    You can click the link, Save the next steps to save the next steps for future reference. The details appear in a browser, after you specify the location to save the next steps.

    You can check options to launch the CCS console or view the release notes.

    You can click the link, Log Files to view the CCS installation log files. The log files are in .csv format. You can use the LogViewer in the <Install_Directory>\Application Server to view the log files. The LogViewer helps you to easily identify warnings and errors using the color codes. Warnings are highlighted in yellow color and errors are highlighted in red color.

    See Configuring Service Principal Names.

    See Creating a certificate for installing a stand-alone CCS Manager.

    See Installing a stand-alone CCS Manager for a scale out deployment of CCS.

    See Installing the CCS Content.

See Installing the CCS Suite in silent mode.

See CCS Suite deployment sequence .

See About upgrading an RMS deployment.

See About upgrading an ESM deployment.

See Repairing or reinstalling the CCS Suite.

See Uninstalling the CCS Suite.


Legacy ID



v63772779_v74603629


Article URL http://www.symantec.com/docs/HOWTO75238


Terms of use for this information are found in Legal Notices