Moving from an RMS-only deployment to CCS 11.0

Article:HOWTO76901  |  Created: 2012-05-07  |  Updated: 2012-05-08  |  Article URL http://www.symantec.com/docs/HOWTO76901
Article Type
How To


Subject


Moving from an RMS-only deployment to CCS 11.0

If you are using RMS to collect asset data, you can move to CCS to benefit from the new and improved data collection features offered by CCS 11.0.

CCS Manager performs all the roles of the Data Processing Service and also provides built-in support to collect data directly from agent-less and agent-based target computers. As such for data collection, components such as the RMS Information Server, Enterprise Configuration Service (ECS), Master Query Engine (MQE), Slave Query Engine (SQE), BV-Controls for various platforms are no longer required.

You can replace the RMS Information Server with a CCS Manager in Data Collector role. It is recommended that until you complete the upgrade and perform data collection from the new deployment for the first time, you should maintain a co-existence of the RMS Information Server and the CCS Manager. Later, once you are sure that you are able to collect data from the new CCS deployment, you can remove the RMS Information Server from the computer.

CCS 11.0 allows you to upgrade the BV-Control for UNIX Agents with the CCS Agents. However, it is recommended, that until you complete the upgrade and perform data collection from the new deployment for the first time, you should maintain a co-existence of the BV-Control for UNIX Agents and the CCS Agents. Later, once you are sure that you are able to collect data from the new CCS Agents, you can remove the BV-Control for UNIX Agents from the target computers, and upgrade the remaining BV-Control for UNIX Agents in your deployment.

To move from an RMS-only deployment to CCS 11.0

  1. Install the CCS Suite on a separate computer. The CCS Suite consists of the CCS Application Server and the CCS Manager. If you are installing the CCS Manager along with the CCS Application Server on the same computer, this CCS Manager can act as a Load Balancer.

    See Installing the CCS Suite.

    See Installing the CCS Suite in silent mode.

  2. Configure Service Principal Names for the CCS Application Server and the IIS server. Service Principal Names (SPNs) are required for authentication between the components.

    See About Service Principal Names.

  3. Create a certificate for the CCS Manager using the Certificate Management Console. You will need a certificate while replacing the RMS information Server and the Query Engines with the CCS Manager. Certificates are required for secured communication between the CCS Manager and the CCS Application Server.

    See About creating certificates.

    See About upgrading an RMS deployment

  4. Install and launch the CCS Console.

    See Installing and launching the CCS Console.

  5. Create Sites using the CCS Console. Sites help optimize data collection by allowing you to group assets together with the CCS Managers that handle the assets.

    See About using sites.

    For information on creating the sites, see the Configuring sites section in the Symantec™ Control Compliance Suite 11.0 User Guide.

    See Creating a site

  6. Install CCS Manager on the computer containing the RMS Information Server and assign that CCS Manager the role of a Load Balancer and Data Collector.

    You may have multiple Information Servers performing data collection from various sites. Replace each Information Server with a CCS Manager in Data Collector role.

    See Installing a stand-alone CCS Manager for a scale out deployment of CCS.

    See Assigning a role to a CCS Manager.

  7. CCS Manager can collect data directly from target computers. If you are collecting data from Windows targets in two domains ABC.com and PQR.com and the CCS Manager is in the domain ABC.com, ensure that there is a domain trust relationship between domains ABC.com and PQR.com, for the CCS Manager to collect data from targets in the domain PQR.com.

    If you have multiple Query Engines collecting data from target computers, you can replace 4 such Query Engines with 1 CCS Manager.

  8. On the CCS Console, register the CCS Managers to the sites. Registering the CCS Manager establishes communication with the CCS Manager and the CCS Application Server.

    See Registering the CCS Manager.

  9. Configure the CCS Managers to collect data from target computers.

    For information on configuring CCS Manager for data collection, See the Configuring data collectors section in the Symantec™ Control Compliance Suite 11.0 User Guide.

  10. If you want to collect data using the agent-based method, install and register the CCS Agents on Windows targets to collect data using the agent-based method. Registering the CCS Agent establishes communication with the CCS Agent and the CCS Manager.

    See Supported target computers for agent-based data collection.

    See Installing the CCS Agent on Windows.

    See Registering the CCS Agent.

    See Installing and registering a CCS Agent on Windows in silent mode.

  11. If you are collecting data from UNIX computers using the BV-Control for UNIX Agents, install and register CCS Agents on computers containing the BV-Control for UNIX Agent. Registering the CCS Agent establishes communication with the CCS Agent and the CCS Manager.

    See Supported target computers for agent-based data collection.

    See Installing the CCS Agent on UNIX.

    See Registering Symantec ESM agents on UNIX.

    See Installing and registering a CCS Agent on UNIX in silent mode.

    It is recommended, that until you complete the upgrade and perform data collection from the new deployment for the first time, you should maintain a co-existence of the BV-Control for UNIX Agents and the CCS Agents. Later, once you are sure that you are able to collect data from the new CCS Agents, you can remove the BV-Control for UNIX Agents from the target computers, and upgrade the remaining BV-Control for UNIX Agents in your deployment.

    See Performing a remote upgrade of BV-Control for UNIX agents.

  12. If you want to collect raw-data from Microsoft SQL Server using the CCS Agent, install the SQL Server T4 snap-in on the Target 2 computer on which the CCS Agent is installed.

    See Installing the SQL Server T4 snap-in on CCS Agents for raw-data collection on SQL Server

  13. If you want to collect message based data using CCS Agent, install and configure the application modules for the respective platforms on the CCS Agents and CCS Managers.

    Perform the following steps:

  14. Import Assets into CCS. You can then evaluate the assets against mapped control statements, predefined and custom standards, and against external data systems.

    Perform one of the following steps:

    • If you are collecting data using the agent-less method, you can import assets from your network or you can import assets using the CSV, ODBC or LDAP data collectors. For information on importing assets or configuring the data collectors, see the Importing assets for the first time or Configuring data collectors sections in the Symantec™ Control Compliance Suite 11.0 User Guide.

      See Importing the assets for the first time

    • If you are collecting data using the agent-based method, run the Import assets and agents job to create agent-based assets. See the Importing assets and agents section in the Symantec™ Control Compliance Suite 11.0 User Guide.

      See Importing assets and agents

  15. Organize the assets in folders or groups. See the Creating asset groups section in the Symantec™ Control Compliance Suite 11.0 User Guide.

    See Asset groups

  16. Configure credentials. CCS lets you manage common credentials and asset credentials for agent-less and agent-based targets at a central location.

    Perform one of the following steps:

    • If you are collecting data using the agent-less method, add common platform and folder credentials. See the Configuring credentials section in the Symantec™ Control Compliance Suite 11.0 User Guide.

    • If you are collecting data using the agent-based method, add common platform and folder credentials, and set the appropriate agent configuration parameters in the agent.conf file.

      For information on adding common credentials, see the Configuring credentials section in the Symantec™ Control Compliance Suite 11.0 User Guide.

      For information on setting the agent configuration parameters, see the Configuring agents section in the Symantec™ Control Compliance Suite 11.0 User Guide.

      See Agent settings

  17. Configure routing rules. Routing rules let you define a particular site or a CCS manager to perform the tasks that are related to your assets or your agents. You can use routing rules to route CCS jobs based on your network environment or for achieving better load balancing. You can configure routing rules for assets based on IP range, Subnet, Expressions or Asset groups.

    For information on configuring routing rules, see the Configuring routing rules section in the Symantec™ Control Compliance Suite 11.0 User Guide.

    See Creating a routing rule

  18. After you complete the deployment, check the health and status of all CCS components from the CCS Console. For information on checking the health and status of the CCS components, see the Refreshing health and status section in the Symantec™ Control Compliance Suite 11.0 User Guide.


Legacy ID



v71959931_v74603629


Article URL http://www.symantec.com/docs/HOWTO76901


Terms of use for this information are found in Legal Notices