Prerequisites for Unity
Make sure your system fits the descriptions below before starting the installation.
Permissions
Data Access Security requires different permissions, based on the tasks that require those permissions. The user configured in the Application configuration wizard must have the following permissions on the file server:
- Share Read permissions to all shares on the file server
- Ability to list shares
- Member of the local Administrator group
- Member of the local Backup Operators group on the file server
The following describes required permissions by each Data Access Security task:
- Crawling - The user must have Share Read permissions to all the shares on the file server and be a member of the local Backup Operators group on the file server.
- Permission Collection - The user must have Share Read permissions to all the shares on the server and be member of the local Backup Operators group on the server.
- Data Classification - The user must have Share Read permissions for all the shares on the server and be member of the local Backup Operators group on the server.
- Activity Monitoring - The user must have local Administrator permissions to access share information on the server.
Configuring the CEE Service
Note
Create an Activity Monitor virtual appliance cluster per CEE cluster.
-
On every CEE server, open the registry and perform the following changes:
[HKLM\Software\EMC\CEE\CEPP\Audit\Configuration]
Endpoint=whitebox@<Data Access Security Activity Monitor server ip address>
Enabled=1
-
Restart the EMC CEE service.
Note
If multiple monitor servers exist, the list should look like: whitebox@ip, whitebox@ip, ...
Using Unisphere Management Interface
- Verify Event Publishing is enabled for your Unity application.
- For more information see Dell support documentation (https://[your unisphere location]/help/webhelp/en_US/unity_c_about_events_publishing.html).
Note
Replace "your unisphere location" with the IP of your Unisphere management interface.
Event Forwarding - Enter the uniform resource identifier (URI) where the CEE service is installed. The format of the entry is:
http://[fully.qualified.domain.name/IP]:[port]/cee
Example: http://172.17.40.251:12228/cee
Port - The default is 12228
Communication Requirements
Requirement | Source | Destination | Port |
---|---|---|---|
Activity Monitoring | Activity Monitoring Collector | Unity server | CIFS/SMB (445) |
Activity Monitor | CEE | Activity Monitoring Virtual Appliance | 13000 |
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.