Skip to content

Prerequisites

Make sure your system fits the descriptions below before starting the installation.

Software Requirements

File Access Manager requires the latest ASP.NET Core 6.0.x Hosting Bundle. This bundle consists of .NET Runtime and ASP .NET Core Runtime. You can download the latest 6.0.x Hosting Bundle version from here.

PreSoftware Requirements

EMC CAVA/CEE - Version 4.9.3 and above.

Configuring the CEE Service

Connecting to a Remote CEE

For enterprises with an existing central CEE infrastructure, where the Activity Monitor will be installed on a different server than the CEE service:

  1. On every CEE server, open the registry and perform the following changes:

    [HKLM\Software\EMC\CEE\CEPP\Audit\Configuration]

    Endpoint=whitebox@<File Access Manager Activity Monitor server ip address>

    Enabled=1

    Note

    If multiple monitor servers exist, the list should look like: whitebox@ip, whitebox@ip, ...

  2. Restart the EMC CEE service.

Connecting to a Local CEE (No Central Infrastructure)

When installing the CEE service and the Activity Monitor service on the same server:

  1. Install CEE Pack on the monitor server.

    The CEE service must be installed on a server in the same domain as the physical data mover CEE server, otherwise the communication between the data mover and the CEE service will fail.

  2. Open the registry and perform the following changes:

    [HKLM\Software\EMC\CEE\CEPP\Audit\Configuration]

    Endpoint=whitebox

    Enabled=1

  3. Set the logon user for the services to a user according to the Required Permissions section.

  4. Restart EMC CEE service.

Enabling CEPA on the Data Mover

  1. The CEPA configuration is separate and must be done for each physical data mover.

  2. If you have multiple virtual data movers with CIFS servers, the CEPA configuration must be on the physical data mover (usually server_2 data mover when there is a single physical data mover).

  3. If the configuration file (cepp.conf) does not exist, create a new one.

  4. Log in to the system with your administrative username (nasadmin) and password.

  5. Use a text editor to create a new, blank file called cepp.conf file in the home folder with the following content:

    ft level=[0/1] location=<location> size=<size>

    pool name=sepapool \

    servers=<cee1 FQDN>|<cee2 FQDN>|<cee3 FQDN> \

    preevents= \ postevents=OpenFileRead|CreateFile|FileWrite|FileRead|CreateDir|DeleteFile|DeleteDir|CloseModified|RenameFile|RenameDir|SetAclFile|SetAclDir|SetSecFile|SetSecDir\

    posterrevents= \

    option=ignore \

    reqtimeout=500 \

    retrytimeout=50

    Note

    The ft level parameter sets the fault tolerance level assigned. Valid values are 0-3, where:

    0 = continue and tolerate lost events (default)

    1 = continue and use a persistence file as a circular event buffer for lost events

    2 = continue and use a persistence file as a circular event buffer for lost events until the buffer is filled and then stop CIFS

    3 = upon heartbeat loss of connectivity, stop CIFS

    It is recommended that this value be set to 1. If you kept the recommended value, fill in the <location> and <size> parameters, where:

    • location - Directory where the persistence buffer file resides relative to the root of a file system. If a location is not specified, the default location is the root of the file system.

    • size - Maximum size of the persistence buffer file, in MB. The default is 1 MB and the range is 1 MB to 100 MB. It is recommended to set it at 100MB

    It is important to verify that all CEE FQDN server names are resolved and reachable from the data mover. You can also fill in the IP address of the server instead of FQDN.

  6. Copy the newly created file to the data mover:

    server_file <movername> -put cepp.conf cepp.conf

    If cepp.conf exists, verify that the postevents parameter has the required values.

  7. For NFS run the following command:

    server_mount <data_mover> -o ceppcifs,ceppnfs <file system name> /<file system path>

Synchronize with Domain Watch and Start the Service

server_date server_# -timesvc start ntp <domain controller ip>

Start the CEPA Service on the Data Mover

server_cepp <movername> -service –start

Permissions

File Access Manager requires different permissions, based on the tasks and data collected. The user configured in the Application configuration wizard must have the following permissions:

CIFS Access

  • Activity Monitoring - Requires a domain user with administrative privileges on the local machine on which the CEE service is installed.

  • Crawling - Requires a user who is a member of the local Backup Operators group on the virtual CIFS server.

    Requires a user with Share Read access to all the shares on the virtual CIFS server.

  • Permission Collection - Requires a user with Shared Read access to all CIFS shares on the virtual CIFS server.

    Requires a user who is a member of the local Backup Operators group on the virtual CIFS server.

    Requires a user who is a member of the local Administrators group on the virtual CIFS server to be able to read share permissions and local users and groups.

  • Data Classification - Requires a user with Share Read access to all CIFS shares on the virtual CIFS server.

    Requires a user who is a member of the local Backup Operators group on the virtual CIFS server.

NFS Access

  • Activity Monitoring - Requires a domain user with administrative privileges on the local machine on which the CEE service is installed.

  • Crawling - Requires a user with permission to mount all NFS exports on the virtual NFS server.

    Requires a user with (a) read permission for all files and (b) execute permission for all directories on the virtual NFS server.

  • Permission Collection - Requires a user with permission to mount all NFS exports on the virtual NFS server.

    Requires a user with (a) read permission for all files and (b) execute permission for all directories on the virtual NFS server.

  • Data Classification - Requires a user with permission to mount all NFS exports on the virtual NFS server.

    Requires a user with (a) read permission for all files and (b) execute permission for all directories on the virtual NFS server.

Communications Requirements

Requirement Source Destination Port
File Access Manager Internal Access Application File Access Manager servers 8000-8008
File Access Manager Message Broker Permissions Collector / Data Classification Collector RabbitMQ 5671
EMC CEE EMC Data Mover CEE Service RPC (135 + Dynamic)
CEPA Events Push CEE Service File Access Manager Application RPC (135 + Dynamic)
CIFS - Permissions Analysis & Data Classification Permissions Collection service and / or
Data Classification service		 CIFS file server SMB
NFS - Permissions Analysis & Data Classification Permissions Collection service NFS file server NFSv3