ICA Installation Guide
search cancel

ICA Installation Guide

book

Article ID: 367966

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

This guide covers the concepts and procedures required to deploy a new base installation of Information Centric Analytics (ICA) that is prepared for the addition of integrations and customization according to the needs of your organization. Before proceeding, Broadcom strongly recommends thoroughly reviewing the Preparing for Symantec ICA Installation section of the Symantec ICA Administrator Guide.

ICA is not a turnkey solution. As such, additional steps are required to adapt ICA for use in your environment after completing the procedures in this guide. Specifically, this guide does not address the creation of organizational or regional reporting hierarchies; data source integrations; the creation of risk vectors, event scenarios, or risk models; the creation of custom metrics, widgets, or dashboards; or database performance tuning or maintenance.

NOTE: Because ICA is a user and entity behavioral analytics platform, Symantec Data Loss Prevention (DLP) and other security event data sources should not be integrated prior to the creation of organizational and regional reporting hierarchies and the integration of user data sources, such as Microsoft Active Directory (AD).

Environment

Version : 6.6.x

Resolution

Table of Contents

Prerequisites

The following lists of prerequisites are compiled from the Prerequisites and Privileges for the Installation and Administration of Symantec ICA section of the Symantec ICA Administrator Guide.

Broadcom Software

  • Symantec ICA installation package from the Broadcom support portal

    For example: SymantecICASoftware_6.6_MP2.zip

  • Symantec Information Centric Analytics or Symantec Data Loss Prevention Core license file (SLF) from the Broadcom support portal

Third-Party Software

  • Microsoft Windows Server 2016, 2019, or 2022
  • Microsoft .Net framework 4.7.1 or greater*
    * Version 4.7.1 is installed by default with Windows Server 2016
  • Visual C++ Redistributable Packages for Visual Studio 2013 (x64)*
    * If this is not installed, ICA’s installer will provide a download link
  • Microsoft SQL Server Enterprise Edition* 2016, 2017, 2019, or 2022
    * Developer Edition may be used in non-production environments
  • Microsoft SQL Server Management Studio (SSMS) 16.5 or greater
  • Oracle Database Client 19c* for Microsoft Windows (x64) from the Broadcom support portal or, if you are an Oracle Enterprise customer, from Oracle
    * The version should match or supersede the version of Oracle hosting the Symantec Data Loss Prevention database

Environment Preparation

Architecture

Care must be taken in selecting the topology for hosting ICA’s components. For most production environments, Broadcom recommends a three-server architecture; however, for smaller production environments, a two-server architecture can be used. Single server deployments should only be used in development environments.

For guidance on this topic, refer to the Overview of the Symantec ICA Architecture section of the Symantec ICA Administrator Guide.

ICA Service and Administrator Accounts

At a minimum, create two accounts in Microsoft Active Directory (AD) for use with ICA:

  1. An account to be used as the ICA service account for brokering communications between IIS, MSSQL, and SSAS

    NOTE: This account must retain the AD privilege Logon as Batch

  2. An account to be used as the RiskFabric portal administrator

The ICA installer may be run under either of these accounts - or under a different account - provided the account meets the following criteria:

  • It must be a local Windows administrator on the IIS host server
  • It must be a local Windows administrator on the MSSQL host server
  • It must be granted the sysadmin role in MSSQL
  • It must be granted the server administrator role in SSAS

Refer to the following sections of the Symantec ICA Administrator Guide for more information on this topic:

Regardless of the account used to install ICA, the ICA service account must meet all of the criteria specified above; however, after installation, the ICA service account’s assignment to the sysadmin role in MSSQL can be downgraded to the db_owner role by following the procedure Permission Settings for the ICA Service Account Outside of Using the SQL Server sysadmin Role, as provided in the Symantec ICA Administrator Guide.

Microsoft Internet Information Services (IIS) server

Complete the following procedure to install all IIS components required by ICA:

  1. Open the Windows application Server Manager (ServerManager.exe)
  2. From the Manage menu, select Add Roles and Features

    The Add Roles and Features Wizard will open

  3. Click the Next button until you reach the Installation Type page
  4. Select Role-based or feature-based installation and click the Next button
  5. Select a server from the server pool and click the Next button
  6. Under Roles, select the following items:
    • Web Server
      • Web Server (IIS)
        • Common HTTP Features
          • Default Document
          • Directory Browsing
          • HTTP Errors
          • Static Content
        • Health and Diagnostics
          • HTTP Logging
        • Performance
          • Static Content Compression
        • Security
          • Request Filtering
          • Windows Authentication
        • Application Development
          • .NET Extensibility 4.8
          • ASP.NET 4.8
          • ISAPI Extensions
          • ISAPI Filters
      • Management Tools
        • IIS Management Console
  7. Click the Next button
  8. Under Features, select the following items:
    • .NET Framework 3.5 Features
      • .NET Framework 3.5 (includes .NET 2.0 and 3.0)
    • .NET Framework 4.8 Features
      • .NET Framework 4.8
      • ASP.NET 4.8
      • WCF Services
        • HTTP Activation
        • TCP Port Sharing
  9. Click the Next button
  10. Click the Install button

IIS Ports and Default Site

The IIS feature installs a default website bound on HTTP port 80. To enable this port for use by ICA, you will need to either delete the default site or change its port binding. To change the binding, follow this procedure:

  1. Start the Internet Information Services (IIS) Manager (InetMgr.exe)
  2. In the Connections pane, navigate to Sites > Default Site
  3. In the Actions pane under the Edit Site heading, click the Bindings… link

    The Site Bindings window will open

  4. Select the binding entry for port 80 and click the Edit… button

    The Edit Site Binding window will open

  5. Change the Port value to 591, 8008, or 8080
  6. Click the OK button to close the Edit Site Binding window
  7. Click the OK button to close the Site Bindings window
  8. In the Actions pane under the Manage Website heading, click Restart

SSL

To configure SSL for ICA, refer to the Configuring SSL section of the Symantec ICA Administrator Guide.

Microsoft SQL Server (MSSQL) server

Microsoft SQL Server

Complete this procedure to install the MSSQL database engine that will host the RiskFabric relational database:

  1. Run the Microsoft SQL Server installation executable setup.exe as an administrator

    The SQL Server Installation Center will open

  2. Select the Installation page
  3. Click the New SQL Server standalone installation or add features to an existing installation link

    The SQL Server <version> Setup window will open

  4. Install any updates and click the Next button
  5. On the Installation Type page, select Perform a new installation of SQL Server <version>
  6. On the Edition page, enter a product key for SQL Server Enterprise Edition, or select Developer as a free edition for non-production environments
  7. Click the Next button
  8. Read the license terms and, if you accept, click the Next button
  9. On the Feature Selection page, select the feature Database Engine Services
  10. Change the instance root directory as needed and click the Next button
  11. On the Instance Configuration page, select Default instance and click the Next button
  12. On the Server Configuration page, change the SQL Server Agent service’s Startup Type to Automatic and click the Next button
  13. On the Database Engine Configuration page under Specify SQL Server Administrators, click the Add Current User button and click the Add… button to add the ICA service account
  14. If you intend to place the database files on a drive or drives that do not map to the %SystemDrive% environment variable, configure these settings under the Data Directories and TempDB tabs
  15. Click the Next button
  16. If no failures or warning are reported on the Feature Configuration Roles page, click the Next button
  17. Review the installation pre-flight summary on the Ready to Install page and then click the Next button

Microsoft SQL Server Management Studio (SSMS)

Complete this procedure to install SSMS. SSMS is a graphical user interface used for the administration of MSSQL settings, SQL Server Agent jobs, the RiskFabric relational database, and the RiskFabric OLAP cube.

  1. Run the SQL Server Management Studio installation executable SSMS-Setup-ENU.exe as an administrator
  2. Change the installation location as needed and click the Install button

Microsoft SQL Server settings

Complete the following procedure to configure MSSQL settings per the recommendations in the Microsoft SQL Server Requirements for Hosting the Symantec ICA Database section of the Symantec ICA Administrator Guide.

  1. Open SSMS
  2. Connect to the Database Engine hosting the RiskFabric relational database
  3. In Object Explorer, right-click the name or IP address of the SQL Server host server and select Properties

    The Server Properties - <hostname> window will open

  4. Select the Memory page
  5. Set the Maximum server memory (in MB) setting to one of the following:
    • If MSSQL and SSAS are installed on the same server, set this value to 50% of the server’s total installed RAM
    • If MSSQL and SSAS are installed on different servers, set this value to 95% of the server’s total installed RAM
  6. Select the Connections page
  7. Under the Remote server connections heading, set the Remote query timeout setting to 0
  8. Click the OK button to close the Server Properties - <hostname> window

Oracle Database Client

The Oracle Database Client is used by MSSQL to connect to the Oracle relational database management system hosting the Symantec DLP Protect database. This procedure can be skipped if you do not plan to integrate ICA with Symantec DLP.

  1. Run the Oracle Database Client’s installation executable setup.exe as an administrator

    The Oracle Database Client <version> Installer will open

  2. On the Select Installation Type page, select Custom and click the Next button
  3. On the Oracle Home User Selection page, leave Use Windows Built-in Account selected and click the Next button
  4. On the Specify Installation Location page, edit the Oracle base path setting as needed and click the Next button
  5. On the Available Product Components page, select the following components:
    • SQL*Plus*
      * This is not a required component but may be useful for troubleshooting
    • Oracle Services for Microsoft Transaction Server
    • Oracle Provider for OLE DB
  6. Click the Next button
  7. If no failures or warnings are returned on the Perform Prerequisites Checks page, click the Next button
  8. Review the installation pre-flight summary on the Summary page and click the Install button

Oracle OLEDB Provider settings

The Oracle Database Client includes the Oracle OLEDB provider, which brokers communications between MSSQL and Oracle. This procedure can be skipped if you do not plan to integrate ICA with Symantec DLP.

  1. Open SSMS
  2. Connect to the Database Engine hosting the RiskFabric relational database
  3. In Object Explorer, navigate to Server Objects > Linked Servers > Providers
  4. Double-click the OraOLEDB.Oracle provider

    The Provider Options - Oracle Provider for OLE DB window will open

  5. Enable the option Allow inprocess and click the OK button to close the Provider Options - Oracle Provider for OLE DB window
  6. Open the Windows Registry (regedit.msc)
  7. Navigate to Computer\HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_OraClient<version>Home1\OLEDB
    Where <version> is the version of the Oracle Client
  8. Double-click the key ChunkSize

    An Edit String window will open

  9. Change the Value data from 100 to 200 and click the OK button to close the Edit String window
  10. Double-click the key FetchSize

    An Edit String window will open

  11. Change the Value data from 100 to 1000 and click the OK button to close the Edit String window
  12. Restart the server

Network Share

The ICA installation package is run on the IIS server. During installation, you will be asked to provide a Universal Naming Convention (UNC) path to install ICA’s Database Utilities on the SQL Server host. If you are unable to create a share on the SQL Server host that is accessible from the IIS server through a UNC path, you should skip the installation of the Database Utilities at this time. After ICA is installed, copy the ICA installation package to the SQL Server host, run the installer, and select the option to install only the Database Utilities.

Microsoft SQL Server Analysis Services (SSAS) server

Microsoft SQL Server Analysis Services

Complete this procedure to install the SSAS multidimensional OLAP service that will host the RiskFabric OLAP cube:

  1. Run the Microsoft SQL Server installation executable setup.exe as an administrator

    The SQL Server Installation Center will open

  2. Select the Installation page
  3. Click the New SQL Server standalone installation or add features to an existing installation link

    The SQL Server <version> Setup window will open

  4. Install any updates and click the Next button
  5. On the Installation Type page, select Perform a new installation of SQL Server <version>
  6. On the Edition page, enter a product key for SQL Server Enterprise Edition, or select Developer as a free edition for non-production environments
  7. Click the Next button
  8. Read and, if you accept the license terms, click the Next button
  9. On the Feature Selection page, select the feature Analysis Services
  10. Change the instance root directory as needed and click the Next button
  11. On the Instance Configuration page, select Default instance and click the Next button
  12. On the Server Configuration page, confirm the SQL Server Analysis Services service’s Startup Type is set to Automatic and click the Next button
  13. On the Analysis Services Configuration page, set the Server Mode to Multidimensional Mode
  14. On the Analysis Services Configuration page, click the Add Current User button and click the Add… button to add the ICA service account
  15. If you intend to place the database files on a drive or drives that do not map to the %SystemDrive% environment variable, configure these settings under the Data Directories tab
  16. Click the Next button
  17. If no failures or warning are reported on the Feature Configuration Roles page, click the Next button
  18. Review the installation pre-flight summary on the Ready to Install page and then click the Next button

Microsoft SQL Server Analysis Services settings

Complete the following procedure to configure SSAS settings per the recommendations in the Microsoft SQL Server Analysis Services Settings for Symantec ICA section of the Symantec ICA Administrator Guide.

  1. Open SSMS
  2. Connect to the Analysis Services server hosting the RiskFabric OLAP cube
  3. In Object Explorer, right-click the name or IP address of the SSAS host server and select Properties

    The Analysis Server Properties window will open

  4. Select the General page
  5. Enable the option Show Advanced (All) Properties
  6. Modify the following settings:
    • ExternalCommandTimeout = 360000
    • ExternalConnectionTimeout = 360000
    • Log \ FlightRecorder \ Enabled = False
    • Memory \ TotalMemoryLimit
      • If MSSQL and SSAS are on the same server = 45
      • If MSSQL and SSAS are on separate servers = 80
    • ServerTimeout = 360000

If the SSAS server has fewer than 16 CPU cores installed, the setting CoordinatorSafeJobUnblocking must be disabled in the SSAS server’s msmdsrv.ini file. To disable this setting, follow this procedure:

  1. On the server hosting SSAS, open Notepad (Notepad.exe) as an administrator
  2. From the File menu, select Open...
  3. Navigate to the location of the msmdsrv.ini file. The default location is here:

    %SystemDrive%\Program Files\Microsoft SQL Server\MSAS<version>.MSSQLSERVER\OLAP\Config\

    Where <version> refers to the build/version number of SSAS. Refer to the Microsoft document Latest updates and version history for SQL Server for more information.

  4. Set the explorer window to show All Files and double-click the file msmdsrv.ini
  5. Search for the following string:

    CoordinatorSafeJobUnblocking

  6. By default, this key is set as follows:

    <CoordinatorSafeJobUnblocking>1</CoordinatorSafeJobUnblocking>

  7. Edit this key by changing its value to 0:

    <CoordinatorSafeJobUnblocking>0</CoordinatorSafeJobUnblocking>

  8. From the File menu, select Save
  9. Open Command Prompt (cmd.exe) as an administrator
    • If the RiskFabric cube is installed in the default Analysis Services instance, copy and paste or type the following command:

      NET STOP "SQL Server Analysis Services" && NET START "SQL Server Analysis Services"

    • If the RiskFabric cube is installed in a named Analysis Services instance, copy and paste or type the following command, replacing the <instance name> variable with your instance name (for example, (ICA)):

      NET STOP "SQL Server Analysis Services (<instance name>)" && NET START "SQL Server Analysis Services (<instance name>)"
  10. Press Enter to execute the command and restart the Analysis Services service for the setting change to take effect

Deployment

Installation

The ICA installation package and license file should be copied to the server hosting IIS. During installation, the RiskFabric application will be created in IIS; the RiskFabric relational database will be created in SQL Server; the RiskFabric OLAP cube will be created in Analysis Services; and ICA’s Database Utilities will be installed on the SQL Server host. Consequently, the account under which the installer is run needs to meet the following criteria:

  • It must be a local Windows administrator on the IIS host server
  • It must be a local Windows administrator on the MSSQL host server
  • It must be granted the sysadmin role in MSSQL
  • It must be granted the server administrator role in SSAS

ICA’s Installation Wizard will guide you through the installation of each component of ICA. To install ICA, follow this procedure:

  1. Login to the server hosting IIS 
    • If you are logged-in using an account that meets the criteria listed above, right-click the SymantecICAInstaller.exe executable and select Run as administrator
    • If you are logged-in using an account that does not meet the criteria listed above, press and hold the Shift key while right-clicking the SymantecICAInstaller.exe executable, select Run as different user, and enter the credentials of an account that meets the criteria listed above
  2. Click the Start button under the Full Install heading in the Symantec ICA Installation Wizard
  3. Review the terms of the Symantec Software End User License Agreement and, if you agree to these terms, check the box to indicate your agreement and click the Next button
  4. On the System Prerequisites page, review the list of prerequisites to confirm all are installed and click the Next button
  5. On the Website Configuration page, confirm the Website Name, Port, Website URL, and Installation Directory are correct
  6. On the Website Configuration page under the Service Account heading, specify the AD account that will be used as the ICA service account for brokering communications between IIS, MSSQL, and SSAS
  7. On the Website Configuration page under the Administrator Account heading, specify the AD account that will be used as the default RiskFabric application (portal) administrator account and click the Next button
  8. Configure and enable e-mail notifications as desired on the Notifications page and click the Next button
  9. On the Data Sources page under the SQL Server Configuration heading, specify the hostname or IP address of the server hosting the SQL Server service
    • If the RiskFabric database will be run in a named instance of SQL Server, enter the server and instance name in the following format:

      <hostname or IP address>[\<instance name>]

    • ​​If using a non-standard port for the SQL Server service, specify the port number using the following syntax:

      <hostname or IP address>[\<instance name>],<port>
  10. On the Data Sources page under the Analysis Services Configuration heading, specify the hostname or IP address of the server hosting the Analysis Services service
    • If the RiskFabric cube will be run in a named instance of Analysis Services, enter the server and instance name in the following format:

      <hostname or IP address>[\<instance name>]

    • ​​If using a non-standard port for the Analysis Services service, specify the port number using the following syntax:

      <hostname or IP address>[\<instance name>],<port>
  11. On the Data Sources page under the Connection Credentials heading, select the authentication method to be used by MSSQL to connect to SSAS
  12. On the Data Sources page under the Default Domain heading, enter a NetBIOS domain name to be used as a default value when domain details are missing from records imported from integrated data sources, then click the Next button
  13. On the Database Utilities page, check the box to Install Database Utilities Now and provide a UNC path to the share on the MSSQL host in which the Database Utilities will be installed, then click the Next button
  14. On the Integration Warnings page, review any integration warnings

    NOTE: If you need to address any warnings, you must exit the ICA Installation Wizard and follow this procedure again up to this point

  15. Click the Next button
  16. On the License Activation page, check the box to Activate Offline and click the Next button
  17. Click the Install button to start the installation process

    NOTE: Check the box to enable verbose logging if you wish to monitor the installation process

  18. (Optional) After the installation completes, save a copy of the installation log files

Licensing

The license file (SLF) bundled with your entitlement to Symantec Information Centric Analytics or Symantec Data Loss Prevention Core contains a key named RISK-FABRIC. Note that the end_date value specified in the file for this key represents the time 00:00:00.000 on the specified date, meaning midnight at the start of that day. When the license expires, the ICA portal becomes inaccessible but data processing will continue to operate as scheduled.

When activated, the license file is copied to the following path on the server hosting IIS:

%SystemDrive%\ProgramData\Symantec Shared\Licenses

You may either manually copy the license file to this location or use the Symantec ICA Installation Wizard to place a copy of the file in this location.

License Activation

  1. Right-click the SymantecICAInstaller.exe executable and select Run as administrator
  2. Click the Start button under the License Activation heading in the Symantec ICA Installation Wizard
  3. Click the Browse button to locate the SLF file containing the RiskFabric license
  4. Click the Activate button
  5. Click the Close button

Post-Deployment

Processing

The Symantec ICA Installation Wizard creates the SQL Server Agent job RiskFabric Processing, which is scheduled to run daily at 00:15 and is referred to as the nightly job. After installing or upgrading ICA, the nightly job must be run prior to integrating additional data sources or using the application. To run the job, follow this procedure:

  1. Open SSMS
  2. Connect to the Database Engine hosting the RiskFabric relational database
  3. In Object Explorer, navigate to SQL Server Agent > Jobs
  4. Right-click the RiskFabric Processing job and select Start Job at Step…

    The Start Job on <hostname> window will open

  5. Select Step ID 1 and click the Start button

    The Start Job on <hostname> window will close and the Start Jobs - <hostname> window will open

The RiskFabric Processing job is disabled by default. To enable the job, follow this procedure:

  1. Open SSMS
  2. Connect to the Database Engine hosting the RiskFabric relational database
  3. In Object Explorer, navigate to SQL Server Agent > Jobs
  4. Right-click the RiskFabric Processing job and select Enable
Powered by Wolken Software