Symantec Security Information Manager 4.8 Installation Guide

Symantec™ Security

Symantec™ Security Information Manager Installation

Guide

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Documentation version:

Legal Notice

Copyright © 2012 Symantec Corporation. All rights reserved.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice Appendix to this Documentation or TPIP ReadMe File accompanying this Symantec product for more information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,

PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Symantec Corporation 350 Ellis Street

Mountain View, CA 94043 http://www.symantec.com

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s support offerings include the following:

■ A range of support options that give you the flexibility to select the right amount of service for any size organization

■ Telephone and/or Web-based support that provides rapid response and up-to-the-minute information

■ Upgrade assurance that delivers software upgrades

■ Global support purchased on a regional business hours or 24 hours a day, 7 days a week basis

■ Premium service offerings that include Account Management Services For information about Symantec’s support offerings, you can visit our Web site at the following URL:

www.symantec.com/business/support/

All support services will be delivered in accordance with your support agreement and the then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support information at the following URL:

www.symantec.com/business/support/

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem.

When you contact Technical Support, please have the following information available:

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

www.symantec.com/business/support/

Customer service

Customer service information is available at the following URL:

www.symantec.com/business/support/

Customer Service is available to assist with non-technical questions, such as the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and support contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

Support agreement resources

If you want to contact Symantec regarding an existing support agreement, please contact the support agreement administration team for your region as follows:

[email protected] Asia-Pacific and Japan

[email protected] Europe, Middle-East, and Africa

Technical Support

... 4

Chapter 1

Symantec Security Information Manager

Overview

... 9

General installation sequence for the Information Manager ... 9

Licenses required for the Symantec Security Information Manager ... 10

Obtaining the product license key file ... 11

Minimum requirements for the Information Manager server ... 11

Minimum requirements for installing the client for the Information Manager server ... 12

Minimum requirements for accessing the Information Manager Web interface ... 13

Recommended hardware for Information Manager ... 14

Symantec SIEM 9700 Series appliances ... 16

Where to find more information about Information Manager ... 16

Chapter 2

Installing the Information Manager

... 17

Installing the Information Manager software ... 17

Post-installation tasks ... 20

Importing the Symantec Security Information Manager license ... 21

Installing the Symantec Security Information Manager client ... 22

SSIM Web Start Client ... 23

Running LiveUpdate ... 27

Reinstalling the Information Manager server ... 28

About using the driver disk option ... 28

Creating a third-party driver disk ... 29

Symantec Security

Information Manager

Overview

This chapter includes the following topics:

■ General installation sequence for the Information Manager

■ Licenses required for the Symantec Security Information Manager

■ Obtaining the product license key file

■ Minimum requirements for the Information Manager server

■ Minimum requirements for installing the client for the Information Manager server

■ Minimum requirements for accessing the Information Manager Web interface

■ Recommended hardware for Information Manager

■ Where to find more information about Information Manager

General installation sequence for the Information

Manager

You can install the Symantec Security Information Manager on any hardware that confirms to the minimum requirements specifications.

See“Minimum requirements for the Information Manager server”on page 11.

1

To install and configure the Symantec Security Information Manager, you must complete the following steps in the given order:

■ Obtain the Product License file from the Symantec licensing Website. See“Obtaining the product license key file”on page 11.

■ Install the Symantec Security Information Manager using the installation DVD.

See“Installing the Information Manager software ”on page 17.

■ Install the Information Manager license using the Information Manager Web interface.

See“Importing the Symantec Security Information Manager license”

on page 21.

■ Run LiveUpdate to update the latest versions of component packages See“Running LiveUpdate”on page 27.

■ Download and install the console for the Information Manager client using the Information Manager Web interface.

See“Installing the Symantec Security Information Manager client”on page 22. See“Launching the SSIM Web Start Client”on page 24.

■ Configure the Information Manager to begin receiving and managing data. For more information on these tasks, see the Symantec Security Information

Manager Installation Guide or the Symantec Security Information Manager Administrator Guide.

Licenses required for the Symantec Security

Information Manager

If you are installing the Information Manager for the first time, you must install the following licenses to use the Information Manager server effectively:

■ Product license

■ DeepSight license

To benefit from the latest LiveUpdate content, you must purchase a new license for the Information Manager which includes a license for LiveUpdate. You can install a new Information Manager license through the Information Manager Licensing view.

You must install the DeepSight license to be able to view the real-time updates on the Intelligence view or to be able to get data feeds from the DeepSight. You can install the DeepSight license through the DeepSight Licensing view.

Symantec Security Information Manager Overview

Contact your Symantec sales representative for more details on purchasing the product and DeepSight licenses.

Obtaining the product license key file

You need to obtain a product license file before you can install the Information Manager software. When you purchase the Information Manager software, you receive a serial number from Symantec. Using the serial number you can obtain the license key file from Symantec Licensing Web site.

To obtain the product license file

1

Log on to the Symantec Licensing Web site at the following URL:

https://licensing.symantec.com/acctmgmt/index.jsp?lang=en

Use your Login ID and password to log on to your account. If you are a new user, use the Create an account link and complete the registration process to create your Login ID and password.

2

On successful logon, select the type of product, whether a new purchase or a version upgrade.

If it is a new purchase, click New Purchase. You are asked to provide your serial number.

When you purchase the Information Manager software, you receive a serial number from Symantec. Enter the serial number and click Submit.

3

A page appears with the serial number, description of what that serial number entitles you to and a few other fields. If the information is correct, click Next.

4

The next page lets you email the license to others and yourself. A message can be included with the email. Once you have filled the required details click

Complete Registration.

5

The landing page displays the same serial number and description with the license key file which can be downloaded immediately. The user receives an email with the file attached. Download the License key file to your computer.

Minimum requirements for the Information Manager

server

Before you install the Symantec Security Information Manager server, you need the following:

■ Static IP address and fully qualified domain name

11 Symantec Security Information Manager Overview

■ Information Manager license key file

■ Standard x86_64 bit hardware that meets the following minimum system requirements:

■ RAM: 4 GB (8 GB of RAM or greater is recommended.)

■ CPU: Dual core processor or better, 1.4 ghz or greater

■ HDD: 50 GB (75 GB or greater is recommended.)

■ The hardware must be certified to run Red Hat™ Enterprise Linux 6.0 (x86_64-bit)

■ The system must have a network card that is supported on RHEL 6.0 (x86_64-bit)

■ A security domain name for your Information Manager installation.

Note:This security domain name is an Information Manager-only name and is not related to your corporate domain.

Contact your hardware vendor for support on the queries that are related to the hardware.

You can install third-party device drivers during the installation process. However, Symantec recommends that you use the hardware that RHEL 6.0 (x86_64-bit) supports.

See“Minimum requirements for installing the client for the Information Manager server”on page 12.

See“Minimum requirements for accessing the Information Manager Web interface”on page 13.

See“Recommended hardware for Information Manager”on page 14.

Minimum requirements for installing the client for

the Information Manager server

To configure the Symantec Security Information Manager server, you need to install the Information Manager client software on a computer.

To install and run the console for the Information Manager client, your computer must meet the following minimum requirements:

■ Windows 2003, XP Professional, Windows Vista, Windows 7, or Windows 2008 R 2 operating system

Symantec Security Information Manager Overview

■ Minimum screen resolution setting of 1024 x 768 (A setting of 1280 x 1024 is strongly recommended.)

■ Minimum RAM of 1 GB

(More than 1 GB of RAM is recommended.)

■ 150 MB of available disk space

■ Connection to the same network as the Information Manager server See“Minimum requirements for the Information Manager server”on page 11. See“Minimum requirements for accessing the Information Manager Web interface”on page 13.

See“Recommended hardware for Information Manager”on page 14.

Minimum requirements for accessing the Information

Manager Web interface

You can access and configure the Symantec Security Information Manager server remotely through the Information Manager Web interface.

To access and use the Information Manager Web interface, your computer must have an Internet browser.

The browser must be one of the following:

■ IE 7.x

■ IE 8.x

■ Firefox 3.x

■ Firefox 4.x

■ Chrome 14

Note:Due to a known limitation of Firefox 4.0, you cannot access Information Manager server with a self-signed certificate using its IPv6 address. In such a case if you must access the Information Manager server, you can use the host name of the Information Manager server.

Note:Symantec recommends that you run Information Manager Web interface with IE compatibility mode turned off.

Minimum screen resolution setting of 1280 x 1024 must be available.

The computer must also have a connection to the same network as the Information Manager server.

See“Minimum requirements for the Information Manager server”on page 11. See“Minimum requirements for installing the client for the Information Manager server”on page 12.

See“Recommended hardware for Information Manager”on page 14.

Recommended hardware for Information Manager

Symantec has tested Symantec Security Information Manager on the following hardware: ■ Dell™ PowerEdge R610 ■ Dell PowerEdge R710 ■ Dell PowerEdge R900 ■ Dell PowerEdge 1950 ■ Dell PowerEdge 2950 ■ HP ProLiant DL380 G5 ■ HP ProLiant DL360 G5 ■ HP ProLiant DL 180 G6

■ Symantec SIEM 9700 Series appliances

See“Symantec SIEM 9700 Series appliances”on page 16.

■ SIEM 9750

■ SIEM 9751

■ SIEM 9752

■ Virtual Environment support

■ ESX Server 4.0

■ ESX Server 4.1

■ ESX Server 5.0

See“Minimum requirements for the Information Manager server”on page 11.

Table 1-1lists the RAID controllers that Symantec recommends for use with the approved hardware configurations.

Table 1-1 RAID controllers

RAID controller Hardware manufacturer

PERC 5i Integrated Controller or

PERC 6i Integrated Controller Dell

HP Smart Array P400 Controller HP Smart Array E200i Controller HP Smart Array P410 Controller. Hewlett-Packard ™

Table 1-2describes the recommended configurations for the various roles in Information Manager.

Table 1-2 Role matrix

Recommended configuration Minimum configuration Work Role

2x Dual Core class processor or better, with 8 GB RAM and 600 GB or higher hard disk 2x Dual Core class

processor with 4 GB RAM and 250 GB hard disk Service provider

Service provider

2x Quad Core class processor with 16 GB or higher RAM and 1 TB or higher hard disk

2x Dual Core class processor with 8 GB RAM and 1 TB hard disk

All in One Standalone server

2x Quad Core class processor with 16 GB or higher RAM and 600 GB or higher hard disk 2x Dual Core class

processor with 4 GB RAM and 400 GB hard disk ■ Not Archiving ■ Summarizers Off ■ Not Collecting Correlation server

2x Quad Core class processor with 16 GB RAM and 1 TB or higher hard disk 2x Dual Core class

processor with 8 GB RAM and 1 TB hard disk

■ Collecting

■ Not Correlating

■ Summarizers On Archiving server

2x Quad Core class processor with 8 GB RAM and 400 GB or higher hard disk 2x Dual Core class

Symantec SIEM 9700 Series appliances

Symantec SIEM 9700 Series appliances are scalable security information and event management appliances. These appliances provide reliable performance with Information Manager software. The SIEM 9700 Series is comprised of three models; the 9750, the 9751, and the 9752. Each model provides 3.9TB of redundant event storage and dedicated Remote Management Module features to allow remote management of the appliance. In addition, the 9751 and 9752 provide enterprise connectivity through 8GB Fibre Channel. Each physical appliance can be combined seamlessly with virtual appliances to ease interoperability.

For more information, see the following guides:

■ Symantec SIEM 9700 Series Appliances Maintenance Guide

■ Symantec SIEM 9700 Series Appliances Installation Guide

■ Symantec SIEM 9700 Series Appliances Product Description Guide

■ Symantec SIEM 9700 Series Appliances Hardware Troubleshooting Guide

■ Symantec SIEM 9700 Series Appliances Safety Guide

Where to find more information about Information

Manager

For more information about Information Manager, visit the knowledge base that is available on the Symantec Technical Support Web site at:

http://www.symantec.com/business/support/overview.jsp?pid=52517

In the Documentation section, you can obtain updated versions of the documentation, including the following:

■ Symantec Security Information Manager Administrator Guide

■ Symantec Security Information Manager User Guide

Symantec Security Information Manager Overview

Installing the Information

Manager

This chapter includes the following topics:

■ Installing the Information Manager software

■ Post-installation tasks

■ Importing the Symantec Security Information Manager license

■ Installing the Symantec Security Information Manager client

■ Running LiveUpdate

■ Reinstalling the Information Manager server

■ About using the driver disk option

Installing the Information Manager software

To install the Symantec Security Information Manager, use the Installation Wizard that is provided on the installation DVD.

Note:If you use an external storage device such as Direct Attached Storage (DAS), you must disconnect the storage device before you perform the installation. Follow the manufacturer's guidelines to disconnect the storage device. Storage area network (SAN) can remain connected during the installation.

Before you install the Symantec Security Information Manager, initialize the logical drive(s).

Symantec recommends the following settings:

2

■ Configure a maximum of two logical drives on the RAID controller.

■ A configuration of RAID level 1 or 0 +1 for the first logical drive and a RAID level 5 for the second logical drive subject to hardware availability.

After the Information Manager is installed, you must connect to the Information Manager server from a Windows-based computer.

Complete the post-installation tasks, which include installing the product license. See“Post-installation tasks”on page 20.

For information on using the Information Manager Web interface, refer the online Help for Information Manager Web interface or the Symantec Security Information

Manager Administrator Guide.

To install the Information Manager

1

Ensure that the date and time on the computer BIOS are correct.

2

Insert the Symantec Security Information Manager installation DVD into the drive and restart the server from the DVD drive.

3

From the Symantec welcome panel, do one of the following:

■ Type 1 to run the Installation Wizard and specify settings. You must then follow the on-screen prompts to configure the Information Manager.

■ If you have a driver disk, type 2 to run the Installation Wizard as well as specify the settings to install the device drivers.

See“About using the driver disk option”on page 28.

Note:If you use a remote console such as iDRAC6 for installing the Information Manager and get an Out of Range error message, then restart the computer and type 3 at the install menu to continue.

4

Select I agree to accept the agreement and then click Next.

5

From the Keyboard Configuration window, select the appropriate keyboard and then select Next to continue.

6

On the Network Configuration window, do the following to configure the network.

■ In the Hostname field, enter the hostname of the computer. This hostname identifies the computer on a network.

■ Enter the DNS server details.

■ Select a network device.

Installing the Information Manager

You can check the box corresponding to any of the ethernet card that is listed in the Devices Available list. This ethernet card becomes the Primary network interface. Only one card can operate as the Primary network interface. You can then select and configure the remaining ethernet cards.

Note:The Information Manager can be accessed only with the settings that are provided for the first ethernet card that is configured during installation.

■ Select the IPv4 settings or the IPv6 settings and then enter the IP address, Netmask, and Gateway details. You can configure both IPv4 and the IPv6 address at the same time to a network interface.

7

Select the appropriate time zone and then select Next to continue.

To select the time zone, click the nearest city in your timezone on the world map or select the nearest city from the Selected city drop-down list. If you want to automatically switch between the normal and the daylight savings time, select System clock uses UTC option.

The default time zone is set to GMT.

Note:Do not use this option, If you have other operating systems on this computer that adjusts the normal and the daylight savings time automatically.

8

Configure the date and time and select Next to continue.

9

Set the Global password for all Information Manager accounts and select

Next to continue.

Note:Individual passwords can be set after the installation is complete.

10

Enter the appropriate Information Manager domain name and select Next to continue.

Note:If you migrate data to Information Manager 4.8, you must provide the same domain name as of the existing version of Information Manager.

11

Verify the Information Manager domain name. To change the Information Manager Domain name, select Cancel. If the Information Manager domain name is correct, select Continue to complete the installation.

The Installing Packages window appears. The file names, size, summary, and installation progress is displayed on the screen.

The installation process may take an hour or more to complete. The system restarts and the logon prompt appear after the installation is completed successfully.

Note:System can restart multiple times before the logon prompt appears. During the installation of RHEL 6.0, you may encounter few warnings. Non-compliance to such warnings do not interrupt the installation process. After the installation, you can access the Information Manager server through the following:

■ Console of the Information Manager client that you can install on a Windows-based computer

See“Installing the Symantec Security Information Manager client”on page 22.

■ Information Manager Web interface using an Internet browser

The computers on which you install the client, and use the Information Manager Web interface, must meet the specified minimum requirements.

See“Minimum requirements for installing the client for the Information Manager server”on page 12.

See“Minimum requirements for accessing the Information Manager Web interface”on page 13.

Post-installation tasks

After you complete the Symantec Security Information Manager installation, do the following:

■ Install the Symantec Security Information Manager license.

Installing the Information Manager Post-installation tasks

See“Importing the Symantec Security Information Manager license”

on page 21.

■ Install the Information Manager console.

See“Installing the Symantec Security Information Manager client”on page 22.

■ Run LiveUpdate to update the Information Manager server with the latest versions of component packages

See“Running LiveUpdate”on page 27.

■ Configure the event collectors to work with the Information Manager on the

Register Collector page on the Settings view of the Information Manager

Web interface.

See the Symantec Security Information Manager 4.8 Administrator Guide.

■ Register your Symantec DeepSight license on the Deepsight Licensing view. (Optional)

See the Symantec Security Information Manager 4.8 Administrator Guide. Complete the initial post-installation tasks through the Information Manager Web interface. Then use the Information Manager console to configure the Information Manager to receive and manage event data. Post-installation tasks vary depending on the environment, but the required tasks typically include the following:

■ Use the System view to create user accounts, user groups, roles, and organizational units. From the System view you can also configure the Information Manager server for event forwarding, storage rules, agent communication, and the Information Manager server role.

■ Use the Assets view to configure the list of network computers attributes.

■ Use the Rules view to create and customize custom filters, rules, lookup tables, and alerts.

■ To provide Managed Security Services for other instances of the Information Manager, you must configure the Information Manager as a Service Provider master.

Importing the Symantec Security Information

Manager license

After you install the Information Manager, you must install the Information Manager product license. If you need assistance acquiring a product license, contact your Symantec sales representative.

See“Obtaining the product license key file”on page 11.

To install the product license

1

Using a Windows-based computer, open a Web browser, and in the address bar, type the IP address of the Information Manager server.

For example:

https://Information_Manager_Host_Name_or_IP_address

By default, the Information Manager server uses a self-signed certificate, which is not verified by certificate authentication services such as VeriSign®. If you are prompted, click Yes to accept the Information Manager certificate.

2

Log on to the Information Manager Web interface using the administrator credentials that you created during the Symantec Security Information Manager installation.

3

In the System view, click Administration > SSIM Licensing.

4

In the SSIM Licensing view, in the License file to import field, navigate to the license file in the appropriate folder on the local disk.

Click Import License.

When the license is imported, it is displayed in the Current Licenses table.

Installing the Symantec Security Information Manager

client

You can install the Information Manager client from the Downloads option on the System view of the Information Manager Web interface. Files can also be downloaded from the logon page of the Information Manager Web interface. See

“Launching the SSIM Web Start Client”on page 24.

You must install the Symantec Security Information Manager license before you access the console of the Information Manager client. See“Importing the Symantec Security Information Manager license”on page 21.

Note:If you get an error message while accessing the Information Manager console with a NAT IP address, create a host entry for the NAT IP address in the

\etc\hostsfile. Installing the Information Manager

To install the Information Manager client

1

Using a Windows-based computer, open a Web browser, and in the address bar, type the IP address of the Information Manager server.

For example:

https://Information_Manager_Host_Name_or_IP_address

By default, the Information Manager server uses a self-signed certificate, which is not verified by certificate authentication services such as VeriSign®. If you are prompted, click Yes to accept the Information Manager certificate.

2

Log on to the Information Manager Web interface using the administrator credentials that you created during the Symantec Security Information Manager installation.

3

On the System view, click Downloads > Downloads.

4

Select the Install SSIM Client link.

5

When you are prompted, click Run, and then follow the prompts to install the client.

To access the console of the Information Manager client

1

Launch the Information Manager client console.

The location of the icon to launch the Information Manager client console depends on the settings that were selected during Information Manager client installation.

If you added the icon to the start menu, click the Start menu, point to

Programs, and then point to the Symantec Security Information Manager

program group. Click SSIM Client.

2

When you are prompted, provide the user name, password, and either the host name or the IP address of the Information Manager server.

Note:To use the Information Manager client on a Windows Vista computer, you must log on as part of the local computers administrator group.

SSIM Web Start Client

By using SSIM Web Start Client, you can now reach the Information Manager console directly without downloading and installing the Information Manager console.

The Launch SSIM Web Start Client link, that is located on the logon page of the Information Manager Web interface, launches the Information Manager console. You can also access this link from the Downloads option on the System view of the Information Manager Web interface.

See“Launching the SSIM Web Start Client”on page 24.

Launching the SSIM Web Start Client

You can launch the SSIM Web Start Client from the Information Manager Web interface using the Launch SSIM Web Start Client link on the logon page. When you launch the SSIM Web Start Client for the first time, the files that are required are downloaded to the client computer and the Information Manager logon dialog box appears. A shortcut icon is created for SSIM Web Start Client on the Windows® Desktop and Start menu.

See“SSIM Web Start Client”on page 23.

The minimum version of JRE that is required for the SSIM Web Start Client is 1.7. For the SSIM Web Start Client to work correctly, with 64-bit Java installed, you must use a 64-bit browser. With 32-bit Java installed, you must use a 32-bit browser.

The appropriate Java version must be installed on the computer. After Java is installed, you must also enable the ActiveX controls and plug-ins from Internet Explorer.

See“Enabling ActiveX controls and plug-ins to launch SSIM Web Start Client”

on page 25.

Make sure to enable JavaScript for the browser that is used for launching SSIM Web Start Client.

See“Enabling JavaScript to launch SSIM Web Start Client”on page 25.

An error message may be displayed if the Web site that launches SSIM Web Start Client is not added to the list of trusted sites.

See“Adding a Web site as a trusted site to launch SSIM Web Start”on page 26. Note:The console that is launched by SSIM Web Start Client is not FIPS-compliant. If you require a FIPS-compliant console, you must download and run Setup.exe from the Install SSIM Client link on the logon page of theInformation Manager Web interface.

Installing the Information Manager

To launch the SSIM Web Start Client

1

In the browser, type https:// followed by the address of the Information Manager server and then press Enter.

2

Click Launch SSIM Web Start Client link.

You can also access this link from the Downloads option on the System view of the Information Manager Web interface.

3

In the Warning - Security dialog box, click Yes to continue.

If the Information Manager server is added as a trusted site, this warning does not appear.

The files that are required to launch SSIM Web Start Client are downloaded and then the logon page of the Information Manager console appears.

4

Enter the appropriate credentials to log on to Information Manager.

Note:When you log on to the SSIM Web Start Client, the JRE version that is displayed in the Help > About Symantec Security Information Manager dialog box is the version of the JRE that is installed on the client computer. The Client JRE version may be different than the JRE version that is installed on the Information Manager server.

Enabling ActiveX controls and plug-ins to launch SSIM Web

Start Client

Java must be installed on the computer that launches SSIM Web Start Client. After Java is installed, make sure to enable the ActiveX controls and plug-ins from Internet Explorer.

To enable ActiveX and plug-ins

1

From Internet Explorer, go to Tools > Internet Options.

2

From the Security tab, select Trusted Sites and then click Custom Level.

3

Scroll down to ActiveX Controls and plug-ins > Run ActiveX Controls and

plug-ins.

4

Check Enable.

See“Launching the SSIM Web Start Client”on page 24.

Enabling JavaScript to launch SSIM Web Start Client

JavaScript must be enabled for the browser that is used for launching SSIM Web Start Client.

To enable JavaScript for computers with Internet Explorer 7/8

1

From Internet Explorer, go to Tools > Internet Options.

2

From the Security tab, select Trusted Sites, and then click Custom Level.

3

Scroll down to Scripting > Active scripting and check Enable.

4

Click OK.

5

Click Yes in the warning dialog box and then click OK. To enable JavaScript for computers with Firefox 3.6/4.0

1

Open Firefox, click Tools, and then select Options.

2

From the Content tab, check Enable JavaScript.

3

Click OK.

See“Adding a Web site as a trusted site to launch SSIM Web Start”on page 26. See“Launching the SSIM Web Start Client”on page 24.

Adding a Web site as a trusted site to launch SSIM Web Start

When SSIM Web Start Client is launched by using Internet Explorer 7/8 and if the Web site that is used for launching SSIM Web Start Client is not added as a trusted site, an error may be displayed. To resolve this error, you must add the Web site as a trusted site.

To add a Web site as a trusted site to launch SSIM Web Start Client

1

Open Internet Explorer 7/8, go to Tools > Internet Options.

2

From the Security tab, select Trusted Sites, and then click Sites.

3

Type https:// followed by the URL of the Fully Qualified Domain Name (FQDN) or the IP address of the Web site.

4

Click Add.

See“Launching the SSIM Web Start Client”on page 24.

Third-party certificate for SSIM Web Start client

With SSIM Web Start client, you can install JRE at any location. It is not bundled with the Information Manager console.

When a third-party certificate is installed on the server, the appropriate certificate must be added on the client side to access the server. The certificate must be placed at the appropriate location, that is, the jre/bin folder of the Java that is used to launch the Information Manager client.

Installing the Information Manager

To add the certificate on the client side

1

From the command line, run javaws –viewer

2

Select the Java tab, click View, and verify the path.

3

Place the certificate in Java’s jre\bin folder.

4

Import the certificate using the following command from a command line:

keytool.exe -import -file <file_location> -keystore ..\lib\security\cacerts -storepass <certificate_password>

<file_location> refers to the path and file name of the certificate.

<certificate_password> refers to the password created with the certificate. The Java default certificate password is ‘changeit’.

For example,C:\Program Files\Java\jre6\bin\keytool.exe -import -file C:\Program Files\Java\jre6\bin\cacert.pem -keystore ..\lib\security\cacerts -storepass changeit

Running LiveUpdate

Running LiveUpdate is optional. If you run LiveUpdate, you must run it using theInformation Manager Web interface after you install the Information Manager server. Running the LiveUpdate feature updates the Information Manager content on the Information Manager server with the latest versions that are available on the LiveUpdate Web site. You can also update the predefined reports with the new versions that are available.

To run LiveUpdate

1

Log on to the Information Manager Web interface. On the Maintenance view, click LiveUpdate.

2

Select the individual products that you want to update.

You can also click Check All to select all the packages and then click Update. If needed, the Information Manager server is restarted after the update process ends.

The details of the updated packages are displayed on the details pane of the LiveUpdate option.

27 Installing the Information Manager

Reinstalling the Information Manager server

You can return the Symantec Security Information Manager server software to its original settings by using the installation DVD. You may want to return the Symantec Security Information Manager server to a known good state if there is a problem with the software or settings.

Warning:Reinstalling the software deletes all stored data. Before you reinstall the Information Manager:

■ Back up all of the data.

■ If you have the security products that send events to the Information Manager server, you should forward those events to another Information Manager server. Alternatively you can disable sending events until an Information Manager server is available.

For more information about backing up the database and the security directory, see the Symantec Security Information Manager 5.0 Administrator Guide. To reinstall the Information Manager server

1

After you back up the data that you want to save, close the Information Manager console on any computers that currently view information from the Information Manager.

2

Insert the Symantec Security Information Manager 4.8 installation DVD into the DVD drive.

3

Using a Web browser, open the Information Manager Web interface.

4

From the System view, click Shutdown / Restart option.

5

Click Restart.

6

When you are prompted to confirm the restart, click OK.

7

When you are prompted, press 1 to run the Installation Wizard. You must then follow the on-screen prompts to configure the software.

About using the driver disk option

Information Manager 4.8 installation DVD includes the Red Hat Enterprise Linux (RHEL 6.0) operating system for 64-bit Intel hardware. As such, Information Manager supports the devices that are Red Hat-certified for use with Red Hat Enterprise Linux 6.0 (x86_64-bit). If you use other untested hardware, you may

Installing the Information Manager

need to use the driver disk option when you install the Information Manager server.

See“Minimum requirements for the Information Manager server”on page 11. RHEL 6.0 has some limitations on updating the drivers using driver disk during installation. Refer toLimitations of driver updates during installation

Note:For support on the issues that are related to third-party device drivers, you must contact your hardware manufacturer.

You may need external device drivers in the following scenarios:

■ Devices that Red Hat supports and for which the updated drivers are available with the device vendor. However, the drivers are not yet included as a part of the Red Hat distribution.

■ Devices that Red Hat does not support. However, drivers for those devices are available.

Symantec recommends that you exercise caution when you use an external driver that is not Red Hat-certified. Because these drivers are not tested in the Red Hat Linux distribution, they are not guaranteed to work appropriately. Drivers may be available in source form or as binaries that are compiled against specific versions of the Linux kernel. If the drivers are available in binary form, you must compile the drivers against Linux kernel version 2.6.9-100.ELhugemem and 2.6.9-89EL withgccversion 3.4.6-10. If Information Manager is installed on a virtual platform, you must compile the drivers against Linux kernel version 2.6.9-100.ELsmp and 2.6.9-89EL. After you have compiled the drivers, they can be installed on the Information Manager server. Please check the driver documentation for supported kernel versions.

Note:If you have compiled and used external device drivers with the Information Manager, these drivers have to be recompiled for the new kernel.

Creating a third-party driver disk

You may need to use a device that is not supported by the kernel that ships with the Information Manager installation DVD.

If the external device driver is available as source code, please refer to the driver's documentation for instructions on building the driver. The documentation also contains information on the dependent tools or packages that need to be installed to build the driver. In most cases, the Red Hat kernel-development package and thegcccompilation tool and its dependencies are required to build the driver.

The following packages are shipped with the Symantec Security Information Manager installation DVD: ■ Kernel kernel-hugemem-2.6.9-100.EL.i686.rpm kernel-hugemem-devel-2.6.9-100.EL.i686.rpm ■ gcc gcc-3.4.6-10.i386.rpm ■ gccdependencies cpp-3.4.6-10.i386.rpm ■ RPMS glibc-headers-2.3.4-2.i386.rpm kernel-headers-2.4.9-e.74.i386.rpm

You can install the packages by running the following command on the Information Manager server:

# rpm -ivh <rpm_file>where rpm_file is one of the RPMs supplied with the

installation DVD.

You can refer to the following example to build a third-party driver disk: The raid controller Mylex AccelRAID 170 SCSI controller with a RAID 5 array. You need to create a driver disk for the raid controller before you can use the device with the Information Manager server.

The driver disk contains the files that have the relevant information about the hardware so that it can integrate with the software.

The following files must be on the driver disk:

■ modinfo

■ modules.cgz

■ modules.dep

■ pcitable

■ rhdd-6.1

To create the driver disk, you must first create the files as required. Then you can copy the files to the disk.

To create themodinfofile

1

Using a text editor on a Linux/Unix computer, create and save themodinfo

file.

If you have created the file on a Windows-based computer, run thedos2unix

command on the file to remove the carriage return characters. The contents must be in the following format:

Version 0

DAC960

SCSI

"Mylex AccelRAID 170"

2

Create themodules.cgzfile.

See“To create themodules.cgzfile”on page 31.

To create themodules.cgzfile

1

Create two directories that have the same name as your kernel version; for example:

2.6.9-100.ELhugemem

2.6.9-89EL/

You must create themodules.cgzfile on a Linux computer only.

Symantec recommends that you perform this task on a separate Linux computer that is supported by the specific driver module along with correct kernel versions. For example, for Information Manager 5.0 you need kernel 2.6.9-89EL and 2.6.9-100.ELhugemem to compile the driver modules. After you compile the drivers, the filedrivername.kois created, which is the object

module required to build modules.cgz.

2

Copy the compiled modules (obtained from the vendor or compiled against the version that is specified in the previous step) to the directories that are specified.

3

Create themodules.cgzout of this directory using the following command: # ls -1 2.6.9-100.ELhugemem/*.ko 2.6.9-89EL /*.ko | cpio -Hcrc -o | gzip -9 > modules.cgz

4

Create themodules.depfile. The modules.dep file contains information about

module dependencies.

See“To create themodules.depfile”on page 32.

To create themodules.depfile

1

Using a text editor on a Linux/Unix computer, create and save the

modules.depfile

The contents must be in the following format:

parport_pc: parport

3c503: 8390

plip: parport_pc

2

Create thepcitablefile.

See“To create thepcitablefile”on page 32.

You may need to specify the module dependencies that are required by the driver module that you plan to install.

To create thepcitablefile

1

Using a text editor on a Linux/Unix computer, create and save thepcitable

file.

The contents must be in the following format:

0x0e11 0x0508 "sktr" "Compaq|Netelligent 4/16 Token Ring"

0x0e11 0xb060 "cciss" "Compaq|Smart Array 5300 Controller"

0x1000 0x0701 "yellowfin" "Symbios|83C885"

0x1000 0x0702 "yellowfin" "Symbios|Yellowfin G-NIC gigabit ethernet"

0x1011 0x001a "acenic" "Farallon|PN9000SX"

Thepcitablefile contains vendor and device numbers of PCI cards and their

appropriate device drivers. You can identify the PCI devices by their vendor numbers and device numbers.

You can get appropriate vendor numbers and device numbers by executing the following command:

# lspci -n

2

Create the driver disk.

See“To create the driver disk”on page 33.

To create the driver disk

1

Format a floppy with the MS-DOS file system. Use the following command:

mkdosfs /dev/fd0

2

Copy the following files to the disk:

■ modinfo

■ modules.cgz

■ modules.dep

■ pcitable

Your driver disk is now ready for use. You can use the disk when you are prompted to insert the third-party driver disk during the installation process.