Eyeglass Getting Help Guides Publication
Data Security Bundle Installation Service
Home

Data Security Bundle Installation Service

Overview

This service is designed for customers who have purchased the Security Bundle and need installation and configuration assistance deploying Ransomware Defender, Easy Auditor and Security Integrations. 

Dell SKU: AD154078. Superna Product Code: eyeglass-P028-INS 

Exclusions:

  • Superna resources are not authorized to provide design recommendations for Disaster Recovery features. This would require a purchase of the DR Design and Implementation Service

  • Hands-on changes to external IT components, for example DNS, Active Directory, PowerScale or other non Superna supplied products.

  • Service delivery requires customers to have hands-on knowledge of all external IT components.

Prerequisites

Complete these steps prior to scheduled installation and configuration:

  • Complete a Pre-Installation Questionnaire Form located here

  • Send a schedule installation request to  services@superna.net 

  • Core Agent Appliance is installed

  • Run an event rate script to determine a number of VMs

  • On the day of installation confirm availability of the DNS administrator to make changes if the above steps require debugging or were misconfigured.

  • Firewall ports opened as per documentation for ECA clusters

Service Methodology Flow

 Initial Setup and ECA (Extended Cluster Agent) Installation and Configuration Service

ECA Agent Installation Phase  - Remote installation with customer to accomplish the following:

  • Prerequisite - Gather and review site installation data submitted from the questionnaire

Configuration Phase - Remote

  • Apply License

  • Edit configuration file on agent startup

  • Startup clustered agent code

  • Configure PowerScale to audit files for testing phase

  • Verify audit messages are being processed

  • Completed

Ransomware Defender Configuration Phase:

Configuration and Testing:

  • Configure Security Guard feature

    • Validate successful execution

    • Configure schedule

    • Knowledge transfer on log file validation for Security guard

  • Enable monitor mode to baseline user behavior

  • Review Security assessment on enforcement section in the admin guide

  • Schedule follow on Health Check and Knowledge Transfer sessions two-three weeks from phase completion

Knowledge Transfer:

  • How to enable production mode

  • Operational cluster management section 

  • How to process security incidents work flow from the admin guide: How to respond to Security Events for Warning, Major or Critical Events 

  • How and when to make white list changes when introducing new server applications that write data to PowerScale 

  • UI walk through 

Easy Auditor Configuration Phase:

Configuration and Testing: 

  • Verify audit data is being stored in the analytics database with query interface

  • Run test user query report

  • Run test path based report

  • Test Where did my folder go?

  • Review test wiretap functionality on a path with a test user mounting and accessing files

Knowledge Transfer Phase 

Service complete - Review and deliver final ECA Installation Report. 

Search Section:

This only applies if the service was purchased with Search & Recover.

  1. Configuration Phase - Search 
  1. Download: The OVA can be downloaded by following the normal download instructions here.
    1. The menu item to select is VMware OVF installers and select the Eyeglass Search & Recover download

  2. Deploy to vCenter: During deployment to VMware enter the IP address information for each node, Enter cluster name all lowercase with no special characters.

  3. Add License keys:
    1. Download  keys using supplied token in process here.
    2. Copy the license zip file to node 1 using SCP or Winscp utility to copy the zip file using Secure Shell protocol, login with ecaadmin and password above
  4. Apply License keys:
    1. Follow add license keys CLI instructions section "Licensing CLI Commands " in the Admin Guide.
  5. Add cluster:
    1. Follow add cluster CLI instructions section "Adding, Viewing Clusters " in the Admin Guide.
  6. Add Path to be indexed:
    1. Follow the instructions to add a folder for indexing in the section "How to add a folder path to be Indexed" in the Admin Guide.
  7. Start Indexing Jobs:
    1. Follow the instructions to start indexing job in the section "How to start a full index job on a path" in the Admin Guide.
  8. Monitor Indexing Statistics:
    1. Follow the instructions to monitor indexing progress of the folder path added above in the section "How to Monitor Index Jobs" in the Admin Guide.
  1. Test Phase - Search & Recover 
  1. Login and try some searches:
    1. open a browser https://x.x.x.x (ip is node 1 of the cluster)
    2. Enter an AD user login using DOMAIN\user or user@example.com (note domain name must be uppercase) and then password.
    3. Try a search for data in the path you indexed.
    4. NOTE: The user you login must have Share permissions to the path was added to be indexed data
  2. Advanced Feature Walk though
    1. Try a file size range search
    2. Download the results to CSV
    3. Download a script with example ISI command isi get -D        and output to a results file >> results.txt
  1. Knowledge Transfer Phase - Search & Recover  
    1. Explain Solutions available with the product. Guide here.
    2. Explain how to use the diagnostic tools and how to access. Guide here.
    3. Explain index process for full versus incremental and lag to detect changed files.
    4. Demonstrate how to generate a support backup and how to download from the admin download page Guide here
    5. Explain how to download CSV and large scripts from the admin download page. Guide here.
    6. Explain how to set the results location FQDN for smartconnect and how SMB share names are inserted dynamically. Guide here.
    7. Explain where to find advanced field search syntax examples and search rules with wild cards. Guide here.
    8. Explain the security modes on indexed folders, guide Here.

Golden Copy Section

This only applies if the service was purchased with Golden Copy.

  1. Configuration Phase - Golden Copy 
  1. Download: The OVA can be downloaded by following the normal download instructions here.
    1. The menu item to select is VMware OVF installers and select the Eyeglass Golden Copy download

  2. Deploy to vCenter: During deployment to VMware enter the IP address information for each node, Enter cluster name all lowercase with no special characters.

  3. Add License keys:
    1. Download  keys using supplied token in process here.
    2. Copy the license zip file to node 1 using SCP or Winscp utility to copy the zip file using Secure Shell protocol, login with ecaadmin and password above
  4. Apply License keys:
    1. Follow add license keys CLI instructions section "Licensing CLI Commands " in the Admin Guide.
  5. Add cluster:
    1. Follow add cluster CLI instructions section "Adding, Viewing Clusters " in the Admin Guide .
  6. Add Path to be copied:
    1. Follow the instructions to add a folder for archiving in the section "How to manage folders to be copied or synced" in the Admin Guide .
  7. Start Archiving Jobs:
    1. Follow the instructions to start indexing job in the section "archive (start a copy job)" in the Admin Guide  .
  8. Monitor Archive jobs:
    1. Follow the instructions to monitor indexing progress of the folder path added above in the section "How to monitor copy job performance and job log" in the Admin Guide .
  9. Verify Copy Jobs and How to Review reports:
    1. Review summary copy reports
    2. Review detailed copy reports
  1. Test Phase - Golden Copy 
  1. Login and try monitor copy reports:
    1. open a browser https://x.x.x.x (ip is node 1 of the cluster)
    2. eccaadmin and password
    3. Start a file copy,  monitor the copy, review copy logs
  2. Advanced Feature Walk though
    1. How to configure folders for S3 storage types (add, modify , delete)
    2. Walk through folder flags and meaning of how to configure features


  1. Knowledge Transfer Phase - Golden Copy  
    1. Explain best practices and when to use copy, vs sync mode
    2. Explain use cases for deferred delete, Airgap
    3. Explain single file restore
    4. Explain bulk restore and commands
    5. Explain rate limiting options for bandwidth
    6. Explain concurrent file copy settings and impact of increasing
    7. Explain PowerScale node use case
    8. Explain load balancing copies to target storage



Performance Auditor Section

This only applies if the service was purchased with Performance Auditor.

  1. Configuration Phase - Performance Auditor 
  1. Enable the EVTreporter service on the ECA cluster
  2. Increase RAM on ECA nodes as per sizing table here.
  3. Verify Eyeglass open ports for the Performance Auditor application table is here.
  4. Verify Turbo audit events are being processed by EVT reporter container
  5. Verify cluster audit events are enabled to support the Performance Auditor features here.
  1. Test Phase - Performance Auditor
  1. Open the Performance Auditor application and verify the display is showing analysis data
  2. Switch views to verify all metrics are reported including AD user names 
  1. Knowledge Transfer Phase - Performance Auditor
    1. Explain top 5 per category display and view switching
    2. Explain drill in to an object in each view and how this is used to identify who, what user , what files or application is generating the most work load per node or cluster wide
    3. Explain yellow band display is baseline computed from all nodes in the cluster as 2 standard deviations above and below cluster wide average and how to use this baseline to track which nodes are above average load level (same applies to all the other views)
    4. Explain application read and write mode tracks SMB or NFS application requests per second as a way to understand relative application efficiency for NAS operations.
    5. Demonstrate pinning feature to add a user to the display that is not in the top 5, explain who pinning allows comparison of an object outside the top 5. Demonstrate file extension pinning to monitor an applications impact on cluster resources.
    6. Demonstrate how to switch rate from MB's to GB's or KB's depending on the throughput rates of the monitored object.


Data Security Essentials Upgrade Service Scope

Prerequisites

Must be completed before scheduling the upgrade.  Estimated time to complete 4 hours.

  1. Windows Server OS > 2019 
    1. 4 x cpu
    2. 32 GB or more of ram
  2. Microsoft SQL Database
    1. Remotely hosted or installed co-resident
    2. Versions 2019 or later
  3. Install IIS Web server component on Windows Server OS

Scope

  1. Validate SQL database access service account access and firewall ports to reach SQL server database
  2. Run Data Security Essentials (documentation)
  3. Verify upgrade
  4. Verify previous configuration and policies are present
  5. Verify license key
  6. Install new license key
  7. Configure auditing data collection for testing of ingestion and reporting
    1. Select a path or SMB share to collect audit data
    2. Create IO in this path
    3. Verify audit data ingestion
    4. Verify reports execute
  8. Knowledge transfer on new features
    1. Ransomware policy enable steps for banned file list and response action
      1. Test banned file response on a test user on the test path or smb share
    2. Ransomware Behavior detection enable steps
    3. Custom behavior policy creation walk through.
© Superna Inc