InTrust Deployment Options
You have two InTrust deployment options:
- Default
Install a lean streamlined set of components that closely implement best practices for auditing and regulations compliance without much variation.
- Extended
Customize your InTrust component choice, workflows and security roles for auditing, real-time monitoring, advanced SQL Server Reporting Services-based reporting and regulations compliance.
This set of topics deals with extended deployment. For details about the default installation, see Getting Started with InTrust.
Performing Extended Deployment of InTrust
Before You Run Setup
Consider some preliminary procedures you may need to carry out prior to launching InTrust setup. Make sure you have read about the key features, components and workflow of InTrust in the Product Overview.
For more details, see the following topics:
Providing Database Access
An important thing to consider when installing InTrust is security for the databases that it is going to use. The accounts used by InTrust to access these databases can have the dbo role for the databases, or minimal privileges provided by special scripts.
If you use an account that has the dbo role, no database pre-configuration is needed. You can create databases as you proceed with the setup. If you cannot or do not want to use the system administrator account, make sure that your account is the owner of at least the InTrust configuration, audit and alert databases.
Access to the databases accounts without the dbo role is also possible, but database cleanup is disallowed to such accounts. If this is an acceptable limitation for the account you want to use, ask your database administrator to configure the account using the procedure below.
To provide access to SQL Server 2014 and later databases
- Create a Windows group (for example, InTrustAccounts), and add the following accounts to it:
- The account under which InTrust setup will be run, for example, InTrustSetupAccount
- The account that will be used for InTrust operations (later you will have to enter it during the InTrust setup), for example, InTrustServiceAccount
You can use the same account for both purposes.
- In SQL Server Management Studio, select the SQL Server that will host InTrust databases.
- Right-click Security | Logins, and select New Login. Create a login that will be used for database access; in the Login name field, specify the InTrustAccounts group (created on step 1).
- Create the databases (configuration, audit, and alert) to be used by InTrust.
- Run the corresponding scripts for them:
- for the configuration database: configdb.sql and InTrust9_0_configuration_schema.sql scripts
- for the audit database: auditdb.sql and ITFE80_EventsData.sql scripts
- for the alert database: alertdb.sql and InTrust9_0_alerts_schema.sql scripts
These scripts automatically create database schemas and roles required for InTrust operations.
- Select the database you created (for example, audit database); under that database, select Security | Users, and create a new user (for example, Non_dbo). In the Login name for that user, provide the account created on step 3.
- Check the following:
- InTrust Gathering is set as the default schema for the user.
- This user has the appropriate database roles (InTrust Audit DB Cleanup, InTrust Gathering, and Reporting Console User).
- Repeat step 6 for the alert database.
- Check the following:
- InTrust Real-Time Monitoring is set as the default schema for the user.
- This user has the appropriate database roles (InTrust Real-Time Monitoring, InTrust AlertDB Cleanup, InTrust Monitoring Console, and Reporting Console User).
- Repeat step 6 for the configuration database.
- Check the following:
- AdcCfgUser is set as the default schema for the user.
- This user has the appropriate database roles (AdcCfgUser, Reporting Console User).
Once you have completed these steps, your databases and accounts are ready to be specified during the installation. They will have the privileges required for proper InTrust operation without the dbo role (with the limitation described above).