立即与支持人员聊天
与支持团队交流

InTrust 11.4.2 - Deployment Guide

InTrust Deployment Options Performing Extended Deployment of InTrust Extending a Default InTrust Deployment Mapping out Your Environment for InTrust Role-Based Administration of InTrust InTrust Configuration Licensing Sample Deployment and Configuration Scenario

Planning for InTrust Accounts

This topic gives an overview of the accounts you will need to install and configure InTrust. Detailed information is provided in System Requirements.

  1. To install Knowledge Packs containing reports and other predefined objects, this account also requires the following:
    1. Membership in the local Administrators group on the computer where the setup is run
    2. Content Manager role for the Home folder in SQL Server Reporting Services.
    3. System Administrator site-level role in SQL Server Reporting Services (for creating item-level roles and shared schedule)
  2. During the setup, you will be prompted for InTrust account. This account will be used for InTrust services operation (data gathering, real-time monitoring, scheduled task processing) and agent installation (by default).
    In order to provide automatic creation of Service Connection Point (SCP) by InTrust means, do one of the following before the setup:
    • Open the ADSI Edit snap-in and create CN=Quest InTrust, CN=System, DC=<Domain> in the "Domain" Active Directory partition. You have to assign the following rights for this container for the account under which you will run the setup: Create All Child Objects, Read Permissions, Modify Permissions.
    • Open the ADSI Edit snap-in and specify the following rights for the CN=System, DC=<Domain> in the "Domain" Active Directory partition for the account under which you will run the setup: Create All Child Objects, Read Permissions, Modify Permissions, Read All Properties, Write All Properties. These permissions must be applied onto This object and all descendant objects scope.

What you have after you have performed all these actions and setup has finished:

  • The CN=Quest InTrust container is created.
  • The account under which you install the Quest InTrust Server service has sufficient rights to create child objects.
  • The account under which you run the Quest InTrust Server service has sufficient rights to create child objects.
  • The serviceConnectionPoint object is created.

If you need to change an account after the InTrust installation, use the adcsrvacc command-line utility. For more details, see Special-Purpose Commands and Utilities.

The rights and permissions required for InTrust operations are described in System Requirements.

Installing and Configuring InTrust Components

To install InTrust, run the Autorun application from your InTrust distribution on the computer where your InTrust server will be located. On the Install tab, click InTrust Extended Suite. Follow the steps, as described in the related topics:

Participation in the Quest Software Improvement Program

The Software Improvement Program involves Quest receiving anonymous usage statistics from the Quest software you install. No personal identifying data (such as account names) is included in this feedback. The purpose is to determine which features are most popular and find out how their use can be streamlined.

The following information is transmitted:

  • Hardware configuration
  • Which product features are used
  • External IP addresses

Participation is voluntary. Although it is enabled automatically for some countries, you can change your choice at any time after InTrust setup is complete; for details, see Opting In and Out below.

Participation is enabled or disabled on a per-computer basis. It is configured independently on every computer where you install software using InTrust setup.

Opting In and Out

To change your choice regarding participation in the Quest Software Improvement Program at any time after InTrust setup is complete, use the sipcfg.exe command-line utility, which is located in the InTrust\Tools\Software Improvement Program folder in your InTrust distribution. Run the command without parameters to see usage information.

The command will have an effect only on the computer where it is performed. For example, if you run it on an InTrust server, it will not affect any other servers in the InTrust organization.

If you want to opt out, you can also use the Autorun application from your InTrust distribution. Launch Autorun, select the Customer Feedback tab, and click the Opt Out button. This action will prevent automatic opt-in on the same computer if you use InTrust setup to install other components later.

Installing the First Server in InTrust Organization

Accept the License Agreement

On the first step of the setup, accept the license agreement to proceed.

Select Your Country

Select the country where you are performing InTrust installation. This choice affects whether your participation in the Quest Software Improvement Program is enabled automatically. For details about the program, see the Installing and Configuring InTrust Components topic.

Make Your Software Improvement Program Participation Choice (Conditional)

This step is displayed only if the country you selected has legislation that prohibits automatic opt-in for software that transmits data back to the vendor. If you want to take part in the initiative, select the “yes” option.

Select the Components to Install

Next, you are prompted to select any of the following features to install:

  1. InTrust Server; it will be installed with the following:
    • InTrust Administrative Knowledge Pack for tracking and reporting on server operation
    • Objects for common best-practice auditing and reporting scenarios
  1. InTrust Resource Kit
  2. InTrust Manager—the user interface for InTrust configuration.
  3. The Monitoring Console application, which allows you to work with real-time monitoring alerts.

Check Your Readiness

After you have selected the components you need, setup runs an automatic check to see if your system meets the requirements for your selection. You can proceed only if all of the listed items check out as Passed. Issues with the items marked as Failed need to be addressed before you deploy InTrust. To find out the exact requirements for an item, click its Failed or Passed status label.

For some Failed items, an automatic fix is possible; in such cases, a Fix Issues link is available for them. For example, if you have chosen to install Monitoring Console but Microsoft IIS is not configured properly, clicking Fix Issues for the IIS item will activate IIS and enable the necessary features of it.

Supply the User Account

Next, you need to specify the account for InTrust operation.

This account will be used for agent installation by default, audit data gathering, and processing of scheduled tasks. You can use this account to access the configuration and alert databases as well.

The rights and permissions required for InTrust operations are described in System Requirements.

Specify InTrust Organization

When you install the first InTrust server in your environment, a new InTrust organization is created. An organization is a set of InTrust servers that share a single configuration database.

Supply the new organization’s name and password. This password is used for the configuration database encryption when you add a new InTrust server to the InTrust organization or register a manually installed agent with the server.

Specify the Configuration Database

Next, specify the configuration database.

You can do one of the following:

  • Create a new configuration database.
  • Specify a database created in advance by a script (described in the Providing Database Access topic).

For that, launch SQL Server Connection Wizard by clicking the button next to the SQL Server text box.

You will be asked to specify the SQL server, database name and connection settings to be used for access to the database. By default, Windows authentication will be used for database access; you can select to use SQL Server authentication when prompted.

Notes:

  1. You can use InTrust service account to access the configuration database. In this case, select Windows authentication method. Alternatively, you can use the SQL Server standard user account for the database access. In this case, select SQL Server authentication.
  2. The configuration database must be located on a Microsoft SQL server that has a reliable broadband connection with the computer where you are installing InTrust server.

Review and Modify Default InTrust Settings

On the next step, the default choices for InTrust configuration are displayed. These choices have been made automatically by the installer based on established practices and what you have already specified.

Review the configuration of the following:

  • Default InTrust databases
  • Communication ports

Caution:

  • Communication ports are not configurable if you are performing extended InTrust deployment on top of a default deployment; in this case, it is assumed that the ports are already set up and working thanks to the default deployment.
  • Selecting the Allow InTrust traffic through Windows Firewall option will change Windows Firewall rules accordingly. It will not affect any other firewall software you may be using.
  • Make sure the ports specified here are open for inbound traffic and not blocked by any firewalls.
  • Monitoring Console
  • InTrust notification
  • SQL Server Reporting Services

To change any of the default settings, select the Change automatic configuration option. The following steps will then let you change the settings.

Change Miscellaneous Default Settings (Optional)

This step is shown if you selected the Change automatic configuration option on the Automatic Configuration step. Here you can configure the following:

  • Default InTrust alert and audit databases
  • Communication ports
  • Virtual directory that InTrust Monitoring Console should use

Make sure the ports specified here are open for inbound traffic and not blocked by any firewalls.

Caution:

  • If you place the InTrust server behind a firewall, you need to allow incoming packets to the specified listening port at the server's IP address and also both incoming and outgoing packets on the RPC endpoint port.
  • Port 8341 must be open on the server for incoming packets; this is not configurable.

Specify Mail Settings (Optional)

This step is shown if you selected the Change automatic configuration option on the Automatic Configuration step. Here you can configure mail settings for notifications sent by InTrust.

Specify the following:

  • SMTP server name and port for connection
  • Email addresses to be used as the default From and To address when the InTrust server sends notifications. Also this email addresses are used for default recipients.
  • NETBIOS computer name for default notification recipient

Specify Reporting Settings (Optional)

This step is shown if you selected the Change automatic configuration option on the Automatic Configuration step. If you do not want SSRS-based reporting, leave all the options on this step blank.

SQL Reporting Services GUI URL

InTrust interactive operations with reports are based on the web application that facilitates interaction with SQL Server Reporting Services.

Supply the URL of this web application’s virtual directory. In a default Reporting Services installation, the name of the virtual directory is Reports. Setup displays the following in the text box: http://<server name>/Reports or http://<server name>/Reports$<instance name> (for report server instance), where <server name> is the name of SQL server that was specified for the configuration database.

If your SSRS installation differs from the default, supply the necessary virtual directory name.

SQL Reporting Services URL

SQL Server Reporting Services provide a web service (Report Server) that exchanges data with applications. Scheduled InTrust reporting jobs use this service.

Supply the URL of the Report Server web service’s virtual directory. In a default Reporting Services installation, the name of the virtual directory is reportserver. Setup displays the following in the text box: http://<server name>/reportserver or http://<server name>/reportserver$<instance name> (for report server instance), where <server name> is the name of SQL server that was specified for the configuration database.

If your SSRS installation differs from the default, supply the necessary virtual directory name.

Path to a local folder where InTrust reports will be stored

This setting specifies the location of the folder where SSRS-based InTrust reports will be stored.

This folder will be shared automatically by InTrust setup in order to provide access to the reports from the network.

Complete the Installation

Click Next to install the selected features. Wait for the setup to complete.

 

Installing Servers Into Existing InTrust Organization

To install additional InTrust servers into an existing InTrust organization, run the setup on the target computers.

Note: Do not perform server installations simultaneously—servers must be installed sequentially, one after another.

Consider that all accounts under which you are going to run the setup are listed as InTrust organization administrators. To make sure this requirement has been met:

  1. Open InTrust Manager and connect to the InTrust server.
  2. Open the properties of the root node.
  3. Add the necessary accounts to the list that appears. You need to specify the accounts explicitly, because privilege assignment through group membership will not work.

When prompted, supply organization’s password. The configuration database is the same for all servers in the organization.

When installing a new InTrust server into existing organization, you can specify:

  • Alert database location
  • Mail settings
  • Communication ports

Caution:

  • Communication ports are not configurable if you are performing extended InTrust deployment on top of a default deployment; in this case, it is assumed that the ports are already set up and working thanks to the default deployment.
  • Selecting the Allow InTrust traffic through Windows Firewall option will change Windows Firewall rules accordingly. It will not affect any other firewall software you may be using.
  • Make sure the ports specified here are open for inbound traffic and not blocked by any firewalls.
  • IIS virtual directory for Monitoring Console
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级