Installing the Data Security module of the Security Manager

Applies to:
  • Forcepoint DLP, v8.5.x, v8.6.x, v8.7.x, v8.8.x, v8.9.x, v9.0, v10.0, v10.1
Follow these instructions to install Forcepoint DLP components on the Forcepoint management server. This includes:
  • Policy engine
  • Primary fingerprint repository
  • Forensics repository
  • Endpoint server
It is assumed you have reached this point by starting a Forcepoint Security Manager installation. If not, see Creating a Forcepoint management server.
  1. When the Forcepoint DLP Installer is launched, a Welcome screen appears. Click Next to begin Forcepoint DLP installation.
    Note: Both .NET v3.5 and 4.5 must be installed before you begin the installation. If either is missing, you receive a message to this effect.
  2. On the Select Components screen, click Next to accept the default selections.
    Note: If there is insufficient RAM on this machine for Forcepoint management server components, a message appears. Although it is possible to continue with the installation, it is better to upgrade the RAM first, and then install.
  3. If prompted, click OK to indicate if services such as SMTP will be enabled.

    Required Windows components will be installed. You may need access to the operating system installation disc or image.

  4. On the Fingerprinting Database screen, accept the default location or use the Browse button to specify a different location.

    Note that you can install the Fingerprinting database to a local path only.

  5. If the SQL Server database is on a remote machine, you are prompted for the name of a temporary folder. This screen defines where the system should store temporary files during archive processing as well as system backup and restore.

    Archiving lets you manage the size of your incident database and optimize performance. Backup lets you safeguard your policies, forensics, configuration, data, fingerprints, encryption keys, and more.

    If you do not plan to archive incidents or perform system backup and restore, you do not need to fill out this screen.

    Before proceeding, create a folder in a location that both the database and Forcepoint management server can access. (The folder must exist before you click Next.) On average, this folder will hold 10 GB of data, so choose a location that can accommodate this.

    On the Temporary Folder Location screen, complete the fields as follows:
    • Mark Enable incident archiving and system backup to make it possible to archive old or aging incidents and perform system backup or restore. This box does not appear when you run the installer in Modify mode and perform a disaster recovery restore operation.
    • In the From SQL Server field, enter the path that the SQL Server should use to access the temporary folder. As a best practice, use a remote UNC path, though local and shared network paths are supported. Make sure the account used to run SQL has write access to this folder.
    • In the From Forcepoint management server field, enter the UNC path the management server should use to access the temporary folder. For example: \\10.2.1.1.\folder. Enter a user name and password for a user who is authorized to access this location.
      To grant this permission, issue the following T-SQL commands on the SQL Server instance:
      USE master
      GRANT BACKUP DATABASE TO <user>
      GO
      After installation of Forcepoint DLP components, you can revoke this permission:
      USE master
      REVOKE BACKUP DATABASE TO <user>
      GO
  6. In the Local Administrator screen, create an account for the local administrator user on this server. Supply the user name and password to use to access this server during installation and operation. Use this same administrator wherever Forcepoint DLP components are installed. The server/host name portion of the user name cannot exceed 15 characters. The password must:
    • Be at least 8 characters
    • Contain upper case characters
    • Contain lower case characters
    • Contain numbers
    • Contain non-alphanumeric characters
  7. In the Installation Confirmation screen, click Installto begin installation of Forcepoint DLP components.
  8. If a message about freeing port 80 appears, click Yes to continue the installation:
    • Clicking No cancels the installation.
    • A similar message for port 443 may appear. Click Yes to continue or No to cancel the installation.
  9. The Installation progress screen appears. Wait for the installation to complete.
  10. When the Installation Complete screen appears, click Finish to close the Forcepoint DLP installer.
  11. If no other Security Manager module is chosen for installation, you are returned to the Modify Installation dashboard. Installation is complete.

    Otherwise, you are returned to the Installer Dashboard and the next component installer is launched.

    For information on installing other Forcepoint DLP components, such as the protector, mobile agent, Analytics Server, crawler, or endpoint client, see the Forcepoint DLP Installation Guide.