Step 5: Install Data management components

Follow these instructions to install Forcepoint DLP management components on the management server. This includes:

A Forcepoint DLP policy engine
Primary fingerprint repository
Forensics repository
Endpoint server

After installing the Forcepoint Infrastructure and (if needed) the Web Security management components, install the

Steps

When the Forcepoint DLP installer is launched, a Welcome screen appears. Click Next to begin Forcepoint DLP installation.
Note:
Both .NET 3.5 and 4.5 are required for the Forcepoint Infrastructure.
- For Windows Server 2008 R2 SP1, you can add .NET 3.5 from Server Manager\Features. Usually this feature is On by default. You must download .NET 4.5 from the Microsoft site, https://msdn.microsoft.com/en-us/library/5a4x27ek%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396.
- For Windows server 2012/2012 R2, you can both .NET 3.5 and .NET 4.5 from Server Manager\Features. Usually v3.5 is Off by default and v4.5 is On by default. Turn them both on.
In the Select Components screen, click Next to accept the default selections.

Note: If there is insufficient RAM on this machine for Management Server components, a message appears. Click OK to dismiss the message. You are allowed to proceed with the installation. However, it is a best practice to install only if you have sufficient RAM.
If prompted, click OK to indicate that services such as ASP.NET and SMTP will be enabled.
Required Windows components will be installed. You may need access to the operating system installation disc or image.
On the Fingerprinting Database screen, accept the default location or use the Browse button to specify a different location.
Note that you can install the Fingerprinting database to a local path only.
If your SQL Server database is on a remote machine, you are prompted for the name of a temporary folder. This screen defines where Forcepoint DLP should store temporary files during archive processing as well as system backup and restore.
Archiving lets you manage the size of your incident database and optimize performance. Backup lets you safeguard your policies, forensics, configuration, data, fingerprints, encryption keys, and more.

If you do not plan to archive incidents or perform system backup and restore, you do not need to fill out this screen.

Before proceeding, create a folder in a location that both the database and management server can access. (The folder must exist before you click Next.) On average, this folder will hold 10 GB of data, so choose a location that can accommodate this.

On the Temporary Folder Location screen, complete the fields as follows:
- Enable incident archiving and system backup: Check this box if you plan to archive old or aging incidents and perform system backup or restore. This box does not appear when you run the installer in Modify mode and perform a disaster recovery restore operation.
- From SQL Server: Enter the path that the SQL Server should use to access the temporary folder. For best practice, it should be a remote UNC path, but local and shared network paths are supported. For example: c:\folder or \\10.2.1.1.\folder. Make sure the account used to run SQL has write access to this folder.
- From Management Server: Enter the UNC path the management server should use to access the temporary folder. For example: \\10.2.1.1.\folder. Enter a user name and password for a user who is authorized to access this location.
To grant this permission, issue the following T-SQL commands on the SQL Server instance:

USE master

GRANT BACKUP DATABASE TO <user>

GO

After installation of Forcepoint DLP components, you can revoke this permission:

USE master

REVOKE BACKUP DATABASE TO <user>

GO
In the Installation Confirmation screen, click Install to begin installation of Forcepoint DLP components.
If a message about port 80 or port 443 is displayed, click Yes to continue the installation.
Clicking No cancels the installation.
The Installation progress screen appears. Wait for the installation to complete.
When the Installation Complete screen appears, click Finish to close the Forcepoint DLP installer.
If no other Security Manager module is chosen for installation, you are returned to the Modify Installation dashboard. Installation is complete.
Otherwise, you are returned to the Installer Dashboard and the next component installer is launched.

Next steps

For information on installing a supplemental Forcepoint DLP server, see Installing data components. For information on installing other Forcepoint DLP components, such as the protector, mobile agent, or endpoint client, see the Forcepoint DLP Installation Guide.