What are the pre-requisite requirements for the target machines like Windows 2003, Windows 2008 and SQL 2005 in domain/workgroup in order to perform successful data collection and evaluation job by Control Compliance Suite.
When querying the target servers in Domain using Data Collection agent less, the CCS Query Engine Service account should have Local Admin rights on all the target machines in order to successfully run the queries.The recommended privilege is Domain Admin rights to the Query Engine Service Account.There is not much required regarding security options. For Querying workgroup machines the Query Engine machine should be installed on any of the machine in the workgroup and the service account under which query engine service is running should be added in the local administrators group on all the machines in the workgroup.
Please check the following KB to know more about the query engine service account user rights.
The Control Compliance Suite (CCS) components use your existing TCP/IP network to communicate with each other. Based on your network configuration and on the location of your components, the communications may need to pass through a firewall. When the communications need to pass through a firewall, you must configure the firewall ports to allow components to access each other.
You can configure the ports that each component uses if you choose.Firewalls are often located between the CCS components and the Application Server. In addition, firewalls are found between the Application Server and the Data Processing Service (DPS) Load Balancers or Collectors. The Application Server and the Control Compliance Suite Directory should be located with no firewalls in between.
The default ports that the CCS components use are as follows:
3) Directory Support Service---- 12467 4) Encryption Management Service ----12468 5) Data Processing Service ---- 3993 6) Production database or reporting database ---- 1433 7) Control Compliance SuiteWeb Console server ---- 80
If the CCS infrastructure components must traverse a firewall to contact the Domain Controller, you must open additional ports.
Table 2-2 lists the additional ports that must be open
Port Protocol Used by 123 UDP Windows Time Service (W32Time) 138 UDP NetBIOS 3890 TCP LDAP UDP 636 TCP LDAP SSL 88 TCP Kerberos UDP
The following ports must be open to allow the DPS Collector to connect to a Symantec RMS data collector: 1) 3027 2) 135 3) 137 4) 139
Port 5600 must be open to allow the DPS Collector to connect to a Symantec ESM data collector. Note: You must use a port in the range from 1024 to 65535 for the Directory Server.
Also the following services should be up and running on the CCS machines and the target machines, 1) Server service 2) Workstation service 3) RPC service 4) Remote Registry service
Note: The service account which you select should be Domain Admin Equivalent in order to query and collect the data from the whole domain.The domain where you install the Application Server and the Directory Server must be a Windows Server 2003 or a Windows Server2008 domain. The functional level of the domain can be any of the following: 1) Windows Server 2008 2) Windows Server 2003
CCS has not been validated on Windows Server 2008 “Server Core only”installations. If you install multiple CCS server components on a single host computer, the minimum disk space requirements are cumulative.Please refer the Control Complaince Suite Planning & Deployment Guide to know the minimum disk space requirements. If .NET is not installed, the Control Compliance Suite installer prompts you to install it.Before you install the CCS components, you should run Windows Update to ensure that the latest Windows security updates are installed.
The computers that host the following components must be in the same LAN segment:
1) Application Server and the CCS Web Console server 2) Directory Server 3) Data Processing Service Load Balancer 4) Data Processing Service Evaluator 5) Data Processing Service Reporter 6) Control Compliance Suite Production database 7) Control Compliance Suite Reporting database 8) Control Compliance Suite Evidence database
Before you install the Control Compliance Suite (CCS) clients, you must ensure that the target computers meet the minimum
requirements.Please refer the Control Complaince Suite Planning & Deployment Guide to know the minimum requirements of target computers.
Imported Document ID: TECH168336
Subscribing will provide email updates when this Article is updated. Login is required.