Installing a single-tier server on Windows

Symantec recommends that you disable any antivirus, pop-up blocker, and registry-protection software before you begin the
Symantec Data Loss Prevention
installation process.
Create the Enforce Reinstallation Resources file before starting the installation process. This file contains the unique
CryptoMasterKey.properties
file and keystore files for your
Symantec Data Loss Prevention
deployment that you can use if you need to uninstall your deployment.
The following instructions assume that the
SingleTierServer.msi
file, license file, and solution pack file have been copied into the
c:\temp
directory on the Enforce Server.
The installation process automatically generates log information saved to a file
MSI
*
.log
(
*
is replaced with random characters) in the
%TEMP%
folder. You can change log file name and location by starting the installation from the command line by running the
/L*v
option. See the example bellow:
msiexec /i EnforceServer.msi /L*v c:\temp\enforce_install.log
.
After you complete the Single Tier installation, you can find the installation log file at
c:\temp\
.
You can complete the installation silently from the command line. Enter values with information specific to your installation for the following:
Single-tier server installation parameters
for upgrading
Command
Description
INSTALLATION_DIRECTORY
Specifies where the Enforce Server is installed. The default location is
C:\Program Files\Symantec\DataLossPrevention
.
DATA_DIRECTORY
Defines where
Symantec Data Loss Prevention
stores files that are updated while the Enforce Server is running (for example, logs and licenses). The default location is
C:\ProgramData\Symantec\DataLossPrevention
.
If you do not use the default location, you must indicate a folder name for the data directory. If you set the data directory to the drive root (for example
c:\
or
e:\
) you cannot successfully uninstall the program.
JRE_DIRECTORY
FIPS_OPTION
Defines whether to disable (
Disabled
) or enable (
Enabled
) FIPS encryption.
The default is disabled.
SERVICE_USER_USERNAME
Defines a name for the account that is used to manage
Symantec Data Loss Prevention
services. The default user name is “SymantecDLP.”
Enter the user name you used in the previous
Symantec Data Loss Prevention
version. Leave this parameter blank if you used the default user name in the previous
Symantec Data Loss Prevention
version. The name you enter should match the user name you used when you installed
Symantec Data Loss Prevention
. If the user name does not match, add the new user name log on credentials to the DLP services after you complete the migration process.
SERVICE_USER_PASSWORD
Defines the password for the account that is used to manage
Symantec Data Loss Prevention
services.
ORACLE_HOME
Defines the Oracle Home Directory. For example, use
c:\oracle\product\19.3.0.0\db_1
to define the home directory if you use the Oracle 19c database.
ORACLE_HOST
Defines the IP address of the Oracle server computer.
If you are running the Oracle database in a RAC environment, use the Scan Host IP address for Oracle Host, not the database IP address.
ORACLE_PORT
Defines the Oracle listener port (typically 1521).
ORACLE_USERNAME
Defines the
Symantec Data Loss Prevention
database user name.
ORACLE_PASSWORD
Defines the
Symantec Data Loss Prevention
database password.
ORACLE_SERVICE_NAME
Defines the database service name (typically “protect”).
ADDITIONAL_LOCALE
Defines an additional locale for use by individual users.
ENFORCE_ADMINISTRATOR_PASSWORD
This parameter is required during the migration.
The following is an example of what the completed command might look like. The command you use differs based on your implementation requirements. Using the following command as-is may cause the installation to fail.
msiexec /i SingleTierServer.msi /qn /norestart INSTALLATION_DIRECTORY="C:\Program Files\Symantec\DataLossPrevention" DATA_DIRECTORY="C:\ProgramData\Symantec\DataLossPrevention" JRE_DIRECTORY="C:\Program Files\AdoptOpenJRE\jdk8u322-b06-jre" FIPS_OPTION=Disabled SERVICE_USER_USERNAME=SymantecDLP SERVICE_USER_PASSWORD=Password ORACLE_HOME="C:\oracle\product\19.3.0.0\db_1" ORACLE_HOST=
[IP or host name]
ORACLE_USERNAME=protect ORACLE_PASSWORD=
Password
ORACLE_SERVICE_NAME=protect
  1. Log on (or remote logon) as Administrator to the computer that is intended for the
    Symantec Data Loss Prevention
    single-tier installation.
  2. Copy the
    Symantec Data Loss Prevention
    installer (
    SingleTierServer.msi
    ) from
    DLPDownloadHome
    to a local directory on the computer where you plan to install the single-tier system.
  3. Click
    Start > Run > Browse
    to navigate to the folder where you copied the
    SingleTierServer.msi
    file.
  4. Double-click
    SingleTierServer.msi
    to launch the installation wizard.
    A welcome notice appears.
  5. Click
    Next
    .
  6. In the
    End-User License Agreement
    panel, select
    I accept the terms in the License Agreement
    , and click
    Next
    .
  7. In the
    Destination Folder
    panel, accept the
    Symantec Data Loss Prevention
    default destination directory and click
    Next
    .
    Symantec recommends that you use the default destination directory. However, you can click
    Browse
    to navigate to a different installation location instead.
    Directory names, account names, passwords, IP addresses, and port numbers created or specified during the installation process must be entered in standard 7-bit ASCII characters only. Extended (hi-ASCII) and double-byte characters are not supported.
  8. In the
    Data Directory
    panel, accept the default data directory, or enter an alternate directory, and click
    Next
    . The default data directory is:
    c:\ProgramData\Symantec\DataLossPrevention\
  9. In the
    JRE Directory
    panel, click
    Browse
    and locate the JRE, and click
    Next
    .
  10. In the
    FIPS Cryptography Mode
    panel, select whether to disable or enable FIPS encryption.
  11. In the
    Service User
    panel, select an existing local or domain user account.
  12. Click
    Next
    .
  13. In the
    Update User
    panel, confirm the account name and password.
    This account is used to manage updates sent to the detection server.
  14. In the
    Oracle Database Server Information
    panel, enter the
    Oracle Database Server
    host name or IP address and the
    Oracle Listener Port
    .
    If you are running the Oracle database in a RAC environment, use the scan host IP address for the host, not the database IP address. Confirm that the scan host IP for RAC is accessible and that all of the nodes associated with it are running during the installation process.
    You also enter information in the following fields:
    Service Name
    Enter the database service name (typically “protect”).
    Username
    Enter the
    Symantec Data Loss Prevention
    database user name.
    Password
    Enter the
    Symantec Data Loss Prevention
    database password.
    Default values should already be present for these fields. Since this is a single-tier installation with the Oracle database on this same system, 127.0.0.1 is the correct value for Oracle Database Server Information and 1521 is the correct value for the Oracle Listener Port.
  15. Click
    Next
    .
  16. In the
    Additional Locale
    panel, select an alternate locale, or accept the default of None, and click
    Next
    .
    Locale controls the format of numbers and dates, and how lists and reports are alphabetically sorted. If you accept the default choice of None, English is the locale for this
    Symantec Data Loss Prevention
    installation. If you choose an alternate locale, that locale becomes the default for this installation, but individual users can select English as a locale for their use.
    See the .
  17. In the
    Server Bindings
    panel, enter the following settings:
    • Host
      . Enter the host name or IP address of the detection server.
    • Port
      . Accept the default port number (8100) on which the detection server should accept connections from the Enforce Server. If you cannot use the default port, you can change it to any port higher than port 1024, in the range of 1024–65535.
  18. Click
    Install
    to begin the installation process.
    The
    Installing
    panel appears, and displays a progress bar. After a successful installation, the
    Completing
    panel displays.
  19. If you have not done so already, run the Upgrade Readiness tool to confirm that the Oracle database is ready to be migrated to the new instance. If you have already run the Upgrade Readiness tool, skip this step.