cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Federated search

Go to solution
ecrgvp
Level 4

‎04-17-2013 08:36 AM

Hello,

Looking various Discovery Accelerator documents, I seem to be possible to conduct federated search from Discovery Accelerator across multiple EV deployments, I would like to know what specific minimal permissions Discovery Accelerator service account needs on the enterprise Vault environment.

In most cases, we don’t encounter this as both EV and DA share the same service account. However, this will not be the case for federated search across multiple EV deployments..

Thanks,

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Kenneth_Adams
Level 6
Employee Accredited Certified

‎05-22-2013 04:05 AM

Hello, ecrgvp;

In order for DA to search across multiple EV deployments, the following conditions must exist:

1) ALL deployments MUST be running the same version of EV (i.e., all must be running EV 9.0 SP4, or all must be running 10.0 SP3).

2) The Vault Service Account (VSA) used by the DA installation MUST have at least Read permission against every archive to be searched in each EV deployment.

3) The VSA used by the DA instance must have at least Read permission against each EV deplyment's directory service.

If you also want DA to have Custodian Manager synchronize to all of the EV deplyments, the VSA must have at least Read permission to all AD objects in the domains in which the other EV deployments exist.

There must be a trust relationship between the AD domain in which the VSA that runs the DA server exists and all other AD domains in which the other EV deplyments exist. Ideally for us, that would be a 2 way trust.  A one way trust should work if the domains in which the other EV deployments exist trust the DA VSA's domain.  This trust must exist regardless of using Custodian Manager.

Also, there may be a need in the DA server to configure the LMHOSTS file with the 2 entries needed to identify a Domain Controller in the domains hosting the other EV deployments.  Microsoft KB 31 4108(http://support.microsoft.com/kb/314108) provides instructions on how to edit the LMHOSTS file properly.

 

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
AmolB
Moderator
Moderator
Employee Accredited Certified

‎04-18-2013 04:57 AM

Have you checked the below article on EV and Accelerator's accounts & permissions.

http://www.symantec.com/docs/TECH200788

0 Kudos

Go to solution
ecrgvp
Level 4

‎04-18-2013 05:21 AM

Yes, I had gone through it earlier. But, It doesnt address specifics about permissions required for DA service account on EV deployments for doing a federate E-discovery search.

 

0 Kudos

Go to solution
ecrgvp
Level 4

‎04-30-2013 02:05 AM

Can anyone assist here please?

0 Kudos

Go to solution
Rob_Wilcox1
Level 6
Partner

‎04-30-2013 02:13 AM

I've never tried this to be honest - have you tried contacting Support?

Working for cloudficient.com
0 Kudos

Go to solution
Kenneth_Adams
Level 6
Employee Accredited Certified

‎05-22-2013 04:05 AM

Hello, ecrgvp;

In order for DA to search across multiple EV deployments, the following conditions must exist:

1) ALL deployments MUST be running the same version of EV (i.e., all must be running EV 9.0 SP4, or all must be running 10.0 SP3).

2) The Vault Service Account (VSA) used by the DA installation MUST have at least Read permission against every archive to be searched in each EV deployment.

3) The VSA used by the DA instance must have at least Read permission against each EV deplyment's directory service.

If you also want DA to have Custodian Manager synchronize to all of the EV deplyments, the VSA must have at least Read permission to all AD objects in the domains in which the other EV deployments exist.

There must be a trust relationship between the AD domain in which the VSA that runs the DA server exists and all other AD domains in which the other EV deplyments exist. Ideally for us, that would be a 2 way trust.  A one way trust should work if the domains in which the other EV deployments exist trust the DA VSA's domain.  This trust must exist regardless of using Custodian Manager.

Also, there may be a need in the DA server to configure the LMHOSTS file with the 2 entries needed to identify a Domain Controller in the domains hosting the other EV deployments.  Microsoft KB 31 4108(http://support.microsoft.com/kb/314108) provides instructions on how to edit the LMHOSTS file properly.

 

0 Kudos

Go to solution
ecrgvp
Level 4

‎05-22-2013 05:12 AM

Thanks a lot Ken..

0 Kudos