Installing Managers

The Signiant Manager automates, accelerates, manages, and securely controls the movement of high-value digital content within and between organizations and ecosystems. Engineered for large-scale data transfer requirements, the Manager is built on a core system architecture that consists of a collection of Agents and a platform for managing system tasks.

The Manager orchestrates file transfers and notifications, as well as administration, control, and reporting tasks. Administrative users interact with the Manager through a web-based platform for configuring the system, automating tasks, managing system activity, and reporting. The Manager is installed on a central system and coordinates and logs the data transfer activities carried out by Signiant Agents. The Agents are installed on remote computer systems and are responsible for the actual transfer of data.

Signiant Agents support transfer replication, enabling geographically distributed systems to remain in sync, regardless of location. All jobs are automatically replicated using push distribution between the source Agent and the replicated target Agents. Use the job view to see an up-to-date graph of the aggregate transfers to all replicating Agents.

In order to install a Manager, you must meet Manager+Agents System Requirements.

Installation Checklists

Before installation, record the following installation information:

Note: All host names/domain names required for the installation should be fully-qualified and resolvable at the time of installation.

  • Organization Name
  • Account User: NT Authority\system will be used by default. Usually a Signiant-dedicated user account under which all data transfers are performed. If only local data is being accessed, you can use the default installation account of NT Authority\System. Otherwise, it is recommended that you create a new account within your Active Directory (or domain) and test its ability to logon to the intended systems- i.e., copy/move data while logged on using this account. This user must exist on the Agent - it is not created during the installation.
  • Windows Domain
  • Mail Server
  • Locality Information: City, state, etc. where the Manager is installed
  • CA Passphrase: Keep your Passphrase secure. If you forget it, you will have to reinstall the Signiant software.

On Linux, disable ipv6 in /etc/hosts by commenting out the appropriate line. (e.g. # ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6) and ensure the following line exists: 127.0.0.1 localhost.localdomain localhost

Installing a Manager

To install a Manager on Linux:

  1. Contact Signiant Customer Support to obtain the installer.
  2. Extract the tar.gz file contents (tar -zxvf <filename>).
  3. Go to the extracted directory and enter install.sh.
  4. Follow the instructions on each screen, and input the required information.

To install a Manager on Windows:

  1. Contact Signiant Customer Support to obtain the installer.
  2. Run your downloaded .exe file. This will extract the contents into a temporary folder and will automatically launch the Signiant installer.
  3. Follow the instructions on each screen, and input the required information.

Note: Before installing a Windows-based Manager, make sure that the secondary logon service is enabled and started. This is done through the Control Panel > Administrative Tools > Services. Also ensure that the user right Logon as a service exists under Control Panel > Administrative Tools > Local Security Policy > Local Policies > User Rights Assignment.

Installer Prompts

The following list describes the fields in the various installation screens in the approximate order in which they appear. Some screens may not appear, depending on the options you choose during the installation.

Organization Name
The name to identify the organization using the software. This is usually your company name.

Agent installations require installation keys
Choose this option to require users to specify installation keys when installing Agents.

Agent Installations do not require installation keys
Installation keys are a mechanism that allows Signiant administrators to control the number of Agents a user can install. The Certificate Authority generates these keys, which are valid for a certain period of time. However, you may wish to simplify Agent installation by not requiring an installation key to install an Agent. Not requiring Agent installation keys is the default value.

Enable Rapid Basic Installation Mode
Rapid Basic Installation (RBI) automatically uses Signiant configuration options that make it easy to get started quickly with Signiant Agents. It also includes keyless Agent installation. This mode of installation is appropriate in production environments where the advanced security functions of the Signiant software are not required, as well as in test environments. RBI is enabled by default.

Disable Rapid Basic Installation Mode
Disable RBI if you want to specify your own configuration options for Signiant Agents.

Default Users

Use system on Windows and root on Linux
Use the specified values as the default user (the user which jobs run as on the Agents) on Windows and Linux.

Specify other values for the default users
Allows users to specify their own values for Windows and Linux default user and password, as well as for the Windows domain.

Default User IDs (Appears if you select Specify other values for the default users)

Default Userid (Linux)
The user which jobs run as on Linux Agents. This user ID must exist or be resolvable on the Agent; it is not created during the installation.

Default Userid (Windows)
The user which jobs run as on Windows Agents. This user ID must exist or be resolvable on the Agent; it is not created during the installation.

Windows Domain
This value is used to qualify user IDs and grants for Windows hosts.

Windows Userid Password
The password for the specified default user on Windows.

Verify Windows Userid Password
Confirm the password for the specified default user on Windows.

Linux (Custom setup only)
The default directory that Linux Agents use to send or receive data when the directory is not explicitly specified in a workflow component.

Windows (Custom setup only)
The default directory that Windows Agents use to send or receive data when the directory is not explicitly specified in a workflow component.

Administrator # (Custom setup only)
Specify up to five Signiant administrator userIDs. These users are able to perform administrative tasks on the local Agent.

Group Name (Custom setup only)
The group to be used for group privileges on the Manager host. The installation creates this group if it does not already exist.

Signiant Port Numbers

AgentPort
This port number is required to set up Signiant services on the Manager host. Enter the port number on which the specified service will be running. Note that Signiant requires that ports 80 and 443 be available for Manager/Agent communication. If another application on your system is using these ports, a warning appears, requesting you to release the port(s) and re-run the installer.

RulesServerPort
This port number is required to set up Signiant services on the Manager host. Enter the port number on which the specified service will be running. Note that Signiant requires that ports 80 and 443 be available for Manager/Agent communication. If another application on your system is using these ports, a warning appears, requesting you to release the port(s) and re-run the installer.

SchedulerPort
This port number is required to set up Signiant services on the Manager host. Enter the port number on which the specified service will be running. Note that Signiant requires that ports 80 and 443 be available for Manager/Agent communication. If another application on your system is using these ports, a warning appears, requesting you to release the port(s) and re-run the installer.

Signiant Certificate Authority Setup Parameters Screen

Organization Name
Name of your company

Locality (City)
The city where your company is located.

State/Province
The state/province where your company is located.

Country Code
Note that the Country Code is in X.509 standard (for example US for United States, CA for Canada).

Organizational Unit
A division in your organization (for example, Acme Marketing).

CA Common Name
Common name for the Certificate Authority. Can be any combination of alphanumeric characters, symbols, and spaces (for example, Acme Company CA). If you plan to have Agents communicate with Agents in other organizations, this field must be unique across organizations. For this reason, the fully qualified domain name of the host is appended by default.

Admin Password
This password is used to log into the Signiant Manager.

CA Passphrase
Used to unlock the private key of the Certificate Authority (CA). Must be at least seven characters. Since the CA password phrase protects the actual CA, it should be long and complex, since it seldom (probably never) changes. Record your passphrase in a safe place. Note: If you perform a standard install, you will not be required to enter a CA passphrase. The passphrase is set automatically to what the admin user password is set.

CA AdminPassphrase
Used to perform CA administrative functions. Must be at least seven characters. This password phrase is used frequently in the Manager. Record your passphrase in a safe place.

First Time Logon

Logging into the Manager

Once you install the Manager, you can log into it using the URL provided by your Signiant administrator. The URL should be in the following format: https://<Manager_address>/signiant, where <Manager_address> is the fully qualified host name of the Manager.

Note: You may need to configure the pop-up blocker in your browser to use certain parts of the Manager interface.

Adding License Keys

In order to use the Signiant software and any additional features or applications you have purchased, you must add their licenses to your Manager. The Licenses page displays a list of the features for which you have purchased a license, as well as the associated license key, its expiry date, the date it was added, its status (Active or Expired), and the licensed Agent count for the feature.

To add a license key to the product:

  1. From the Manager, select Administration > Manager > Licenses.
  2. Click the Add button.
  3. Type the license key(s) into the field.
  4. Separate multiple keys with a space or place each key on a separate line and click OK.

Configuring E-Mail Notifications

By default, Manager notifications are sent from transmgr@<managerhostname>. In most cases, mail servers will have no problem accepting mail from this address. Some email server configurations, however, require a valid email address, that exists in the domain, in order to deliver the mail. In such systems, failure to update the email address of the sender will result in no email notification delivery, and errors recorded in the mail server event log that indicate mail being rejected from the Signiant Manager server.

To configure and test email notification:

  1. From the Manager, select Administration > Manager > Email Notification.
  2. Email configuration is comprised of the following:

Edit

To specify email properties:

  1. Click the Edit tab.
  2. Specify the following:

    • Mail Server
    • Mail Server Port: The default value is 25.
    • Mail Server Connection Mode
    • Mail Server Connection Timeout (seconds): This is a mandatory field with a minimum value of 10 seconds and a maximum value of 600 seconds.
    • Email Address of Sender
    • Name of Sender
  3. If applicable, select Enable server authentication and specify a Username and Password.
  4. Click OK to save and exit, or Apply to save and keep the dialog open.

Send a Test Email

To test the email notification feature:

  1. Click the Send a Test Email tab.
  2. Enter a recipient email address.
  3. Place a check in the SMTP Logging check box to retrieve and display SMTP logging messages for this test email in the Mail Log panel. These messages are not saved to a log file.
  4. Click Test.
  5. Click OK to save and exit, or Apply to save and keep the dialog open.
  6. Log into the account for the test email address to verify that the test email was received. If not, reconfigure your email notification options and re-test.

Updating Maintenance and Backup Jobs

On a fresh install, Signiant creates default log maintenance and Manager backup jobs, with a default schedule and preferences. You can modify these jobs to suit your own scheduling needs and add an e-mail address for notification purposes, in case of job failure.

In the case of the backup job, you must first install an Agent to which you want to assign the backup before you can specify a different Agent from the default (Manager Agent).

It is important that you verify that these old jobs were properly migrated to the new ones and that you can delete the legacy ones. You can do so by going to Jobs > Report > Job Groups and comparing them to the migrated versions. Do not un-suspend them, or they will interfere with the new backup/maintenance jobs.

Creating a Copy of the Administrative User

There are several scenarios where having only one Signiant administrative account may cause problems (the account gets locked out, the password is forgotten, and so on). Signiant recommends that you have at least one other account with administrative access.

To create a second administrative account:

  1. From the Manager, select Administration > Users > List.
  2. In the user list, select User, Admin and click Copy.
  3. Fill in new information for the user and click OK.

Configuring Third Party Certificate Usage

Depending on the browser you are using, you may get a warning message every time you log into the Signiant Manager. To avoid receiving this message, you can obtain a third party certificate for your JBoss server through Signiant.

Setting Certificate Alarms

The Signiant Manager Web server and each of the Agents use a digital certificate. These certificates have a lifespan associated with them, and renew automatically, except where the web server certificate is issued by a third party, or if Agents are unable to communicate with Manager for an extended period of time.

Agents must be able to connect to the manager via port 443 to renew their digital certificates. If an Agent has an invalid certificate, it will not be able to transfer files.

Signiant recommends that you configure Certificate Alarms to receive e-mail alerts at user-specified times before certificates expire. The e-mail shows Web server and Agent certificates that have not yet renewed within the user-configured threshold period, and directions on where to find information about renewing certificates.

The user will receive a daily notification until someone renews the Agent certificate, or if the certificate is not renewed, up to 5 days after the certificate expires.

To set up certificate expiry alerts:

  1. From the Manager, select Administration > Alarms > Certificates.
  2. Click Add. The certificate alarm configuration screen appears.
  3. Complete the information in the dialog.

Upgrading a Manager

Upgrading ensures you have the latest features and updates to the Signiant Manager and Agents software. Rather than performing a new installation, upgrading enables you to keep your configuration and receive the latest Signiant software release.

A software upgrade stops all Signiant processes. During the upgrade, any jobs that you have scheduled will not run. Make sure that you perform your upgrade at a time that will ensure the least disruption to your system. For example, if you have a job that is scheduled to run infrequently (once a week, once a month, quarterly, yearly and so on), do not perform the upgrade on the date and time during which this particular job would run. The job will not run until its next scheduled time.

Make sure you are not running System Health when performing an upgrade.

Note: Manager upgrade time vary greatly depending on the system being upgraded. There may be little indication of progress during the upgrade.

To upgrade a Manager on a Linux system:

  1. Download the compressed tar.gz file from Signiant web site (www.signiant.com) to a temporary location on your Linux server.
  2. Extract the tar.gz file contents (tar -zxvf <filename>, e.g. tar -zxvf DTM_LRH6_64_12.0.100.SIGNIANT.tar.gz
  3. Go to the extracted directory and enter install.sh.
  4. Follow the instructions on each screen, and input the required information. The installation process stops all Signiant processes while it upgrades the software. During the upgrade, any jobs that you have scheduled will not run. In the Signiant Administrative Password screen, the existing Manager admin password will be reset to what you enter.
  5. Verify that a backup job exists and still works.

Signiant supports restoring from backups by the same version of the Manager. Ensuring that the backup job exists and works in your upgraded Manager makes restoring from a backup possible. Refer to Configuring Manager Backup for information on running the backup job.

To upgrade a Manager on a Windows system:

Note: Before upgrading your Manager, ensure it is backed up.

  1. Run your downloaded .exe file. This will extract the contents into a temporary folder and will automatically launch the Signiant installer.
  2. Follow the instructions on each screen, and input the required information. The installation process stops all Signiant processes while it upgrades the software. During the upgrade, any jobs that you have scheduled will not run. In the Signiant Administrative Password screen, the existing Manager admin password will be reset to what you enter.
  3. Verify that a backup job exists and still works.

Signiant supports restoring from backups by the same version of the Manager. Ensuring that the backup job exists and works in your upgraded Manager makes restoring from a backup possible. Refer to Configuring Manager Backup for information on running the backup job.

Uninstalling a Manager

To uninstall the Manager from a Linux system:

  1. Type siguninstall. You must run this command from /<signiant_install_directory >/bin, or fully-qualify the command, <signiant_install_directory>/bin/siguninstall
  2. Follow the on-screen prompts to remove the software. Eventually, you are prompted to remove the database.
  3. Choose Y to remove the database. If you choose N, you can remove the database manually at a later point.
  4. Choose Y to remove users and groups. If you choose N, you can remove the users and groups manually at a later point.

To uninstall the Manager from a Windows system:

  1. Choose Control Panel > Add or Remove Programs.
  2. Locate the Signiant software and click Remove.

Manually Removing the Database

If you choose not to remove the database when uninstalling the Manager components on Linux, you can do so manually by entering the following at the command prompt: rm -fR <install_directory > /db, where <install_directory>is the location where the software was installed.

Manually Removing Users and Groups

If you choose not to remove users and groups when uninstalling the Manager components on Linux, you can do so manually by entering the following:

userdel [-r] <userid> groupdel <groupid>

The -r on userdel means that files in the user's home directory will be removed along with the home directory itself and the user's mail spool.

Enabling and Disabling SSL V3

Note: To disable SSL V3, Manager+Agents must be running version 11.4 or higher.

Use the sslEnableDisable.pl script to manage the enabling and disabling of SSL V3 communication. This script is located in <signiantHome>/bin.

The parameter options for sslEnableDisable.pl are: enableSSLv3 or disableSSLv3 (e.g. sslEnableDisable.pl disableSSLv3).

By default on new installations, SSL V3 communications is disabled. For any upgraded installations, the SSL V3 status is not impacted.

Note: SSL 1.0, 1.1, and 1.2 are always supported.

If SSL V3 is disabled on your Signiant Manager and you have written Perl scripts that use the Net::SSL Perl module for HTTPS communication, you must modify your Perl script to use IO::Socket::SSL module.

If you have the following line in your Perl script: use Net::SSL:

  1. Remove use Net::SSL.
  2. Insert the following:
{
     IO::Socket::SSL- > import();

     IO::Socket::SSL::set_defaults(SSL_verify_mode = >  SSL_VERIFY_NONE);
}
else
{
     require Net::SSL;
     Net::SSL- > import();
}

If the SSL verify mode needs to verify the server certificate, insert the following:

{
     IO::Socket::SSL- > import();

     my $caCertString = '&lt;PEM encoded CA certificate string > ';
     require IO::Socket::SSL::Utils;
     IO::Socket::SSL::Utils- > import('PEM_string2cert');
     my $caCertHandle = PEM_string2cert($caCertString);
     IO::Socket::SSL::set_defaults(
                 SSL_verify_mode = >  SSL_VERIFY_PEER,
                 SSL_ca = >  [$caCertHandle]
                 );
}
else
{
     require Net::SSL;
     Net::SSL- > import();
}

With these changes, your Perl script will work without any further modifications.