Prerequisites
The following is a list of the requirements for the application server that will host the Data Security Essentials applications. Data Security Essentials is a peer-to-peer solution that allows multiple Data Security Essentials servers in multiple sites. It's also highly scalable, so these are to be considered "minimum requirements":
- FlashBlade
- FlashArray
FlashBlade Configuration
- Operating System: Windows Server 2019 or later
- Memory: 16GB+
- CPU: 8
- Disk: Sufficient space for the OS + 10GB reserved for the application and logs (includes SQL Express)
- Connection: Connection to Pure Syslog, 1GB network connection
- Superna Data Security Essentials installer which includes:
- Data Security Essentials Smart Policy Manager
- Data Security Essentials
- Windows Services to Monitor:
- EASE System Manager
- Superna Data Security Essentials Services
- Service Account Privileges: See detailed configuration below for required DSES service account and storage administrator privileges
Service Account Privileges
DSES (Data Security Essentials) Service Account
Assign backup and restore privileges to the DSES service account on each FlashBlade server through a GPO policy. Name this GPO Backup Operator and include:
- Back up files and directories privilege
- Restore files and directories privilege
Assign this policy to the FlashBlade Server's Active Directory Computer Name. Apply the privilege directly to the DSES service account or to a group that contains it.
Storage Administrator Account
Assign the Manage auditing and security log privilege to storage administrators through a GPO named privilege to setup SACLs. Apply this GPO to each FlashBlade Server's Active Directory Computer Name.
This privilege applies only to storage administrators who configure FlashBlade auditing policies and DSES Audit Tasks, not to the DSES service account.
FlashArray Configuration
- Operating System: Windows Server 2019 or later
- Memory: 16GB+
- CPU: 8
- Disk: Sufficient space for the OS + 10GB reserved for the application and logs (includes SQL Express)
- Connection: Connection to Pure Syslog, 1GB network connection
- Superna Data Security Essentials installer which includes:
- Data Security Essentials Smart Policy Manager
- Data Security Essentials
- Windows Services to Monitor:
- EASE System Manager
- Superna Data Security Essentials Services
- Service Account Privileges: See detailed configuration below for required DSES service account and storage administrator privileges
Service Account Privileges
DSES (Data Security Essentials) Service Account
Assign backup and restore privileges to the DSES service account by adding it to the local Backup Operators group on the FlashArray.
Storage Administrator Account
Assign the Manage auditing and security log privilege to storage administrator accounts by adding them to the local Audit Operators group on the FlashArray.