Installation process

Step

Procedure



1

To install and configure SQL Server, see Appendix A, Configure SQL Server.

2

Ensure the login method to SQL is Mixed mode.

3

Set the SQL Server database service and SQL Server Analysis Service to run under the same service account.

Step

Procedure



1

On the database server, open SQL Management Studio and create a system administrator-equivalent user. Or you can create an additional user to use for web application access using SQL Authentication.

2

Disable all password policy enforcements and set the default database to Master.

3

The recommended settings are as follows:

Administrator: ndSQLadmin (sysadmin)

Webuser: webuser (a role created by the Ringtail Database Utility).

Step

Procedure



1

On the database server, run the installer Ringtail9-SQLComponent_<latest version>.exe.

2

In the Welcome window, click Install, and then click Next.

3

In the Destination Folder window, click Next.

4

In the Database Connection window, do the following:

Server Name:

Select the server name from the list, or

If you are using a non-default SQL instance or port number, type the server name in the following format: server name\instance, port, or

Type the DNS alias for the server.

Authentication: Type the SQL Server Login name and Password used to connect to the SQL Server.

Note: These credentials are the SA or equivalent of the SQL Server user ID and password.

To test the connection to the SQL Server database, click Test Connection, or click Next to proceed.

Note: To enable the Next button, you must click on another control in the window.

5

In the Enter the database user username (webuser) box, type the webuser name that SQL Server uses to connect to the case database and application.

Note: The database user username is the webuser account. It is case sensitive. Use only alphanumeric characters.

At this point, you can also create a new account for the database user. Select Create a New Account and then type and confirm a password for the account.

Click Next.

6

In the Ready to install Ringtail SQL Component window, click Install.

Step

Procedure



1

On the database server, run the Ringtail9-DatabaseUtility_<latest version>.exe installer.

2

In the Welcome window, click Install, and then click Next.

3

In the Destination Folder window, click Next.

4

Click Install, and when the installation completes, click Finish.

Step

Procedure



1

To launch the Ringtail Database Utility, on the Windows Start menu, select Programs > Ringtail > Ringtail Database Utility.

2

To connect to the SQL Server database server, type the Server Name, the Port Number (if required), and the Nuix Discover SysAdmin User Name.

We recommend using SQL Authentication, in which case you need to enter the SQL administrator’s user name and password. If you choose to use integrated authentication (who you are logged in as) instead, leave the check box cleared.

Click Connect to continue.

3

To create the portal database, do the following:

Under Connections, select the SQL Server on which you want to create the database, and log in to that database.

Under Actions, click Create.

Under Create New Ringtail Database, in the Type list, select Portal.

4

Provide the following for the portal database:

Name: Name of the new database. The portal database name must not match an existing database on the target database server and must not contain any special characters. Commonly, this database name is portal.

Version: Version for which you want to create the database.

Database User: SQL Server login name that the application uses to connect to the database. This must be the SQL webuser account that is described in the Service account section of the Planning chapter. Commonly, this is webuser.

Note: The database user name must already exist on the target server. This user name is case sensitive.

Portal Admin User: This is the first user created in the application. We recommend that you use the Nuix Discover Service Account as described in the Service Account section of the Planning chapter. This account will be created as a system administrator category in the application. This account will also be used as the Portal Service Account.

Portal Admin User Password: Service account password. Enter the password of the Nuix Discover Service Account.

Note: Make note of the user name and password as you will use these to log in to the application for the first time.

5

To create the RPF database:

Under Actions, click Create.

Under Create New Ringtail Database, in the Type list, select RPF.

6

Provide the following:

Name: Name of the new database. The RPF database name must not match an existing database on the target database server and must not contain any special characters.

Version: Version for which you want to create the database.

Database User: SQL Server login name that the application uses to connect to the database. This must be the SQL web user account that is described in the Service account section of the Planning chapter. This is commonly webuser.

Click Create.

Note: The database user name must already exist on the target server. The user name is case sensitive.

Step

Procedure



1

In the Ringtail Database Utility, select your server. Then, under Actions > Server Databases, click Connect Temp.

2

Under Actions, under Temp Database, click the Upgrade to arrow, and then select the latest version available. If the upgrade is successful, the value for the Database Version number matches the value for Latest Server Version.

3

If you are using Ingestions, use the following procedure to upgrade the NIST list.

With rs_tempdb selected under Connections, under Actions, under Nist Reference Table, click the Upgrade Nist to arrow, and then select the latest version available. Versions are named using the year and quarter. For example, 2020Q4. The NIST upgrade will take several minutes.

After the upgrade completes successfully, click OK in the Completed window.

Step

Procedure



1

Open a PowerShell prompt as Administrator and execute the following command:

New-SelfSignedCertificate -Subject "CN=DiscoverSTS" -KeySpec "KeyExchange" -KeyUsage EncipherOnly, CRLSign, CertSign, KeyAgreement, DataEncipherment, KeyEncipherment, NonRepudiation, DigitalSignature, DecipherOnly -KeyExportPolicy "Exportable" -FriendlyName "DiscoverSTS" -CertStoreLocation "cert:\LocalMachine\My" -NotAfter $([datetime]::now.AddYears(30))

Note: This step should be used for creating a self-signed certificate. If you are using a signed certificate from a Certificate Authority, proceed to step 2.

2

Copy the STS certificate thumbprint details. You must provide the thumbprint later when you install the web application.

The following figure shows an example of running step 1, as described in the previous table. The values for the Thumbprint and Subject are highlighted. Note that “CN=” is not highlighted and is not used for the installation. The Subject (without “CN=”) is used for both Subject and Issue Name in the Ringtail web installer.

Step

Procedure



1

On the Windows Start menu, select Run or press Window-R.

2

In the Run window, type certlm.msc, and then click OK.

3

Grant permission for the certificate private keys.

On the certlm, expand the Personal\Certificates on the left.

Then right-click the installed STS certificate.

On the menu, select All Tasks, and then select Manage Private Keys.

In the Permissions for DiscoverSTS private keys window, select the IIS_IUSRS user.

If the IIS_IUSRS group is not present, click Add.

Set the location to be the local machine and enter IIS_IUSRS.

To be sure that the name is found, select Check Names.

To allow this user only Read access, clear the Full Control check box, and then click OK.

4

Right-click to drag and copy the certificate into the Trusted People store.

5

You must provide the STS certificate information later when you install the Ringtail web application.

Important: If you are installing more than one web server, or you are using a Hit highlight Service or the Login Service, the same certificate must be used on all servers. That requires you to export the certificate created in this procedure and import it to the other web servers or search servers.

6

Use the following procedure to export the RingtailSTS certificate.

Right-click the DiscoverSTS certificate, and then choose All Tasks > Export.

7

In the Welcome to the Certificate Export Wizard window, click Next.

In the Export Private Key window, select the Yes, export the private key option.

Click Next.

In the Export File Format window, do the following:

Select the Personal Information Exchange - PKCS # 12 (.PFX) option.

Select the Include all certificates in the certification path if possible, check box.

Select the Export all extended properties check box.

Click Next.

In the Security window, do the following:

Select the Password check box.

Provide a password.

Confirm the password.

Select the default encryption in the Encryption drop-down.

Click Next.

The Certificate Export Wizard Security screen with the Password fields completed.

In the File to Export window, do the following:

Browse or type a path and filename.

Click Next.

To complete the export wizard, click Finish.

8

Copy the DiscoverSTS.pfx certificate to each web server, Hit highlight Server (if deployed), and Login Server (if deployed).

Step

Procedure



1

On the web server, run the installer, Ringtail9-Web_<latest version>.exe.

2

On the web server, double click Ringtail-Web _<latest version>.exe. It will automatically change to Administrator mode.

When the PowerShell window appears (it may take a minute or two), enter and confirm the settings, and press Enter to submit a value.

3

When the PowerShell window appears, in the Installation directory prompt, C:\Program Files appears by default. Press Enter.

Note: The Installation directory is the location where the application will be installed locally. For example, C:\Program Files\Ringtail. This appears automatically on all new installations.

4

In the Classic Website Name prompt, Default Web Site appears by default. Accept the default and do not change the value. Press Enter.

5

In the Classic Website Mapping prompt, RingtailLegal appears by default. Accept the default and do not change the value. Press Enter.

6

In the Ringtail Web Application Name prompt, Default Web Site/Ringtail appears by default. Press Enter.

Note: The Ringtail Web Application Name is the IIS location for the Discover web application. This must be a site name followed by an application name. This is the IIS website that hosts the public Discover Web application which all traffic will connect to. Any valid site name works here, although it should be a site that is exposed to public traffic. This should NOT be "Ringtail Internal." This installer creates versioned web applications on an internal website called "Ringtail Internal" to support side-by-side deployments. The Default Web Site routes to the Ringtail Internal website through IIS URL rewrite rules.

7

In the Browser Protocol prompt, http appears by default. You can accept the default or enter https. Press Enter.

Note: The Browser Protocol is the URL scheme the client browser is expected to make the call as. This is used to customize URLs returned to the user for static contents and API calls.

Enter http or https to set the client web browser to access the web server (IIS).

8

In the STS Certificate Issuer Name prompt, enter the certificate name you used when creating the STS Certificate above (usually DiscoverSTS). Press Enter.

Note: The STS Certificate Issuer Name is the name of the issuer of the STS token used for exchange between the STS server and the web application. This value uniquely identifies the STS.

9

In the STS Certificate Name prompt, Enter the certificate name you used when creating the STS Certificate above (usually DiscoverSTS). Press Enter.

Note: STS Certificate Name: The name of the certificate used in the STS configuration. This certificate is used to encrypt/decrypt tokens.

10

In the STS Certificate Thumbprint prompt, enter the thumbprint of the STS certificate that you created or installed on the web server. See Adjust the STS Certificate.

Note: The STS Certificate Thumbprint: The thumbprint of the certificate used in the STS configuration. This certificate is used to encrypt or decrypt tokens.

Warning: When you paste the thumbprint, do not include any leading or trailing spaces.

11

In the SSL Usage prompt, false appears as the default entry. Keep the default (false) or enter true. Press Enter.

Note: The SSL Usage indicates whether all URL requests with the web application must use secure communication (https), including cookies.

Valid values are:

false (default): It depends on the server configuration and the browser protocol. If SSL is set up, both http and https are supported.

true: This forces all URLs returned to clients for static contents, API request endpoints, and generated URLs for deep links will be secure (https).

Note: The SSL Usage prompt appears as false by default. You can leave it or change it to true.

12

In the IIS Authentication Mode prompt, Forms appears by default. You can leave the default or enter Windows. Press Enter.

Note: IIS Authentication Mode indicates whether Windows domain or a custom authentication provider is used to authenticate users. This setting applies to the Web component only.

To use Ringtail authentication, enter Forms.

To use Windows authentication or the Ringtail Active Directory self-service password management functionality, enter Windows.

13

In the Self Service Authentication Mode prompt, Ringtail appears by default. You can leave the default or enter ADSelfService. Press Enter.

Note: Self Service Authentication Mode is for custom authentication methods. This configuration determines what kind of authentication provider you are going to use. User information can be stored in Windows Active Directory (AD) or in Ringtail database. Valid values are:

Ringtail (default): User information stored in the portal database will be used to authenticate users (username and password).

ADSelfService: Active Directory Domain Services (AD DS) will be used to authenticate the users.

14

In the Web URL prompt, enter the public URL for the web component. You can use either HTTP or HTTPS. The URL must appear as: http(s)://<address>/ Press Enter.

Note: The Web URL is made up of:

http(s): This is how the Web component site is set up to be accessible.

hostname: The name that will be used to access the web server, such as web server name, website name, load balancer name.

webappname: The name of the web application. This value is commonly the same as the WebAppName. The input value can be ringtail, discover, or any valid application names.

For example: http(s)://<address>/Ringtail

15

In the Help URL prompt, enter the public URL for the help component of Ringtail. This could be on the same server or on a different server. The URL is independent of the other input values. For example, http(s)://<address>/RingtailHelp. Press Enter.

Help URL: Use either HTTP or HTTPS. The URL must be: http(s)://<address>/RingtailHelp

Note: This prompt has no default; you must enter the public URL. If you do not provide the online help URL, the application disables links to the online help.

16

In the Legal URL prompt, enter the public URL for the Ringtail classic web component. This is the component that is hosted on the same server. Enter: http://localhost/RingtailLegal. Press Enter.

Note: The Ringtail Legal URL is made up of:

http(s): This is how the Web component site is set up to be accessible

hostname: This value is the same as the hostname value previously used.

webappname: This value is unique to this component.

Note: This prompt has no default; you must enter the Ringtail Legal URL.

17

In the STS URL prompt, enter the Public URL for the Ringtail STS web component. For example: http(s)://<address>/RingtailSTS. Press Enter.

Note: For the STS URL (Ringtail Security Token Service URL): Use either HTTP or HTTPS. The URL must be http(s)://<address>/RingtailSTS.

For example, http://Discoverlab.contoso.local/RingtailSTS

The URL is made up of the following:

http(s): This is how the Web component site is set up to be accessible

hostname: This value is the same as the hostname value previously used.

webappname: This value is unique to this component.

18

In the UI Static URL prompt, enter the Public URL for Ringtail STS web component. Enter http(s)://<address>/UIStatic. Press Enter.

Note: The UIStaticURL (Ringtail UI Static Content URL) is either HTTP or HTTPS. The URL must be http(s)://<address>/UIStatic.

For example: http://Discoverlab.contoso.local/UIStatic

The URL is made up of the following:

http(s): This is how the Web component site is set up to be accessible

hostname: This value is the same as the hostname value previously used.

webappname: This value is unique to this component.

19

In the Ringtail License Management Application Name prompt, enter the IIS location for the Discover license management. This must be a site name followed by an application name. The default value for this prompt is: Default Web Site/RingtailLicenseManagement

You can leave the default value. Press Enter.

Note: The Default Web Site is the IIS website to host the public Discover Web application. Any valid site name works here, although it should be a site that is exposed to public traffic. This should NOT be "Ringtail Internal." That is a reserved site.

The Name of the web application to create value will appear in public URLs used to access the Website. This value is commonly the same as the value used in the public URL for this component. This value is usually RingtailLicenseManagement.

20

In the Ringtail STS Application Name prompt, enter the IIS location for the Discover STS web application. This must be a site name followed by an application name. The default value that comes up automatically for this prompt is Default Web Site/RingtailSTS.

Keep the default. Press Enter.

Note: The Default Web Site is the IIS website to host the public Discover Web application. Any valid site name works here, although it should be a site that is exposed to public traffic. This should NOT be "Ringtail Internal." That is a reserved site.

RingtailSTS is the name of the web application to create. This value will appear in public URLs used to access the Website.

21

In the Ringtail UI Static Application Name prompt, enter the IIS location for the Discover web application. This must be a site name followed by an application name. The default value that appears for this prompt is Default Web Site/UIStatic.

Keep the default. Press Enter.

Note: The Default Web Site is the IIS website to host the public Discover Web application. Any valid site name works here, although it should be a site that is exposed to public traffic. This should NOT be "Ringtail Internal." That is a reserved site.

UIStatic is the name of the web application to create. This value will appear in public URLs used to access the Website.

22

In the Ringtail Web API Application Name prompt, enter the IIS location for the Discover web services web application. This must be a site name followed by an application name. The default value that appears for this prompt is Default Web Site/RingtailWebServices.

Keep the default. Press Enter.

Note: Default Web Site is the IIS website to host the public Discover Web application. Any valid site name works here, although it should be a site that is exposed to public traffic. This should NOT be "Ringtail Internal." That is a reserved site.

RingtailWebServices is the name of the web application to create. This value will appear in public URLs used to access the Website.

23

In the Press Enter to Publish Web once installed, or type 'skip' prompt, press Enter to publish the Nuix Discover web site after the installation or enter skip and press Enter if you do not want to publish now.

Note: The Nuix Discover Web site uses side-by-side deployments to allow for zero-downtime upgrades. The "publish" action determines which version
‎is active and accepts requests.

The options are:

Publish: Publish the active version and accept requests.

skip: Do not publish now.

24

In the Portal Database Server prompt, enter a machine name, IP address, or DNS alias. You can include an instance name and port. Press Enter.

Note: Valid values look like the following:

SqlHostName

SqlHostName\InstanceName

SqlHostName\InstanceName, Port

25

In the Portal database name prompt, enter portal. Press Enter.

Note: The Portal database name is the user name to connect to SQL Server. This should be a limited user, and not a SQL administrator.

Warning: The Portal database name is case sensitive and must match the Ringtail Portal Database name. (For example, webuser).

26

In the Portal database user name prompt, enter the <webuser> account. Press Enter.

27

In the Portal database password prompt, enter the password. Press Enter.

28

Press Enter to accept the settings and continue with the installation or enter fix to make changes.

When the installation is complete, press Enter to close.

Note: Take a screen shot of this screen to capture your settings.

Step

Procedure



1

On the web server, run the installer, Ringtail9-Help_<latest version>.exe.

2

In the Welcome window, click Install, and then click Next.

3

In the Destination Folder window, click Next.

4

In the Ringtail Application Configuration window, type the following:

Ringtail Help Application Path: Full site path to where you want to install the Ringtail online help in IIS Manager.

The default path is Default Web Site/RingtailHelp. If you use the default path, the Default Web Site must exist in IIS Manager.

Ringtail Help Application Physical Path: Physical path to the location to deploy the online help files. The default path is C:\inetpub\wwwroot\RingtailHelp.

Click Next.

5

Click Install, and when the installation completes, click Finish.

6

To deploy the online help package, go to Start > Ringtail (or Apps > Ringtail) and right-click Deploy Ringtail Help. Select Run as administrator, and then wait for the deployment to complete.

For servers running Windows Server 2016, the Run as administrator option is accessed from the shortcut’s file location. Right-click the shortcut and select More > Open file location. Then, right-click the shortcut and select Run as administrator.

Step

Procedure



1

On all Nuix Discover Web server(s), double click Ringtail9-Portal-API_<latest version>.exe. It will automatically change to Administrator mode.

2

In the new window, enter and confirm the following settings, and press Enter to submit a value:

Installation directory: The location where the application will be installed locally. For example: C:\Program Files\Ringtail

Note: Do not use a trailing \ in the install directory path.

Portal API web application name: IIS location for the Portal API web application. This must be a site name followed by an application name.

Valid values look like the following: Default Web Site/Portal-API

Default Web Site: The IIS website that will host the public Portal API web application. Any valid site name works here, although it should be a site that is exposed to public traffic. This should NOT be "Ringtail Internal."

Portal API: The name of the web application to create. This value will appear in public URLs used to access the service.

Note: This installer creates versioned web applications on an internal website called "Ringtail Internal" to support side-by-side deployments. The Default Web Site routes to the Ringtail Internal website through IIS URL rewrite rules.

[OPTIONAL] Ringtail service account: Enter credentials to apply to the Portal API app pool or leave this blank to skip this step. Use the Nuix Discover Service Account here.

Valid credentials look like the following:

domain\svc_account

svc_account@domain

Note: The Portal API uses side-by-side deployments to allow for zero-downtime upgrades. The publish action of the service determines which version is active and accepts requests.

Press Enter to Publish the Portal API once installed, or type skip.

Certificate name: The certificate 'Issued By' name for the DiscoverSTS to sign tokens with.

Note: This must be the same certificate used on the web server(s).

Certificate Thumbprint: This must be the same certificate used on the web server(s).

Host name for Discover site: Enter the following information for the host name for the website. In the following example, the hostname is extracted from the full URL: “https://discoverlab.contoso.local/discover”

Example: discoverlab.contoso.local

Note: The Host Name is just the host name for the website, not the complete URL.

Portal SQL Server: The portal database server address. This can be a machine name, IP address, or DNS alias and can include an instance name and port.

Valid values look like the following:

SqlHostName

SqlHostName\InstanceName

SqlHostName\InstanceName, Port

Portal database name: The name of the Portal database in SQL Server.

Portal database user name: The user name used to connect to SQL Server. This should be a limited user, and not a SQL administrator.

Portal database password: The password used to connect to the SQL Server.

Note: After entering your password the installer will test the SQL connection. If the test connection fails, press Enter to correct credential entries, or type skip to ignore the failure and continue with the installation.

RPF SQL Server: The RPF database server address. This can be a machine name, IP address, or DNS alias and can include an instance name and port.

Valid values look like the following:

SqlHostName

SqlHostName\InstanceName

SqlHostName\InstanceName, Port

RPF database name: The name of the RPF database in SQL Server.

RPF database user name: The user name used to connect to the SQL Server. This should be a limited user, and not a SQL administrator.

RPF database password: The password used to connect to the SQL Server.

Note: After entering your password the installer will test the SQL connection. If the test connection fails, press Enter to correct credential entries, or type skip to ignore the failure and continue with the installation.

Classic Website Name: The name of the Ringtail Classic website. This is the name of the site on IIS server (for example, Default Web Site).

Classic Website Mapping: The application name for the Ringtail classic application. Valid values include any valid string like classic, document, ringtail, discover, that are commonly used for application names (for example, RingtailLegal).

3

The window will display a summary of submitted settings (except for the password information). Press Enter to accept settings and proceed with the installation or type fix to make changes (and re-enter settings).

4

When the installation is complete, press Enter to close.

5

Test the installation.

Enter the following in a web browser in the Connect API service browser:

http://localhost/Portal-API/health/test

If this works correctly, no errors are returned and a JSON file is displayed or downloaded. For example:

{"Healthy":true,"ServiceVersion": "10.5.010.12"}

Step

Procedure

1

Remote Desktop to the Login Server and log in as the Service Account.

2

On the Login Server, run the installer for Login services Ringtail9-Login_<latest version>.

3

In the PowerShell window, at the Installation directory prompt, enter C:\Program Files.

Note: The installer will add \Ringtail\Login_<latest version> to this path.

4

In the Windows Service User account prompt, enter Contoso\ndSvc and press Enter.

5

In the Windows Service password prompt, enter your Windows Service password and press Enter.

6

In the Http port prompt, leave 3000 (the default port) and press Enter.

7

In the Ssl Https port prompt, leave 443 (the default port) and press Enter.

8

The PowerShell window will display a summary of submitted settings (except for the password information). Press Enter to accept settings or type fix to make changes (and re-enter settings).

Step

Procedure

1

Open a Command Prompt or PowerShell window as an Administrator. Each line in the window requires you to enter an Import Password or PEM pass phrase.

2

Provide a pass phrase for the new .key file. This pass phrase is also used in the configuration file.

Note: The information that you enter will not appear on your screen. For example:

User input:

openssl pkcs12 -in DiscoverSTS.pfx -nocerts -out DiscoverSTS.key

openssl pkcs12 -in DiscoverSTS.pfx -clcerts -nokeys -out DiscoverSTS.crt

3

Ensure that the appropriate certificate files and key files are located in: C:\Program Files\Ringtail\Login_<latest version>\app\certs.

Note: The DiscoverSTS certificate used on the Login Server must match the STS certificates on the other application servers or token validation will fail.

Note: In the Login Service config, the webCertificate is used for HTTPS while the certificate is used for secure communication between the Login Service and Nuix Discover. The webCertificate entries can be either a single .pfx file or a .crt and .key pair. The certificate entry must be a .crt and .key.

4

Prepare the SSL certificate.

The SSL certificate can be a single .PFX file or a combination of .CRT and .KEY files.

The SSL certificate file(s) must be located in: C:\Program Files\Ringtail\Login_<latest version>\app\certs.

If you are using a pass phrase, add it to the configuration file described in the following step.

5

On the Login Server, edit the configuration file: C:\Program Files\Ringtail\Login_<latest version>\app\conf\config.local.js.

The following is a sample config.local.js configuration file. See the config.js file for the complete list of configuration options.

Note: We recommend using the portalAPIs entry to avoid large cookie issues. Use the “portalAPIs” entry only if you opt to use the API to avoid large cookie issues.

Note: The portalURL entry is optional. When the Login Service is utilized in a 1 to 1 relationship with a portal, a default Portal URL value can be specified. When configured, users who inadvertently navigate to the Login Service URL will use the default portal.

If the environment includes multiple portals, it may not be appropriate to default to a specific portal, in which case you should omit this entry; users will instead see a generic error message if they inadvertently navigate to the Login Service URL instead of the intended portal URL.

module.exports = {

sslPort: 443,

enableSecure: true,

allowHTTP: false,

legacyIssuer: false,

portalUrl: "",

certificate: {

                key: 'DiscoverSTS.key',

                cert: 'DiscoverSTS.crt',

                passphrase: '<certificate passphrase>'

},

webCertificate: {

                pfx: 'SSLcertificate.pfx',

                passphrase: '<webCertificate passphrase'

},

portalApis: [ {
‎wreply: "default",
‎url: "<http://discover.contoso.local/Portal-API/api/query>",
‎bearer: "xxxxxxxxxxx"

} ],

}

Note: The wreply value of default is best for a single portal. It is rare to have multiple portals.

Note: The URL should be the same for the Connect API Url field on your Nuix Discover portal settings page.

Note: The bearer is the bearer token from a system administrator user that is authorized for API access.

6

Restart the RingtailLoginService in Windows Services.

Perform an IISRESET on the Discover Web Server(s).

Step

Procedure

1

On the Nuix Discover Login page, type your user name and password, and then click Log in.

2

On the Portal Home page, under Portal Management, click Settings.

3

On the Settings page, in the navigation pane, click Portal Options.

4

On the Portal Options page, highlight the Connect API URL value and press <Ctrl>+<C> to copy it to your clipboard.

Note: If the Connect API URL field is blank, you must first install and configure the Portal API component. See the Nuix Discover Installation and Configuration Guide.

5

In a text editor tool, such as Notepad, press <Ctrl>+<V> to paste the URL value in the text editor for temporary storage.

6

Next, identify or create a System Admin User to use for Portal API connections.

Note: Only System Administrators can copy their own API tokens. You may need to create a new System Administrator account, if you do not have one, to complete this procedure. 

7

On the Portal Home page, under Portal Management, click User Administration. 

8

On the Users  page, in the Name column, locate and click on your account user name.  

9

In the navigation pane, click API Access.

10

On the API Access page, click Authorize this user to use the Connect API option, if not already active, and then click Copy API token to copy the value to your computer’s clipboard memory. 

11

Open the same text editor tool that you used in Step 5, and press <Ctrl>+<V> to paste the token in the text editor for temporary storage. 

Step

Procedure



1

On all Content search service server(s), double click Ringtail9-Content-Search_<latest version>.exe. It will automatically change to Administrator mode.

2

In the new window, enter and confirm the following settings, and press Enter to submit a value:

Installation directory: The location where the application will be installed locally.

Note: Do not use a trailing \ in the install directory path

Content Search web application name: The IIS location for the Content Search API web application. This must be a site name followed by an application name.

Valid values look like the following:

Content Search: Name of the web application to create. This value will appear in URLs used to access the service.

Note: This installer creates versioned web applications on an internal website called "Ringtail Internal" to support side-by-side deployments. The Default Web Site routes to the Ringtail Internal website through IIS URL rewrite rules.

[OPTIONAL] Ringtail service account: Enter credentials, including your Service account user name and Service account password, to apply to the Content Search app pool, or it leave blank to skip this step. Use the Nuix Discover Service Account here.

Valid credentials look like the following:

domain\svc_account

svc_account@domain

Note: The Content Search uses side-by-side deployments to allow for zero-downtime upgrades. The "publish" action of the service determines which version is active and accepts requests.

Press Enter to publish the content search once installed, or type skip.

3

The window will display a summary of submitted settings (except password info). Press Enter to accept settings and proceed with the installation or type fix to make changes (re-enter settings).

4

When the installation is complete, press Enter to close.

5

Test the installation by entering the following text in the address bar of a web browser on the content search service server: http://localhost/Content-Search/api/test

If the content search service is working correctly, no errors are returned, and a JSON file is displayed or downloaded. For example: {"ServiceVersion":"1.1.3","DtSearchVersion":"7.92.856"}

Step

Procedure



1

You must import the STS Certificate. For instructions on how to import the STS Certificate to the Hit highlight Server, see Install the STS Certificate.

2

On all Content search service server(s), double click Ringtail9-Hit-Highlight_<latest version>.exe. It will automatically change to Administrator mode.

In the new window, enter and confirm the following settings, and press Enter to submit a value:

Installation directory: The location where the application will be installed locally.

Note: Do not use a trailing \ in the install directory path

Hit Highlight web application name: The IIS location for the Hit Highlight web application. This must be a site name followed by an application name.

Valid values look like the following:

Default Web Site/Hit-Highlight

Default Web Site: IIS website to host the public Hit highlight web application. Any valid site name works here, although it should be a site that is exposed to public traffic. This should NOT be "Ringtail Internal".

Hit Highlight: Name of the web application to create. This value will appear in URLs used to access the service.

Note: This installer creates versioned web applications on an internal website called "Ringtail Internal" to support side-by-side deployments. The Default Web Site routes to the Ringtail Internal website through IIS URL rewrite rules.

[OPTIONAL] Ringtail service account: Enter credentials (Service account user name and Service account password) to apply to Hit highlight app pool or leave blank to skip this step. Use the Nuix Discover Service Account here.

Valid credentials look like the following:

domain\svc_account

svc_account@domain

Note: The Hit highlight uses side-by-side deployments to allow for zero-downtime upgrades. The "publish" action of the service determines which version is active and accepts requests.

Press Enter to Publish the Hit Highlight once installed, or type skip.

The window will display a summary of submitted settings (except password info). Press Enter to accept settings and proceed with the installation or type fix to make changes (re-enter settings).

Certificate Name: Certificate 'Issued By' name for the Ringtail Secure Token Service (STS) to sign tokens with. This must be the same certificate used on the web server(s). The certificate name is usually DiscoverSTS. Press Enter.

Note: The STS Certificate Issuer Name is the name of the issuer of the STS token used for exchange between the STS server and the web application. This value uniquely identifies the STS.

Certificate thumbprint: This must be the same certificate used on the web server(s).

Note: The STS Certificate Thumbprint: The thumbprint of the certificate used in the STS configuration. This certificate is used to encrypt or decrypt tokens.

Warning: When you paste the thumbprint, do not include any leading or trailing spaces.

When the installation is complete, press Enter to close.

3

Test the installation by doing the following:

Enter the following in a web browser in the Hit highlight service browser:

http://localhost/Hit-Highlight/health/test

If this works correctly, no errors are returned, and a JSON file is displayed or downloaded. For example:

{"ServiceVersion":"1.1.3","DtSearchVersion":"7.92.856"}

Order

Procedure

Steps

1

Install RPF Coordinator

On the RPF Coordinator server, double click Ringtail-RPF-Coordinator_<latest version>.exe. It will automatically change to Administrator mode.

In the new window, enter and confirm the following settings, and press Enter to submit a value:

Install directory: Location where the application will be installed locally. This location must be the same one chosen for the RPF Workers installation so that the Coordinator can index the workers.

Note: Do not use a trailing \ in the install directory path.

Default Web Site/Coordinator: The Default Web Site is the IIS website to host the public Coordinator web application. Any valid site name works here, although it should be a site that is exposed to public traffic. This should NOT be "Ringtail Internal.”

The Coordinator is the name of the web application to create. This value will appear in public URLs used to access the Coordinator.

Note: This installer creates versioned web applications on an internal website named "Ringtail Internal" to support side-by-side deployments. The Default Web Site routes to the Ringtail Internal website through IIS URL rewrite rules.

RPF worker share folder: A share folder hosted on the Coordinator for the RPF workers, which are downloaded by the Supervisors.

Valid values look like the following: \\CoordinatorHostName\RPF_Workers

CoordinatorHostName: Machine name, IP, or DNS alias of the machine hosting the Coordinator.

RPF_Workers: Path of the file share on the Coordinator host exposing the workers. The path name must match the value chosen in the RPF Workers installer.

To confirm that the Coordinator should be published immediately after installing, press Enter. Or, to skip automatically publishing, type: “skip”

Note: The Coordinator uses side-by-side deployments to allow for zero-downtime upgrades. The "publish" action of a Coordinator determines which version is active and accepts requests.

RPF SQL Server: RPF database server address. This can be a machine name, IP address, or DNS alias and can include an instance name and port.

Valid values look like the following:

SqlHostName

SqlHostName\InstanceName

SqlHostName\InstanceName, Port

RPF database name: Name of the RPF database in SQL Server.

RPF database user name: User name to connect to SQL Server. This should be a limited user, and not a SQL administrator.

RPF database password: Password to connect to the SQL Server.

Note: After entering the password, the installer will test the SQL connection. If the test connection fails, press Enter to correct the credential entries, or type “skip” to ignore the failure and continue with the installation.

The window will display a summary of submitted settings (except password info). Press Enter to accept the settings and proceed with the installation, or type “fix” to make changes (re-enter settings).

When the installation is complete, press Enter to close.

In the Coordinator Application Configuration window, type the full site path to where you want to install the RPF Coordinator. The default path is c:\program files\ringtail.

Note: The RPF Coordinator installer takes information regarding the RPF_Workers shared location, but it does not move the RPF Worker files into this location. The RPF_Workers folder is created when you run the RPF Workers installer.

2

Test the installation

If you selected Do not publish the Coordinator application immediately once installed in step 1, do the following:

To test the installation, type the versioned coordinator URL in a browser on the server where the coordinator is installed, using Remote Desktop to access the machine, if necessary. For example:

http://localhost/Coordinator_v10-1-###-#######/coordinator.asmx?disco

If successful, no errors are returned, and an application test page containing XML opens. The XML includes the address of the Coordinator.

If you type the URL without the version, for example, http://localhost/coordinator/coordinator.asmx?disco, the Coordinator address in the XML displays the currently published version.

3

Publish the RPF Coordinator

If you selected Do not publish the Coordinator application immediately once installed in step 1, on the Windows Start menu, under Apps > Ringtail, you see a new program named Publish RPF Coordinator <version number>. Right-click and select Run as administrator.

For servers running Windows Server 2016, the Run as administrator option is accessed from the shortcut’s file location. Right-click the shortcut and select More > Open file location. Then, right-click the shortcut and select Run as administrator.

After publishing, you can uninstall older Coordinator versions. We recommend that you keep the previous Coordinator version until you publish a newer Coordinator version.

4

Install versioned RPF Workers

Install Ringtail9-ProcessingFrameworkWorkers_<latest version>.exe.

Select the shared location to install the workers to.

After the installation, open Computer Management, under System Tools, expand out Shares <<...>> and do the following:

Right-click RPF_Workers share and select Properties.

Select the Security tab.

Select Edit.

Add the service account and give Full control access.

5

Uninstall RPF Workers

Uninstall the previous version of RPF Workers from the server.

6

Install RPF Workers – Analytics

Install the Ringtail9-BasisLibrary_<latest version>.exe file.

7

Install Nuix Worker using the PowerShell script

Install the Nuix Worker using a PowerShell script. The PowerShell installer is included in the download. You must run the script to launch it.

From the Start menu, open and run Windows PowerShell as an Administrator.

In PowerShell, navigate to the installers directory.

Then run the Ringtail_Nuix_<latest_version>.ps1 file:

C:\installers>./Ringtail_Nuix_<latest_version>.ps1

When it is finished, the following lines should appear:

Installing the JRE to the Coordinator

Installing the NUIX API to the Coordinator

Installing ffMpeg to the Coordinator

PS C:\Installers>

8

Create an OCR folder

Under the RPF worker share folder (C:\Program Files\Ringtail\Ringtail Processing Framework\RPF_Workers) as described in Step 1, create an OCR folder, and place the nuix-ocr-addon-12.4.7.343.msi installer in the OCR folder. There is no reason to install it.

9

Configure the RPF Workers share

Configure the RPF Workers share in Windows Explorer by doing the following:

Open: C:\Program Files\Ringtail\Ringtail Processing Framework\

Right-click RPF_Workers and select Properties.

The RPF_Workers share permissions are configured to allow Full Control to Everyone

NTFS permissions are restricted to Modify access to only the Nuix Discover System/Portal Administrators Group.

Order

Procedure

Steps

1

Install RPF supervisor

On the RPF server, double click the installer: Ringtail9-RPF-Supervisor_<latest version>.exe.

In the new window, enter and confirm the following settings, and press Enter to submit a value:

Install directory: Location where the application will be installed locally.

Note: Do not use a trailing \ in the install directory path

RPF Coordinator URL: The RPF Coordinator URL that the RPF Supervisor uses to contact the Coordinator to pick up new work. This is an internal URL used by Ringtail applications. Valid values look like the following:

HTTP[S]://<address>/Coordinator

HTTP[S]: Use HTTP or HTTPS if the Coordinator is configured for transport layer security.

CoordinatorHostName: Name of the Coordinator host, which can be either a DNS alias (required if using a network load balancer) or the name of the machine.

Coordinator: Name of the web application chosen when installing the RPF Coordinator.

Service account user name: The Nuix Discover Service account user name and password will be used to run the RPF Supervisor service locally as well as to authenticate with the RPF Coordinator. It must be a domain account with permissions to read and write to its install directory,  the RPF Workers' network share, as well as to the RPF temp folder.

Valid values look like the following:

domain\rpf_account

rpf_account@domain

Service account password: The service account password.

A summary of submitted settings (except for the password) appears.

Note: If you are using a Group Managed Service Account (GMSA), you have only to enter a username when installing the RPF Supervisor installer. The installer does not require a password.

Press Enter to accept the settings and continue with the installation, or type “fix” to make changes.

When the installation is complete, press Enter to close.

Note: Should you encounter the following error, either the password you entered is incorrect, or the service account does not have logon as a service permission. To correct the issue, open Window Services and double-click Ringtail RPF Supervisor Service. On the Logon tab, re-enter the password and select Apply. Then click the General tab and click Start.