Signiant Support

12.0 Before You Begin Guide Print


CHAPTER 1 Before You Begin
CHAPTER 2 Architecture
CHAPTER 3 System Requirements
CHAPTER 4 Network Diagrams
CHAPTER 5 Checklists
Manager Installation Checklist
Agent Installation Checklist
CHAPTER 6 Reflexive Access Control Lists

Before You Begin

This document provides information you need to know before you install the Signiant software. While Signiant makes every effort to ensure that the information in this chapter is accurate, last minute changes can and do occur. Make sure you READ THE PRODUCT RELEASE NOTES before proceeding with a Signiant installation. The release notes may contain last minute information about issues that may affect the installation. In addition, if you are installing/licensing one of the Signiant applications (Media Exchange, Media Integrator, and so on), you should read the introductory chapters of the guide associated with that particular application BEFORE installing the Signiant software. These separate application guides may contain additional information that will assist with installation.

Architecture

The Signiant Manager automates, accelerates, manages, and securely controls the movement of high-value digital content within and between organizations and ecosystems. Engineered for large-scale data transfer requirements, the Manager is built on a core system architecture that consists of a collection of agents and a web interface platform for administering and managing system tasks.

The Manager performs all administration, control, and reporting as well as orchestrating the execution of jobs (e.g. file transfers and notifications). Administrative users interact with the Manager through a web-based platform for configuring the system, automating tasks, managing system activity, and reporting. The Manager is installed on a central system or systems and coordinates and logs the data transfer activities carried out by the distributed Signiant agents. The agents are installed on remote computer systems and are responsible for the actual transfer of data.

Transfer replication is supported with Signiant agents. This replication enables that geographically distributed systems are up-to-date and in sync - regardless of location. All jobs are automatically replicated using push distribution between the source agent and the replicated target agents. Use the job view to see an up-to-date graph of the aggregate transfers to all replicating agents.

The following is a representation of the Manager and agent environment.



 

System Requirements

Before you install the Agent software, verify that the host machine meets all of the requirements described in this section. In addition, you should determine the agent configuration and installation options that are best for your data transfer system deployment. Depending on how your Manager is configured, you may need configuration information from your Signiant administrator before you can proceed with an agent installation. You must also first license the product for the number of agents you are allowed to install.

The following describes the system requirements for Signiant installation.

Signiant Manager and Media Exchange Web Server

Hardware

  • CPU: Xeon dual-core processor, 2 GHz or higher
  • Memory: 8 GB minimum, 16 GB recommended
  • Shared Memory Segment: On Linux, ensure the shared memory segment is set to a minimum of 1024 MB
  • Disk Space: 10 GB minimum (100 GB recommended). Additionally, 1 GB free for /tmp folder on UNIX/Linux, or for C: on Windows
  • Network Connection: 100 Mbps or faster

64-bit Operating Systems

  • CentOS 6.0+
  • Linux RedHat 6.0+
  • Windows 2008 Server R2
  • Windows 2012 Server R2
  • Windows 10
  • CentOS 7.0+
  • Linux RedHat 7.0+

VM Ware Supported

  • All Manager operating systems.

Note: High availability is supported on a Linux RedHat cluster only.

Signiant Agent and Media Exchange Server

Hardware

  • CPU: Xeon dual-core processor, 2 GHz or higher
  • Memory: 4 GB minimum
  • Disk Space: 2 GB (preferably 4 GB)
  • Network Connection: 100 Mbps or faster

Operating Systems

  • Linux RedHat/CentOS 6.0+ (64-bit)
  • Linux RedHat/CentOS 7.0+ (64-bit)
  • Macintosh OS X 10.7, 10.8, 10.9, 10.10 (64-bit)
  • Solaris 10 x86 (64-bit)
  • Windows Server 2008 R2 (64-bit)
  • Windows 7, 8, 8.1, 10
  • Windows 2012 Server R2 (64-bit)

VM Ware Supported

  • All Agent operating systems, except: Macintosh.

Additional Specifications

Cluster Set-up: You MUST set up and configure your clustered environment BEFORE installing the Signiant clustered Manager. Make sure your clustered environment is set up and working. A FULLY WORKING cluster is essential to having a reliable, working Signiant Manager. Details on how to set up a Linux cluster are available at http://www.redhat.com/cluster_suite.

Clustered Agents: Signiant software only provides support for active/passive style clusters

Agent/Media Exchange Server: Agents/Media Exchange Servers have to contact the Authentication Web Server on TCP 443 in order to perform SOAP authentication.

Time Synchronization: Date and time must be accurately set. Utilization of an NTP Server is recommended.

 

Signiant Manager Port Requirements

  • User to Web Server: TCP 443
  • Manager to and between Agents: TCP / UDP 49221
  • Agent to and between Agent: TCP 49221 / UDP 49221-49321
  • Relay to and between Agent: TCP / UDP 49221
  • Manager to and between Media Exchange Web Server: TCP 49221, 49226-49233*
  • Manager to SMTP mail server: TCP 25
  • Manager to Active Directory/LDAP server: TCP 389 or 636
  • User to Manager: TCP 443 (80 is optional)

Signiant Media Exchange Port Requirements

  • User to Media Exchange Relay / Media Exchange Server: TCP 8080, 49221 / UDP 49221-49321
  • Media Exchange Relay / Media Exchange Server to User: UDP 49221-49321
  • Media Exchange Relay to Media Exchange Server: TCP / UDP 49221
  • Media Exchange Enabled Agent to Media Exchange Web Server: TCP 443
  • Content Point to and between Content Point: TCP 49221 / UDP 49221-49321
  • Agent to Manager: TCP 443, TCP / UDP 49221**
  • Manager / Media Exchange Web Server to Internet: TCP 443***
  • Media Exchange Relay to and from Media Exchange Enabled Agent / Media Exchange Server: UDP 49222-49321

Notes on Port Requirements for Signiant Media Exchange

  • *Manager to and between Media Exchange Web Server: TCP 443: required during installation
  • **Agent to Manager: TCP 443: required for certificate renewals for relay-only agents and during agent installation. When not configured, offline certificate signing is required
  • ***Manager / Media Exchange Web Server to Internet: TCP 443: required when the Media Exchange desktop client is used

Web Browser Support

Signiant Manager and Media Exchange

Windows 7, Windows 8, Windows 8.1, Windows 10

  • Internet Explorer 10, 11
  • Mozilla Firefox 30 - 43
Signiant App for Interactive Transfers
  • Google Chrome 30 - 47
  • Microsoft Edge 12, 13

Macintosh OS X 10.9, 10.10, 10.11

  • Apple Safari 7, 8, 9
  • Mozilla Firefox 30 - 43

Media Exchange Desktop Client

  • Windows 7, 8, 8.1, 10
  • Macintosh OS X 10.8.4, 10.9, 10.10, 10.11

Network Diagrams

This chapter includes two diagrams that demonstrate how components interact within the system.

Networking and Naming Requirements

The following diagram illustrate the network and naming requirements. It illustrates interaction between the various components in a simple Agent to Agent media distribution. Your deployment of Signiant may vary and may include running on restricted source and target ports etc. As such, this diagram is intended for illustrative purposes only.

Media Exchange Uploads/Downloads

The following diagram illustrates interaction between the various components involved in a simple Media Exchange upload and download. Your deployment of Signiant may vary and may include running on restricted source and target ports etc. As such, this diagram is intended for illustrative purposes only.

Checklists

The following provides an installation checklist summary. For detail specifications please refer to the corresponding Manager Installation User's Guide and Agent Installation User's Guide.

Manager Installation Checklist

This section provides a checklist for information you may need to input during the Signiant Manager installation. In general, for quick setup you can select all the installation default values (changing these values later as needed). The installation uses these values to create an agent setup file which is used later during agent installation.

Item Description Value
Organization Name This is typically your company name.  
Windows User ID "NT Authority\system" is used by default. Usually a Signiant-dedicated user account under which all data transfers are performed. If only local data is being accessed, you can use the default installation account of "NT Authority\System". Otherwise, it is recommended that you create a new account within your Active Directory (or domain) and test its ability to logon to the intended systems- i.e., copy/move data while logged on using this account. This user ID must exist on the agent - it is not created during the installation.  
Windows Domain The domain of the User ID, above.  
Windows User ID Password The password for the User ID, above.  
Unix/Linux User ID Usually a Signiant-dedicated user account under which all data transfers are performed. This user ID must exist on the agent - it is not created during the installation.  
Mail Server A resolvable name for the local mail server (i.e., one which will allow the Manager to relay mail).  
"admin" Account Password A password to access the Manager UI and perform administrative tasks.  
Locality Information City, state, etc. where the Manager is installed.  
You may need to create the following passwords:Certificate Authority Pass PhrasesCA Admin. Pass Phrase During the "standard" (non-custom) installation, users are prompted to specify a password for use with the Signiant software. The password specified will actually be used for three different areas of the Signiant software: Certificate Authority Admin Pass Phrase, Certificate Authority Pass Phrase and the Admin user password (used to login to the Manager UI). Note that if you reset one of the passwords in the future, this will not reset all of the passwords. You must reset each password separately. For information on how to change these passwords, see Chapter 4 in the Manager User's Guide. WARNING Keep these passwords secure. Record them only if you can keep the passwords in a secure location. The entire security of the system depends on this information remaining secret. Do not lose or forget the passwords. They are not recoverable. If you lose/forget them, you will have to reinstall the Signiant software.  

Agent Installation Checklist

This section provides a checklist for information you may need to input during the Signiant Agent installation:

Item Description Value
Pathname Full pathname of the location on the host where you are going to install the Agent software.  
Default User ID A user ID as which the agent will run. The default user ID is the system user ID that the agent will run as if use default is indicated in a job. (For more information, see the Agent Installation User's Guide.)  
Cluster Name If the agent is part of a cluster, you need to provide the cluster name.  
IP interface aliases If the agent is multi-homed, you need to provide the interface aliases.  

All host names required for the installation should be fully qualified and resolvable.

Reflexive Access Control Lists

UDP traffic (particularly that involving the Signiant Media Exchange product), must allow inbound connections in response to outbound traffic. Company firewall and network configuration may mean that UDP transfers are unable to complete successfully, if inbound connections are restricted.

Reflexive Access Control Lists (ACLs) allow administrators to configure their network to dynamically manage session traffic. While a detailed description of Reflexive ACLs and how to configure them is beyond the scope of this document, users must turn Reflexive ACLs on to allow UDP transfers to proceed. Standard and extended ACLs do not keep track of the state of a connection, so it is hard to allow returning traffic without opening a large security hole. Reflexive ACLs keep track of connections leaving the network, and allow returning traffic of these connections back in.

For more information on Reflexive ACLs, speak to your network administrator, or type "reflexive acls" into an Internet search engine to view a list of articles on the topic.