Preparation
1 To begin with please provide us with the following information
Please provide us with the desired fully qualified host names for Mindbreeze InSpire (e.g. search.companyname.com), the technical contact for the implementation and suitable dates for the on-site support via our Mindbreeze InSpire contact form. Please also provide us with all data sources that you would like to link to the search. If necessary, also provide us with the authentication mechanism to be used for the search (e.g. Kerberos, SAML, etc.).
2 Necessary hardware resources
- Mindbreeze InSpire is envisaged for installation in a 19” server rack. 2RU are required – please reserve this space.
- We recommend making two power connections available for the Mindbreeze InSpire server to guarantee a failsafe power supply (each 750W rated output).
- If possible, please prepare 2 Ethernet LAN connections so that the network bonding can be configured. For this both connections must be in the same sub-network. An Ethernet LAN connection is essential.
- To connect the Remote Management Interface (iDRAC), you require a 3rd Ethernet port. Please make sure that it is assigned a correct IP address (DHCP/manual). The assigned IP address can then be viewed on the front panel display or in BIOS. This IP is mandatory for the initial contact with our consulting team.
3 Mindbreeze service users
For Kerberos-based authentication with Active Directory you must set up a service user in Active Directory, e.g. mindbreeze.service. Please ensure that the following requirements are met:
- There must be an NTP server that is time synchronous with your Active Directory server and that the Mindbreeze InSpire appliance can access
- The user exists in Active Directory
- The user has the service principal name HTTP/<fully qualified host name for Mindbreeze InSpire>
As Active Directory domain administrator you can set the service principal name in a Windows prompt with the following command:
setspn –s HTTP/<full qualified hostname for Mindbreeze InSpire> <domain>\<mindbreeze.service>
Sample
setspn –s HTTP/search.companyname.com company\mindbreeze.service
- The fully qualified hostname must have a DNS listing.
- The service user must have the “Trusted for Delegation (Kerberos only)” attribute set. You can set the attribute “Trusted for Delegation (Kerberos only)” for the user in the Microsoft Management Console under “Active Directory Users and Computers”.
3a Optional Service User
To crawl the data sources, users with full read access rights for all data to be indexed should also be created. These are only used by Mindbreeze to index data.
4 Firewall configuration
Please note that the following network connections are activated for the Mindbreeze InSpire server:- At least Port 443 for the Mindbreeze Client Service must be accessible by all users
- Port 8443 and 22 are accessible by administrators
- Port 2222 is available for synchronization of InSpire Appliances
- Ports 88 and 389 on all Active Directory servers must be accessible by the Mindbreeze InSpire Service
- Among data sources, other services and the Mindbreeze InSpire Appliance appropriate ports must be unlocked (e.g. NTP: Port 123)