Help Center
Quick Start
- Overview
- System requirements
- Minimum privileges required
- Default port configuration
- Installing DataSecurity Plus
- Uninstalling DataSecurity Plus
- Starting DataSecurity Plus
- Launching DataSecurity Plus
- Configuring your solution
- Licensing details
- Applying a license
File Auditing
- About File Auditing
- Domain configuration
- File server configuration
- Failover cluster configuration
- NetApp server configuration
- Workgroup configuration
Setting up File Audit
Dashboard
Reports
Alerts
Configuration
Storage Configuration
File Analysis
- About File Analysis
- On-Demand Reports
Setting up File Analysis
Dashboard
Reports
Alerts
Configuration
Data Risk Assessment
- About Data risk assessment
Setting up Data risk assessment
Dashboard
Reports
Ownership analysis
Configuration
Endpoint DLP
- About Endpoint DLP
Setting up Endpoint DLP
Reports
Alerts
Prevention policies
Configuration
Cloud Protection
- About Cloud Protection
- Gateway Server Configuration
- Certificate Authority Configuration
- Gateway Configuration in Endpoint
- Manage Certificate Trust Store
- Threat Analytics Database
- Manage Banned Applications
- Manage Authorized Applications
- Gateway Server Failover
- Two-way SSL configuration
- Global Insight
- Application Insight
- User Insight
- Shadow Application Insight
- Banned Application Insight
- Cloud App Discovery
- Cloud Access Reports
- Application Insights
- Shadow Cloud Application Reports
- Banned Cloud Application Reports
- File Upload & Download Reports
Setting up Cloud Protection
Dashboard
Reports
Control Policies
Storage Configuration
Administrative settings
- Technician configuration
- Notification filters
- Manage agent
- Agent settings
- SIEM integration
- Business hours configuration
- Two-factor authentication
- Workgroup configuration
- Security policy
Email configuration
General settings
- Connection
- Personalize
- DataSecurity Plus Server
- Privacy Settings
- Disk utilization
- Schedule Retention Policy
Policy Configuration
Release notes
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
Troubleshooting
- HTTP communication failure
- Dormant DataEngine
- Secure Gateway server failure
- RPC communication failure
- Known issues and limitations
- Known errors and solutions
Guides
- Agent document
- How to Migrate/Move DataSecurity Plus
- How to apply SSL certificate
- How to automate DataSecurity Plus database backup
- How to set alerts in DataSecurity Plus
- How to secure your DataSecurity Plus installation
Connection settings
Under Configuration > General Settings > Connection, technicians with admin access to the ManageEngine DataSecurity Plus console can configure the following:
When changes are made to any of these settings, the DataSecurity Plus server must be restarted to reflect them.
A. Connection settings
Under Connection settings, you can configure the connection type and session properties.
Connection type
By default, DataSecurity Plus uses the ports listed below based on the connection type: HTTP: 8800
HTTPS: 9163
To change these ports, select the connection type, enter the desired port number, and click Save. Then, restart the DataSecurity Plus server to ensure unhindered event collection.
Once a DataSecurity Plus professional edition license is applied, HTTPS connection will be mandatory to ensure secure data transfers.
Configuring SSL
Applying Secure Sockets Layer (SSL) certificates to DataSecurity Plus ensures that all data transfers between users’ web browsers and the DataSecurity Plus server remain secure. DataSecurity Plus mandates the use of HTTPS connections for heightened security, and this guide explains the steps to enable SSL for DataSecurity Plus.
The steps to enable SSL vary depending on whether you already have a signed SSL certificate.
- If you already have an SSL certificate, skip ahead to Step 3.
- If you do not have an SSL certificate yet, follow the entirety of this guide.
DataSecurity Plus can generate a certificate signing request (CSR) that can then be submitted to your certificate authority (CA) for signing. The signed certificate can then be uploaded to the DataSecurity Plus console. To achieve this, follow these steps:
1. Generate a certificate or CSR
The following steps detail the procedure for creating a certificate or CSR from the DataSecurity Plus Admin Console:
- Log in to the DataSecurity Plus console with an account that has administrative privileges.
- From the applications drop-down menu, select Admin Console.
- Navigate to General Settings > Connection.
- After defining the port, click Apply SSL Certificate next to DataSecurity Plus Portal (https).
- On the next page, select Generate Certificate.
- Provide the required details:
Parameter Description Common Name Enter the name of the server on which DataSecurity Plus is running. SANs Enter the names of the additional hosts (sites, IP addresses, etc.) that are to be protected by the SSL certificate. Organizational Unit Enter the department name that is to appear on the certificate. Organization Enter the legal name of your organization. City Enter the city name as shown in your organization’s registered address. State/Province Enter the state/province as shown in your organization’s registered address. Country Code Enter the two-letter code of the country in which your organization is located. Password Enter a password that is at least six characters long. Validity (In Days) Enter the number of days for which the certificate should be valid. If no value is provided, it will be set to 90 days. Public Key Length (In Bits) Enter the public key length. The larger the size is, the stronger the key will be. The default size is 1,024 bits, and the size can be increased only in multiples of 64. - If you plan to use a self-signed certificate, click Generate and Apply Self-Signed Certificate. This will create the SSL certificate and bind it to DataSecurity Plus to finish enabling HTTPS. Otherwise, proceed to the next step.
- Click Generate CSR.
Note: For the steps to manually create a CSR file, refer to the manual SSL configuration guide.
- The generated CSR can be downloaded by clicking Download CSR on the pop-up. Alternatively, the created CSR file can be found in <installation directory>\ManageEngine\DataSecurity Plus\jre\bin. This file must be submitted to your CA for signing—to do so, follow the directions in the next section.
2. Request certificate signing from a CA
The steps below provide instructions for connecting to a CA, submitting the CSR, procuring the SSL certificate, and importing it.
2.1 From Microsoft Certificate Services (internal CA)
For an internal CA:
- Connect to Microsoft Certificate Services and click Request a certificate.
- Click advanced certificate request, then select Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.
- Open the CSR file using a text editor, copy the content, and paste it under Saved Request.
- Select Web Server as the Certificate Template and click Submit.
- Click the Download certificate chain link to download the issued PKCS #7 Certificate type to the <installation directory>\ManageEngine\DataSecurity Plus\jre\bin folder. The downloaded certificate will be in P7B format.
- Click Home in the top-right corner and click Download a CA certificate, certificate chain, or CRL.
- Click Download CA certificate to download and save the root certificate in CER format.
2.2 From an external CA
Contact your CA to get the commands required to receive signed certificates.
3. Define the SSL port in the DataSecurity Plus console
Once you have your CA-signed SSL certificate, follow these steps to define the HTTPS port in the DataSecurity Plus console:
- Log in to the DataSecurity Plus console with an account that has administrative privileges.
- From the applications drop-down menu, select Admin Console.
- Navigate to General Settings > Connection.
- Select DataSecurity Plus Portal (https) as the Connection Type and enter the port number you plan on using for DataSecurity Plus.
Note: DataSecurity Plus provides an option to use a default SSL certificate. However, we strongly recommend uploading your own SSL certificate for maximum security.
4. Upload your SSL certificate
To upload your CA-signed SSL certificate, follow these steps:
- Click Apply SSL Certificate next to Upload or Generate SSL Certificate.
- On the next page, select Apply Certificate.
- There are two upload options you can choose from:
- Option 1—ZIP Upload: If your CA has sent you a ZIP file, click ZIP Upload > Browse and select your target file. If your private key is password-protected, then enter the password next to Private Key Passphrase.
- Option 2—Individual Certificate: If your CA has sent you just one certificate file (PFX or PEM format), click Individual Certificate. Next to Upload Certificate, click Browse and select your certificate. Then, next to Upload CA Bundle, click Browse and select your CA bundle files. Finally, provide your Certificate Password.
Note: If your CA has sent the certificate content, paste the content in a text editor and save it in a CER, CRT, or PEM format. Then, upload the file by following the steps for Option 2.
- Click Apply.
- Restart the DataSecurity Plus server for the changes to take effect.
Session properties
This setting allows administrators to define how long a user's session can be inactive in their browser before they are automatically logged out of the DataSecurity Plus web console. By default, sessions will time out after 30 minutes of inactivity. Any changes to this duration will be reflected only after the DataSecurity Plus server is restarted.
B. Proxy settings
To configure DataSecurity Plus to use a proxy server for connecting to the internet, follow the steps below:
- Login to the DataSecurity Plus web console.
- Go to Admin Console > Admin > General Settings > Connection, and click the Proxy Settings tab.
- Enable the Proxy Server Settings checkbox.
- Specify the Server Name or IP Address of your proxy server.
- If your environment has an authentication-enabled proxy setup, check Authentication and type in the Username and Password.
- Click the Save button.
C. NAT settings
When endpoint devices need to access the DataSecurity Plus central server through the internet, you can configure a network address translation (NAT) device. This will map your internal IP address to a public IP address or fully qualified domain name (FQDN), which the devices can use to access the central server.
Configure the NAT device by following the steps below:
- The details of DataSecurity Plus' central server (private IP address and port number) are prefilled based on your current configuration.
- Enter the public FQDN and port number of the Secure Gateway Server.
- Click Save.
D. Secure Gateway Server settings
A Secure Gateway Server provides an additional layer of security when handling communications between your central server and endpoint devices. It prevents the central server from being exposed directly to the internet by acting as an intermediary between the central server and the endpoint devices. When the agent tries to contact the central server, the Secure Gateway Server receives all the communications and redirects it to the central server.
Follow the steps below to configure the Secure Gateway Server:
- Download and install the DataSecurity Plus proxy server application.
- After installation, open the application.
- Enter the central server name and port number.
- Provide the required details for local or AD authentication.
- Wait until the server certificates are installed.
- Click Finish to close the window.
The Secure Gateway Server will start running. You can check the status of the connection by going back to the Secure Gateway Server settings page.
If you want to change the port number of the Secure Gateway Server, follow the steps below:
- Go to the NAT settings tab and change the port number of the Secure Gateway Server to your required value.
- Open the installation folder of the DataSecurity Plus proxy server application and go the conf folder.
- Open the websettings.conf file.
- Find fs.https.port within the file and change the port number here as well. Double-check to ensure that the port numbers match.
- Save and close the file.
- Restart the DataSecurity Plus proxy server to apply the changes.
- Go to Secure Gateway Server tab and click Test Connection to check whether connection is successful.