Pre-installation

You must complete the pre-installation process to ensure that your environment is configured with the software, user accounts, directories, and other prerequisites required for an initial installation of Relativity. In addition, the Relativity Messaging Broker requires that you install and configure RabbitMQ.

As you set up your environment, use the Installation accounts and directories list to record information about your environment configuration that the installation process requires.

For additional information, see System Requirements and Environment optimization guide. 

Note: If you use a firewall, refer to the Ports Diagram in the Relativity Community to ensure that you configure your firewall correctly with Relativity.

Note: Relativity deprecated support for Windows Service Bus beginning with Server 2023. You must convert to RabbitMQ prior to upgrade to Server 2023 and above.

Windows updates

Install the latest Microsoft Windows Server Service Pack on all Relativity servers.

However, compatibility for higher .NET versions is not guaranteed. We do not recommend installing higher .NET versions than what is listed as required by your Relativity version. Furthermore, install any smaller security patches, Windows updates, and anything else at your own discretion. We only test major service packs, not every Microsoft update. Deploy any patches to your test instance of Relativity first. Ensure that a rollback plan is in place if you discover any issues during deployment.

Ensure you disable the option to Install updates automatically on all Relativity servers. Apply any required updates during a planned maintenance window.

After installing Windows updates, reboot your machines before attempting to install Relativity. Complete this step to ensure that all Relativity components are properly installed. Incomplete Windows updates lock system files, which may cause silent failures and prevent the proper installation of Relativity components.

Note: You must enable Windows Network discovery on all machines.

Required certificates for Relativity

Relativity verifies that all HTTPS services running in your environment have a trusted certificate. The HTTPS services run on the following components of your Relativity installation, so they require that you install valid certificates:

  • Analytics server
  • Components that connect to the Services API
  • Components that use HTTPS to connect to the REST API
  • Viewer
  • Agent servers
  • Web servers
  • Worker servers

For more information about required certificates and their corresponding Relativity servers, see All certificates used by Relativity servers on the Community site.

You need to add certificates to any server in your Relativity environment that is accessed by an HTTPS service. By adding these certificates, you will not see warning messages and insecure-connection icons displayed as you navigate to different components of your Relativity site. Use these guidelines for installing certificates in your Relativity environment:

  • If your Relativity site is exposed to the internet, install a certificate on any server that users can access with HTTPS services.
  • If Relativity users access your web server with different internal and external names, install a second certificate for the internal name.
  • If you use different internal and external URLs bound to the same IP address on your servers, install a second certificate on the server for the internal IP address. You may want to consider using Server Name Indication (SNI), which is an extension to the Transport Layer Security (TLS). For more information, see IIS 8.0 Server Name Indication (SNI): SSL Scalability on the Microsoft website.

    Note: If you do not want to use SNI in your environment, then configure separate IP addresses on your web servers for internal and external URLS. You might not be able to use SNI if your IIS or web browser versions do not support it.

For information about generating certificates for servers in your Windows domain, see Public Key Infrastructure Design Guidance on the Microsoft site. We recommend that you use the Standalone offline root certification authority (CA) referenced in this article.

For information on setting up HTTPS for the Service Host Manager on web and agent servers, see Service Host Manager.

For information on enabling HTTPS for Invariant Kepler Services, see Hosting Invariant Kepler services in HTTPS.

Microsoft Storage Sense

The Microsoft Storage Sense feature that is built in to Windows Server 2019 and later has the potential to cause instability in your Relativity Server instance by inadvertently clearing out Windows TEMP folders.

To mitigate this scenario, see the knowledge base article Temp folder inadvertent clean up by Windows on the Community.

You must have valid Community credentials to access this content.

Creating a self-signed certificate in PowerShell

To create a self-signed certificate with PowerShell 5.1, perform the following steps:

  1. Open PowerShell.
  2. Ensure you are running PowerShell in administrator mode. Otherwise, you will receive an error when attempting to create the certificate.
  3. Import the PKI module into PowerShell via the following command:
  4. Import-Module PKI
  1. Create the certificate through the following commands, where "INSERT_SERVER_FQDN_HERE" is the fully-qualified domain name.

    Note: If you are performing these steps as part of enabling HTTPS for Invariant Kepler Services, the fully-qualified domain name will be for the Queue Manager. For details, see Hosting Invariant Kepler services in HTTPS.

    $cert = New-SelfSignedCertificate -DnsName INSERT_SERVER_FQDN_HERE -CertStoreLocation cert:\LocalMachine\My
  2. Export your certificate to a password-protected file by doing the following:
    1. Choose a directory to export your certificate to. You can select an existing directory. If the directory does not yet exist, you have to create it before proceeding. In the example below, the folder C:\temp did not yet exist, so we created it.

    2. Next, pick the password for your exported certificate file. In the command below, "INSERT_PASSWORD_HERE" should be replaced with the actual password you picked.
      $pwd = ConvertTo-SecureString -String INSERT_PASSWORD_HERE -Force -AsPlainText
    3. In the command below, pick a file name. Since you are creating a PFX certificate, the file name should end with .pfx. In the example below, we used the file name cert.pfx.

      Export-PfxCertificate -Cert $cert -FilePath C:\temp\cert.pfx -Password $pwd
    4. Your certificate is inside c:\temp:.

Certificate requirements for RabbitMQ

The Relativity Service Bus requires the installation of RabbitMQ as a prerequisite. To facilitate secure communication, RabbitMQ requires a certificate.

The certificate must include the following information:

  • For any certificate, either the Subject Name, Subject Alternative Name, or both must be valid for the Fully Qualified Domain name that will be configured in Relativity.
  • Private and public key.
  • Valid start date, end date, and trust chain.
  • Corresponding certificate for the authority that issued the certificate. A corresponding certificate is not required if using a self-signed certificate.
  • Certificate itself, the private key, and the certificate for the authority must be in the PEM format. For more information, see Convert certificates to PEM format.

You can use one of the following options for obtaining a trusted certificate for RabbitMQ:

  • Using a certificate authority—if using a certificate authority complete the following:
    • Request or generate a certificate with the required properties.
    • If you are using an internal certificate authority that is not capable of generating the key and certificate in PEM format directly, generate and convert the certificate, the certificate’s private key, and the certificate authorities certificate to PEM format. For more information, see Convert certificates to PEM format.
    • Self-signed certificate—there are several ways to generate a self-signed certificate including:
      • Powershell
      • OpenSSL—use the following script to directly generate the files in the PEM format. You need to update the inputs for the following script for your environment.
      • Note: To run OpenSSL commands, you need to add the OpenSSL path to the environmental variable or run a command prompt as an admin at that directory.

        @echo off
          
        								REM IN YOUR OpenSSL FOLDER, SAVE THIS FILE AS: makeCERT.bat
        								REM AT COMMAND LINE IN YOUR OpenSSL FOLDER, RUN: makecert
        								REM IT WILL CREATE THESE FILES: HOSTNAME.cnf, HOSTNAMEKey.pem, HOSTNAMECert.pem, HOSTNAMEpfx.pfx
          
        								REM PLEASE UPDATE THE FOLLOWING VARIABLES FOR YOUR NEEDS.
        								SET HOSTNAME=yourrabbitcluster
        								SET DOT=company.corp
        								SET COUNTRY=US
        								SET STATE=IL
        								SET CITY=Chicago
        								SET ORGANIZATION=PD
        								SET ORGANIZATION_UNIT=PD
        								SET EMAIL=admin@%HOSTNAME%.%DOT%
          
        								(
        								echo [req]
        								echo default_bits = 2048
        								echo prompt = no
        								echo default_md = sha256
        								echo x509_extensions = v3_req
        								echo distinguished_name = dn
        								echo:
        								echo [dn]
        								echo C = %COUNTRY%
        								echo ST = %STATE%
        								echo L = %CITY%
        								echo O = %ORGANIZATION%
        								echo OU = %ORGANIZATION_UNIT%
        								echo emailAddress = %EMAIL%
        								echo CN = %HOSTNAME%.%DOT%
        								echo:
        								echo [v3_req]
        								echo subjectAltName = @alt_names
        								echo:
        								echo [alt_names]
        								echo DNS.1 = *.%DOT%
        								echo DNS.2 = %HOSTNAME%.%DOT%
        								)>%HOSTNAME%.cnf
          
        								openssl req -new -x509 -newkey rsa:2048 -sha256 -nodes -keyout %HOSTNAME%Key.pem -days 3560 -out %HOSTNAME%Cert.pem -config %HOSTNAME%.cnf
        			openssl pkcs12 -inkey %HOSTNAME%Key.pem -in %HOSTNAME%Cert.pem -export -out %HOSTNAME%pfx.pfx

        Note: After updating the inputs at the beginning of the script for your environment, this script can be used to directly generate a self-signed certificate in the PEM format.

  • Existing Certificate from the Certificate Store—RabbitMQ service does not use the Windows Certificate Store. Instead, certificates have to be configured in the RabbitMQ advanced.config file. You will need the certificate, private key, and CA certificate, or the same certificate for self-signed, all in the PEM format. In order to export the certificates from the Window Certificate Store perform the following steps:
    1. Open Run on your desktop, and enter MMC.exe.
    2. Click OK.
    3. In the Console window, click File > Add/Remove Snap-ins.
    4. Select Certificates under Available Snap-ins.

    5. Click Add.

    6. Select Computer Account and click Next.
    7. Select Local Computer and click Finish.

    8. Click OK.

    9. Right-click the certificate you want to export and click All Tasks > Export.

    10. On Export Private Key select Yes, export the private Key.

    11. On Export File Format select Personal Information Exchange (.pfx).

    12. Select Include all certificates in the certification path if possible.

    13. Click Next.

    14. On Security select Password.

    15. Enter in a unique and secure password, you will need it for when converting the .pfx to a .pem.

    16. Save the file in a secure location.

    17. Using the Windows Certificate Manager store, export the .pfx certificate without the private key, making sure to choose the .der (.cer) option.

Convert certificates to PEM format

The certificates in RabbitMQ must be in PEM format. There are multiple ways to convert certificates to the PEM format. The following an example conversion done using OpenSSL:

  1. If applicable, export the certificates from the Window Certificate Store. For more information. see Export existing certificates for conversion to PEM format.
  2. Using OpenSSL, complete the following steps convert the certificate to PEM format:
    1. Save the private key as a PEM file:

    2. openssl pkcs12 -in <PathToPfx>.pfx -out <OutputPathForKey>.pem -nodes -nocerts
    3. Save the certificate as a PEM file:
    4. openssl pkcs12 -in <PathToPfx>.pfx -out <OutputPathForCert>.pem -nodes -nokeys
    5. Save the CA certificate as a PEM file, this step is not required for self-signed certificates:
    6. openssl x509 -inform der -in <PathToCACer>.cer -out <OutputPath>.pem

For more information on using OpenSSL to convert the certificate to PEM format, see How to convert a certificate into the appropriate format.

(Optional) Running the RabbitMQCertificate utility

When configuring the RabbitMQ TLS setting, you have the option of running the RabbitMQCertificate utility available on the Community, which contains a copy of OpenSSL. If you cannot use Powershell for any reason, then you need to use the manual setup instructions provided above.

To use the RabbitMQCertificate utility:

  1. Download the RabbitMQCertificateUtility from the Community.
  2. Unzip the RabbitMQCertificateUtility.zip file and open the RabbitMQCertificateUtility folder.
  3. Navigate to the File tab in your file explorer.
  4. Select Open Windows PowerShell and then select Open Windows PowerShell as administrator.
  5. Run the script by typing .\RabbitMQCertificateTool.ps1 and clicking Enter.
  6. Select one of the following options:
    • Option 1 to set up RabbitMQ with a self-signed certificate.
      • Provide a password, which will be used when creating the private key.
      • The password must not contain ! or &.
      • Restart the service when prompted.
      • Export the newly created certificate and install it on all web, agent, and Invariant servers.
    • Option 2 to use a PFX.
      • The PFX must be in the C:\Users\{RSA}\AppData\Roaming\RabbitMQ folder.
      • The PFX must be called RabbitMQ.pfx.
      • You must know the password for this PFX file, as you will be prompted for it when running this option.

User and group accounts

Configure the following user and group accounts in your environment.

Relativity service account

Make sure that the Relativity services account has local administrator privileges on each of the servers where you want to install Relativity. You must log in under this account when installing this software. You can find additional requirements for this account under the sections describing how to configure specific servers. For additional information about this account, see Relativity service account information.

The Windows Service Component and the Relativity COM Plus Component run under the Relativity Service Account. Verify that this account is configured as follows:

  • Create account in Active Directory.
  • Add account to the Administrators group on all machines running Relativity components.
  • If using a workgroup, verify that the account has identical credentials on all Relativity servers.

Database server setup

Set up the database server by completing the steps in this section.

You should disable User Access Controls (UAC) prior to installation of Relativity. You can enable it again once installation is complete for all servers, except the Worker servers. For more information, see Environment modification for processing or native imaging.

The SQL sa account must exist with the name sa and be enabled during installation.

Required software

The following software must be installed on the database server:

  • Windows Server 2022, Windows Server 2019, Windows Server 2016

  • SQL Server 2022, SQL Server 2019, or SQL Server 2017
  • Caution: As of August 2024, due to issues found within email aliasing and name normalization, if you're running SQL Server 2019 on any SQL Server in your instance, you need to get Cumulative Update package 28 from Microsoft. To do so, see Cumulative Update 28.

Relativity supports in-place upgrades from SQL 2016 to any higher supported version. For details on SQL Server upgrade, follow the EDDS migration Guide. To determine if you should upgrade your current SQL Server version to SQL Server 2019, contact Relativity Support.

  • .NET 4.7.2, 4.8, or 4.8.1
  • .NET 3.5

Additional considerations:

  • Each environment is different, research settings that your specific environment may utilize before performing any upgrades.

  • Ensure that you have tested backups before performing any upgrades.

  • Although an in-place SQL upgrade is supported by Relativity. Performing an EDDS migration is the cleanest way to perform a SQL upgrade.

Note: Relativity requires Full Text Search from the Database Engine Services feature as part of the SQL Server installation.

Enable Microsoft DTC

Microsoft DTC must be enabled on the SQL Server along with the following configuration changes:

  1. Add the Application Server role and select Distributed Transactions. Select Incoming Remote Transactions and Outgoing Remote Transactions.
  2. Type dcomcnfg on your Start menu and press Enter to open Component Services.
  3. Expand Component Services > Computers > My Computer > Distributed Transaction Coordinator.
  4. Right-click Local DTC and click Properties.
  5. Click the Security tab.
  6. Select the following check boxes. For additional details on DTC enablement, see the Deployment workbook on the Relativity Community.

    • Allow Remote Clients
    • Allow Inbound
    • Allow Outbound
  7. Click Apply.
  8. Click Yes to restart the MSDTC service.
  9. Click OK.

Assign admin permissions to the Relativity service account

You must configure permissions for the Relativity service account on the SQL Server as part of the database setup process. Make sure that the Relativity service account has local administrator and system admin permissions on the SQL Server.

Create SQL Server login

The following login must be added to the SQL Server environment. Set this account to Never Expire and Not Enforce Password policy.

Note: The Relativity installer creates this SQL Server account if it does not already exist.

The EDDSDBO account is the login used by the owner of all objects in the EDDS system databases. Follow these guidelines for configuring this account:

  • Authenticate this user with SQL Server Authentication.
  • Give this account only the following server roles:
    • bulkadmin
    • dbcreator
    • public
  • If you have multiple SQL Servers, create this account on each server with the same name, permissions, and credentials.
  • Make sure that password for EDDSDBO account doesn't contain an equals sign (=), carats (< or >), double quotes ("), parenthesis, curly braces ( { or } ), or semicolons (;).

Set authentication mode

After creating a SQL Server login, you must set the Windows authentication mode property on the server.

Complete the following steps to set the authentication mode:

  1. Log in to Microsoft SQL Server Management Studio.
  2. Right-click on your server in the Object Explorer, and then click Properties in the menu.
  3. On the Server Properties dialog box, click the Security page.

    authentication setting for SQL server

  4. Under Server authentication, click SQL Server and Windows Authentication mode.
  5. Click OK.

Create BCP share

Create a directory on the SQL Server in a location where the Relativity Service Account can read and write. In addition, give SQL services permissions to read from and write to this directory. For more information about transferring data with BCPPath, see RDC transfer modes. Follow these guidelines for setting up this directory:

  • Make sure that this directory is an actual folder, not merely a drive letter.
  • Confirm that the account running SQL has access to this directory. If it does not have access to this folder, it cannot create new cases. This directory is used for temporary files during imports, exports, case creations, and dtSearch queries.
  • Place this share on the drive housing the backup files for optimal performance. This share should be named BCPPath in every instance.
  • If you have multiple SQL Servers, create this share on each server and use the BCPPath as the share name on all servers.
  • Make sure the account running the SQL services has rights to the BCPPath. Bulk import fails when this account does not have these rights.

Note: Consider setting up an SQL Service Account that is a domain account with local admin rights. You should review the security requirements of your organization before setting up this account. To create a SQL Server Service account available from Microsoft, see Configure Windows Service Accounts and Permissions.

Complete the following steps to share the folder:

  1. Right-click the folder and go to Properties.
  2. Open the Sharing tab and click Share.
  3. Enter the Relativity Service Account name, domain\account, and click Add.
  4. Select the service account on the share list and set the Permission Level to a minimum of Read/Write.
  5. Click Share.
  6. When the share completes, click Done.
  7. On the Document Properties dialog box, select the Security tab.
  8. Verify that the Relativity Service Account has Full Control security permissions to the folder itself.

Update the permissions on the BCPPath file share

In the Failover Cluster Manager, you must update the permission settings for the BCPPath file share to ensure the case creation occurs properly on the failover cluster. When you create the BCPPath on a clustered disk, verify that Enable continuous availability option is not selected under Settings on the BCPPath Properties page. See the sample settings on the following screen shot:

BCPPath settings in the Failover Cluster Manager

Note: You must configure this setting only for SQL Server 2012, 2014, and 2016.

Optionally configure an authentication token-signing certificate

When you run the Relativity installer, it automatically adds an authentication token-signing certificate, named RelativityIdentityCertificate, to the certificate store on your primary database server. However, you also have the option to use your own certificate rather than the one created by the Relativity installer.

Note: You only need to install an authentication token-signing certificate if you do not want to use the default certificate called provided by the Relativity installer.

Before you begin installing Relativity, you may want to configure the token-signing certificate in the store on your primary database server. The other servers in your Relativity installation automatically retrieve this certificate information from the EDDS database server, so you do not need to configure their certificates individually.

Note: For a clustered environment, you need to export a copy of your RelativityIdentityCertificate from the primary database server, and install the certificate to each database server hosting the EDDS.

Pre-installation steps for a token-signing certificate

You may want to install your custom token-signing certificate on the database server before you install Relativity in your environment. However, you can also complete these steps after installation.

Use this procedure to configure your certificate:

  1. Obtain a signed certificate and install it on the certificate store on your primary database server.
  2. Copy the thumbprint of the certificate for later use. You need this value to update the instance setting after you install Relativity. See Post-installation steps for a token-signing certificate.
  3. Install Relativity on the database and other servers. For more information, see Relativity installation or Upgrading your SQL Server .

After you install Relativity complete the steps in Post-installation steps for a token-signing certificate.

(Optional) Restrict account permissions for third party applications

This section describes how to allow a user to execute worker operations in a user account that is independent of the default account used in Processing. This user account can be configured without admin level permissions in order to make the file conversions execute un-managed code in a highly secure fashion.

To restrict account permissions:

  1. Create the desired user account on the worker machines that will be doing work for Processing.
    • The user account is not required to have permissions to access a file share or network.
    • The user account does need to be able to read and write local temporary files.
    • A single account name and password will be used for all workers in use by Invariant. This can be a local user account created on each worker.
  2. Store the user account name and password in Secret Store so that Processing can access them. This information can be configured in Secret Store either through the InvariantResponse.txt file used during installation or using the Secret Store client utility.
  3. Note: The date format settings for this user account should be set up the same way as the Relativity service account. For example, if a service account is set up with the date format of DD/MM/YYYY, then the restricted user account must follow this format. Otherwise, applications executed under the restricted user account can be affected by mismatched date formatting. To verify your date format settings, see the regional format date and time configuration under the workers Windows settings.

    Worker Regional date time settings in windows

Web server setup

This section describes how to prepare your web server for installing Relativity. Install the following software on the web server:

  • Windows Server 2022, Windows Server 2019, Windows Server 2016

  • .NET 4.7.2, 4.8, or 4.8.1
  • .NET 3.5
    Notes:
  • When adding a new server to your resource pool, ensure that you apply the same hotfix to the new server that you may have applied to any existing Web or Agent Servers.

Setting IIS options

Make these updates on all web servers in your Relativity installation:

  1. Install the required versions of the .NET Framework Full Profile on all web servers.
  2. Configure the Legacy Unhandled Exception Policy on all web servers:
    1. Browse to the following directory on your web server: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
    2. Open the Aspnet.config file in a text editor.
    3. Locate the tag <legacyUnhandledExceptionPolicy>.
    4. Set the enabled attribute to true. This sample code illustrates the attribute that you need to update:
    5. <legacyUnhandledExceptionPolicy enabled="true" />

    6. Save the changes to the file.

Trusted Site

Make sure the certificate that the web server is using for HTTPS has been installed to the trusted root on all Relativity Servers.

HTTP Strict Transport Security

IIS 10.0 provides native support for HTTP Strict Transport Security (HSTS). If you enable this and check Redirect HTTP to HTTPS you must also configure Service Host Manager for HTTPS connections across the entire environment. For details on configuring Service Host Manager, see HTTPS configuration.

Edit website HSTS pop-up window.

IIS role service configuration

Relativity requires that you configure several role services in the IIS. You also have the option of using a full installation of the Web Server (IIS) role.

Enabling the WebSocket protocol

You might need to have the WebSocket protocol enabled on the IIS to support documentation conversion and imaging. Confirm that you have this protocol enabled on your web server. If you do not currently have it enabled on the IIS, see the WebSocket <webSocket> page on the Microsoft web site for instructions about setting it up.

Configuring log file options

If you enabled logging on the IIS, you can avoid performance and other issues by limiting the size of log files, as well as the number of trace files stored on the IIS. This section describes how to configure these features in your environment for optimum performance.

Windows log file options

Use the instructions in this section to configure logging settings for Windows.

Configuring SSL on a web server

Before installing Relativity, we recommend that you set up SSL on the IIS for your Relativity instance. This configuration provides added security for the communication between the web server and the browser on a client computer. Your browser uses this secure connection to verify that it is communicating with the Relativity server. It also provides additional protection against the theft of cookies used to maintain a session between the browser and the server.

Note: You are not required to configure SSL on the web server hosting Relativity. If you decided not to use HTTPS in your environment, you must set the CookieSecure instance setting to False before logging in to Relativity, or you receive an error message. You can also complete this setup after installation but before logging in to Relativity. For more information, see Instance setting table.

The process for configuring SSL on your web server includes these steps:

Agent server setup

An agent server performs background processing. It requires the following software:

  • Windows Server 2022, Windows Server 2019, Windows Server 2016

  • .NET 4.7.2, 4.8, or 4.8.1
  • .NET 3.5

In most environments, the Relativity installer automatically enables Microsoft DTC and HTTP activation. You may require the following instructions if you need to troubleshoot your installation or if its configuration requires you manually complete these steps.

Message broker options

Relativity requires that you install and configure RabbitMQ before you install or upgrade Relativity.

RabbitMQ is the most widely deployed open source message broker with more than 35,000 production deployments. Additionally, RabbitMQ is fully supported on the latest Windows operating systems, features full support for TLS 1.2, and includes superior monitoring, administration, and performance capabilities. For more information, see the RabbitMQ website. The process for installing and configuring RabbitMQ includes these steps:

File (document) share or server

You can use a file share or server as a repository for documents stored in Relativity. You must create a directory that is used as the root of the directories and documents created through the Relativity system. This file share must be a folder rather than a drive letter. For example, C:\Fileshare instead of just the C drive.

In addition, confirm that the Full Text, .ldf files, .mdf files, and Backups are all specified to the folder level. Do not specify them to only a drive.

Note: For information about setting up processing servers, see Database and worker server for processing or native imaging and Pre-installation.

Create share

The document root directory is exposed to the Relativity application through a shared drive. Use these steps to share the folder:

  1. Right-click the folder, and go to Properties.
  2. Open the Sharing tab, and click Share.
  3. Enter the Relativity Service Account name, domain\account, and then click Add.
  4. Select the service account on the share list, and then change Permission Level to Co-owner.
  5. Enter the Relativity Upload Users group, and then click Add.
  6. Select the group on the share list, and then set the Permission Level to Co-owner.

  1. Click Share.
  2. When the share completes, click Done.
  3. On the Document Properties dialog box, select the Security tab.
  4. Verify that the users and groups you added to the share also have Full Control security permissions to the folder itself.

Cache location server

The cache location server requires the same permissions as the file share. For more information, see File (document) share or server.

Note: During installation or upgrade, Relativity automatically creates a cache location server based on the location of your file repository. You can also manually add cache location servers. For more information, see Cache location servers.

Analytics server setup

Before completing the steps for upgrading the Analytics server, make sure you have completed the steps contained in this section.

Required software

The following software must be installed on the analytics server:

  • Windows Server 2022, Windows Server 2019, Windows Server 2016
  • .NET Version 4.7.2, 4.8, or 4.8.1

  • .NET 3.5

CAAT 4.5.0 and above

The following table breaks down which versions of Microsoft Visual C++ are required for which versions of CAAT.

  Required Microsoft Visual C++ version (Redistributable x86 and x64)
CAAT version 2010 2012 2013 2015
CAAT 4.2.5 and above

Create installation index directory

  1. Create a folder called CAAT on the root of the C: drive.
  2. The Analytics index directory must also be created before installing Analytics. We recommend that you not keep the index directory on the C: drive due to the size requirements. We recommend you use locally-attached storage referenced by a drive letter, such as E:\AnalyticsData, rather than a UNC path. For more information, see Index directory requirements. Do not create a local drive map to a UNC. For example, do not open \\servername\CAAT1 and map it to drive Z. This is because drive mappings are specific to each Windows user and may not be available to the Relativity Service Account.

Assign permissions to the analytics directories

You must configure permissions for the necessary directories on the analytics server. Follow these steps to assign the proper permissions:

  1. Add the Relativity Service Account user to both the Administrators and the Users group.
  2. Navigate to C:\CAAT\ and add Full Control permissions to both the Administrators and the Users group.
    • Right-click on C:\CAAT.
    • Navigate to the Security tab.
    • Edit the Users group permissions and add Full Control.
    • Edit the Administrators group permissions and add Full Control.
    • Click Apply.
  1. Navigate to the index directory and add Full Control permissions to both the Administrators and the Users group.
    • Right-click on the index directory folder.
    • Navigate to the Security tab.
    • Edit the Users group permissions and add Full Control.
    • Edit the Administrators group permissions and add Full Control.
    • Click Apply.
  1. Reboot the server after all user or permission changes.

Required setup

  1. The web server needs to be able to communicate with the analytics server via TCP ports 445, 8080, and 8443. For more information, see Infrastructure planning considerations..
  2. Disable anti-virus programs. At minimum it needs to be set to ignore the C:\CAAT installation folder as well as the index directory.
  1. Ensure that proxy settings are disabled on the analytics server by performing the following steps:
    • Go to Internet Options using the Control Panel.
    • Select the Connections tab.
    • Select LAN Settings and ensure the Proxy server section is cleared:
  1. Click OK to save your changes.
  2. Ensure that the required display language is set on the analytics server by performing the following steps:
    • On the Analytics server, click the Start button.
    • Click Control Panel.
    • Click Change date, time, or number formats.

    • Click the Administrate tab.

    • Select Copy settings and ensure the correct language is set:

    • Click OK to save your changes.

Elasticsearch server setup

Required software

The following software must be installed on the Elasticsearch server:

  • Windows Server 2022, Windows Server 2019, or Windows Server 2016.

For more information, see Installing Elasticsearch.

To access the Elasticsearch installation package, go to the Community.

Index share - dtSearch repository

Create a root directory for the directories created by dtSearch index builds within the system.

Create share

The dtSearch index directory is exposed to the Relativity application through a shared drive. Use these steps to share the folder:

  1. Right-click on the folder, and then go to Properties.
  2. Open the Sharing tab, and then click Share.
  3. Enter the Relativity Service Account name, domain/account, and then click Add.
  4. Select the service account on the share list, and then set the Permission Level to Co-owner.

  1. Click Share.
  2. When the share completes, click Done.
  3. On the Document Properties dialog box, select the Security tab.
  4. Verify that the Relativity Service Account also has Full Control security permissions to the folder itself.

SMTP server setup

Relativity requires access to an SMTP server to handle the delivery of error messages, job notifications, and billing statistics to both internal contacts and to us at Relativity. We provide an easy to use SMTP connectivity tool, which Customer Support runs against your system to verify the servers can properly communicate with your specified SMTP server.

Note: Make sure that the newly created agent and web servers used in your Relativity environment are configured to permit the relay of messages to external recipients. If you do not provide this permission, job notifications and other messages are blocked.

Environment modification for processing or native imaging

Before running the Invariant, worker manager server, installer, you must perform the following steps to modify your environment.

Component Environment Configuration Settings
Database
Queue Manager None
Workers
  • Enable the Desktop Experience Windows Feature.
  • Disable User Access Control (UAC). Disabling UAC on the worker server suppress pop-ups from the application in which the processing engine opens files.
  • Enable your firewall according to the Ports Diagram and Relativity Server Security document on the Relativity Community portal under the Security Resources folder.
  • Set Windows Updates to download, but allow you to choose whether to install. You can set this option through the Control Panel under System and Security.

For more information, see Worker manager server installation.

Database and worker server for processing or native imaging

The following sections provide basic information about setting up the database server for processing or native imaging. For more information, see Worker manager server installation.

Required software

Install the following software on the database server:

  • Windows Server 2022, Windows Server 2019, Windows Server 2016

  • SQL Server 2022, SQL Server 2019, or SQL Server 2017
  • Caution: As of August 2024, due to issues found within email aliasing and name normalization, if you're running SQL Server 2019 on any SQL Server in your instance, you need to get Cumulative Update package 28 from Microsoft. To do so, see Cumulative Update 28.

Relativity supports in-place upgrades from SQL 2016 to any higher supported version. For details on SQL Server upgrade, follow the EDDS migration Guide. To determine if you should upgrade your current SQL Server version to SQL Server 2019, contact Relativity Support.

  • .NET 4.7.2, 4.8, or 4.8.1
  • .NET 3.5

Additional considerations:

  • Each environment is different, research settings that your specific environment may utilize before performing any upgrades.

  • Ensure that you have tested backups before performing any upgrades.

  • Although an in-place SQL upgrade is supported by Relativity. Performing an EDDS migration is the cleanest way to perform a SQL upgrade.

The following table provides a breakdown of the required software:

Software Description

Required for system installation?

Required for Native Imaging/Processing

Windows Server 2022,

Windows Server 2019, Windows Server 2016

Required server software.

The Windows Print Spooler service must also be enabled on all Worker Server machines in the environment.

Windows Server Core is not supported.

Yes  

.NET 4.7.2, 4.8, or 4.8.1

.NET 3.5

Required server software. Yes  

Microsoft Office 2016 Professional (32-bit), Microsoft Office 2016 Professional Plus (32-bit)

Note the following:

  • Click-to-Run installations of Office are not supported due to issues caused by registry differences between the Windows Installer (MSI) version and Click-To-Run version which causes images to not show up.
  • There is no backwards compatibility for Microsoft Office versions. The versions listed here are the only ones supported.

This includes:

  • Excel—used for Processing and Native Imaging of most spreadsheet based documents .xlsx, .xlsm, .xlsb, .odc, .ods, and others.

  • Word—used for Processing and Native Imaging of .docx, .docm, .dotx, .dotm, .doc, and others.
  • Powerpoint—used for Processing and Native imaging of .pptx, .pptm, .ppsm, .potx, .potm, and others.
  • Outlook - used for Processing and Native imaging of .msg, .pst, .ost, and others.
  • OneNote—used for Processing and Native Imaging of .one and .tmp files, and others.
  • Publisher—used for Processing and Native Imaging of .pub files and others.
    Notes: The Courier New font must be installed on your machine. This font is installed by default when you install Microsoft Office, in which case you must ensure that you do not remove it.

    Relativity does not support add-ins for Microsoft Office.

No

Yes

You are able to install the worker manager server without first installing Office.

Note: Some features found in files created in different versions of Office may not be available or render correctly when processed or imaged using a different version than the file was originally created in. For more information about features differences between Office versions, please consult the appropriate Microsoft documentation.

 

Microsoft Works 6–9 File Converter The Microsoft Works Converter is also required. You can download it from the Relativity Community here. No Yes
Microsoft Visio 2016 Professional or Standard SP2 (32-bit) Used for processing and imaging .vsd, .vdx, .vss, .vsx, .vst, .vsw files.

No

No

Only required for processing and imaging .vsd, .vdx, .vss, .vsx, .vst, .vsw files. You can still install processing without this component, but you will not be able to process or image those files without it.

Microsoft Project Professional 2016 (32-bit) Used for processing and native imaging of .mpp files.

No

No

Only required for processing and imaging .mpp files. You can still install processing without this component, but you will not be able to process or image .mpp files without it.

(Optional) Lotus Notes v8.5 and higher

  • Lotus Notes v8.5.3 with Fix Pack 6

  • Lotus Notes v8.5.2 with Fix Pack 4

  • Lotus Notes v9.0

  • Lotus Notes v9.0.1

  • Lotus Notes v10.0.1

It is recommended that you install Lotus Notes 9 or higher on your workers, because Lotus Notes version 8.5.x cannot read certain Lotus 9 databases. Please note that some Lotus 9 databases cannot be opened in 8.5.x and will generate an error during processing.

No

No

When you install Lotus Notes, you need to restart the worker machine. There is no need to restart the queue manager service.

  • Solidworks eDrawings Viewer 2017 (64-bit) version only with SP5 or above.

  • Solidworks eDrawings Viewer 2018 (64-bit)

  • Solidworks eDrawings Viewer 2019

  • Solidworks eDrawings Viewer 2020

Used for processing, text extraction, and imaging for CAD files.

  • To download the viewer, go here.

  • Solidworks eDrawings Viewer 2017 SP5 and above is supported.

No

 

No

Only required for performing native imaging and text extraction on any supported CAD files in your data sources. You should install it only on the worker designated to perform these types of jobs. If you attempt to process a CAD file without the Solidworks viewer installed, you receive a simple document-level error prompting you to install it. Once you install the Solidworks viewer, you can retry that error and proceed with your processing job

JungUm Global Viewer v9.1 or higher This is required for processing and imaging GUL files, for Korean documents.

No

No

After you install the JungUm Global Viewer on the worker, you should restart the worker machine, but there is no need to restart the queue

Relativity Service Account

The Relativity Service Account must be the owner of all objects in the processing databases and have permissions for logging in to the SQL Server environment. It must be set up as follows:

  • Configure the account with Windows Authentication.
  • Ensure that the account has local administrator rights to perform the installation of the native imaging database and queue manager.
  • Ensure that this account has SQL administrator rights.
  • Do not include special characters in the Relativity service account active directory account name.

Create Invariant worker network file path share

Create a directory on the SQL Server in a location where the Relativity Service Account can read and write. Make sure that SQL services can also read from this directory. This directory must be an actual folder, not a drive letter. It stores the installation files for worker servers.

Required Microsoft Visual C++ redistributables

The following table breaks down which versions of Microsoft Visual C++ are required for which versions of Relativity/Invariant. Note that you are required to install each version of Microsoft Visual C++ only if you are upgrading to the Relativity/Invariant version listed and not if you are installing it for the first time.

  Required Microsoft Visual C++ version (Redistributable x86 and x64)
Relativity/Invariant version 2010 2012 2013 2015
Server 2022/7.1.431.1
Server 2023/7.3.841.24
Server 2024/

Relativity Service Account

The Relativity Service Account must be given local administrator rights to each worker server. The installation process uses this account. It must remain logged in to each server to run local processes during native imaging.

Obtaining applications for native imaging and processing

On the Relativity Native Imaging/Processing worker, you must install additional software to support imaging and processing.

For convenience, this section includes links to download pages for specific software, which may require licensing or may be downloaded for free:

Default log file location

The default file location for Relativity logs is set by the %RELATIVITY_LOGS% environment variable. Define the variable on all machines in your Relativity environment, web servers, agent servers, except SQL Servers. For more information, see Configure logging.

Post-installation considerations

After you install Relativity, review the post-installation considerations listed in this section.

Re-enabling User Access Controls

You should disable User Access Controls (UAC) prior to installation of Relativity. You can enable it again once installation is complete for all servers, except the Worker servers. For more information, see Environment modification for processing or native imaging.

User group for uploading documents

You can improve performance when documents are uploaded with the Win Relativity component by creating a group of users with Full Control permissions on the file share used as a document repository. This group can import and export documents in Direct mode, which is significantly faster than Web mode.

Relativity service account information

The Relativity installer automatically creates the Relativity service account. It assigns this account an email address, as the user name, and a default password. We highly recommend that you change the default Forms password through the Relativity UI after the software is deployed. However, you should not disable this account or modify any other authentication information assigned to it.

The Active Directory (AD) domain also includes a Relativity services account, which has the same user name. The Relativity services account on this domain must log in to Relativity to perform various tasks. Tasks like running agents and authenticating against the Relativity Services API. The audit history for Relativity often lists the Relativity services account as the user who performed a task. To avoid destabilizing your environment, we recommend that you do not change the user settings in Relativity for this account or the AD domain for this account. Since Relativity uses AD authentication for the Relativity services account only for performing agent tasks, you can change the Forms authentication password through the Relativity UI without encountering any environment issues.

As previously mentioned, the Relativity service account is sometimes used to identify the user who performed certain tasks in the software. For example, you might set up a dtSearch index job that includes a private search created by one of your users. The Relativity service account needs access to this private search in order to build the index automatically. It is the only account that can provide this functionality within Relativity.

Post-installation steps for a token-signing certificate

Note: To minimize any interruption to your Relativity workflows, we recommend that you complete the following process during off-hours.

After installation, perform the following steps for a token-signing certificate:

  1. On the primary SQL server, navigate to the Relativity install directory and then navigate to the Procuro folder. Typically C:\Program Files\kCura Corporation\Relativity\Procuro.
  2. Run the kCura.EDDS.Procuro.exe application as an administrator.
  3. On the EDDS Database Upgrade window, click Back.
    EDDS database upgrade window.
  4. Select the certificate that you wish to use as the signing certificate. The certificate must already be in the Personal store on the machine for it to appear in the drop-down menu.
    Select certificate for EDDS upgrade.
  5. Click Update Certificate.
  6. Restart all of the Relativity services in the environment and IIS.

Logo customization

Customize your Relativity web interface with your company’s logo. To accommodate variable space requirements, provide two logos with different sizes. The height may be 50 pixels and the width is discretionary. You can hide the logo using a setting in the Instance setting table. The name of the logo file is also set in the Instance setting table. Add the logos to the images folder at the root of the EDDS directory.

Resource groups

A workspace does not contain resource servers after you install Relativity. After the agents start up, the servers self-register. They are not automatically associated with a resource group. To associate these servers to a resource group, you must manually add them through the Resource Group tab available only from Home. For more information, see Servers.

License keys

After you install Relativity, you need to either activate new licenses or renew your current ones by requesting and applying activation keys for the applications you intend to use in your Relativity instance, including Processing. Relativity licensing includes flexible options that you can tailor to the size, type, and other requirements of your organization as part of your contractual agreement with us. For more information, see Licensing an application.

Relativity instance name

During a first-time installation, you must provide a name for your Relativity instance. This value is displayed on License details page available through the License tab. It is stored as the instance setting in the Relativity.LicenseManager section of the Instance setting table on the EDDS database.

Note: Modifying the instance name by updating this setting in the Instance setting table immediately invalidates your Relativity and Processing licenses.

When you request a Relativity license, this instance name is included in the request key. Contact the Customer Support team for additional information.

In the RelativityResponse.txt file, the RELATIVITYINSTANCENAME value records the Relativity Instance Name option when you perform a first-time installation. For more information see, Relativity installation.