archive administration guidesa2help.com/documentation/sonian_administration_guide.pdfsonian...
TRANSCRIPT
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
1
LegalNotices
WarrantyThe only warranties for Sonian products and services are set forth in the express warranty statementsaccompanyingsuchproductsandservices.Nothinghereinshouldbeconstruedasconstitutinganadditionalwarranty.Sonianshallnotbeliablefortechnicaloreditorialerrorsoromissionscontainedherein.Theinformationcontainedhereinissubjecttochangewithoutnotice.
RestrictedrightslegendConfidential computer software. Valid license from Sonian required for possession, use or copying.Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer SoftwareDocumentation, and Technical Data for Commercial Items are licensed to the U.S. Government undervendor'sstandardcommerciallicense.
LicensingThe use of Sonian products is governed by the terms and conditions of the applicable End User LicenseAgreement(EULA).
TrademarknoticesMicrosoft®,Windows®areU.S.registeredtrademarksofMicrosoftCorporation.JavaisaregisteredtrademarkofOracleand/oritsaffiliates.OracleisaregisteredtrademarkofOracleCorporationand/oritsaffiliates.UNIX®isaregisteredtrademarkofTheOpenGroup.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
2
TableofContentsAboutthisdocument.....................................................................................................................4
Intendedaudience....................................................................................................................................4Prerequisites............................................................................................................................................4Relateddocumentation............................................................................................................................4Documentationupdates............................................................................................................................5Support...................................................................................................................................................5
I.Introduction.................................................................................................................................6SonianArchiveforE-mailAdministrationGuide........................................................................................6SonianArchiveforE-MailDistributionModel.............................................................................................7
Elasticcomputing orcloudcomputing...........................................................................................................8
II.NewAccountSetUp....................................................................................................................9Soniantasks-creatingyournewaccountandAccountOwnerAdministrator.......................................................9Customertasks—Logging inandconfiguring theaccount.......................................................................10Modifyingaccount settings......................................................................................................................11ConfiguringAccountSubscription,Options,andLogo..................................................................................13Billing information (read-only)............................................................................................................16
III.AdministrationDashboard........................................................................................................17Administration DashboardStatistics........................................................................................................18Company,Logo,RecentLogins,Workstream.........................................................................................19Whatyoucandofromhere.....................................................................................................................21
IV.AdministeringUserAccess.......................................................................................................22Userstab...............................................................................................................................................22Creating useraccounts...........................................................................................................................23
Methodone:addusers................................................................................................................................24Method two:creatingusersinbulk..............................................................................................................27Method three:newuserself-registration....................................................................................................28
Enablingenduseraccesstothearchive.................................................................................................29Requestinganewtemporarypassword.................................................................................................30Modifyinguseraccounts.......................................................................................................................30
Addanemailaddress................................................................................................................................30Editing/deletinganemailaddress.............................................................................................................31
V.Collectors...................................................................................................................................32Non-mailitemsarchivedconditionally.....................................................................................................34Draftanddeleteditems..........................................................................................................................34Microsoft Exchangeenvelopejournaling...................................................................................................35Workingwithcollectors..........................................................................................................................36AddingPOP3MailboxCollector—Exchange Journal...............................................................................38
GoogleAppsandSSLconnectionrequirement............................................................................................39AddingSMTPcollector andtrustednetwork —ExchangeSMTP..............................................................40SMTPandencryptionasabestpractice...................................................................................................42
Pete Zimmerman � 10/22/15 3:16 PMDeleted: 15
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
3
POP3securitywithSSLasabestpractice...................................................................................................42AddingSecurePOP3Collector...............................................................................................................43
WhyuseSecurePOP3Journaling?............................................................................................................43HowdoIconfigureSecurePOP3JournalingwithExchange?....................................................................43ConfigureSecurePOP3CollectorintheHostedArchiveService...............................................................44
CollectionHistory..................................................................................................................................45ConfiguringyourLotusDominoOn-PremiseCollectorforWindows......................................................47
VI.Settings..................................................................................................................................54YourSettings.........................................................................................................................................54EndUserAccessRules...........................................................................................................................56ConfiguringLDAPintegration................................................................................................................57
RemovingLDAPsettings............................................................................................................................60Additionalinformation–Authenticationmethods...................................................................................60
Loginmessages.....................................................................................................................................65E-mailForwardingRestriction...............................................................................................................66
VII.Reporting.............................................................................................................................68Reportbuilderoptions............................................................................................................................68
VIII.ImportingData......................................................................................................................70High-level summaryofthedataimportworkflow.....................................................................................70Creating theimportjob...........................................................................................................................70Preparingdataforimport.......................................................................................................................72
PSTformat..................................................................................................................................................72RequirementsfornamingPSTfiles...............................................................................................................73
Drag-and-dropdataupload...................................................................................................................74Creatingtheimportjob.............................................................................................................................74Drag-and-dropuploadtechnicalspecifications.........................................................................................77
IX.ExportingData........................................................................................................................78Bulkexport ofarchivedata......................................................................................................................78
X.Policies....................................................................................................................................79Emailretentionpolicy...........................................................................................................................79
Appendix:Supported EmailServerPlatforms....................................................................................80On-premiseemailserverplatforms...........................................................................................................80Hostedemailplatforms............................................................................................................................80Emailclientintegration.........................................................................................................................80Supportedwebbrowsers......................................................................................................................80
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
4
AboutthisdocumentThisguideprovidesinformationabout:
• SonianArchiveforE-Mailconcepts,components,andstepstousethearchiveserviceandmanagethesystem.
• SonianArchiveforE-MailAdministrationcomponents.• ConfigurationandadministrationoftheSonianArchiveforE-Mailsystem.
Inthischapter:
• Intendedaudience• Prerequisites• Relateddocumentation• Documentationupdates• Support
IntendedaudienceThisguideisintendedforcustomeradministratorsthatwillconfigureandmanagetheArchiveservicebutwillnothaveaccesstothearchiveddata.
PrerequisitesPrerequisitesforusingthisproductinclude:
• Knowledgeofandfamiliaritywiththeoperatingsystemsofthecomputersystemstobeusedwiththisservice.
• Conceptsandprinciplesofemailarchiving.• KnowledgeofMicrosoftExchange.
RelateddocumentationInadditiontothisguide,pleaserefertootherdocumentsforthisproduct:
• SonianE-DiscoveryAdministrator&UserGuide.• SonianEndUserguide.
TheseandotherSoniandocumentscanbefoundontheSoniandocumentswebsite:
http://sa2help.com/admin/index.htmlor
http://partnerportal.sonian.com
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
5
DocumentationupdatesThe title page of this document contains the document release date. This date changes each time thedocumentisupdatedaccordingtothelatestreleasedate.Tocheckforrecentupdates,ortoverifythatyouareusingthemostrecenteditionofadocument,goto:
http://sa2help.com/admin/index.htmlYoucanalsoreceiveupdatedorneweditionsifyousubscribetotheappropriateproductsupportservice.Fordetails,contactyourSonianArchiveServicesalesrepresentativeandsupportcontact.
SupportYoucanvisittheSonianSoftwareSupportwebsiteat:
https://support.sonian.com/home
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
6
I.IntroductionInthischapter:
• SonianArchiveforE-MailAdministrationGuide• SonianArchiveforE-Maildistributionmodel• Elasticcomputingorcloudcomputing• Well-knownUSandinternationalemailjournalingregulations
SonianArchiveforE-mailAdministrationGuideThisAdministrationGuideexplainsconcepts,identifiescomponents,anddescribesstepstoutilizeandmanagethearchiveservicesystem.Thismanualhasthefollowingobjectives:
• TodescribeSonianArchiveforE-Mailfeaturesandfunctionality• ToidentifyanddefineSonianArchiveforE-MailAdministrationcomponents• TodescribeSonianArchiveforE-Mailconfiguration
Thisguideconsistsofthefollowingchapters:
• Introduction:DescribestheSonianArchiveforE-MailasaSoftwareasaService(SaaS)solution.• NewAccountSetUp:DescribesnewAccountsetupandAccountsettings.• AdministrationDashboard:DefinestheAdministrationDashboardanddescribesitsattributes.• AdministeringUserAccess:Defineshow the SonianArchive for E-MailAdministratormanagesand
viewsuseraccountattributes.• Collectors:DefinesthebasicconceptofCollectorsandfullydescribesvariouscollectormethodsand
types,andproperconfigurationtoretrieveemailmessagesforarchiving.• Settings:Describesmethodsandstepsyoucantaketoconfiguresystemsettings.• Reporting:Describesvariousreportoptionsaboutsystem,user,andcollectoractivity.• ImportingData:Describesbulkimportoptions.• ExportingData:Describesbulkexportoptions.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
7
SonianArchiveforE-MailDistributionModelSonian’sArchiveforE-MailprovidesyouwithsecureHTTPSaccesstoutilizethesystemfore-complianceandoffsite storage of emailmessage. Sonian Archive for E-Mail offers a secure,web-baseduser interface foradministratorstomanagethesystem.The distributionmodel is a Software as a Service (SaaS) solution. The idea of using softwareas a serviceemerged to enable the sharing of end-user licenses in a way that reduced cost and also shifted serverdemandsfromthecustomertothesoftwareprovider.
ArchiveServicedistributionmodel
ThismodelenablesSonian toprovidehostedapplicationservice(s)over the Internet to a licensedbaseofsubscribers. The Sonian Archive for E-Mail is provided on-demand and scales dynamically in an elasticcomputingenvironment.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
8
Elasticcomputing orcloudcomputingThe elastic computing environment is commonly known as cloud computing. Cloud computing refers tocomputingwheresoftware,services,andstorageareprovidedtocustomerson-demandthroughtheInternet.Byleveragingcloudcomputingproviders,Sonianisabletoprovidescalablesolutionsthatgrowaccordingtothespecificneedsofourcustomers.
E-mailarchiveelasticcomputingenvironment
Thismulti-tieredapplicationexploitselasticcloudresources(webservers,storageindexesanddatabases,theEnterpriseServiceBus,RAIDarrays,andpermanentdatastorage)toprovideubiquitouseconomiesofscale.SonianArchiveforE-Mailbenefitsare:
• Scalability• Redundancy• Automatedprovisioning• Flexibility• Lowtotalcostofownership(TCO)
TheSonianArchiveforE-Mailarchitecturefeaturesamulti-tenantbackendandweb-basedfrontend.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
9
II.NewAccountSetUpInthischapter:
• Soniantasks—creatingyournewaccountandAccountOwnerAdministrator• FirstemailnotificationoflogincredentialsandURL• Customertasks—Logginginandconfiguringtheaccount• Modifyingaccountsettings• Billinginformation(read-only)
Whenyourcompanyisreadytosetupyournewaccount,Sonianwillinitiatetheprocessbycreatingageneralaccountaswellasthefirstaccountuser,knownastheAccountOwnerAdministrator.Uponcompletion,thearchivesystemwillsendyoulogincredentialsaswellasyourloginURL.Thenyouwillfollowtheseriesofstepsdescribedinthischaptertocompleteyouraccountsetupprocess.This chapter, New Account Set Up, covers those aspects of getting started having to do with accountconfiguration.ReferalsotoAdministeringUserAccessandCollectorsforotheressentialsetuptasks.PhonetrainingavailablebyrequestSonianprovidesdocumentationandvideostohelpemailadministratorssetupthisarchiveservicequicklyandeasily.However,shouldquestionsarise,youarewelcometorequesta90-minutephonetrainingsessionfromSonian.Duringthephonecall,youwillgetabriefoverviewofeachtaboftheadministrationmodule,aswellastroubleshootingsupportrequiredtogetthecollectorsrunningproperly.
Soniantasks-creatingyournewaccountandAccountOwnerAdministratorSonian pre-sales and support staff will work with you to gather the information needed to create yourcustomeraccountandthefirstaccountuser,knownastheAccountOwnerAdministrator.InformationrequiredbySoniantocreateyournewaccountandAccountOwnerAdministratorTocompletethenewaccountsignupprocess,Sonianwillgatherthefollowinginformation:
1. AccountOwnerAdministratorinformationa. Usernameb. Passwordc. Firstandlastnamed. Emaile. Phonenumber
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
10
2. Accountsiteandnameinformationa. Sitenameb. Displaynamec. Accounttyped. Numberofuserse. Address
3. Emailsystemsinuse
a. Exchangeb. HostedExchange
Customertasks—Logging inandconfiguring theaccountNavigatetotheloginURLindicatedintheinitialemailnotification toaccesstheloginscreen.
Loginscreen
Entertheusernameandpasswordspecifiedbytheinitialemailnotification,thenclickLogin.NOTE:Forsecuritypurposes,youwillberequiredtochangetheAccountOwnerAdministratorpasswordthefirsttimeyoulogin.
AbouttheAccountOwnerAdministratorroleAt this stageof theprocess,youhaveaccess to theAccountOwnerAdministrator role.OnlyoneAccountOwnerAdministratorexistssystem-wideandistheonlyuserwhomayviewandmodifyaccountinformation.TheAccountOwnerAdministratorcanbereassigned,anditcannotbedeleted.NOTE:ToreassigntheAccountOwnerAdministratorrole,theremustbeatleastoneotheruserwithAccountAdministratorpermissionsinthesystem.FromtheAccounttab,selectauserfromtheAccountownerdrop-downlist.OnlythoseuserswithAccountAdministratorpermissionswilldisplayinthedrop-downlist.
TheessentialjoboftheAccountOwnerAdministratoristotakeresponsibilityfortheaccountlevelsettingsandconfigurations,aswellastocreateothersystemusersasneededwiththeirrespectiveuserpermissions.See,AdministeringUserAccess,formoreinformationaboutuserrolesandpermissions.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
11
ModifyingaccountsettingsAfter logging in as Account Owner Administrator, click the Admin link to navigate to the AdministrationDashboard. Select the Account tab. (Note that only the Account Owner Administrator has access to theAccounttab.Nootheruserswillbeabletoseeit).TheAccountSetupAccountOwnerfielddisplaystheinitialAccountOwnerAdministratorinformationenteredbySonianduringthesetupprocessforyourarchiveservice.TheAccountOwnerAdministratorcanmodifythisinformationifdesired.YoucanselecttheAccountownerfielddrop-downboxtoreassigntheAccountOwnerto anotheruserwith administratorpermissionsafter additional user administratoraccount(s)are created.(SeeAdministeringUserAccess for informationonuserconfiguration.)ClickUpdateaccounttoapply youredits.TheAccountSetupSiteNamefielddisplaystheinitialsitenameenteredbySonianduringthesetupprocessforyourarchiveservice.TheSiteNamefieldcanbemodifiedbyenteringanewvalue.IfyoumodifytheSiteNamefieldandclickUpdateaccount,thearchivesystemappliesthechangeandimmediatelydisconnectsallactivesessions.ThisactionrequiresuserstologinagainandestablishanewSSLsessiontothenewlycreatedHTTPSURL.Furthermore,informallyourendusersofthenewAccountSiteURLifenduseraccessisenabled.EndusersmaywanttoupdatetheirbookmarksTheEmailsysteminuseoptionsallowselectionofemailsystemsforarchivalduringtheNewAccountSignUpprocess.Itispossibletomodifythisconfigurationbyselectingordeselectingtheavailableoptions.IfforsomereasonSonianhasnotalreadyenabledtheserviceonthebackend,thefollowingerrormessageappears:
Theconnectionwasrefusedbyafirewallortheserver.PleasecheckIP/DNS,portandfirewallrulesandtryagain.Verifythatyoursecuritysettingsarecorrect,contactSoniantoensurethatyouhaveidentifiedemailsystemsinusetobearchived,andthatSonianenablesthemonthebackend.ClickUpdateaccounttoapplyanyeditstotheAccountattributes.Setthetimezone forthearchive systemThenextaccountconfigurationtaskistoassignyourTimezonestipulatedinGreenwichMeanTime(GMT).FromtheSettingstab,selecttheappropriatetimezonefromtheTimezonedrop-downlist,thenclickUpdate.MyDomainsandOrganizationsThearchiveservicehasafacilityforyoutorecordthedomain(s)thatyouareperformingarchivingfor.Thepurposewillbetoprovidefuturereportingstatisticswithintheservice.Enablement of the feature is accomplished via sign-up of the archiving services, can be applied to theindividual account by the AO role user or for theOEM's andPartnersmanaging customers accounts viaanAPIcallifRESTAPIintegrationhasbeenaccomplished.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
12
RegisteringyourdomainthroughyourArchivePortalTheACCOUNTtabisthelocationforthedomainregistration.Logontotheindividualarchiveaccount;navigatetoAdmin->Accounts.Scrolldownthepageuntilyoulocate'MyDomainsandOrganizations'.Enteryourdomain;selectthe'Add'toprovideadditionaldomains.Oncecomplete,pressthe'UpdateAccount'buttonatthebottomofthepage.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
13
ConfiguringAccountSubscription,Options,andLogo
Accountsubscription,Options,andLogo
TheAccountSubscription,Options,andLogopageisdisplayedabove.AccountSubscriptiondisplayscustomeraccountsubscriptionattributes.AccountStatusandPayment,Extras,andOptionsattributesaremaintainedbySonianbasedonyoursubscriptionterms.ContactSoniantomodifyserviceifdesired.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
14
SubscriptionstatusandPayment
Status:ThearchiveservicedisplayscustomeraccountstatusifenteredbySonianthroughthebackend;fieldoptionsareTrial,ExpiredTrial,PaidCustomer,andDemo.Customersince:Thearchiveservicedisplaysday/month/yeardatewhenacustomersubscribesifenteredbySonianthroughthebackend.Renewal date: The archive service displays day/month/year date when customer renews theirsubscriptionifenteredbySonianthroughthebackend.Payment Status: The archive service displays customer account payment status if entered by Sonianthrough the backend; field value options are: Expired Trial, Past due, Invoice sent, Paid in full, Trial,Demo.Organizationtype: Available selectionsare Commercial,Non-Profit, Education,andGovernment.Thisdatapointisforinformationalpurposesonly.Organizationusers: Enter the numberof organizationalusermailboxes archived.Thenumberofusermailboxesarchivedshouldmatchthenumberoflicensespurchased.Thisfieldisusedforreportbillingtoindicatetheupperlimityouwishtosetonyourusage.Thenumberyouenterforthisfieldshouldreflectthecapacitythatyouintendtouse.Itiscurrentlyreportedbutnotenforced.
Subscriptionextras
Historicalcollection:ThearchiveservicehasbeenenabledforthecollectionofhistoricalemailfromyourGroupWise environment. The system will allow historical collection of emails from your active postoffices.Datamigration:Theservice is enabledto import legacyemail fromamail systemor fromapreviousarchiveservice.ContactSonianformoredetails.GlobalRAID–Multiple copies: Thebase subscription to thearchive service includes storageateightphysicallyseparatedatacentersintheUnitedStates.GlobalRAIDaddsfouradditionaldatacentersforextraprotection.Enduseraccessenabled:Thearchiveservicedisplays'enduseraccessenabled'asYesorNo,assetbySonianthroughthebackend.YesmeansendusersmayaccesstheirpersonalarchivethroughMyArchive.Ifno,endusersmaynotaccessMyArchive.
OptionsSelectapplicablecheckboxestoenablethearchiveservicetointegratewiththirdpartyemailserversoftware,clientsoftware,andcompliancecapabilities,orprovideenduserswithHTTPSaccess.Optionsare:
EnableGroupWiseserverintegration:SelectthischeckboxtoenableGroupWiseintegrationwithyourGroupWiseserver. EnablePOP3integration:SelectthischeckboxtoenablePOP3integrationwithyourMicrosoftExchangeserver.
Heidi Fischer� 9/9/15 12:43 PMComment [1]: Whatarewesupportinggoingforward?IsLotusLivewhatwearestillingcallingit?
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
15
Enable SMTP integration: Select this checkbox to enable SMTP integration with your (MicrosoftExchange)mailserver.EnableNSFintegration:SelectthischeckboxtoenableLotusLiveintegrationwithyourLotusLiveserver.Enable Lotus On-Premise Collection: Select this checkbox to enable the Lotus Domino collectorconfigurationpage.EnablePhyscialMediaandS3Imports:Selectthischeckboxtobeabletogenerateimportsjobsfromtheadminsectioninthearchivesystem.
Enablecomplianceedition:Select thischeckbox toenableRandomsearch, searchalert,andallowtoexporttwicethestandardamountofdatainasingleexport. Enable end user access to the archive (required for LDAP authentication): Select this checkbox toenableenduserstoconnecttothearchiveservice. EnableOutlookClient integration:Select this checkbox to enable integrationwithMicrosoftOutlookClients.
Passwordexpiration:Enterthenumberofdaysafterwhichpasswordsexpire.Leavingitblankorsetat0meansthatyourpasswordwillneverexpires.Intrusionlock:Stipulatethenumberoffailedloginattemptsthattriggersanaccountlockout.Availableselectionsare:
• Off(disabled)• 3• 5(default)• 7• 10
Accountlockedfor:Stipulatetheamountoftimethatauseraccountwillbelockedifintrusionchecksfail:
• Indefinite(adminmustenable)• 15minutes• 30minutes• 60minutes
Anyuserrolecanpotentiallyget lockedout. IfanAccountOwnerAdministratorbecomeslockedout, theycan:1) Log inafter theconfigured account lockperiodhasexpired;2)Requestapasswordreset fromtheinitialloginpage;3)UnlocktheAccountOwnerAdministratorbygoingtotheUserstabandselectingtheeditlinknexttothelockedoutuser.
Usingyourcompany’slogoYoucanuploadyourcompany’slogobyclickingtheChooseFilebutton.ThelogomustbeeitherPNGorJPEGformatandbe200pixelswideor less.ThecompanylogodisplaysontheinitialHTTPSURLatlogon,ontheAdministrationAccountUI,andontheAdministration,Search,andMyArchiveDashboards.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
16
Billing information (read-only)Theread-onlybillinginformationformiscollectedandenteredintothearchiveservicebySonianforyourreferenceonly.
Accountsetupbillinginformation
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
17
III.AdministrationDashboardInthischapter:
• AdministrationDashboardstatistics• CompanyLogo,RecentLogins,Workstream• Whatyoucandofromhere
In this chapteryouwill learnhowtouse theAdministrationDashboard.Theobjectivesare to identifyanddefinethefollowingDashboardattributes:
• Statistics• Logo• RecentLogins• Workstream
TheAdministrationDashboardisbasedonthesoftwareindustrystandardinwhichadashboarddisplayskeybusinessinformationthatcanbeviewedataglance.
ArchiveAdministrationdashboard
The Sonian Archive for E-Mail AdministrationDashboard facilitates the ability to view and quickly accesssummary Statistics, most recent People login(s), handy 'What you can do from here' hyperlinks, andworkstreamRSSfeeds.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
18
AdministrationDashboardStatistics
Administrationdashboardstatistics
DashboardStatisticsdisplaysummarymetricsforallemailarchivalactivity,providingasnapshotofthelatesthistoricalsystemdatapoints,including:System-widedatapoints:
• Messageinarchive-thetotalnumberofarchivedmessages• Attachmentsinarchive–thetotalnumberofarchivedattachments• Approximatesize–GB,MBs,orKBsofmessagedatastored• Approximateindexsize–GBs,MBs,orKBsofindexedmetadatagenerated
Lastcollectiondatapoints:
• Messages–thetotalnumberofmessagesarchivedduringthelastcollection.• Approximatesize–GBs,MBs,KBsofindexeddataduringthelastcollection.• Approximateindexsize–GBs,MBs,KBsofindexedmetadatageneratedduringthelastcollection.
ThestatisticsalsoprovidesasnapshotofuserstatisticsforLDAP-enabledorganizations,including:
• Totalusers–ThetotalnumbersofLDAP-enabledusers• Mostrecentlogin–themostrecenttimeatwhichauserloggedintothearchiveviaLDAP.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
19
Company,Logo,RecentLogins,Workstream
Administrationdashboard,Companylogo,Recentlogins,Workstream
TheabovefiguredisplaysthefollowingAdministrationDashboardcomponents:COMPANYLOGOappearsintheupperright-handcornerbydefault.Touploadyourlogo,clickon“Clicktouploadyourlogo”whichwillsendyoutotheaccounttab.Then,browsetolocate,thenupload.LogoimagesmaybePNGorJPGformatandmustbelessthan200pixelswide.RECENTLOGINSdisplaysthefirstandlastnamesofuserswhohaveloggedinsuccessfullyandthedurationsincetheirlastlogon.Clickausernametolinktothatuser'saccountsettings.
WORKSTREAMprovidesthreeconvenientlinkstoviewanRSSfeedofsystemactivityorevents,andonelinkpostsmessagesfromSonian.Subscribetothewebpageasa feedusingRSSLiveBookmarks,Bloglines,MyYahoo,Google,orotherapplications.
• Status and events - displays account sign up, user account locks, bad password logon attempts,searchaccess,collectionevents,searchevents,andmore.
• Accountmessages-displaysmessagescreatedbySonianforyouatyourloginscreenordashboard.• Collections-collectionIDdatestamp,size,andlinktoCollectionHistorypage.
NOTE:IfyouareviewingtheSearchDashboardratherthantheAdministrationDashboard,youwillnotseetheCollectionslinkunderWORKSTREAM.However,allthreelinkswilldisplayifyouareviewingtheAdministrationDashboard.ThisselectionismadefromtheSettings>YourSettings>General>Defaultpagedrop-downmenu.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
20
Selecting thedefaultpage fromthesettings drop-downmenu
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
21
Whatyoucandofromhere
Administrationdashboard:Whatyoucandofromhere
Theabovefiguredisplaysthe'Whatyoucandofromhere'navigationpanethatprovideshyperlinkstothefollowing:
• Viewquickinstructionalvideosonhowtoadministeryouraccount• Manageyouraccount• Manageyourusers• Manageyourdatacollectors• Yourcommentshelpusgreatly.Pleasegiveusfeedback.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
22
IV.AdministeringUserAccessInthischapter:
• Userstab• Creatinguseraccounts• Enablingenduseraccesstothearchive• Requestinganewtemporarypassword• Modifyinguseraccounts
In this chapter you will learn how to manage user access to your archive service. The objectives of thischapterare:
• Identifyuserattributes• Defineuserpermissions• Describecreationandmanagementofusers
TheUserstabprovidesadministratorswiththeabilitytocreate,manage,andviewuseraccountpermissionsandattributes.
Userstab
Userstab
LoginasAdministrator.SelecttheAdminlink,thentheUserstabtodisplaytheUserspage.Filteringtheuserslistdisplay
Filteruserslistdisplay
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
23
YoumayfiltertheuserlistbyaccounttypebyclickingAll,Admins,Searchers,orEndUserslinks,orenterusernamein'FilterUsername'field.
• Administrator accountsmay configure and audit the system, users, and collectors, view statistics,andcreateandexportreports.
• SearchersareEndUseraccountsthatincludeatleastonesearchcapability.• Forexample,ifyourarchiveserviceaccountchosethe‘enableenduseraccesstothearchive’option,
yourendusershave the low-levelability tosearch theirownmessagearchives.TheSearchAdminPlusaccountshavemoreabilities;theycancreate,edit,run,anddeletesearches.Theycanalsorunreports.
• Ifyouchosethe‘enableenduseraccesstothearchive’option,EndUseraccountsmayaccesstheirpersonalmessagearchive.Thereisnolimittothetotalnumberofusersthatcanbecreated.
Creating useraccountsThearchiveservicefeaturesthreemethodstocreateEndUseraccounts:
• Methodone:addusers• Methodtwo:creatingusersinbulk• Methodthree:newuserself-registration
Addusers
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
24
Methodone:addusersClickAdd User todisplaytheNewUserpage.
1. Username:TypeintheusernamelabelthattheEndUserwillusetologin.TheUsernamemustbeuniquetoyourarchiveserviceaccount.
2. Firstandlastname:Typeinuser'sfirstandlastname.3. Email: Type in user's email address. The primary email address must be unique to your archive
serviceaccount.4. Email(confirm):Typeinuser'sprimaryemailaddressagaintoconfirm.5. Temp. password: Type in a temporary password. By default, the password must be at least 8
alphanumericcharacterswithaminimumofthreenumbers.Uponfirstlogin,thearchiveservicewillprompttheEndUsertostipulateanewpasswordfortheiraccount.
Additionalemailaddresses
6. Addemailaddresses:ClicktheAddemailaddress linktoassociateadditionalemailaddresseswiththisuser’saccount.Thearchiveservicesendsanemailnotificationtotheemailaddresswithalinktorespondandverifynewaddress.Remove linkappearstoremoveanadditionalemailaddressonceentered.
EndUserscanalsoassociateadditionalemailaddressestotheirpersonalaccountsviatheirSETTINGS.Yourarchiveservicewillcompareemailaddressesenteredagainstyourpoliciesandsettings.Permissions(Selectcheckboxtoassignpermissions)
Account Owner (AO) - As stated previously, the Account Owner Administrator (AO) is a singularlyuniqueaccountadministratorrolecreatedduringNEWACCOUNTSIGNUP.Thearchiveserviceassignsmaximum permissions to the Account Owner. An Account Owner may create, edit and delete useraccounts, edit account attributes, and modify all system settings. There may be only one AccountOwnersystem-wide.ToreassigntheAccountOwnerrole,navigateto theAdministrationAccount tabandtoggletheAccountOwnerdropdownboxtoassignAccountOwnerstatustoanotheradministrator.
NOTE: AccountOwnerpermissioncannotbeawardedto anewuserwhile creatingtheuser.TheAccountOwnercanonlybechangedfromtheAdministrationAccounttaboncetheuserhasalreadybeencreated.
Account Administrator (AA) - Account Administrator permissions allow the ability administer yourarchive service system. Account Administrators may create and edit user accounts and systemcollectors,modifysystemsettings,andexecutereports.SearchAdmin Plus (SAPlus) - Search Administrator Plus permissions include SearchUser and SearchAdministratorspermissionsplusabilitytoaccessthearchivereports,andretention-policysettings.Search Administrator (SA) - Search Administratormay create,manage and execute searches; assignuseraccesstoagivensearch,andexportsearchresults.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
25
Search User (SU) - Search User permissions allow 'access', 'change scope' and 'export' of existingsearchesasassignedbytheSearchAdministratortotheSearchUserforagivensearch.ItisasupportroletotheSearchAdministrator.SearchUsercannotcreateordeleteasearch.
EndUser(EU)-EndUserpermissionsallowindividualstoaccesstheirpersonalarchiveddata.
Additionalcontactinformation andaccountoptions
Addnewuser-Additionalattributes
Thefigureabovedisplaysadditional,optionaluseraccountattributesasfollows:
1. Organizationfieldisalabelofyourchoosingtoqualifyaccount,forexample,EASTorWEST.
2. Phonefieldisforaphonenumber.
3. Faxfieldisforafaxnumber.
4. ExpireDatefieldstipulatesexpiryvalueinthedatabaseforthisaccountandarchiveservicedeniesloginaccessonorafterthatdate.Clickcalendarapplettosetdate.ClickCleartocleardate.Youusethis setting to provide temporary access to users, for example, a sales engineer that periodicallyreviewssystemconfigurationduringfirst60daysofsubscription;orlegalcomplianceconsultantthatcreatesexecutesandexportssearchresults.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
26
5. Accountdisabled,whenchecked,disablesenduseraccesstotheiraccount.
6. IntrusionDetectionisenabledbydefault.TheAccountOwnersetsan'IntrusionLock'valueforyourarchiveserviceontheAdministrationAccounttab.IntrusionLockvaluesarenone,3,5(default),7,and10. Logonattempts thatexceed 'Intrusion Lock' value lock theuser's accountand thearchiveserviceloginpagedisplays'YourAccounthasbeenlocked.’
7. AccountLocked,Accountislockedwhenchecked;accountisnotlockedwhenunchecked.Deselect
thischeckboxtoclearauser'slockedaccount.
8. Disablepasswordrecovery,whenchecked,preventsauserfromrequestingapasswordresetfromthelogonscreenthroughemail.
9. Disable Outlook Integration uniquely disables Outlook integration for this user account even if
enabledsystem-wide.Forexample,youmaywishtodeployOutlookintegrationtoasubsetofusersduringanincrementalrollout.
Welcomemessage
Welcomemessage
ThelastportionoftheNewUserpageisforawelcomemessage.Thewelcomemessageisoptional.Thereisaconfigurabledefaultmessagethatcomespre-populatedintheDefaultmessagetextarea.Additionally,using theCustomtext field,you canenteramessage tailored for newuserswithanyspecialmessageorcommunicationthatyouwanttoprovidetothem.Topreventthewelcomemessagefrombeingsent,selectthecheckboxforDonotsendwelcomemessage.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
27
Methodtwo:creatingusersinbulkLoginasAdministrator,selectAdminlink,andUserstabtodisplayarchiveserviceUserspageandclickBulkCreateEndUsers.
Userstab
Createusersinbulk
Togeneratemultipleenduseraccountsinbulk,clickthe'DownloadCSVfiletemplate'.NotetheCreateUsersinBulkUIdisplaysasampleheaderformatandtwouserentries.Aflat,comma-delimitedfiletocreateusersin bulk is a common, industry-standard tool. Enter each user’s field values for your archive service.Instructionsonhowtofilloutthetemplateareincludedinthedownload,too.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
28
Method three:newuserself-registrationThearchiveservicefeaturesthreemethodstocreateenduseraccounts.Thefirst two,'AddNewUser'and'CreateUsersinBulk'arepreviouslydescribedearlierinthischapter.ThethirdoptiontocreatenewEndUseraccountsit toallowuserstoself-registerandgainaccessto theirpersonalarchiveaccount.Forsecuritypurposes,configureyourarchiveserviceSettings-EndUserAccessRulestoexplicitlyallowonlyyourcorporateSMTPaliasestocreateenduseraccounts.SeetheSettingschapterformoreinformation.
Newuserself-registration
Bydefaultthearchiveserviceprovidesaself-registrationHTTPSURLintheformatof:
https://<instancename>.Sonianarchive.com/user/signup/new.UsersenteraUsername,firstand lastname,emailandemailconfirmationto self-registerandclickCreatenewuseraccount.Aspreviouslydescribed,usernameandemailaliasmustbeuniquesystem-wide.Iftheenduser enters a duplicate username or email address the archive service UI displays the appropriate errormessage.
Yournewaccounthasbeencreated
Afteranenduserself-registerssuccessfully,thearchiveserviceimmediatelyacknowledgesaccountcreation.Also,aconfirmationemailissenttothestipulatedemailaliaswithanHTTPSURLenclosed.TheEndUsermustsuccessfullynavigatetotheHTTPSURLtoactivatetheirnewlyregisteredaccount.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
29
EnablingenduseraccesstothearchiveIfyouarecreatingenduseraccountsoneatatimeorinbulk,ensureenduseraccesstoyourarchiveserviceisenabled.
Enableenduseraccess
First, configureyour archive service to enableend user access to your system. Log on as Account OwnerAdministratorandnavigatetoAdministratorACCOUNTOPTIONSpage.IfyousubscribedwithSonianforenduseraccess'Enduseraccessenabled'attributedisplaysYes.If 'Enduseraccessenable'displaysNo,contactSoniantoaddthisfeature.Then,selectyourAccountOptions'Enableenduseraccesstothearchive(requiredforLDAPauthentication)'checkboxtopermitenduseraccess.Itisdisabledbydefault.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
30
RequestinganewtemporarypasswordThe archive service provides an HTTPS URL, in the format ofhttps://<instancename>.Sonianarchive.com/reset/new, for administrators to offer to users who cannotremembertheirpassword.
Requestanewtemporarypassword
UsersnavigatetotheResetmypasswordpage,andentertheirarchiveserviceemailaddress.Thearchiveservicesendsanemailmessagewiththeuser'sexistingpasswordstating:
Hello <username>, The system administrator has updated your account. Your user name is <username>. Your new temporary password is <existing_password>. Please change your password on your next login. Your login location is https://subdomain.archiveserviceprovider.com>
UsersfollowinstructionsandnavigatetotheirarchiveservicedefaultHTTPSURLandloginwiththeirexistingpasswordandareimmediatelypromptedtochangetheirpassword.
ModifyinguseraccountsTheAccountOwner(AO)andAccountAdministrator(AA)havetheability,atanypointintime,tomodifythearchiveusers’accounts.Pleaserefertothe“Creatingusersaccounts-Methodone:addusers”sectiontoeditanyofthebasicinformationrelatedtoanarchiveuser’saccount.
AddanemailaddressYoucanprovideanadditionalemailaddressforyourarchiveusers.Byaddinganemailaddressintheblankfield,youimplythatyouwantmessages(andtheirassociatedattachments)fromtheaddedemailaddresstobecollectedandarchived.TheywillbeavailablefromtheE-Discoveryinterfaceaswellasintheenduser'spersonalMyArchive(ifenabled).
1. Register an additional valid email address associated to a user'smailbox by adding the completeaddressandclickingthebutton"Addemailaddress",asillustratedbelow.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
31
2. Thearchivewill verify theemail address against a control list and thearchiveuserwill receiveanemailtothataddressrequiringfurtherverification.Theuserwillhavetofollowtheinstructionsonthatemailandclicktheuniquelinktoactivatearchivingforthatemailaddress.
EditUser-Addinganemailaddress
Editing/deletinganemailaddress
1. Youcanedit registeredemailaddresses forarchiveusers.Editanemailaddressbyclickingon the"Edit"buttonnexttothedesiredemailaddress.Whenyouaredoneeditingtheemailaddress,clickonthe"Save"buttontoconfirmthemodificationyou'vemade.
AnemailconfirmationwillbesenttotheAccountAdministrator(AA)forverificationandapproval.Theemailaddresswill be verified against a control list and the userwill receive an email to that address requiringfurtherverification.Theuserwillhaveto followthe instructionsonthatemailandclick theunique link toactivatearchivingforthataddress.
2. Youcandeletearegisteredemailaddressforarchiveusers.Deleteanemailaddressbyclickingonthe"Delete"buttonnexttothedesiredemailaddress.Apopupwindowwillpromptyoutoconfirmyouraction.Clickon"OK"tovalidateyouractionanddeletetheemailaddress.
EditUser-Edit/deleteanemailaddress
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
32
V.CollectorsInthischapter:
• Non-mailitemsarchivedconditionally• Draftanddeleteditems• MicrosoftExchangeenvelopejournaling• Workingwithcollectors• AddingPOP3JournalMailboxCollector—ExchangeJournal• AddingSMTPcollectorandtrustednetwork—ExchangeSMTP• SMTPandencryptionasabestpractice• POP3securitywithSSLasabestpractice
Thischapterhasthefollowingobjectives:
• TodescribethebasicconceptofCollectors.• ToidentifyanddefineCollectorsweb-basedUserInterfaceattributes.• TodescribeallCollectortypesandconfigurationoptions.
Collectorsgatheryourdataforarchivestorage.ThebasicconceptofCollectorsis tocollectemailmessagesandattachmentsfromyourMicrosoftExchangeemailsystemsforarchiving.Todeterminethestepsnecessarytosetupyourarchiveservicecollectors,considerthesetwoquestions:
1. Whereismyemailsystemlocated,customerpremiseequipment(CPE)orhosted?2. WhattypeoftransportmechanismdoIwanttousetoarchivemail,POP3orSMTP?
EmailArchiveSaaSandConnectorsDiagram
Thefigureaboveillustratesthreescenariosthatanswerthetwoquestionsposed.ItshowsSonianArchiveforE-Mailcloudwithredundant,loadbalancedarchivesystemsandconnectorstothefollowingmailsystems:
1. SMTPhostedMicrosoftExchangeEnvelopeJournaledmailbox2. SMTPcustomerpremiseequipment(CPE)MicrosoftExchangeEnvelopeJournaledmailbox3. POP3CPEMicrosoftExchangeEnvelopeJournaledmailbox
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
33
Conceptofcollectorspushandpullmethodologies
The figureabove illustratestwocollectormethodspossibleforretrievingemail,POP3orPull,andSMTPorPush. The solid line shows the direction of the initial collector connection established to retrieve emailmessagesandthedottedlineshowsthedirectionoftheretrievalofarchivedmessagesbythecustomerfromthearchivecloud.PullmethodThearchiveserviceisconfiguredwithaPostOfficeProtocol3(POP3)Collectorthatinitiatesaconnection,atmidnightGMTbydefault,tothesourceemailserverandpullsallmessagesfromtheconfiguredfolderstothearchivesystem.ThetimingoftheconnectiontothesourceemailservercanbechangedbySonianSupporttomeet your requirements. This pull method utilizes POP3 IETF standard specifications and is used by thearchiveserviceforallplatform-specificcollectors,exceptSMTP.PushmethodThesourceemailsystemisconfiguredtopushenvelopejournaledemailmessages toauniqueSimpleMailTransferProtocol(SMTP)addressonthearchivesystem.Thetimetoinitiatetheconnectionisconfiguredonthesourceemailsystem.ThispushmethodutilizesSMTPIETFstandardsandisusedbythearchiveserviceforallSMTPCollectors.SMTPcollectorscaningestandarchivemessagesupto75MBbydefault.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
34
Non-mailitemsarchivedconditionallyNon-mail items, such as tasks and calendar items, do not get collected if there is only a single personinvolved.Whennon-mail itemsarecreated,thearchive servicecollectordoesnotarchivethem if it isnotbetweentwoormorepeople.Specifically,ifacalendaritemisrelevanttoonlyoneperson,itisnotarchived.Ifnon-mailitemsinvolvemultipleparties,thentheyarearchived.
DraftanddeleteditemsDraftanddeleteditemsarenotexplicitlycollectedevenwhenyoumayhaveselectedthoseoptionsinthearchiveservice.BydefaultthejournalmailboxisequippedwithaDraftandDeletedItemsfolder.However,throughnormaladministrationofajournalmailbox,nojournalitemsshouldbeplacedintheDraftandDeletedItemsfolder.POP3ProtocolasitrelatestodraftanddeleteditemsBecauseofPOP3’sprotocol,ifyoudeleteaniteminyourInboxbyselectingitandpressingtheDeletebutton,orbyright-clickingitandselectingDelete,itisnowintheDeletedItemsfolderanditismarkedfordeletion.Whereas if you drag an email from your Inbox into the Deleted Items folder, the email is not actually“marked”fordeletionasfarasPOP3isconcerned.IfyoudragadraftitemfromyourInboxintotheDraftfolder,thearchiveservicewouldcollectandarchivethat. A work in progress email that has not been sent is in a work in progress status and would not becollected.Itemswith a deleted status that are in the Deleted Items folder, or itemswith a draft statuswill not becollected.Bydefault,thearchiveservicedisplaysthefoldersforCalendar,DeletedItems,Inbox,Drafts,andSentItems.CPE(customerpremiseequipment)MicrosoftExchangePOP3exampleOneorganization’suniqueandsecurevirtualstackisconfiguredwithaPOP3CollectorthatcollectsmailtobearchivedfromtheMicrosoftExchangeserverlocatedonsiteattheorganization.MicrosoftExchangeSMTPexampleAsecondorganization'suniqueandsecurevirtualstackisconfiguredwithanSMTPCollectorthatcollectsmailtobearchivedfromtheorganization'shostedSMTPserver,co-locatedintheorganization’sSonianArchiveforE-Mailcloud.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
35
Microsoft ExchangeenvelopejournalingMicrosoft Exchange 2010/2013/Exchange Online (Office 365)utilizes Envelope Journaling. The concept ofEnvelopeJournalingistoprovideacompanyororganizationwithamethodtoenforcepoliciestocomplywithregulationsregardingemailcommunication.Ajournalingagentmonitorsemailtrafficforagiveninformationstoremailboxandallemailmessagesarecopiedtoanenvelopejournaledmailbox.TheenvelopejournaledmailboxisconfiguredtoconnecttothearchiveservicethroughSMTPforarchivingandtherebycapturesanduploads all email communication for forensic analysis if required, or any search function, through SonianArchiveforE-Mail.
MicrosoftalsooffersanoptioncalledMicrosoftExchangePremiumjournaling.WithPremiumjournaling,itispossible to perform more granular journaling with journal rules. This option allows an organization toconfigure journalingto capture individualrecipientsormembersofdistributiongroups.Refer toMicrosoftExchangedocumentationformoreinformationaboutthisoption.
Please refer to the selected linksbelowfromtheMicrosoftTechNetExchange ServerTechCenterformoreinformationonhowtoconfigureExchangeEnvelopeJournalingandSMTP.NOTE:
• WhenSMTPjournalingisused,thearchivedoesnotmaintainfolderinformationforarchivedemails.• SMTPjournalingwillcollect,ingest,andarchiveemailsupto75MBinsizebydefault
JournalingandMicrosoftExchangeServer2010SP2,MicrosoftExchangeServerSP3
Understandingjournalinghttps://technet.microsoft.com/en-us/library/aa998649(v=exchg.141).aspxCreateandconfigureaJournalingMailboxhttp://technet.microsoft.com/en-us/library/bb124985.aspxUnderstandingjournalinginamixedExchange2003andExchange2010environmenthttp://technet.microsoft.com/en-us/library/aa997918.aspx
JournalingandMicrosoftExchangeServer2013
Journalinghttp://technet.microsoft.com/en-us/library/aa998649.aspxManagejournalinghttps://technet.microsoft.com/en-us/library/jj651670(v=exchg.150).aspx
JournalingandMicrosoftExchangeOnline(Office365)
Journalinghttps://technet.microsoft.com/en-us/library/jj898487(v=exchg.150).aspxManagejournalinghttps://technet.microsoft.com/en-us/library/jj651670(v=exchg.150).aspxConfigureJournalinginExchangeOnlinehttps://technet.microsoft.com/en-us/library/dn781273(v=exchg.150).aspx
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
36
WorkingwithcollectorsAccountownerandaccountadministrator rolesThe only two user roles that have permissions to configure Collectors are Account Owner and AccountAdministrator. Users with one of these roles can configure Collectors through the archive serviceAdministratorCollectorsUI.
DefaultAdministrationcollectorsUI
ThefigureabovedisplaystheSonianArchiveforE-MaildefaultCollectorsHTTPSUserInterface.ThedefaultCollectorsHTTPSUserInterfacelistsallpreviouslyconfiguredAvailableCollectors.Toquicklyviewagivenmailbox,enterthemailboxnameintheMailboxnamefieldtodynamicallyfiltertherecordsetbeingdisplayed.Toeditagivenmailbox,clickitsassociatedEditlinktoitsright.Tocreateanewcollectorwithitsassociatedconfigurations,clicktheappropriatebutton.Theproperstepstoconfigureeachcollectortypeareexplicitlydelineatedlaterinthischapter.
• AddPOP3JournalMailboxCollector-ExchangeJournal• AddSMTPCollector
Toviewthecollectionhistoryofallcollectors,clickCollectionHistorytodisplayeachcollection'sCollectorID,thenumberofitemsarchives,andtheKBsorMBsofdatacollected.Tomanuallyinitiateacollection,clickCollectNow.Amessagedisplaysat the topof thepagestating 'Yourrequest is queued for processing' by the archive service. The requested collection process initiates inapproximatelyonehourtocollectandingestemailmessagesintoyourarchive.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
37
Accountoptions
ItisimportanttoverifythatyourAccountOPTIONSareconfiguredtoallowthearchiveservicetointeroperatewith theappropriateemailsystemand collectortype. If thearchiveservice isnotenabledto interoperatewith a given email system or collector type the associated GUI button to click does not appear on theCollectorsUI.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
38
AddingPOP3MailboxCollector—ExchangeJournal
AddJournalMailboxcollector—ExchangeJournal
NavigatetothearchiveserviceAdministrationCollectorstabandclickAddPOP3JournalMailboxcollector.TheAddExchangeJournalorStandardJournalpagedisplays.ToaddaPOP3(Exchange)CollectorforMicrosoftExchangemailservers,followthesesteps:
1. PopulateServerNamefieldwithuniquelabelforthismailsystem.2. ToggleIntervaldropdownboxandchooseNightly,Weekly,orMonthly.3. PopulateIP/DNSfieldwithpublicIPaddressorfullyqualifieddomainname(FQDN).4. PopulatePortfieldwithportnumbertoestablishaPOP3sessionfromthearchiveservicetothemail
system.IETFPOP3well-knownportnumbersare110and995;verifyandenterportusedonthemailsystem.
5. SelectUseSSLcheckboxifthemailserverisconfiguredforSSL.6. ToggleAuthenticationMethoddropdownboxandselectMD5ifenabledonthemailsystem.Default
valueisNone.7. PopulateUsernamefieldwithmailboxaccountusernameusedtoauthorizearchiveserviceaccess.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
39
8. Populate Password field with mailbox account username's password to authorize archive serviceaccess.
9. ToggleMaxmessagesizeandselectoneofthesevalues:5MB,10MB,20MB,30MB,40MBs,50MBsor75MBs.
10. (Optional)CheckOptionsInactivecheckboxtotest,abestpractice.Deselectwhenyouarereadytomovefromstagingtoproduction.
11. ClickTestConfiga. Ifparametersarecorrectacongratulationsmessageisdisplayed.ClickAddCollectortoadd
thenewPOP3Collector.ThenewExchangePOP3CollectoristhendisplayedintheAvailableCollectorsUI.
b. Ifparametersareincorrectanerrormessageisdisplayedwithpossiblesolutions.
GoogleAppsandSSLconnectionrequirementWhileconfiguringPOP3onaGoogleAppsinstance,TestConfigissuccessfulonlywhentheportisspecifiedas995andtheSSLcheckboxischecked.GoogleAppsonlyallowsSSLconnections.
AddPOP3JournalMailboxcollectorandavailablecollectorsUIforExchangeJournal
Thefigureabovedisplaysanexampleofan'AddPOP3JournalMailboxCollector’UI.ThefigurebelowshowsanexampleofanewExchangecollectortypedisplayedinAvailableCollectorsUIaftersuccessfullyaddinganExchangePOP3Collector.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
40
AnewPOP3Exchangecollectortypedisplayed
AddingSMTPcollector andtrustednetwork—ExchangeSMTPMakesureyouareloggedinasAccountOwnerAdministrator,thennavigatetoAdministration-ACCOUNT-OPTIONS.
Accountoptions-EnableSMTPintegration
AccountOptionsEnableSMTPintegrationisenabledbydefault.TodisableSMTPcollections,logontoarchiveserviceAdministrationAccountUIanddeselecttheEnableSMTPIntegrationcheckbox.ClickUpdateaccountatthebottomofthepagetoconfirmmodification.ThearchiveservicequeuesandprocessestheSMTPintegrationrequestandautomaticallygeneratesauniquemailboxnamehash.ThemailboxSMTPaddressisthendisplayedontheCollectorsUI.ThemailboxSMTPaliasis the address used to configure Microsoft Exchange Envelope Journaling as the recipient of forwardedmessagesfromExchangeenvelopejournaledmailboxtothearchiveserviceCollectormailboxviaSMTP.WhenSMTPCollectionisenabledforthefirsttime,thefollowingmessageappearsatthetopoftheAccountpage: 'SMTPCollectionisenabledbutyouhavenotaddedanySMTPTrustedNetworks.TheArchivewillnotreceiveSMTPdatauntilyoudefineyourSMTPTrustedNetwork.'
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
41
ConfigureSMTPcollector
1. Click Configure SMTP collector button to begin setup of the archive service to establish SMTPsessionsbetweenthearchiveservicenetworkandorganization'semailservernetwork.
Addtrustednetwork-SMTP
2. ClickAddTrustedNetwork.
NewtrustednetworkIPrange
IntheNEWTRUSTEDNETWORKUIIPRangefieldentertheuniquepublicIPaddressofyourmailsystem,orIPsubnetwork address of the segment where your email system resides, in standard Classless InterdomainRouting(CIDR)IPv4format,e.g.dotteddecimaladdress/#ofsubnetmaskedbits.ClickCreate.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
42
SMTPtrustednetworks
TheabovefigureshowstheSMTPTRUSTEDNETWORKUIthatnowdisplaysthenewtrustednetworkyoujustadded(andanyotherpreviouslyconfiguredSMTPtrustednetworks).NOTE:SMTPcollectionwillcollect,index,andarchiveemailsupto75MBinsizebydefault.
SMTPandencryptionasabestpracticeSonian Archive for E-Mail supports secure SMTPover TLS using STARTTLS.While this is not required, it isrecommendedasabestpractice,andit isavailableforthosewhowishtotakeadvantageoftheadditionalsecurity.By configuring your SMTPsending serverwitha preferenceto SMTP/TLSwhendelivering journalemail,theTCPsessionwillbeencrypted.
POP3securitywithSSLasabestpracticeWheneverpossible,itisrecommendedasabestpracticetouseSSLtoencrypttheconnectionbetweenthearchiveandyouremailserver.IfSSLencryptionisnotpossible,pleaseconsiderusingSMTPinsteadofPOP3.Use SSL certificatescreatedby reputable certificateof authorities (CA) to ensure thebestpossiblesecureconnection.Trytoavoidself-signedcertificatessincetheymaynotpassteststoverifythetrueowner.YoucancreateyourownfirewallrulestoacceptonlyinboundPOP3connectionsfromthearchive'spublishedIPaddressranges.YoucanalsouseNATandportredirectiontoobscureyourpublicPOP3port(110or995)toarandomhighnumber.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
43
AddingSecurePOP3CollectorSecure POP3 journaling is making journaled messages available in a POP3 mailbox that is accessible toSonian'sarchivingprocess.ThePOP3mailboxwillbecheckeddailybySonian’sarchivingprocessformailtoarchive,oncethemailissecurelyarchiveditwillbedeletedfromthePOP3mailbox.SecurePOP3canbeusedtofetchemailwithanyemailplatformsupportingthatprotocol.ThemailsystemwillneedtosupportsometypeofjournalingfunctionalityorthesystemwouldneedtobeconfiguredtoBCCcopiestoamailbox.
WhyuseSecurePOP3Journaling?By configuring SecurePOP3 Journaling, all emails areextracted from the Journalmailboxonyour internalemail server to Sonian. Once Sonian has downloaded all the emails from the Secure POP3 server anduploadedittothearchive,emailswillbeautomaticallydeletedfromtheSecurePOP3serverandSonianwillclosetheconnectiontotheserver.
HowdoIconfigureSecurePOP3JournalingwithExchange?To configure Secure POP3 Journaling, there are multiple configuration steps, which are required in yourExchangeenvironment,aswellasotherchanges,whichneedtobemadetoyourSonianarchivingaccount.Itisimportanttofollowthestepstoensurethatallapplicableemailsarejournaled.Note: To implement Secure POP3S, a valid SSL certificate (public, or in certain instances a self-signedcertificate)isrequired.Sonianstronglyrecommendstheuseofpublictrustedcertificates.BeforeenablingJournalingonyourExchangeserverensurethefollowinghavebeencompleted:
1. CreateanewDedicatedJournalMailboxwithinActiveDirectory.(e.g.SonianJournal)
Note:Ensurethepasswordsettingsareconfiguredtonotexpire,theusercannotchangethepasswordandtheaccountwillnotlockout.
2. SettheMicrosoftExchangeSecurePOP3servicetostartautomatically,starttheservice.
3. Configureyourcompany’snetworkfirewalltoallowport995(encrypted)communicationstotheExchangeservercontainingthejournalmailboxfromthearchiveserviceIPaddress.
4. ConfigureExchangeJournaling:
Exchange2010-ConfigureAuthenticationforSecurePOP3http://technet.microsoft.com/en-us/library/bb124498(v=exchg.141).aspxExchange2013–EnablePOP3inExchange2013https://technet.microsoft.com/en-us/library/bb124934(v=exchg.150).aspxExchangeOnline(Office365)–POP3andIMAP4https://technet.microsoft.com/en-us/library/dn551174(v=exchg.150).aspx
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
44
ConfigureSecurePOP3CollectorintheHostedArchiveServiceTosetuptheSecurePOP3collectorintheArchiveuserinterface,followthesesteps:
1. LoginintoyourArchiveaccountastheAccountAdministrator.
2. SelectCollectorspage.
3. ClickonAddPOP3JournalMailboxCollector(note:ifyoudonotseetheCollectorstab,besureyouareloggedinwithanaccountthathasAdministratorcredentials).
4. Followthestepsdescribedinthescreenshotsbelow.
AddJournalMailboxCollector–POP3
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
45
Toverifythatyourcollectorhasbeensetupproperly,youcanusethePerformPOP3TestCollectionbutton.The featureperformsaSecurePOP3collection,whichwill collect200messagesbutDOESNOTdelete theemailsfromthemailserver.ThisfeaturecanbeusedevenifthecollectorissettoINACTIVE.
ConfigurePOP3Collector–TestCollection
Note:Once successfully configured, theCollectionHistorycounts (buttonunderCollectors tab)will reflectmailcollectedviaSecurePOP3collection,aswellastheDashboardstatisticsunderthe“DataCollectedSinceYYYY-MM-DD”field.
CollectionHistoryCollectionhistoryallowstheadministrator(AOorAA)torunreportsontheemailcollectionactivity.Severaloptionsareavailabletotweakthecollectionreport.Theadministratorcandefine
1. LoginasanAccountAdministratororAccountOwner
2. GototheCollectorspageandclickontheCollectorHistorybutton.
3. SelecttheIntervalandchoosefrom:a. Days (theonly rangesallowedwith ‘Days’areLastWeek,ThisWeek,LastMonth,andThis
Month).b. Weeks.c. Monthsd. Years.
4. SelectthedateRangeandchoosefrom:
e. LastWeek.f. ThisWeek.g. LastMonth.h. ThisMonth.i. LastQuarter.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
46
j. ThisQuarterk. LastYear.l. ThisYear.m. Custom(specifyacustomdaterange).
5. Oncethecriteria for thecollectionreport,hitRefresh toseethecollectionactivitydatarelatedto
thespecifieddaterangeandinterval.Theadministratorwillbepresentedwith:a. TheIntervalStart:dateatwhichthespecifiedintervalstarts.b. TheCount:Numberofmessagescollectedperinterval.c. TheSize:averagesizeinKBforthenumberofmessagescollectedperinterval.
Collectors-CollectionHistory
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
47
ConfiguringyourLotusDominoOn-PremiseCollectorforWindowsNOTE:beforeenablingyourLotusDominoOn-Premisecollection,makesurethatyourarchivingprovider’ssupportteamhasenabledtheserviceforyourarchivingaccount.
1. EnableLotusOn-PremiseCollectiona. AstheCustomerAccountAdministrator,opentheAdminpageb. SelecttheAccounttab.c. UnderOPTIONS,select‘EnableLotusOn-PremiseCollection’d. ClickUpdateaccount.
2. CreatetheCollector
a. AstheCustomerAccountAdministratorinthearchiveaccount,b. SelecttheCollectorstab.c. Clickthebutton‘ConfigureLotusOn-PremCollector’
d. Entera‘CustomerFriendlyName’(freeform)e. DoNOTselectthecheckboxfor‘AutomaticallyUpgradeAgentSoftware’.f. Select‘TargetOperatingSystem’=Windows64-bitg. Enteralocationforthe‘LocationofJournaledNSFs’:C:\sa-agent\archiveh. Click‘AddCollector’
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
48
NOTE:The‘LocationofJournaledNSFs:’mustbeuniqueforeachLotusOnPremCollectorthecustomermayhaveactiveatanytime.EachDominoservermayneedtorunitsownCollectordependingonhowDominoroutingand journalingareconfigured.CustomerswithmultipleDominoservers in theirdomainmayneedmultipleCollectors,each locationmustbeunique.Thiswarning isprimarily toaddresstheuseofNetworkAttachedStoragedevices.
3. Verifycustomer’sDominoJournalsettingsa. LogintotheDominoAdministratorb. SelectConfigurationtab-Server-Configurations,selectyourDominoServerdocumentc. SelecttheRouter/SMTPtabd. OntheRouter/SMTP-Advanced-Journalingtabe. VerifyJournaling=Enabled
4. VerifytheMailRulesa. SelecttheRouter/SMTPtabb. SelectRestrictionsandControlsc. SelecttheRulestabd. VerifyMailRulescreatedwillresultinmailmessagesbeingjournaled.
NOTE:TheArchiveservicehasnorequirementsforMailRuleConditionsotherthanthattheRulesresultinmail messages being journaled. The Archive service can only archive messages that the Domino serverjournalsaccordingto theDominoMailRules. IfasubsetofDominomail is journaled,only thatsubsetwillappearinthecustomer’sArchiveaccount.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
49
5. VerifyDominoversiona. AsaSystemAdministratoronthecustomer’sDominoserver,verifythecustomerisrunning
64-bit Domino 8.5.3. In the Domino console.log, found in C:\ProgramFiles\IBM\Lotus\Domino\data\IBM_TECHNICAL_SUPPORT,thestartupoftheDominoserverrecordsthefollowingwhichindicates64-bit:
LotusDomino(r)Server(64Bit),Release8.5.3,September15,2011Copyright(c)IBMCorporation1987,2011.AllRightsReserved.
6. DownloadAgentInstallerzipfile
a. AsaSystemAdministratoronthecustomer’sDominoserver,launchabrowser.b. Accessthecustomer’sArchiveaccountastheCustomerAccountAdministrator.c. SelecttheAdminpaged. SelecttheCollectorstab.e. ClicktheEditbuttonfortheLotusOn-PremcollectortobeusedwiththisDominoserver.f. Inthesection‘DOWNLOADTHELOTUSON-PREMAGENT’,clickthe‘Download’link.g. ReviewtheTermsofServiceh. Click‘AcceptTermsandDownload’
Heidi Fischer� 9/9/15 1:34 PMComment [2]: NeedtoupdatetoincludeDomino9
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
50
i. Proceedthroughanyexceptionorwarningdialogs.j. Save the file (ex. installer-xxx....xx.zip) to a location on the customer’s Domino server, ex.
C:\agentk. Thedownloadedarchivefile=51Mb
7. ExtractFiles
a. Extractallthecontentsofthedownloadedzippedarchivefilewhilepreservingthesupplieddirectorystructure.YoumaywishtochangetheDestinationDirectoryoftheextractedfilestomake it easier to access from a terminalwindow, ex. C:\agent. The extracted contentscontainthefollowing:
archive-agent-1.0.0-SNAPSHOT(directory)bin(directory)currentjre(directory)nSANSFCollector.dllSAArchive.ini
8. CopynSANSFCollector.dll
a. CopythefilenSANSFCollector.dlltotheDominoinstallationdirectory,ex.:C:\ProgramFiles\IBM\Lotus\Domino
9. Editnoteslini
a. Editthenotes.inifile,foundinC:\ProgramFiles\IBM\Lotus\Dominob. Searchforthevalue:EXTMGR_ADDINS
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
51
i. Ifthevalueexists,add",SANSFCollector"totheendoftheline.Notethecommaandnospace.
ii. IfthevaluedoesNOTexist,addthefollowingline:EXTMGR_ADDINS=SANSFCollectorc. Savethechangetothenotes.inifile
10. CopySAArchive.ini
a. CopythefileSAArchive.initothedirectoryC:\ProgramFiles\IBM\Lotus\Domino\datab. SAArchive.inicontainsthefollowinglines:
AgentDirectory=c:\sa-agentArchiveDirectory=c:\sa-agent\archiveArchiveUser=CN=ArchiveAgent/O=<youarchiveprovider>TargetJournalLatencySeconds=3600
NOTE: the values for AgentDirectory and ArchiveDirectory were derived from the values specified for‘LocationofJournaledNSFs’whentheAgentwascreatedintheArchiveAccountUIabove.Ifyouwishtouseadifferentdirectory locationyoumustcreateanddeployanewAgent.Changestothesevalues inthisfilearenotsufficienttoutilizenewdirectorylocations.
11. RestarttheDominoservera. StopandrestarttheDominoservertoenabletheDominoservertousethearchiveprovider
suppliedfilenSANSFCollector.dll.
12. VerifyDominoconsolelogoutputa. ViewtheDominoconsoleoutput, found inC:\ProgramFiles\IBM\Lotus\Domino\data\IBM_
TECHNICAL_SUPPORT\console.log,toverifythenSANSFCollector.dllhasbeenloaded.Outputshouldshowentriessimilartothefollowing:SAArchive:Loaded[1.0,02/04/2013,123],loggingtoc:\sa-agent/SAArchive.log
13. InstallAgent
a. Itisrecommendedthattheagentbeinstalledfromalocationonthelocalserver’sharddriverather than on a shared network drive. In a terminal window, change directory to thelocationoftheextractedfiles,C:\agent
b. Change directory to archive-agent. This is the location where the agent is launched andwheretheagent.logfilewillbecreated.
c. OpenaterminalwindowforinstallingtheagentasaWindowsService.d. Changedirectorytothelocationoftheextractedfiles,C:\agente. Changedirectorytoarchive-agentf. Launchtheinstallationscript:
bin\service.batinstallInstallingservice...done.
g. Theinstallationcreatesandwritesthefollowingtothefile,
C:\agent\archive-agent\SAArchiverService.<datestamp>.logCommonsDaemonprocrunloginitializedCommonsDaemonprocrun(1.0.15.032-bit)startedInstallingservice...ServiceSAArchiverServicenameSAArchiverServiceSettingservicedescription<yourarchiveprovider>CollectorAgentService'SAArchiverService'installedCommonsDaemonprocrunfinished
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
52
14. StartAgent
a. OpenAdministrativeTools–Servicesb. VerifySAArchiverServiceislisted.c. SelectSAArchiverService,clickStartd. VerifytheSAArchiverServiceStatuschangestoStartede. StartingtheSAArchiverServicecreatesthefile,agent.logf. OpentheTaskManagertoverifythejavaprocessisrunning.g. Selectthejava.exe*32processh. Right-click,selectPropertiesi. java.exe *32 Properties dialog should show Location: C:\agent\archive-agent\jre\bin,
includingthelocationofyourrunningagent.
15. Verifyagentstatusa. Agentstatuscanonlybeverifiediftheagentisrunning.b. Launchaterminalwindowc. Changedirectorytothelocationwheretheagentwaslaunched,C:\agent\archive-agentd. Issuethefollowingcommandtoretrievetheagentstatus:bin\agentctlstatuse. Iftheagentisrunningthecommandshouldreturnoutputsimilartothefollowing
Lastsuccessfuloperationwas(sleep60)at2013-04-09T11:31:32.Loglevelisnormal.Versionis1.0.0-SNAPSHOT.Upfor0hours4minutes3seconds
f. AgentstatuscanalsobedeterminedfromtheCustomerArchiveAccount,intheEditscreen
oftheCollector.
g. VerifythefileC:\agent\archive-agent\agent.logiscreated.h. When the agent is started successfully, C:\agent\archive-agent\agent.log will contain the
following:startingserverinitializing[larabee.configlarabee.oplarabee.loglarabee.upgradelarabee.server]donestartingserver
16. Verifymessagesarejournaled
a. SendamessagetoauserontheDominoserver.b. VerifyarecordofthemessageappearsintheDominoconsolelog.c. VerifyanewjournalfileiscreatedinC:\sa-agent\archived. VerifyarecordofthemessageappearsintheC:\sa-agent\SAArchive.log
Info:Loaded[0.1-dev,20121120-003231,825111a] Warning:foundnofilesmatching:/sa-agent/archive/journal*.nsf Info:journaledmessageto/sa-agent/archive/journal-20121228T011319Z.nsf
NOTE:Initially,nojournalisavailabletostorethenewmessage,soonehastobecreated.Journalfileisthencreated,andmessageisstored.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
53
17. UninstalltheDominoOn-PremCollector
a. Launchaterminalwindow b. Change directory to the location where the SAArchiverService was installed,
C:\agent\archive-agent c. IssuethefollowingcommandtouninstallSAArchiverService: bin\service.batuninstall d. VerifytheagentisstoppedbyviewingoutputinC:\agent\archive-agent\agent.log
executingadmin:[stop] stoppingserver donestoppingserver
e. Verify SAArchiverService is removed by viewing output in C:\agent\archive-agent\SAArchiverService.<datestamp>.log
CommonsDaemonprocrunloginitialized CommonsDaemonprocrun(1.0.15.032-bit)started Deletingservice... Service'SAArchiverService'deleted Deleteservicefinished. CommonsDaemonprocrunfinished
f. VerifySAArchiverServiceisremovedfromServices g. DeletetheagentdirectoryC:\agent h. StoptheDominoserver i. DeletethefilenSANSFCollector.dllfromthedirectoryC:\ProgramFiles\IBM\Lotus\Domino j. EditthefileC:\ProgramFiles\IBM\Lotus\Domino\notes.ini k. Removethevalue",SANSFCollector"fromtheEXTMGR_ADDINSsetting l. Savethefile m. DeletethefileSAArchive.inifromthedirectoryC:\ProgramFiles\IBM\Lotus\Domino\data
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
54
VI.SettingsInthischapter:
• YourSettings• EndUserAccessRules• LDAPintegration• LoginMessages
Theobjectivesofthischapterare:
• ToidentifyandconfigurePolicyattributesforautomaticmessageremoval.• To identify and configure Setting attributes for your personal account settings, rules for your end
users,andsystem-wideloginmessages.
YourSettingsTheSonianArchiveforE-MailHTTPSAdministrationSettingsfeaturesprovidetheabilitytofinetuneindividualpersonalsettings,enduseraccessrulesandloginmessages.
Administration-Settings-Yoursettings
LogontoyouremailarchivesystemasanadministratorandfromthedefaultAdministrationDashboardclick
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
55
Settings-YourSettingstab.YoumayalsonavigatetotheSettingsUIifalreadyloggedintothearchiveserviceAdministrationUIbysimplyclickingtheSettingstabthenYourSettingstab.ModifyUserAccountfieldwithuniquepersonalcriteria.UserAccountstandardparametersaremaintained:TheUsernameandemailaddressfieldsmustbeuniquesystemwide,andpasswordsmustbealphanumericwithat least three numbers. If given field value is not valid, an errormessagedisplays citingan incorrectparameter,reviewandcorrectinputs.ModifyUserGeneral fieldswithpreferredpersonalcriteriato customizepersonal user interfaces.Use thedrop-downmenustoseteachattributevalue.Availableselectionsareasfollows:
1. Itemsperpage:SetsEndUserandSearchitemsperpage:10,25,or50.
2. Default page: Sets your default login page: Admin dashboard, Search dashboard, Search list. Theavailableselectionswillvarydependingonuserpermissions.
3. Timezone:Setsyourpersonaltimezone.
4. DefaultView:Setsyourpreferredsearchview.a. NormalView-DefaultviewthatdisplaysSMTPmessageheaderandsnippetofbodycontent.b. MiniView-DisplaysSMTPmessageheadercontentonly.c. TextView-DisplaysSMTPmessageheaderandfullbodycontentwithoptiontoExpandExtra
headerstoexpandSMTPheaderandX-Arc*typemessageheaders.
5. Receivenightlyemailsofcollectionactivity:selectthecheckboxtobenotifiedonadailybasisofthearchiveactivity.Ifthatischecked,theadmin(s)willreceiveanemaileachdaylistingthenumberofmessagescollectedoverthepast24hours.
ClickUpdatetoapplysettings.Whensuccessful,themessage'Yoursettingshavebeensuccessfullyupdated'displaysatthetopofthepage.GeneralsettingsareeffectiveimmediatelyexceptfortheDefaultpagesetting,whichtakeseffectthenexttimetheuserlogsintothesystem.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
56
EndUserAccessRulesThe conceptof EndUserAccessRules is to impose restrictionson SMTP domains for end users that self-register to the archive service via an HTTPS browser session(https://<instancename>.Sonianarchive.com/user/signup/new).Restrictionslimitenduseraccessandsystemvulnerabilityandimprovesecurity.
Administration-Settings-Enduseraccessrules
1. Logon to your archive systemas an administratorand from the default AdministrationDashboardclickSETTINGS-EndUserAccessRulestab.
2. TheEndUserAccessRulesconceptisbasedontypicalallowanddenyrules-basedpolicyandallSMTP
aliasesaredeniedbydefault.a. AllowrulesexplicitlydefineSMTPaliasestoallowaccess.b. DenyrulesexplicitlydefineSMTPaliasestodenyaccess.
NOTE: Forexample, to allowaccess fromall locationsexcept freeemail sites suchas Yahoo,Hotmail,andGmail,addanallowrulefor*@*andaDenyrulefor*@gmail.com,*@yahoo.com,and*@hotmail.com.
3. ClickUpdatetoapplysettings.Themessage'Theaccesslistshavebeenupdated.'displaysatthetopofthepage.
If anenduser registerswithan invalidordeniedSMTPalias, thearchiveservice systemdoesnotsendanemailnotificationtotheSMTPalias.Therefore,theemailnotificationreplycannotbesentto the invalidordeniedSMTPaliasandtheself-registeredaccountneveractivates.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
57
ConfiguringLDAPintegrationLDAP integration gives you the ability to leverage your directory information to provision and managearchiveusersandrelatedattributes.LDAPintegrationisdesignedtohelpyourstreamlineuserprovisioning,management, and authentication. This feature relieves the administrator(s) from the hassles ofmanuallymanagingarchiveusers.NOTES:
• LDAPsupportneedstobeenabledattheaccountlevelfirstbytheSonianadministratortoappearintheAccountAdminsettingspage.
• The sn, given name,mail, username, and password have to be filled out on the LDAP server forintegrationtosuccessfullycomplete.
InordertoconfigureLDAPintegration,pleasefollowthesesteps:
1. LogontoyouremailarchivesystemasanadministratorandnavigatetoAdministration-SETTINGS–LDAPintegrationtab.
Administration–Settings–LDAPintegration
2. ProvideyourLDAPserverconnectionsettings:a. LDAPserver–HostnameorIPaddressfortheLDAPserver.b. Port–Entertheportnumber:636canbeusedforLDAPoverSSL.
LDAP–serverconnection
3. ProvideyourusernameandpasswordfortheLDAPintegrationaccount:a. ServiceUserName–Thedistinguishednameofanaccountwithpermissiontosearchthe
LDAPdirectory.ThisisbasicallyanaccountwithpermissiontoquerytheLDAPserver.b. ServicePassword–Passwordonthenetwork,forread-accessonlytotheLDAPserver.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
58
LDAP–Usernameandpassword
4. Describehowtheserviceshouldlocateandidentifyarchiveusers:a. BaseDN–ThedistinguishednameoftheusercontainersorActiveDirectorytree.b. UserFilter–Thefilterthatshouldbeusedto identifyusersthatshouldhaveaccesstothe
archive. User filter is an LDAP filter string that is used to select those records within thebasedDN.
c. Pullinalle-mailaliasesassociatedwithuseraccounts–Selectthischeckboxtosynchronizeall e-mail addresses associated with user accounts. This will pull primary, aliases, and allproxyaddressesforyourendusers,populatingtheirMyArchiveaccountsaccordingly.
LDAP–BaseDNanduserfilter
NOTES:
• Bydefault,serversthatareperforminguserauthenticationconnecttotheLDAPserverusingLDAPoverSSL(port636).
• TheadministratorcanprovideanyportnumberaslongasitisconfiguredwithhisLDAPserverandusesasecure(SSL)connection.
5. Test your configuration. It is important that you test your LDAP configuration before saving any
settingsyouprovidedabove.a. TestUserName–Provide auser name for a user account that shouldhave access to the
archive.Itwillbesuedtovalidatethesettingsyouprovidedabove.b. TestPassword–Provideapasswordforthetestaccount.Thispasswordwillnotbesaved.c. ClickonTestConfigtotesttheaccuracyofyourLDAPconfigurationsettings.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
59
LDAP–TestingyourLDAPconfiguration
NOTES:
• Testconfig fails– Incaseyourconfigurationtest fails,youwill seeamessagedisplayedbelowtheTestConfigbuttontellingyouwhaterrorsthereareandwhichfieldsneedtobemodified.
• Testconfigsucceed–Incaseyourconfigurationtestsucceed,youwillseeamessagedisplayedbelowtheTestConfigbuttontellingyouthatyourLDAPconfigurationsettingsareaccurate.
6. OncethearchivesystemhasvalidatedyourLDAPconfigurationsettings,clickon“SaveSettings”to
saveyoursettingsandenableLDAPintegration.
LDAP–Savesettings
NOTES:
• Theuserwill onlyhave access to LDAP/directory integration feature set if you (the administrator)enableit.
• Only users whose account information and attributes are managed via directory/LDAPsynchronizationwillbeabletoleverageLDAPforauthentication.
• UsersthatareconfiguredforLDAPauthenticationwillnotbeabletorecovertheirpasswordsinthearchivingsystem.
• If theadministratorchooses toenableusers to loginusing their lastknowngoodpassword, in theeventthattheLDAPserver isunreachable,passwordsstored inthesystemwillneverbevisiblebytheadministratorofyourarchivingprovider.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
60
RemovingLDAPsettingsAdministrators have the ability to remove the LDAP settings if necessary. This is a very quick and simpleaction.Administratorshavetofollowthis2stepsprocess:
1. LogontoyouremailarchivesystemasanadministratorandnavigatetoAdministration-Settings–LDAPintegrationtab.
2. ClickonRemoveLDAPSettingsatthebottomofthepage.
LDAP–Removesettings
OncetheLDAPsettingsareremovedalltheLDAP-enableduserswillbecomenativeusers.Theywillnotbedeleted from the archive. Users will be able to login into the systemwith their username and last usedpassword.
Additionalinformation–Authenticationmethods
1. DatabaseAuthenticationUserCreation
• Usersarecreatedbyacustomer,Sonian,andgivenatemporarypassword.Thefirsttimetheylogin,theywillbeforcedtochangetheirpassword.
• Ifenabled,userscanself-register.Inwhichcasetheykeepthepasswordtheyusedtosignup.• UserscanbebulkuploadedfromaCSVfile.• Userscreatedinanyofthesewaysareflaggedas"Native"users.
Passwords
• WeinheritthealgorithmofRestful-Authentication.• Passwordsaresaltedandhashed.Itisnotpossibleforanyone,evendevelopers,toreversethishash.
Allpasswordsaresaltedwithaone-timesalt,andpassedthroughaone-wayhashingalgorithm.It'stheresultofthatthatgetsstored.
• Salts change every time the password does. That means we cannot easily implement the "don'treuseoldpasswords"constraint.Thisexistingfunctionalityhasbeenpulled.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
61
Login
• Usersprovidetheircredentialsinthe/login/newscreen.Theywillberedirectedthereiftheyarenotcurrentlyloggedin.
• Ifanativeuserexistswiththeenteredcredentials,theuserisauthenticatedandredirectedtooneof(inorder):
o TheURLtheyweretryingtogoto.o Thedefaultlocationsavedwiththeirprofileo The dashboard of the environment their most powerful role allows: admin, search, my
archive.PasswordRecoveryIfpasswordrecoveryisenabledbytheadmin,ausercanrequestanewpasswordfromtheloginscreen.Iftheydo,theywillgetanemailsendingthemtoanewscreentoentertheirnewpassword.Notetheabilitytorecoverapasswordcanbesetattheuserlevel(aswellastheaccountlevel).Ifsuchauserisatthe loginscreen,wecan'tknownottoshowtherecover link.However, if theyactuallytrytorecovertheirpassworditwillbedenied.IntrusionDetection
• Anadmincanconfigureasetnumberof failedpasswordattemptsallowedbeforeauser is lockedout.
• Ifauser(presumablyabadguy)failstologinafterthisnumberofattemptstheywillbelockedout.• Whenausergetslockedout,theywillreceiveanemailtellingthemhowtounlocktheiraccount,so
thatthebadguycan'tcreateadenialofserviceattack.• Alternately,anadmincanunlockanaccount,oritwillbeautomaticallyunlockedafteraconfigurable
amountoftime;default:30minutes.InactivityTimeoutIfauserhasbeeninactivefor30minutes,theywillbeaskedtologinagainthenexttimetheyusethesite.LoggingoutWhenauserlogsout,theyaresenttotheloginscreenandunabletoproceeduntiltheyloginagain.LDAPAuthenticationLDAPauthenticationuses thecustomer'spubliclyaccessibleLDAPserver toauthenticateusers.Wedonotcurrentlysynchronizethecustomer'sLDAPserverwithalocaluserstore.ConfigurationA Sonian admin can configurewhether LDAP-based authentication is available to Sonian's customers. If itis,andthecustomerhasenabledenduseraccess,thecustomer’sadminwillseea"LDAPintegration"tabintheSETTINGStab.Heretheyentertherelevantinformationneededtoconnecttotheirserver.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
62
• ALLLDAPqueriesareoverSSL.TheLDAPserverMUSTbeconfigureforSSLcommunication.o StartTLSisneverused.ItisalwaysSSL,allthetime.
• MicrosoftActiveDirectory:duetothewayActiveDirectoryisdesignedwemustbindtoLDAPasasearch-enableduserandretrievetheattributesfortheuserloggingin(ratherthanbindingtoLDAPas the user logging in). Therefore, we need to know the bind DN of a search user (presumablycreatedjustforthispurpose)andthatsearchuser'spassword(whichwillbeencryptedwhensaved.)
• ThefilterparameterMUSTincludethestring"%u"initsomewhere.Thisiswherewewillinserttheuser'senteredusername.
• Theusernameandpasswordaskedforontheconfigurationscreenarenotsaved.Theycanbethecredentialsofanyuserinthedirectoryserver.
UserCreationWhenan LDAPuser logs in for the first time (seebelow)a localuser is createdusingproperties returnedfromanLDAPquery:
• sn(surname):lastname• givenName:firstname• mail:emailaddress
Theusernameof theuserwillbewhateverusername theyenteredon the login screen.Wealso save thepasswordtheyentered(exactlyaswedoforlocalauthentication).
• AllusersarecreatedwiththeEndUserrole.Consequently,theywillhaveonlyoneemailaddressby
default.EndUseraccessmustbeenabled.
• UponconfiguringtheLDAPintegration,theadministratorhastheoptiontochoosewhetherornothe wants all proxy addresses (aliases, etc.) to be pulled and synchronized alongside the users'primary SMTPaddress. Thisenablesendusers to see inMyArchivemail related toall their emailaddressesassociatedwiththeiruseraccountontheLDAPserver.
• AlluserswillbeflaggedasLDAPusers(asopposedtoNativeusers).
• On subsequent logins, if those attributes have changed the userwill be updated, overwriting anychangesthatmayhavebeenmadelocally.
• IftheuserisdeletedinLDAP,ontheirnextlogintheywillbe(logically)deletedlocally.
• User attributes can be later modified by an admin locally. But LDAP changes will overwrite anychanges made to the first name, last name, and password. Additional email addresses will bemaintainedandsowilladditionalroles,buttheEndUserrolewillberestoredifitwasremoved.
• Theaccountownerof an LDAPenabledaccountexists locally as aNativeuser.AdministratorsareencouragednottomakeLDAPuserstheaccountownerandthendeletethelocalaccountowner.
• OtherlocaluserscanbecreatedforanLDAP-enabledaccount,inwhichcasetheywillbehavejustasordinarylocalusersdo.
• MicrosoftActiveDirectory:aDomainusercanusehisoldpasswordtoaccessthenetwork/archiveforonehourafter thepasswordhas changed. If youwant todisableauseraccess to thearchive,changinghispasswordwillbefullyeffectiveonlyonehourlater.Asabestpractice,werecommendthattheAdmindisabletheemployeeaccount.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
63
LoggingInIf an account has LDAPproperties associatedwith it, it is considered LDAP-enabled. If a user attempts tologintoanLDAP-enabledaccount,then:
• WelookfirstforNativeuserswiththosecredentials,andlogtheminiftheyexist.
• IfaSonianadminhas turnedLDAPsupportoff (afteranaccounthassetupLDAP),we look locallyforLDAPusers,thiswayallthoselocalusersdon'thavetoberecreated.
• Otherwise,webindtotheLDAPserverasthesearchuserspecifiedinsetupandthendoaqueryforthatlogging-inuser'sattributes.
• Wethenrebindusingthatuser'sDNandtheenteredpassword.
• Ifthat'ssuccessful,wecreatetheuserasspecifiedaboveandlogthemin.
• However,ifwecannotbindsuccessfullyandthatuserexistslocally,westilllogthemin.ThisallowsustocontinueintheeventthattheLDAPserveris inaccessible.Forsecurityreasons,allpasswordsaresaltedwithaone-timesalt,andpassedthroughaone-wayhashingalgorithm.It'stheresultofthatthatgetsstored.
• Finally,ifwecan'tfindtheuserremotelyorlocally,theyaredenied.Note, once an LDAP user is logged in, they behave just like a local user.We do not ping LDAP for eachsubsequentrequest;wejustlooklocally.PasswordRecoveryPasswordrecoveryisdisabledforLDAPusers.SAMLAuthenticationWithSAMLauthenticationmethod,everySAMLuserispre-authenticated.Thatsaid,it'sstillpossiblefortheexternal authentication server to present uswith user information thatwe cannot use, and thus need tocorrectfor.UserCreationWhenaSAMLuserconnects(not"logsin"-theyneverseetheloginscreen)forthefirsttimealocaluseriscreatedusingpropertiesembeddedintheHTTPrequest.
• Requiredo saml_account TheUUIDoftheSonianaccounttheuserbelongstoo saml_username Example:Kennetho saml_email Example:[email protected]
• Optionalo saml_full_name Example:KennethLayo saml_first_name Example:Kennetho saml_last_name Example:Layo saml_roles Example:[‘acme_admin’,‘acme_user’]
• If saml_roles is provided, the user will be created with those roles (after they are scrubbed to
preventprivilegeescalation).OtherwisetheywillhavetheEndUserrole.
• Ifsaml_full_nameisprovidedandfirstandlastarenot,weattempttoguessfirstandlast.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
64
• Ifallthreenamesareprovided,firstandlastwin.
• AlluserswillbeflaggedasSAMLusers(asopposedtoNativeusers).
• Onsubsequentconnections,ifthoseattributeshavechangedtheuserwillbeupdated.LoggingInAs noted, all SAMLusers are logged in just by showing up (that is, there's at least oneHTTPheader thatbeginswith"saml_"andtheaccountisSAML-enabled).SAMLusersneverseetheloginscreen.IfaSAMLrequestcomesinandit'smissingtheaccount,username,ormailattribute,thentheuserisshowna failure page. If these, required fields are present, but last name and first name are not, the user isredirected to a page where they can enter their personal information. If everything we want is in therequest,theusersimplygetstotherequestedpage.JustlikeforLDAP,onceaSAMLuserisloggedin,theybehavejustlikealocaluser.Wedonotre-authenticatewiththeprovidedSAMLattributesuntiltheylogout.PasswordRecoveryPasswordrecoveryisdisabledforSAMLusers.LoggingOutEventhoughaSAMLuserneverseesaloginscreen,there'sstillalogoutlink.Clickingthislinkdestroystherelocalsession,butalsoredirectstoShibbolethanddestroysthereremotesession.Whichmeansthenexttimetheuserrequestsapage,theywillseewhateverauthenticationthatShibbolethprovides.TipYou can manually test SAML with Firefox using theModify Headers Plug-inand entering the appropriateheaderslistedabove.There'sprobablyasimilarplug-inforChrome.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
65
LoginmessagesTheconceptofLoginMessagesistoconvenientlydisplaymessagesonyourarchivesystemloginHTTPSURLtocommunicatewithallendusers.
Administration-Settings-Loginmessages
Logon to youremail archive systemas anadministrator andnavigate toAdministration - Settings - LoginMessagetab.ClickNewmessageanddefine:
• Message:EnterTexttodisplayonyourarchiveserviceloginscreen.• StartsOn:Clickcalendarappletandselectstartdateforyourmessage.• ExpiresOn:Clickcalendarappletandselectdateforyourmessagetoexpire.
Thearchiveservicepostsanupdate“Messagewassuccessfullycreated”atthetopoftheLoginMessagesUI.Log out and navigate to your archive service default HTTPS URL and verifymessage appears if date fallswithin range defined. One option is to define your message with current date setting to verify correctmessagetextappearsasdesiredandthenmodifydaterangeaftertest.
Loginmessageexample
ThefigureabovedisplaysCustomerLoginScreenMessage'OurcompanyholidayisscheduledforDecember22nd’.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
66
E-mailForwardingRestrictionThisfeatureallowstheAccountOwnerorAdministratortocontrolWHOhastheabilitytoforwarddataoutof the archive and toWHOM. By default, forwarding is enabled and allowed for every archive user role(SearchAdminPlus,SearchAdmin,SearchUser,andEndUser)meaningthattheyallcanforwardarchiveddataoutofthearchivetosomebodywithinoroutsideofyourorganization.Thisfeatureallowsyoutogainmoregranularcontrolover'forwarding'andapplysomerestriction.Howdoyouenablethe'emailforwardingrestrictions'?
1. The featurehas tobe initially turnedon for youraccountbySonian’s Support team.Contact yourSonianSupportcontacttogetthisfeatureturnedon.
2. Oncethisisturnedon,loginastheAccountOwnerandgototheACCOUNTtab.3. Select"EnableE-mailForwardingRestriction"under'Options'.
4. Saveyouraccountsettingsbyclicking"Updateaccount"atthebottomofthepage.5. AnewtabunderSETTINGS,called"E-mailForwardingRestriction"willbedisplayedunderSETTINGS.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
67
Howdoyouconfiguretheemailforwardingrestrictions?Onceyouaredoneenablingthefeature,youcanconfigurepoliciestolimitWHOcanforwarddataoutofthearchive toWHOM. From the "E-mail Forwarding Restriction" tab under the SETTINGS page, follow thesesteps:
1. Readthequickoverviewtounderstandthedefaultbehaviorwithoutrestrictionturnedon.
2. Select "Enable restrictions on forwarding e-mails out of the archive" to disable forwarding foreverybodyinthearchive.ThismeansthatSAPlus,SAs,SUs,andEUswillNOTbeabletoforwardanyarchiveddataoutofthearchive.
3. (Optional)Selectoneofthe listedarchiveuserrolestorestricttheabilitytoforwarddatatothoseroles.Onlytheselectedroleswillbeabletosenddataoutofthearchivefromsomebodywithinoroutsideofyourorganization.
4. (Optional) Select the last checkbox to tie forwarding restrictions to a set of known registereddomains.Selectingthecheckboxmeansthattheusersforwhomyoualloweddataforwardingwouldonlybeable to forwarddata toemailaddresses thathavedomains thathavebeenregisteredandapprovedbytheAccountOwner,undertheACCOUNTtabasseenbelow.
5. Onceyou'redoneconfiguringyourforwardingrestrictionpolicy,clickon"SaveSettings"tosaveyourconfigurationandactivatethepolicy.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
68
VII.ReportingInthischapter:
• Reportbuilderoptions• Samplereport
Theobjectivesofthischapterareasfollows:
1. Identifyarchiveserviceuseraccountsallowedtorunreports.2. IdentifyanddescribeseveralavailableReporttypes.3. Identifyanddescribeformatoptions4. Identifyanddescribedaterangeoptions5. Identifyanddescribesortoptions
ReportbuilderoptionsThefollowingarchiveserviceuserroleshavepermissiontorunreports:
• AccountOwner• AccountAdministrator• SearchAdminPlus
ReportscanbegeneratedinPDForCSVformatandaresentdirectlytothedesignateduser’sinbox.NavigatetotheReportstabandstipulateReportBuilderoptions.
Reportbuilderoptions
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
69
ConfigureyourarchiveservicewithyourdesiredReportBuilderOptions.
1. FromtheChoosereport:drop-downmenu,selectoneofthefollowingreporttypes:a. ActivitybyUser-reportsactionsexecutedbyuser,forexample,UserLogin,SearchCreation,
SearchAccess,ExportAvailable.b. Activity by UI Action - reports User Interface activity, for example, BulkTagActivity,
CollectNowRequested,CollectNowCompleted,CollectorEdit,EciLogin,etc.c. ActivitybyDate-reportsactivitysortedbydated. CollectionbyMailbox-reportscollectionspermailboxe. CollectionbyDate-reportscollectionbydate
2. StipulateaFormatoption:
a. PDFb. CSV(CommaSeparatedValues)
3. FromtheDateRangedrop-downmenu,selectoneofthefollowingdaterangeoptions:
a. LastWeekb. ThisWeekc. LastMonthd. ThisMonthe. LastQuarterf. ThisQuarterg. LastYearh. ThisYeari. Allj. Custom
NOTE:
• ExceptfortheDateRangechoicesAllandCustom,eachselectionpopulatesthedaterangefieldswithpre-defineddates.Thesepre-defineddaterangescovermostreportingneeds.
• SelectingAllleavestheBeginsonandEndsonfieldsemptyandwillplacenodaterestrictionsonthereport.
• SelectingCustomcausesadateselectiontooltodisplaynexttotheBeginsonandEndsonfields.Usethedateselectiontoolstochooseacustomdaterange.
4. Sortoptions:
a. FromtheOrderbydrop-downmenu,selectfromthesecriteria:i. User,Date,Activity
b. ForSortorder,selecttheAscendingorDescendingradiobutton.
5. ClickCreateReport.Aconfirmationmessageappearsatthetopofthepagestatingthatthereportwillbesentbyemail.
NOTE:WhenviewingareportthatisgeneratedwiththeCSVformatoption,astringof“######”symbolsinthedatecolumnindicatesthatthedatecolumnistoonarrowtodisplaythedatecorrectly.Tofixthis,widenthedatecolumninthespreadsheetuntilthedatedisplayscorrectly.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
70
VIII.ImportingDataInthischapter:
• High-levelsummaryofthedataimportworkflow• Creatingtheimportjob• Preparingdataforimport• Drag-and-dropdataupload
The concept of the archive service Import function is to process bulk data import requests. When yousubscribe to the archive service, Sonian offers the option of importing legacy email archives into SonianArchiveforE-Mail.
High-level summaryofthedataimportworkflow
1. Customercreatesanimportjob.2. Sonianisnotifiedbyemail.3. Sonianshipsastoragedevicetothecustomer;alternatively,thecustomermayprovideitsown
device.4. Customerpreparesandencryptsthedata.5. CustomerplacesthedataontothedeviceandshipsittoSonianatthefollowingaddress:
CloudArchiveServiceSupport19091PruneridgeAve.Cupertino,CA95014
6. Sonianreceivesthedevice,inspectsitforintegrityandobjectsize,thenimportsthedata.7. Afterthedatahasbeenimported,Sonianelectronicallyshredsthedataonthedevice.Thedatashred
optionisbuiltintothearchiveservice,anditisenabledbydefault.Intheeventthatthecustomerusestheirownstoragedevice,theywillhavetheoptiontonotshredthedatafollowingtheimport.
8. Aftershredding,thedataisnotrecoverableandthefilesonitdisplayascontainingzerobytes.Thedevicewillrequirereformattingbeforeitcanbere-used.
9. CustomerreferstotheImportTasklistforstatus.
Creating theimportjobTorequestalegacyemaildataimport,gotoAdminlink,selecttheImporttab.TheImportTaskspagedisplays.
Importtaskspage
Heidi Fischer� 9/9/15 1:41 PMComment [3]: What’sthisaddress?
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
71
FromtheImportTaskspage,selectCreateImportTask.TheNewImportTaskpagedisplays.By filling out theNew Import Task form, you are providing contact information onwho is requesting theimportandwherethedriveshouldbeshippedafterthedatahasbeentransferredatthedatacenter.
Newimporttaskpage
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
72
Afteryouhavecompletedtheform,selectSubmitImportTask.TheImportTaskspagedisplaysshowingtheimporttaskthatyoujustsubmitted.Itisnowwaitingtobegin.NOTE:MakeanoteoftheImportTaskIDoutlinedinredinthefigurebelow.Youwillneedthisnumberforthedataencryptionprocess.
Importtaskwaitingtobegin
Your legacyemail data can be successfully importedusing the popularPSTmail file format. The followingsectionprovidesguidanceonhowtoworkwiththePSTformat,commonlyusedbyMicrosoftOutlook.
PreparingdataforimportWhenpreparingyourdataforprocessing,youwillberesponsibleforencryptingthedatathatwillbeplacedontheportablestoragemediadevice.WARNING! Inordertobeuploadedintoyourarchive,allfileobjectsontheportablemediadevicemustbebelow25GBs.Sonianrecommendsusingtheprogram7-zip(http://www.7-zip.org/)whichallowsforAES-256bitencryption.YoumustuseyourImportTaskIDasyourpasswordforencryptingyourfiles.
PSTformatThePST(PersonalStorage)folderformatisusedbyMicrosoftOutlooktostoremessagesonlocaldesktops.ThePSTformatisasinglefilethatholdsallfoldersandmessages.YouwillneedtoprovideeachPSTfileasaseparatefilewhichmustnotbesecuredwithanypasswordprotection.NamethePSTfileandcopyitontotheharddriveyouwillbeshipping.PSTfilesmaybegeneratedinacoupleofways.
• Directlybyusers.• Throughanautomatedapplicationsuch asexmerge,whichextractsmessages fromyourExchange
ServerintoacollectionofPSTfiles.ThePST file formatcanhold informationotherthan justmessages,suchas tasks, notesandcontacts.Thisadditionalinformationis storedasamessageandcan, if required,be importedinto thearchive.However,
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
73
therewillbenodifferentiationbetweenthesevariousinformationtypessinceimporteddataissearchablebyemailand/orattachment.
RequirementsfornamingPSTfilesAspartofthePSTimportprocess,wewillneedtoknowtheprimaryemailaddressoftheuserforeachPSTfileinordertoassignownershipofthemessageafterbeingimportedintothearchivesystem.Ifyouhaveusedautilitysuchasexmerge,thiswilltypicallynamethePSTfilesbasedonthenicknameoftheuser in yourActiveDirectoryconfiguration.Weask thatyourenameeachPSTfilegeneratedtomatchtheindividualtowhomthePSTbelongs.For example,user SimonBloggs’mailboxhas been extracted from the Exchange server, and the exmergeutility is likely to call the PST file whatever his alias is (SBloggs.pst). The file must be renamed [email protected](retainthePSTfileextension).WhereyouhavemultiplePSTfilesforanindividual,pleasesimplyaddanumbertotheendoftheaddress:
• [email protected]• [email protected]• [email protected]
If,however,youhaveacquiredPSTfilescreateddirectlyfromyourenduserswhohavecopiedmessagestothemfromOutlook,then it is likelythattheywillbearbitrarilynamed.SincethereisnowaytoaccuratelyascertaintowhomeachPSTfilebelongstointheorganization,wewillneedyoutoensurethatthenamingconventioncitedhereisupheld.
Table1 Supportedphysicalmedia
ITEM REQUIREMENTPowerforExternalDevices USwallsocketplug120Volts@60Hertz
MaxPowerConsumption 2,000WattsInterfaceType eSATAUSB2.0;2.5inchand3.5inchinternalSATADimensions Maxdevicesizeis14incheshighby19incheswide
by36inchesdeep(8Usinastandard19inchrack)
Weight Maximumis50poundsFileSystemType NTFS,ext2,ext3,FAT32
DeviceCapacity Upto4TB
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
74
Drag-and-dropdatauploadNOTE:Thedrag-and-dropdatauploadisonlyavailabletoAccountOwners(AO)andAccountAdministrators(AA)ifpreviouslyenabledbyamemberofyouArchiveSupportteam.Ithasneverbeenthateasytoloadexistingdatainyourarchive.Thisimportingsystemallowsyoutosimplydrag-and-droplegacyemailand/orfiledataintothearchiveutilizingaJavaapplet.Theimportingsystemingests,stores,andindexesthefollowingemailfiletypes:
• EML,• PST,• NSF,• RGE,• MBOX,• andMaildir.
Thesystemalsohandlesthefollowingcompressedfilestypes:
• ZIP,• 7zip,• GZIP,• GZ,• TAR,• andRAR.
NOTE:• ForPSTimports,thePSTfilesshouldbenamewiththeprimarySMTPaddressoftheowner.Forinstance:
[email protected] isno limittothenumberoffilesyoucanuploadbutyoumayincuradditionalchargesbasedonthesizeofthedataprocessedintothearchive.Westronglyrecommendthatyoucompressandcatalogyourfilesby name prior to uploading them. Once you mark the import job as complete (clicking on "UploadComplete"),uploadingwillbedisabledforthatjob.
CreatingtheimportjobStep1:
1. OpentheIMPORTsupportticketwithyourarchivingprovider.
2. IncludedDnD(DragandDrop)inthesubjectlineordescription.
3. Your archiving provider will then enable the underlying services to present the “Upload To YourArchive”buttonwiththeImportIMPORTtab.
4. GotoACCOUNT-Optionsandselectthe“EnablePhysicalMediaandS3Imports”checkbox.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
75
Step2:
1. GototheIMPORTtabintheadministrationsectionofthearchive.
2. Clickthe“UploadToYourArchive”buttonwithintheIMPORTtab.
Import-Uploadtoyourarchive
3. Fillouttheblankfieldswiththerequiredinformationa. Provideyourname(firstandlast).b. Provideyourtelephonenumber.c. Provideyouremailaddress.d. Provideauniquenamefortheimporttask.e. Giveadescription/additionaldetailsfortheimporttask.
4. Whenyouaredonepopulatingthefields,clickon“SelectFiles…”.
Import-Uploadfilestoyourarchiveform
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
76
Step3:
1. AcceptJavaappletwarningsastrustedcontent.
2. UsefileFinder(MacOS),orWindowsExplorerortobrowseforfiles.YoucandirectlydropfilesintheJavaappletfromaWindowsmachinewithoutpreviouslyselectingthem.
3. Themomentyouchooseafile,itwillimmediatelybegintouploadtoasecurecloudstoragelocation
specifictoyouraccount.Youwillhavenovisibilityintothedestinationlocationforsecuritypurposes.
4. Choosethelegacyemaildataorfilestobeuploaded.
Import-Selectingdata
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
77
Step4:
1. When the upload is complete (100%), clickUpload Completed and clickOK on the confirmationpopupwindowtocloseyourimportjob.
2. AconfirmationmessagewillbedisplayedontopoftheIMPORTpageacknowledgingthesuccessof
theupload.***Thisdoesnotmeanthatyouremailsareavailableinthearchive.
3. Amemberofyourarchiveprovider’ssupportteamwillreachouttoyoutoverifythedetailsoftheimportandstartindexingthedata.
Import-Importconfirmation
Drag-and-dropuploadtechnicalspecificationsNOTE:MakesurethattheJavaplug-in is installedornotdisabled,otherwisetheappletdoesnot loadandtheuserwillnotreceiveanymessagethatthisistheproblem.Legacydrag-and-dropuploads to S3 leveragea singleAWSuser thathasPUT-only access to an S3bucketreservedforlegacyuploads.TheuploadismanagedbyaJavaApplet,configuredbythearchivewebsiteforaspecificupload job, thatcommunicatesdirectly toS3usingS3RESTAuthenticationtoensuredatasecurityandfidelity.Theappletnotifiesthewebsiteofuploadprogressandchangesinstatus,whichhastheadditionalbenefitofpreventing the user’s website session from timing out during a lengthy (i.e.multi-hour) upload. The javaappletusesencryptedSSLcommunicationtotransferanduploadfilestotheS3bucket.Fromanarchivesecurityprospective,thearchive’sconfigurationalwaysincludesboththeAWSAccessKeyandAWSSecretKeyforthelegacydrag-and-dropuploadapplettoensurethatnoexternalpartycanaccessthedata.ThearchiveneverexposestheAWSSecretKeyormakesitaccessibletotheJavaapplet.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
78
IX.ExportingDataInthischapter:
• BulkexportofarchivedataIfyoudecideatanypoint intimetounsubscribefromthearchiveservice,youmayrequestbulkexportofyourdata.PleasecontactSoniandirectlyformoredetailsregardingtheexportofarchiveddataandoptions.
Bulkexport ofarchivedataYoumayrequestbulkexportofallyourarchivedemaildata,oralargesubsetsuchasamonthlyorquarterlyarchiveddataset.Pleasecontactyourarchivingserviceproviderformoredetails.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
79
X.Policies
EmailretentionpolicyThePolicies tab isused for configuringanemail retentionpolicy.Anemail retentionpolicy setsa system-wideattribute to removeemailmessages fromthearchivebasedon timestamp.Only theAccountOwnerrole(AO)isentitledtomakechangestotheretentionpolicy.TheEmailRetentionpolicy featuremaybeenabledordisabledgloballyacross thewholearchiveaccount.Whentheretentionpolicyisenabled,messagesolderthanthespecifiednumberofyearsandmonthswillbepurgedfromthearchive.Messageswillceasetobediscoverablethroughsearchwithin24hoursofthepolicythresholdbeingreached.Thedefaultsetting isdisabled(meaningthattheEmailRetentionpolicy isturnedoff).Itemswithlegalholdstatusarealwayspreserved.Iflegalholdisremoved,themessage(s)thatareolderthanthespecifiedretentionperiodwillberemoveduponthenextpurgeevent.
Policiespage
1. NavigatetotheAdministrationPoliciestab.SelecttheEnableRetentionPolicycheckboxunderEmailRetentionPolicy.
2. SelectadesirednumberofYearsandMonthsforyourretentionperiodfromthedropdowns.
***NOTE:1monthisconsideredtobe30daysand1yearisconsideredtobe365days.
3. ClickUpdatetosaveyourretentionpolicy.AnemailnotificationwillbesenttoallAccountOwnersandSearchAdminPlustonotifythemofthepolicychange.Noactionisrequiredfromthem.Thepolicywillgetintoeffectrightaway.
SonianInformationDiscoveryCloudAdministrationGuide
©2015Sonian,Inc.Allrightsreserved
80
Appendix:SupportedEmailServerPlatforms
On-premisesemailserverplatformsThearchiveservicecurrentlysupportstwoCollectorobjecttypes:POP3andSMTP.ThisistrueforMicrosoftExchange2003,2007,and2010foron-premisesemailservers.
HostedemailplatformsThe archive service supports Google Apps E-Mail, but limited to individual mailbox collections. POP3journaling is not supported. Collection through SMTP is limited without third-party routing of outboundinternetemail.
EmailclientintegrationMicrosoft Outlook 2010, 2013 and OWA are supported. Both have the ability to access the searchfunctionalityofthearchivesystemthroughtheemailclient.
Supportedwebbrowsers
• InternetExplorer10.x• InternetExplorer11.x• InternetExplorerEdge• Firefox• Safari6• Safari7• GoogleChrome
Boththe32-and64-bitversionsofthebrowsersaresupportedasapplicable.