archive administration guidesa2help.com/documentation/sonian_administration_guide.pdfsonian...

SonianInformationDiscoveryCloud

ARCHIVEADMINISTRATIONGUIDESoftwareReleaseDate:September2015

SonianInformationDiscoveryCloudAdministrationGuide

©2015Sonian,Inc.Allrightsreserved

1

LegalNotices

WarrantyThe only warranties for Sonian products and services are set forth in the express warranty statementsaccompanyingsuchproductsandservices.Nothinghereinshouldbeconstruedasconstitutinganadditionalwarranty.Sonianshallnotbeliablefortechnicaloreditorialerrorsoromissionscontainedherein.Theinformationcontainedhereinissubjecttochangewithoutnotice.

RestrictedrightslegendConfidential computer software. Valid license from Sonian required for possession, use or copying.Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer SoftwareDocumentation, and Technical Data for Commercial Items are licensed to the U.S. Government undervendor'sstandardcommerciallicense.

LicensingThe use of Sonian products is governed by the terms and conditions of the applicable End User LicenseAgreement(EULA).

TrademarknoticesMicrosoft®,Windows®areU.S.registeredtrademarksofMicrosoftCorporation.JavaisaregisteredtrademarkofOracleand/oritsaffiliates.OracleisaregisteredtrademarkofOracleCorporationand/oritsaffiliates.UNIX®isaregisteredtrademarkofTheOpenGroup.



2

TableofContentsAboutthisdocument.....................................................................................................................4

Intendedaudience....................................................................................................................................4Prerequisites............................................................................................................................................4Relateddocumentation............................................................................................................................4Documentationupdates............................................................................................................................5Support...................................................................................................................................................5

I.Introduction.................................................................................................................................6SonianArchiveforE-mailAdministrationGuide........................................................................................6SonianArchiveforE-MailDistributionModel.............................................................................................7

Elasticcomputing orcloudcomputing...........................................................................................................8

II.NewAccountSetUp....................................................................................................................9Soniantasks-creatingyournewaccountandAccountOwnerAdministrator.......................................................9Customertasks—Logging inandconfiguring theaccount.......................................................................10Modifyingaccount settings......................................................................................................................11ConfiguringAccountSubscription,Options,andLogo..................................................................................13Billing information (read-only)............................................................................................................16

III.AdministrationDashboard........................................................................................................17Administration DashboardStatistics........................................................................................................18Company,Logo,RecentLogins,Workstream.........................................................................................19Whatyoucandofromhere.....................................................................................................................21

IV.AdministeringUserAccess.......................................................................................................22Userstab...............................................................................................................................................22Creating useraccounts...........................................................................................................................23

Methodone:addusers................................................................................................................................24Method two:creatingusersinbulk..............................................................................................................27Method three:newuserself-registration....................................................................................................28

Enablingenduseraccesstothearchive.................................................................................................29Requestinganewtemporarypassword.................................................................................................30Modifyinguseraccounts.......................................................................................................................30

Addanemailaddress................................................................................................................................30Editing/deletinganemailaddress.............................................................................................................31

V.Collectors...................................................................................................................................32Non-mailitemsarchivedconditionally.....................................................................................................34Draftanddeleteditems..........................................................................................................................34Microsoft Exchangeenvelopejournaling...................................................................................................35Workingwithcollectors..........................................................................................................................36AddingPOP3MailboxCollector—Exchange Journal...............................................................................38

GoogleAppsandSSLconnectionrequirement............................................................................................39AddingSMTPcollector andtrustednetwork —ExchangeSMTP..............................................................40SMTPandencryptionasabestpractice...................................................................................................42

Pete Zimmerman � 10/22/15 3:16 PMDeleted: 15



3

POP3securitywithSSLasabestpractice...................................................................................................42AddingSecurePOP3Collector...............................................................................................................43

WhyuseSecurePOP3Journaling?............................................................................................................43HowdoIconfigureSecurePOP3JournalingwithExchange?....................................................................43ConfigureSecurePOP3CollectorintheHostedArchiveService...............................................................44

CollectionHistory..................................................................................................................................45ConfiguringyourLotusDominoOn-PremiseCollectorforWindows......................................................47

VI.Settings..................................................................................................................................54YourSettings.........................................................................................................................................54EndUserAccessRules...........................................................................................................................56ConfiguringLDAPintegration................................................................................................................57

RemovingLDAPsettings............................................................................................................................60Additionalinformation–Authenticationmethods...................................................................................60

Loginmessages.....................................................................................................................................65E-mailForwardingRestriction...............................................................................................................66

VII.Reporting.............................................................................................................................68Reportbuilderoptions............................................................................................................................68

VIII.ImportingData......................................................................................................................70High-level summaryofthedataimportworkflow.....................................................................................70Creating theimportjob...........................................................................................................................70Preparingdataforimport.......................................................................................................................72

PSTformat..................................................................................................................................................72RequirementsfornamingPSTfiles...............................................................................................................73

Drag-and-dropdataupload...................................................................................................................74Creatingtheimportjob.............................................................................................................................74Drag-and-dropuploadtechnicalspecifications.........................................................................................77

IX.ExportingData........................................................................................................................78Bulkexport ofarchivedata......................................................................................................................78

X.Policies....................................................................................................................................79Emailretentionpolicy...........................................................................................................................79

Appendix:Supported EmailServerPlatforms....................................................................................80On-premiseemailserverplatforms...........................................................................................................80Hostedemailplatforms............................................................................................................................80Emailclientintegration.........................................................................................................................80Supportedwebbrowsers......................................................................................................................80



4

AboutthisdocumentThisguideprovidesinformationabout:

• SonianArchiveforE-Mailconcepts,components,andstepstousethearchiveserviceandmanagethesystem.

• SonianArchiveforE-MailAdministrationcomponents.• ConfigurationandadministrationoftheSonianArchiveforE-Mailsystem.

Inthischapter:

• Intendedaudience• Prerequisites• Relateddocumentation• Documentationupdates• Support

IntendedaudienceThisguideisintendedforcustomeradministratorsthatwillconfigureandmanagetheArchiveservicebutwillnothaveaccesstothearchiveddata.

PrerequisitesPrerequisitesforusingthisproductinclude:

• Knowledgeofandfamiliaritywiththeoperatingsystemsofthecomputersystemstobeusedwiththisservice.

• Conceptsandprinciplesofemailarchiving.• KnowledgeofMicrosoftExchange.

RelateddocumentationInadditiontothisguide,pleaserefertootherdocumentsforthisproduct:

• SonianE-DiscoveryAdministrator&UserGuide.• SonianEndUserguide.

TheseandotherSoniandocumentscanbefoundontheSoniandocumentswebsite:

http://sa2help.com/admin/index.htmlor

http://partnerportal.sonian.com



5

DocumentationupdatesThe title page of this document contains the document release date. This date changes each time thedocumentisupdatedaccordingtothelatestreleasedate.Tocheckforrecentupdates,ortoverifythatyouareusingthemostrecenteditionofadocument,goto:

http://sa2help.com/admin/index.htmlYoucanalsoreceiveupdatedorneweditionsifyousubscribetotheappropriateproductsupportservice.Fordetails,contactyourSonianArchiveServicesalesrepresentativeandsupportcontact.

SupportYoucanvisittheSonianSoftwareSupportwebsiteat:

https://support.sonian.com/home



6

I.IntroductionInthischapter:

• SonianArchiveforE-MailAdministrationGuide• SonianArchiveforE-Maildistributionmodel• Elasticcomputingorcloudcomputing• Well-knownUSandinternationalemailjournalingregulations

SonianArchiveforE-mailAdministrationGuideThisAdministrationGuideexplainsconcepts,identifiescomponents,anddescribesstepstoutilizeandmanagethearchiveservicesystem.Thismanualhasthefollowingobjectives:

• TodescribeSonianArchiveforE-Mailfeaturesandfunctionality• ToidentifyanddefineSonianArchiveforE-MailAdministrationcomponents• TodescribeSonianArchiveforE-Mailconfiguration

Thisguideconsistsofthefollowingchapters:

• Introduction:DescribestheSonianArchiveforE-MailasaSoftwareasaService(SaaS)solution.• NewAccountSetUp:DescribesnewAccountsetupandAccountsettings.• AdministrationDashboard:DefinestheAdministrationDashboardanddescribesitsattributes.• AdministeringUserAccess:Defineshow the SonianArchive for E-MailAdministratormanagesand

viewsuseraccountattributes.• Collectors:DefinesthebasicconceptofCollectorsandfullydescribesvariouscollectormethodsand

types,andproperconfigurationtoretrieveemailmessagesforarchiving.• Settings:Describesmethodsandstepsyoucantaketoconfiguresystemsettings.• Reporting:Describesvariousreportoptionsaboutsystem,user,andcollectoractivity.• ImportingData:Describesbulkimportoptions.• ExportingData:Describesbulkexportoptions.



7

SonianArchiveforE-MailDistributionModelSonian’sArchiveforE-MailprovidesyouwithsecureHTTPSaccesstoutilizethesystemfore-complianceandoffsite storage of emailmessage. Sonian Archive for E-Mail offers a secure,web-baseduser interface foradministratorstomanagethesystem.The distributionmodel is a Software as a Service (SaaS) solution. The idea of using softwareas a serviceemerged to enable the sharing of end-user licenses in a way that reduced cost and also shifted serverdemandsfromthecustomertothesoftwareprovider.

ArchiveServicedistributionmodel

ThismodelenablesSonian toprovidehostedapplicationservice(s)over the Internet to a licensedbaseofsubscribers. The Sonian Archive for E-Mail is provided on-demand and scales dynamically in an elasticcomputingenvironment.



8

Elasticcomputing orcloudcomputingThe elastic computing environment is commonly known as cloud computing. Cloud computing refers tocomputingwheresoftware,services,andstorageareprovidedtocustomerson-demandthroughtheInternet.Byleveragingcloudcomputingproviders,Sonianisabletoprovidescalablesolutionsthatgrowaccordingtothespecificneedsofourcustomers.

E-mailarchiveelasticcomputingenvironment

Thismulti-tieredapplicationexploitselasticcloudresources(webservers,storageindexesanddatabases,theEnterpriseServiceBus,RAIDarrays,andpermanentdatastorage)toprovideubiquitouseconomiesofscale.SonianArchiveforE-Mailbenefitsare:

• Scalability• Redundancy• Automatedprovisioning• Flexibility• Lowtotalcostofownership(TCO)

TheSonianArchiveforE-Mailarchitecturefeaturesamulti-tenantbackendandweb-basedfrontend.



9

II.NewAccountSetUpInthischapter:

• Soniantasks—creatingyournewaccountandAccountOwnerAdministrator• FirstemailnotificationoflogincredentialsandURL• Customertasks—Logginginandconfiguringtheaccount• Modifyingaccountsettings• Billinginformation(read-only)

Whenyourcompanyisreadytosetupyournewaccount,Sonianwillinitiatetheprocessbycreatingageneralaccountaswellasthefirstaccountuser,knownastheAccountOwnerAdministrator.Uponcompletion,thearchivesystemwillsendyoulogincredentialsaswellasyourloginURL.Thenyouwillfollowtheseriesofstepsdescribedinthischaptertocompleteyouraccountsetupprocess.This chapter, New Account Set Up, covers those aspects of getting started having to do with accountconfiguration.ReferalsotoAdministeringUserAccessandCollectorsforotheressentialsetuptasks.PhonetrainingavailablebyrequestSonianprovidesdocumentationandvideostohelpemailadministratorssetupthisarchiveservicequicklyandeasily.However,shouldquestionsarise,youarewelcometorequesta90-minutephonetrainingsessionfromSonian.Duringthephonecall,youwillgetabriefoverviewofeachtaboftheadministrationmodule,aswellastroubleshootingsupportrequiredtogetthecollectorsrunningproperly.

Soniantasks-creatingyournewaccountandAccountOwnerAdministratorSonian pre-sales and support staff will work with you to gather the information needed to create yourcustomeraccountandthefirstaccountuser,knownastheAccountOwnerAdministrator.InformationrequiredbySoniantocreateyournewaccountandAccountOwnerAdministratorTocompletethenewaccountsignupprocess,Sonianwillgatherthefollowinginformation:

1. AccountOwnerAdministratorinformationa. Usernameb. Passwordc. Firstandlastnamed. Emaile. Phonenumber



10

2. Accountsiteandnameinformationa. Sitenameb. Displaynamec. Accounttyped. Numberofuserse. Address

3. Emailsystemsinuse

a. Exchangeb. HostedExchange

Customertasks—Logging inandconfiguring theaccountNavigatetotheloginURLindicatedintheinitialemailnotification toaccesstheloginscreen.

Loginscreen

Entertheusernameandpasswordspecifiedbytheinitialemailnotification,thenclickLogin.NOTE:Forsecuritypurposes,youwillberequiredtochangetheAccountOwnerAdministratorpasswordthefirsttimeyoulogin.

AbouttheAccountOwnerAdministratorroleAt this stageof theprocess,youhaveaccess to theAccountOwnerAdministrator role.OnlyoneAccountOwnerAdministratorexistssystem-wideandistheonlyuserwhomayviewandmodifyaccountinformation.TheAccountOwnerAdministratorcanbereassigned,anditcannotbedeleted.NOTE:ToreassigntheAccountOwnerAdministratorrole,theremustbeatleastoneotheruserwithAccountAdministratorpermissionsinthesystem.FromtheAccounttab,selectauserfromtheAccountownerdrop-downlist.OnlythoseuserswithAccountAdministratorpermissionswilldisplayinthedrop-downlist.

TheessentialjoboftheAccountOwnerAdministratoristotakeresponsibilityfortheaccountlevelsettingsandconfigurations,aswellastocreateothersystemusersasneededwiththeirrespectiveuserpermissions.See,AdministeringUserAccess,formoreinformationaboutuserrolesandpermissions.



11

ModifyingaccountsettingsAfter logging in as Account Owner Administrator, click the Admin link to navigate to the AdministrationDashboard. Select the Account tab. (Note that only the Account Owner Administrator has access to theAccounttab.Nootheruserswillbeabletoseeit).TheAccountSetupAccountOwnerfielddisplaystheinitialAccountOwnerAdministratorinformationenteredbySonianduringthesetupprocessforyourarchiveservice.TheAccountOwnerAdministratorcanmodifythisinformationifdesired.YoucanselecttheAccountownerfielddrop-downboxtoreassigntheAccountOwnerto anotheruserwith administratorpermissionsafter additional user administratoraccount(s)are created.(SeeAdministeringUserAccess for informationonuserconfiguration.)ClickUpdateaccounttoapply youredits.TheAccountSetupSiteNamefielddisplaystheinitialsitenameenteredbySonianduringthesetupprocessforyourarchiveservice.TheSiteNamefieldcanbemodifiedbyenteringanewvalue.IfyoumodifytheSiteNamefieldandclickUpdateaccount,thearchivesystemappliesthechangeandimmediatelydisconnectsallactivesessions.ThisactionrequiresuserstologinagainandestablishanewSSLsessiontothenewlycreatedHTTPSURL.Furthermore,informallyourendusersofthenewAccountSiteURLifenduseraccessisenabled.EndusersmaywanttoupdatetheirbookmarksTheEmailsysteminuseoptionsallowselectionofemailsystemsforarchivalduringtheNewAccountSignUpprocess.Itispossibletomodifythisconfigurationbyselectingordeselectingtheavailableoptions.IfforsomereasonSonianhasnotalreadyenabledtheserviceonthebackend,thefollowingerrormessageappears:

Theconnectionwasrefusedbyafirewallortheserver.PleasecheckIP/DNS,portandfirewallrulesandtryagain.Verifythatyoursecuritysettingsarecorrect,contactSoniantoensurethatyouhaveidentifiedemailsystemsinusetobearchived,andthatSonianenablesthemonthebackend.ClickUpdateaccounttoapplyanyeditstotheAccountattributes.Setthetimezone forthearchive systemThenextaccountconfigurationtaskistoassignyourTimezonestipulatedinGreenwichMeanTime(GMT).FromtheSettingstab,selecttheappropriatetimezonefromtheTimezonedrop-downlist,thenclickUpdate.MyDomainsandOrganizationsThearchiveservicehasafacilityforyoutorecordthedomain(s)thatyouareperformingarchivingfor.Thepurposewillbetoprovidefuturereportingstatisticswithintheservice.Enablement of the feature is accomplished via sign-up of the archiving services, can be applied to theindividual account by the AO role user or for theOEM's andPartnersmanaging customers accounts viaanAPIcallifRESTAPIintegrationhasbeenaccomplished.



12

RegisteringyourdomainthroughyourArchivePortalTheACCOUNTtabisthelocationforthedomainregistration.Logontotheindividualarchiveaccount;navigatetoAdmin->Accounts.Scrolldownthepageuntilyoulocate'MyDomainsandOrganizations'.Enteryourdomain;selectthe'Add'toprovideadditionaldomains.Oncecomplete,pressthe'UpdateAccount'buttonatthebottomofthepage.



13

ConfiguringAccountSubscription,Options,andLogo

Accountsubscription,Options,andLogo

TheAccountSubscription,Options,andLogopageisdisplayedabove.AccountSubscriptiondisplayscustomeraccountsubscriptionattributes.AccountStatusandPayment,Extras,andOptionsattributesaremaintainedbySonianbasedonyoursubscriptionterms.ContactSoniantomodifyserviceifdesired.



14

SubscriptionstatusandPayment

Status:ThearchiveservicedisplayscustomeraccountstatusifenteredbySonianthroughthebackend;fieldoptionsareTrial,ExpiredTrial,PaidCustomer,andDemo.Customersince:Thearchiveservicedisplaysday/month/yeardatewhenacustomersubscribesifenteredbySonianthroughthebackend.Renewal date: The archive service displays day/month/year date when customer renews theirsubscriptionifenteredbySonianthroughthebackend.Payment Status: The archive service displays customer account payment status if entered by Sonianthrough the backend; field value options are: Expired Trial, Past due, Invoice sent, Paid in full, Trial,Demo.Organizationtype: Available selectionsare Commercial,Non-Profit, Education,andGovernment.Thisdatapointisforinformationalpurposesonly.Organizationusers: Enter the numberof organizationalusermailboxes archived.Thenumberofusermailboxesarchivedshouldmatchthenumberoflicensespurchased.Thisfieldisusedforreportbillingtoindicatetheupperlimityouwishtosetonyourusage.Thenumberyouenterforthisfieldshouldreflectthecapacitythatyouintendtouse.Itiscurrentlyreportedbutnotenforced.

Subscriptionextras

Historicalcollection:ThearchiveservicehasbeenenabledforthecollectionofhistoricalemailfromyourGroupWise environment. The system will allow historical collection of emails from your active postoffices.Datamigration:Theservice is enabledto import legacyemail fromamail systemor fromapreviousarchiveservice.ContactSonianformoredetails.GlobalRAID–Multiple copies: Thebase subscription to thearchive service includes storageateightphysicallyseparatedatacentersintheUnitedStates.GlobalRAIDaddsfouradditionaldatacentersforextraprotection.Enduseraccessenabled:Thearchiveservicedisplays'enduseraccessenabled'asYesorNo,assetbySonianthroughthebackend.YesmeansendusersmayaccesstheirpersonalarchivethroughMyArchive.Ifno,endusersmaynotaccessMyArchive.

OptionsSelectapplicablecheckboxestoenablethearchiveservicetointegratewiththirdpartyemailserversoftware,clientsoftware,andcompliancecapabilities,orprovideenduserswithHTTPSaccess.Optionsare:

EnableGroupWiseserverintegration:SelectthischeckboxtoenableGroupWiseintegrationwithyourGroupWiseserver. EnablePOP3integration:SelectthischeckboxtoenablePOP3integrationwithyourMicrosoftExchangeserver.

Heidi Fischer� 9/9/15 12:43 PMComment [1]: Whatarewesupportinggoingforward?IsLotusLivewhatwearestillingcallingit?



15

Enable SMTP integration: Select this checkbox to enable SMTP integration with your (MicrosoftExchange)mailserver.EnableNSFintegration:SelectthischeckboxtoenableLotusLiveintegrationwithyourLotusLiveserver.Enable Lotus On-Premise Collection: Select this checkbox to enable the Lotus Domino collectorconfigurationpage.EnablePhyscialMediaandS3Imports:Selectthischeckboxtobeabletogenerateimportsjobsfromtheadminsectioninthearchivesystem.

Enablecomplianceedition:Select thischeckbox toenableRandomsearch, searchalert,andallowtoexporttwicethestandardamountofdatainasingleexport. Enable end user access to the archive (required for LDAP authentication): Select this checkbox toenableenduserstoconnecttothearchiveservice. EnableOutlookClient integration:Select this checkbox to enable integrationwithMicrosoftOutlookClients.

Passwordexpiration:Enterthenumberofdaysafterwhichpasswordsexpire.Leavingitblankorsetat0meansthatyourpasswordwillneverexpires.Intrusionlock:Stipulatethenumberoffailedloginattemptsthattriggersanaccountlockout.Availableselectionsare:

• Off(disabled)• 3• 5(default)• 7• 10

Accountlockedfor:Stipulatetheamountoftimethatauseraccountwillbelockedifintrusionchecksfail:

• Indefinite(adminmustenable)• 15minutes• 30minutes• 60minutes

Anyuserrolecanpotentiallyget lockedout. IfanAccountOwnerAdministratorbecomeslockedout, theycan:1) Log inafter theconfigured account lockperiodhasexpired;2)Requestapasswordreset fromtheinitialloginpage;3)UnlocktheAccountOwnerAdministratorbygoingtotheUserstabandselectingtheeditlinknexttothelockedoutuser.

Usingyourcompany’slogoYoucanuploadyourcompany’slogobyclickingtheChooseFilebutton.ThelogomustbeeitherPNGorJPEGformatandbe200pixelswideor less.ThecompanylogodisplaysontheinitialHTTPSURLatlogon,ontheAdministrationAccountUI,andontheAdministration,Search,andMyArchiveDashboards.



16

Billing information (read-only)Theread-onlybillinginformationformiscollectedandenteredintothearchiveservicebySonianforyourreferenceonly.

Accountsetupbillinginformation



17

III.AdministrationDashboardInthischapter:

• AdministrationDashboardstatistics• CompanyLogo,RecentLogins,Workstream• Whatyoucandofromhere

In this chapteryouwill learnhowtouse theAdministrationDashboard.Theobjectivesare to identifyanddefinethefollowingDashboardattributes:

• Statistics• Logo• RecentLogins• Workstream

TheAdministrationDashboardisbasedonthesoftwareindustrystandardinwhichadashboarddisplayskeybusinessinformationthatcanbeviewedataglance.

ArchiveAdministrationdashboard

The Sonian Archive for E-Mail AdministrationDashboard facilitates the ability to view and quickly accesssummary Statistics, most recent People login(s), handy 'What you can do from here' hyperlinks, andworkstreamRSSfeeds.



18

AdministrationDashboardStatistics

Administrationdashboardstatistics

DashboardStatisticsdisplaysummarymetricsforallemailarchivalactivity,providingasnapshotofthelatesthistoricalsystemdatapoints,including:System-widedatapoints:

• Messageinarchive-thetotalnumberofarchivedmessages• Attachmentsinarchive–thetotalnumberofarchivedattachments• Approximatesize–GB,MBs,orKBsofmessagedatastored• Approximateindexsize–GBs,MBs,orKBsofindexedmetadatagenerated

Lastcollectiondatapoints:

• Messages–thetotalnumberofmessagesarchivedduringthelastcollection.• Approximatesize–GBs,MBs,KBsofindexeddataduringthelastcollection.• Approximateindexsize–GBs,MBs,KBsofindexedmetadatageneratedduringthelastcollection.

ThestatisticsalsoprovidesasnapshotofuserstatisticsforLDAP-enabledorganizations,including:

• Totalusers–ThetotalnumbersofLDAP-enabledusers• Mostrecentlogin–themostrecenttimeatwhichauserloggedintothearchiveviaLDAP.



19

Company,Logo,RecentLogins,Workstream

Administrationdashboard,Companylogo,Recentlogins,Workstream

TheabovefiguredisplaysthefollowingAdministrationDashboardcomponents:COMPANYLOGOappearsintheupperright-handcornerbydefault.Touploadyourlogo,clickon“Clicktouploadyourlogo”whichwillsendyoutotheaccounttab.Then,browsetolocate,thenupload.LogoimagesmaybePNGorJPGformatandmustbelessthan200pixelswide.RECENTLOGINSdisplaysthefirstandlastnamesofuserswhohaveloggedinsuccessfullyandthedurationsincetheirlastlogon.Clickausernametolinktothatuser'saccountsettings.

WORKSTREAMprovidesthreeconvenientlinkstoviewanRSSfeedofsystemactivityorevents,andonelinkpostsmessagesfromSonian.Subscribetothewebpageasa feedusingRSSLiveBookmarks,Bloglines,MyYahoo,Google,orotherapplications.

• Status and events - displays account sign up, user account locks, bad password logon attempts,searchaccess,collectionevents,searchevents,andmore.

• Accountmessages-displaysmessagescreatedbySonianforyouatyourloginscreenordashboard.• Collections-collectionIDdatestamp,size,andlinktoCollectionHistorypage.

NOTE:IfyouareviewingtheSearchDashboardratherthantheAdministrationDashboard,youwillnotseetheCollectionslinkunderWORKSTREAM.However,allthreelinkswilldisplayifyouareviewingtheAdministrationDashboard.ThisselectionismadefromtheSettings>YourSettings>General>Defaultpagedrop-downmenu.



20

Selecting thedefaultpage fromthesettings drop-downmenu



21

Whatyoucandofromhere

Administrationdashboard:Whatyoucandofromhere

Theabovefiguredisplaysthe'Whatyoucandofromhere'navigationpanethatprovideshyperlinkstothefollowing:

• Viewquickinstructionalvideosonhowtoadministeryouraccount• Manageyouraccount• Manageyourusers• Manageyourdatacollectors• Yourcommentshelpusgreatly.Pleasegiveusfeedback.



22

IV.AdministeringUserAccessInthischapter:

• Userstab• Creatinguseraccounts• Enablingenduseraccesstothearchive• Requestinganewtemporarypassword• Modifyinguseraccounts

In this chapter you will learn how to manage user access to your archive service. The objectives of thischapterare:

• Identifyuserattributes• Defineuserpermissions• Describecreationandmanagementofusers

TheUserstabprovidesadministratorswiththeabilitytocreate,manage,andviewuseraccountpermissionsandattributes.

Userstab

Userstab

LoginasAdministrator.SelecttheAdminlink,thentheUserstabtodisplaytheUserspage.Filteringtheuserslistdisplay

Filteruserslistdisplay



23

YoumayfiltertheuserlistbyaccounttypebyclickingAll,Admins,Searchers,orEndUserslinks,orenterusernamein'FilterUsername'field.

• Administrator accountsmay configure and audit the system, users, and collectors, view statistics,andcreateandexportreports.

• SearchersareEndUseraccountsthatincludeatleastonesearchcapability.• Forexample,ifyourarchiveserviceaccountchosethe‘enableenduseraccesstothearchive’option,

yourendusershave the low-levelability tosearch theirownmessagearchives.TheSearchAdminPlusaccountshavemoreabilities;theycancreate,edit,run,anddeletesearches.Theycanalsorunreports.

• Ifyouchosethe‘enableenduseraccesstothearchive’option,EndUseraccountsmayaccesstheirpersonalmessagearchive.Thereisnolimittothetotalnumberofusersthatcanbecreated.

Creating useraccountsThearchiveservicefeaturesthreemethodstocreateEndUseraccounts:

• Methodone:addusers• Methodtwo:creatingusersinbulk• Methodthree:newuserself-registration

Addusers



24

Methodone:addusersClickAdd User todisplaytheNewUserpage.

1. Username:TypeintheusernamelabelthattheEndUserwillusetologin.TheUsernamemustbeuniquetoyourarchiveserviceaccount.

2. Firstandlastname:Typeinuser'sfirstandlastname.3. Email: Type in user's email address. The primary email address must be unique to your archive

serviceaccount.4. Email(confirm):Typeinuser'sprimaryemailaddressagaintoconfirm.5. Temp. password: Type in a temporary password. By default, the password must be at least 8

alphanumericcharacterswithaminimumofthreenumbers.Uponfirstlogin,thearchiveservicewillprompttheEndUsertostipulateanewpasswordfortheiraccount.

Additionalemailaddresses

6. Addemailaddresses:ClicktheAddemailaddress linktoassociateadditionalemailaddresseswiththisuser’saccount.Thearchiveservicesendsanemailnotificationtotheemailaddresswithalinktorespondandverifynewaddress.Remove linkappearstoremoveanadditionalemailaddressonceentered.

EndUserscanalsoassociateadditionalemailaddressestotheirpersonalaccountsviatheirSETTINGS.Yourarchiveservicewillcompareemailaddressesenteredagainstyourpoliciesandsettings.Permissions(Selectcheckboxtoassignpermissions)

Account Owner (AO) - As stated previously, the Account Owner Administrator (AO) is a singularlyuniqueaccountadministratorrolecreatedduringNEWACCOUNTSIGNUP.Thearchiveserviceassignsmaximum permissions to the Account Owner. An Account Owner may create, edit and delete useraccounts, edit account attributes, and modify all system settings. There may be only one AccountOwnersystem-wide.ToreassigntheAccountOwnerrole,navigateto theAdministrationAccount tabandtoggletheAccountOwnerdropdownboxtoassignAccountOwnerstatustoanotheradministrator.

NOTE: AccountOwnerpermissioncannotbeawardedto anewuserwhile creatingtheuser.TheAccountOwnercanonlybechangedfromtheAdministrationAccounttaboncetheuserhasalreadybeencreated.

Account Administrator (AA) - Account Administrator permissions allow the ability administer yourarchive service system. Account Administrators may create and edit user accounts and systemcollectors,modifysystemsettings,andexecutereports.SearchAdmin Plus (SAPlus) - Search Administrator Plus permissions include SearchUser and SearchAdministratorspermissionsplusabilitytoaccessthearchivereports,andretention-policysettings.Search Administrator (SA) - Search Administratormay create,manage and execute searches; assignuseraccesstoagivensearch,andexportsearchresults.



25

Search User (SU) - Search User permissions allow 'access', 'change scope' and 'export' of existingsearchesasassignedbytheSearchAdministratortotheSearchUserforagivensearch.ItisasupportroletotheSearchAdministrator.SearchUsercannotcreateordeleteasearch.

EndUser(EU)-EndUserpermissionsallowindividualstoaccesstheirpersonalarchiveddata.

Additionalcontactinformation andaccountoptions

Addnewuser-Additionalattributes

Thefigureabovedisplaysadditional,optionaluseraccountattributesasfollows:

1. Organizationfieldisalabelofyourchoosingtoqualifyaccount,forexample,EASTorWEST.

2. Phonefieldisforaphonenumber.

3. Faxfieldisforafaxnumber.

4. ExpireDatefieldstipulatesexpiryvalueinthedatabaseforthisaccountandarchiveservicedeniesloginaccessonorafterthatdate.Clickcalendarapplettosetdate.ClickCleartocleardate.Youusethis setting to provide temporary access to users, for example, a sales engineer that periodicallyreviewssystemconfigurationduringfirst60daysofsubscription;orlegalcomplianceconsultantthatcreatesexecutesandexportssearchresults.



26

5. Accountdisabled,whenchecked,disablesenduseraccesstotheiraccount.

6. IntrusionDetectionisenabledbydefault.TheAccountOwnersetsan'IntrusionLock'valueforyourarchiveserviceontheAdministrationAccounttab.IntrusionLockvaluesarenone,3,5(default),7,and10. Logonattempts thatexceed 'Intrusion Lock' value lock theuser's accountand thearchiveserviceloginpagedisplays'YourAccounthasbeenlocked.’

7. AccountLocked,Accountislockedwhenchecked;accountisnotlockedwhenunchecked.Deselect

thischeckboxtoclearauser'slockedaccount.

8. Disablepasswordrecovery,whenchecked,preventsauserfromrequestingapasswordresetfromthelogonscreenthroughemail.

9. Disable Outlook Integration uniquely disables Outlook integration for this user account even if

enabledsystem-wide.Forexample,youmaywishtodeployOutlookintegrationtoasubsetofusersduringanincrementalrollout.

Welcomemessage

Welcomemessage

ThelastportionoftheNewUserpageisforawelcomemessage.Thewelcomemessageisoptional.Thereisaconfigurabledefaultmessagethatcomespre-populatedintheDefaultmessagetextarea.Additionally,using theCustomtext field,you canenteramessage tailored for newuserswithanyspecialmessageorcommunicationthatyouwanttoprovidetothem.Topreventthewelcomemessagefrombeingsent,selectthecheckboxforDonotsendwelcomemessage.



27

Methodtwo:creatingusersinbulkLoginasAdministrator,selectAdminlink,andUserstabtodisplayarchiveserviceUserspageandclickBulkCreateEndUsers.

Userstab

Createusersinbulk

Togeneratemultipleenduseraccountsinbulk,clickthe'DownloadCSVfiletemplate'.NotetheCreateUsersinBulkUIdisplaysasampleheaderformatandtwouserentries.Aflat,comma-delimitedfiletocreateusersin bulk is a common, industry-standard tool. Enter each user’s field values for your archive service.Instructionsonhowtofilloutthetemplateareincludedinthedownload,too.



28

Method three:newuserself-registrationThearchiveservicefeaturesthreemethodstocreateenduseraccounts.Thefirst two,'AddNewUser'and'CreateUsersinBulk'arepreviouslydescribedearlierinthischapter.ThethirdoptiontocreatenewEndUseraccountsit toallowuserstoself-registerandgainaccessto theirpersonalarchiveaccount.Forsecuritypurposes,configureyourarchiveserviceSettings-EndUserAccessRulestoexplicitlyallowonlyyourcorporateSMTPaliasestocreateenduseraccounts.SeetheSettingschapterformoreinformation.

Newuserself-registration

Bydefaultthearchiveserviceprovidesaself-registrationHTTPSURLintheformatof:

https://<instancename>.Sonianarchive.com/user/signup/new.UsersenteraUsername,firstand lastname,emailandemailconfirmationto self-registerandclickCreatenewuseraccount.Aspreviouslydescribed,usernameandemailaliasmustbeuniquesystem-wide.Iftheenduser enters a duplicate username or email address the archive service UI displays the appropriate errormessage.

Yournewaccounthasbeencreated

Afteranenduserself-registerssuccessfully,thearchiveserviceimmediatelyacknowledgesaccountcreation.Also,aconfirmationemailissenttothestipulatedemailaliaswithanHTTPSURLenclosed.TheEndUsermustsuccessfullynavigatetotheHTTPSURLtoactivatetheirnewlyregisteredaccount.



29

EnablingenduseraccesstothearchiveIfyouarecreatingenduseraccountsoneatatimeorinbulk,ensureenduseraccesstoyourarchiveserviceisenabled.

Enableenduseraccess

First, configureyour archive service to enableend user access to your system. Log on as Account OwnerAdministratorandnavigatetoAdministratorACCOUNTOPTIONSpage.IfyousubscribedwithSonianforenduseraccess'Enduseraccessenabled'attributedisplaysYes.If 'Enduseraccessenable'displaysNo,contactSoniantoaddthisfeature.Then,selectyourAccountOptions'Enableenduseraccesstothearchive(requiredforLDAPauthentication)'checkboxtopermitenduseraccess.Itisdisabledbydefault.



30

RequestinganewtemporarypasswordThe archive service provides an HTTPS URL, in the format ofhttps://<instancename>.Sonianarchive.com/reset/new, for administrators to offer to users who cannotremembertheirpassword.

Requestanewtemporarypassword

UsersnavigatetotheResetmypasswordpage,andentertheirarchiveserviceemailaddress.Thearchiveservicesendsanemailmessagewiththeuser'sexistingpasswordstating:

Hello <username>, The system administrator has updated your account. Your user name is <username>. Your new temporary password is <existing_password>. Please change your password on your next login. Your login location is https://subdomain.archiveserviceprovider.com>

UsersfollowinstructionsandnavigatetotheirarchiveservicedefaultHTTPSURLandloginwiththeirexistingpasswordandareimmediatelypromptedtochangetheirpassword.

ModifyinguseraccountsTheAccountOwner(AO)andAccountAdministrator(AA)havetheability,atanypointintime,tomodifythearchiveusers’accounts.Pleaserefertothe“Creatingusersaccounts-Methodone:addusers”sectiontoeditanyofthebasicinformationrelatedtoanarchiveuser’saccount.

AddanemailaddressYoucanprovideanadditionalemailaddressforyourarchiveusers.Byaddinganemailaddressintheblankfield,youimplythatyouwantmessages(andtheirassociatedattachments)fromtheaddedemailaddresstobecollectedandarchived.TheywillbeavailablefromtheE-Discoveryinterfaceaswellasintheenduser'spersonalMyArchive(ifenabled).

1. Register an additional valid email address associated to a user'smailbox by adding the completeaddressandclickingthebutton"Addemailaddress",asillustratedbelow.



31

2. Thearchivewill verify theemail address against a control list and thearchiveuserwill receiveanemailtothataddressrequiringfurtherverification.Theuserwillhavetofollowtheinstructionsonthatemailandclicktheuniquelinktoactivatearchivingforthatemailaddress.

EditUser-Addinganemailaddress

Editing/deletinganemailaddress

1. Youcanedit registeredemailaddresses forarchiveusers.Editanemailaddressbyclickingon the"Edit"buttonnexttothedesiredemailaddress.Whenyouaredoneeditingtheemailaddress,clickonthe"Save"buttontoconfirmthemodificationyou'vemade.

AnemailconfirmationwillbesenttotheAccountAdministrator(AA)forverificationandapproval.Theemailaddresswill be verified against a control list and the userwill receive an email to that address requiringfurtherverification.Theuserwillhaveto followthe instructionsonthatemailandclick theunique link toactivatearchivingforthataddress.

2. Youcandeletearegisteredemailaddressforarchiveusers.Deleteanemailaddressbyclickingonthe"Delete"buttonnexttothedesiredemailaddress.Apopupwindowwillpromptyoutoconfirmyouraction.Clickon"OK"tovalidateyouractionanddeletetheemailaddress.

EditUser-Edit/deleteanemailaddress



32

V.CollectorsInthischapter:

• Non-mailitemsarchivedconditionally• Draftanddeleteditems• MicrosoftExchangeenvelopejournaling• Workingwithcollectors• AddingPOP3JournalMailboxCollector—ExchangeJournal• AddingSMTPcollectorandtrustednetwork—ExchangeSMTP• SMTPandencryptionasabestpractice• POP3securitywithSSLasabestpractice

Thischapterhasthefollowingobjectives:

• TodescribethebasicconceptofCollectors.• ToidentifyanddefineCollectorsweb-basedUserInterfaceattributes.• TodescribeallCollectortypesandconfigurationoptions.

Collectorsgatheryourdataforarchivestorage.ThebasicconceptofCollectorsis tocollectemailmessagesandattachmentsfromyourMicrosoftExchangeemailsystemsforarchiving.Todeterminethestepsnecessarytosetupyourarchiveservicecollectors,considerthesetwoquestions:

1. Whereismyemailsystemlocated,customerpremiseequipment(CPE)orhosted?2. WhattypeoftransportmechanismdoIwanttousetoarchivemail,POP3orSMTP?

EmailArchiveSaaSandConnectorsDiagram

Thefigureaboveillustratesthreescenariosthatanswerthetwoquestionsposed.ItshowsSonianArchiveforE-Mailcloudwithredundant,loadbalancedarchivesystemsandconnectorstothefollowingmailsystems:

1. SMTPhostedMicrosoftExchangeEnvelopeJournaledmailbox2. SMTPcustomerpremiseequipment(CPE)MicrosoftExchangeEnvelopeJournaledmailbox3. POP3CPEMicrosoftExchangeEnvelopeJournaledmailbox



33

Conceptofcollectorspushandpullmethodologies

The figureabove illustratestwocollectormethodspossibleforretrievingemail,POP3orPull,andSMTPorPush. The solid line shows the direction of the initial collector connection established to retrieve emailmessagesandthedottedlineshowsthedirectionoftheretrievalofarchivedmessagesbythecustomerfromthearchivecloud.PullmethodThearchiveserviceisconfiguredwithaPostOfficeProtocol3(POP3)Collectorthatinitiatesaconnection,atmidnightGMTbydefault,tothesourceemailserverandpullsallmessagesfromtheconfiguredfolderstothearchivesystem.ThetimingoftheconnectiontothesourceemailservercanbechangedbySonianSupporttomeet your requirements. This pull method utilizes POP3 IETF standard specifications and is used by thearchiveserviceforallplatform-specificcollectors,exceptSMTP.PushmethodThesourceemailsystemisconfiguredtopushenvelopejournaledemailmessages toauniqueSimpleMailTransferProtocol(SMTP)addressonthearchivesystem.Thetimetoinitiatetheconnectionisconfiguredonthesourceemailsystem.ThispushmethodutilizesSMTPIETFstandardsandisusedbythearchiveserviceforallSMTPCollectors.SMTPcollectorscaningestandarchivemessagesupto75MBbydefault.



34

Non-mailitemsarchivedconditionallyNon-mail items, such as tasks and calendar items, do not get collected if there is only a single personinvolved.Whennon-mail itemsarecreated,thearchive servicecollectordoesnotarchivethem if it isnotbetweentwoormorepeople.Specifically,ifacalendaritemisrelevanttoonlyoneperson,itisnotarchived.Ifnon-mailitemsinvolvemultipleparties,thentheyarearchived.

DraftanddeleteditemsDraftanddeleteditemsarenotexplicitlycollectedevenwhenyoumayhaveselectedthoseoptionsinthearchiveservice.BydefaultthejournalmailboxisequippedwithaDraftandDeletedItemsfolder.However,throughnormaladministrationofajournalmailbox,nojournalitemsshouldbeplacedintheDraftandDeletedItemsfolder.POP3ProtocolasitrelatestodraftanddeleteditemsBecauseofPOP3’sprotocol,ifyoudeleteaniteminyourInboxbyselectingitandpressingtheDeletebutton,orbyright-clickingitandselectingDelete,itisnowintheDeletedItemsfolderanditismarkedfordeletion.Whereas if you drag an email from your Inbox into the Deleted Items folder, the email is not actually“marked”fordeletionasfarasPOP3isconcerned.IfyoudragadraftitemfromyourInboxintotheDraftfolder,thearchiveservicewouldcollectandarchivethat. A work in progress email that has not been sent is in a work in progress status and would not becollected.Itemswith a deleted status that are in the Deleted Items folder, or itemswith a draft statuswill not becollected.Bydefault,thearchiveservicedisplaysthefoldersforCalendar,DeletedItems,Inbox,Drafts,andSentItems.CPE(customerpremiseequipment)MicrosoftExchangePOP3exampleOneorganization’suniqueandsecurevirtualstackisconfiguredwithaPOP3CollectorthatcollectsmailtobearchivedfromtheMicrosoftExchangeserverlocatedonsiteattheorganization.MicrosoftExchangeSMTPexampleAsecondorganization'suniqueandsecurevirtualstackisconfiguredwithanSMTPCollectorthatcollectsmailtobearchivedfromtheorganization'shostedSMTPserver,co-locatedintheorganization’sSonianArchiveforE-Mailcloud.



35

Microsoft ExchangeenvelopejournalingMicrosoft Exchange 2010/2013/Exchange Online (Office 365)utilizes Envelope Journaling. The concept ofEnvelopeJournalingistoprovideacompanyororganizationwithamethodtoenforcepoliciestocomplywithregulationsregardingemailcommunication.Ajournalingagentmonitorsemailtrafficforagiveninformationstoremailboxandallemailmessagesarecopiedtoanenvelopejournaledmailbox.TheenvelopejournaledmailboxisconfiguredtoconnecttothearchiveservicethroughSMTPforarchivingandtherebycapturesanduploads all email communication for forensic analysis if required, or any search function, through SonianArchiveforE-Mail.

MicrosoftalsooffersanoptioncalledMicrosoftExchangePremiumjournaling.WithPremiumjournaling,itispossible to perform more granular journaling with journal rules. This option allows an organization toconfigure journalingto capture individualrecipientsormembersofdistributiongroups.Refer toMicrosoftExchangedocumentationformoreinformationaboutthisoption.

Please refer to the selected linksbelowfromtheMicrosoftTechNetExchange ServerTechCenterformoreinformationonhowtoconfigureExchangeEnvelopeJournalingandSMTP.NOTE:

• WhenSMTPjournalingisused,thearchivedoesnotmaintainfolderinformationforarchivedemails.• SMTPjournalingwillcollect,ingest,andarchiveemailsupto75MBinsizebydefault

JournalingandMicrosoftExchangeServer2010SP2,MicrosoftExchangeServerSP3

Understandingjournalinghttps://technet.microsoft.com/en-us/library/aa998649(v=exchg.141).aspxCreateandconfigureaJournalingMailboxhttp://technet.microsoft.com/en-us/library/bb124985.aspxUnderstandingjournalinginamixedExchange2003andExchange2010environmenthttp://technet.microsoft.com/en-us/library/aa997918.aspx

JournalingandMicrosoftExchangeServer2013

Journalinghttp://technet.microsoft.com/en-us/library/aa998649.aspxManagejournalinghttps://technet.microsoft.com/en-us/library/jj651670(v=exchg.150).aspx

JournalingandMicrosoftExchangeOnline(Office365)

Journalinghttps://technet.microsoft.com/en-us/library/jj898487(v=exchg.150).aspxManagejournalinghttps://technet.microsoft.com/en-us/library/jj651670(v=exchg.150).aspxConfigureJournalinginExchangeOnlinehttps://technet.microsoft.com/en-us/library/dn781273(v=exchg.150).aspx



36

WorkingwithcollectorsAccountownerandaccountadministrator rolesThe only two user roles that have permissions to configure Collectors are Account Owner and AccountAdministrator. Users with one of these roles can configure Collectors through the archive serviceAdministratorCollectorsUI.

DefaultAdministrationcollectorsUI

ThefigureabovedisplaystheSonianArchiveforE-MaildefaultCollectorsHTTPSUserInterface.ThedefaultCollectorsHTTPSUserInterfacelistsallpreviouslyconfiguredAvailableCollectors.Toquicklyviewagivenmailbox,enterthemailboxnameintheMailboxnamefieldtodynamicallyfiltertherecordsetbeingdisplayed.Toeditagivenmailbox,clickitsassociatedEditlinktoitsright.Tocreateanewcollectorwithitsassociatedconfigurations,clicktheappropriatebutton.Theproperstepstoconfigureeachcollectortypeareexplicitlydelineatedlaterinthischapter.

• AddPOP3JournalMailboxCollector-ExchangeJournal• AddSMTPCollector

Toviewthecollectionhistoryofallcollectors,clickCollectionHistorytodisplayeachcollection'sCollectorID,thenumberofitemsarchives,andtheKBsorMBsofdatacollected.Tomanuallyinitiateacollection,clickCollectNow.Amessagedisplaysat the topof thepagestating 'Yourrequest is queued for processing' by the archive service. The requested collection process initiates inapproximatelyonehourtocollectandingestemailmessagesintoyourarchive.



37

Accountoptions

ItisimportanttoverifythatyourAccountOPTIONSareconfiguredtoallowthearchiveservicetointeroperatewith theappropriateemailsystemand collectortype. If thearchiveservice isnotenabledto interoperatewith a given email system or collector type the associated GUI button to click does not appear on theCollectorsUI.



38

AddingPOP3MailboxCollector—ExchangeJournal

AddJournalMailboxcollector—ExchangeJournal

NavigatetothearchiveserviceAdministrationCollectorstabandclickAddPOP3JournalMailboxcollector.TheAddExchangeJournalorStandardJournalpagedisplays.ToaddaPOP3(Exchange)CollectorforMicrosoftExchangemailservers,followthesesteps:

1. PopulateServerNamefieldwithuniquelabelforthismailsystem.2. ToggleIntervaldropdownboxandchooseNightly,Weekly,orMonthly.3. PopulateIP/DNSfieldwithpublicIPaddressorfullyqualifieddomainname(FQDN).4. PopulatePortfieldwithportnumbertoestablishaPOP3sessionfromthearchiveservicetothemail

system.IETFPOP3well-knownportnumbersare110and995;verifyandenterportusedonthemailsystem.

5. SelectUseSSLcheckboxifthemailserverisconfiguredforSSL.6. ToggleAuthenticationMethoddropdownboxandselectMD5ifenabledonthemailsystem.Default

valueisNone.7. PopulateUsernamefieldwithmailboxaccountusernameusedtoauthorizearchiveserviceaccess.



39

8. Populate Password field with mailbox account username's password to authorize archive serviceaccess.

9. ToggleMaxmessagesizeandselectoneofthesevalues:5MB,10MB,20MB,30MB,40MBs,50MBsor75MBs.

10. (Optional)CheckOptionsInactivecheckboxtotest,abestpractice.Deselectwhenyouarereadytomovefromstagingtoproduction.

11. ClickTestConfiga. Ifparametersarecorrectacongratulationsmessageisdisplayed.ClickAddCollectortoadd

thenewPOP3Collector.ThenewExchangePOP3CollectoristhendisplayedintheAvailableCollectorsUI.

b. Ifparametersareincorrectanerrormessageisdisplayedwithpossiblesolutions.

GoogleAppsandSSLconnectionrequirementWhileconfiguringPOP3onaGoogleAppsinstance,TestConfigissuccessfulonlywhentheportisspecifiedas995andtheSSLcheckboxischecked.GoogleAppsonlyallowsSSLconnections.

AddPOP3JournalMailboxcollectorandavailablecollectorsUIforExchangeJournal

Thefigureabovedisplaysanexampleofan'AddPOP3JournalMailboxCollector’UI.ThefigurebelowshowsanexampleofanewExchangecollectortypedisplayedinAvailableCollectorsUIaftersuccessfullyaddinganExchangePOP3Collector.



40

AnewPOP3Exchangecollectortypedisplayed

AddingSMTPcollector andtrustednetwork—ExchangeSMTPMakesureyouareloggedinasAccountOwnerAdministrator,thennavigatetoAdministration-ACCOUNT-OPTIONS.

Accountoptions-EnableSMTPintegration

AccountOptionsEnableSMTPintegrationisenabledbydefault.TodisableSMTPcollections,logontoarchiveserviceAdministrationAccountUIanddeselecttheEnableSMTPIntegrationcheckbox.ClickUpdateaccountatthebottomofthepagetoconfirmmodification.ThearchiveservicequeuesandprocessestheSMTPintegrationrequestandautomaticallygeneratesauniquemailboxnamehash.ThemailboxSMTPaddressisthendisplayedontheCollectorsUI.ThemailboxSMTPaliasis the address used to configure Microsoft Exchange Envelope Journaling as the recipient of forwardedmessagesfromExchangeenvelopejournaledmailboxtothearchiveserviceCollectormailboxviaSMTP.WhenSMTPCollectionisenabledforthefirsttime,thefollowingmessageappearsatthetopoftheAccountpage: 'SMTPCollectionisenabledbutyouhavenotaddedanySMTPTrustedNetworks.TheArchivewillnotreceiveSMTPdatauntilyoudefineyourSMTPTrustedNetwork.'



41

ConfigureSMTPcollector

1. Click Configure SMTP collector button to begin setup of the archive service to establish SMTPsessionsbetweenthearchiveservicenetworkandorganization'semailservernetwork.

Addtrustednetwork-SMTP

2. ClickAddTrustedNetwork.

NewtrustednetworkIPrange

IntheNEWTRUSTEDNETWORKUIIPRangefieldentertheuniquepublicIPaddressofyourmailsystem,orIPsubnetwork address of the segment where your email system resides, in standard Classless InterdomainRouting(CIDR)IPv4format,e.g.dotteddecimaladdress/#ofsubnetmaskedbits.ClickCreate.



42

SMTPtrustednetworks

TheabovefigureshowstheSMTPTRUSTEDNETWORKUIthatnowdisplaysthenewtrustednetworkyoujustadded(andanyotherpreviouslyconfiguredSMTPtrustednetworks).NOTE:SMTPcollectionwillcollect,index,andarchiveemailsupto75MBinsizebydefault.

SMTPandencryptionasabestpracticeSonian Archive for E-Mail supports secure SMTPover TLS using STARTTLS.While this is not required, it isrecommendedasabestpractice,andit isavailableforthosewhowishtotakeadvantageoftheadditionalsecurity.By configuring your SMTPsending serverwitha preferenceto SMTP/TLSwhendelivering journalemail,theTCPsessionwillbeencrypted.

POP3securitywithSSLasabestpracticeWheneverpossible,itisrecommendedasabestpracticetouseSSLtoencrypttheconnectionbetweenthearchiveandyouremailserver.IfSSLencryptionisnotpossible,pleaseconsiderusingSMTPinsteadofPOP3.Use SSL certificatescreatedby reputable certificateof authorities (CA) to ensure thebestpossiblesecureconnection.Trytoavoidself-signedcertificatessincetheymaynotpassteststoverifythetrueowner.YoucancreateyourownfirewallrulestoacceptonlyinboundPOP3connectionsfromthearchive'spublishedIPaddressranges.YoucanalsouseNATandportredirectiontoobscureyourpublicPOP3port(110or995)toarandomhighnumber.



43

AddingSecurePOP3CollectorSecure POP3 journaling is making journaled messages available in a POP3 mailbox that is accessible toSonian'sarchivingprocess.ThePOP3mailboxwillbecheckeddailybySonian’sarchivingprocessformailtoarchive,oncethemailissecurelyarchiveditwillbedeletedfromthePOP3mailbox.SecurePOP3canbeusedtofetchemailwithanyemailplatformsupportingthatprotocol.ThemailsystemwillneedtosupportsometypeofjournalingfunctionalityorthesystemwouldneedtobeconfiguredtoBCCcopiestoamailbox.

WhyuseSecurePOP3Journaling?By configuring SecurePOP3 Journaling, all emails areextracted from the Journalmailboxonyour internalemail server to Sonian. Once Sonian has downloaded all the emails from the Secure POP3 server anduploadedittothearchive,emailswillbeautomaticallydeletedfromtheSecurePOP3serverandSonianwillclosetheconnectiontotheserver.

HowdoIconfigureSecurePOP3JournalingwithExchange?To configure Secure POP3 Journaling, there are multiple configuration steps, which are required in yourExchangeenvironment,aswellasotherchanges,whichneedtobemadetoyourSonianarchivingaccount.Itisimportanttofollowthestepstoensurethatallapplicableemailsarejournaled.Note: To implement Secure POP3S, a valid SSL certificate (public, or in certain instances a self-signedcertificate)isrequired.Sonianstronglyrecommendstheuseofpublictrustedcertificates.BeforeenablingJournalingonyourExchangeserverensurethefollowinghavebeencompleted:

1. CreateanewDedicatedJournalMailboxwithinActiveDirectory.(e.g.SonianJournal)

Note:Ensurethepasswordsettingsareconfiguredtonotexpire,theusercannotchangethepasswordandtheaccountwillnotlockout.

2. SettheMicrosoftExchangeSecurePOP3servicetostartautomatically,starttheservice.

3. Configureyourcompany’snetworkfirewalltoallowport995(encrypted)communicationstotheExchangeservercontainingthejournalmailboxfromthearchiveserviceIPaddress.

4. ConfigureExchangeJournaling:

Exchange2010-ConfigureAuthenticationforSecurePOP3http://technet.microsoft.com/en-us/library/bb124498(v=exchg.141).aspxExchange2013–EnablePOP3inExchange2013https://technet.microsoft.com/en-us/library/bb124934(v=exchg.150).aspxExchangeOnline(Office365)–POP3andIMAP4https://technet.microsoft.com/en-us/library/dn551174(v=exchg.150).aspx



44

ConfigureSecurePOP3CollectorintheHostedArchiveServiceTosetuptheSecurePOP3collectorintheArchiveuserinterface,followthesesteps:

1. LoginintoyourArchiveaccountastheAccountAdministrator.

2. SelectCollectorspage.

3. ClickonAddPOP3JournalMailboxCollector(note:ifyoudonotseetheCollectorstab,besureyouareloggedinwithanaccountthathasAdministratorcredentials).

4. Followthestepsdescribedinthescreenshotsbelow.

AddJournalMailboxCollector–POP3



45

Toverifythatyourcollectorhasbeensetupproperly,youcanusethePerformPOP3TestCollectionbutton.The featureperformsaSecurePOP3collection,whichwill collect200messagesbutDOESNOTdelete theemailsfromthemailserver.ThisfeaturecanbeusedevenifthecollectorissettoINACTIVE.

ConfigurePOP3Collector–TestCollection

Note:Once successfully configured, theCollectionHistorycounts (buttonunderCollectors tab)will reflectmailcollectedviaSecurePOP3collection,aswellastheDashboardstatisticsunderthe“DataCollectedSinceYYYY-MM-DD”field.

CollectionHistoryCollectionhistoryallowstheadministrator(AOorAA)torunreportsontheemailcollectionactivity.Severaloptionsareavailabletotweakthecollectionreport.Theadministratorcandefine

1. LoginasanAccountAdministratororAccountOwner

2. GototheCollectorspageandclickontheCollectorHistorybutton.

3. SelecttheIntervalandchoosefrom:a. Days (theonly rangesallowedwith ‘Days’areLastWeek,ThisWeek,LastMonth,andThis

Month).b. Weeks.c. Monthsd. Years.

4. SelectthedateRangeandchoosefrom:

e. LastWeek.f. ThisWeek.g. LastMonth.h. ThisMonth.i. LastQuarter.



46

j. ThisQuarterk. LastYear.l. ThisYear.m. Custom(specifyacustomdaterange).

5. Oncethecriteria for thecollectionreport,hitRefresh toseethecollectionactivitydatarelatedto

thespecifieddaterangeandinterval.Theadministratorwillbepresentedwith:a. TheIntervalStart:dateatwhichthespecifiedintervalstarts.b. TheCount:Numberofmessagescollectedperinterval.c. TheSize:averagesizeinKBforthenumberofmessagescollectedperinterval.

Collectors-CollectionHistory



47

ConfiguringyourLotusDominoOn-PremiseCollectorforWindowsNOTE:beforeenablingyourLotusDominoOn-Premisecollection,makesurethatyourarchivingprovider’ssupportteamhasenabledtheserviceforyourarchivingaccount.

1. EnableLotusOn-PremiseCollectiona. AstheCustomerAccountAdministrator,opentheAdminpageb. SelecttheAccounttab.c. UnderOPTIONS,select‘EnableLotusOn-PremiseCollection’d. ClickUpdateaccount.

2. CreatetheCollector

a. AstheCustomerAccountAdministratorinthearchiveaccount,b. SelecttheCollectorstab.c. Clickthebutton‘ConfigureLotusOn-PremCollector’

d. Entera‘CustomerFriendlyName’(freeform)e. DoNOTselectthecheckboxfor‘AutomaticallyUpgradeAgentSoftware’.f. Select‘TargetOperatingSystem’=Windows64-bitg. Enteralocationforthe‘LocationofJournaledNSFs’:C:\sa-agent\archiveh. Click‘AddCollector’



48

NOTE:The‘LocationofJournaledNSFs:’mustbeuniqueforeachLotusOnPremCollectorthecustomermayhaveactiveatanytime.EachDominoservermayneedtorunitsownCollectordependingonhowDominoroutingand journalingareconfigured.CustomerswithmultipleDominoservers in theirdomainmayneedmultipleCollectors,each locationmustbeunique.Thiswarning isprimarily toaddresstheuseofNetworkAttachedStoragedevices.

3. Verifycustomer’sDominoJournalsettingsa. LogintotheDominoAdministratorb. SelectConfigurationtab-Server-Configurations,selectyourDominoServerdocumentc. SelecttheRouter/SMTPtabd. OntheRouter/SMTP-Advanced-Journalingtabe. VerifyJournaling=Enabled

4. VerifytheMailRulesa. SelecttheRouter/SMTPtabb. SelectRestrictionsandControlsc. SelecttheRulestabd. VerifyMailRulescreatedwillresultinmailmessagesbeingjournaled.

NOTE:TheArchiveservicehasnorequirementsforMailRuleConditionsotherthanthattheRulesresultinmail messages being journaled. The Archive service can only archive messages that the Domino serverjournalsaccordingto theDominoMailRules. IfasubsetofDominomail is journaled,only thatsubsetwillappearinthecustomer’sArchiveaccount.



49

5. VerifyDominoversiona. AsaSystemAdministratoronthecustomer’sDominoserver,verifythecustomerisrunning

64-bit Domino 8.5.3. In the Domino console.log, found in C:\ProgramFiles\IBM\Lotus\Domino\data\IBM_TECHNICAL_SUPPORT,thestartupoftheDominoserverrecordsthefollowingwhichindicates64-bit:

LotusDomino(r)Server(64Bit),Release8.5.3,September15,2011Copyright(c)IBMCorporation1987,2011.AllRightsReserved.

6. DownloadAgentInstallerzipfile

a. AsaSystemAdministratoronthecustomer’sDominoserver,launchabrowser.b. Accessthecustomer’sArchiveaccountastheCustomerAccountAdministrator.c. SelecttheAdminpaged. SelecttheCollectorstab.e. ClicktheEditbuttonfortheLotusOn-PremcollectortobeusedwiththisDominoserver.f. Inthesection‘DOWNLOADTHELOTUSON-PREMAGENT’,clickthe‘Download’link.g. ReviewtheTermsofServiceh. Click‘AcceptTermsandDownload’

Heidi Fischer� 9/9/15 1:34 PMComment [2]: NeedtoupdatetoincludeDomino9



50

i. Proceedthroughanyexceptionorwarningdialogs.j. Save the file (ex. installer-xxx....xx.zip) to a location on the customer’s Domino server, ex.

C:\agentk. Thedownloadedarchivefile=51Mb

7. ExtractFiles

a. Extractallthecontentsofthedownloadedzippedarchivefilewhilepreservingthesupplieddirectorystructure.YoumaywishtochangetheDestinationDirectoryoftheextractedfilestomake it easier to access from a terminalwindow, ex. C:\agent. The extracted contentscontainthefollowing:

archive-agent-1.0.0-SNAPSHOT(directory)bin(directory)currentjre(directory)nSANSFCollector.dllSAArchive.ini

8. CopynSANSFCollector.dll

a. CopythefilenSANSFCollector.dlltotheDominoinstallationdirectory,ex.:C:\ProgramFiles\IBM\Lotus\Domino

9. Editnoteslini

a. Editthenotes.inifile,foundinC:\ProgramFiles\IBM\Lotus\Dominob. Searchforthevalue:EXTMGR_ADDINS



51

i. Ifthevalueexists,add",SANSFCollector"totheendoftheline.Notethecommaandnospace.

ii. IfthevaluedoesNOTexist,addthefollowingline:EXTMGR_ADDINS=SANSFCollectorc. Savethechangetothenotes.inifile

10. CopySAArchive.ini

a. CopythefileSAArchive.initothedirectoryC:\ProgramFiles\IBM\Lotus\Domino\datab. SAArchive.inicontainsthefollowinglines:

AgentDirectory=c:\sa-agentArchiveDirectory=c:\sa-agent\archiveArchiveUser=CN=ArchiveAgent/O=<youarchiveprovider>TargetJournalLatencySeconds=3600

NOTE: the values for AgentDirectory and ArchiveDirectory were derived from the values specified for‘LocationofJournaledNSFs’whentheAgentwascreatedintheArchiveAccountUIabove.Ifyouwishtouseadifferentdirectory locationyoumustcreateanddeployanewAgent.Changestothesevalues inthisfilearenotsufficienttoutilizenewdirectorylocations.

11. RestarttheDominoservera. StopandrestarttheDominoservertoenabletheDominoservertousethearchiveprovider

suppliedfilenSANSFCollector.dll.

12. VerifyDominoconsolelogoutputa. ViewtheDominoconsoleoutput, found inC:\ProgramFiles\IBM\Lotus\Domino\data\IBM_

TECHNICAL_SUPPORT\console.log,toverifythenSANSFCollector.dllhasbeenloaded.Outputshouldshowentriessimilartothefollowing:SAArchive:Loaded[1.0,02/04/2013,123],loggingtoc:\sa-agent/SAArchive.log

13. InstallAgent

a. Itisrecommendedthattheagentbeinstalledfromalocationonthelocalserver’sharddriverather than on a shared network drive. In a terminal window, change directory to thelocationoftheextractedfiles,C:\agent

b. Change directory to archive-agent. This is the location where the agent is launched andwheretheagent.logfilewillbecreated.

c. OpenaterminalwindowforinstallingtheagentasaWindowsService.d. Changedirectorytothelocationoftheextractedfiles,C:\agente. Changedirectorytoarchive-agentf. Launchtheinstallationscript:

bin\service.batinstallInstallingservice...done.

g. Theinstallationcreatesandwritesthefollowingtothefile,

C:\agent\archive-agent\SAArchiverService.<datestamp>.logCommonsDaemonprocrunloginitializedCommonsDaemonprocrun(1.0.15.032-bit)startedInstallingservice...ServiceSAArchiverServicenameSAArchiverServiceSettingservicedescription<yourarchiveprovider>CollectorAgentService'SAArchiverService'installedCommonsDaemonprocrunfinished



52

14. StartAgent

a. OpenAdministrativeTools–Servicesb. VerifySAArchiverServiceislisted.c. SelectSAArchiverService,clickStartd. VerifytheSAArchiverServiceStatuschangestoStartede. StartingtheSAArchiverServicecreatesthefile,agent.logf. OpentheTaskManagertoverifythejavaprocessisrunning.g. Selectthejava.exe*32processh. Right-click,selectPropertiesi. java.exe *32 Properties dialog should show Location: C:\agent\archive-agent\jre\bin,

includingthelocationofyourrunningagent.

15. Verifyagentstatusa. Agentstatuscanonlybeverifiediftheagentisrunning.b. Launchaterminalwindowc. Changedirectorytothelocationwheretheagentwaslaunched,C:\agent\archive-agentd. Issuethefollowingcommandtoretrievetheagentstatus:bin\agentctlstatuse. Iftheagentisrunningthecommandshouldreturnoutputsimilartothefollowing

Lastsuccessfuloperationwas(sleep60)at2013-04-09T11:31:32.Loglevelisnormal.Versionis1.0.0-SNAPSHOT.Upfor0hours4minutes3seconds

f. AgentstatuscanalsobedeterminedfromtheCustomerArchiveAccount,intheEditscreen

oftheCollector.

g. VerifythefileC:\agent\archive-agent\agent.logiscreated.h. When the agent is started successfully, C:\agent\archive-agent\agent.log will contain the

following:startingserverinitializing[larabee.configlarabee.oplarabee.loglarabee.upgradelarabee.server]donestartingserver

16. Verifymessagesarejournaled

a. SendamessagetoauserontheDominoserver.b. VerifyarecordofthemessageappearsintheDominoconsolelog.c. VerifyanewjournalfileiscreatedinC:\sa-agent\archived. VerifyarecordofthemessageappearsintheC:\sa-agent\SAArchive.log

Info:Loaded[0.1-dev,20121120-003231,825111a] Warning:foundnofilesmatching:/sa-agent/archive/journal*.nsf Info:journaledmessageto/sa-agent/archive/journal-20121228T011319Z.nsf

NOTE:Initially,nojournalisavailabletostorethenewmessage,soonehastobecreated.Journalfileisthencreated,andmessageisstored.



53

17. UninstalltheDominoOn-PremCollector

a. Launchaterminalwindow b. Change directory to the location where the SAArchiverService was installed,

C:\agent\archive-agent c. IssuethefollowingcommandtouninstallSAArchiverService: bin\service.batuninstall d. VerifytheagentisstoppedbyviewingoutputinC:\agent\archive-agent\agent.log

executingadmin:[stop] stoppingserver donestoppingserver

e. Verify SAArchiverService is removed by viewing output in C:\agent\archive-agent\SAArchiverService.<datestamp>.log

CommonsDaemonprocrunloginitialized CommonsDaemonprocrun(1.0.15.032-bit)started Deletingservice... Service'SAArchiverService'deleted Deleteservicefinished. CommonsDaemonprocrunfinished

f. VerifySAArchiverServiceisremovedfromServices g. DeletetheagentdirectoryC:\agent h. StoptheDominoserver i. DeletethefilenSANSFCollector.dllfromthedirectoryC:\ProgramFiles\IBM\Lotus\Domino j. EditthefileC:\ProgramFiles\IBM\Lotus\Domino\notes.ini k. Removethevalue",SANSFCollector"fromtheEXTMGR_ADDINSsetting l. Savethefile m. DeletethefileSAArchive.inifromthedirectoryC:\ProgramFiles\IBM\Lotus\Domino\data



54

VI.SettingsInthischapter:

• YourSettings• EndUserAccessRules• LDAPintegration• LoginMessages

Theobjectivesofthischapterare:

• ToidentifyandconfigurePolicyattributesforautomaticmessageremoval.• To identify and configure Setting attributes for your personal account settings, rules for your end

users,andsystem-wideloginmessages.

YourSettingsTheSonianArchiveforE-MailHTTPSAdministrationSettingsfeaturesprovidetheabilitytofinetuneindividualpersonalsettings,enduseraccessrulesandloginmessages.

Administration-Settings-Yoursettings

LogontoyouremailarchivesystemasanadministratorandfromthedefaultAdministrationDashboardclick



55

Settings-YourSettingstab.YoumayalsonavigatetotheSettingsUIifalreadyloggedintothearchiveserviceAdministrationUIbysimplyclickingtheSettingstabthenYourSettingstab.ModifyUserAccountfieldwithuniquepersonalcriteria.UserAccountstandardparametersaremaintained:TheUsernameandemailaddressfieldsmustbeuniquesystemwide,andpasswordsmustbealphanumericwithat least three numbers. If given field value is not valid, an errormessagedisplays citingan incorrectparameter,reviewandcorrectinputs.ModifyUserGeneral fieldswithpreferredpersonalcriteriato customizepersonal user interfaces.Use thedrop-downmenustoseteachattributevalue.Availableselectionsareasfollows:

1. Itemsperpage:SetsEndUserandSearchitemsperpage:10,25,or50.

2. Default page: Sets your default login page: Admin dashboard, Search dashboard, Search list. Theavailableselectionswillvarydependingonuserpermissions.

3. Timezone:Setsyourpersonaltimezone.

4. DefaultView:Setsyourpreferredsearchview.a. NormalView-DefaultviewthatdisplaysSMTPmessageheaderandsnippetofbodycontent.b. MiniView-DisplaysSMTPmessageheadercontentonly.c. TextView-DisplaysSMTPmessageheaderandfullbodycontentwithoptiontoExpandExtra

headerstoexpandSMTPheaderandX-Arc*typemessageheaders.

5. Receivenightlyemailsofcollectionactivity:selectthecheckboxtobenotifiedonadailybasisofthearchiveactivity.Ifthatischecked,theadmin(s)willreceiveanemaileachdaylistingthenumberofmessagescollectedoverthepast24hours.

ClickUpdatetoapplysettings.Whensuccessful,themessage'Yoursettingshavebeensuccessfullyupdated'displaysatthetopofthepage.GeneralsettingsareeffectiveimmediatelyexceptfortheDefaultpagesetting,whichtakeseffectthenexttimetheuserlogsintothesystem.



56

EndUserAccessRulesThe conceptof EndUserAccessRules is to impose restrictionson SMTP domains for end users that self-register to the archive service via an HTTPS browser session(https://<instancename>.Sonianarchive.com/user/signup/new).Restrictionslimitenduseraccessandsystemvulnerabilityandimprovesecurity.

Administration-Settings-Enduseraccessrules

1. Logon to your archive systemas an administratorand from the default AdministrationDashboardclickSETTINGS-EndUserAccessRulestab.

2. TheEndUserAccessRulesconceptisbasedontypicalallowanddenyrules-basedpolicyandallSMTP

aliasesaredeniedbydefault.a. AllowrulesexplicitlydefineSMTPaliasestoallowaccess.b. DenyrulesexplicitlydefineSMTPaliasestodenyaccess.

NOTE: Forexample, to allowaccess fromall locationsexcept freeemail sites suchas Yahoo,Hotmail,andGmail,addanallowrulefor*@*andaDenyrulefor*@gmail.com,*@yahoo.com,and*@hotmail.com.

3. ClickUpdatetoapplysettings.Themessage'Theaccesslistshavebeenupdated.'displaysatthetopofthepage.

If anenduser registerswithan invalidordeniedSMTPalias, thearchiveservice systemdoesnotsendanemailnotificationtotheSMTPalias.Therefore,theemailnotificationreplycannotbesentto the invalidordeniedSMTPaliasandtheself-registeredaccountneveractivates.



57

ConfiguringLDAPintegrationLDAP integration gives you the ability to leverage your directory information to provision and managearchiveusersandrelatedattributes.LDAPintegrationisdesignedtohelpyourstreamlineuserprovisioning,management, and authentication. This feature relieves the administrator(s) from the hassles ofmanuallymanagingarchiveusers.NOTES:

• LDAPsupportneedstobeenabledattheaccountlevelfirstbytheSonianadministratortoappearintheAccountAdminsettingspage.

• The sn, given name,mail, username, and password have to be filled out on the LDAP server forintegrationtosuccessfullycomplete.

InordertoconfigureLDAPintegration,pleasefollowthesesteps:

1. LogontoyouremailarchivesystemasanadministratorandnavigatetoAdministration-SETTINGS–LDAPintegrationtab.

Administration–Settings–LDAPintegration

2. ProvideyourLDAPserverconnectionsettings:a. LDAPserver–HostnameorIPaddressfortheLDAPserver.b. Port–Entertheportnumber:636canbeusedforLDAPoverSSL.

LDAP–serverconnection

3. ProvideyourusernameandpasswordfortheLDAPintegrationaccount:a. ServiceUserName–Thedistinguishednameofanaccountwithpermissiontosearchthe

LDAPdirectory.ThisisbasicallyanaccountwithpermissiontoquerytheLDAPserver.b. ServicePassword–Passwordonthenetwork,forread-accessonlytotheLDAPserver.



58

LDAP–Usernameandpassword

4. Describehowtheserviceshouldlocateandidentifyarchiveusers:a. BaseDN–ThedistinguishednameoftheusercontainersorActiveDirectorytree.b. UserFilter–Thefilterthatshouldbeusedto identifyusersthatshouldhaveaccesstothe

archive. User filter is an LDAP filter string that is used to select those records within thebasedDN.

c. Pullinalle-mailaliasesassociatedwithuseraccounts–Selectthischeckboxtosynchronizeall e-mail addresses associated with user accounts. This will pull primary, aliases, and allproxyaddressesforyourendusers,populatingtheirMyArchiveaccountsaccordingly.

LDAP–BaseDNanduserfilter

NOTES:

• Bydefault,serversthatareperforminguserauthenticationconnecttotheLDAPserverusingLDAPoverSSL(port636).

• TheadministratorcanprovideanyportnumberaslongasitisconfiguredwithhisLDAPserverandusesasecure(SSL)connection.

5. Test your configuration. It is important that you test your LDAP configuration before saving any

settingsyouprovidedabove.a. TestUserName–Provide auser name for a user account that shouldhave access to the

archive.Itwillbesuedtovalidatethesettingsyouprovidedabove.b. TestPassword–Provideapasswordforthetestaccount.Thispasswordwillnotbesaved.c. ClickonTestConfigtotesttheaccuracyofyourLDAPconfigurationsettings.



59

LDAP–TestingyourLDAPconfiguration

NOTES:

• Testconfig fails– Incaseyourconfigurationtest fails,youwill seeamessagedisplayedbelowtheTestConfigbuttontellingyouwhaterrorsthereareandwhichfieldsneedtobemodified.

• Testconfigsucceed–Incaseyourconfigurationtestsucceed,youwillseeamessagedisplayedbelowtheTestConfigbuttontellingyouthatyourLDAPconfigurationsettingsareaccurate.

6. OncethearchivesystemhasvalidatedyourLDAPconfigurationsettings,clickon“SaveSettings”to

saveyoursettingsandenableLDAPintegration.

LDAP–Savesettings

NOTES:

• Theuserwill onlyhave access to LDAP/directory integration feature set if you (the administrator)enableit.

• Only users whose account information and attributes are managed via directory/LDAPsynchronizationwillbeabletoleverageLDAPforauthentication.

• UsersthatareconfiguredforLDAPauthenticationwillnotbeabletorecovertheirpasswordsinthearchivingsystem.

• If theadministratorchooses toenableusers to loginusing their lastknowngoodpassword, in theeventthattheLDAPserver isunreachable,passwordsstored inthesystemwillneverbevisiblebytheadministratorofyourarchivingprovider.



60

RemovingLDAPsettingsAdministrators have the ability to remove the LDAP settings if necessary. This is a very quick and simpleaction.Administratorshavetofollowthis2stepsprocess:

1. LogontoyouremailarchivesystemasanadministratorandnavigatetoAdministration-Settings–LDAPintegrationtab.

2. ClickonRemoveLDAPSettingsatthebottomofthepage.

LDAP–Removesettings

OncetheLDAPsettingsareremovedalltheLDAP-enableduserswillbecomenativeusers.Theywillnotbedeleted from the archive. Users will be able to login into the systemwith their username and last usedpassword.

Additionalinformation–Authenticationmethods

1. DatabaseAuthenticationUserCreation

• Usersarecreatedbyacustomer,Sonian,andgivenatemporarypassword.Thefirsttimetheylogin,theywillbeforcedtochangetheirpassword.

• Ifenabled,userscanself-register.Inwhichcasetheykeepthepasswordtheyusedtosignup.• UserscanbebulkuploadedfromaCSVfile.• Userscreatedinanyofthesewaysareflaggedas"Native"users.

Passwords

• WeinheritthealgorithmofRestful-Authentication.• Passwordsaresaltedandhashed.Itisnotpossibleforanyone,evendevelopers,toreversethishash.

Allpasswordsaresaltedwithaone-timesalt,andpassedthroughaone-wayhashingalgorithm.It'stheresultofthatthatgetsstored.

• Salts change every time the password does. That means we cannot easily implement the "don'treuseoldpasswords"constraint.Thisexistingfunctionalityhasbeenpulled.



61

Login

• Usersprovidetheircredentialsinthe/login/newscreen.Theywillberedirectedthereiftheyarenotcurrentlyloggedin.

• Ifanativeuserexistswiththeenteredcredentials,theuserisauthenticatedandredirectedtooneof(inorder):

o TheURLtheyweretryingtogoto.o Thedefaultlocationsavedwiththeirprofileo The dashboard of the environment their most powerful role allows: admin, search, my

archive.PasswordRecoveryIfpasswordrecoveryisenabledbytheadmin,ausercanrequestanewpasswordfromtheloginscreen.Iftheydo,theywillgetanemailsendingthemtoanewscreentoentertheirnewpassword.Notetheabilitytorecoverapasswordcanbesetattheuserlevel(aswellastheaccountlevel).Ifsuchauserisatthe loginscreen,wecan'tknownottoshowtherecover link.However, if theyactuallytrytorecovertheirpassworditwillbedenied.IntrusionDetection

• Anadmincanconfigureasetnumberof failedpasswordattemptsallowedbeforeauser is lockedout.

• Ifauser(presumablyabadguy)failstologinafterthisnumberofattemptstheywillbelockedout.• Whenausergetslockedout,theywillreceiveanemailtellingthemhowtounlocktheiraccount,so

thatthebadguycan'tcreateadenialofserviceattack.• Alternately,anadmincanunlockanaccount,oritwillbeautomaticallyunlockedafteraconfigurable

amountoftime;default:30minutes.InactivityTimeoutIfauserhasbeeninactivefor30minutes,theywillbeaskedtologinagainthenexttimetheyusethesite.LoggingoutWhenauserlogsout,theyaresenttotheloginscreenandunabletoproceeduntiltheyloginagain.LDAPAuthenticationLDAPauthenticationuses thecustomer'spubliclyaccessibleLDAPserver toauthenticateusers.Wedonotcurrentlysynchronizethecustomer'sLDAPserverwithalocaluserstore.ConfigurationA Sonian admin can configurewhether LDAP-based authentication is available to Sonian's customers. If itis,andthecustomerhasenabledenduseraccess,thecustomer’sadminwillseea"LDAPintegration"tabintheSETTINGStab.Heretheyentertherelevantinformationneededtoconnecttotheirserver.



62

• ALLLDAPqueriesareoverSSL.TheLDAPserverMUSTbeconfigureforSSLcommunication.o StartTLSisneverused.ItisalwaysSSL,allthetime.

• MicrosoftActiveDirectory:duetothewayActiveDirectoryisdesignedwemustbindtoLDAPasasearch-enableduserandretrievetheattributesfortheuserloggingin(ratherthanbindingtoLDAPas the user logging in). Therefore, we need to know the bind DN of a search user (presumablycreatedjustforthispurpose)andthatsearchuser'spassword(whichwillbeencryptedwhensaved.)

• ThefilterparameterMUSTincludethestring"%u"initsomewhere.Thisiswherewewillinserttheuser'senteredusername.

• Theusernameandpasswordaskedforontheconfigurationscreenarenotsaved.Theycanbethecredentialsofanyuserinthedirectoryserver.

UserCreationWhenan LDAPuser logs in for the first time (seebelow)a localuser is createdusingproperties returnedfromanLDAPquery:

• sn(surname):lastname• givenName:firstname• mail:emailaddress

Theusernameof theuserwillbewhateverusername theyenteredon the login screen.Wealso save thepasswordtheyentered(exactlyaswedoforlocalauthentication).

• AllusersarecreatedwiththeEndUserrole.Consequently,theywillhaveonlyoneemailaddressby

default.EndUseraccessmustbeenabled.

• UponconfiguringtheLDAPintegration,theadministratorhastheoptiontochoosewhetherornothe wants all proxy addresses (aliases, etc.) to be pulled and synchronized alongside the users'primary SMTPaddress. Thisenablesendusers to see inMyArchivemail related toall their emailaddressesassociatedwiththeiruseraccountontheLDAPserver.

• AlluserswillbeflaggedasLDAPusers(asopposedtoNativeusers).

• On subsequent logins, if those attributes have changed the userwill be updated, overwriting anychangesthatmayhavebeenmadelocally.

• IftheuserisdeletedinLDAP,ontheirnextlogintheywillbe(logically)deletedlocally.

• User attributes can be later modified by an admin locally. But LDAP changes will overwrite anychanges made to the first name, last name, and password. Additional email addresses will bemaintainedandsowilladditionalroles,buttheEndUserrolewillberestoredifitwasremoved.

• Theaccountownerof an LDAPenabledaccountexists locally as aNativeuser.AdministratorsareencouragednottomakeLDAPuserstheaccountownerandthendeletethelocalaccountowner.

• OtherlocaluserscanbecreatedforanLDAP-enabledaccount,inwhichcasetheywillbehavejustasordinarylocalusersdo.

• MicrosoftActiveDirectory:aDomainusercanusehisoldpasswordtoaccessthenetwork/archiveforonehourafter thepasswordhas changed. If youwant todisableauseraccess to thearchive,changinghispasswordwillbefullyeffectiveonlyonehourlater.Asabestpractice,werecommendthattheAdmindisabletheemployeeaccount.



63

LoggingInIf an account has LDAPproperties associatedwith it, it is considered LDAP-enabled. If a user attempts tologintoanLDAP-enabledaccount,then:

• WelookfirstforNativeuserswiththosecredentials,andlogtheminiftheyexist.

• IfaSonianadminhas turnedLDAPsupportoff (afteranaccounthassetupLDAP),we look locallyforLDAPusers,thiswayallthoselocalusersdon'thavetoberecreated.

• Otherwise,webindtotheLDAPserverasthesearchuserspecifiedinsetupandthendoaqueryforthatlogging-inuser'sattributes.

• Wethenrebindusingthatuser'sDNandtheenteredpassword.

• Ifthat'ssuccessful,wecreatetheuserasspecifiedaboveandlogthemin.

• However,ifwecannotbindsuccessfullyandthatuserexistslocally,westilllogthemin.ThisallowsustocontinueintheeventthattheLDAPserveris inaccessible.Forsecurityreasons,allpasswordsaresaltedwithaone-timesalt,andpassedthroughaone-wayhashingalgorithm.It'stheresultofthatthatgetsstored.

• Finally,ifwecan'tfindtheuserremotelyorlocally,theyaredenied.Note, once an LDAP user is logged in, they behave just like a local user.We do not ping LDAP for eachsubsequentrequest;wejustlooklocally.PasswordRecoveryPasswordrecoveryisdisabledforLDAPusers.SAMLAuthenticationWithSAMLauthenticationmethod,everySAMLuserispre-authenticated.Thatsaid,it'sstillpossiblefortheexternal authentication server to present uswith user information thatwe cannot use, and thus need tocorrectfor.UserCreationWhenaSAMLuserconnects(not"logsin"-theyneverseetheloginscreen)forthefirsttimealocaluseriscreatedusingpropertiesembeddedintheHTTPrequest.

• Requiredo saml_account TheUUIDoftheSonianaccounttheuserbelongstoo saml_username Example:Kennetho saml_email Example:[email protected]

• Optionalo saml_full_name Example:KennethLayo saml_first_name Example:Kennetho saml_last_name Example:Layo saml_roles Example:[‘acme_admin’,‘acme_user’]

• If saml_roles is provided, the user will be created with those roles (after they are scrubbed to

preventprivilegeescalation).OtherwisetheywillhavetheEndUserrole.

• Ifsaml_full_nameisprovidedandfirstandlastarenot,weattempttoguessfirstandlast.



64

• Ifallthreenamesareprovided,firstandlastwin.

• AlluserswillbeflaggedasSAMLusers(asopposedtoNativeusers).

• Onsubsequentconnections,ifthoseattributeshavechangedtheuserwillbeupdated.LoggingInAs noted, all SAMLusers are logged in just by showing up (that is, there's at least oneHTTPheader thatbeginswith"saml_"andtheaccountisSAML-enabled).SAMLusersneverseetheloginscreen.IfaSAMLrequestcomesinandit'smissingtheaccount,username,ormailattribute,thentheuserisshowna failure page. If these, required fields are present, but last name and first name are not, the user isredirected to a page where they can enter their personal information. If everything we want is in therequest,theusersimplygetstotherequestedpage.JustlikeforLDAP,onceaSAMLuserisloggedin,theybehavejustlikealocaluser.Wedonotre-authenticatewiththeprovidedSAMLattributesuntiltheylogout.PasswordRecoveryPasswordrecoveryisdisabledforSAMLusers.LoggingOutEventhoughaSAMLuserneverseesaloginscreen,there'sstillalogoutlink.Clickingthislinkdestroystherelocalsession,butalsoredirectstoShibbolethanddestroysthereremotesession.Whichmeansthenexttimetheuserrequestsapage,theywillseewhateverauthenticationthatShibbolethprovides.TipYou can manually test SAML with Firefox using theModify Headers Plug-inand entering the appropriateheaderslistedabove.There'sprobablyasimilarplug-inforChrome.



65

LoginmessagesTheconceptofLoginMessagesistoconvenientlydisplaymessagesonyourarchivesystemloginHTTPSURLtocommunicatewithallendusers.

Administration-Settings-Loginmessages

Logon to youremail archive systemas anadministrator andnavigate toAdministration - Settings - LoginMessagetab.ClickNewmessageanddefine:

• Message:EnterTexttodisplayonyourarchiveserviceloginscreen.• StartsOn:Clickcalendarappletandselectstartdateforyourmessage.• ExpiresOn:Clickcalendarappletandselectdateforyourmessagetoexpire.

Thearchiveservicepostsanupdate“Messagewassuccessfullycreated”atthetopoftheLoginMessagesUI.Log out and navigate to your archive service default HTTPS URL and verifymessage appears if date fallswithin range defined. One option is to define your message with current date setting to verify correctmessagetextappearsasdesiredandthenmodifydaterangeaftertest.

Loginmessageexample

ThefigureabovedisplaysCustomerLoginScreenMessage'OurcompanyholidayisscheduledforDecember22nd’.



66

E-mailForwardingRestrictionThisfeatureallowstheAccountOwnerorAdministratortocontrolWHOhastheabilitytoforwarddataoutof the archive and toWHOM. By default, forwarding is enabled and allowed for every archive user role(SearchAdminPlus,SearchAdmin,SearchUser,andEndUser)meaningthattheyallcanforwardarchiveddataoutofthearchivetosomebodywithinoroutsideofyourorganization.Thisfeatureallowsyoutogainmoregranularcontrolover'forwarding'andapplysomerestriction.Howdoyouenablethe'emailforwardingrestrictions'?

1. The featurehas tobe initially turnedon for youraccountbySonian’s Support team.Contact yourSonianSupportcontacttogetthisfeatureturnedon.

2. Oncethisisturnedon,loginastheAccountOwnerandgototheACCOUNTtab.3. Select"EnableE-mailForwardingRestriction"under'Options'.

4. Saveyouraccountsettingsbyclicking"Updateaccount"atthebottomofthepage.5. AnewtabunderSETTINGS,called"E-mailForwardingRestriction"willbedisplayedunderSETTINGS.



67

Howdoyouconfiguretheemailforwardingrestrictions?Onceyouaredoneenablingthefeature,youcanconfigurepoliciestolimitWHOcanforwarddataoutofthearchive toWHOM. From the "E-mail Forwarding Restriction" tab under the SETTINGS page, follow thesesteps:

1. Readthequickoverviewtounderstandthedefaultbehaviorwithoutrestrictionturnedon.

2. Select "Enable restrictions on forwarding e-mails out of the archive" to disable forwarding foreverybodyinthearchive.ThismeansthatSAPlus,SAs,SUs,andEUswillNOTbeabletoforwardanyarchiveddataoutofthearchive.

3. (Optional)Selectoneofthe listedarchiveuserrolestorestricttheabilitytoforwarddatatothoseroles.Onlytheselectedroleswillbeabletosenddataoutofthearchivefromsomebodywithinoroutsideofyourorganization.

4. (Optional) Select the last checkbox to tie forwarding restrictions to a set of known registereddomains.Selectingthecheckboxmeansthattheusersforwhomyoualloweddataforwardingwouldonlybeable to forwarddata toemailaddresses thathavedomains thathavebeenregisteredandapprovedbytheAccountOwner,undertheACCOUNTtabasseenbelow.

5. Onceyou'redoneconfiguringyourforwardingrestrictionpolicy,clickon"SaveSettings"tosaveyourconfigurationandactivatethepolicy.



68

VII.ReportingInthischapter:

• Reportbuilderoptions• Samplereport

Theobjectivesofthischapterareasfollows:

1. Identifyarchiveserviceuseraccountsallowedtorunreports.2. IdentifyanddescribeseveralavailableReporttypes.3. Identifyanddescribeformatoptions4. Identifyanddescribedaterangeoptions5. Identifyanddescribesortoptions

ReportbuilderoptionsThefollowingarchiveserviceuserroleshavepermissiontorunreports:

• AccountOwner• AccountAdministrator• SearchAdminPlus

ReportscanbegeneratedinPDForCSVformatandaresentdirectlytothedesignateduser’sinbox.NavigatetotheReportstabandstipulateReportBuilderoptions.

Reportbuilderoptions



69

ConfigureyourarchiveservicewithyourdesiredReportBuilderOptions.

1. FromtheChoosereport:drop-downmenu,selectoneofthefollowingreporttypes:a. ActivitybyUser-reportsactionsexecutedbyuser,forexample,UserLogin,SearchCreation,

SearchAccess,ExportAvailable.b. Activity by UI Action - reports User Interface activity, for example, BulkTagActivity,

CollectNowRequested,CollectNowCompleted,CollectorEdit,EciLogin,etc.c. ActivitybyDate-reportsactivitysortedbydated. CollectionbyMailbox-reportscollectionspermailboxe. CollectionbyDate-reportscollectionbydate

2. StipulateaFormatoption:

a. PDFb. CSV(CommaSeparatedValues)

3. FromtheDateRangedrop-downmenu,selectoneofthefollowingdaterangeoptions:

a. LastWeekb. ThisWeekc. LastMonthd. ThisMonthe. LastQuarterf. ThisQuarterg. LastYearh. ThisYeari. Allj. Custom

NOTE:

• ExceptfortheDateRangechoicesAllandCustom,eachselectionpopulatesthedaterangefieldswithpre-defineddates.Thesepre-defineddaterangescovermostreportingneeds.

• SelectingAllleavestheBeginsonandEndsonfieldsemptyandwillplacenodaterestrictionsonthereport.

• SelectingCustomcausesadateselectiontooltodisplaynexttotheBeginsonandEndsonfields.Usethedateselectiontoolstochooseacustomdaterange.

4. Sortoptions:

a. FromtheOrderbydrop-downmenu,selectfromthesecriteria:i. User,Date,Activity

b. ForSortorder,selecttheAscendingorDescendingradiobutton.

5. ClickCreateReport.Aconfirmationmessageappearsatthetopofthepagestatingthatthereportwillbesentbyemail.

NOTE:WhenviewingareportthatisgeneratedwiththeCSVformatoption,astringof“######”symbolsinthedatecolumnindicatesthatthedatecolumnistoonarrowtodisplaythedatecorrectly.Tofixthis,widenthedatecolumninthespreadsheetuntilthedatedisplayscorrectly.



70

VIII.ImportingDataInthischapter:

• High-levelsummaryofthedataimportworkflow• Creatingtheimportjob• Preparingdataforimport• Drag-and-dropdataupload

The concept of the archive service Import function is to process bulk data import requests. When yousubscribe to the archive service, Sonian offers the option of importing legacy email archives into SonianArchiveforE-Mail.

High-level summaryofthedataimportworkflow

1. Customercreatesanimportjob.2. Sonianisnotifiedbyemail.3. Sonianshipsastoragedevicetothecustomer;alternatively,thecustomermayprovideitsown

device.4. Customerpreparesandencryptsthedata.5. CustomerplacesthedataontothedeviceandshipsittoSonianatthefollowingaddress:

CloudArchiveServiceSupport19091PruneridgeAve.Cupertino,CA95014

6. Sonianreceivesthedevice,inspectsitforintegrityandobjectsize,thenimportsthedata.7. Afterthedatahasbeenimported,Sonianelectronicallyshredsthedataonthedevice.Thedatashred

optionisbuiltintothearchiveservice,anditisenabledbydefault.Intheeventthatthecustomerusestheirownstoragedevice,theywillhavetheoptiontonotshredthedatafollowingtheimport.

8. Aftershredding,thedataisnotrecoverableandthefilesonitdisplayascontainingzerobytes.Thedevicewillrequirereformattingbeforeitcanbere-used.

9. CustomerreferstotheImportTasklistforstatus.

Creating theimportjobTorequestalegacyemaildataimport,gotoAdminlink,selecttheImporttab.TheImportTaskspagedisplays.

Importtaskspage

Heidi Fischer� 9/9/15 1:41 PMComment [3]: What’sthisaddress?



71

FromtheImportTaskspage,selectCreateImportTask.TheNewImportTaskpagedisplays.By filling out theNew Import Task form, you are providing contact information onwho is requesting theimportandwherethedriveshouldbeshippedafterthedatahasbeentransferredatthedatacenter.

Newimporttaskpage



72

Afteryouhavecompletedtheform,selectSubmitImportTask.TheImportTaskspagedisplaysshowingtheimporttaskthatyoujustsubmitted.Itisnowwaitingtobegin.NOTE:MakeanoteoftheImportTaskIDoutlinedinredinthefigurebelow.Youwillneedthisnumberforthedataencryptionprocess.

Importtaskwaitingtobegin

Your legacyemail data can be successfully importedusing the popularPSTmail file format. The followingsectionprovidesguidanceonhowtoworkwiththePSTformat,commonlyusedbyMicrosoftOutlook.

PreparingdataforimportWhenpreparingyourdataforprocessing,youwillberesponsibleforencryptingthedatathatwillbeplacedontheportablestoragemediadevice.WARNING! Inordertobeuploadedintoyourarchive,allfileobjectsontheportablemediadevicemustbebelow25GBs.Sonianrecommendsusingtheprogram7-zip(http://www.7-zip.org/)whichallowsforAES-256bitencryption.YoumustuseyourImportTaskIDasyourpasswordforencryptingyourfiles.

PSTformatThePST(PersonalStorage)folderformatisusedbyMicrosoftOutlooktostoremessagesonlocaldesktops.ThePSTformatisasinglefilethatholdsallfoldersandmessages.YouwillneedtoprovideeachPSTfileasaseparatefilewhichmustnotbesecuredwithanypasswordprotection.NamethePSTfileandcopyitontotheharddriveyouwillbeshipping.PSTfilesmaybegeneratedinacoupleofways.

• Directlybyusers.• Throughanautomatedapplicationsuch asexmerge,whichextractsmessages fromyourExchange

ServerintoacollectionofPSTfiles.ThePST file formatcanhold informationotherthan justmessages,suchas tasks, notesandcontacts.Thisadditionalinformationis storedasamessageandcan, if required,be importedinto thearchive.However,



73

therewillbenodifferentiationbetweenthesevariousinformationtypessinceimporteddataissearchablebyemailand/orattachment.

RequirementsfornamingPSTfilesAspartofthePSTimportprocess,wewillneedtoknowtheprimaryemailaddressoftheuserforeachPSTfileinordertoassignownershipofthemessageafterbeingimportedintothearchivesystem.Ifyouhaveusedautilitysuchasexmerge,thiswilltypicallynamethePSTfilesbasedonthenicknameoftheuser in yourActiveDirectoryconfiguration.Weask thatyourenameeachPSTfilegeneratedtomatchtheindividualtowhomthePSTbelongs.For example,user SimonBloggs’mailboxhas been extracted from the Exchange server, and the exmergeutility is likely to call the PST file whatever his alias is (SBloggs.pst). The file must be renamed [email protected](retainthePSTfileextension).WhereyouhavemultiplePSTfilesforanindividual,pleasesimplyaddanumbertotheendoftheaddress:

• [email protected]• [email protected]• [email protected]

If,however,youhaveacquiredPSTfilescreateddirectlyfromyourenduserswhohavecopiedmessagestothemfromOutlook,then it is likelythattheywillbearbitrarilynamed.SincethereisnowaytoaccuratelyascertaintowhomeachPSTfilebelongstointheorganization,wewillneedyoutoensurethatthenamingconventioncitedhereisupheld.

Table1 Supportedphysicalmedia

ITEM REQUIREMENTPowerforExternalDevices USwallsocketplug120Volts@60Hertz

MaxPowerConsumption 2,000WattsInterfaceType eSATAUSB2.0;2.5inchand3.5inchinternalSATADimensions Maxdevicesizeis14incheshighby19incheswide

by36inchesdeep(8Usinastandard19inchrack)

Weight Maximumis50poundsFileSystemType NTFS,ext2,ext3,FAT32

DeviceCapacity Upto4TB



74

Drag-and-dropdatauploadNOTE:Thedrag-and-dropdatauploadisonlyavailabletoAccountOwners(AO)andAccountAdministrators(AA)ifpreviouslyenabledbyamemberofyouArchiveSupportteam.Ithasneverbeenthateasytoloadexistingdatainyourarchive.Thisimportingsystemallowsyoutosimplydrag-and-droplegacyemailand/orfiledataintothearchiveutilizingaJavaapplet.Theimportingsystemingests,stores,andindexesthefollowingemailfiletypes:

• EML,• PST,• NSF,• RGE,• MBOX,• andMaildir.

Thesystemalsohandlesthefollowingcompressedfilestypes:

• ZIP,• 7zip,• GZIP,• GZ,• TAR,• andRAR.

NOTE:• ForPSTimports,thePSTfilesshouldbenamewiththeprimarySMTPaddressoftheowner.Forinstance:

[email protected] isno limittothenumberoffilesyoucanuploadbutyoumayincuradditionalchargesbasedonthesizeofthedataprocessedintothearchive.Westronglyrecommendthatyoucompressandcatalogyourfilesby name prior to uploading them. Once you mark the import job as complete (clicking on "UploadComplete"),uploadingwillbedisabledforthatjob.

CreatingtheimportjobStep1:

1. OpentheIMPORTsupportticketwithyourarchivingprovider.

2. IncludedDnD(DragandDrop)inthesubjectlineordescription.

3. Your archiving provider will then enable the underlying services to present the “Upload To YourArchive”buttonwiththeImportIMPORTtab.

4. GotoACCOUNT-Optionsandselectthe“EnablePhysicalMediaandS3Imports”checkbox.



75

Step2:

1. GototheIMPORTtabintheadministrationsectionofthearchive.

2. Clickthe“UploadToYourArchive”buttonwithintheIMPORTtab.

Import-Uploadtoyourarchive

3. Fillouttheblankfieldswiththerequiredinformationa. Provideyourname(firstandlast).b. Provideyourtelephonenumber.c. Provideyouremailaddress.d. Provideauniquenamefortheimporttask.e. Giveadescription/additionaldetailsfortheimporttask.

4. Whenyouaredonepopulatingthefields,clickon“SelectFiles…”.

Import-Uploadfilestoyourarchiveform



76

Step3:

1. AcceptJavaappletwarningsastrustedcontent.

2. UsefileFinder(MacOS),orWindowsExplorerortobrowseforfiles.YoucandirectlydropfilesintheJavaappletfromaWindowsmachinewithoutpreviouslyselectingthem.

3. Themomentyouchooseafile,itwillimmediatelybegintouploadtoasecurecloudstoragelocation

specifictoyouraccount.Youwillhavenovisibilityintothedestinationlocationforsecuritypurposes.

4. Choosethelegacyemaildataorfilestobeuploaded.

Import-Selectingdata



77

Step4:

1. When the upload is complete (100%), clickUpload Completed and clickOK on the confirmationpopupwindowtocloseyourimportjob.

2. AconfirmationmessagewillbedisplayedontopoftheIMPORTpageacknowledgingthesuccessof

theupload.***Thisdoesnotmeanthatyouremailsareavailableinthearchive.

3. Amemberofyourarchiveprovider’ssupportteamwillreachouttoyoutoverifythedetailsoftheimportandstartindexingthedata.

Import-Importconfirmation

Drag-and-dropuploadtechnicalspecificationsNOTE:MakesurethattheJavaplug-in is installedornotdisabled,otherwisetheappletdoesnot loadandtheuserwillnotreceiveanymessagethatthisistheproblem.Legacydrag-and-dropuploads to S3 leveragea singleAWSuser thathasPUT-only access to an S3bucketreservedforlegacyuploads.TheuploadismanagedbyaJavaApplet,configuredbythearchivewebsiteforaspecificupload job, thatcommunicatesdirectly toS3usingS3RESTAuthenticationtoensuredatasecurityandfidelity.Theappletnotifiesthewebsiteofuploadprogressandchangesinstatus,whichhastheadditionalbenefitofpreventing the user’s website session from timing out during a lengthy (i.e.multi-hour) upload. The javaappletusesencryptedSSLcommunicationtotransferanduploadfilestotheS3bucket.Fromanarchivesecurityprospective,thearchive’sconfigurationalwaysincludesboththeAWSAccessKeyandAWSSecretKeyforthelegacydrag-and-dropuploadapplettoensurethatnoexternalpartycanaccessthedata.ThearchiveneverexposestheAWSSecretKeyormakesitaccessibletotheJavaapplet.



78

IX.ExportingDataInthischapter:

• BulkexportofarchivedataIfyoudecideatanypoint intimetounsubscribefromthearchiveservice,youmayrequestbulkexportofyourdata.PleasecontactSoniandirectlyformoredetailsregardingtheexportofarchiveddataandoptions.

Bulkexport ofarchivedataYoumayrequestbulkexportofallyourarchivedemaildata,oralargesubsetsuchasamonthlyorquarterlyarchiveddataset.Pleasecontactyourarchivingserviceproviderformoredetails.



79

X.Policies

EmailretentionpolicyThePolicies tab isused for configuringanemail retentionpolicy.Anemail retentionpolicy setsa system-wideattribute to removeemailmessages fromthearchivebasedon timestamp.Only theAccountOwnerrole(AO)isentitledtomakechangestotheretentionpolicy.TheEmailRetentionpolicy featuremaybeenabledordisabledgloballyacross thewholearchiveaccount.Whentheretentionpolicyisenabled,messagesolderthanthespecifiednumberofyearsandmonthswillbepurgedfromthearchive.Messageswillceasetobediscoverablethroughsearchwithin24hoursofthepolicythresholdbeingreached.Thedefaultsetting isdisabled(meaningthattheEmailRetentionpolicy isturnedoff).Itemswithlegalholdstatusarealwayspreserved.Iflegalholdisremoved,themessage(s)thatareolderthanthespecifiedretentionperiodwillberemoveduponthenextpurgeevent.

Policiespage

1. NavigatetotheAdministrationPoliciestab.SelecttheEnableRetentionPolicycheckboxunderEmailRetentionPolicy.

2. SelectadesirednumberofYearsandMonthsforyourretentionperiodfromthedropdowns.

***NOTE:1monthisconsideredtobe30daysand1yearisconsideredtobe365days.

3. ClickUpdatetosaveyourretentionpolicy.AnemailnotificationwillbesenttoallAccountOwnersandSearchAdminPlustonotifythemofthepolicychange.Noactionisrequiredfromthem.Thepolicywillgetintoeffectrightaway.



80

Appendix:SupportedEmailServerPlatforms

On-premisesemailserverplatformsThearchiveservicecurrentlysupportstwoCollectorobjecttypes:POP3andSMTP.ThisistrueforMicrosoftExchange2003,2007,and2010foron-premisesemailservers.

HostedemailplatformsThe archive service supports Google Apps E-Mail, but limited to individual mailbox collections. POP3journaling is not supported. Collection through SMTP is limited without third-party routing of outboundinternetemail.

EmailclientintegrationMicrosoft Outlook 2010, 2013 and OWA are supported. Both have the ability to access the searchfunctionalityofthearchivesystemthroughtheemailclient.

Supportedwebbrowsers

• InternetExplorer10.x• InternetExplorer11.x• InternetExplorerEdge• Firefox• Safari6• Safari7• GoogleChrome

Boththe32-and64-bitversionsofthebrowsersaresupportedasapplicable.

archive administration guidesa2help.com/documentation/sonian_administration_guide.pdfsonian...

Documents