symantec enterprise vault : data classification services ... · symantec enterprise vault™ data...

Symantec Enterprise Vault

Data Classification ServicesImplementation Guide

Enterprise Vault 10.0

Data Loss Prevention 11.6

Symantec Enterprise Vault: Data Classification ServicesImplementation Guide

The software described in this book is furnished under a license agreement and may be usedonly in accordance with the terms of the agreement.

Last updated: 2013-01-16.

Legal NoticeCopyright 2013 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, the Checkmark Logo, Enterprise Vault, ComplianceAccelerator, and Discovery Accelerator are trademarks or registered trademarks of SymantecCorporation or its affiliates in the U.S. and other countries. Other names may be trademarksof their respective owners.

This Symantec product may contain third party software for which Symantec is requiredto provide attribution to the third party (Third Party Programs). Some of the Third PartyPrograms are available under open source or free software licenses. The License Agreementaccompanying the Software does not alter any rights or obligations you may have underthose open source or free software licenses. Please see the Third Party Software fileaccompanying this Symantec product for more information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use,copying, distribution, and decompilation/reverse engineering. No part of this documentmay be reproduced in any form by any means without prior written authorization ofSymantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OFMERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TOBE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTALOR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINEDIN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer softwareas defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights inCommercial Computer Software or Commercial Computer Software Documentation", asapplicable, and any successor regulations. Any use, modification, reproduction release,performance, display or disclosure of the Licensed Software and Documentation by the U.S.Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation350 Ellis Street, Mountain View, CA 94043

http://www.symantec.com

http://www.symantec.com

Technical SupportSymantec Technical Support maintains support centers globally. TechnicalSupports primary role is to respond to specific queries about product featuresand functionality. The Technical Support group also creates content for our onlineKnowledge Base. The Technical Support group works collaboratively with theother functional areas within Symantec to answer your questions in a timelyfashion. For example, the Technical Support group works with Product Engineeringand Symantec Security Response to provide alerting services and virus definitionupdates.

Symantecs support offerings include the following:

A range of support options that give you the flexibility to select the rightamount of service for any size organization

Telephone and/or web-based support that provides rapid response andup-to-the-minute information

Upgrade assurance that delivers software upgrades

Global support purchased on a regional business hours or 24 hours a day, 7days a week basis

Premium service offerings that include Account Management Services

For information about Symantecs support offerings, you can visit our website atthe following URL:

http://support.symantec.com

All support services will be delivered in accordance with your support agreementand the then-current enterprise technical support policy.

Contacting Technical SupportCustomers with a current support agreement may access Technical Supportinformation at the following URL:


Before contacting Technical Support, make sure you have satisfied the systemrequirements that are listed in your product documentation. Also, you should beat the computer on which the problem occurred, in case it is necessary to replicatethe problem.

When you contact Technical Support, please have the following informationavailable:

Product release level

http://support.symantec.comhttp://support.symantec.com

Hardware information

Available memory, disk space, and NIC information

Operating system

Version and patch level

Network topology

Router, gateway, and IP address information

Problem description:

Error messages and log files

Troubleshooting that was performed before contacting Symantec

Recent software configuration changes and network changes

Licensing and registrationIf your Symantec product requires registration or a license key, access ourTechnical Support web page at the following URL:


Customer serviceCustomer service information is available at the following URL:


Customer Service is available to assist with non-technical questions, such as thefollowing types of issues:

Questions regarding product licensing or serialization

Product registration updates, such as address or name changes

General product information (features, language availability, local dealers)

Latest information about product updates and upgrades

Information about upgrade assurance and support contracts

Information about the Symantec Buying Programs

Advice about Symantec's technical support options

Nontechnical presales questions

Issues that are related to CD-ROMs or manuals

http://support.symantec.comhttp://support.symantec.com

Support agreement resourcesIf you want to contact Symantec regarding an existing support agreement, pleasecontact the support agreement administration team for your region as follows:

[email protected] and Japan

[email protected], Middle-East, and Africa

[email protected] America and Latin America

mailto:[email protected]:[email protected]:[email protected]

Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Chapter 1 Introducing Symantec Enterprise Vault DataClassification Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

About Enterprise Vault Data Classification Services ... . . . . . . . . . . . . . . . . . . . . . . . . 11Key components of Symantec Data Classification Services ... . . . . . . . . . . 12Architecture of Data Classification Services ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

About classification policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Policy responses ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16How Data Classification Services handles multiple policy

matches ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17About the available detection technologies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Limitations on what Data Classification Services can classify ... . . . . . . . . . . . . 19Overview of the installation and configuration process ... . . . . . . . . . . . . . . . . . . . . 19

Implementing Data Classification Services in a non-Data LossPrevention environment .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

Implementing Data Classification Services in an existing DataLoss Prevention environment .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

About installation tiers ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Additional documents ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Comment on the documentation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Chapter 2 Acquiring the Enterprise Vault Data ClassificationServices software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

About downloading Data Classification Services components ... . . . . . . . . . . . . 25Downloading Data Classification Services components ... . . . . . . . . . . . . . . . . . . . . 27

Creating the download directory for Symantec Data LossPrevention files ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

Downloading and extracting Symantec Data Loss Preventionfiles ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

Preparing Enterprise Vault components for installation .... . . . . . . . . . . . . 28

Contents

Chapter 3 Installing Oracle 11g on Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31About the Oracle 11g installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31Oracle database requirements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32Installing Oracle 11g on Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34Downloading the Oracle 11g software for Windows .... . . . . . . . . . . . . . . . . . . . . . . . . 35Installing the Oracle 11g software for Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35Creating the Symantec Data Loss Prevention database .... . . . . . . . . . . . . . . . . . . . . 37Creating the TNS Listener on Windows .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Configuring the local net service name .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43Verifying the Symantec Data Loss Prevention database .... . . . . . . . . . . . . . . . . . . . 44Creating the Oracle user account for Symantec Data Loss Prevention

.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Locking the DBSNMP Oracle user account ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

Chapter 4 Installing the Data Classification Service . . . . . . . . . . . . . . . . . . . . . . 49Enforce Server and Classification Server minimum

requirements ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Browser requirements for accessing the Enforce Server

administration console ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Installing an Enforce Server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Verifying an Enforce Server installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60About the Data Classification for Enterprise Vault Solution Pack .... . . . . . . 61Importing the solution pack .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Classification Server installation preparations .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Installing a Classification Server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Verifing a Classification Server installation .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69Registering a Classification Server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70Configuring the Classification Server ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71About post-installation security configuration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

About server security and SSL/TLS certificates ... . . . . . . . . . . . . . . . . . . . . . . . . . 73About Symantec Data Loss Prevention and antivirus

software .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77Corporate firewall configuration .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Windows security lockdown guidelines ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Windows Administrative security settings ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Chapter 5 Configuring the Data Classification Filter . . . . . . . . . . . . . . . . . . . . . . 89Configuring the Data Classification Filter ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89Guidelines on specifying Classification Servers in the registry

file ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

Contents8

Chapter 6 Creating classification policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95About the installed classification policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95

Exporting policy detection as a template ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Importing Symantec Enterprise Vault Data Classification Services

policy templates ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97Creating a classification policy from a template ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98Adding a new policy or policy template ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101Configuring policies ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102

Configuring the Classify Enterprise Vault Content action .... . . . . . . . . . 103Configuring the Message/Email Properties and Attributes

condition .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108Enabling classification test mode .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Chapter 7 Supplied classification policies and policytemplates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

About the Enterprise Vault Data Classification policies ... . . . . . . . . . . . . . . . . . . 113Anti-money Laundering policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115Attorney-Client Privilege policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Attorney-Client Privilege (Secondary) policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . 116Auto-generated Messages policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Auto-generated news, Feeds & Research (Known Providers)

policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Auto-generated News, Feeds, Research policy ... . . . . . . . . . . . . . . . . . . . . . . . . . 117Compensation Discussions policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117Email Containers (attachments) policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Faxes (attachments) policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Legal Documents (attachments) policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118Personal Email Domains policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Productivity Documents (attachments) policy ... . . . . . . . . . . . . . . . . . . . . . . . . . 119Solicitations - Charities policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Solicitations - Political policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119Solicitations - Private Investment policy ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

About the system-provided policy templates ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120Acceptable Use Enforcement policy templates ... . . . . . . . . . . . . . . . . . . . . . . . . 121Confidential or Classified Data Protection policy templates ... . . . . . . . 132Customer and Employee Data Protection policy templates ... . . . . . . . . 142Network Security Enforcement policy templates ... . . . . . . . . . . . . . . . . . . . . . 149UK and International Regulatory Enforcement policy

templates ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152US Regulatory Enforcement policy templates ... . . . . . . . . . . . . . . . . . . . . . . . . . 159

9Contents

Chapter 8 Upgrading Data Classification Services . . . . . . . . . . . . . . . . . . . . . . . . 195Upgrading Symantec Data Loss Prevention for Data Classification

Services ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Downloading and extracting the upgrade software .... . . . . . . . . . . . . . . . . . . . . . . . 196Launching the Upgrade Wizard on the Enforce Server ... . . . . . . . . . . . . . . . . . . . . 196Performing an upgrade with the Upgrade Wizard .... . . . . . . . . . . . . . . . . . . . . . . . . . 198

Appendix A Migrating from Automatic Classification Engine toData Classification Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

About migrating to Data Classification Services ... . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Contents10

Introducing SymantecEnterprise Vault DataClassification Services

This chapter includes the following topics:

About Enterprise Vault Data Classification Services

About classification policies

About the available detection technologies

Limitations on what Data Classification Services can classify

Overview of the installation and configuration process

Additional documents

Comment on the documentation

About Enterprise Vault Data Classification ServicesData Classification Services uses various components of Symantec EnterpriseVault and Symantec Data Loss Prevention to automate the classification ofMicrosoft Exchange messages that are managed in Enterprise Vault. After DataClassification Services has applied classification tags to the messages, users ofapplications like Compliance Accelerator and Discovery Accelerator can use thetags to filter messages when they conduct searches and reviews.

The Data Classification Services components are available from SymantecFileConnect (https://fileconnect.symantec.com).

1Chapter

https://fileconnect.symantec.com

See About downloading Data Classification Services components on page 25.

The capabilities that Data Classification Services provides supersede those thatthe Automatic Classification Engine (ACE) provided in earlier versions of EnterpriseVault. You cannot configure Enterprise Vault to work simultaneously with bothACE and Data Classification Services. However, you can migrate from ACE to DataClassification Services by following the instructions later in this guide.

See About migrating to Data Classification Services on page 203.

Key components of Symantec Data Classification ServicesTable 1-1 describes the key Data Classification Services components.

Table 1-1 Key components of Enterprise Vault Data Classification Services

DescriptionComponent

The filter works with Enterprise Vault to post Exchange messages toa Classification Server and receive classification results from theserver. Enterprise Vault then uses the classification results to archiveand classify the messages, or delete them, as appropriate.

Data ClassificationFilter

This server is a type of Data Loss Prevention detection server thatreceives messages from the Data Classification Filter and appliespolicies to them to generate classification results. In the same waythat you can have multiple Enterprise Vault servers, you can also havemultiple Classification Servers.

The Classification Server can evaluate messages by using any of theavailable Data Loss Prevention detection technologies, which includeDescribed Content Matching (DCM), Exact Data Matching (EDM), andIndexed Document Matching (IDM). It can also use a new,Classification-specific detection rule that evaluates messages basedon their message (MAPI) attributes.

See About the available detection technologies on page 18.

You install and register a Classification Server in the same way thatyou install and register other Data Loss Prevention detection servers.If you already use Data Loss Prevention, see the Symantec Data LossPrevention Installation Guide for more information. If you do notcurrently use Data Loss Prevention, this Implementation Guideprovides installation instructions.

Note: Throughout the Data Loss Prevention documentation, the termdetection server refers generally to any Data Loss Prevention serverthat detects policy-defined content. In this guide, the same term refersspecifically to the Classification Server for Data Classification Services.

ClassificationServer

Introducing Symantec Enterprise Vault Data Classification ServicesAbout Enterprise Vault Data Classification Services

12

Table 1-1 Key components of Enterprise Vault Data Classification Services(continued)


Data Classification Services evaluates each message against a set ofclassification policies. Each policy has a defined response that specifieswhat to do with the message. For example, one policy response maybe to archive the message and assign a retention category to it. Anotherresponse may be to delete the message immediately without archivingit. The Classification Server groups all the matching policy responsesfor each message and returns them to the Enterprise Vault server,which processes the message accordingly.

See About classification policies on page 15.

Classificationpolicies

The Enforce Server provides a central management platform fordeploying Classification Servers, authoring policies, and managingthe system. You perform all these activities by using a browser-basedadministration console.

Enforce Server

Figure 1-1 shows how these components interact.

Figure 1-1 How Enterprise Vault and Data Classification Services interact

Enterprise Vault Data Classification Services

ActiveDirectory

Exchange OWA

Compliance/DiscoveryAccelerator

Enforce Serveradministration console

Enterprise Vault servers

Classification ServersMessage forclassification

Classificationtags

Policy analysis

13Introducing Symantec Enterprise Vault Data Classification ServicesAbout Enterprise Vault Data Classification Services

The architecture of Data Classification Services does not allow you to install it ina clustered environment. However, you can still deploy Data Classification Servicesin a highly available and load-balanced environment to enhance performance andscalability and eliminate downtime. To do this, you can set up multipleClassification Servers and configure the Data Classification Filter to work withthem all.

See Configuring the Data Classification Filter on page 89.

Architecture of Data Classification ServicesFigure 1-2 shows the interactions between the various Data Classification Servicescomponents in more detail.

Figure 1-2 Data Classification Services interactions

Enterprise Vault server

FilterController

Data Classification Filter

Data ClassificationClient

Exchangearchiving

task

Classification Server

Data ClassificationService

Exchange server Vault store

Classification API

Message forclassification

Classificationtags

Enforce Server

Introducing Symantec Enterprise Vault Data Classification ServicesAbout Enterprise Vault Data Classification Services

14

The Data Classification Filter registers with the Enterprise Vault Exchange Agentand receives Exchange messages for classification. It sends the messages to theData Classification Service through the Data Classification Client. The DataClassification Service classifies the messages and sends a reply that indicates anymatched policy responses. The Data Classification Client forwards these responsesto the Data Classification Filter. The filter adds the appropriate metadata to themessages to specify the required archiving and retention policy, and then passesthem back to the Exchange archiving task.

About classification policiesData Classification Services evaluates the content and metadata of each messageagainst the classification policies that you define. As Table 1-2 shows, aclassification policy can contain rules, exceptions, and responses.

Table 1-2 Components of a classification policy

ExampleDescriptionItem

Find keyword "guarantee"within five words of keyword"profit".

One or more conditions that trigger a matchon a message.

A policy can have multiple rules, which youconnect together with AND and ORstatements. This is a flexible and powerfulway to organize rules in a logical way. Forexample, you may decide that one rule cantrigger a response to a message, or you mayprefer that all the rules must match totrigger a response.

Rules

Do not match if the sender isin the Legal department.

Conditions that cause a policy to ignore amessage.

The exceptions are normal conditions, butData Classification Services evaluates themfirst. If any of the exceptions matches, themessage is ignored, no more rules areevaluated, and the message does not triggera response.

Exceptions

15Introducing Symantec Enterprise Vault Data Classification ServicesAbout classification policies

Table 1-2 Components of a classification policy (continued)

ExampleDescriptionItem

Archive and prioritize forcompliance review.

The action to take if a match is identified.

A number of response options are available.You define responses separately to policies.So, when you create a policy, you choose toattach a response to it.

See Policy responses on page 16.

Responses

Data Classification Services comes with 15 Enterprise Vault-specific policies withwhich you can start to classify messages straight away. Alternatively, you cancreate policies from scratch or base them on more than 40 standard templatesthat come with Symantec Data Loss Prevention.

Policy responsesWhen you classify Enterprise Vault content with Data Classification Services, youcan choose to archive and classify messages that match the defined policy, or youcan choose not to archive the messages. For example, the following options areavailable for archiving and classifying messages that match a policy:

Alternatively, you can choose from the following options if you want to indicatethat Enterprise Vault should not archive a message that matches a policy:

See Configuring the Classify Enterprise Vault Content action on page 103.

Introducing Symantec Enterprise Vault Data Classification ServicesAbout classification policies

16

How Data Classification Services handles multiple policy matchesSometimes, when a message matches multiple policies, Enterprise Vault cannottake all the actions in the policy responses. For example, this may be the case iftwo responses request the assignment of two different retention categories to amessage. When this situation arises, the Data Classification Filter determineshow to proceed as follows:

It gives greater priority to Archive and classify message responses than toDo not archive message responses.

For multiple Archive and classify message responses, it does the following:

Applies the longest of the retention periods to the message. If multipleretention categories share the longest period, the filter looks to the responserule order that you have specified to determine which one takes precedence.For example, suppose that a message matches two policies and that youhave attached a different response to each policy. Each response instructsthe filter to assign a different retention category to the message. If the twocategories have different retention periods, the filter applies the longerone to the message. If the categories have equal retention periods, the filterapplies the category whose response has higher priority. You can reorderresponses to raise or lower their priority level.

Stores the name of every matching policy in the indexable metadata of themessage under one of the following tags:

Indicates that the message should be included in acompliance review.

evtag.inclusion

Indicates that the message should be excluded from acompliance review.

evtag.exclusion

Provides no information on whether the message shouldbe included in or excluded from a compliance review.

evtag.category

Each tag can contain multiple policy names.

For multiple Do not archive message responses, it gives the greatest priorityto Leavemessageinmailbox requests, then to MovemessagetoDeletedItemsfolder requests, and finally to Deletemessageimmediatelyandpermanentlyrequests.

In effect, the Data Classification Filter chooses the safest action when resolvingthe differences between responses.

See Configuring the Classify Enterprise Vault Content action on page 103.

17Introducing Symantec Enterprise Vault Data Classification ServicesAbout classification policies

About the available detection technologiesSymantec Data Loss Prevention provides several types of detection technologies.Each type of technology provides unique capabilities. You can combine detectiontechnologies in policies to achieve precise classification results.

Table 1-3 Available detection technologies

DescriptionTechnology

Detects data with common characteristics, such as keywords,data types, file metadata, protocol signatures, endpointdestinations, and identity patterns.

Described Content Matching(DCM)

Detects the exact identity of data users, message senders,and recipients. Symantec Data Loss Prevention providestwo flavors of Directory Group Matching: synchronized andprofiled. Synchronized DGM uses a connection to a directoryserver instance (Microsoft Active Directory) to matchidentities. Profiled DGM uses a static Exact Data Profile ofa directory server or database to match identities.

Directory Group Matching(DGM)

Detects content that is stored in structured or tabularformat. For example, you can use EDM to classifyconfidential customer information from a database, orsensitive financial information from a spreadsheet.

Exact Data Matching (EDM)

Detects unstructured data from sensitive, proprietarydocuments. The supported document types includeMicrosoft Word, PowerPoint, PDF, design plans, source code,CAD/CAM images, financial reports, and confidentialmergers and acquisition documents.

Indexed Document Matching(IDM)

Performs statistical analysis on unstructured data(documents) to determine if the content is similar to anexample set of documents that you train against.

Vector Machine Learning(VML)

Extends the classification capabilities so that you can matchany type of data, content, or files. You can write scripts,expressions, and plug-ins to customize the classificationengine.

Custom detection methods

For more information on the available detection technologies, see the SymantecData Loss Prevention Administration Guide.

Introducing Symantec Enterprise Vault Data Classification ServicesAbout the available detection technologies

18

Limitations on what Data Classification Services canclassify

Note the following limitations on how Data Classification Services classifiesmessages:

In this release, Data Classification Services supports the classification ofmessages through Exchange journal and mailbox archiving only.

Data Classification Services cannot classify any messages that users havemanually archived by using the facilities that the Enterprise Vault OutlookAdd-Ins or Enterprise Vault for OWA provide. For example, this is the case forthe messages that users have archived by clicking the Store in Vault buttonin Outlook, or that they have moved or copied into their Virtual Vault folders.

Any policy that classifies messages that a specific user has sent does not classifymessages that a delegate user has sent on behalf of this user. For example,suppose that user A allows user B to send messages on her behalf. If you haveset up a policy to classify messages that user A has sent, it ignores any messagesthat user B has sent on A's behalf.

Data Classification Services can only classify encrypted messages after anapplication such as the Enterprise Vault Adapter for Secure Messaging andRights Management (SMRM) has decrypted them.

Overviewof the installation and configurationprocessThe procedure that you must follow when you install and configure EnterpriseVault Data Classification Services depends on whether you are an existing userof Symantec Data Loss Prevention.

Implementing Data Classification Services in a non-Data LossPrevention environment

Table 1-4 describes the steps to follow if you are an Enterprise Vault user whohas not previously set up a Symantec Data Loss Prevention environment.

Table 1-4 Installation and configuration process for non-Data Loss Preventionusers

More informationActionStep

See About the Oracle 11g installationon page 31.

Install Oracle 11g, and create adatabase using the Symantec Data LossPrevention database template.

Step 1

19Introducing Symantec Enterprise Vault Data Classification ServicesLimitations on what Data Classification Services can classify

Table 1-4 Installation and configuration process for non-Data Loss Preventionusers (continued)


See Installing an Enforce Serveron page 51.

Install an Enforce Server.Step 2

See Importing the solution packon page 64.

Some policies in the solution pack aremore effective with EDM or IDM rules,for which you require a suitable ExactData Profile or Indexed DocumentProfile. One example is the Anti-moneyLaundering policy. See the SymantecData Loss Prevention AdministrationGuide for guidelines on how to defineand choose these profiles.

Import the Data Classification forEnterprise Vault solution pack on theEnforce Server computer.

Step 3

See Installing a Classification Serveron page 66.

For a two-tier or three-tier installationonly, install and verify theClassification Server software.

Step 4

See Registering a ClassificationServer on page 70.

Register the Classification Serverinstance with the Enforce Server.

Step 5

See Configuring the Data ClassificationFilter on page 89.

Configure the Data Classification Filteron each Enterprise Vault server.

Step 6

See Creating a classification policyfrom a template on page 98.

Create the required classificationpolicies.

Step 7

Implementing Data Classification Services in an existing Data LossPrevention environment

Table 1-5 describes the steps to follow if you want to add classification policiesto an existing Data Loss Prevention solution.

Table 1-5 Installation and configuration process for existing Data LossPrevention users


See Installing a Classification Serveron page 66.

Install and verify the ClassificationServer software.

Step 1

Introducing Symantec Enterprise Vault Data Classification ServicesOverview of the installation and configuration process

20

Table 1-5 Installation and configuration process for existing Data LossPrevention users (continued)


See Registering a ClassificationServer on page 70.

Register the Classification Serverinstance with the Enforce Server.

Step 2

See Configuring the Data ClassificationFilter on page 89.

Configure the Data Classification Filteron each Enterprise Vault server.

Step 3

See Importing Symantec EnterpriseVault Data Classification Servicespolicy templates on page 97.

Import the Data Classification Servicespolicy template to the Enforce Server.

Step 4

See Creating a classification policyfrom a template on page 98.

If you create a policy from a templatethat contains EDM or IDM rules, suchas the Anti-money Laundering policy,the system prompts you to choose anexisting Exact Data Profile or IndexedDocument Profile. See the SymantecData Loss Prevention AdministrationGuide for guidelines on how to defineand choose these profiles.

Create the required classificationpolicies.

Step 5

About installation tiersSymantec Data Loss Prevention supports three different installation types:three-tier, two-tier, and single-tier. Symantec recommends the three-tierinstallation. However, your organization might need to implement a two-tier orsingle-tier installation depending on available resources and organization size.

To implement the single-tier installation, you install the database,the Enforce Server, and a detection server all on the same computer.

See Importing the solution pack on page 64.

See Registering a Classification Server on page 70.

Single-tier

To implement the two-tier installation, you install the Oracle databaseand the Enforce Server on the same computer. You then installdetection servers on separate computers.

Two-tier

21Introducing Symantec Enterprise Vault Data Classification ServicesOverview of the installation and configuration process

To implement the three-tier installation, you install the Oracledatabase, the Enforce Server, and a detection server on separatecomputers. Symantec recommends implementing the three-tierinstallation architecture as it enables your database administrationteam to control the database. In this way you can use all of yourcorporate standard tools for database backup, recovery, monitoring,performance, and maintenance. Three-tier installations require thatyou install the Oracle Client (SQL*Plus and Database Utilities) on theEnforce Server to communicate with the Oracle server.

Three-tier

Additional documentsThis guide describes how to install, configure, and upgrade Symantec Data LossPrevention for use with Symantec Enterprise Vault to provide automaticclassification of messages. In addition to this guide, other Symantec Data LossPrevention documents describe the full functionality of the Enforce Server,Classification Server, and policy creation. These documents are available fromSymantec FileConnect (https://fileconnect.symantec.com) along with the softwarefor the Data Classification Services. Additional documents for Enterprise Vaultare also available from the Symantec Support site:

http://www.symantec.com/business/support/index?page=landing&key=50996

Note: The Symantec Data Loss Prevention documentation describesnon-Classification server types that are used by Data Loss Prevention customers.You can ignore reading about these non-Classification servers, since theinformation does not apply to Data Classification Services.

In addition, see the Symantec Enterprise Vault Compatibility Charts for detailsabout supported versions of Data Loss Prevention and Enterprise Vault. TheCompatibility Charts can be found here:

http://www.symantec.com/docs/TECH38537

Table 1-6 Symantec Data Loss Prevention documents used with EnterpriseVault Data Classification Services

DescriptionDocument

Describes how to administer the Enforce Server and ClassificationServer. This document also describes all detection, policy, and responserule features that you can use when configuring classification policies.

Symantec DataLoss PreventionAdministrationGuide

Introducing Symantec Enterprise Vault Data Classification ServicesAdditional documents

22

https://fileconnect.symantec.comhttp://www.symantec.com/business/support/index?page=landing&key=50996http://www.symantec.com/docs/TECH38537

Table 1-6 Symantec Data Loss Prevention documents used with EnterpriseVault Data Classification Services (continued)

DescriptionDocument

Describes how to diagnose common problems with SymantecEnterprise Vault Data Classification Services installations. Also, itprovides instructions for performing common maintenance tasks suchas backing up the Enforce Server database and monitoring log files.

Symantec DataLoss PreventionSystemMaintenanceGuide

The Enforce Server administration console provides context-sensitivehelp pages to help you create, configure, and manage classificationpolicies and Classification Servers.

Symantec DataLoss PreventionOnline Help

Describes the known and fixed issues in this release of the EnforceServer and Classification Server.

You can find the latest version of the Release Notes by accessing thefollowing article in the Symantec Data Loss Prevention knowledgebase:

https://kb-vontu.altiris.com/article.asp?article=55642

(You must have an account for the knowledgebase to access thisarticle.)

If you upgrade Data Loss Prevention with a minor release update, youcan find the Release Notes for that update in the ZIP file that containsthe Upgrader software.

Symantec DataLoss PreventionRelease Notes

Describes how to migrate from the previous versions of SymantecData Loss Prevention Enforce Servers and Classification Servers tothe most current version.

Symantec DataLoss PreventionUpgrade Guide

For detailed information on the full system requirements for Symantec Data LossPrevention, see the Symantec Data Loss Prevention System Requirements andCompatibilityGuide. This guide is updated as new information becomes available.You can find the latest version of the guide by accessing the following article inthe Symantec Data Loss Prevention knowledgebase:


(You must have an account for the knowledgebase to access this article.)

Comment on the documentationLet us know what you like and dislike about the documentation. Were you able tofind the information you needed quickly? Was the information clearly presented?

23Introducing Symantec Enterprise Vault Data Classification ServicesComment on the documentation

https://kb-vontu.altiris.com/article.asp?article=55642https://kb-vontu.altiris.com/article.asp?article=55645

Report errors and omissions, or tell us what you would find useful in futureversions of our guides and online help.

Please include the following information with your comment:

The title and product version of the guide on which you want to comment.

The topic (if relevant) on which you want to comment.

Your name.

Email your comment to [email protected] Please only use this address tocomment on product documentation.

We appreciate your feedback.

Introducing Symantec Enterprise Vault Data Classification ServicesComment on the documentation

24

mailto:[email protected]?subject=Comments on the Enterprise Vault documentation

Acquiring the EnterpriseVault Data ClassificationServices software


About downloading Data Classification Services components

Downloading Data Classification Services components

About downloading Data Classification Servicescomponents

Data Classification Services software is delivered in a series of .zip files that youdownload from FileConnect (https://fileconnect.symantec.com). Place all of yourdownloaded files in a download directory; do not create your own subdirectories.

See Creating the download directory for Symantec Data Loss Prevention fileson page 27.

Note: The files that are listed contain a version number. In the table, an "x"represents the most current version number. Download the most recent versionof the software.

2Chapter

https://fileconnect.symantec.com

Table 2-1 The Data Classification Services components


The Symantec EnterpriseVault solution.

Symantec_Enterprise_Vault_10_0_x_Win_Multilingual.zip

The Symantec Data LossPrevention solution.

Symantec_DLP_11.6_Platform_Win-IN.zip

The installation tools includescripts and a databasetemplate file that you use tocreate the Oracle 11gdatabase and user account.

If you have an existing Oracleinstallation that was notpurchased from Symantec,use these files to create theSymantec Data LossPrevention database and useraccount.

Oracle_11.2.0.3.0_Server_Installation_Tools_Win.zip

These .zip files containinstallers and scripts that youuse to install a new instanceof Oracle software for usewith Symantec Data LossPrevention.

If you have purchased anOracle license from Symantecfor use with Symantec DataLoss Prevention, use thesefiles to install your Oraclesoftware and to create theSymantec Data LossPrevention database.

Oracle_11.2.0.3.0_Server_Win32_1of2.zip andOracle_11.2.0.3.0_Server_Win32_2of2.zip

or

Oracle_11.2.0.3.0_Server_Win64_1of2.zip andOracle_11.2.0.3.0_Server_Win64_2of2.zip

The Symantec Data LossPrevention documentationset.

Symantec_DLP_11.6_DCS_ Docs_Win-IN.zip

The policy templates that youmust import if you havealready installed a solutionpack.

Symantec_DLP_11.6_DCS_Policy_Templates-IN.zip

Acquiring the Enterprise Vault Data Classification Services softwareAbout downloading Data Classification Services components

26

Table 2-1 The Data Classification Services components (continued)


The Symantec Data LossPrevention upgrade engine.

Symantec_DLP_11.6_Upgrader_Win-IN.zip

See Downloading Data Classification Services components on page 27.

DownloadingDataClassificationServices componentsUse the following process to download and prepare the Symantec DataClassification components for installation:

Table 2-2 Downloading Symantec Data Classification components

DescriptionProcessStep

See Creating the download directory forSymantec Data Loss Prevention fileson page 27.

Create your download directory.Step 1

See Downloading and extracting SymantecData Loss Prevention files on page 28.

Download and extract your software.Step 2

See Preparing Enterprise Vaultcomponents for installation on page 28.

Create the Symantec EnterpriseVault installation disc.

Step 5

Creating the download directory for Symantec Data Loss Preventionfiles

On the computer that will become the Enforce Server, create a download directory.The download directory is where you download and extract the installation filesfor your Symantec Data Loss Prevention software. This directory is referred toas DownloadHome in the rest of this document. For example, if you create aDLP_files directory, your DownloadHome is c:\DLP_files. You do not need toplace the Symantec Enterprise Vault software, which is installed separately, intothe directory that you create for Symantec Data Loss Prevention.

Note: Do not use c:\Vontu\ because this directory is used later as the defaultinstallation directory by the installer.

See Downloading and extracting Symantec Data Loss Prevention files on page 28.

27Acquiring the Enterprise Vault Data Classification Services softwareDownloading Data Classification Services components

Downloading and extracting Symantec Data Loss Prevention filesSymantec Data Loss Prevention software contains multiple components (.zipfiles). You must download all of the Symantec Data Loss Prevention files fromFileConnect to obtain all of your software. FileConnect only initiates the downloadof one component compressed file at a time.

To download Data Loss Prevention software from FileConnect

1 On the Enterprise Vault 10.0 FileConnect page, click the name of each filethat you want to download. (You can only select one at a time, so you mustrepeat the process for each of the items.)

2 Click HTTP Download, and click Select.

3 Click Begin Downloading.

4 Specify that the file be saved in your DownloadHome directory.

5 After the download has been initiated, you are returned to the File Selectscreen. Choose which component to download next.

6 When all of your product component compressed archive files have beendownloaded, extract the files directly into the DownloadHome directory.

Each DLP .zip file has a common folder structure with a top-level foldercalled DLP. You must extract the contents of the .zip files so that the resultingfolder structure resembles the example:

c:\DLP_files\ (or whatever you chose as your DownloadHome)

DLP\

Symantec_DLP_11_Win\

11.6_Win\

...

New_Installs\

x64\

ProtectInstaller_11.6.exe

...

7 Verify that your files have extracted into the proper folder structure.

Preparing Enterprise Vault components for installationThis procedure is the first step to installing Symantec Enterprise Vault. If youhave previously installed the software, disregard this procedure.

For more information on how to install Symantec Enterprise Vault, see theSymantec Enterprise Vault Installing and Configuring Guide.

Acquiring the Enterprise Vault Data Classification Services softwareDownloading Data Classification Services components

28

To prepare the Enterprise Vault component for installation

1 Download and extract theSymantec_Enterprise_Vault_10_x_x_Win_Multilingual.zip to your localdrive.

2 Burn the Symantec_Enterprise_Vault_10_x_x_Win_Multilingual.iso toa DVD disc.

3 After the .iso file has been burned to the disc, you can either re-insert thedisc into the computer or mount the image directly to the computer. Openthe top-level readme file. This file guides you through important steps beforeyou can begin installation.

Note: Symantec Enterprise Vault is often installed on multiple servers, all ofwhich must be prepared for the installation process.

See About downloading Data Classification Services components on page 25.

29Acquiring the Enterprise Vault Data Classification Services softwareDownloading Data Classification Services components

Acquiring the Enterprise Vault Data Classification Services softwareDownloading Data Classification Services components

30

Installing Oracle 11g onWindows


About the Oracle 11g installation

Oracle database requirements

Installing Oracle 11g on Windows

Downloading the Oracle 11g software for Windows

Installing the Oracle 11g software for Windows

Creating the Symantec Data Loss Prevention database

Creating the TNS Listener on Windows

Configuring the local net service name

Verifying the Symantec Data Loss Prevention database

Creating the Oracle user account for Symantec Data Loss Prevention

Locking the DBSNMP Oracle user account

About the Oracle 11g installationTo use Symantec Data Loss Prevention, install Oracle 11g Release 2 and create adatabase using the Symantec Data Loss Prevention database template. You mustalso create an Oracle user account with the correct permissions to access andmodify the database. The Enforce Server uses this account to store configurationand incident data for the Symantec Data Loss Prevention deployment.

3Chapter

You can perform a two-tier or single-tier Symantec Data Loss Preventioninstallation. In both of these cases, the database runs on the same computer asthe Enforce Server. Alternatively, you can perform a three-tier Symantec DataLoss Prevention installation. In this case, the database runs on a different computerfrom the Enforce Server.

If you implement a three-tier installation, you must install the Oracle Client(SQL*Plus and Database Utilities) on the Enforce Server. Installation of the OracleClient enables database communications between the Oracle database server andthe Enforce Server. The Symantec Data Loss Prevention installer needs SQL*Plusto create tables and views on the Enforce Server. For this reason, the Windowsuser account that is used to install Symantec Data Loss Prevention needs accessto SQL*Plus.

For full details on how to install the Oracle 11g Database Client software, see theplatform-specific documentation from Oracle Corporation, available from theOracle Documentation Library athttp://www.oracle.com/pls/db111/portal.portal_db?selected=11.

Note:After you create the Symantec Data Loss Prevention database and completethe Symantec Data Loss Prevention installation, you can change the databasepassword. To change the database password, you use the Symantec Data LossPrevention DBPasswordChanger utility.

For more information about the Symantec Data Loss PreventionDBPasswordChanger utility, see theSymantecDataLossPreventionAdministrationGuide.

Oracle database requirementsAll new Symantec Data Loss Prevention installations must install and use Oracle11g version 11.2.0.3 (32-bit or 64-bit) with the most recent Critical Patch Update.You can obtain Oracle 11g and the necessary patches from Symantec when youdownload your Data Classification Services software.

You cannot install a new Symantec Data Loss Prevention version 11 Enforce Serverwith an Oracle 10g database.

Symantec Data Loss Prevention requires the Oracle database to use the AL32UTF8character set. If your database is configured for a different character set, theinstaller notifies you and cancels the installation.

You can install Oracle on a dedicated server (a three-tier deployment) or on thesame computer as the Enforce Server (a two-tier or one-tier deployment):

Three-tier deployment.

Installing Oracle 11g on WindowsOracle database requirements

32

For full details on how to install the Oracle 11g Database Client software, see the platform-specific documentation from available from Oracle Corporation. These are available from the Oracle documentation library at http://www.oracle.com/pls/db111/portal.portal_db?selected=11

System requirements for a dedicated Oracle server are listed below. Note thatdedicated Oracle server deployments also require that you install the Oracle11g Client on the Enforce Server computer to communicate with the remoteOracle 11g instance.

One- and two-tier deployments.When installed on the Enforce Server computer, the Oracle systemrequirements are the same as those of the Enforce Server.

If you install Oracle 11g on a dedicated server, that computer must meet thefollowing minimum system requirements for Symantec Data Loss Prevention:

Microsoft Windows Server 2003 (for Oracle Standard Edition only) or laterversion of 5.x (32-bit) or Windows Server 2008 (Standard or Enterprise edition)R2 (64-bit version).

One of the following operating systems:

Microsoft Windows Server 2003 (32-bit)(with Oracle Standard Edition only)

Microsoft Windows Server 2008 R2 (64-bit)

Microsoft Windows Server 2008 R2 SP1 (64-bit)

Red Hat Enterprise Linux 5.2 through 5.8 (32-bit)(with Oracle Standard Edition only)

Red Hat Enterprise Linux 5.2 through 5.8 (64-bit)

6 GB of RAM

6 GB of swap space (equal to RAM)

500 GB 1 TB of disk space for the Enforce database

Note: Support for 32-bit platforms for Oracle will be discontinued in a futureversion of Symantec Data Loss Prevention. Symantec recommends that customersmigrate to 64-bit systems as soon as possible.

The exact amount of disk space that is required for the Enforce database dependson variables such as:

The number of policies you plan to initially deploy

The number of policies you plan to add over time

See Creating a classification policy from a template on page 98.

33Installing Oracle 11g on WindowsOracle database requirements

Installing Oracle 11g on WindowsInstall Oracle 11g and create the Symantec Data Loss Prevention database byperforming the following steps on the server computer that will host the Oracledatabase.

Table 3-1 Installing Oracle 11g and creating the Symantec Data LossPrevention database

DescriptionActionStep

See the Oracle Web pages forthe system requirements forOracle 11g and the SymantecData Loss Prevention SystemRequirements andCompatibility Guide.

Review the systemrequirements for the Oracle11g.

Step 1

See Downloading the Oracle11g software for Windowson page 35.

Download the Oracle 11gsoftware.

Step 2

See Installing the Oracle 11gsoftware for Windowson page 35.

Install Oracle 11g.Step 3

See Creating the SymantecData Loss Preventiondatabase on page 37.

Create the Symantec DataLoss Prevention database.

Step 4

See Creating the TNSListener on Windowson page 40.

Create the database listener.Step 5

See Configuring the localnet service nameon page 43.

Configure the local netservice name.

Step 6

See Creating the Oracle useraccount for Symantec DataLoss Prevention on page 45.

Create the Symantec DataLoss Prevention databaseuser.

Step 7

See Locking the DBSNMPOracle user accounton page 46.

Lock the DBSNMP accountfor security purposes.

Step 8

Installing Oracle 11g on WindowsInstalling Oracle 11g on Windows

34

Table 3-1 Installing Oracle 11g and creating the Symantec Data LossPrevention database (continued)

DescriptionActionStep

The latestOracle 11gRelease2CriticalPatchUpdateGuideexplains how to downloadand apply the CPU for Oracle.

Install the Oracle CriticalPatch Update (CPU).

Step 9

Downloading the Oracle 11g software for WindowsYou should have received a Symantec Serial Number Certificate with your orderthat lists a serial number for each of your products. If you did not receive thecertificate, contact Symantec Customer Care as described athttp://www.symantec.com/business/support/assistance_care.jsp. If youhave multiple serial numbers, locate the serial number that corresponds to OracleStandard Edition.

Go to https://fileconnect.symantec.com and enter the serial number. Proceedto the list of available downloads and download and extract the following files:

Oracle_11.2.0.3.0_Server_Win32_1of2.zip andOracle_11.2.0.3.0_Server_Win32_2of2.zip (for 32-bit installations)

These ZIP files contain the 32-bit Oracle 11g Release 2 software(win32_11.2.0.3_database_1of2.zip andwin32_11.2.0.3_database_2of2.zip).

Oracle_11.2.0.3.0_Server_Win64_1of2.zip andOracle_11.2.0.3.0_Server_Win64_2of2.zip (for 64-bit installations)

This ZIP file contains the 64-bit Oracle 11g Release 2 software(win64_11.2.0.3_database_1of2.zip andwin64_11.2.0.3_database_2of2.zip).

Oracle_11.2.0.3.0_Server_Installation_Tools_Win.zip

This ZIP file contains the Symantec Data Loss Prevention Oracle databasetemplate and database user SQL script(11g_r2_32_bit_Installation_Tools.zip and11g_r2_64_bit_Installation_Tools.zip).

Installing the Oracle 11g software for WindowsThe Enforce Server uses the Oracle thin driver and the Oracle Client. SymantecData Loss Prevention packages the JAR files for the Oracle thin driver with the

35Installing Oracle 11g on WindowsDownloading the Oracle 11g software for Windows

Symantec Data Loss Prevention software. But, you must also install the OracleClient. The Symantec Data Loss Prevention installer needs SQL*Plus to createtables and views on the Enforce Server. Therefore, the Windows user account thatis used to install Symantec Data Loss Prevention must be able to access toSQL*Plus.

To install Oracle 11g Release 2

1 Shut down the following services if they are running in Windows Services:

All Oracle services

Distributed Transaction Coordinator service

To view the services go to Start > Control Panel > Administrative Tools >Computer Management, and then expand Services and Applications andclick Services.

2 Unzip the required software installation files:

For 32 bit systems, unzip the win32_11.2.0.3_database_1of2.zip andwin32_11.2.0.3_database_2of2.zip files into a common temporarydirectory.

For 64-bit systems, unzip the win64_11.2.0.3_database_1of2.zip andwin64_11.2.0.3_database_2of2.zip files into a common temporarydirectory.

3 To install the Oracle software, navigate to the database directory that islocated inside the common temporary directory and double-click the OracleUniversal Installer file, setup.exe.

4 On the ConfigureSecurityUpdates panel, deselect Iwishtoreceivesecurityupdates via My Oracle Support, and click Next.

A dialog box displays that asks you to confirm that you wish to remainuninformed of critical security issues. Select Yes.

Symantec certifies and provides Oracle Critical Patch Updates for use withSymantec Data Loss Prevention, along with detailed installation instructions.You do not need to receive these updates from Oracle Support.

5 On the Downloadsoftwareupdates panel, select Skipsoftwareupdates andclick Next.

6 On the Select Installation Options panel, select Install database softwareonly and click Next.

7 On the Grid Installation Options panel, select Single instance databaseinstallation and click Next.

Installing Oracle 11g on WindowsInstalling the Oracle 11g software for Windows

36

8 On the Select Product Languages panel, click Next to accept English as thedefault language.

9 On the Select Database Edition panel, select Standard Edition and clickNext.

10 On the Specify Installation Location panel, enter the following paths in thespecified fields, and click Next:

Oracle Base: Enter c:\oracle

Software Location: Enter c:\oracle\product\11.2.0.3\db_1

Note: All example paths in this document use the installation directoryc:\oracle\product\11.2.0\db_1. If you specify a different installationdirectory, substitute the correct path as necessary throughout this document.

The installer application performs a prerequisite check and displays theresults.

11 On the Summary panel, click Install to begin the installation.

The installer application installs the Oracle 11g software to your computer.

12 On the Finish panel, click Close to exit the installer application.

Creating theSymantecDataLossPreventiondatabasePerform the following procedure to create the Symantec Data Loss Preventiondatabase.

37Installing Oracle 11g on WindowsCreating the Symantec Data Loss Prevention database

Note: If you are installing Oracle 11g on a 64-bit computer to migrate an existing32-bit Symantec Data Loss Prevention database, do not perform this procedure.

To create the Symantec Data Loss Prevention database

1 Set the ORACLE_HOME environment variable for your new installation. Opena command prompt, and enter:

set ORACLE_HOME=c:\oracle\product\11.2.0.3\db_1

If you installed Oracle 11g into a different location, substitute the correctdirectory in this command.

You may want to configure your Windows system to automatically set theORACLE_HOME environment variable each time you log on. See your Windowsdocumentation for details about setting environment variables.

2 Extract the database template file (.dbt file) from the11g_r2_32_bit_Installation_Tools.zip or11g_r2_64_bit_Installation_Tools.zip file to the%ORACLE_HOME%\assistants\dbca\templates folder. For example, copyOracle_11g_Database_for_Vontu_v11_32_bit.dbt for 32-bit installations,or copy Oracle_11g_Database_for_Vontu_v11_64_bit.dbt for 64-bitinstallations.

3 Click the Windows Start menu and locate the Start > All Programs > Oracle- OraDb11g_home1 > Configuration and Migration Tools menu item.

4 Right click on the Start > All Programs > Oracle - OraDb11g_home1 menuitem and select Rename.

5 Rename the OraDb11g_home1 portion of the menu item to Oracle_11.2.0.3.

6 Start the Oracle Database Configuration Assistant to create the SymantecData Loss Prevention database. Choose Start > All Programs > Oracle -Oracle_11.2.0.3 > Configuration and Migration Tools > DatabaseConfiguration Assistant.

7 On the Welcome panel, click Next.

8 On the Operations panel, select Create a Database and click Next.

Installing Oracle 11g on WindowsCreating the Symantec Data Loss Prevention database

38

9 On the DatabaseTemplates panel, select Oracle11gDatabaseforVontuv1132 bit for 32-bit installations, or select Oracle 11g Database for Vontu v1164 bit for 64-bit installations. Click Next.

Caution:You must use the Symantec Data Loss Prevention template to createthe database. Do not use an alternate template or reuse an existing databaseinstance. If you do not use the supplied template, failures can occur whenyou use Symantec Data Loss Prevention. Failures can also occur later whenyou try to upgrade the product.

10 On the DatabaseIdentification panel, set the database name (Global DatabaseName) and the Oracle System Identifier (SID) by performing the followingsteps in this order:

Enter protect in the Global Database Name field.The SID field is automatically set to protect. Keep the SID and the GlobalDatabase Name fields as the same value, "protect."

Click Next.

Write down the database name and SID for later use when you install theSymantec Data Loss Prevention software.

11 On the Management Options panel, perform the following steps in order:

Deselect Configure Enterprise Manager.

Select the Automatic Maintenance Tasks tab and deselect Enableautomatic maintenance tasks.

Click Next.

12 On the Database Credentials panel, perform the following steps in order:

Select Use the Same Administrative Password for All Accounts.

Enter a password in the Password field.

Re-enter the same password in the Confirm Password field.

Click Next.

Follow these guidelines to create acceptable passwords:

Passwords cannot contain more than 30 characters.

Passwords cannot contain double quotation marks, commas, orbackslashes.

Avoid using the & character.

39Installing Oracle 11g on WindowsCreating the Symantec Data Loss Prevention database

Passwords are case-sensitive by default. You can change the casesensitivity through an Oracle configuration setting.

If your password uses special characters other than _, #, or $, or if yourpassword begins with a number, you must enclose the password in doublequotes when you configure it.

If you enter a password that does not meet these guidelines, Oracle keepsprompting for a password. You must enter a password. Do not kill the OracleDatabase Configuration Assistant.

Note: You can optionally use different passwords for each user account type.The various user account types are SYS, SYSTEM, DBSNMP, and SYSMAN.

13 On the Database File Locations panel, accept the default selection, UseDatabase File Locations from Template, and click Finish.

The Database Configuration Assistant displays a Confirmation window witha summary of the database configuration.

14 Click OK on the Confirmation window to create the database.

The database creation can take up to 20 minutes to complete. If the databasecreation process fails or hangs, check the Oracle Database ConfigurationAssistant logs (located in the %ORACLE_HOME%\cfgtoollogs\dbca\SID folder)for errors (for example,c:\oracle\product\11.2.0.3\db_1\cfgtoollogs\dbca\protect).

When the database creation process is complete, another DatabaseConfiguration Assistant window opens and displays the database details.

15 Click Exit.

16 If the database service (OracleServicePROTECT) is down, start it usingWindows Services. To view services, choose Start > Control Panel >AdministrativeTools>ComputerManagement>ServicesandApplications,and then open Services.

Creating the TNS Listener on WindowsPerform the following procedure to create a TNS listener for the Symantec DataLoss Prevention database.

Installing Oracle 11g on WindowsCreating the TNS Listener on Windows

40

To create the TNS Listener

1 (Optional) If you logged on as a domain user, you must set the sqlnet.orafile SQLNET.AUTHENTICATION_SERVICES=() value to none. Otherwise, proceedto step 2.

To set the sqlnet.ora file SQLNET.AUTHENTICATION_SERVICES=() value,perform the following steps in this order:

Open sqlnet.ora, located in the %Oracle_Home%\network\admin folder(for example, c:\oracle\product\11.2.0\db_1\NETWORK\ADMIN), usinga text editor.

Change the SQLNET.AUTHENTICATION_SERVICES=(NTS)value to none:

SQLNET.AUTHENTICATION_SERVICES=(none)

Save and close the sqlnet.ora file.

2 Start the Oracle Net Configuration Assistant by selecting Start>AllPrograms> Oracle 11.2.0.3 > Configuration and Migration Tools > Net ConfigurationAssistant.

3 On the Welcome panel, select Listener configuration and click Next.

4 On the Listener Configuration, Listener panel, select Add and click Next.

5 On the Listener Configuration, Listener Name panel, enter a listener nameand click Next.

Note:Use the default listener name, LISTENER, unless you must use a differentname.

6 On the ListenerConfiguration,SelectProtocols panel, select the TCP protocoland click Next.

7 On the Listener Configuration, TCP/IP Protocol panel, select Use thestandard port number of 1521 and click Next.

8 On the Listener Configuration, More Listeners? panel, select No and clickNext.

9 On the Listener Configuration Done panel, click Next.

10 Leave the Oracle Net Configuration Assistant open to configure the Local NetService Name.

See Configuring the local net service name on page 43.

41Installing Oracle 11g on WindowsCreating the TNS Listener on Windows

11 On the computer that runs your Oracle database, open a command prompt.The command window must run as Administrator. (See your MicrosoftWindows documentation.)

12 Run the following command:

lsnrctl stop

13 Open the following file in a text editor:

%ORACLE_HOME%\network\admin\listener.ora

14 Locate the following line:

(ADDRESS = (PROTOCOL = IPC)(KEY = ))

15 Change key_value to PROTECT.

16 Add the following line to the end of the file:

SECURE_REGISTER_LISTENER = (IPC)

17 Save the file and exit the text editor.


lsnrctl start

19 Run the following commands to connect to the database using SQL Plus:

sqlplus /nolog

conn sys/ as sysdba


ALTER SYSTEM SET local_listener =

'(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=PROTECT)))' SCOPE=both;

21 Run the following command to register the listener:

ALTER SYSTEM REGISTER;

22 Exit SQL Plus by running the following command:

exit

Installing Oracle 11g on WindowsCreating the TNS Listener on Windows

42

23 Run the following command to verify the change:

24 lsnrctl services

The command output should display a message similar to the following:

Services Summary...

Service "protect" has 1 instance(s).

Instance "protect", status READY, has 1 handler(s) for this service...

Handler(s):

"DEDICATED" established:0 refused:0 state:ready

LOCAL SERVER

The command completed successfully

Configuring the local net service namePerform the following procedure to configure the Local Net Service Name for theSymantec Data Loss Prevention database.

To configure the local net service name

1 If the Oracle Net Configuration Assistant is not already running, start it byselecting Start > All Programs > Oracle 11.2.0.3 > Configuration andMigration Tools > Net Configuration Assistant.

2 On the Welcome panel, select Local Net Service Name configuration andclick Next.

3 On the Net Service Name Configuration panel, select Add and click Next.

4 On the NetServiceNameConfiguration,ServiceName panel, enter "protect"in the Service Name field and click Next.

5 On the Net Service Name Configuration, Select Protocols panel, select TCPand click Next.

6 On the Net Service Name Configuration, TCP/IP Protocol panel:

Enter the IP address of the Oracle server computer in the Hostname field.

Select Use the standard port number of 1521 (the default value).

Click Next.

7 On the Net Service Name Configuration, Test panel, select No, do not testand click Next.

Do not test the service configuration, because the listener has not yet started.

8 On the Net Service Name Configuration, Net Service Name panel, selectaccept the default name of "protect" and click Next.

43Installing Oracle 11g on WindowsConfiguring the local net service name

9 On the NetServiceNameConfiguration,AnotherNetServiceName? panel,select No and click Next.

10 On the Net Service Name Configuration Done panel, select Next.

11 Click Finish to exit the Oracle Net Configuration Assistant.

Verifying the Symantec Data Loss Preventiondatabase

After creating the Symantec Data Loss Prevention database, you should verifythat it was created correctly.

To verify that the database was created correctly

1 Open a new command prompt and start SQL*Plus:

sqlplus /nolog

Using a new command prompt ensures that your Path environment variableincludes the SQL*Plus directory.

2 Log on as the SYS user:

SQL> connect sys/[email protected] as sysdba

Where password represents the SYS password.

3 Run the following query:

SQL> SELECT * FROM v$version;

Installing Oracle 11g on WindowsVerifying the Symantec Data Loss Prevention database

44

4 Make sure that the output from the query contains the following information,which identifies the software components as version 11.2.0.3. For a 32-bitinstallation, the output should read:

BANNER

--------------------------------------------------------------------------------

Oracle Database 11g Release 11.2.0.3.0 - Production

PL/SQL Release 11.2.0.3.0 - Production

CORE 11.2.0.3.0 Production

TNS for 32-bit Windows: Version 11.2.0.3.0 - Production

NLSRTL Version 11.2.0.3.0 - Production

For a 64-bit installation, the output should read:

BANNER

--------------------------------------------------------------------------------

Oracle Database 11g Release 11.2.0.3.0 - 64-bit Production

PL/SQL Release 11.2.0.3.0 - Production

CORE 11.2.0.3.0 Production

TNS for 64-bit Windows: Version 11.2.0.3.0 - Production

NLSRTL Version 11.2.0.3.0 - Production

5 Exit SQL*Plus:

SQL> exit

Creating the Oracle user account for Symantec DataLoss Prevention

Perform the following procedure to create an Oracle user account and name itprotect.

To create the new Oracle user account named protect

1 Extract the SQL script file, oracle_create_user.sql, from the11g_r2_32_bit_Installation_Tools.zip or11g_r2_64_bit_Installation_Tools.zip file to a local directory.

2 Open a command prompt and go to the directory where you extracted theoracle_create_user.sql file.

45Installing Oracle 11g on WindowsCreating the Oracle user account for Symantec Data Loss Prevention

3 Start SQL*Plus:

sqlplus /nolog

4 Run the oracle_create_user.sql script:

SQL> @oracle_create_user.sql

5 At the Please enter the password for sys user prompt, enter the passwordfor the SYS user.

6 At the Please enter sid prompt, enter "protect."

7 At the Pleaseenterrequiredusernametobecreated prompt, enter "protect"for the user name.

8 At the Please enter a password for the new username prompt, enter a newpassword.

Follow these guidelines to create acceptable passwords:

Passwords cannot contain more than 30 characters.

Passwords cannot contain double quotation marks, commas, orbackslashes.

Avoid using the & character.

Passwords are case-sensitive by default. You can change the casesensitivity through an Oracle configuration setting.

If your password uses special characters other than _, #, or $, or if yourpassword begins with a number, you must enclose the password in doublequotes when you configure it.

Store the password in a secure location for future use. You must use thispassword to install Symantec Data Loss Prevention. If you need to changethe password after you install Symantec Data Loss Prevention, see theSymantec Data Loss Prevention Administration Guide for instructions.

Locking the DBSNMP Oracle user accountTo maintain security, you should lock the Oracle DBSNMP user account.

Installing Oracle 11g on WindowsLocking the DBSNMP Oracle user account

46

To lock the Oracle DBSNMP user account

1 Open a command prompt and start SQL*Plus:

sqlplus /nolog

2 Log on as the SYS user:

SQL> connect sys/password as sysdba

Where password is the SYS password.

3 Lock the DBSNMP user account:

SQL> ALTER USER dbsnmp ACCOUNT LOCK;

4 Exit SQL*Plus:

SQL> exit

47Installing Oracle 11g on WindowsLocking the DBSNMP Oracle user account

Installing Oracle 11g on WindowsLocking the DBSNMP Oracle user account

48

Installing the DataClassification Service


Enforce Server and Classification Server minimum requirements

Installing an Enforce Server

Verifying an Enforce Server installation

About the Data Classification for Enterprise Vault Solution Pack

Importing the solution pack

Classification Server installation preparations

Installing a Classification Server

Verifing a Classification Server installation

Registering a Classification Server

Configuring the Classification Server

About post-installation security configuration

Enforce Server and Classification Server minimumrequirements

The following table describes the minimum system requirements for running theEnforce Server or a Classification Server on dedicated server hardware.

4Chapter

Table 4-1 Enforce Server and Classification Server minimum systemrequirements

Classification Server minimumrequirements

Enforce Server minimum requirementsComponent

2 x 3.0-GHz CPUs for small or medium enterprises

2 x 3.0 GHz dual-core CPUs for large or very large enterprises

Processor

68 GB RAM for small or medium enterprises

8-16 GB RAM for large or very large enterprises

Memory

140 GB Ultra SCSI500 GB, RAID 1+0 or RAID 5 for small ormedium enterprises

1 TB, RAID 1+0 or RAID 5 for large or verylarge enterprises

Disk requirements

To communicate with Enforce Server:

1 copper or fiber 1 Gb/100 Mb Ethernet NIC

To communicate with detection servers:

1 copper or fiber 1 Gb/100 Mb Ethernet NIC

NICs

Microsoft Windows Server 2003, Enterprise Edition (32-bit) with Service Pack 2 or later

or

Microsoft Windows Server 2008 R2, Standard Edition (64-bit) or later

or

Microsoft Windows Server 2008 R2, Enterprise Edition (64-bit) or later

Operating system

Symantec also supports running the Enforce Server or a Classification Server onthe following virtualization products:

VMware ESX version 3.5 (32-bit or 64-bit hardware)

VMware ESX version 4.0 (64-bit hardware)

VMware ESX version 4.1 (64-bit hardware)

VMware ESXi version 4.1 (64-bit hardware)

At a minimum, ensure that each virtual server environment matches the systemrequirements for the servers that are described in this document. A variety offactors influence performance of virtual machine configurations, including thenumber of CPUs, the amount of dedicated RAM, and the resource reservationsfor CPU cycles and RAM. The virtualization overhead and guest operating systemoverhead can lead to a performance degradation in throughput for large datasetscompared to a system running on physical hardware. Use your own test resultsas a basis for sizing deployments to virtual machines.

Installing the Data Classification ServiceEnforce Server and Classification Server minimum requirements

50

For detailed information on the full system requirements for Symantec Data LossPrevention, see the Symantec Data Loss Prevention System Requirements andCompatibilityGuide. This guide is updated as new information becomes available.You can find the latest version of the guide by accessing the following article inthe Symantec Data Loss Prevention knowledgebase (You must have an accountfor the knowledgebase to access this article.):


Browser requirements for accessing the Enforce Server administrationconsole

Windows clients can access the Enforce Server administration console using anyof the following browsers:

Microsoft Internet Explorer 8.x, 9.x

Mozilla Firefox versions 8 through 12

Installing an Enforce ServerThe instructions that follow describe how to install an Enforce Server.

Before you install an Enforce Server:

Complete the preinstallation steps.

Verify that the system is ready for installation.

Ensure that the Oracle software and Symantec Data Loss Prevention databaseis installed on the appropriate system.

For single- and two-tier Symantec Data Loss Prevention installations, Oracleis installed on the same computer as the Enforce Server.

For a three-tier installation, Oracle is installed on a separate server. For athree-tier installation, the Oracle Client (SQL*Plus and Database Utilities)must be installed on the Enforce Server computer to enable communicationwith the Oracle server.

Before you begin, make sure that you have access and permission to run theSymantec Data Loss Prevention installer software:ProtectInstaller_11.6.exe for 32-bit platforms orProtectInstaller64_11.6.exe for 64-bit platforms.

If you intend to run Symantec Data Loss Prevention using Federal InformationProcessing Standards (FIPS) encryption, you must first prepare for FIPS encryption.You must also run the ProtectInstaller with the appropriate FIPS parameter.

51Installing the Data Classification ServiceInstalling an Enforce Server


For more information about FIPS encryption, see the Symantec Data LossPrevention Administration Guide.

Note: The following instructions assume that the ProtectInstaller_11.6.exeor ProtectInstaller64_11.6.exe file and license file have been copied into thec:\temp directory on the Enforce Server computer.

To install an Enforce Server

1 Symantec recommends that you disable any antivirus, pop-up blocker, andregistry protection software before you begin the Symantec Data LossPrevention installation process.

2 Log on (or remote log on) as Administrator to the Enforce Server system onwhich you intend to install Enforce.

3 Go to the folder where you copied the ProtectInstaller_11.6.exe orProtectInstaller64_11.6.exe file (c:\temp).

4 Double-clickProtectInstaller_11.6.exeorProtectInstaller64_11.6.exeto execute the file, and click OK.

5 In the Welcome panel, click Next.

6 After you review the license agreement, select I accept the agreement, andclick Next.

Note: This license file that you require is the one that you generated forEnterprise Vault with Data Classification Services.

7 In the Select Components panel, select the type of installation you areperforming and then click Next.

There are four choices:

EnforceSelect Enforce to install Symantec Data Loss Prevention on an EnforceServer for two- or three-tier installations. When you select Enforce, theIndexer is also automatically selected by default.

DetectionSelect Detection to install a detection server as part of a two- or three-tierinstallation.

IndexerSelect Indexer to install a remote indexer.

Installing the Data Classification ServiceInstalling an Enforce Server

52

Single TierSelect Single Tier to install all components on a single system.

Choose Enforce if you are deploying a two-tier or three-tier system. SelectSingle Tier to install a single tier system.

8 In the LicenseFile panel, browse to the directory containing your license file.Select the license file, and click Next.

License files have names in the format name.slf.

9 In the Select Destination Directory panel, accept the default destinationdirectory, or enter an alternate directory, and click Next. The defaultinstallation directory is:

c:\SymantecDLP

Symantec recommends that you use the default destination directory.References to the "installation directory" in Symantec Data Loss Preventiondocumentation are to this default location.

Enter directory names, account names, passwords, IP addresses, and portnumbers that you create or specify during the installation process usingstandard 7-bit ASCII characters only. Extended (hi-ASCII) and double-bytecharacters are not supported.

Note: Do not install Symantec Data Loss Prevention in any directory thatincludes spaces in its path. For example, c:\Program Files\SymantecDLP isnot a valid installation folder because there is a space between Programand Files.

10 In the Select Start Menu Folder panel, enter the Start Menu folder whereyou want the Symantec Data Loss Prevention shortcuts to appear.

The default is Symantec Data Loss Prevention.

11 Select one of the following options and then click Next.

Create shortcuts for all usersThe shortcuts are available in the s

symantec enterprise vault : data classification services ... · symantec enterprise vault™ data...

Documents

Symantec Enterprise Vault - Veritas 11... · Symantec Enterprise Vault™ PowerShell Cmdlets 11.0. SymantecEnterpriseVault:PowerShellCmdlets

Symantec NetBackup for Enterprise Vault Agent Administrator's Guide: for Windows · 2011-08-25 · Symantec NetBackup™ for Enterprise Vault™ Agent Administrator's Guide for Windows

Symantec Corporation Symantec Enterprise Vault ... · 2.1.1 Symantec Enterprise Vault Symantec Enterprise Vault is a content archiving platform that enables automatic archival of

NETAPP TECHNICAL REPORT Solutions Blueprint for Symantec Enterprise Vault …doc.agrarix.net/netapp/tr/tr-3717.pdf · 2012-11-06 · Symantec Enterprise Vault Data ONTAP Snap Manager

Symantec Enterprise Vault Installing and Configuring

Symantec Enterprise Vault and NetBackup 5000 Appliance

Symantec Enterprise Vault Compatibility Charts

Symantec Enterprise Vault · and Symantec Security Response to provide alerting services and virus definition updates. ... File System Archiving requirements for Enterprise Vault

Symantec Enterprise Vault - Veritas 11... · TechnicalSupport SymantecTechnicalSupportmaintainssupportcentersglobally.TechnicalSupport’s primaryroleistohelpyouresolvespecificproblemswithaSymantecproduct.The

IS1200 Enterprise Vault Connector User 4.3 · Kazeon IS1200 Connector for Symantec Enterprise Vault User and Configuration Guide v Preface The Kazeon IS1200 Connector fo r Symantec

Hitachi Adapter for Symantec Enterprise Vault User's … v Hitachi Adapter for Symantec Enterprise Vault User's Guide Intended Audience This document is intended for Enterprise Vault

Symantec Enterprise Vault™ Technical Note

Symantec Enterprise Vault Cryptographic Module

IS1200 Symantec Enterprise Vault Connector User Guide 4.3 · Chapter 1: Introduction 2 EMC SourceOne eDiscovery - Kazeon IS1200 Symantec Enterprise Vault Connector User Guide Enterprise

Symantec Enterprise Vault Mailbox Continuity.cloud Presentation 1 Symantec Enterprise Vault Mailbox Continuity.cloud Service Overview Paul Maple - Redefine

Symantec Enterprise Vault - Veritas Enterprise Vault: Setting up Domino Server Archiving Thesoftwaredescribedinthisbookisfurnishedunderalicenseagreementandmaybeused only in accordance

Symantec NetBackup for Enterprise Vault Agent ...danno/symantec/NetBackup... · What's new in Enterprise Vault Agent 7.5 Enterprise Vault agent 7.5 supports Enterprise Vault 10.0

Symantec Enterprise Vault - Veritas...Symantec Enterprise Vault: Setting up File System Archiving (FSA) ... Troubleshooting the configuration of FSA with clustered file ... Celerra/VNX

Symantec NetBackup Vault Operator's Guidedanno/symantec/NetBackup_O... · Symantec NetBackup Vault Operator's Guide Thesoftwaredescribedinthisbookisfurnishedunderalicenseagreementandmaybeused

Symantec Document Retention and Discovery Symantec ... · Discovery Reference Model, including automated data transfer between Symantec Enterprise Vault Discovery Accelerator and

Symantec Enterprise Vault - Illinois · PDF fileIntroducing Symantec Enterprise Vault Thischapterincludesthefollowingtopics: AboutEnterpriseVaultandyourOutlookmailbox AboutVaultCacheforOutlookusers

Coveo Platform 7.0 - Symantec Enterprise Vault Connector Guidedownload.coveo.com/onlinehelppdfs/CES70-SymantecEV... · 2019-01-07 · Symantec Enterprise Vault connector, Coveo Platform

Symantec Enterprise Vault™ Compliance Accelerator

Symantec Enterprise Vaultknowledgebase.mcgill.ca/media/pdf/Email-Calendar/EV_Guide_for_Outlook... · Introducing Symantec Enterprise Vault This chapter includes the following topics:

Symantec Enterprise Vault - Veritas · Symantec Enterprise Vault: Setting up Domino Server Archiving Thesoftwaredescribedinthisbookisfurnishedunderalicenseagreementandmaybeused only

Symantec Enterprise Vault - Veritas · Symantec Enterprise Vault ™ and Symantec ... workload, quickly cull through information, and perform self-service exports. Exported information

Data Sheet: Archiving Symantec Enterprise Vault™ · 2009-02-25 · Data Sheet: Archiving Symantec Enterprise Vault™ Page 2 of 6 •Simplified Installation and Administration –

Symantec NetBackup Vault Operator's Guide · Symantec NetBackup™ Vault™ Operator's Guide UNIX, Windows, and Linux Release 7.7

Symantec Enterprise Vault - Illinois · Introducing Symantec Enterprise Vault Thischapterincludesthefollowingtopics: AboutEnterpriseVaultandyourOutlookmailbox AboutVaultCacheforOutlookusers

Symantec Enterprise Vault - Veritas to a Lotus Notes database. ... To run a command-line utility with Administrator privileges ... Symantec Enterprise Vault Help

Symantec Document Retention and Discovery Symantec Enterprise Vault Symantec ...img2.insight.com/graphics/uk/media/pdf/document... · 2008-06-24 · Symantec Enterprise Vault provides

Symantec Enterprise Vault - Veritas · Symantec Enterprise Vault: Setting up File System Archiving (FSA) ... Chapter 6 Adding an EMC Celerra/VNX device to File System Archiving

What’s New with Enterprise Vault 11 - Information Store · What’s New with Enterprise Vault 11 ? Symantec Enterprise Vault 11 - What's New ? 1 . ... Symantec Enterprise Vault

Symantec Enterprise Vault - Talented Teacher Jobs · 2017-07-15 · Symantec Enterprise Vault: Application Programmer’s Guide The software described in this book is furnished under

EMC Data Domain and Symantec Enterprise Vault Integration