Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

EV Exchange PDF

Download as pdf or txt
Download as pdf or txt
You are on page 1of 617

Symantec Enterprise Vault

Installing and Configuring

2007

Symantec Information Foundation

Symantec Enterprise Vault: Installing and Configuring


Legal Notice
Copyright 2007 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and Enterprise Vault are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any. THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE. The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement. Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 http://www.symantec.com

Contents

Chapter 1

About this guide .................................................................. 23


Prerequisite knowledge ................................................................. Getting help ................................................................................ Accessing the Support Web site ................................................ Subscribing to Email Notifications ............................................ Accessing Symantec telephone and fax support ........................... Related documentation ................................................................. Related resources ......................................................................... Comment on the documentation ..................................................... 23 24 24 24 25 25 26 26

Section 1
Chapter 2

Enterprise Vault prerequisites ............................ 27


Enterprise Vault hardware prerequisites ....................... 29
Server hardware requirements ....................................................... Enterprise Vault server ........................................................... SQL Server ............................................................................ Additional processing capacity for initial archiving ...................... Network requirements .................................................................. Storage requirements ................................................................... Vault stores .......................................................................... Enterprise Vault indexes ......................................................... SQL databases ....................................................................... Shopping baskets ................................................................... Local storage ......................................................................... What next? ................................................................................. 29 29 30 31 31 32 32 33 34 35 35 36

Chapter 3

Enterprise Vault prerequisite software and settings ............................................................................ 37


About the Enterprise Vault prerequisite software and settings ............. Enterprise Vault Deployment Scanner ............................................. Basic software requirements .......................................................... Operating system components .................................................. SQL server software ............................................................... Microsoft Data Access Components (MDAC) ................................ 37 38 38 38 43 44

Contents

Pre-installation tasks for Enterprise Vault server ............................... Creating the Vault Service account ............................................ Creating a SQL login ............................................................... Enterprise Vault DNS aliases .................................................... What next? .................................................................................

44 44 46 47 48

Chapter 4

Additional requirements for Operations Manager ..........................................................................


About additional requirements for Operations Manager ...................... Where and when to install Operations Manager ................................. Additional prerequisite software ..................................................... Additional preinstallation tasks ...................................................... What next? .................................................................................

49 49 49 50 50 50

Chapter 5

Requirements for Enterprise Vault Reporting ............... 53


About requirements for Enterprise Vault Reporting ........................... Where and when to install Enterprise Vault Reporting ........................ Prerequisites for Enterprise Vault Reporting ..................................... Using Reporting on a 64-bit machine ......................................... Preinstallation tasks ..................................................................... What next? ................................................................................. 53 53 54 54 55 55

Chapter 6

Additional requirements for Exchange Server archiving .........................................................................


About the requirements for Exchange Server archiving ....................... Required software on Enterprise Vault server ................................... Exchange Management Tools ................................................... Outlook on the Enterprise Vault server computer ......................... Pre-installation tasks for Exchange Server archiving .......................... The Enterprise Vault system mailbox ......................................... Additional Vault Service account permissions ............................. Assigning permissions on Microsoft Exchange Server ................... Create an Outlook profile on the Enterprise Vault server computer ........................................................................ Configure Internet Explorer ..................................................... Enterprise Vault client access with Exchange Server archiving ............. Prerequisites for Outlook Add-Ins ............................................. OWA clients .......................................................................... Customized shortcuts ............................................................. Archive search and Archive Explorer in standalone browser .......... Prerequisites for OWA ..................................................................

57 57 58 58 58 59 59 60 60 63 64 64 64 65 66 66 67

Contents

Prerequisites for RPC over HTTP .................................................... RPC over HTTP with Exchange Server 2003 ................................ RPC over HTTP with Exchange Server 2007 (Outlook Anywhere) ...................................................................... What next? .................................................................................

68 68 68 69

Chapter 7

Additional prerequisites for Domino Server archiving .........................................................................


Prequisites for all Enterprise Vault servers ....................................... Prerequisites for Domino Server mailbox archiving ............................ Prerequisite software for Enterprise Vault Domino Gateway ......... Prerequisite software for target Domino mail servers ................... Prerequisites for Enterprise Vault extensions for Lotus Notes clients ............................................................................ Pre-installation tasks for Domino mailbox archiving .................... Register the Enterprise Vault Domino Gateway ........................... User ID for Domino mailbox archiving ....................................... Configure the server document for each target Domino mail server ............................................................................ Install and configure Enterprise Vault Domino Gateway ................ Install and configure Lotus Notes on Enterprise Vault Domino Gateway ......................................................................... Install and configure Enterprise Vault ....................................... Prerequisites for Domino journal archiving ....................................... Conflict with Microsoft Office 2003 ........................................... Domino Journaling databases ................................................... Access for Enterprise Vault ...................................................... Domino Mailing List Groups ..................................................... Client access for Domino journal archiving ................................. What next? .................................................................................

71 71 72 72 73 73 73 74 76 77 79 81 81 82 82 83 84 85 85 85

Chapter 8

Additional prerequisites for File System Archiving (FSA) ................................................................................. 87


About the prerequisites for FSA ...................................................... Enterprise Vault server requirements .............................................. About FSA shortcuts ..................................................................... Placeholder shortcut requirements ........................................... The FSA Agent ............................................................................ Preparing file servers .................................................................... Setting the permissions on a NetApp Filer .................................. Configuring Internet Explorer on NTFS file servers ............................ Client requirements ...................................................................... 87 87 88 88 89 89 90 90 91

Contents

What next? ................................................................................. 91

Chapter 9

Additional prerequisites for SharePoint Server archiving .........................................................................


Enterprise Vault server requirements .............................................. SharePoint Server requirements ..................................................... SharePoint security certificates ................................................ Support for SharePoint 2003 to 2007 gradual migration ................ Installing Enterprise Vault SharePoint components ........................... Running the configuration wizard ................................................... What next? .................................................................................

93 93 94 94 95 96 97 97

Chapter 10

Additional prerequisites for SMTP archiving ................ 99


About the prerequisites for SMTP archiving ...................................... 99 Microsoft SMTP Server requirements .............................................. 99 Enterprise Vault server and holding area requirements ..................... 100 Client access for SMTP archiving ................................................... 100 What next? ................................................................................ 101

Chapter 11

Prerequisites for a standalone Enterprise Vault Administration Console .............................................. 103


About the prerequisites for a standalone Enterprise Vault Administration Console ......................................................... 103 Additional requirements for Exchange Server archiving .................... 104 What next? ................................................................................ 104

Section 2
Chapter 12

Installing and configuring Enterprise Vault ............................................................................. 105


Licenses and license keys ................................................ 107
Overview of licensing .................................................................. Obtaining license keys ................................................................. Installing Enterprise Vault license key files ..................................... Replacing licenses and installing additional licenses ........................ What next? ................................................................................ 107 108 109 109 110

Chapter 13

Installing Enterprise Vault ............................................... 111


Before you install Enterprise Vault ................................................ 111 Installing Enterprise Vault ........................................................... 111

Contents

What next? ................................................................................ 112

Chapter 14

Postinstallation tasks ....................................................... 115


Security for the Web access application .......................................... Setting up the default authentication ....................................... Customizing security for the Web access application ........................ Using a default domain with basic authentication ....................... Customizing security on the client computers .................................. Using the proxy bypass list .................................................... Enabling remote access to the Web access application computer ...................................................................... What next? ................................................................................ 115 116 117 117 119 120 121 122

Chapter 15

Configuring Enterprise Vault .......................................... 123


About configuring Enterprise Vault ............................................... Running the Enterprise Vault configuration wizard .......................... When to run the configuration wizard ...................................... What the configuration wizard does ......................................... Running the configuration wizard ........................................... Troubleshooting configuration of the Monitoring database .......... Configuring Enterprise Vault Operations Manager ........................... When to run the Configuration utility ...................................... Running the Operations Manager Configuration utility ............... Accessing Operations Manager ............................................... Troubleshooting Operations Manager ...................................... Configuring Enterprise Vault Reporting ......................................... When to run the Reporting Configuration utility ........................ Running the Reporting Configuration utility ............................. Postconfiguration steps for Enterprise Vault Reporting ............... Accessing the reports ............................................................ Troubleshooting Enterprise Vault Reporting ............................. What next? ................................................................................ 123 124 124 124 125 129 129 129 129 130 131 131 132 132 133 134 135 135

Chapter 16

Initial Enterprise Vault setup .......................................... 137


License keys .............................................................................. Using the Administration Console ................................................. Setting up the Administration Console to display Japanese characters ..................................................................... Starting the Administration Console ........................................ About administration roles .................................................... Adding services .......................................................................... 137 137 138 139 140 141

Contents

Creating retention categories ........................................................ Retention category properties ................................................. Creating a default vault store and partition ..................................... Reviewing the default settings for the site ....................................... Setting the Site archiving schedule .......................................... URL for the Web access application ......................................... What next? ................................................................................

141 142 143 145 146 147 148

Chapter 17

Uninstalling Enterprise Vault .......................................... 149


Uninstalling Enterprise Vault ....................................................... 149 Reinstalling Enterprise Vault ........................................................ 150

Section 3
Chapter 18

Setting up Exchange Server archiving .......... 151


Distributing Exchange Server Forms ............................. 153
About distributing the Microsoft Exchange forms ............................. Using Organizational Forms Library ........................................ Using Personal Forms Libraries .............................................. What next? ................................................................................ 153 153 157 157

Chapter 19

Setting up archiving from mailboxes ............................ 159


Vault store and partition .............................................................. Defining archiving policies ........................................................... Mailbox policy settings .......................................................... Adding Exchange Server archiving targets ...................................... Adding an Exchange Server domain ......................................... Adding an Exchange Server .................................................... Adding a Provisioning Group .................................................. Adding an Exchange Provisioning task ........................................... Adding an Exchange Mailbox archiving task .................................... Reviewing the default archiving settings for the site ......................... Using customized shortcuts ......................................................... Layout of ShortcutText.txt ..................................................... Controlling the appearance of desktops .......................................... Automatically deploying Exchange forms locally ........................ Editing automatic messages ......................................................... Editing the Welcome message ................................................. Editing Archive Usage Limit messages ..................................... Starting the Task Controller service and archiving task ..................... Enabling mailboxes for archiving .................................................. Creating shared archives ....................................................... 160 160 160 165 165 166 167 169 170 170 171 173 174 175 175 175 176 177 177 179

Contents

Installing the Outlook Add-Ins on a server ...................................... 179 Users tasks ............................................................................... 180

Chapter 20

Setting up users desktops .............................................. 181


Outlook Add-Ins ......................................................................... Windows Desktop Search plug-in ............................................ Shortcut to the Setup file in the Welcome message ..................... Publishing the Add-Ins in Active Directory ................................ Making the HTTP-only Self-Installing Outlook Add-In available .......... Copying the files .................................................................. Editing the archived item form ............................................... Testing the edited form ......................................................... Publishing the edited form ..................................................... Enabling the installation of HTTP-only Self-Installing Outlook Add-Ins ........................................................................ Forcing Outlook synchronize forms ............................................... Getting users started ................................................................... Configuring Windows Desktop Search ...................................... What next? ................................................................................ 181 182 184 184 185 186 186 188 188 189 190 190 190 191

Chapter 21

Offline archives for offline users .................................... 193


About this chapter ...................................................................... How the offline archive works ....................................................... Offline archive without Archive Explorer ........................................ Offline archive with Archive Explorer ............................................ Setting up offline archives ........................................................... Customizing clients .............................................................. 193 194 194 195 195 196

Chapter 22

Setting up archiving from public folders ...................... 197


About archiving from public folders ............................................... Vault store and partition .............................................................. Creating a public folder archive ..................................................... Adding a Public Folder task .......................................................... Public folder policy settings ......................................................... Exchange Public Folder policy settings ..................................... Adding public folder archiving targets ............................................ Manual (standard) method ..................................................... Automatic method ................................................................ Applying archiving settings to public folders ................................... Scheduling the Public Folder task .................................................. Removing Public Folder targets ..................................................... 197 198 198 199 199 199 203 204 205 206 206 207

10

Contents

Chapter 23

Setting up archiving of journaled messages ................ 209


Before you start ......................................................................... Creating a journal vault store and partition ..................................... Creating a journal archive ............................................................ Adding permissions to the journal archive ...................................... Adding an Exchange Journaling task .............................................. Reviewing the journaling policy settings ......................................... Adding an Exchange Server journal mailbox as a target ..................... Starting the Journaling task ......................................................... What next? ................................................................................ 209 209 210 211 211 212 212 213 214

Chapter 24

Envelope Journaling

......................................................... 215

Enterprise Vault and Exchange Server Envelope Journaling ............... 215 How Enterprise Vault handles envelope messages from Exchange Server 2000 and 2003 ...................................................... 216 How Enterprise Vault handles envelope messages from Exchange Server 2007 ................................................................... 216

Section 4
Chapter 25

Setting up OWA, RPC over HTTP, and ISA Server .......................................................................... 219
Configuring OWA access to Enterprise Vault .............. 221
Enterprise Vault functionality in OWA clients ................................. About OWA forms-based authentication ................................... OWA configurations ................................................................... OWA 2007 configuration ....................................................... OWA 2007 and OWA 2003 mixed environment .......................... OWA 2000 or 2003 with front-end Exchange Server .................... OWA 2000 or 2003 without front-end Exchange Server ............... Clustered OWA configurations ................................................ Configurations for demonstrating Enterprise Vault with OWA ............................................................................ Which OWA Extensions to install .................................................. Configuring Enterprise Vault access for OWA 2007 users .................. Configuring Enterprise Vault for anonymous connections ........... Configuring Enterprise Vault Exchange Mailbox Policy ............... Installing Enterprise Vault OWA 2007 Extensions ...................... Configuring Enterprise Vault access for OWA 2003 users .................. OWA 2003: Configuring Enterprise Vault for anonymous connections ................................................................... 221 222 223 223 224 226 227 229 230 231 232 233 236 236 237 238

Contents

11

Configuring Enterprise Vault Exchange Mailbox Policy ............... Installing OWA Extensions on a back-end Exchange Server 2003 ............................................................................ Configuring a back-end Exchange Server 2003 ........................... Installing OWA Extensions on a front-end Exchange Server 2003 ............................................................................ Configuring a front-end Exchange Server 2003 .......................... Configuring Enterprise Vault access for OWA 2000 users .................. OWA 2000: Configuring Enterprise Vault for anonymous connections ................................................................... Installing OWA Extensions on a back-end Exchange Server 2000 ............................................................................ Configuring a back-end Exchange Server 2000 ........................... Installing OWA Extensions on a front-end Exchange Server 2000 ............................................................................ Configuring a demonstration system .............................................. Troubleshooting ......................................................................... Troubleshooting OWA 2007 Extensions .................................... Troubleshooting OWA 2000 and OWA 2003 Extensions ...............

241 242 242 245 245 246 247 250 251 253 253 254 254 257

Chapter 26

Configuring RPC over HTTP access to Enterprise Vault ............................................................................... 261


About configuring RPC over HTTP access ....................................... Configuring Exchange Server 2007 RPC over HTTP access to Enterprise Vault ................................................................... Prerequisite tasks ................................................................. Configuring Enterprise Vault Exchange Mailbox policies ............. Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault ................................................................... Prerequisite tasks ................................................................. Installing RPC Extensions on Exchange Server 2003 ................... Configuring an RPC proxy server (front-end Exchange Server 2003) ............................................................................ Configuring an RPC target server (back-end Exchange Server 2003) ............................................................................ Configuring Enterprise Vault servers for RPC over HTTP ............. Configuring RPC over HTTP in Enterprise Vault Exchange Mailbox Policy ............................................................... 261 262 263 263 264 265 266 267 267 269 272

12

Contents

Chapter 27

Configuring OWA and RPC Extensions in clustered configurations .............................................................. 275


About configuring OWA and RPC Extensions in clustered configurations ..................................................................... Supported cluster configurations .................................................. OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters ................................................................. Configuring the OWA Extensions on the active node first ............ Configuring the OWA Extensions on the passive node first .......... Configuring the OWA Extensions on the associated active or passive node .................................................................. ExchangeServers.txt on the Enterprise Vault server ................... OWA: Enterprise Vault Extensions in an active/active Microsoft cluster ................................................................................ RPC over HTTP: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters ............................................. Configuring RPC on the active node first ................................... Configuring RPC on the passive node first ................................. ExchangeServers.txt on the Enterprise Vault server ................... RPC over HTTP: Configuring Enterprise Vault Extensions in an active/active Microsoft cluster ................................................ Configuring Enterprise Vault OWA and RPC Extensions on VCS .......... 275 276 279 281 281 282 282 282 284 285 286 286 286 287

Chapter 28

How to uninstall Enterprise Vault OWA Extensions ..................................................................... 289


Uninstalling OWA 2007 Extensions ............................................... Uninstalling OWA 2000 and 2003 Extensions .................................. OWA 2003: Removing OWA virtual directories, forms registration and Proxy Bypass List ..................................................... OWA 2000: Removing OWA virtual directories, forms registration and Proxy Bypass List ..................................................... 289 289 290 293

Chapter 29

Using Microsoft ISA Server with OWA and RPC Extensions ..................................................................... 297
Using ISA Server with Enterprise Vault .......................................... Configuring ISA Server 2006 for OWA 2007 access to Enterprise Vault .................................................................................. Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault .................................................................................. Configuring access using OWA basic authentication ................... Configuring access using OWA forms-based authentication ......... 297 298 299 299 302

Contents

13

Configuring ISA Server 2006 for Exchange Server 2007 RPC over HTTP access to Enterprise Vault ............................................. Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault ............................................. Configuring an RPC firewall policy .......................................... Configuring an Enterprise Vault firewall policy ..........................

305 305 306 306

Section 5
Chapter 30

Setting up Domino Server archiving .............. 309


Setting up Domino mailbox archiving ........................... 311
About Domino mailbox archiving .................................................. Preparation for Domino mailbox archiving ...................................... Check Enterprise Vault configuration of Domino server .............. Configure Enterprise Vault for Web connections ....................... Vault store and partition ........................................................ Configuring Domino targets, tasks and policies in Enterprise Vault .................................................................................. Check the list of Domino forms .............................................. Adding Domino Server archiving targets .................................. Configuring mailbox policies .................................................. Creating a Domino Provisioning task ....................................... Creating a Domino Mailbox task .............................................. Reviewing the default archiving settings for the Site ................... Adding a Provisioning Group .................................................. Installing Enterprise Vault extensions for Lotus Notes and DWA clients ................................................................................ About Enterprise Vault clients ............................................... Installing Enterprise Vault client extensions ............................. Setting up an account to use EVInstall.nsf to set up an Enterprise Vault Domino Gateway .................................................... Setting up an account to use EVInstall.nsf to set up a mail server ........................................................................... Installing the extensions ....................................................... Changes made by EVInstall.nsf ............................................... Completing the installation .................................................... Updating mail files with the new design ................................... Accessing Enterprise Vault Search features ............................... Editing automatic messages ......................................................... Editing the Welcome message ................................................. Enabling mailboxes for archiving .................................................. 311 314 314 315 316 317 317 317 319 325 326 326 327 330 330 331 332 333 334 335 339 340 341 342 342 343

14

Contents

Chapter 31

Setting up Vault Cache ..................................................... 347


About vault cache ....................................................................... Enabling users for vault cache ...................................................... Disabling vault cache .................................................................. Desktop policy advanced settings .................................................. Maximum size (MB) .............................................................. Pause interval ...................................................................... Percentage store size ............................................................ Preemptive archiving threshold .............................................. Users are enabled for vault cache ............................................ 347 348 349 349 350 350 350 350 351

Chapter 32

Setting up Domino Journaling archiving ...................... 353


Preparation for Domino Journaling archiving .................................. Adding a Domino domain ............................................................. Adding a Domino server .............................................................. How to assign a vault store ........................................................... Creating a Domino Journal archive ................................................ Adding permissions to the journal archive ...................................... Creating a Domino Journal policy .................................................. Creating a Domino Journaling task ................................................ Adding a Domino Journaling location ............................................. How to configure clients .............................................................. Lotus Notes client ................................................................. 353 354 354 354 355 355 356 356 357 357 358

Section 6
Chapter 33

Setting up File System Archiving (FSA) ........ 359


Setting up File System Archiving (FSA) ......................... 361
Preparing to configure FSA .......................................................... Steps to configure FSA for a new file server ..................................... Adding a File System Archiving task .............................................. Adding file servers ...................................................................... Adding an NTFS file server ..................................................... Adding a NetApp file server .................................................... Adding an EMC Celerra device ................................................ Adding a volume ........................................................................ Creating a volume policy ........................................................ Adding a volume .................................................................. Adding the first Celerra volume .............................................. Adding folders and archive points ................................................. Creating a folder policy ......................................................... Adding a folder and archive point ............................................ 362 362 363 363 363 365 366 369 369 370 370 371 371 372

Contents

15

Managing archive points .............................................................. Listing, editing, and deleting archive points .............................. Scheduling ................................................................................ Schedule File System Archiving .............................................. Scheduling expiry ................................................................. Scheduling deletion from Celerra ............................................ Scheduling permissions synchronization .................................. Using Run Now .......................................................................... Processing a volume immediately ............................................ Processing a file server immediately ........................................ Tips on archiving policy rules ....................................................... Version pruning ......................................................................... Client access for FSA ................................................................... Retention folders ........................................................................ File Blocking configuration .......................................................... Creating a local quarantine location ......................................... Creating a central quarantine location ...................................... Specifying the mail delivery mechanism ................................... Adding File Blocking to a policy ............................................... File Blocking rules ................................................................ Ensuring specific users are never blocked ................................. Configuring FSA Reporting .......................................................... Configuring the FSA Reporting database and setting the default data collection schedule ................................................... Reconfiguring and disabling or enabling FSA Reporting globally ........................................................................ Installing the FSA Agent on NTFS file servers ............................ Configuring individual file servers for FSA Reporting ................. Enabling or disabling FSA Reporting for a volume ...................... Troubleshooting FSA Reporting .............................................. FSA Agent uninstallation ............................................................. What next? ................................................................................

373 374 375 375 376 376 377 377 378 379 380 381 381 382 382 383 384 385 385 387 391 392 393 393 394 394 395 395 396 396

Chapter 34

Using FSA with clustered resources .............................. 397


About FSA clustering .................................................................. Supported cluster software and cluster types ................................... Preparation for FSA services in a cluster ......................................... Configuring authentication for FSA services in a VCS cluster ....... Configuring the FSA resource for high availability ............................ Removing the FSA resource from all cluster groups .......................... Troubleshooting ......................................................................... Vault Service account cannot access VCS cluster ........................ 397 398 399 399 401 401 402 402

16

Contents

General troubleshooting guidance ........................................... 402

Section 7
Chapter 35

Setting up SharePoint Server archiving ....... 405


Configuring SharePoint archiving .................................. 407
About SharePoint Server archiving ................................................ Before configuring SharePoint Server archiving ......................... Configuring access to the SharePoint Server ................................... Configuring SharePoint archiving in the Administration Console ........ Creating a SharePoint task ..................................................... Creating a SharePoint archiving policy ..................................... Vault store assignment .......................................................... Adding a SharePoint URL as an archiving target ........................ Creating archiving target site collections .................................. Creating archiving target subsites ........................................... Running the SharePoint archiving task .......................................... Scheduling archive runs ........................................................ What Next? ............................................................................... 407 408 409 410 410 412 414 415 416 419 420 421 422

Chapter 36

Installing SharePoint archiving Web Parts .................. 423


Installing Archive Search Web Part ............................................... Installing Archive Search Web Part in a Web Server Farm ........... Adding Web Parts and version history link to site pages .................... Adding the Archive Search Web Part to a site ............................ Adding the archived version history link .................................. Adding the Archive Explorer Web Part to a site .......................... Enterprise Vault access on "all-in-one" systems ............................... What next? ................................................................................ 423 425 428 428 429 429 431 432

Chapter 37

User access to archived SharePoint documents ......... 433


Viewing and restoring archived documents ..................................... The version history page ........................................................ Using the Archive Search Web Part ......................................... About the Archive Explorer Web Part ....................................... Internet Explorer settings for users ......................................... 433 434 434 437 438

Contents

17

Section 8
Chapter 38

Setting up SMTP archiving ................................... 439


Setting up SMTP archiving .............................................. 441
About SMTP archiving ................................................................ Overview of setting up SMTP archiving .................................... Installing the SMTP archiving components ..................................... Create the holding area ................................................................ Set up the SMTP archiving configuration file ................................... Example configuration file ..................................................... Set up File System Archiving ........................................................ Running SMTP archiving ............................................................. How SMTP archiving selects the holding area folder to use ................ 441 442 443 444 445 447 448 449 450

Section 9
Chapter 39

Custom filtering and properties ........................ 455


Introduction to filtering .................................................... 457
About filtering ........................................................................... Selective Journaling .................................................................... Group Journaling ........................................................................ Setting up custom filtering ........................................................... Distributed Enterprise Vault environments ............................... Setting up custom properties ........................................................ Journal Filters with Envelope Journaling ......................................... 457 458 459 459 460 460 462

Chapter 40

Configuring filtering .......................................................... 463


About configuring filtering .......................................................... Configuring selective journaling .................................................... Creating the selective journaling rules file ................................ Adding selective journaling registry settings ............................. Configuring group journaling ....................................................... Creating the group journaling rules file .................................... Adding group journaling registry settings ................................. Testing group journaling settings ............................................ Configuring custom filtering ........................................................ Distributed Enterprise Vault environments ............................... Registry settings for Exchange Server journal filtering ................ Configuring registry settings for Exchange Server user mailbox filtering ........................................................................ Configuring registry settings for Exchange Server public folder filtering ........................................................................ 463 463 464 466 467 468 469 470 470 472 473 474 476

18

Contents

Configuring registry settings for Domino server journal filtering ........................................................................ About custom filtering ruleset files .......................................... General format of ruleset files ................................................ Rule actions ........................................................................ Message attribute filters ........................................................ Attachment attribute filters ................................................... How message and attachment filters are applied ........................ Example ruleset file ..............................................................

477 479 482 485 488 501 504 507

Chapter 41

Configuring custom properties ....................................... 513


About configuring custom properties ............................................. Control of default settings ............................................................ Setting IGNORENODEFAULT registry entry .............................. Summary of default archiving actions ...................................... General format of custom properties.xml ........................................ How to validate custom properties.xml ..................................... Additional properties .................................................................. MAPI properties ................................................................... Domino properties ................................................................ Making Domino message properties available to Enterprise Vault ............................................................................ Content categories ...................................................................... Assigning content categories in rules ....................................... Defining how properties are presented in applications ...................... How to display custom properties in the browser search .............. Summary of custom property elements and attributes ...................... 513 515 516 518 520 522 523 523 525 526 527 529 531 533 535

Section 10
Chapter 42

Clustering Enterprise Vault with VERITAS Cluster Server ......................................................... 541


Introducing clustering with VCS ..................................... 543
Supported VCS configurations and software .................................... About the VCS GenericService agent .............................................. Typical Enterprise Vault configuration in a VCS cluster ..................... Installation order ....................................................................... 543 544 544 545

Contents

19

Chapter 43

Installing and configuring VERITAS Storage Foundation HA ............................................................. 547


About this chapter ...................................................................... 547 Installing and configuring SFW HA ................................................ 547 Managing disk groups and volumes ............................................... 548

Chapter 44

Configuring the service group ........................................ 551


About configuring the service group .............................................. Before you begin ........................................................................ Creating a service group .............................................................. Modifying an existing service group ............................................... Deleting a service group .............................................................. 551 552 552 555 556

Chapter 45

Running the Enterprise Vault Configuration wizard ............................................................................. 557


About the Enterprise Vault Configuration wizard ............................. Before you begin ........................................................................ Setting up an active/passive configuration ...................................... Adding cluster support in a first-time Enterprise Vault installation ................................................................... Upgrading an existing Enterprise Vault installation to a cluster .......................................................................... Setting up an N+1 configuration ................................................... N+1 configuration option 1 .................................................... N+1 configuration option 2 .................................................... Disallowing two Enterprise Vault servers on the same node ......... 557 557 558 558 559 563 564 565 567

Chapter 46

Implementing an SFW HA-VVR disaster recovery solution .......................................................................... 569


About this chapter ...................................................................... About the SFW HA-VVR disaster recovery solution ........................... Installing and configuring SFW HA-VVR .................................. Setting up the cluster on the primary site ................................. Setting up the cluster on the secondary site ............................... Adding the VVR components for replication .............................. Adding the GCO components for wide-area recovery ................... 569 569 570 571 572 572 573

Chapter 47

Troubleshooting clustering with VCS ............................ 575


VCS logging ............................................................................... 575 Enterprise Vault Cluster Setup wizard error messages ....................... 576

20

Contents

Viewing the clustered message queues ........................................... 577

Section 11
Chapter 48

Clustering Enterprise Vault with Microsoft server clusters ....................................................... 579


Introducing clustering with Microsoft server clusters ..........................................................................
About clustering with Microsoft server clusters ............................... Supported cluster configurations .................................................. Required software and restrictions ................................................ Installing Exchange System Manager ....................................... Clustering existing Enterprise Vault installations ....................... Typical Enterprise Vault configuration in a Microsoft server cluster ................................................................................ Control of services in a clustered environment ................................. Enterprise Vault services in a clustered environment .................. Resource groups and resources ............................................... What happens at failover ....................................................... 581 581 582 582 583 583 583 584 585 585 586

Chapter 49

Preparing to cluster with Microsoft server clusters ..........................................................................

587

Preparing to cluster Enterprise Vault ............................................. 587 Setting up the shared disks and volumes ......................................... 588 Setting up the resource groups ...................................................... 589

Chapter 50

Configuring Enterprise Vault in a Microsoft server cluster ............................................................................ 591


About configuring Enterprise Vault in a Microsoft server cluster ........ Setting up a new Enterprise Vault installation with cluster support ............................................................................... Configuring a new Enterprise Vault server with cluster support ......................................................................... Configuring a failover node .................................................... Troubleshooting configuration of the Monitoring database .......... Configuration examples ......................................................... Converting an existing Enterprise Vault installation to a cluster ......... Converting an existing Enterprise Vault server to a server with cluster support .............................................................. Modifying an existing Enterprise Vault cluster ................................ Adding a node ...................................................................... 591 592 592 596 597 597 602 603 607 607

Contents

21

Adding shared storage ........................................................... 608

Chapter 51

Troubleshooting clustering with Microsoft server clusters ..........................................................................


About this chapter ...................................................................... Event logs and the server cluster log .............................................. Resource ownership and dependencies ........................................... Registry replication .................................................................... Viewing the clustered message queues ........................................... Starting and stopping services ......................................................

609 609 610 610 610 611 611

Index ................................................................................................................... 613

22

Contents

Chapter

About this guide


This chapter includes the following topics:

Prerequisite knowledge Getting help Related documentation Related resources Comment on the documentation

Prerequisite knowledge
Before installing Enterprise Vault, it is advisable to read the Introduction and Planning manual, in order to have an understanding of the various components of Enterprise Vault. To install and configure Enterprise Vault, you need to know how to administer the following products:

Windows Server 2003 or Windows 2000 Microsoft SQL Server Microsoft Message Queue Server Microsoft IIS (Internet Information Services) Your archive storage hardware and software

If you are going to be using Enterprise Vault with IBM Domino Server, you will also need administrative knowledge of IBM Domino Server and the IBM Lotus Notes client.

24

About this guide Getting help

If you going to be using Enterprise Vault with Microsoft Exchange Server, you will also need administrative knowledge of Microsoft Exchange Server and Microsoft Outlook. If you going to be using Enterprise Vault with Microsoft Windows SharePoint Services and Microsoft SharePoint Portal Server, you will need administrative knowledge of these products. To use the reporting feature of Enterprise Vault Operations Manager, you will need administrative knowledge of Microsoft SQL Server Reporting Services.

Getting help
Symantec offers you a variety of support options.

Accessing the Support Web site


The Symantec Support Web site enables you to do the following:

Contact the Symantec Support staff and post questions to them. Download the latest patches, upgrades, and utilities. View the Enterprise Vault Frequently Asked Questions (FAQ) page. Search the Knowledge Base for answers to technical support questions. Subscribe to automatic email notice of product updates. Find out about Enterprise Vault training. Read current Enterprise Vault white papers, tech notes, and selected documentation.

The address of the Support Web site is as follows: http://entsupport.symantec.com

Subscribing to Email Notifications


Subscribe to Email Notifications to be informed of software alerts, newly published documentation, Beta programs, and other services. Go to http://entsupport.symantec.com, click Sign up for News Bulletins. On the Email Bulletin Service page, under Sign up for the Email Bulletin Service by selecting your product group below, click Availability Products.

About this guide Related documentation

25

Accessing Symantec telephone and fax support


Telephone support for Enterprise Vault is only available with a valid support contract. To contact Symantec for technical support, dial the appropriate phone number listed on the Support Guide included in the product box and have your product license information ready for quick navigation to the proper support group. The Symantec telephone support directory is available at the Support site. Go to http://entsupport.symantec.com and enter your product.

Related documentation
This book is available as HTML Help and as a PDF file on the Enterprise Vault CD-ROM. After installation, the documentation is also available in the Enterprise Vault program folder. Table 1-1 lists the guides that, along with the online help, comprise the Enterprise Vault documentation set. Table 1-1 Guide title
Introduction and Planning

Enterprise Vault documentation set File name


Introduction_and_Planning.pdf Introduction_and_Planning.chm

Installing and Configuring (this book) Administrators Guide

Installing_and_Configuring.pdf Installing_and_Configuring.chm Administrators_Guide.pdf Administrators_Guide.chm

Utilities

Utilities.pdf Utilities.chm

Registry Values Compliance Accelerator Installing and Configuring Discovery Accelerator Installing and Configuring Release Notes

Registry_Values.chm CA_Installing_and_Configuring.pdf

DA_Installing_and_Configuring.pdf

ReadMeFirst.htm on the CD-ROM and in the Enterprise Vault installation folder

26

About this guide Related resources

Related resources
There is an Enterprise Vault Web page at the following address: http://www.symantec.com/enterprisevault

Comment on the documentation


Let us know what you like and dislike about the documentation. Were you able to find the information you needed quickly? Was the information clearly presented? Report errors and omissions, or tell us what you would find useful in future versions of our guides and online help. Please include the following information with your comment:

The title and product version of the guide you are commenting on The topic (if relevant) you are commenting on Your name

Email your comment to evdocs@symantec.com. Please only use this address to comment on product documentation. We appreciate your feedback.

Section

Enterprise Vault prerequisites

Enterprise Vault hardware prerequisites Enterprise Vault prerequisite software and settings Additional requirements for Operations Manager Requirements for Enterprise Vault Reporting Additional requirements for Exchange Server archiving Additional prerequisites for Domino Server archiving Additional prerequisites for File System Archiving (FSA) Additional prerequisites for SharePoint Server archiving Additional prerequisites for SMTP archiving Prerequisites for a standalone Enterprise Vault Administration Console

28

Chapter

Enterprise Vault hardware prerequisites


This chapter includes the following topics:

Server hardware requirements Network requirements Storage requirements What next?

Server hardware requirements


In a production Enterprise Vault environment, the following servers are normally installed on separate computers:

The Enterprise Vault server The SQL Server The target system that is being archived, for example, Exchange Server

For pilot or demonstration configurations only, some or all of these can be installed on the same computer. This section describes the minimum hardware requirements for these servers.

Enterprise Vault server


Table 2-1 shows the recommended minimum specifications for a production Enterprise Vault system.

30

Enterprise Vault hardware prerequisites Server hardware requirements

Table 2-1 Item


Number of CPUs Power of CPUs Memory

Minimum specification for an Enterprise Vault server Recommended minimum


2 2.8 GHz 4 GB

It is possible to run Enterprise Vault on a computer with less memory, but this is not recommended for a production system, as it does not allow for any growth in archiving requirements. The extra memory is particularly important if users will be performing large, simultaneous archive searches. If you are just installing a demonstration Enterprise Vault system, and performance is not an issue, it is possible to run Enterprise Vault on less than 1 GB, but the computer must be configured to have at least 1 GB of page file space. Enterprise Vault can be run on a multi-processor system with four or eight CPUs, but in order to take advantage of the extra CPU power, the disk system used must be able to cope with the increased throughput. In a small to medium Enterprise Vault environment, the core Enterprise Vault services will typically all be installed on the same computer. In larger installations, services such as the Storage and Indexing services can be installed on a separate computer. For information on distributing Enterprise Vault services, see the Introduction and Planning manual.

SQL Server
The configuration information for an Enterprise Vault site is held in a SQL database, which is known as the Enterprise Vault Directory database. Similarly, configuration information for the vault stores and details of archived items stored in the archives are held in SQL databases called vault store databases. Monitoring information is held in the Monitoring database. The SQL Server that manages these databases will typically reside on a different computer from the Enterprise Vault server. In general, the specification of the SQL Server computer should match that of the Enterprise Vault server. The performance of the SQL Server will also benefit from extra memory; a minimum of 4 GB is recommended. The amount of memory that the SQL Server can use depends on the Windows and SQL Server versions. Table 2-2 shows the recommended minimum specifications for a production SQL Server.

Enterprise Vault hardware prerequisites Network requirements

31

Table 2-2 Item


Number of CPUs Power of CPUs Memory

Minimum specification for SQL Server Recommended minimum


2 2.8 GHz 4 GB

You do not need a separate SQL Server for every Enterprise Vault server. As a general rule, one SQL Server can manage up to eight Enterprise Vault servers.

Additional processing capacity for initial archiving


If you have a large backlog of data that you want to archive quickly, when you first install Enterprise Vault, you may want to configure additional Enterprise Vault servers for the initial archiving run. When archiving reaches a steady state, the additional Enterprise Vault servers can be redeployed for other purposes.

Network requirements
When Enterprise Vault is running on a LAN and the Enterprise Vault services are on one computer, the impact on the network bandwidth is unlikely to be an issue. When some of the Enterprise Vault services are distributed over a LAN, then the amount of data crossing the network could become significant. Table 2-3 provides guidelines for network traffic between different components. Table 2-3 Between
Enterprise Vault server Enterprise Vault server Archiving task

Network traffic in an Enterprise Vault site and


SQL Server

Network traffic
10 KB per item

Primary Domain Controller (PDC)

0.5 KB per item

Storage Process, if on a different Size of items transferred + 30% server Enterprise Vault server Size of messages transferred + 50%

Exchange Server

32

Enterprise Vault hardware prerequisites Storage requirements

Storage requirements
Storage is required for the following components of Enterprise Vault:

Vault stores, where the archived items are held. Indexes. SQL Server databases; the Enterprise Vault Directory database, vault store databases and monitoring database. Shopping baskets, which are used by Enterprise Vault for details of items that are to be restored.

In addition a small amount of local storage is needed on the Enterprise Vault server. This section gives a basic guide to the Enterprise Vault storage requirements. For full details of all the supported storage devices and software, see the Enterprise Vault Compatibility Charts.

Vault stores
The Enterprise Vault Storage service computer needs access to storage for the vault stores. Enterprise Vault is very versatile in its use of storage for the vault stores, and is designed to operate with various types of storage solution provided by third party software and hardware products. Many storage solutions provide high performance archiving and retrieval. The types may be categorized as follows:

Local storage NTFS (An NTFS volume or a network share that appears on the network as an NTFS volume) SAN NAS CAF (Centera)

The Write Once Read Many (WORM) feature is supported on several devices. One of the most important factors that will determine the performance of Enterprise Vault is the speed of the storage device.

Enterprise Vault hardware prerequisites Storage requirements

33

Required amount of storage for vault stores


When an item is archived, it is first compressed and then metadata is added to it. As a general rule, the item is compressed to half its original size and the metadata comprises approximately 5 KB. When an item is shared, only the metadata is added. The following general rules can be used for estimating the amount of storage needed:

Take the total size of items to be archived and halve it. For email items, divide by the average number of recipients. Add 5 KB multiplied by the total number of items

The compression ratio may vary considerably. Office documents tend to compress well. Other document types, such as ZIP files or JPG files, are already compressed and cannot be compressed further. For this reason, you should always overestimate the amount of storage needed. The above general rule applies to most types of archiving, but care needs to be taken with File System Archiving (FSA). For example, if compressed image or map files are archived, then there is no space saving. For email archiving, growth in the number of mailboxes and the number and size of messages must also be taken into consideration. Because of these extra factors, a more conservative method of estimating storage is to assume that space used by archiving will equal the space used by Exchange Server or Domino Server in storing items.

Migration of archived data


Archived data may in turn be migrated to secondary and tertiary storage systems that are managed by hierarchical storage management (HSM) software, such as VERITAS NetBackup. Several storage solutions interoperate with Enterprise Vault to provide integrated data migration. See the Enterprise Vault Compatibility Charts. If you plan to migrate archived data, you need additional storage for the migrated data.

Enterprise Vault indexes


The computer hosting the Enterprise Vault Indexing service requires access to adequate storage for the indexes. Indexes may be placed on local storage, SAN or NAS. If fast indexing is required or searches across a large number of archives, NAS devices may not be suitable.

34

Enterprise Vault hardware prerequisites Storage requirements

File systems that use slow storage media as part of their solution, such as optical disk, are unsuitable for indexes. If indexes are stored on NetApp devices, and possibly other NAS systems, opportunistic locking must be turned off for volumes that contain indexes.

Required amount of storage for indexes


Table 2-4 shows how to calculate the expected sizes of indexes. Table 2-4 Indexing type
Brief Medium Full

Index size compared to size of original data Index size as a proportion of original data size
3% 8% 12%

The type of data being archived will also affect the size of indexes. Archiving a large number of text or HTML files will produce larger indexes. Archiving a large number of binary files, such as image files, will produce smaller indexes, as the content is not indexed. There is no sharing of index files.

SQL databases
Storage space is required for the Enterprise Vault directory database, the vault store databases and the monitoring database.

Storage required for the directory database


The directory database has an initial storage requirement of 10 MB for the data device and 25 MB for the transaction log device, making a total initial disk space requirement of 35 MB. To allow for temporary growth and the transaction logs. It is suggested that you make 5 GB available for the directory database.

Storage required for vault store databases


Each vault store database has an initial storage requirement of 100 MB for the data device and 80 MB for the transaction log device, making a total initial disk space requirement of 180 MB for each vault store database.

Enterprise Vault hardware prerequisites Storage requirements

35

Ensure that there is adequate space for database devices to grow as data is added. Transaction logs should be limited to an appropriate size for your back-up and maintenance plan. A basic sizing guide for each vault store database is 250 bytes for each item archived plus 5 GB for static data, transaction logs and temporary data fluctuations.

Storage required for the Monitoring database


The Monitoring database has an initial storage requirement of 100 MB for the data device and 80MB for the transaction log device, making a total initial disk space requirement of 180 MB. Ensure that there is adequate space for the database to grow as monitoring data is added.

Storage required for the FSA Reporting database


If you configure FSA Reporting, Enterprise Vault creates the FSA Reporting database. This database contains the data gathered by the Enterprise Vault File Collector service, and used in generating FSA Reportings reports. The FSA Reporting database has an initial storage requirement of 100 MB for the data device and 80 MB for the transaction log device, making a total initial disk space requirement of 180 MB. Ensure that there is adequate space for the database to grow as monitoring data is added.

Shopping baskets
Space is required on the Shopping service computer for shopping baskets. These are used by Enterprise Vault for keeping details of items that users request Enterprise Vault to restore. The amount of space required depends on the extent to which users restore items using the browser search shopping baskets. As a guide, for each shopping basket allow 4 KB for static data plus 1 KB for each item in a basket.

Local storage
A small amount of local storage is needed for temporary files. For example, the local temporary area may be used by the Storage service when processing large files. Local storage is also required for MSMQ files and for Windows system files.

36

Enterprise Vault hardware prerequisites What next?

Slow local disks can seriously impact the performance of Enterprise Vault. You are recommended to allocate separate disks for MSMQ files. The disks need to be set up for maximum speed; for example using RAID 1+0 rather than RAID 5. During installation Enterprise Vault requires 70 MB of disk space to install all the Enterprise Vault components.

What next?
Now check the prerequisite software and settings for core Enterprise Vault services. See the next chapter for details.

Chapter

Enterprise Vault prerequisite software and settings


This chapter includes the following topics:

About the Enterprise Vault prerequisite software and settings Enterprise Vault Deployment Scanner Basic software requirements Pre-installation tasks for Enterprise Vault server What next?

About the Enterprise Vault prerequisite software and settings


Read this chapter to find out the following:

Software prerequisites for core Enterprise Vault components. Tasks that you need to perform before installing Enterprise Vault.

The Enterprise Vault Compatibility Charts contain details of the supported versions of prerequisite software. There are additional prerequisites for other optional Enterprise Vault components and the different types of archiving. Ensure that you also review the additional prerequisite information for your planned installation, as outlined in later chapters.

38

Enterprise Vault prerequisite software and settings Enterprise Vault Deployment Scanner

There are also prerequisites if you are installing Enterprise Vault in a clustered environment.

Enterprise Vault Deployment Scanner


Before installing Enterprise Vault, you can use Enterprise Vault Deployment Scanner to find out which prerequisites are missing. When you have finished preparing your servers for installation, it is advisable to run Deployment Scanner to check that all the prerequisites have been correctly installed. Enterprise Vault Deployment Scanner is a separate wizard that is supplied on the Enterprise Vault CD-ROM. When the tool runs, it creates a Reports folder in the folder in which it is run, and places a report file in the Reports folder. You can find Deployment Scanner and accompanying documentation in the Enterprise Vault 7.5\Deployment Scanner folder on the Enterprise Vault CD-ROM. Windows Installer 3.1 must be installed on your Enterprise Vault servers in order to install Enterprise Vault Deployment Scanner and the Enterprise Vault server components.

Basic software requirements


This section describes the operating system and software requirements for the core Enterprise Vault services. There may be additional requirements for the different types of archiving. If required, the Enterprise Vault Administration Console can be installed on a separate computer. See About the prerequisites for a standalone Enterprise Vault Administration Console on page 103. As a general rule, it is best to install products in the order in which they were released.

Operating system components


Enterprise Vault server components can be installed on the following operating systems:

Windows Server 2003 Windows 2000 (with Service Pack 3 or later)

Enterprise Vault prerequisite software and settings Basic software requirements

39

For details of supported versions, see the Enterprise Vault Compatibility Charts. Install Windows with the following options and components:

NTFS file system. Microsoft Message Queuing (MSMQ) services. See Installing MSMQ on page 40. .NET Framework 1.1 and .NET Framework 2.0. See Microsoft .NET Framework on page 42. Internet Information Services (IIS) 5 or later. See Internet Information Services (IIS) on page 42. Active Server Pages and ASP.NET enabled. See Enabling Active Server Pages and ASP.NET on page 42. Internet Explorer 6.0 or later. MSXML. See MSXML on page 43.

Roles-based administration
Roles-based administration uses Microsoft Windows Authorization Manager. Creating and managing roles using the Administration Console requires the Authorization Manager MMC snapin, which is only available on the following:

Windows Server 2003 Windows XP Professional with Windows Server 2003 Administration Tools Pack

Windows Server 2003 Administration Tools Pack can be downloaded from:


http://www.microsoft.com/downloads/details.aspx? FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&DisplayLang=en

Authorization Manager on Windows 2000


For roles-based administration settings to be honored on Windows 2000, the following must be installed:

Windows 2000 Server SP 4 with Windows 2000 Authorization Manager Runtime

Microsoft do not provide an Authorization Manager MMC snapin for Windows 2000 Server, so changes to the roles and role assignments must be done using an Administration Console on Windows Server 2003 or Windows XP Professional. Windows 2000 Authorization Manager Runtime can be downloaded from:

40

Enterprise Vault prerequisite software and settings Basic software requirements

http://www.microsoft.com/downloads/details.aspx? FamilyID=7edde11f-bcea-4773-a292-84525f23baf7&DisplayLang=en

You will need to register Microsoft.Interop.Security.AzRoles.dll (version 1.0) in the .NET Global Assembly Cache (GAC). Registration instructions are contained in the Windows 2000 Authorization Manager Runtime RUNTIME_REQUIREMENTS.txt file.

Installing MSMQ
Enterprise Vault tasks use MSMQ to communicate with the Storage service. If you want to install Enterprise Vault services on more than one computer in the network, you must configure MSMQ on each computer. The steps for installing MSMQ on Windows Server 2003 and Windows 2000 are different. Follow the instructions below for your operating system. Note that Active Directory Integration should not be enabled when installing MSMQ. If the Enterprise Vault server is to be installed on the Domain Controller computer, you must perform additional steps to configure MSMQ security to give permissions to the Administrators group. This enables the Vault Service account to access the queues that it needs. You need administration privileges on the Domain Controller computer in order to do this. For more information about how to configure MSMQ, see the Windows Help. To install MSMQ on Windows Server 2003

1 2 3 4 5

In the Windows Control Panel, double-click Add/Remove Programs. Select Application Server and then click Details to open the Application Server window. Click Add/Remove Windows Components. The Windows Components wizard starts. Select the Message Queuing check box, and then click Details to display the Message Queuing dialog box. As installing MSMQ with Active Directory Integration affects the performance of Enterprise Vault, you are strongly recommended to clear the Active Directory Integration check box in the Message Queuing dialog box. Click OK twice to return to the Windows Components wizard. Follow the remaining instructions in the wizard.

6 7

Enterprise Vault prerequisite software and settings Basic software requirements

41

To install MSMQ on Windows Server 2000

1 2 3 4 5 6

In the Windows Control Panel, double-click Add/Remove Programs. Click Add/Remove Windows Components. The Windows Components wizard starts. Click Next. Select the Message Queuing Services check box, and then click Next. The Message Queuing Installation wizard starts. In the Message Queuing Installation wizard, click Message Queuing server. If the computer is an Active Directory controller, click Next to complete the installation. If the computer is not an Active Directory controller, you get the following prompts:

Select the Manually select access mode to Active Directory check box and click Next. Select Message Queuing will not access a directory service and click Next.

Follow the remaining instructions in the wizard.

To set MSMQ security on the DC computer

1 2 3 4 5 6 7 8 9

Click Start > Programs > Administrative Tools > Computer Management. In the left-hand pane, double-click Computer Management, Services and Applications. Right-click Message Queuing and, on the shortcut menu, click Properties. The Message Queuing Properties window appears. Click Add. The Select Users, Computers, or Groups window appears. Next to Look In, select Entire Directory. In the list, click Administrators and then Add. Click OK to go back to the Message Queuing Properties window. Click Administrators. Under Permissions, click the Allow check box next to Full Control.

10 Click OK. 11 Close Computer Management.

42

Enterprise Vault prerequisite software and settings Basic software requirements

Microsoft .NET Framework


You need to install both of the following versions on Enterprise Vault servers:

Microsoft .NET Framework v 1.1 Microsoft .NET Framework v 2.0

A suitable version of Microsoft .NET Framework v 1.1 is installed automatically with Windows Server 2003. If necessary, you can download .NET Framework using the link in the Links to related software folder on the Enterprise Vault CD-ROM.

Internet Information Services (IIS)


You need to install IIS 5 or later on each Enterprise Vault server. In IIS, you can configure the level of isolation for particular Web applications. For shopping baskets in the Enterprise Vault Web access application to be created correctly, the application needs to run under the predefined Local System account. The configuration wizard will automatically set the correct isolation and account settings. You do not need to configure this. If you have IIS 6.0 installed, the configuration wizard will create a new Application Pool, EnterpriseVaultAppPool, for the Web access application and assign the Local System account to that pool.

Enabling Active Server Pages and ASP.NET


On Windows 2000, when you install IIS and .NET Framework, Active Server Pages and ASP.NET are enabled by default. However, on Windows Server 2003, you need to enable these manually. If you are installing Enterprise Vault in a on Windows Server 2003 x64, you need to enable ASP.NET manually. To enable Active Server Pages and ASP.NET on Windows Server 2003

1 2 3 4 5 6

Open Add/RemovePrograms and select Add/RemoveWindowsComponents. Ensure Message Queuing Services and ASP.NET are selected. To install required components and enable Active Server Pages, select Application Server and click Details. Select Internet Information Services (IIS) and click Details. Scroll down to World Wide Web Service. Click this and then Details. Select Active Server Pages and click OK.

Enterprise Vault prerequisite software and settings Basic software requirements

43

7 8 9

Click OK to close the dialog boxes until you get back to the Windows component list. Click Next to install the additional components. Click Finish. clicking Start, Programs, Administrative Tools, IIS Manager.

10 To check that Active Server Page scripts can run, start the IIS Manager by 11 Click Web Service Extensions. 12 Check that Active Server Pages are Allowed.

Configuring ASP.NET on Windows Server 2003 x64 Editions


If you are installing Enterprise Vault on Windows Server 2003 x64 Editions, you need to switch to the 32-bit version of ASP.NET 2.0. To do this, refer to Microsoft Knowledge Base article http://support.microsoft.com/?kbid=894435. Note: You cannot install Enterprise Vault on a 64-bit edition of Windows Server running Exchange Server 2007. Exchange Server 2007 requires the 64-bit version of ASP.NET 2.0. For information on supported configurations, see the Enterprise Vault Compatibility Charts.

MSXML
All Enterprise Vault server computers require MSXML. This is installed automatically with Internet Explorer 6 Web browser, which comes as the default browser with Windows Server 2003. On Windows 2000, you can select Internet Explorer 6 from a Customized installation. If you are using an earlier version of Internet Explorer, you may need to install MSXML. This is available from a link in the Links to related software folder on the Enterprise Vault CD-ROM.

SQL server software


Enterprise Vault supports both SQL Server 2000 and 2005. Both Windows Authentication mode and with Mixed Mode Authentication are supported. The SQL installation must be case-insensitive, as case-sensitive SQL installations are not supported.

44

Enterprise Vault prerequisite software and settings Pre-installation tasks for Enterprise Vault server

Note that if both Enterprise Vault and SQL Server are installed on the same Windows Server 2003 computer, you will need at least SQL Server 2000 with Service Pack 3.

Microsoft Data Access Components (MDAC)


To enable access to the SQL databases, MDAC 2.6 or later must be installed on Enterprise Vault servers. A suitable version is installed automatically with Windows Server 2003. If necessary, you can install the software using the link supplied in the Links to related software folder on the Enterprise Vault CD-ROM.

Pre-installation tasks for Enterprise Vault server


You need to perform the tasks described in this section, irrespective of the types of archiving that you plan to implement.

Creating the Vault Service account


The Vault Service account is used by Enterprise Vault processes to access the Windows server operating system. The account is shared by all the Enterprise Vault computers in the Enterprise Vault directory. If you are managing multiple Enterprise Vault sites, you can use the same Vault Service account for more than one Enterprise Vault site. The Vault Service account must be a domain-based Windows security account that belongs to the local Administrators group on all computers in the Enterprise Vault directory. The account password must not be blank. We recommend that you do not make this account a Domain Administrator. It is better to assign required permissions explicitly. This section describes the basic permissions that you need to set for this account. Different types of archiving require additional permissions for the Vault Service account. For details of these, see the section on the type of archiving that you are implementing. If possible, create the account so that it is in the same domain as the Enterprise Vault computers. If it is necessary for the Vault Service account and the Enterprise Vault computers to be in different domains, create the account so that it is in a domain that is trusted by the Enterprise Vault computers domain. Ensure that the Microsoft Message Queue security has been set up to grant the Administrators group access to the Enterprise Vault queues. At the time the configuration wizard runs, the Vault Service account must have access to administrative shares on the SQL Server computer. One way to enable

Enterprise Vault prerequisite software and settings Pre-installation tasks for Enterprise Vault server

45

this is to make the Vault Service account a local administrator on the SQL Server computer. After the Configuration wizard has been run you can remove this access, if required. During configuration, you are asked to provide the name and password of the Vault Service account. Enterprise Vault automatically grants the account the following advanced user rights:

Log On As a Service Act As Part Of The Operating System Debug programs Replace a process-level token

Note that it may take some time for the Vault Service account to be registered in the Active Directory for the computer that is going to run Enterprise Vault. The account cannot be used until the registration is complete. You are recommended to be logged in to the Vault Service account when you install Enterprise Vault. You must be logged in to the Vault Service account when you run the Enterprise Vault configuration wizard. To create the Vault Service account

1 2 3 4 5 6 7 8

On the domain controller, click Start > Programs > Administrative Tools > Active Directory Users and Computers. In the left-hand pane of Active Directory Users and Computers, double-click the Domain container. Double-click the Users container. On the Action menu, click New and then User. The New Object User screen is displayed. Complete the New Object User screen and click Next. The next screen asks for password details. Enter a password and confirm it. You must set a password; the Vault Service account password cannot be blank. Select the Password never expires check box. Leave the remaining check boxes clear:

User must change password at logon User cannot change password Account is disabled

Click Next to move to the mailbox server screen.

46

Enterprise Vault prerequisite software and settings Pre-installation tasks for Enterprise Vault server

10 Complete the details and click Next to move to the summary screen. 11 Click Finish to create the new user.
To add the new Vault Service account to the local Administrators group

1 2 3 4 5 6 7

Log on to the Enterprise Vault computer as Administrator. In Control Panel, open Administrative Tools and start the Computer Management console. Expand System Tools and then Local Users and Groups. Select Groups, and then double-click the Administrators group in the right-hand pane. Use Add to add the Vault Service account to this group. Click OK. Repeat these steps on each computer which will have Enterprise Vault installed.

Creating a SQL login


The Vault Service account must have a SQL login account, with Database Creators permission, for the SQL Server. To create a SQL login account in SQL 2000

1 2 3 4 5 6 7 8 9

Start Enterprise Manager for SQL 2000. Expand the SQL Server container. Click Security. Right-click Logins and, on the shortcut menu, click New Login. Enter or select the name of the Vault Service account. For example,
domain\vaultadministrator

Check that Windows Authentication is selected and that the correct Domain for the account has been selected. Under Security Access check that Grant access is selected. On the Server Roles tab, select Database Creators. Click OK.

To create a SQL login account in SQL 2005

1 2

Start SQL Server Management Studio. In the tree, select Security>Logins.

Enterprise Vault prerequisite software and settings Pre-installation tasks for Enterprise Vault server

47

3 4

Right-click Logins and select New Login. Either type in the Vault Service account as domain\username or click Search and search for the account. In the search dialog, ensure that the correct domain is entered in the Locations box. Select Windows authentication. In the tree, click Server roles. Select the checkbox beside dbcreator. Click OK. You can check that the Vault Service account has the required permissions as follows:

5 6 7 8 9

In the tree, select Security>Server Roles. In the right-hand pane, double-click the dbcreator role. The Vault Service account should be displayed in the membership list.

Enterprise Vault DNS aliases


It is good practice to create a DNS aliases for each Enterprise Vault site and for each Enterprise Vault server computer. Using a DNS alias serves the following purposes:

If the Enterprise Vault Directory is shared between more than one Enterprise Vault site, it allows the configuration information for each of the Enterprise Vault sites to be distinguished. It allows future flexibility if you change the computer that is running the Enterprise Vault services.

If you are setting up Enterprise Vault as a pilot system, you can configure Enterprise Vault without using DNS aliases, to avoid the need to create temporary DNS entries. Instead, you must supply a fully qualified, valid DNS name of the Directory Service computer, when prompted for the Vault Site alias. Similarly, you can use fully qualified, valid DNS computer names for Enterprise Vault servers. In all other situations, you should use a DNS alias.

Enterprise Vault site alias


Assign a DNS alias to the IP address of the computer that hosts the primary Enterprise Vault Directory service for the new Enterprise Vault site. Each Enterprise Vault site should have a Vault site alias, which is used by the Enterprise Vault software to refer to the Enterprise Vault site by name.

48

Enterprise Vault prerequisite software and settings What next?

Give the alias a meaningful name, so that you know to which Enterprise Vault site it relates.

Enterprise Vault Server alias


Assign a DNS alias to the IP address of each server on which Enterprise Vault services are installed.

What next?
Ensure that you also review the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments.

Chapter

Additional requirements for Operations Manager


This chapter includes the following topics:

About additional requirements for Operations Manager Where and when to install Operations Manager Additional prerequisite software Additional preinstallation tasks What next?

About additional requirements for Operations Manager


Enterprise Vault Operations Manager is a separately installable component. It is a Web application that makes remote monitoring of Enterprise Vault possible from any computer with Internet Explorer 6.0 or later. This chapter describes where to install Operations Manager, and the additional preparation required before installation.

Where and when to install Operations Manager


To use Operations Manager to monitor the Enterprise Vault servers in an Enterprise Vault site, Operations Manager must be installed on at least one Enterprise Vault server in that site.

50

Additional requirements for Operations Manager Additional prerequisite software

Operations Manager requires Enterprise Vault Services on the same computer. You can install the Operations Manager component at the same time as installing the Enterprise Vault Services component, or at a later date. You must run the Enterprise Vault configuration wizard to configure the Enterprise Vault Services before you configure Operations Manager.

Additional prerequisite software


The computer on which you install Operations Manager requires the following software prerequisite in addition to the requirements listed in About the Enterprise Vault prerequisite software and settings:

The version of Internet Information Services (IIS) must be IIS 6.0 or later.

IIS must not be locked down. If you are installing Operations Manager on Windows Server 2003 x64 Editions, you must switch to the 32-bit version of ASP.NET 2.0. To do this, see Microsoft Knowledge Base article http://support.microsoft.com/?kbid=894435. Note: You cannot install Operations Manager on a 64-bit edition of Windows Server running Exchange Server 2007. Exchange Server 2007 requires the 64-bit version of ASP.NET 2.0.

Additional preinstallation tasks


Create a Windows user account named, say, MonitoringUser, in the Active Directory domain, for Operations Manager to use when accessing the Enterprise Vault databases. This monitoring user account does not require an Exchange mailbox, and it need not be a member of the Windows Administrators group. When you create the monitoring user account:

Select the Password Never Expires option. Leave the remaining check boxes clear (User Must Change Password At Logon, User Cannot Change Password, and Account Is Disabled).

What next?
Ensure that you review all the additional prerequisite information for your planned installation.

Additional requirements for Operations Manager What next?

51

There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server.

52

Additional requirements for Operations Manager What next?

Chapter

Requirements for Enterprise Vault Reporting


This chapter includes the following topics:

About requirements for Enterprise Vault Reporting Where and when to install Enterprise Vault Reporting Prerequisites for Enterprise Vault Reporting Preinstallation tasks What next?

About requirements for Enterprise Vault Reporting


The Enterprise Vault Reporting feature provides enterprise-level reporting for Enterprise Vault servers, using Microsoft SQL Server Reporting Services as the reporting mechanism. Administrators manage report content and view reports using the Reporting Services Report Manager Web application. This chapter describes where and when to install Enterprise Vault Reporting, and lists the prerequisites and pre-installation tasks for this component.

Where and when to install Enterprise Vault Reporting


Typically, the Enterprise Vault Reporting component is installed without any other Enterprise Vault components on a Microsoft SQL Server Reporting Services (SSRS) server, separate from the Enterprise Vault servers. However, if required, and providing the prerequisites are met, you can include the Reporting component as part of an Enterprise Vault server installation.

54

Requirements for Enterprise Vault Reporting Prerequisites for Enterprise Vault Reporting

After installing Enterprise Vault Reporting you must run the Enterprise Vault Reporting Configuration utility to configure Reporting and deploy the reports. Note: You must only configure Reporting after running the Enterprise Vault configuration utility successfully on at least one computer in the site on which Enterprise Vault Services are installed.

Prerequisites for Enterprise Vault Reporting


You can install Enterprise Vault Reporting on any machine with the following prerequisites. The machine does not require any other Enterprise Vault prerequisites if you are installing only the Reporting component:

Microsoft SQL Server 2000 Reporting Services with SP2; or Microsoft SQL Server 2005 Reporting Services (SP1 recommended). Both the following versions of Microsoft .NET Framework:

Microsoft .NET Framework v2.0. Microsoft .NET Framework v1.1.

Note: Enterprise Vault Reporting requires both versions of .NET Framework to be installed. A suitable version of Microsoft .NET Framework v 1.1 is installed automatically with Windows Server 2003. If necessary, you can download .NET Framework using the link in the Links to related software folder on the Enterprise Vault CD-ROM.

IIS registered with ASP.NET 1.1 for SQL Server 2000 Reporting Services SP2, or ASP.NET 2.0 for SQL Server 2005 Reporting Services. A network connection to the computer hosting the Enterprise Vault Directory database. If you are using FSA Reporting, then Enterprise Vault Reporting also requires access to the FSA Reporting database.

Using Reporting on a 64-bit machine


If you install Enterprise Vault Reporting on a machine with a 64-bit processor running the 64-bit version of Microsoft SQL Server 2005 Reporting Services, three of the Operations Reports covering vault store usage will not be available. To make these reports available, you need to install and run the 32-bit version of SQL Server 2005 Reporting Services.

Requirements for Enterprise Vault Reporting Preinstallation tasks

55

As a prerequisite, the 32-bit version of SQL Server 2005 Reporting Services requires the 32-bit version of ASP.NET on IIS. To run the 32-bit version of ASP.NET, see Microsoft Knowledge Base article http://support.microsoft.com/?kbid=894435.

Preinstallation tasks
Before installing the Enterprise Vault Reporting component, you must do the following:

Install the required prerequisite software for Enterprise Vault Reporting. See Prerequisites for Enterprise Vault Reporting on page 54. Create a Windows user account named, say, ReportingUser, in the Active Directory domain, for Enterprise Vault Reporting to use when accessing the Enterprise Vault databases. This reporting user account does not require a mailbox, and it need not be a member of the Windows Administrators group. When you create the reporting user account:

Select the Password Never Expires option. Leave the remaining check boxes clear (User Must Change Password At Logon, User Cannot Change Password, and Account Is Disabled).

Give the Vault Service account a "Content manager" role on the Microsoft Reporting Services Report Server. Refer to the Microsoft Reporting Services documentation for instructions on assigning Microsoft SQL Server Reporting Services roles to user accounts. Add the Vault Service account to the Local administrators group on the Microsoft SQL Server Reporting Services server machine.

What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server.

56

Requirements for Enterprise Vault Reporting What next?

Chapter

Additional requirements for Exchange Server archiving


This chapter includes the following topics:

About the requirements for Exchange Server archiving Required software on Enterprise Vault server Pre-installation tasks for Exchange Server archiving Enterprise Vault client access with Exchange Server archiving Prerequisites for OWA Prerequisites for RPC over HTTP What next?

About the requirements for Exchange Server archiving


You can archive items from mailboxes and public folders on the following target Exchange servers:

Exchange 2000 Exchange Server 2003 Exchange Server 2007 with Mailbox Role installed

This chapter describes the additional preparation required before installing and configuring Exchange Server archiving components.

58

Additional requirements for Exchange Server archiving Required software on Enterprise Vault server

Required software on Enterprise Vault server


This section describes the additional software required on the Enterprise Vault server for Exchange Server archiving.

Exchange Management Tools


In a production environment, the Exchange Server is typically installed on a different computer from the Enterprise Vault server. In this configuration, Exchange System Manager (the management tool with Exchange 2000 and Exchange Server 2003) must be installed on the Enterprise Vault server. With Exchange System Manager installed on the Enterprise Vault server, you can archive from servers in a mixed environment of Exchange 2000, Exchange Server 2003 and Exchange Server 2007 with Mailbox Role installed. The version of Exchange System Manager you will require depends on the operating system running on the Enterprise Vault computer and the version of Exchange Server being archived. To find out the version you need to install, see the Enterprise Vault Compatibility Charts. Note that installing Exchange System Manager for Exchange 2000 on Windows Server 2003 is not supported by Microsoft. Currently, Exchange Management Console (the management tool with Exchange Server 2007) is not supported on the Enterprise Vault server. To archive from Exchange Server 2007, install Exchange System Manager for Exchange Server 2003 on the Enterprise Vault server. For demonstrating Enterprise Vault, you can install both Enterprise Vault and Exchange 2000 or Exchange Server 2003 on the same computer. Where the Exchange Server is installed on the same computer as Enterprise Vault, Exchange System Manager is not required on the Enterprise Vault server. (As Exchange Server 2007 is a 64-bit application, you cannot run Exchange Server 2007 and Enterprise Vault on the same computer.)

Outlook on the Enterprise Vault server computer


For Exchange Server archiving you must install Outlook 2003 on the Enterprise Vault computer, if the Exchange Server is not installed on the Enterprise Vault computer. To ensure the required version of MAPI is available, install Outlook after you have installed Exchange System Manager.

Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving

59

Note: Installing Outlook 2007 on the same computer as Exchange System Manager is not supported by Microsoft. Therefore Outlook 2003 is required on the Enterprise Vault server, even if all of your target Exchange servers are running Exchange Server 2007.

Pre-installation tasks for Exchange Server archiving


This section describes the additional tasks that you need to perform before installing and configuring Exchange Server archiving components.

The Enterprise Vault system mailbox


The Enterprise Vault system mailbox is a mailbox that is used by the Exchange Mailbox, Exchange Journaling, and Exchange Public Folder tasks when connecting to the Exchange Server. An Enterprise Vault system mailbox is required on each Exchange Server being archived. The tasks require exclusive use of this mailbox, so it must not be used for any other purpose. The mailbox must not be hidden from address lists and, on Windows Server 2003 and Windows 2000, the account must not be disabled. You are prompted for the name of this mailbox whenever you create an Exchange Server archiving task. After you create the Enterprise Vault system mailbox on Exchange Server 2000 or 2003, it may take some time for the mailbox to be available. The amount of time depends on configuration options in Exchange System Manager. The mailbox must be available before you add an Exchange Server archiving task. If required, you can make the mailbox available sooner by manually forcing an update of Exchange Server 2000 or 2003. This is not required on Exchange Server 2007. To force a manual update of the Exchange Server (2000 or 2003)

1 2 3

Click Start > Programs > Microsoft Exchange > System Manager. In the left-hand pane, double-click the Recipients container. Click Recipient Update Services.

60

Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving

In the right-hand pane, right-click the Recipient Update Service for the domain that contains the Exchange Server computer for which you are adding an archiving task. Click Update Now. The mailbox should be available within a minute or two.

Additional Vault Service account permissions


The Vault Service account must be a member of the Active Directory domain. We recommend that you do not make this account a Domain Administrator. It is better to assign Exchange Server permissions explicitly, as described in this chapter.

Assigning permissions on Microsoft Exchange Server


The Vault Service account needs to be able to access mailboxes on the Exchange Servers that Enterprise Vault is to archive. You need to grant permissions explicitly on each Exchange Server, as described in this section. If you later add another Exchange Server, you need to repeat the procedure on the new server to enable mailbox access for the Vault Service account. You must have Exchange administration permissions to do the following tasks. On Microsoft Exchange Server 2007

On Exchange Server 2007 with Mailbox Role installed, run adsiedit.msc to configure the permissions for the Vault Service account in Active Directory; adsiedit.msc is included in Windows support tools.

Expand the tree as follows: Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization]/CN=Administrative Groups/CN=Exchange Administrative Group(FYDIBOHF23SPDLT)/CN=Servers.

For each server object representing an Exchange Server 2007 with Mailbox Role installed, do the following:

Right-click the object and select Properties. Click the Security tab. Add the Vault Service account and grant this account Full Control. Click Apply. Click Advanced.

Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving

61

For the permission entry for the Vault Service account: Select the permission entry and click Edit.... Change Apply onto to This object and all child objects. Click OK. Click OK to close the Advanced Security Settings window. Click OK and close the Properties window.

You must also grant the Vault Service account Send As permission on the Enterprise Vault system mailbox object (and all child objects).

In adsiedit.msc click Domain [your_domain]. Locate the mailbox that you created for the Enterprise Vault system mailbox. This is usually under CN=Users. Right-click the object and select Properties. Click the Security tab. Add the Vault Service account and then add Send as permissions to this account. Click Apply. Click OK and close the Properties window. Close adsiedit.msc.

On Microsoft Exchange Server 2003 and Microsoft Exchange 2000 Server

1 2 3 4 5 6 7 8 9

Click Start > Programs > Microsoft Exchange > System Manager. Expand the Servers container. Right-click your Exchange Server and, on the shortcut menu, click Properties. Click the Security tab. Click Add. Double-click the Vault Service account to add it to the list. Click OK to go back to the Security tab. The Vault Service account has been added to the Name list. In the Name list, click the Vault Service account. In the Permissions list, make sure that all check boxes in the Allow column are selected. Select any check boxes that are not already selected.

10 Click OK.

62

Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving

Assigning the permissions at Organization or Administrative Group level


If required, you can add the permissions at the Organization or Administrative Group level in the Exchange hierarchy. This will enable the permissions to be propagated automatically to any new Exchange Servers added below the level at which the permissions are assigned. To assign the permissions at Organization or Administrative Group level (Exchange Server 2000 or 2003)

1 2

Enable the display of the Security page by configuring the ShowSecurityPage registry setting (see Microsoft Knowledge Base Article 883381). In the left-hand pane of Microsoft Exchange, System Manager, right-click your Exchange Organization or the administrative group that you want, and select Properties. Select the Security tab and set the required permissions for the Vault Service account, as described in the steps for individual Exchange Servers.

To assign the permissions at Organization or Administrative Group level (Exchange Server 2007)

To assign permissions at Exchange Organization level, expand the tree in adsiedit.msc as follows: Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization] To assign permissions at Administrative Group level, expand the tree as follows: Configuration[your domain]/CN=Configuration,[your domain]/CN=Services/CN=Microsoft Exchange/CN=[your Exchange organization]/CN=Administrative Groups/CN=Exchange Administrative Group(FYDIBOHF23SPDLT)

2 3 4 5 6 7

Right-click the object and select Properties. Click the Security tab. Add the Vault Service account and grant this account Full Control. Click Apply. Click Advanced. For the permission entry for the Vault Service account:

Select the permission entry and click Edit....

Additional requirements for Exchange Server archiving Pre-installation tasks for Exchange Server archiving

63

Change Apply onto to This object and all child objects. Click OK to exit the Edit window. Click OK to close the Advanced Security Settings window. Click OK and close the Properties window.

Close adsiedit.msc.

Create an Outlook profile on the Enterprise Vault server computer


When you install Outlook on the Enterprise Vault server, you must create a profile and connect to an Exchange Server mailbox before you install Enterprise Vault. Outlook may display an error message about a conflicting program. If Outlook offers to fix the problem, choose to do so and then follow the instructions given. See the Administrators Guide for information on MAPISVC.INF problems.

Connecting to Exchange Server 2007


If the target server is Exchange Server 2007, it must have a Public Folder store created to enable connections from versions of Outlook earlier than Outlook 2007. If you selected the option to support older clients when you installed Exchange Server 2007, then a Public Folder store will have been created automatically. If a Public Folder store does not exist on the target Exchange Server 2007, then you must create one manually to enable Outlook 2003 on the Enterprise Vault server to connect to the Exchange Server. To create a Public Folder store manually

1 2

On the Exchange Server open the Exchange Management Shell. Enter the following command:
new-publicfolderdatabase -Name "Public Folders" -StorageGroup "First Storage Group" -EdbFilePath "C:\Program Files\Microsoft\ExchangeServer\ Mailbox\First Storage Group\Public Folders.edb"

Enter the following command to mount the Public Folder database:


mount-database -Identity "Public Folders"

You may need to create an Offline Address Book with Public Folder integration enabled if you are using clients prior to Outlook 2007.

64

Additional requirements for Exchange Server archiving Enterprise Vault client access with Exchange Server archiving

Configure Internet Explorer


In Internet Explorer on the Enterprise Vault server, ensure that Microsoft Office Outlook is set as the default email application for Internet services. To set the default email application

1 2 3 4 5

Start Internet Explorer. Select Internet Options from the Tools menu. Click the Programs tab. In the E-mail box, select Microsoft Office Outlook. Click OK.

Enterprise Vault client access with Exchange Server archiving


Users can access and manage items in archives using the following client access methods:

Enterprise Vault Outlook Add-Ins OWA clients, which require Enterprise Vault Exchange Server extensions for OWA Enterprise Vault customized shortcuts. Enterprise Vault search or Archive Explorer in a browser session.

Prerequisites for Outlook Add-Ins


Enterprise Vault Outlook Add-Ins provide Enterprise Vault user functionality to Outlook users. From within Outlook, users can archive items manually, and view, copy and delete archived items. Outlook users can also start Archive Explorer and Enterprise Vault Search, within Outlook, to access and manage items stored in archives. The following Enterprise Vault Add-Ins are available:

Outlook Add-In HTTP-only Outlook Add-In HTTP-only Self-Installing Outlook Add-In

Before users can send items to an archive from within their Outlook client, the Outlook Add-Ins must be installed on their computers. Install Outlook Add-Ins on user computers after you have configured the Enterprise Vault server.

Additional requirements for Exchange Server archiving Enterprise Vault client access with Exchange Server archiving

65

For any of the Add-Ins, user computers must have the following:

Operating system one of Windows Server 2003, Windows 2000, or Windows XP. Note that for the Windows Desktop Search plug-in, the minimum requirements are Windows 2000 SP4 or later, or Windows XP SP1 or later. Internet Explorer 6.0 or later, with Java scripting enabled. This must be installed, even if it is not used. If you intend to make the HTTP-only Self-Installing Outlook Add-In available to users, Internet Explorer must allow them to download signed ActiveX controls. TCP/IP protocol. Mail client one of Outlook 2007, Outlook 2003, Outlook 2002 (XP), or Outlook 2000. Install Internet Explorer before you install the mail client. If you plan to enable the Windows Desktop Search plug-in, then Windows Desktop Search 2.6.5 must be installed on the target desktop computers. An option in the Windows Desktop Search plug-in enables you to add buttons and menu options to Windows Desktop Search and MSN Search Toolbar to enable the user to search their primary (online) archive. For this, you also need MSN Search Toolbar V02.06 installed on desktop computers. The Windows Desktop Search plug-in requires Outlook 2007, Outlook 2003 or Outlook XP and Enterprise Vault 7.0, or later, Outlook Add-In or HTTP-only Outlook Add-In installed on the desktop computers. You can download Windows Desktop Search 2.6.5 and MSN Search Toolbar V02.06 from the following address: http://www.microsoft.com/windows/desktopsearch/downloads/default.mspx

OWA clients
Enterprise Vault functionality can be made available in OWA 2003 and OWA 2007 Basic and Premium clients by installing Enterprise Vault OWA server extensions on the Exchange Server. Enterprise Vault functionality available with OWA 2000 clients is limited to viewing archived items. With OWA 2007 and OWA 2003 you can control the functionality of the clients using OWA settings on the Advanced page of the Exchange Mailbox Policy properties. On user desktops, Internet Explorer 6.0 or later is required to support the full functionality available with OWA 2007 and OWA 2003 clients. You do not need to install Enterprise Vault Add-Ins on user desktop computers.

66

Additional requirements for Exchange Server archiving Enterprise Vault client access with Exchange Server archiving

Customized shortcuts
If you do not want to install the Enterprise Vault Outlook Add-Ins on desktop computers, or users do not use Outlook as their email client, you can configure Enterprise Vault customized shortcuts in the Exchange Mailbox Policy. For example, users may use an IMAP or POP3 email client, or Entourage (on Mac computers). Using customized shortcuts, users can view an HTML version of archived items, and start Archive Explorer and archive search in a browser session to access and manage items stored in archives. On Windows computers, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on each users desktop computer. On Mac computers, Entourage email client and Safari browser are supported. For details of supported versions, see the Enterprise Vault Compatibility Charts.

Archive search and Archive Explorer in standalone browser


Users can access Enterprise Vault archives using Archive Explorer or archive search in a standalone browser session. Enterprise Vault Add-Ins are not required on desktop computers, but you will need to inform users of the URLs to enter in their browser for Archive Explorer and archive search. These will typically take the following format:

Archive Explorer URL: http://web_server_name/EnterpriseVault/ArchiveExplorerUI.asp Integrated search URL: http://web_server_name/EnterpriseVault/searcho2k.asp Browser search URL: http://web_server_name/EnterpriseVault/search.asp

To use Enterprise Vault browser search or Archive Explorer in a browser session, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on each users desktop computer. Note: With Exchange Server Journal archiving, shortcuts are not created in the mailbox. The associated archives can be accessed using archive search, but not Archive Explorer.

Additional requirements for Exchange Server archiving Prerequisites for OWA

67

Prerequisites for OWA


You can configure OWA access to Enterprise Vault after you have set up your Enterprise Vault server for Exchange Server archiving. The instructions for configuring OWA access to Enterprise Vault assume that you have already configured OWA on Exchange Servers. To provide OWA 2003 or OWA 2000 access, install and configure Enterprise Vault OWA 2000 or OWA 2003 server extensions on OWA front-end and back-end Exchange Servers. To provide OWA 2007 access, install the Enterprise Vault OWA 2007 Extensions on Exchange Server 2007 with Client Access Server role installed. The following prerequisites are additional requirements for OWA Exchange Servers and OWA clients:

If you are running Exchange Server 2003 on OWA servers, Exchange Server 2003 Service Pack 1 or later is required. As Enterprise Vault OWA 2003 extensions modify OWA control files on Exchange Server 2003, the version of these files must be one that is supported by Enterprise Vault. See the Enterprise Vault Compatibility Charts. If the back-end OWA 2000 or OWA 2003 server computer is running Windows 2000, it requires either Windows 2000 SP3, or SP2 and a Microsoft hotfix, because of a problem with IIS 5.0. The problem is described in Microsoft support article 294833. MSXML is required on Exchange OWA servers (with the exception of front-end OWA 2000 servers). This is installed automatically with Internet Explorer 6 Web browser, which comes as the default with Windows Server 2003. On Windows 2000, you can select Internet Explorer 6 from a Customized installation. If you are using an earlier version of Internet Explorer, you may need to install MSXML. This is available from a link in the Links to related software folder on the Enterprise Vault distribution media. On user desktops, Internet Explorer 6.0 or later is required to support the full functionality available with OWA 2007 and OWA 2003 clients. Note that the Enterprise Vault buttons are not available in OWA 2000 clients, which means that you can only view archived items. To be able to archive, restore and delete archived items from your OWA client and have integrated access to Archive Explorer and Search features, you need to use OWA 2007 or OWA 2003.

See Configuring Enterprise Vault access for OWA 2007 users on page 232.

68

Additional requirements for Exchange Server archiving Prerequisites for RPC over HTTP

See Configuring Enterprise Vault access for OWA 2003 users on page 237. See Configuring Enterprise Vault access for OWA 2000 users on page 246.

Prerequisites for RPC over HTTP


Enterprise Vault supports RPC over HTTP access for Outlook users.

RPC over HTTP with Exchange Server 2003


Exchange Server 2003 with the RPC over HTTP Windows component is required on RPC proxy Exchange Servers. Client computers require Outlook 2003 with either Windows Server 2003, Microsoft Windows XP SP2, or Microsoft Windows XP SP1 with the update described in the Microsoft Knowledge Base article, http://support.microsoft.com/?kbid=331320. Enterprise Vault Outlook Add-Ins (any type) are required on desktop computers. You can configure RPC over HTTP access to Enterprise Vault after you have set up your Enterprise Vault server for Exchange Server archiving and distributed Enterprise Vault Add-Ins to desktop computers. You can then install and configure Enterprise Vault OWA and RPC Extensions on RPC proxy servers and target Exchange Servers. See About configuring RPC over HTTP access on page 261. The instructions for configuring RPC over HTTP access to Enterprise Vault assume that you have already configured RPC over HTTP on RPC proxy servers and target Exchange Servers. Users computers must also be set up to use RPC over HTTP access to the Exchange Server.

RPC over HTTP with Exchange Server 2007 (Outlook Anywhere)


On Exchange Server 2007 RPC over HTTP access is called Outlook Anywhere. RPC over HTTP access is provided by Exchange Server 2007 with Client Access Server (CAS) installed. No Enterprise Vault extensions are required on Exchange Server 2007, but you need to configure RPC over HTTP access on the Enterprise Vault server. Outlook on users' computers needs to be configured to use RPC over HTTP, and Enterprise Vault Outlook Add-Ins (any type) need to be installed on users' computers. See Configuring Enterprise Vault access for OWA 2007 users on page 232.

Additional requirements for Exchange Server archiving What next?

69

What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server.

70

Additional requirements for Exchange Server archiving What next?

Chapter

Additional prerequisites for Domino Server archiving


This chapter includes the following topics:

Prequisites for all Enterprise Vault servers Prerequisites for Domino Server mailbox archiving Prerequisites for Domino journal archiving What next?

Prequisites for all Enterprise Vault servers


For Domino journaling or mail archiving you must do the following on every Enterprise Vault server:

1 2

Set the NOTESNTSERVICE system environment variable to '1'. Restart the server.

For more information about the NOTESNTSERVICE system environment variable and how to set it, see the following articles:

http://www-304.ibm.com/jct09002c/isv/tech/faq/individual.jsp?oid=1:85904 http://support.microsoft.com/kb/324705

If you do not set NOTESNTSERVICE there may be many different errors, such as intermittent failures when restoring archived items, errors when archiving, and errors from the Administration Console.

72

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

Prerequisites for Domino Server mailbox archiving


For Domino mailbox archiving, you need to configure the following:

One or more Enterprise Vault Domino Gateways. The Enterprise Vault Domino Gateway is a Domino server that is customized by Enterprise Vault configuration. The Enterprise Vault Domino Gateway provides the interface between Lotus Notes clients and Enterprise Vault. All the major actions on archived data (opening, restoring, deleting and searching) are handled by the Enterprise Vault Domino Gateway. One or more Enterprise Vault servers. An Enterprise Vault server can be co-located with an Enterprise Vault Domino Gateway or installed on a separate computer. To ensure control of load balancing, we recommend that you co-locate the Enterprise Vault Domino Gateway and Enterprise Vault server. Target Domino mail servers. Enterprise Vault client extensions for Lotus Notes and Domino Web Access.

This section describes the prerequisite software and settings for Domino mailbox archiving and the tasks that you need to perform before installing Enterprise Vault. If you are going to install Enterprise Vault Administration Console on a remote computer, then you must also install Lotus Notes 7.0.2 or later on that computer in order to manage Domino user archives. This section describes the minimum requirements for Domino mailbox archiving. For details of the latest supported software versions, see the Enterprise Vault Compatibility Charts (http://entsupport.symantec.com/docs/276547).

Prerequisite software for Enterprise Vault Domino Gateway


The Enterprise Vault Domino Gateway must be a Windows server that is running the following minimum software versions:

Domino Server 8.0 and Lotus Notes Client 8.0 Domino Server 7.0.2 and Lotus Notes Client 7.0.2 Enterprise Vault 2007

Depending on which versions of Domino Server and Lotus Notes you use, you may require Lotus Hotfixes. For details of required hotfixes, see the Enterprise Vault Compatibility Charts (http://entsupport.symantec.com/docs/276547).

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

73

You will need at least a Domino Messaging server license for each Enterprise Vault Domino Gateway.

Prerequisite software for target Domino mail servers


Target Domino mail servers that you want to archive must be running Domino Server 6.5.4 or later. For details of the latest supported software versions, see the Enterprise Vault Compatibility Charts (http://entsupport.symantec.com/docs/276547).

Prerequisites for Enterprise Vault extensions for Lotus Notes clients


Client access to archived items from Lotus Notes or Domino Web Access (DWA) clients is provided through changes to the Lotus Notes and DWA mail templates; no application needs to be installed on user workstations. You install the updated mail templates on target Domino mail servers and DWA servers throughout an organization. Users who require Enterprise Vault functionality available in their Lotus Notes client must have Lotus Notes Client 6.5.4 or later installed on their workstations. For details of the latest supported software versions, see the Enterprise Vault Compatibility Charts (http://entsupport.symantec.com/docs/276547). To enable the use of Enterprise Vault integrated search from within Lotus Notes or DWA mail clients, users must have Internet Explorer 6.0 or later installed on their workstations, and it must be set as the default Web browser in Lotus Notes. In addition, you need to configure Single Sign-On for the users on the Enterprise Vault Domino Gateway. See Configure Single Sign-On on page 75.

Pre-installation tasks for Domino mailbox archiving


You should have already created the following:

The Vault Service account. A SQL login account for the Vault Service account . DNS aliases for the Enterprise Vault server and site.

See Pre-installation tasks for Enterprise Vault server on page 44. You now need to perform the tasks described in this section to set up Domino server and Lotus Notes on the Enterprise Vault Domino Gateway computer. The following steps must be completed before you install Enterprise Vault on the computer: This ensures that the Enterprise Vault installation program detects

74

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

that this is a Domino server and will install the extension manager files and other database files.

Use IBM Domino Administrator client to do the following:

Register the Domino server that will run on the Enterprise Vault Domino Gateway computer, and set up the configuration for this server in the Domino Directory. See Register the Enterprise Vault Domino Gateway on page 74. Identify or create a user ID for the Domino mailbox archiving. See User ID for Domino mailbox archiving on page 76. Configure the server documents for the Domino mail servers from which Enterprise Vault will archive. See Configure the server document for each target Domino mail server on page 77..

On the computer that will host the Enterprise Vault Domino Gateway, do the following:

Install Domino server binaries and configure the Domino server. See Install and configure Enterprise Vault Domino Gateway on page 79.. Install Lotus Notes client binaries and hotfix, and configure the client. See Install and configure Lotus Notes on Enterprise Vault Domino Gateway on page 81..

After you have completed these tasks, you can install Enterprise Vault and perform the initial configuration. See Installing Enterprise Vault on page 111. You can then complete the configuration of Domino mailbox archiving. See Preparation for Domino mailbox archiving on page 314.

Register the Enterprise Vault Domino Gateway


There must be at least one Enterprise Vault Domino Gateway for each Domino domain to be archived. In a production environment, the Enterprise Vault Domino Gateway should not be used as a general mail server. The Enterprise Vault Domino Gateway cannot be a partitioned Domino server. Use IBM Domino Administrator client to register the Enterprise Vault Domino Gateway, and configure the server document, as described in this section. If you plan to have several Enterprise Vault Domino Gateway computers in your Domino domain, then you will need to repeat the following tasks for each Enterprise Vault Domino Gateway.

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

75

Configure the HTTP port. Configure server security. Add trusted servers. Set up Single Sign-On.

Configure the Internet port for HTTP


Enterprise Vault requires the HTTP task to be configured on the Enterprise Vault Domino Gateway. As IIS and the Domino server HTTP task both use port 80, change the port used by the Domino server. To configure the Internet port for HTTP

1 2 3

In Domino Administration client open the server document for the Enterprise Vault Domino Gateway. Select Ports tab and then Internet Ports tab in sub-document. On Web tab, set TCP/IP port number to something other than 80; for example, 8080.

Configure server security


To configure server security

1 2

Open the Security page of the server document. In the Programability restrictions Who can section, ensure that the user who will sign the mail templates is displayed in the field Sign agents to run on behalf of the invoker of the agent. Scroll down to Server Access. Add the user who will sign the mail templates to Create master templates. Add the target Domino mail servers to Trusted servers. Click Save and Close. Repeat the above steps for each Enterprise Vault Domino Gateway.

3 4 5 6 7

Configure Single Sign-On


To enable authentication for the archive search feature, you need to set up Single Sign-On on the Enterprise Vault Domino Gateway. The following procedure assumes that you are not using Internet Sites documents, if you are then use the procedure outlined in the Lotus Domino documentation.

76

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

For more detail on how to configure Single Sign-On using Web Configuration, see the following IBM article: http://www-1.ibm.com/support/docview.wss?rs=2272&context= SSTJRP&dc=DA400&uid= swg27002760&loc=en_US&cs=UTF-8&lang=en&rss=ct2272lotus To configure Single Sign-On

In the Domino Administrator client go to Configuration tab and select Server > All Server Documents view. Select (but do not open) the server document for the Enterprise Vault Domino Gateway. Click Web and select Create Web SSO Configuration from the drop down box .

In the Configuration Name field, change the default name to EVLtpaToken. In the DNS Domain field, enter the DNS domain of the participating Domino servers. In the Domino Server Names field, add all the Enterprise Vault Domino Gateways. If you want Single Sign-On to cover DWA users, then you also need to add the target Domino mail servers. Click Keys and in the drop down menu select Create Domino SSO Key. Click OK. Save and Close the Web SSO Configuration.

While the server document for the Enterprise Vault Domino Gateway is selected, click Edit server.

Click Internet Protocols tab and then Domino Web Engine sub-tab. Change the Session Authentication field to Multiple Servers (SSO). In the Web SSO Configuration field select EVLtpaToken. Save and close the server document.

User ID for Domino mailbox archiving


The Domino provisioning and mailbox archiving tasks need to access the users mail databases in order to do the following:

Add hidden views. Add or update a hidden Enterprise Vault profile document. Change mail items into shortcuts.

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

77

To comply with the Domino security model, this access to Domino mail databases needs to be done by an authenticated user using a Lotus Notes ID file. When you configure the server document for target Domino mail servers, you will give this ID at least Editor access and Delete Documents and Create shared folders/views permissions on mail files to be archived. See Granting the Domino archiving user access to mail files on page 78. Later, you specify this ID in the Enterprise Vault Administration Console when you are configuring Domino mailbox archiving. The ID details (including the password) are encrypted and stored in the Enterprise Vault directory database. Although you can use any user ID file that has the correct level of access, we recommend that you create a generic user account and grant the user the access permissions required.

Creating the Domino archiving user


Use the user registration tool in the Domino Administrator client to create a generic user account. As the users person document must contain the Domino domain name, the user must be a Lotus Notes mail user. It is advisable to give the user a sensible generic name, for example, Enterprise Vault Domino Archiving. You can prefix the last name with the special character '&' to ensure that the user is only displayed at the end of the address list, for example, Enterprise Vault Domino &Archiving/organization.

Configure the server document for each target Domino mail server
When configuring the server document for each of the target Domino mail servers, you will need to do the following:

The server document for each target Domino mail server must have Enterprise Vault Domino Gateways added as trusted servers: The signing ID that will be used to sign the Enterprise Vault client templates also needs to be given the following permissions:

Sign agents to run on behalf of the invoker of the agent, on target Domino mail servers. Create master templates.

The Domino archiving user needs to be given access to target user mail files. Optionally, you may want to enable Single Sign-On for DWA users.

78

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

To configure the server document for target mail servers

1 2

Open the Security page of the server document. In the Programability restrictions Who can section, ensure that the user who will sign the mail templates is displayed in the field Sign agents to run on behalf of the invoker of the agent . Scroll down to Server Access, and add all the Enterprise Vault Domino Gateways in the domain as trusted servers. Click Save and Close. Repeat the above steps for each Enterprise Vault target Domino mail server.

3 4 5

Granting the Domino archiving user access to mail files


The Domino archiving user needs to have at least Editor access and the following permissions to all the mail files to be archived:

Delete documents Create shared folders/views

Note: If you intend not to archive unread items then the Domino archiving user requires Manager access to the mail files. This is because Domino requires Manager access in order to determine which items are unread. If Domino administrators have Manager access to all mail files, then you can use the Manage ACL tool in the Domino Administrator client to add the Domino archiving user to all mail databases. Repeat the following steps for each target Domino mail server. To add the Domino archiving user to all mail databases

1 2 3 4 5

In the Domino Administrator client, navigate to the Domino mail server and click the Files tab. In the tasks pane, click the Mail folder to display a list of all the mail databases in the results pane. Select the first mail database, and then press Shift and End together to select all the mail databases. Right-click and select Access Control > Manage. Click Add and then press the person icon to select the Domino archiving user from the Domino directory list. Click OK.

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

79

6 7 8

When the user is in the ACL dialog box, change the Access field to Editor and the User Type to Person. Select Delete Documents and Create shared folders/views. Click OK to add the user to the ACL of all mail databases selected.

Warning: It is very important to set the User Type to Person to prevent any user from creating a group within the Domino directory of the same name as the Domino archiving user and granting the group access to all mail databases. If no user has Manager access to every mail database, then do the following:

Place the Domino server administrators user name in the Full Access Administrators field in the server document. Restart the Domino server. In the Domino Administrator client choose Administration > Full Access Administration and complete the procedure described above. If necessary the administrator can then be removed from the Full Access Administrators field.

Single Sign-On
The main requirement for Single Sign-On is to enable users to use the Enterprise Vault search feature. However, if Single Sign-On is not configured, DWA users will need to re-enter authentication details when opening archived items. To avoid this, you may want to configure Single Sign-On on DWA servers, even if you do not plan to give users access to the Enterprise Vault search feature. See Configure Single Sign-On on page 75.

Install and configure Enterprise Vault Domino Gateway


Install Domino Server binaries on each Enterprise Vault Domino Gateway computer. Select the Messaging Server option when installing. If you have installed Domino 7.0.2 on the Enterprise Vault Domino Gateway you must apply a Lotus Hotfix. See Prerequisite software for Enterprise Vault Domino Gateway on page 72. The Domino server on the Enterprise Vault Domino Gateway must run under the Vault Service account. It is best practice to run the Domino server as a service, but be aware that the server console is not displayed when running a service under

80

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

an account other than the system account. This is a Microsoft Windows limitation. To see the console, you can connect to it remotely. If you want to have the server console displayed locally while you are configuring Domino Mailbox archiving , you can run the Domino server as an application as follows:

Log on to the Enterprise Vault Domino Gateway computer using the Vault Service account. In Windows Services console, if the Lotus Domino Server service is running, stop it. Disable the Lotus Domino Server service. Start the Lotus Domino Server (by double-clicking the desktop icon or running Domino program directory\nserver.exe), and select the option to start the server as a regular application. The Domino server configuration starts.

During Domino server configuration:

Supply the Domino Server ID that was created when you registered the Domino server on the Enterprise Vault Domino Gateway. Select the option Web Browsers (HTTP Services) on the Internet Services page to add the HTTP server task. For optimum performance, you can use the Customize button to remove all but the minimum server tasks. The following Domino server services are the minimum required on the Enterprise Vault Domino Gateway:

Indexer (Update) Administration process (AdminP) Domino web server (HTTP)

Note: In a production environment, start the Domino Server on the Enterprise Vault Domino Gateway as a service running under the Vault Service account. To ensure that Enterprise Vault can configure user mail files for archiving, and subsequently update the users' mail files with any archiving policy changes, the Domino Directory should replicate frequently to the Enterprise Vault Domino Gateway. To enable DWA users to open those archived MIME items that are signed or encrypted there must be an SSL connection to the Enterprise VaultDomino Gateway. In this case, you must configure the Enterprise Vault Domino Gateway for SSL. If you do not do this configuration, DWA users receive the following error message:

Additional prerequisites for Domino Server archiving Prerequisites for Domino Server mailbox archiving

81

Unable SSL is but is Please

to complete the current operation. required for secure mail, not enabled on Domino Server. notify your administrator.

Install and configure Lotus Notes on Enterprise Vault Domino Gateway


For an Enterprise Vault server to be able to retrieve or restore archived items, Lotus Notes 7.0.2 or later client software must be installed and configured on the Enterprise Vault Domino Gateway computer. It is only necessary to install Lotus Notes, not the Domino Administrator client software. During the client installation, ensure that you select the single user option. Depending on your Domino configuration, you may need to install a Lotus Hotfix on the Enterprise Vault Domino Gateway. See Prerequisite software for Enterprise Vault Domino Gateway on page 72. Start the Lotus Notes client and configure the client using the ID of the Domino archiving user that you created earlier. During the configuration, do the following:

Clear the option Setup Instant Messaging. For Additional Services accept the default, None.

Note: In a production environment it is recommended that you do not run the Lotus Notes client on the Enterprise Vault because doing so may cause conflicts. If you must do so, stop all all Enterprise Vault Domino tasks before running Lotus Notes.

Install and configure Enterprise Vault


Before installing Enterprise Vault, stop the Domino Server on the Enterprise Vault Domino Gateway, if it is running. You can now install Enterprise Vault on the Enterprise Vault Domino Gateway computer and perform the initial set up tasks. Enterprise Vault can be co-located with an Enterprise Vault Domino Gateway or on a separate computer. To ensure control of load balancing, we recommend that you install Enterprise Vault on the same computer as the Enterprise Vault Domino Gateway. As the Enterprise Vault server will be responsible for Domino mailbox archiving and all client interactions, you can optimize performance by running only the minimum tasks and services on this computer.

82

Additional prerequisites for Domino Server archiving Prerequisites for Domino journal archiving

The following Enterprise Vault services are required:


Admin service Directory service Storage service Indexing service Task controller service

See Installing Enterprise Vault on page 111. After you have installed and configured Enterprise Vault, you can set up your Domino mailbox archiving environment using the Enterprise Vault Administration Console. See Preparation for Domino mailbox archiving on page 314.

Prerequisites for Domino journal archiving


The Domino Server must be running Lotus Domino Server 6 or later. On the Enterprise Vault server that will run the Domino Journaling task, you will need to install and configure Lotus Notes Client. During the client installation, select the single user option, and configure the Lotus Notes client for a Domino server in your organization. For full details of all the supported versions of prerequisite software, see the Enterprise Vault Compatibility Charts at http://entsupport.symantec.com/docs/276547.

Conflict with Microsoft Office 2003


If you have a Domino Journaling task and Microsoft Office 2003 on the same server, a steady increase in handle usage can lead to out-of-memory errors. This is a known issue with Microsoft Office 2003, described in Microsoft support article 841532. To apply the fix

Determine the location of the file Msoxmlmf.dll. The file is in the Office shared folder, the default location for which is as follows:
C:\Program Files\Common Files\Microsoft Shared\Office11

Click Start, click Run.

Additional prerequisites for Domino Server archiving Prerequisites for Domino journal archiving

83

Type regsvr32.exe /u and then the path to Msoxmlmf.dll. For example, if the file is in the default location, you might type the following:
regsvr32.exe /u "c:\program files\common files\microsoft shared\office11\msoxmlmf.dll"

Click OK.

Domino Journaling databases


Enterprise Vault will archive from any subfolder of the target Domino server's Data directory. Each subfolder, which must already exist, must be an immediate subfolder of the Data directory, and not lower down the folder structure. Otherwise, the Domino Journaling task fails to find any databases to archive. By defaultEnterprise Vault archives from all Domino Journaling databases that are in the subfolder and use the STDMailJournaling template. You can use a registry value to specify other templates to use. See Adding a Domino Journaling location on page 357. The normal Enterprise Vault configuration is to retain the original item until the vault store that contains the archived item has been backed up. Enterprise Vault then deletes the original item. The Domino Database Management method must not interfere with this Enterprise Vault process, which means that the Purge and Compact method (specified in the Journaling section of the server configuration document) is unsuitable, because there is the potential to lose items that have, for some reason, not been archived. Thus, the Domino Journaling database must have its Database Management method set to one of the following in the Journaling section of the server configuration document:

Periodic Rollover or Size Rollover. If you choose either of these options in Domino 6.5.n, Domino does not create the rollover databases in the same directory as the initial database. This means that you must manually move rollover databases into the Domino journal directory in order for them to be archived. None. If you select this method the database will continue to grow, so we recommend that you compact the journal directory each night.

Configure Domino Journaling so that the Journaling database is in a subfolder of the servers Data directory. If Domino Journaling is already configured, you may need to move the Journaling database and update the server configuration document.

84

Additional prerequisites for Domino Server archiving Prerequisites for Domino journal archiving

Support for clustered Domino journal databases


Enterprise Vault can archive from Domino journal databases on Domino Servers that are clustered using Domino application clustering. To support clustered journal databases, the following requirements must be satisfied:

Each Domino Server in the cluster should be independently journaling to a local database. Mail journaling databases should not be configured to replicate to other Domino servers in the cluster. This includes both cluster replication and scheduled replication. Enterprise Vault should be configured to archive from the Domino journal databases on each server in the cluster.

Access for Enterprise Vault


When you configure Enterprise Vault to archive a Domino Journaling location you must supply at least one Lotus Notes ID file. Enterprise Vault requires three levels of access, to domain, server, and journaling location. You can use a different ID file for each level or, for simplicity, a single ID file. The access levels are as follows:

Access to the Domino domain. This is provided by the ID file of a user who is enabled for Lotus Mail and whose account is in the same domain as the server. This account must have read access to the Domino Directory. Access to the Domino server. This is provided by the ID file of a user who has access to the Domino server and its directories. By default, Enterprise Vault will use the same ID file as is used to access the domain. Access to the Domino Journaling location This is provided by the ID file of a user who has Editor, Designer, or Manager access to the journaling databases, and also has the Delete Documents permission. If the database is encrypted, this ID file must be the one that was used to encrypt the database. By default, Enterprise Vault will use the same ID file as is used to access the server. If you do not specify a file for server access, Enterprise Vault will use the same ID file as is used to access the domain.

To configure access for Enterprise Vault

Create suitable ID files and place them in the Lotus Notes data folder on the Enterprise Vault server that will run the Domino Journaling task. By default, this is C:\Program Files\lotus\notes\data.

Additional prerequisites for Domino Server archiving What next?

85

Domino Mailing List Groups


To ensure the expansion of Domino mailing list groups when using Enterprise Vault Compliance Accelerator Journaling Connector, it is important that you set the Mail Domain field explicitly when configuring Domino mailing list groups.

Client access for Domino journal archiving


Domino Server journal archives can be searched using Enterprise Vault browser search. These archives cannot be accessed using Archive Explorer. To use Enterprise Vault browser search, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on the users desktop computer.

What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If your Enterprise Vault server is already set up, then configure Domino Server archiving using the Enterprise Vault Administration Console.

86

Additional prerequisites for Domino Server archiving What next?

Chapter

Additional prerequisites for File System Archiving (FSA)


This chapter includes the following topics:

About the prerequisites for FSA Enterprise Vault server requirements About FSA shortcuts The FSA Agent Preparing file servers Configuring Internet Explorer on NTFS file servers Client requirements What next?

About the prerequisites for FSA


This chapter describes the additional software and settings required for File System Archiving (FSA). For full details of all the supported versions of prerequisite products, see the Enterprise Vault Compatibility Charts.

Enterprise Vault server requirements


If you are implementing FSA but not Exchange Server archiving, you do not need to install Outlook on the Enterprise Vault server. However, if you need to access

88

Additional prerequisites for File System Archiving (FSA) About FSA shortcuts

files that have been archived using a previous version of Enterprise Vault, then Outlook is still required on the Enterprise Vault server. An Enterprise Vault Storage service is required on the Enterprise Vault server that hosts FSA. Internet Explorer 6.0 or later is required on the Enterprise Vault server computer that is to host FSA.

About FSA shortcuts


When a file is archived, Enterprise Vault can, optionally, leave one of the following types of shortcut in its place:

A placeholder shortcut. This is a special file that appears exactly as the original file but, when opened, forces Enterprise Vault to fetch the archived file. A Placeholder service needs to be configured to create these shortcuts. An internet (URL) shortcut. This is a .url text file containing a hypertext link to the archived file. The Placeholder service is not required to create these shortcuts.

Enterprise Vault cannot create placeholders for certain legacy files. This is particularly true of files that have extended attributes because they were previously stored in an HPFS (OS/2) file system.

Placeholder shortcut requirements


Enterprise Vault supports the creation of placeholder shortcuts on the following file system types:

NTFS. The FSA Agent must be installed on each NTFS file server to provide the Placeholder service. See The FSA Agent on page 89. Each disk on which placeholder shortcuts are required must be an NTFS device; it is not sufficient to use a non-NTFS device that appears on the network as an NTFS device. The Enterprise Vault server uses CIFS when accessing the file system, for example, to archive files. NetApp Filer with Data ONTAP 7.0 or later. The Placeholder service for NetApp Filer devices runs on the Enterprise Vault server computer and accesses the NetApp Filer using CIFS. EMC Celerra.

Additional prerequisites for File System Archiving (FSA) The FSA Agent

89

The Placeholder service for EMC Celerra file systems runs on the Enterprise Vault server and accesses the EMC Celerra file system using CIFS. Before installing and configuring FSA, ensure that the target file system that you want to archive is supported. See the Enterprise Vault Compatibility Charts.

The FSA Agent


The FSA Agent must be installed on NTFS file servers on which you wish to do any of the following:

Use Placeholder shortcuts Implement File Blocking Gather data for FSA Reporting's reports

Instructions for installing the FSA Agent are included in the instructions for installing and configuring FSA on NTFS file servers. The FSA Agent can be used in a clustered environment. See About FSA clustering on page 397. Note: The FSA Agent requires Microsoft .NET Framework v 2.0 as a prerequisite on the file server.

Preparing file servers


For placeholder shortcut creation on a Windows platform, the Vault Service account must have the following access rights:

Local administrator rights on the file server Full control on the share that is configured as the target volume

Optionally the Vault Service account also requires browse permissions on the target folders, and on any folders in the paths to the target folders. If these optional permissions are not set, the administrator is unable to browse in the Administrator Console for the target folder, and so must specify the path by typing it in. The remainder of this section gives instructions on how to prepare NetApp Filer devices for archiving. As preparing EMC Celerra file servers requires information about the Enterprise Vault server configuration, the steps are described in a later section.

90

Additional prerequisites for File System Archiving (FSA) Configuring Internet Explorer on NTFS file servers

See Preparing an EMC Celerra device on page 366.

Setting the permissions on a NetApp Filer


Before configuring a NetApp Filer for archiving, you must give the Vault Service account administrative permissions on the file server. To set the permissions on a NetApp Filer

Add the Vault Service account as an Administrator on the NetApp filer by following these steps in the order listed:

Log on to a Windows server as a user who already has administrative rights on the NetApp filer. On the Windows desktop, right-click My Computer and then, on the shortcut menu, click Manage. In Computer Management, select Connect to another computer from the Action menu and then enter the name of the NetApp filer.

2 3 4

Expand Local Users and Groups and click Groups. In the right pane, right-click Administrators and then, on the shortcut menu, click Add to Group. Click Add to add the Vault Service account to the list of group members.

Configuring Internet Explorer on NTFS file servers


On NTFS file servers that host the Placeholder service, the Enterprise Vault Web access application computer must be in the Internet Explorer trusted sites list. If the Internet Explorer security settings are incorrect, users will not be able to open any placeholder shortcuts. Each attempt to do so produces an entry on the Windows Application log on the placeholder computer, saying that there was an error downloading a file. To configure the Internet Explorer security settings

1 2 3 4 5 6

Log on as the Vault Service account to the NTFS file server that is running the Placeholder service. On the Windows Start menu, click Settings > Control Panel. Double-click Internet Options. Click the Security tab. In the list of zones, click Local intranet. Click Sites.

Additional prerequisites for File System Archiving (FSA) Client requirements

91

7 8 9

Click Advanced. Enter the name of the Web access application computer, without the DNS domain, and then click Add. Click OK.

10 Click OK to close the local intranet settings. 11 On the Security tab of the Internet Options dialog box, click Custom Level. 12 Under User Authentication in the Security Settings dialog box, select either
Automatic logon only in Intranet zone or Automatic logon with current username and password.

13 Click OK to close the Security Settings dialog box. 14 Click OK to close the Internet Options dialog box.

Client requirements
The following client access to archived items is available with FSA:

If shortcuts are created in the items original location, users can access an archived item simply by double-clicking the shortcut on the file server. If shortcuts are not created, users can access the archived items in the archives using archive search or Archive Explorer.

To use Enterprise Vault browser search or Archive Explorer, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on each users desktop computer.

What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. See the following chapters for details. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server. If your Enterprise Vault server is already set up, then configure File System Archiving using the Enterprise Vault Administration Console.

92

Additional prerequisites for File System Archiving (FSA) What next?

Chapter

Additional prerequisites for SharePoint Server archiving


This chapter includes the following topics:

Enterprise Vault server requirements SharePoint Server requirements Installing Enterprise Vault SharePoint components Running the configuration wizard What next?

Enterprise Vault server requirements


Internet Explorer 6.0 or later is required on the computer that hosts the Enterprise Vault Storage Service; typically this would be the Enterprise Vault server computer. If you have a new Enterprise Vault installation that includes SharePoint Server archiving, but not Exchange Server archiving, you do not need to install Outlook on the Enterprise Vault server. However, if you need to access documents that have been archived using a previous version of Enterprise Vault, then Outlook is still required on the Enterprise Vault server. Also, if you are using SharePoint Portal Server 2003 with Backwards Compatible Document Libraries (BCDL), then you must have Outlook installed on the Enterprise Vault server.

94

Additional prerequisites for SharePoint Server archiving SharePoint Server requirements

SharePoint Server requirements


The prerequisite software and settings for the SharePoint Servers to be archived are as follows:

The version of Microsoft SharePoint products must be at least one of the following:

Microsoft Windows SharePoint Services 2.0 with Service Pack 1 Microsoft SharePoint Portal Server 2003 with Service Pack 1 Microsoft Windows SharePoint Services 3.0 (WSS 3.0) Microsoft Office SharePoint Server 2007 (MOSS 2007)

If you have SharePoint Portal Server 2003 with Backwards Compatible Document Libraries (BCDL), see the installing and configuring instructions in the following Technical Note, available from the Symantec knowledge base: http://entsupport.symantec.com/docs/284469

Ensure that the Vault Service account is either a member of the SharePoint administration group for the SharePoint virtual servers or has local administrator privileges on the SharePoint computer. The account under which the Enterprise Vault SharePoint task runs (typically the Vault Service account) must have full access to target site collections and their content. When archiving from SharePoint 3.0 sites, the account must have Site Collection Administrator privileges on the target SharePoint site collections. SharePoint Servers must be running Windows Server 2003 with Service Pack 1 or later.

For full details of all the supported versions of prerequisite products, see the Enterprise Vault Compatibility Charts.

SharePoint security certificates


The certificate used by the SharePoint virtual server or Web Application must have the same name as the SharePoint URL. For example, if the Sharepoint URL is https://sharepoint, then the name of the certificate used when issuing a certificate request must be sharepoint. If the names do not match, Enterprise Vault will not be able to validate the SharePoint site when you try to configure it in the Administration Console.

Additional prerequisites for SharePoint Server archiving SharePoint Server requirements

95

Support for SharePoint 2003 to 2007 gradual migration


Enterprise Vault supports gradual migration from SharePoint 2003 to SharePoint 2007. When installing Enterprise Vault in an environment that is being gradually upgraded to SharePoint 2007, and you want sites to be archived while they are pending migration, do the following:

Install and configure Enterprise Vault with SharePoint Server 2003. Upgrade SharePoint Server to SharePoint 2007.

The following information provides an overview of the steps. Detailed instructions are given in later sections in this manual. To install and configure Enterprise Vault with SharePoint 2003

1 2 3 4 5 6

Install Enterprise Vault on the Enterprise Vault server. Install the Enterprise Vault SharePoint components on the SharePoint server. Run the Enterprise Vault configuration tool on the SharePoint server. Run the Enterprise Vault Administration Console on the Enterprise Vault server and configure SharePoint sites for archiving. Return to the SharePoint Server and install the Enterprise Vault Web Parts and the Archive Version History link. Check that archiving is working correctly.

Upgrade SharePoint Server to SharePoint Server 2007

1 2 3 4

Upgrade SharePoint Server 2003 to 2007. Repeat the installation of the Enterprise Vault SharePoint components on the SharePoint server. Install the Enterprise Vault Web Parts and the Archive Version History link again. Ensure that the account that the SharePoint task runs under is a Site Collection Administrator on the target SharePoint site collections. The migration is now complete.

About migrated and unmigrated sites


Unmigrated sites should continue to be archived using the redirected URL. Migrated sites should continue to be archived from the normal URL. You can also configure newly created SharePoint 2007 sites for archiving.

96

Additional prerequisites for SharePoint Server archiving Installing Enterprise Vault SharePoint components

The following example shows the use of redirection during the gradual migration process. Before upgrade:

SharePoint site URL: http://sharepoint/sites/site1 Enterprise Vault target URL: http://sharepoint/sites/site1 Enterprise Vault will archive site URL: http://sharepoint/sites/site1

After upgrade, before site is migrated:

SharePoint site URL: http://sharepoint/sites/site1 is redirected to http://sharepoint:8003/sites/site1 Enterprise Vault target URL is unchanged: http://sharepoint/sites/site1 Enterprise Vault will archive unmigrated site at redirected URL: http://sharepoint:8003/sites/site1

After upgrade, when site has been migrated:


SharePoint site URL: http://sharepoint/sites/site1 - no redirection Enterprise Vault target URL is still unchanged: http://sharepoint/sites/site1 Enterprise Vault will archive migrated site URL: http://sharepoint/sites/site1

Installing Enterprise Vault SharePoint components


This section describes how to install the Enterprise Vault SharePoint components on SharePoint Servers. To install the Enterprise Vault components on your SharePoint server

1 2 3 4 5 6 7

Log on to the SharePoint Server using the Vault Service account. Load the Enterprise Vault CD-ROM on your SharePoint Server computer. Open the Enterprise Vault folder. Open the Server folder. Double-click SETUP.EXE to start the installation. Work through the installation wizard until you reach the Select Components to Install screen. Select Microsoft SharePoint Components. If you are installing only the Enterprise Vault SharePoint components on this computer, clear the check boxes for other Enterprise Vault components.

Additional prerequisites for SharePoint Server archiving Running the configuration wizard

97

8 9

Click Next. Work through the remainder of the setup wizard.

Running the configuration wizard


After the installation wizard has finished, you need to run the configuration wizard. The SharePoint configuration wizard asks for details of the Vault Service account and configures the Enterprise Vault Admin service to log on using this account. To configure Enterprise Vault components on the SharePoint Server

1 2 3

Click Start > Programs > Enterprise Vault > SharePoint Configuration to start the configuration wizard. Click Next to continue. You are prompted for details of the account that Enterprise Vault services will use. Enter the details of the Vault Service account. You must use the format domain_name\username when you specify the account. Alternatively, use the Browse button to browse for the account. Enter the password for the account and confirm it.

Click Next. A warning message is displayed if the account you are using does not have sufficient privileges to validate the password (see SharePoint Server requirements). Click Yes to continue.

On the last screen of the configuration wizard click Finish to exit the program.

What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server. If your Enterprise Vault server is already set up, then configure SharePoint Server archiving using the Enterprise Vault Administration Console.

98

Additional prerequisites for SharePoint Server archiving What next?

Chapter

10

Additional prerequisites for SMTP archiving


This chapter includes the following topics:

About the prerequisites for SMTP archiving Microsoft SMTP Server requirements Enterprise Vault server and holding area requirements Client access for SMTP archiving What next?

About the prerequisites for SMTP archiving


This chapter describes the additional prerequisites for SMTP archiving. As SMTP archiving uses FSA to store the messages, ensure that the FSA prerequisites are also satisfied. See About the prerequisites for FSA on page 87. Ensure that you use supported versions of prerequisite products. See the Enterprise Vault Compatibility Charts.

Microsoft SMTP Server requirements


When the gateway mail server receives the message, it should relay the message on to its destination and send a blind copy to the Microsoft SMTP Server that will be used for Enterprise Vault SMTP archiving

100

Additional prerequisites for SMTP archiving Enterprise Vault server and holding area requirements

As Microsoft SMTP Server is included in IIS, install IIS on the Microsoft SMTP Server computer, and configure an SMTP virtual server. The following software versions are required on the Microsoft SMTP Server computer:

Windows Server 2000 or later IIS 5.0 or later

For instructions on how to configure Microsoft SMTP Server, see the Microsoft documentation. As the Microsoft SMTP Server is the destination messaging server for any SMTP messages to be archived by Enterprise Vault, configure the required domain addresses in DNS. All messages sent to SMTP archiving are stored; it does not perform any filtering. For this reason, only SMTP messages should be sent to this server, and not Exchange MAPI messages. We recommend that you do not install SMTP archiving on a server that is running Microsoft Exchange Server. Although you can install the Microsoft SMTP Server on the same computer as Enterprise Vault, it is more common to install it on a separate computer. You must not configure this server to relay messages to other messaging servers; it should only receive messages for archiving.

Enterprise Vault server and holding area requirements


If you are implementing SMTP archiving, but not Exchange Server archiving, you do not need to install Outlook on the Enterprise Vault server. Internet Explorer 6.0 or later is required on the computer that hosts the Enterprise Vault Storage Service; typically this would be the Enterprise Vault server computer. As Enterprise Vault uses FSA to archive the messages, ensure that the Enterprise Vault server and the holding area file server satisfy FSA prerequisites. See About the prerequisites for FSA on page 87.

Client access for SMTP archiving


Users can find and retrieve archived SMTP messages using Enterprise Vault browser search or Archive Explorer, which they can run from a browser. To view messages in their original format, users must have Outlook Express installed.

Additional prerequisites for SMTP archiving What next?

101

To use Enterprise Vault browser search or Archive Explorer, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on the users desktop computer.

What next?
Ensure that you review all the additional prerequisite information for your planned installation. There are additional prerequisites for other Enterprise Vault components, for different types of archiving, for a standalone Administration Console, and for clustered environments. If you have reviewed all the prerequisite information, then you can install and configure your Enterprise Vault server. If your Enterprise Vault server is already set up, then configure SMTP archiving.

102

Additional prerequisites for SMTP archiving What next?

Chapter

11

Prerequisites for a standalone Enterprise Vault Administration Console


This chapter includes the following topics:

About the prerequisites for a standalone Enterprise Vault Administration Console Additional requirements for Exchange Server archiving What next?

About the prerequisites for a standalone Enterprise Vault Administration Console


If required, the Enterprise Vault Administration Console can be installed on a separate computer that has the following prerequisite software:

Windows Server 2003, Windows 2000 (with Service Pack 3 or later), Windows XP Professional (with Service Pack 2 or later), or Windows 2000 Professional (with Service Pack 3 or later). MDAC 2.6 or later. A suitable version is installed automatically with Windows Server 2003. IIS 5 or later. Both Microsoft .NET Framework v 1.1 and Microsoft .NET Framework v 2.0. You need to install both versions of Microsoft .NET Framework.

104

Prerequisites for a standalone Enterprise Vault Administration Console Additional requirements for Exchange Server archiving

Administration tools for Windows Server 2003 or Windows 2000. These are not required if you have installed Windows Server 2003 or Windows 2000 Server on the standalone console computer. The Administration Tools for Windows Server 2003 require Windows XP Professional or later.

Additional requirements for Exchange Server archiving


If Enterprise Vault is configured to archive Exchange Servers, the following software is also required on the remote Administration Console computer:

Server Manager for Exchange 2000 or Exchange Server 2003. The version you will require depends on the operating system running on the Enterprise Vault computer and the version of Exchange being managed. See the Enterprise Vault Compatibility Charts. Outlook 2003.

What next?
Ensure that you review all the additional prerequisite information for your planned installation. If you have reviewed all the prerequisite information, then you can install and configure the Administration Console. See Before you install Enterprise Vault on page 111.

Section

Installing and configuring Enterprise Vault

Licenses and license keys Installing Enterprise Vault Postinstallation tasks Configuring Enterprise Vault Initial Enterprise Vault setup Uninstalling Enterprise Vault

106

Chapter

12

Licenses and license keys


This chapter includes the following topics:

Overview of licensing Obtaining license keys Installing Enterprise Vault license key files Replacing licenses and installing additional licenses What next?

Overview of licensing
Enterprise Vault uses the Enterprise Licensing System (ELS). To run the associated Enterprise Vault services, you must install a license key file that covers the Enterprise Vault features that you want to implement. The following types of Enterprise Vault license are available:

Production license. This license comprises a product base license and any additional feature licenses. When the license file is installed, the functionality of Enterprise Vault depends on the feature licenses that you have purchased. Production licenses generally do not have an expiry date. Trialware license. With this 30 day license, the full functionality of Enterprise Vault is available, but the functionality is time-limited, as defined by the key. When the license expires, the software continues to run in restricted, read-only mode, which allows archived items to be viewed and retrieved, but no items can be archived. Enterprise Vault tasks will not start, and you cannot migrate the contents of personal folder (PST) files to Enterprise Vault. Temporary licenses. Temporary licenses are available for 10 day to 90 day duration.

108

Licenses and license keys Obtaining license keys

When the license expires, the software continues to run in restricted, read-only mode, which allows archived items to be viewed and retrieved, but no items can be archived. Enterprise Vault tasks will not start, and you cannot migrate the contents of personal folder (PST) files to Enterprise Vault.

Obtaining license keys


For information on how to purchase Enterprise Vault licenses, see Symantec Enterprise Vault Licensing Information at the following address on the Symantec Web site: http://www.symantec.com/enterprise/products/licensing.jsp?pcid=1018&pvid=322_1 The following Enterprise Vault features, which are mentioned in this guide, require licenses:

Enterprise Vault core services Exchange Server mailbox archiving Exchange Server journal archiving Domino Server journal archiving Domino Server mailbox archiving Exchange Server public folder archiving Migrating PST files SharePoint Server archiving Archive Explorer Offline Vault File System Archiving (FSA) SMTP archiving Policy Manager (EVPM) Custom filters and properties Migrating collected Enterprise Vault files

Note that other Enterprise Vault tools and features that are not mentioned in this guide may also need licenses. After you have purchased licenses and received your License Certificate, Voucher Document, or Upgrade Notification, you need go to the Symantec Licensing Portal at the following address:

Licenses and license keys Installing Enterprise Vault license key files

109

https://licensing.symantec.com/acctmgmt/index.jsp to register and generate your license key file. You will need the serial number on the license document or notification in order to generate a Symantec Licensing Portal account. When you have generated a license key file, you download a zipped and digitally-signed ELS license file. The ELS license file has a unique name and the extension .slf. Each license file can contain the license keys for several Enterprise Vault features. For information about generating license key files, contact Symantec Customer Care at the following address: http://www.symantec.com/enterprise/support/index.jsp

Installing Enterprise Vault license key files


Save this file in a temporary location on each Enterprise Vault server computer. The Enterprise Vault installation wizard prompts for the location of your ELS license file, and copies the file to the top-level Enterprise Vault folder (typically C:\Program Files\Enterprise Vault). When the Enterprise Vault Admin service is started, it installs the licenses. During this process, it creates a new folder called Installed Licenses under the Enterprise Vault folder, and moves the license file into the folder. As this folder will contain all the ELS license files successfully installed by the Enterprise Vault Admin service, it provides a useful backup repository for all your Enterprise Vault licenses. When the Admin service installs a license, it writes a license information report message to the event log. You can continue Enterprise Vault installation without an ELS license file, but Enterprise Vault will operate in restricted, read-only mode until you obtain and install a new ELS license.

Replacing licenses and installing additional licenses


Follow the instructions in this section if you have already installed Enterprise Vault and subsequently want to install additional license files or replace existing license files.

110

Licenses and license keys What next?

To replace a license or install an additional license

1 2 3 4 5

Place the new .slf license file in the Enterprise Vault folder (typically C:\Program Files\Enterprise Vault). Restart the Enterprise Vault Admin service. The service moves any license files it finds in the Enterprise Vault folder to the Installed Licenses folder under the Enterprise Vault folder. The Admin service writes a license information report message to the event log. For a multi-server Enterprise Vault deployment, you must repeat the steps on each Enterprise Vault server.

What next?
You can augment your Enterprise Vault functionality by obtaining additional appropriate licenses and keys from your supplier and then installing the new keys. If you have obtained temporary or trialware licenses, the license keys will expire at the end of the license period and Enterprise Vault will revert to running in restricted, read-only mode. The features will be enabled when you install new production license keys.

Chapter

13

Installing Enterprise Vault


This chapter includes the following topics:

Before you install Enterprise Vault Installing Enterprise Vault What next?

Before you install Enterprise Vault


Check that all the prerequisites for your planned installation have been fulfilled. Run the Deployment Scanner on the computers on which you plan to install Enterprise Vault. See Enterprise Vault Deployment Scanner on page 38.

Installing Enterprise Vault


Perform the following steps to install the required Enterprise Vault components. To install Enterprise Vault

1 2 3 4 5 6

Restart the IIS Admin Service, and ensure it is running. Log in to the Vault Service account to install Enterprise Vault. Load the Enterprise Vault CD-ROM into your CD-ROM drive. Double-click Admin Documentation link in the top-level folder to display the Enterprise Vault administrator documentation. Click the ReadMe link to display the ReadMe text and read it before continuing with the installation. Open the Enterprise Vault folder.

112

Installing Enterprise Vault What next?

7 8 9

Open the Server folder. Double-click SETUP.EXE to start the installation. Install the required Enterprise Vault components for this computer. The core components for an Enterprise Vault server are as follows:

Enterprise Vault Services. Installs all the core Enterprise Vault services. After the installation, you must configure the services before using them. This is done when you run the Enterprise Vault configuration wizard. See About configuring Enterprise Vault on page 123. Administration Console. Installs the Administration Console. This is a snap-in to the Microsoft Management Console (MMC) that enables you to manage Enterprise Vault. This component also installs the Enterprise Vault configuration wizard and the PST Migrator. If you want to install a standalone Administration Console on a remote system, then select this component only.

A number of other components can be installed as required, if their prerequisites are met. Some of these components are listed only if certain software is present:

SMTP Archiving Components, Exchange Server Extensions and Microsoft SharePoint components are usually installed on computers other than the Enterprise Vault server. For details, see the appropriate section elsewhere in this manual. Enterprise Vault Operations Manager must be installed on at least one Enterprise Vault server in your site if you wish to use it to monitor the Enterprise Vault servers in that site. Enterprise Vault Reporting is listed for selection only if Microsoft SQL Server Reporting Services (SSRS) are installed on the computer. Enterprise Vault Reporting can be installed on an Enterprise Vault server, but is more typically installed on a separate server running SSRS.

10 At the end of installation, you may be instructed to restart your computer.

What next?
You must run the appropriate configuration programs to configure the Enterprise Vault components you have installed. See About configuring Enterprise Vault on page 123.

Installing Enterprise Vault What next?

113

You must perform the postinstallation tasks described in the next chapter before you start the Enterprise Vault Administration Console. If the installation was unable to configure the security for the Web access application, you must configure it manually.

114

Installing Enterprise Vault What next?

Chapter

14

Postinstallation tasks
This chapter includes the following topics:

Security for the Web access application Customizing security for the Web access application Customizing security on the client computers What next?

Security for the Web access application


The Enterprise Vault installation automatically configures Basic authentication and Integrated Windows authentication. The security that is automatically set up affects users when they log in to the Web access application, as follows:

A user logging in with a browser that supports Integrated Windows Authentication, such as Internet Explorer, must supply domain name and username separately: Username: username Password: password Domain: domain This domain can never be defaulted. An Internet Explorer user with suitably-customized browser settings does not need to supply logon details manually because the logon is automatic; Internet Explorer automatically uses the details of the account to which the user is currently logged on. See Customizing security on the client computers on page 119.

116

Postinstallation tasks Security for the Web access application

A user logging in to the Web access application with a browser that does not support Integrated Windows Authentication, must supply both domain name and username in response to a single username prompt: Username: domain\username Password: password It is possible for you to set up a default domain. See Using a default domain with basic authentication on page 117.

For other Web access application security options, see Customizing security for the Web access application.

Setting up the default authentication


The installation automatically configures Basic authentication and Integrated Windows Authentication for the Enterprise Vault Web access application. When you installed Enterprise Vault, if there was no message saying that setup could not set alias security, the authentication described in this section has already been applied to your system. The Enterprise Vault Web access application is always installed on the same computer as Internet Information Server (IIS). To set up the default authentication

1 2 3 4 5 6 7 8 9

Log in to the IIS computer as Administrator. Click Start > Programs > Administrative Tools > Internet Services Manager. Expand the container for the Enterprise Vault Web access application computer. Expand the Default Web Site container. Right-click the EnterpriseVault folder and, on the shortcut menu, click Properties. Click the Directory Security tab. In the Anonymous access and authentication control section, click Edit. Clear the Anonymous access check box. Select Basic authentication. A security message appears, warning about transmitting passwords without encryption. Click Yes to continue. Note the following:

If all clients will be using Internet Explorer, you can clear Basic authentication. If any clients will be using other Web browsers, make sure that Basic authentication is selected.

Postinstallation tasks Customizing security for the Web access application

117

Do not add a domain name in Basic authentication unless you also create a WebApp.ini file as described in Using a default domain with basic authentication.

10 Select the Integrated Windows Authentication check box. 11 Click OK. 12 Click the Virtual Directory tab. 13 On Windows 2000 only, click Create. The path to the Web access application
is now set up.

14 Click Configuration. 15 Click the App Options tab. 16 Increase the ASP Script Timeout. A value of 900 seconds is normally
sufficient. This increase in the ASP script timeout is so that users can restore baskets containing large numbers of items.

17 Click OK.
On Windows 2000, if there is a prompt about Inheritance Overrides, click Select All and then OK.

Customizing security for the Web access application


The standard security for the Web access application means that users must provide domain name, user name, and password whenever they start the Web access application. This section describes various levels of automatic authentication that you can set up for the users. If none of these methods is acceptable to you, the default authentication enables users to log on by supplying domain, username, and password.

Using a default domain with basic authentication


With only Basic authentication configured, users must provide a domain name when logging on to the Web access application. For example, a user in domain myDomain with a username of Rogers must specify myDomain\Rogers when logging on to the Web access application. It is possible for IIS and Enterprise Vault to use a default domain for Basic authentication. In this case, users in the default domain do not need to specify a

118

Postinstallation tasks Customizing security for the Web access application

domain name when starting the Web access application. Users in other domains must still specify a domain name.

Setting up a default domain in IIS


Note that the default domain does not work unless you also define it for the Web access application, as described in Setting up a default domain in the Web access application. To set up IIS so that it uses a default domain for Basic authentication

1 2 3 4 5 6 7 8 9

Click Start, Programs, Administrative Tools, Internet Information Services (IIS) Manager. Expand the Web Sites container for the Enterprise Vault Web access application computer. Expand the Default Web Site container. Right-click the EnterpriseVault folder and, on the shortcut menu, click Properties. Click the Directory Security tab. In the Authentication and access control section, click Edit. Clear Enable anonymous access if it is selected. If Basic authentication is not already selected, then select it. To select the default domain, click Select on Windows Server 2003, and click Edit on Windows 2000. that will be using the Web access application and click OK. If there is a prompt about Inheritance Overrides, click Select All and then OK.

10 Enter the name of the domain that contains the majority of the user accounts

Setting up a default domain in the Web access application


Note that the default domain does not work unless you also define it in IIS, as described in Setting up a default domain in IIS.

Postinstallation tasks Customizing security on the client computers

119

To set up the Web access application so that it uses the same default authorization domain as you have set up in IIS

Use a text editor to create an initialization file called WebApp.ini, containing the following line:
Domain=DomainName

where DomainName is the name of the domain that you have specified in IIS for Basic authentication. Note that entries in this file are case-sensitive. For example, to use a domain called myDomain, the line to use is as follows:
Domain=myDomain

Save the file in the Enterprise Vault program folder, normally C:\Program Files\Enterprise Vault, on the computer that runs the Web access application.

Customizing security on the client computers


On user computers, you can configure Internet Explorer so that users are automatically logged on to the Web access application, without receiving a logon prompt. Essentially, you must configure Internet Explorer so that it trusts the Web access application computer. For this to work, you must also be using the Integrated Windows Authentication, as described in Setting up the default authentication. To make Internet Explorer log on automatically, you may need to modify the Internet Explorer Internet Options on each client computer. The settings are saved in the Windows registry, so you can save them for rollout to many client computers. There are many possible ways for you to configure Internet Explorer security, some of which may not be acceptable to you. The following methods are described here:

Using the proxy bypass list Explicitly naming the Web access application computer

See the Internet Explorer help if you need more information on configuring browser security.

120

Postinstallation tasks Customizing security on the client computers

Using the proxy bypass list


Note that you must be using a proxy server before you can use the proxy bypass list. To configure Internet Explorer to use the proxy bypass list

1 2 3 4 5 6 7 8 9

In Internet Explorer, click Tools and then Internet Options. Click the Security tab and then click the Local Intranet zone. Click Sites and then select Include all sites that bypass the proxy server. Click OK. Click Custom Level. Under Logon, select Automatic logon only in Intranet zone. Click OK. Click the Connections tab, and click LAN Settings. Check that a proxy server is being used. sure that the Web access application computer is in the automatic configuration exceptions list.

10 If either of the Automatic configuration settings is selected, you must make

11 If neither of the Automatic configuration settings is selected, click Use a


proxy server and then Advanced. If there is no existing entry that includes the Web access application computer, specify the Web access application computer in the Exceptions list.

Explicitly naming the Web access application computer


This section describes how to add the Web access application computer to the Internet Explorer local intranet zone. Once you have set up the security, users will not need to log on to search archives or to view or restore archived items. It is possible to configure users desktops so that they automatically add the Web access application computer to the Internet Explorer local intranet zone. See the Administrators Guide more details. To configure Internet Explorer to trust the Web access application computer

1 2 3 4

In Internet Explorer, click Tools and then click Internet Options. Click the Security tab and then click the Local Intranet zone. Click Custom Level. Under Logon, select Automatic logon only in Intranet zone and then click OK.

Postinstallation tasks Customizing security on the client computers

121

5 6

Click Sites and then Advanced. In the Add this Web site to the zone box, enter the fully-qualified domain name of the Web access application computer and then click Add. For example, vault.company.com. In the Add this Web site to the zone box, enter the computer name, without the DNS domain, of the Web access application computer and then click Add. Click OK.

7 8

Enabling remote access to the Web access application computer


You may need to grant users of the Enterprise Vault Web access application access to the IIS computer, using the local IIS computer accounts database, not the domain accounts database. Note: If the IIS computer is a domain controller, there is no local accounts database, only a domain accounts database. If you continue with these instructions when the IIS computer is a domain controller, you will make changes to the security access of the domain accounts database. This will affect all computers within the domain, not just the IIS computer. If you do not want to affect the whole domain, you should ensure that you run IIS on a non-domain controller. To grant access

1 2 3 4

Click Start, Programs, Administrative Tools, Local Security Policy. The Local Security Settings window appears. Expand the Local Policies container. Click User Rights Assignment. Set up Basic authentication access by following the steps below in the order listed:

(On Windows 2003) In the right-hand pane, right-click Allow log on locally and, on the shortcut menu, click Properties. The Local Security Policy Setting window appears. (On Windows 2000) In the right-hand pane, right-click Log on locally and, on the shortcut menu, click Security. The Local Security Policy Setting window appears. Check that the Users group appears in the list.

122

Postinstallation tasks What next?

(On Windows 2000) Check that Local Policy Setting is selected. If Local Policy Setting is not selected, add it.

Set up Integrated Windows Authentication access by following the steps below in the order listed:

In the right-hand pane, right-click Access this computer from the network and, on the shortcut menu, click Properties (on Windows Server 2003) or Security (on Windows 2000). The Local Security Policy Setting window appears. Check that the Users group appears in the list. (On Windows 2000) Check that Local Policy Setting is selected. If Local Policy Setting is not selected, add it. If you do not want to add the Users group, see the other options below.

By default, the Users group includes Domain Users. If the Users group does not include Domain Users, or if some Web access application users are in a different domain, you must do one of the following:

Add the Web access application users to the Users group. Add the Web access application users to some other group and then grant the access right to that group. Grant the access right to each Web access application users account.

The Enterprise Vault Web access application is now set up and ready to be used by users in the same domain as IIS.

What next?
You have now completed the post-installation tasks. Ensure that you have the required Enterprise Vault licenses installed. If you have not yet run the Enterprise Vault configuration wizard, you can run it now. If you have already run the Enterprise Vault configuration wizard, then start to set up your Enterprise Vault server using the Administration Console.

Chapter

15

Configuring Enterprise Vault


This chapter includes the following topics:

About configuring Enterprise Vault Running the Enterprise Vault configuration wizard Configuring Enterprise Vault Operations Manager Configuring Enterprise Vault Reporting What next?

About configuring Enterprise Vault


On completion of the Enterprise Vault installation program, you may need to run one or more configuration programs, depending on which Enterprise Vault components you installed:

If you installed the Enterprise Vault Services component, you must run the Enterprise Vault configuration wizard before running any other configuration programs. See Running the Enterprise Vault configuration wizard on page 124. If you installed the Enterprise Vault Operations Manager component, you must configure Enterprise Vault Operations Manager. See Configuring Enterprise Vault Operations Manager on page 129. If you installed the Enterprise Vault Reporting component, you must configure Enterprise Vault Reporting. See Configuring Enterprise Vault Reporting on page 131.

124

Configuring Enterprise Vault Running the Enterprise Vault configuration wizard

If you installed only the Administration Console component, you do not need to run any configuration program. If you installed components for specific archiving implementations such as Exchange, Domino, SharePoint or SMTP, you may need to perform separate configuration steps for those components. See the relevant section elsewhere in this manual.

Running the Enterprise Vault configuration wizard


Read this section to find out what the Enterprise Vault configuration wizard does, and when and how to run it.

When to run the configuration wizard


Run the configuration wizard either immediately after installation (after restarting your computer if prompted), or after performing the postinstallation tasks for the Web access application, described in the previous chapter. Note the following:

If you run the configuration wizard immediately after the installation, remember that there are some additional tasks that you need to do before users can use Enterprise Vault. See the previous chapter for details. If you exit from the configuration wizard before configuration is complete, you can run the configuration wizard again and have the option to delete the Directory database. Once you have successfully completed the configuration wizard, you cannot run it again on the same computer.

What the configuration wizard does


The configuration wizard lets you do the following:

Select which SQL Server you want to use for the Enterprise Vault Directory database. Create the Enterprise Vault Directory database. Create the Enterprise Vault Monitoring database. Create an Enterprise Vault site. Add the computer to the site. Select the Enterprise Vault services you want to run on the computer. Choose the storage areas to use for Enterprise Vault data.

Configuring Enterprise Vault Running the Enterprise Vault configuration wizard

125

Some tasks, such as adding a service or assigning storage areas for the data, can also be done using the Enterprise Vault Administration Console. However, the following tasks can only be done using the configuration wizard:

Creating a new Enterprise Vault Directory Creating a new Enterprise Vault site Adding a new Enterprise Vault server

Running the configuration wizard


Note: These instructions apply to a non-clustered environment. If you are configuring Enterprise Vault in a Veritas Cluster Server or Microsoft Server Cluster environment, see instead the appropriate clustering section in this manual. You may be starting the configuration wizard after restarting your computer or after completing the Installation Program. Follow the instructions below to run the configuration wizard on the first Enterprise Vault server in your site. When you are using the configuration wizard to configure Enterprise Vault on subsequent computers, refer to the online Help if you are unsure about how to proceed. If during the running of the configuration wizard you receive an error related to the configuring of the Enterprise Vault Monitoring database, complete the configuration wizard and then refer to the troubleshooting information for the Monitoring database. See Troubleshooting configuration of the Monitoring database on page 129. To run the configuration wizard

Click Start > Programs > Enterprise Vault > Enterprise Vault Configuration. The Configuration wizard starts. The first screen asks whether you want to create a new Enterprise Vault Directory database.

Click Yes and then Next. The wizard asks you to select the language you want Enterprise Vault to use when populating the default settings in the Administration Console.

Select the required language and then Next. The wizard asks for details of an account for Enterprise Vault services to use.

126

Configuring Enterprise Vault Running the Enterprise Vault configuration wizard

Enter the details of the Vault Service account that you created earlier. See Creating the Vault Service account on page 44. You must use the format domain_name\username when you specify the account. Alternatively, browse for the Vault Service account. Enter the password for the Vault Service account and confirm it.

Click Next. A warning message is displayed if the account you are using does not have sufficient privileges to validate the password to the Vault Service account. Click Yes to continue. A message tells you that the Vault Service account has been added to the local Administrators group. Click OK to close the message. A second message notifies you that the account will be given the advanced user rights, Log On As a Service and Act as Part of the Operating System, Debug programs, and Replace a process-level token. Click OK to close the message. The configuration wizard creates the Directory service and then the next screen asks for the location of the SQL Server that you want to use for the Directory database.

6 7

Enter the location of the SQL Server that you want to use. You can specify a SQL Server instance if required. Click Next. The wizard shows the default locations for the Directory database files and transaction log.

Change the locations if necessary. If you have specified that SQL Server is on a remote computer, the paths for the data file and transaction log file must be valid on that remote computer.

Click Next. The wizard creates the Directory database. The next screen asks for the location of the SQL Server that you want to use for the Monitoring database.

10 Enter the location of the SQL Server that you want to use. You can specify a
SQL Server instance if required. Leave Start Monitoring immediately selected to begin monitoring as soon as the configuration is complete on this Enterprise Vault server.

Configuring Enterprise Vault Running the Enterprise Vault configuration wizard

127

11 Click Next.
The next screen shows default locations on the SQL server for the Monitoring database files and transaction log.

12 Change the locations if necessary.


If you have specified that SQL Server is on a remote computer, the paths for the data file and transaction log file must be valid on that remote computer. Do not specify paths that are on the root of a file system, such as C: or C:\.

13 Click Next.
The wizard creates the Monitoring database. The next screen asks for details of the new Enterprise Vault site.

14 Enter a name and description for the new Enterprise Vault site. 15 Enter the Enterprise Vault site alias that you created earlier.
For more information about the Vault site alias, see Enterprise Vault site alias.

16 Click Next.
The next screen asks for a DNS alias for current computer (the Enterprise Vault server alias). See Enterprise Vault site alias on page 47. You are recommended to enter a DNS alias, but you can, if necessary, enter the computers fully-qualified DNS name.

17 Enter a DNS alias for the current computer and click Next. 18 Click Next to add the computer to the Enterprise Vault site.
An information screen lists software that is installed on your computer. Based on this list, the wizard automatically selects Enterprise Vault services to add to your computer.

19 Click Next. The list shows the services that will be added to your computer. 20 Check the list of services. If there are services in the that you do not need,
you can remove them now.

21 To add additional services to this computer, click Add and select the service
that you want to add.

22 Once you have the correct list of services, click Properties for each service
and review the settings. Change the settings as necessary.

128

Configuring Enterprise Vault Running the Enterprise Vault configuration wizard

23 When you have finished reviewing the services properties, click Next.
The default storage locations for the Shopping service and the Indexing service are displayed.

24 Check that the storage locations are suitable. Click Back if you want to change
them. Note the following points:

You must ensure that the default index storage location is on an accessible device and that the Vault Service account can write to it. With Exchange Server archiving, Enterprise Vault adds information about the index storage location to the Directory database when you enable mailboxes. You cannot easily change the index storage location for mailboxes after you have enabled them. However, you can use the Administration Console to change the index storage location, or add further locations, before you enable any mailboxes.

25 If you do not want to change the default locations for the Indexing and
Shopping services, click Next. If you do want to change the locations, click Back, select the service that you want to modify and click Properties to change the location. The next screen asks for details of the service mailbox.

26 An information page is displayed.


Click Next to continue and start the services.

27 The services that you have added are listed.


Click Next to start the Enterprise Vault services. If any of the service does not start immediately, continue to click Next until they have all started. The services will not start unless you have installed the appropriate license keys. If you do not have the license keys yet, you can continue configuring Enterprise Vault using the Administration Console, but you cannot run the services until the license keys have been installed.

28 Click Finish to exit from the configuration wizard.

Configuring Enterprise Vault Configuring Enterprise Vault Operations Manager

129

Note: Remember that you can run the configuration wizard successfully only once on a computer. If you exit the configuration wizard after successfully configuring Enterprise Vault, you cannot run the wizard again. To do any further setup or management of the Enterprise Vault components, other than that related to Enterprise Vault Operations Manager or Enterprise Vault Reporting, you must use the Administration Console.

Troubleshooting configuration of the Monitoring database


If while running the configuration wizard you receive errors indicating that the configuration of the Enterprise Vault Monitoring database has failed, complete the configuration wizard and then run the Monitoring Configuration utility to configure the Monitoring database and the Monitoring agents manually. For information on how to do this, see the following TechNote on the Enterprise Vault Support Web site: http://entsupport.symantec.com/docs/287449 The TechNote also describes how to troubleshoot issues with Monitoring agents.

Configuring Enterprise Vault Operations Manager


This section describes when and how to configure Enterprise Vault Operations Manager. To configure Operations Manager you use the Operations Manager Configuration utility.

When to run the Configuration utility


Run the Enterprise Vault Operations Manager Configuration utility after installing Operations Manager on a server, but only after the server has been successfully configured using the Enterprise Vault configuration wizard. You can rerun the Operations Manager Configuration utility if the configuration fails for some reason and you need to repeat it. You can also rerun the utility if you need to change the details of the monitoring user account. In this case, be sure to rerun the utility on all servers on which Operations Manager is installed.

Running the Operations Manager Configuration utility


Run the Operations Manager Configuration utility to configure Operations Manager for the first time, or to change the details of the monitoring user account.

130

Configuring Enterprise Vault Configuring Enterprise Vault Operations Manager

To run the Operations Manager Configuration utility

1 2

Ensure you are logged in under the Vault Service account. Click Start > Programs > Enterprise Vault > Operations Manager Configuration. The Operations Manager Configuration utility starts.

Provide the details of the monitoring user account you have created for Operations Manager to run under. Enter the Active Directory domain, the user name, and the password for the monitoring user account.

Click Configure to run the utility. The utility gives the account the required permissions, and adds the user to the EnterpriseVaultDirectory database as the monitoring user.

When the utility has finished, click OK on the displayed dialog to quit the utility.

Note: If you ran this utility to update the details of the monitoring user account, remember to rerun the utility on any other Enterprise Vault server with Operations Manager installed. You can now try accessing Operations Manager to confirm it has been successfully installed and configured.

Accessing Operations Manager


If you have installed the Enterprise Vault Operations Manager Web application on at least one Enterprise Vault server in an Enterprise Vault site, you can use it to monitor the sites Enterprise Vault servers. After configuring Operations Manager, try accessing it to confirm the configuration has been successful.

Configuring Enterprise Vault Configuring Enterprise Vault Reporting

131

To access Enterprise Vault Operations Manager

Enter the following URL in Internet Explorer 6.0 or later:


http://host_ipaddress/MonitoringWebApp/default.aspx

where host_ipaddress is the IP address of the computer hosting an Enterprise Vault server on which the Enterprise Vault Operations Manager Web application feature is installed. Alternatively, if you are accessing Operations Manager from the computer on which it is installed, you can use the following URL, which does not require the next step:
http://localhost/MonitoringWebApp/default.aspx

In the Connect to <IP Address> dialog, enter the user name and password of an account in the host computers domain. If you wish, you can use the user credentials created for use by Operations Manager as part of the Operations Manager installation prerequisites. Then click OK. If the user credentials are valid, Operations Manager displays its Site Summary page.

Troubleshooting Operations Manager


If you see an error page when attempting to access Enterprise Vault Operations Manager, ensure that you have done the following and then try to access the application again:

Confirm that you have satisfied all the pre-installation steps described in About additional requirements for Operations Manager. Check that IIS 6 is not locked down. Ensure that Integrated Windows Authentication is enabled for the default Web site in IIS 6, then restart IIS.

If this does not solve the problem, see the following TechNote on the Enterprise Vault Support Web site: http://entsupport.symantec.com/docs/288138. The TechNote provides detailed troubleshooting information related to installing and using Operations Manager.

Configuring Enterprise Vault Reporting


This section describes when and how to configure Enterprise Vault Reporting. To configure Reporting you use the Reporting Configuration utility.

132

Configuring Enterprise Vault Configuring Enterprise Vault Reporting

When to run the Reporting Configuration utility


Run the Reporting Configuration utility after installing the Enterprise Vault Reporting component. Note: You must only configure Reporting after you have successfully run the Enterprise Vault configuration wizard to configure at least one Enterprise Vault server in the site. You must also run the Reporting Configuration utility after upgrading Enterprise Vault, to deploy any new and upgraded reports. You can rerun the Reporting Configuration utility if the configuration fails for some reason and you need to repeat it. You can also rerun the Reporting Configuration utility if you need to change the details of the reporting user account, or to specify a change in the location of the Directory database SQL server.

Running the Reporting Configuration utility


Run the Reporting Configuration utility to configure Enterprise Vault Reporting, to deploy upgraded reports after an upgrade, or to change the Reporting data access settings. To run the Reporting Configuration utility

1 2

Ensure you are logged in under the Vault Service account. Click Start > Programs > Enterprise Vault > Reporting Configuration. The Reporting Configuration utility starts.

Choose one of the configuration options:

Configure Reporting and deploy or upgrade reports. Select this option to do either of the following:

Configure Reporting and deploy the reports on this server, Deploy new and upgraded Enterprise Vault reports, after performing an upgrade of Enterprise Vault.

Reconfigure data access settings for Reporting. Select this option to change the details of the reporting user account, or to specify a change in the location of the SQL server for the Enterprise Vault Directory database.

Configuring Enterprise Vault Configuring Enterprise Vault Reporting

133

Provide the details of the reporting user account you have created for Reporting to run under: Enter the Active Directory domain, the user name, and the password for the reporting user account.

Enter the following details, where required:

If you are using Microsoft SQL Server Reporting Services 2005, select the Microsoft SQL Server Reporting Services instance on which you want to deploy the reports. To deploy the reports on the default instance, select the instance name MSSQLSERVER. Select the language you want the reports to use. Select the Directory database SQL Server. If the server does not appear in the list, type in the name of the server.

6 7

Click Configure or Reconfigure to run the utility. When the utility has finished, click OK on the displayed dialog to quit the utility.

Now follow the postconfiguration steps for Enterprise Vault Reporting, if you are configuring Reporting for the first time.

Postconfiguration steps for Enterprise Vault Reporting


Perform the following steps to ensure the Enterprise Vault reports are accessible:

Check that the reporting user account has an SQL logon on all the SQL servers used for:

The Enterprise Vault Directory database The Enterprise Vault Monitoring database The Enterprise Vault Audit database All Vault store databases

If a logon does not exist on all these SQL servers, create it.

Check that the SQL server role EVReportingRole has been added to each Enterprise Vault database, and that this role has been assigned to the reporting user. Microsoft SQL Server Reporting Services uses roles-based access for its reports. You need to assign the "Browser" role to user accounts that require access to Enterprise Vault Reportings reports on the Microsoft SQL Server Report Manager Web application.

134

Configuring Enterprise Vault Configuring Enterprise Vault Reporting

Note: Some reports rely on Enterprise Vault Monitoring or Enterprise Vault Auditing being enabled in order to provide the source data. Monitoring may be enabled or disabled from the Enterprise Vault configuration wizard, or from the Enterprise Vault Operations Manager Web application, if it is installed. Auditing may be enabled from the Administration Console, as described in the Administrator's Guide. You can now try accessing Enterprise Vault Reporting's reports to confirm that Reporting has been successfully installed and configured.

Accessing the reports


To confirm that Enterprise Vault Reporting has been installed and configured successfully, try accessing the reports as follows. These instructions explain only how to access the Enterprise Vault Reporting reports. For more details of the content of the reports and how to view them, see the Administrators Guide. Note: Do not change the names of any of the Enterprise Vault Reporting reports. If you change the report names, you will not be able to access the reports from the built-in links within the reports. To access the Enterprise Vault Reporting reports

Enter the following URL in your Web browser:


http://host_name/reportmgr_Webapp_name/

where:

host_name is the fully qualified host name of the computer hosting the

Microsoft SQL Server Reporting Services Report Manager Web application.

reportmgr_Webapp_name is the name of the Microsoft Reporting Services

Report Manager Web application. For example:


http://alderaan.evdomain.com/Reports/

or
http://alderaan.evdomain.com/Reports$MyInstance/

Configuring Enterprise Vault What next?

135

where MyInstance is the Reporting Services instance name.

Enter the credentials of a user account that has been assigned "Browser" role access to Microsoft Reporting Services reports. See Postconfiguration steps for Enterprise Vault Reporting on page 133.

From the Reporting Services Web application Home page, select Symantec Enterprise Vault > language > Operation Reports . where language is the language. The Operation Reports folder contains the Enterprise Vault reports.

Select the required report from the list of available reports on the Operation Reports page. This generates a report using default values for the report parameters. To run the report again with your required parameter values, enter the parameter values and then click View Report.

Note: To run the FSA Data Analysis Reports, you must first configure FSA Reporting. See Configuring FSA Reporting on page 392.

Troubleshooting Enterprise Vault Reporting


If you have problems with installing Enterprise Vault Reporting, or when accessing or viewing its reports, see the following TechNote on the Enterprise Vault Support Web site: http://entsupport.symantec.com/docs/288139. This TechNote gives detailed troubleshooting information for Enterprise Vault Reporting.

What next?
If you have not already done so, perform the postinstallation tasks for the Enterprise Vault Web access application, if required, as described in the previous chapter. You can then continue with setting up the Enterprise Vault server from the Enterprise Vault Administration Console. To find out how to start the Administration Console, see Starting the Administration Console.

136

Configuring Enterprise Vault What next?

If you have another computer to add to the Enterprise Vault site, you must install all prerequisite software on that computer, install Enterprise Vault, and then follow the instructions in this chapter to configure it.

Chapter

16

Initial Enterprise Vault setup


This chapter includes the following topics:

License keys Using the Administration Console Adding services Creating retention categories Creating a default vault store and partition Reviewing the default settings for the site What next?

License keys
At the end of the configuration wizard you were asked to start the Enterprise Vault services. These services will not start until you have installed the appropriate license keys.

Using the Administration Console


The Enterprise Vault Administration Console is a snap-in for Microsoft Management Console (MMC). MMC provides a common framework for administrative tools that gives them all a similar look and feel. It is possible to customize an MMC snap-in so that it includes the exact functionality needed by a particular administrator.

138

Initial Enterprise Vault setup Using the Administration Console

The Administration Console enables you to manage the Enterprise Vault sites, services, archiving tasks, policies and targets. If people are using separate administration consoles at the same time to make changes to Enterprise Vault, the changes made by one person are not necessarily shown in the other consoles. You are recommended to avoid using multiple consoles simultaneously when managing Enterprise Vault. If you do use multiple consoles, press F5 to refresh the Administration Console display before you make any changes.

Setting up the Administration Console to display Japanese characters


If your Enterprise Vault installation is going to have Japanese users (either Japanese administrators or Outlook users who have a Japanese version of the Enterprise Vault User Extensions), you must set up the Administration Console so that it can display Japanese characters. The Japanese characters are used when displaying the following:

Exchange Server mailbox names Archive names and descriptions The Web access application system message Retention category names and descriptions

Follow the steps below on each computer that is to run the Administration Console. To set up the Administration Console to display Japanese characters

Start the registry editor and navigate to the following key:


HKEY_LOCAL_MACHINE \SOFTWARE \KVS \Enterprise Vault \Admin

Add the following registry string values:


SecondaryFontCharSet SecondaryFontSize SecondaryFontFace SHIFTJIS 12 MS UI Gothic

Check that the MS UI Gothic font is installed:

Initial Enterprise Vault setup Using the Administration Console

139

On Windows 2000 Server:


In the Windows Control Panel, double-click Regional Options. On the General tab, under Language settings for the system, select Japanese if it is not already selected. Click OK.

On Windows 2003:

In the Windows Control Panel, double-click Regional and Language Options. In Regional and Language Options, click the Languages tab. Under Supplemental language support, select Install files for East Asian languages. There is an information message that tells you the files will be installed after you click OK or Apply. Click OK.

The values given here work well but, if you want to experiment with other settings, you can change the fonts while the Administration Console is running.

Starting the Administration Console


To use the Administration Console initially, you should log in as the Vault Service account. You can then assign roles to other administrators, to enable them to perform the required Enterprise Vault management tasks using the Administration Console. To start the Administration Console

On the Windows Start menu, click Programs > Enterprise Vault > Administration Console. MMC starts and loads the Administration Console snap-in. The left pane of the main Administration Console shows you the hierarchy of components that make up your Enterprise Vault site. The right pane shows you the contents of whatever you select in the hierarchy.

To get help

Do one of the following:

To access online help for Enterprise Vault, click Help > Help on Enterprise Vault. This online help includes Enterprise Vault manuals. To find out more about MMC, click Help > Help on MMC in the MMC window. The MMC help appears.

140

Initial Enterprise Vault setup Using the Administration Console

To refresh the screen

Press F5 to force a refresh at any time.

About administration roles


Enterprise Vault provides the following mechanisms that you can use to control the access administrators have to the Administration Console:

Roles-based administration. Many administrative tasks do not require all the permissions that are associated with the Vault Service account. Roles-based administration enables you provide individual Enterprise Vault administrators with exactly the permissions required to perform their individual administrative tasks. You can assign individuals or groups to roles that match their responsibilities and they are then able to perform the tasks that are included in those roles. Because the permissions are associated with roles, rather than with individual administrators, you can control the role permissions without having to edit the permissions for each administrator. Admin permissions. You can grant or deny access to the following containers in the Administration Console tree:

File Server Exchange Server SharePoint Virtual Server Enterprise Vault Server

You can control access by assigning roles, or by using admin permissions, or both. When you install or upgrade to Enterprise Vault 7.0 only the Vault Service account has access the Administration Console. You can restrict the tasks administrators can perform by assigning roles and you can further restrict access by using admin permissions to restrict administrators to managing specific Administration Console containers. Roles-based administration enables you to use Microsoft Authorization Manager to configure the various administrator roles. All such configuration is performed using the Vault Service account. See Roles-based administration on page 39. For instructions on setting up roles-based administration, see the Administrators Guide.

Initial Enterprise Vault setup Adding services

141

Adding services
Use the Administration Console to add the following core Enterprise Vault services:

Indexing service. Storage service Shopping service Task Controller service.

When creating services, you may be prompted for the password of the Vault Service account. The index storage location is on an accessible device to which the Vault Service account has write access. When you add archiving tasks, such as Exchange Mailbox or File System archiving tasks, they will run under the control of the Task Controller service. If you stop the Task Controller service, all tasks running under the control of this service will also stop. The same instructions can be repeated to add each of these services. To add a service

1 2 3

In the left pane, expand the Enterprise Vault site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Right-click the name of the computer to which you want to add the service and, on the shortcut menu, click New and then Service. The Add Service dialog box appears, listing the services you can add.

4 5

Click the service that you want to add. Click Add.

Creating retention categories


You may have decided during planning that you wanted more retention categories than the ones predefined in Enterprise Vault. If this is the case, you must create your own retention categories. Alternatively, you can edit the predefined retention categories to suit your needs.

142

Initial Enterprise Vault setup Creating retention categories

To create a new retention category

1 2 3

Expand the Enterprise Vault site hierarchy until Retention Categories is visible. Right-click Retention Categories. From the shortcut menu, select New > Retention Category. The New Retention Category wizard starts.

Work through the wizard. Click Help on any of the wizard screens if you need more information.

Retention category properties


By assigning a retention category to items at the time they are archived, it is possible to categorize stored items. This categorization makes it easier to retrieve items because it is possible to search by category. A retention category also specifies the minimum amount of time after its last modification date that an item must be retained. This length of time is the retention period. For mail messages, the retention period is the time since the message was received. For documents, it is the time since the document was last modified. With Exchange Server archiving, users can select retention categories for mailbox folders or items so that, when archiving occurs, items are stored with the appropriate retention category. If you later modify a retention category, the changes are retrospective. For example, if you have a retention category called Customer Accounts with a retention period of 5 years and you change the retention period to 10 years, items that have been already archived with the Customer Accounts retention category are retained for a minimum of 10 years. Enterprise Vault can automatically delete expired items. See the Administrator's Guide for more details. A retention category has the following properties:
Name You can modify the retention category name as needed. The new name is used immediately, so users of the Web access application must search using the new name to find items stored with this retention category. This is a description of the retention category. Make sure that the description you give here is meaningful to users.

Description

Initial Enterprise Vault setup Creating a default vault store and partition

143

Retention period

This is the minimum amount of time to retain an item that has been archived using this retention category. The period runs from the date the item last changed, not from the date that the item is stored in an archive, as follows: For mail messages, the date is the date that the message was received. For documents, the date is the date the document was last modified.

Retain items forever

Select this if you want items never to expire.

Prevent deletion of Select this to prevent users deleting items that have been archived archived items in using this retention category. This protection applies during the this category retention period, and also after the retention period has expired. In other words, while this option remains selected, users can never delete items that have been stored using this retention category. This setting affects only those items that are stored in archives. It does not affect items that are still on archiving target servers. Hide this category Check this to prevent users using this category when archiving new from users items. The category is still available to users when they are searching for items that have already been archived. Enterprise Vault does not allow the site default retention category to be hidden from users. If you hide the site default retention category, Enterprise Vault automatically chooses another retention category and makes it the site default. Lock this Retention Category Administrative Note To prevent unintentional changes, check this to lock all the retention category settings.

For your notes. Edit this text as necessary. This text is visible only to Enterprise Vault administrators.

Creating a default vault store and partition


Archives are grouped in vault stores. When you create a vault store object in the Administration Console, a SQL vault store database is created for that vault store. Information about the archives in the vault store, and all the items stored in each archive, is held in the vault store database. For example, when an archived item has been backed-up, this will be reflected in the information held in the vault store database. Each vault store can have one or more partitions. Partitions are physical storage areas for the archives. Each vault store can have multiple partitions, on different

144

Initial Enterprise Vault setup Creating a default vault store and partition

storage media, if required, but only one partition is active at a time. You can create a new partition within a vault store as needed. The partitions within a vault store can be on different types of device; for example, you could have some partitions on NTFS and some on EMC Centera. You must create a vault store and a vault store partition before archives can be created. Archives may be created automatically by the archiving task, or manually, depending on the type of archiving and whether you configure auto-enabling of the archiving target. If archives are automatically created, then they are created in the default vault store. The default vault store can be set on the Enterprise Vault server. With Exchange Server archiving, the default vault store can also be set for the Exchange Server or for a Provisioning Group. Note: A vault store can have only one open partition, which is the partition into which all new items are archived. When you create a new partition, the wizard asks whether you want it to be open or closed. If you choose to create an open partition any existing open partition is automatically closed. On the partition properties you can configure and schedule the collection and migration of archived data files. Collection involves collecting multiple small files into CAB files. Migration involves moving the collected files onto longer term storage devices. See online help for details on setting these options. Other storage applications have been integrated with Enterprise Vault to enable the collection and migration of data files. Supported applications are listed in the Enterprise Vault Compatibility Charts. For instructions on how to configure collection and migration using other applications, see collection and migration articles on the Symantec support knowledge base. To create a vault store and partition

1 2

In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until Vault Stores is visible. Right-click Vault Stores and then click New > Vault Store. The New Vault Store wizard starts.

Work through the wizard. You will need to provide the following information:

The computer hosting the Storage service that the vault store is to use. The name of the vault store. The name can contain letters, numbers, and spaces.

Initial Enterprise Vault setup Reviewing the default settings for the site

145

The SQL server that is to create and manage the vault store database, and the locations for the database files. When safety copies are to be removed from the archiving target. This can be Never, After backup or Immediately after archiving. Some of these options are not available with some storage devices. See the online help for details.

When the vault store has been created, the wizard then takes you through creating a partition. You will need to provide the following information:

The partition name. Whether the new partition should be created open or closed. There can only ever be one open partition. If you create an open partition, all existing partitions are closed. The type of device on which the partition is to be created. You can select the required type of storage device from the drop-down list. The additional information that you need to provide will depend on which device you select. For help with the options, see the online help on the wizard pages. The location on the device for the vault store. This can be entered as an UNC address. The location must be empty. Whether to store a single copy of items that are shared by multiple users. Whether to use Security ACLs. This option does not apply to Centera devices. It is usual to create a vault store partition with security ACLs in the folders in the partition. Some optical devices, however, do not allow Enterprise Vault to add the ACLs.

Reviewing the default settings for the site


Check the default settings configured in the Enterprise Vault site properties. To display the site settings

1 2

In the Administration Console, expand the contents of the left pane until the Enterprise Vault site is visible. Right-click the Enterprise Vault site and then, on the shortcut menu, click Properties. Alternatively, select the site and click the Review site properties button on the toolbar.

Click Help on any of the Site Properties screens for further information.

146

Initial Enterprise Vault setup Reviewing the default settings for the site

Site properties include the following settings. Note that you can override some of these at a lower level. For example, you can override the site archiving schedule for a particular task by setting the schedule in the task properties. The indexing level can also be set at policy and archive level and the default retention category can be set at policy level (and at Provisioning Group level for Exchange Server mailbox archiving).
General

The site name and description. Whether users can delete items from their archive. The URL to use for the Web access application. PST holding area details. A system message for users, if required. A system message for administrators, if required.

Archiving Defaults The default retention category.

The default indexing level. The schedule for running storage expiry to delete from archives any items that are older than the retention period assigned. If required, you can set limits on the size of archives.

Storage Expiry

Archive Usage Limit Site Schedule Monitoring

The schedule for running automatic, background archiving. Performance counters for monitoring Enterprise Vault.

Click Help on any of the site properties screens for further information.

Setting the Site archiving schedule


Each archiving task or service runs according to a schedule that you define. The possible schedules for each task are as follows:

The default schedule, which is the one that you set in the site properties. This schedule applies to all archiving tasks in your Enterprise Vault site. The task's own schedule, which is the one that you set by editing its properties. You edit this schedule if you want to provide specific settings for that task, overriding those in the site properties.

Initial Enterprise Vault setup Reviewing the default settings for the site

147

To edit the default schedule for the site

1 2 3 4

In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until the name of the site is visible. Right-click the site name and then click Properties. Click the Site Schedule tab. Modify the schedule as required. The online help gives detailed instructions on using the schedule page.

URL for the Web access application


On the General page of site properties, the URL for accessing the Enterprise Vault Web access application is set up automatically as:
http://EV_Webserver/location

where EV_Webserver is the address of the Enterprise Vault server computer on which the Web access application is installed and location is the name of the virtual directory for the Web access application. For new installations this is always EnterpriseVault. For example:
http://our_EV_Webserver/EnterpriseVault

If you are implementing an environment with built in resilience, using building blocks, for example, you may prefer to modify the URL to be less computer-specific. If all Enterprise Vault servers must use the same virtual folder name, you can enter the URL as just the virtual directory. For example:
/EnterpriseVault

This forces Enterprise Vault to dynamically generate the URL as needed, with the appropriate server name for each user. If your IIS computer requires secure connections, using HTTPS, then you would change the above URL to:
https://our_EV_Webserver/EnterpriseVault

If you want to access the Web server using a port other than the default port, you can specify the port in the URL as follows:
https://our_EV_Webserver:port/location

For example, to access the Web access application on the Web server, EVWebserver1, using HTTPS and port 321, you would specify the URL as:
https://EVWebserver1:321/EnterpriseVault

148

Initial Enterprise Vault setup What next?

What next?
Go to the appropriate section for further setup instructions for the type of archiving that you want to implement.

Chapter

17

Uninstalling Enterprise Vault


This chapter includes the following topics:

Uninstalling Enterprise Vault Reinstalling Enterprise Vault

Uninstalling Enterprise Vault


Note the following before you proceed:

If you uninstall Enterprise Vault on the primary Enterprise Vault server that is associated with the Directory database, the Directory database will also be removed. If you uninstall Enterprise Vault on a secondary Enterprise Vault server, the Directory database will not be removed. If you are uninstalling Enterprise Vault on a secondary Enterprise Vault server, and you want to preserve the Directory database, first backup the database and then close down the primary Enterprise Vault server computer, before uninstalling Enterprise Vault on the secondary Enterprise Vault server computer. If an Enterprise Vault service has data associated with it, you cannot use the Enterprise Vault Administration Console to remove that service.

150

Uninstalling Enterprise Vault Reinstalling Enterprise Vault

To uninstall Enterprise Vault

1 2

From the Windows Control Panel, select Add/Remove Programs. From the list of programs, select Enterprise Vault, and then click Add/Remove. You are asked to confirm that you want to remove Enterprise Vault from your system.

Click Yes. The uninstaller stops Enterprise Vault services that are still running. It then removes all Enterprise Vault Services and Enterprise Vault software from your system. The uninstaller does not delete data.

Reinstalling Enterprise Vault


If you want to reinstall Enterprise Vault on the computer, perform the following steps. To reinstall Enterprise Vault

1 2

Re-run the Setup program. You do not have to select the same installation folder for Enterprise Vault that you previously selected. Run the Enterprise Vault configuration wizard. When this program prompts you for a Directory Computer, give the same name as for the previous installation. The configuration wizard automatically creates the same services as the computer had before. If you do not want to reinstall Enterprise Vault, delete the Enterprise Vault data manually.

Section

Setting up Exchange Server archiving

Distributing Exchange Server Forms Setting up archiving from mailboxes Setting up users desktops Offline archives for offline users Setting up archiving from public folders Setting up archiving of journaled messages Envelope Journaling

152

Chapter

18

Distributing Exchange Server Forms


This chapter includes the following topics:

About distributing the Microsoft Exchange forms What next?

About distributing the Microsoft Exchange forms


If you are implementing Exchange Server archiving, Microsoft Exchange forms need to be distributed around your Microsoft Exchange Server organization. Different language versions of the forms are provided in the Enterprise Vault server kit and also in the Outlook Add-In installer kits. The forms can be distributed in the following ways:

Install the forms in folders in the Organizational Forms Library on the Exchange Server. See Using Organizational Forms Library on page 153.. Allow the Outlook Add-in to store forms in each user's Personal Forms Library. See Using Personal Forms Libraries on page 157.

Using Organizational Forms Library


This section describes how to create Organizational Forms folders and then install the forms. You create one folder in the Organizational Forms Library for each language version of the forms that you want to install.

154

Distributing Exchange Server Forms About distributing the Microsoft Exchange forms

Creating Organizational Forms folders


On Exchange Server 2000 and 2003, you use Exchange System Manager to create folders in the Organizational Forms Library. On Exchange Server 2007, the method used to create the Organizational Forms Library and folders has changed; you cannot use the administrative tools. The method described in this section uses the MAPI editor, MfcMapi.exe, which you can obtain from the following Microsoft Web location: http://go.microsoft.com/?linkid=5684182 To create Organizational Forms folders on Exchange Server 2000 and 2003

1 2 3

Click Start, Programs, Microsoft Exchange System Manager. Expand the Organization (Exchange) object. Expand your Administrative Group. If this is not available, right-click your Organization and select Properties. Then check Display Administrative Groups and click OK.

4 5 6

Expand Folders. Right-click Public folders and, on the shortcut menu, click View System folders. The right-hand pane displays the system folders. In the right-hand pane, right-click EFORMS REGISTRY and, on the shortcut menu, click New, and then click Organizational Form. A Properties window appears. Fill in the details on the Properties window. Under E-forms language, select the language that is appropriate to the forms you are going to install and then click OK to return to the Exchange System Manager screen. In the right-hand pane, double-click the EFORMS REGISTRY folder. Properties.

7 8

10 Right-click the folder you just created and, on the shortcut menu, and click 11 On the properties screen, click the Permissions tab. 12 Click Client Permissions. 13 Click Add. 14 Click a user name for the account that will be the owner of the forms. This
will usually be the Enterprise Vault Service account.

15 Click the Roles down arrow and, in the list, click Owner. 16 Click OK to return to the Properties screen.

Distributing Exchange Server Forms About distributing the Microsoft Exchange forms

155

17 Click OK to close the Properties screen. 18 Close Exchange System Manager.


To create Organizational Forms folders on Exchange Server 2007

Create a new Organizational forms folder, as follows:

Click Start, point to All Programs, click Microsoft Exchange Server 2007, and then click Exchange Management Shell. Run the following command at the Exchange Management Shell prompt:
New-PublicFolder -Path "\NON_IPM_SUBTREE\EFORMS REGISTRY" -Name "Enterprise Vault Forms (English)"

The name given here is just an example. Repeat this command to create a folder for each language that you want to publish.

Check that the public folders are displayed in Outlook:

Use an account that belongs to the Exchange Administrators Group to log on to an Enterprise Vault server that has Outlook 2003 installed. Configure a new mail profile and start Outlook. If the public folder store does not appear within a few seconds, you may need to wait for Exchange Server to update. Alternatively, restart the Exchange Server information store to force an update.

Add the PR_EFORMS_LOCALE_ID property to set language of the forms folder, as follows:

Start the Microsoft Exchange Server MAPI Editor (MfcMapi.exe) from the MFCMAPI folder. Select or create a MAPI profile as necessary. On the Session menu, click Logon and Display Store Table. On the MDB menu, click Open Public Folder Store, and then click OK. Expand Public Root, expand NON_IPM_SUBTREE, and then expand EFORMS REGISTRY. Click the public folder that you created in step 1. For example, click "Enterprise Vault Forms (English)". On the Property pane menu, click Modify Extra Properties. Click Add, and then click Select Property Tag. Click PR_EFORMS_LOCALE_ID in the list, and then click OK.

156

Distributing Exchange Server Forms About distributing the Microsoft Exchange forms

Click OK twice. A red mark is displayed next to the new PR_EFORMS_LOCALE_ID property. Double-click PR_EFORMS_LOCALE_ID. In the Unsigned Decimal box, type the locale ID you require, and then click OK. For example, type 1033 for English, or 1040 for Italian. To determine the locale ID for other locales, visit the following Microsoft Web site: http://msdn2.microsoft.com/en-us/library/aa579489.aspx Select PR_PUBLISH_IN_ADDRESS_BOOK, right click and select Edit Property, clear Boolean and then click OK. Exit MAPI Editor.

Installing the forms


You can install the forms from Microsoft Outlook using a mailbox that has Owner permissions for the folder in the Organization Forms Library. Do this on the computer where you have installed the Microsoft Exchange forms from the Enterprise Vault kit, typically the Enterprise Vault server. Users can access the new forms when they have installed the Enterprise Vault Outlook Add-Ins. To install the forms

1 2 3 4 5 6 7 8 9

On the Outlook Tools menu, click Options. Click the Other tab. Click Advanced Options. Click Custom Forms. Click Manage Forms. On the right-hand side of the dialog box, click the Set button. Click Forms Library and select the name of your forms library. Click OK. Click the Install button. Select the Languages\Forms subfolder in the Enterprise Vault Program folder. you want to install.

10 Select the language folder that is appropriate to the language of the forms 11 Change the Files to type filter to Form Message (*.fdm)

Distributing Exchange Server Forms What next?

157

12 Double-click EVPendingArchive.fdm and review the displayed properties


to check that this is the Enterprise Vault Archive Pending Item.

13 Click OK. 14 Click the Install button. 15 Change the Files to type filter to Form Message (*.fdm). 16 Double-click EVShortcut.fdm and review the displayed properties to check
that this is the Enterprise Vault Shortcut.

17 Click OK. 18 Click the Install button. 19 Change the Files to type filter to Form Message (*.fdm). 20 Double-click EVPendingRestore.fdm and review the displayed properties to
check that this is the Enterprise Vault Restore Pending Item.

21 Click OK. 22 Click the Install button. 23 Change the Files to type filter to Form Message (*.fdm). 24 Double-click EVPendingDelete.fdm and review the displayed properties to
check that this is the Enterprise Vault Delete Pending Item.

25 Click OK.

Using Personal Forms Libraries


By default, the Enterprise Vault Outlook Add-ins automatically deploy forms to the user's Personal Forms Library when no Organizational Forms Library is available. Later, when you set up the Exchange Mailbox Policy in the Enterprise Vault Administration Console, you can use the Outlook policy setting, Deploy Forms Locally, to control the Outlook Add-in behavior. See Automatically deploying Exchange forms locally on page 175.

What next?
You can now use the Enterprise Vault Administration Console to set up Exchange Server mailbox, journal or public folder archiving, as required.

158

Distributing Exchange Server Forms What next?

Chapter

19

Setting up archiving from mailboxes


This chapter includes the following topics:

Vault store and partition Defining archiving policies Adding Exchange Server archiving targets Adding an Exchange Provisioning task Adding an Exchange Mailbox archiving task Reviewing the default archiving settings for the site Using customized shortcuts Controlling the appearance of desktops Editing automatic messages Starting the Task Controller service and archiving task Enabling mailboxes for archiving Installing the Outlook Add-Ins on a server Users tasks

160

Setting up archiving from mailboxes Vault store and partition

Vault store and partition


A vault store and a vault store partition must exist before you enable mailboxes for archiving. After you enable the target mailboxes for archiving, Enterprise Vault automatically creates an archive for each mailbox in the selected vault store. See Creating a default vault store and partition on page 143.

Defining archiving policies


Exchange mailbox policies define how Enterprise Vault archives target Exchange Server mailboxes. You can create different policies for different groups of mailboxes. A default Exchange Mailbox Policy is created in the Administration Console by the configuration wizard. To view and modify the properties of the default Exchange mailbox policy

1 2 3

Expand your Enterprise Vault site. Click Policies > Exchange > Mailbox. Right-click Default Exchange Mailbox Policy in the right pane and select Properties. You can modify the properties of this policy, as required, and also create new policies.

To create a new Exchange mailbox policy

1 2 3 4

In the Administration Console, expand your Enterprise Vault site and then click Policies, Exchange, Mailbox. Right-click the Mailbox container and select New, Policy to launch the new policy wizard. The new policy is displayed in the right pane. To adjust the policy properties, right-click the policy and select Properties.

Mailbox policy settings


This section gives an overview of the various settings available in the Exchange mailbox policy. For more information on each setting, see the online help on the property pages.

Indexing level
On the General page of the properties you can define the required indexing level for the group of mailboxes to which the policy is assigned. The level of indexing defines what users can filter on when searching for archived items. With brief

Setting up archiving from mailboxes Defining archiving policies

161

indexing, only information about the item, such as the subject and author, can be searched. With medium indexing you can also search on the content of each item, excluding phrase searches. Searching content for phrases is only available with full indexing. You can set a default indexing level for the site, in site properties, and then override this in the mailbox policies, for particular groups of mailboxes, or in the archive properties, for particular users.

Archiving Rules tab


Table 19-1 lists the settings on the Archiving Rules tab, with which you can control whether to use size-based archiving or quota-based archiving. Table 19-1 Setting
Young items

Mailbox policy archiving rules Description


The minimum age limit at which items can be archived

Default value
2 weeks

Large items

Whether to archive larger items Not set. before smaller items and, if so, the minimum size of the items that are given priority. Archiving is based on the period of time since an item was modified. The time period is six months. Setting is locked. Not set.

Archiving strategy Whether to archive based on the period of time since an item was modified, or based on the percentage of the mailbox storage limit that is released. Archive messages Archive an item only if it has an with attachments attachment, assuming all other only archiving criteria are met. Note that this is not the same as archiving attachments only. See the Administrators Guide for more details.

Archiving Actions tab


Table 19-2 describes the settings on the Archiving Actions tab, with which you can control how Enterprise Vault behaves when it archives an item.

162

Setting up archiving from mailboxes Defining archiving policies

Table 19-2 Setting


Delete original item after archiving

Mailbox actions Default value


Original item is deleted from mailbox after archiving. Setting is locked.

Create shortcut to After it has been archived, the item in the mailbox is replaced with a archived item after shortcut. archiving Setting is locked. Archive unread items Overall lock Unread items in the mailbox are not archived. Setting is locked. Force users to use the policy settings for mailbox archiving. This locks the settings in the Archiving Actions section and the Archiving Strategy setting on the Archiving Rules tab.

Shortcuts tab
Table 19-3 describes the settings on the Shortcuts tab, with which you can control the size and behavior of Enterprise Vault shortcuts. Table 19-3 Setting
Include recipient information in shortcut

Shortcut settings Description


Whether to store recipient information (To: and Cc: details) in shortcuts. Shortcuts always contain the From and Subject information.

Default value
Shortcuts include recipient information.

Setting up archiving from mailboxes Defining archiving policies

163

Table 19-3 Setting


Shortcut body

Shortcut settings (continued) Description Default value

How much of the message body to None store in shortcuts. Regardless of the setting value, the full message, with attachments, are still stored in the archive. None. None of the message text is stored in the shortcut. Use message body. Shortcuts contain all of the message body text, but no attachments. Customize. Select the amount of text and links that you want included in shortcuts. See Using customized shortcuts on page 171.

When shortcut is opened

Whether double-clicking a Show contents. shortcut displays the contents of the original item or the properties of the shortcut.

The file, ShortcutText.txt, is required if you configure customized shortcuts. You can also use this file to process standard shortcuts for untitled attachments. See Using customized shortcuts on page 171.

Message Classes tab


The list shows the classes of items that will be archived when the policy is applied. Select or clear message class check boxes, as required. If you need to edit the list of available message classes, go to the Message Classes tab of the Directory properties.

Advanced tab
The list shows settings that you can use to tune various settings. These settings are applied by any task that uses this policy. You can create another policy if you require more than one version of these settings.

164

Setting up archiving from mailboxes Defining archiving policies

Table 19-4 Setting


List settings from

Advanced settings Description


Controls the type of settings that are shown in the list. Select the type of setting you want:

Archiving General. Settings that control archiving behavior.

Outlook. Settings that control features and functionality available on user desktop computers. Offline Vault. Settings that control the behavior and availability of the Enterprise Vault offline vault feature. OWA. Settings that control the behavior and availability of Enterprise Vault features in OWA 2007 and OWA 2003 clients. Information about each setting is given in the online help and in the Administrators Guide. Reset All This returns all the settings in the list to their default values. There is a confirmation prompt that asks if you are sure you want to reset all the values. Enables you to change the value for the selected setting. You can also double-click the setting to modify it. A brief description of what each setting controls.

Modify

Description

Targets tab
Later, when you create provisioning groups to add mailboxes as archiving targets, you will assign the required Exchange mailbox policy to each group. The associated provisioning groups will then be displayed in the Targets page of the policy.

Shortcut deletion tab


Shortcut deletion does the following:

Deletes shortcuts that are older than the age you specify on this page. Deletes orphaned shortcuts. These are shortcuts to items that have been deleted, typically by a user, from an archive.

Shortcut Deletion takes place according to the schedule that you define on the Shortcut Deletion tab of the Exchange Mailbox task. Table 19-5 describes the available settings.

Setting up archiving from mailboxes Adding Exchange Server archiving targets

165

Table 19-5 Setting

Shortcut deletion settings Description Default value


Not selected

Delete shortcuts in Setting this makes Enterprise folders Vault delete shortcuts that are older than the age you specify. This does not affect the corresponding archived items. Users can still search for the archived items. For example, you could choose to delete all shortcuts older than 12 months, but retain archived items for several years. Delete orphaned shortcuts This setting makes Enterprise Vault delete shortcuts in mailboxes if the corresponding archived item has been deleted. If you use shortcuts that contain text from the original message, those shortcuts might be useful to users even though the archived items have been deleted. However, deleting large shortcuts will regain space in the Exchange Server store.

Not selected

Adding Exchange Server archiving targets


In the Administration Console you need to add the domain (Exchange Organization) and Exchange Servers that you want to archive.

Adding an Exchange Server domain


Before adding the Exchange Servers that you want to archive, you need to add a container for each of the domains in which the Exchange Servers reside.

166

Setting up archiving from mailboxes Adding Exchange Server archiving targets

To add a domain

1 2

In the left pane of the Administration Console, expand Targets. Right-click Exchange and, on the shortcut menu, click New and then Domain. The New Domain wizard starts

Work through the wizard. You will need the following information:

The name of the domain containing the Exchange Servers that you want to archive. Enterprise Vault attempts to find the Global Catalog automatically. This is recommended. However, you can optionally specify a Global Catalog server, if required.

Adding an Exchange Server


You can now add your target Exchange Servers to the appropriate domain. To add an Exchange Server

1 2 3

In the left pane of the Administration Console, expand Targets. Expand the Exchange domain that you added. Right-click Exchange Server and, on the shortcut menu, click New and then Exchange Server. The New Exchange Server wizard starts.

Work through the wizard to add the Exchange Server. You need the following information:

The name of the Exchange Server. Optionally, the wizard enables you to create Exchange Server archiving tasks for user mailboxes, journal mailboxes and public folders. If you create an Exchange Mailbox task, there must also be an Exchange Provisioning task for the domain. If one does not exist, an Exchange Provisioning task for the domain is created automatically when you select the Exchange Mailbox task check box. The name of the Enterprise Vault server on which you want the tasks created, if not the local computer. The name of the system mailbox to be used to connect to the Exchange Server. See The Enterprise Vault system mailbox on page 59.

Setting up archiving from mailboxes Adding Exchange Server archiving targets

167

Adding a Provisioning Group


A provisioning group enables you to apply an Exchange Mailbox policy and a PST Migration policy to individual users or to a group of Exchange Server users. You can have a single provisioning group, comprising the whole Exchange Server organization, or multiple provisioning groups, if you want to assign different policies to different groups of users. You can select the mailboxes to be associated with a provisioning group using any of the following:

Windows group Windows user Distribution Group (the Active Directory Group type, Distribution) Organizational Unit LDAP query Whole Exchange Server organization

Note: A mailbox must be part of a provisioning group before you can enable that mailbox for archiving. Provisioning groups are processed, and mailboxes enabled by the Exchange Provisioning Task. To add a Provisioning Group

1 2 3

In the left pane of the Administration Console, expand Targets. Expand the Exchange domain that you added. Right-click Provisioning Group and, on the shortcut menu, click New and then Provisioning Group. The New Provisioning Group wizard starts.

Work through the wizard to add a Provisioning Group. You need the following information:

The domain containing the Exchange Servers that you want to archive. The Exchange Mailbox and PST Migration policies to apply The default retention category to apply, when archiving from the mailboxes. The wizard enables you to create a new retention category, if required.

168

Setting up archiving from mailboxes Adding Exchange Server archiving targets

Whether you want Enterprise Vault to enable new mailboxes for archiving automatically. A new mailbox is one that is new to Enterprise Vault. When you first start using Enterprise Vault, all the mailboxes are new. With auto-enabling set, all existing mailboxes are enabled when the Exchange Mailbox Task next runs. All mailboxes created in the future will also be enabled and the associated archives automatically created. You can use the Disable Mailbox wizard to explicitly disable individual mailboxes. This prevents the mailbox being enabled automatically, so the mailbox is never archived unless you choose to enable it. If auto-enabling is selected, whether to initially suspend archiving. This means that archiving of the mailbox does not start until the user enables it. This gives the users the opportunity to change archiving defaults, if required, before archiving begins. The default vault store in which the mailbox archives are to be created by Enterprise Vault. If mailboxes in the provisioning group are automatically-enabled for archiving, the vault store will be used for any future mailboxes added to the provisioning group. If you do not explicitly set the vault store for the provisioning group, the default vault store setting is inherited from the Exchange Server properties. If the vault store is not specified in the Exchange Server properties, then the setting in the Enterprise Vault server properties is used. The default Indexing Service that will be used for mailboxes in the provisioning group that are automatically-enabled for archiving. If you do not explicitly set the Indexing Service for the provisioning group, the default Indexing Service setting is inherited from the Exchange Server properties. If the Indexing Service is not specified in the Exchange Server properties then the setting in the Enterprise Vault server properties is used.

Ordering Provisioning Groups


If you create multiple Provisioning Groups, the order in which they are listed is significant; the groups are processed from the top of the list down. Mailboxes that appear in more than one Provisioning Group use the settings from the first group in which they appear. Ensure that the most specific group is at the top of the list and the least specific is at the bottom.

Setting up archiving from mailboxes Adding an Exchange Provisioning task

169

To reorder Provisioning Groups

1 2

In Administration Console tree, right-click the Provisioning Group container and select Properties. Use Move Up and Move Down buttons to rearrange the groups.

Adding an Exchange Provisioning task


An Exchange Provisioning task is required for each Exchange Server domain. This task enables mailboxes in the provisioning groups that you have created. You can add an Exchange Provisioning task manually, as described in this section, or you can let Enterprise Vault add one automatically when you add the first Exchange Mailbox archiving task. You are recommended to run the Exchange Provisioning task as the Vault Service account. If you want to use a different account, the account will need to be added to the Messaging Administrator role. In addition, use Exchange System Manager to delegate the Exchange View Only administrative permissions to the account that the task will use. You must do this for each Administrative Group or each Exchange Server in the domain that will be processed by the task. This enables the task to read mailbox store information from Active Directory. To add an Exchange Provisioning task manually

1 2 3 4

In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers. Expand the name of the computer on which you want to create a provisioning task. Right-click Tasks and, on the shortcut menu, click New and then Exchange Provisioning Task. The new task wizard starts.

Work through the wizard. You will need the following information:

The name of the Exchange Provisioning task

170

Setting up archiving from mailboxes Adding an Exchange Mailbox archiving task

The name of the Exchange Server domain to be processed

To review the property settings for the task, double-click the task in the right-hand pane. You can modify properties such as the task schedule, the level of reporting required and whether to run the task in report mode. Whenever new mailboxes are added, they must be processed by the Exchange Provisioning task before they can be enabled.

Adding an Exchange Mailbox archiving task


Before you add an archiving task, ensure that the Enterprise Vault system mailbox is available. See The Enterprise Vault system mailbox on page 59. To add an Exchange Mailbox archiving task

1 2 3 4

In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers. Expand the name of the computer on which you want to create an archiving task. Right-click Tasks and, on the shortcut menu, click New and then Exchange Mailbox Task. The new task wizard starts.

Work through the wizard. You will need the following information:

The name of the Exchange Server to be archived The Enterprise Vault system mailbox to use

If an Exchange Provisioning task does not exist for the domain, then one will be created automatically.

Reviewing the default archiving settings for the site


Check the default settings configured in the Enterprise Vault site properties. To review the site archiving settings

1 2 3

In the Administration Console, right-click your Enterprise Vault site. On the shortcut menu, click Properties. Site properties include the following settings. Note that you can override some of these at a lower level. For example, you can override the site archiving

Setting up archiving from mailboxes Using customized shortcuts

171

schedule for a particular task by setting the schedule in the task properties. The indexing level can also be set at policy level and the default retention category can be set at provisioning group or policy level.
General

The site name and description. The URL to use for the Web Access application. PST holding area details. A system message for users, if required. A system message for administrators, if required. The default retention category. The default indexing level. Whether users can delete items from their archive. Whether users can recover deleted items. The schedule for running storage expiry to delete from archives any items that are older than the retention period assigned. If required, you can set limits on the size of archives.

Archive Settings

Storage Expiry

Archive Usage Limit Site Schedule Monitoring

The schedule for running automatic, background archiving. Performance counters for monitoring Enterprise Vault.

Click Help on any of the site properties screens for further information.

Using customized shortcuts


The standard Enterprise Vault shortcuts do not work well with IMAP or POP3 clients. If you have users with such clients, you can choose to use custom shortcuts that can be viewed by any client that can render HTML content, such as Outlook Express. Custom shortcuts should be used for Entourage clients on MAC computers. In a new installation of Enterprise Vault, a default shortcut contains the following:

From and Subject information. Recipient information: To, CC, BCC. A banner containing a link to the complete archived item. No text from the message body. No list of attachments or links to attachments

172

Setting up archiving from mailboxes Using customized shortcuts

You can change the settings so that shortcuts contain just as much information as you require. If you have users with IMAP, POP3 or Entourage clients, you probably want to customize shortcuts so that they contain links to archived attachments, because this enables the users to open attachments. Note that the changes you can make apply to shortcuts that are generated in the future, not to shortcuts that have already been created. Details of custom shortcut content are held in the file, ShortcutText.txt, in the Enterprise Vault folder (typically C:\Program Files\Enterprise Vault). On a new installation, an English version of this file is placed in the Enterprise Vault folder. Language versions of the file are available in the language folders under Enterprise Vault\Languages\ShortcutText. Note that this file may also be used to process untitled attachments in standard shortcuts. To define custom shortcut content

1 2

Locate the required language version of the ShortcutText.txt file (under Enterprise Vault\Languages\ShortcutText). Open ShortcutText.txt with Windows Notepad. and make any required changes to the file. See Layout of ShortcutText.txt on page 173.

3 4 5 6

Save the file as a Unicode file. Copy the file to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault). Copy the file to the Enterprise Vault program folder on all other Enterprise Vault servers in the Enterprise Vault site. Restart the Exchange Server archiving tasks (for mailboxes or public folders or both) to pick up the changes.

To apply the new content to new shortcuts

1 2 3 4

Start the Administration Console and go to the Shortcuts tab in the Exchange Mailbox Policy properties. Select Customize and then specify which options you want. Click Help on the tab for more information. Open the properties window for the Exchange Mailbox archiving task and click the Synchronization tab. Synchronize the Archiving settings for the required mailboxes.

Setting up archiving from mailboxes Using customized shortcuts

173

Layout of ShortcutText.txt
ShortcutText.txt is laid out using the standard Windows .ini file format: [Section] Item1="value1" Item2="value2"

You can change any of the values within the file. Remember to enclose each value in quotes. For example:
"IPM.Task=This task has been archived. "

The sections within ShortcutText.txt are as follows:


[Archived text] The entries in this section are displayed in the banner at the top of the shortcut. The entry used for the shortcut is the one that matches the archived items message class. For example, shortcuts to items with message class IPM.Note contain the text This message has been archived. Values in this section all have a space before the final quote. This separates the text from the link text. [Link] The entry in this section specifies the text in the banner that is a link to the archived item.

[Attachment table] The Title entry in this section specifies the text immediately before the list of attachments. The DefaultItemTitle entry is used to label any attachments that have no title of their own.

Figure 19-1 shows how the definitions in these sections affect a shortcut.

174

Setting up archiving from mailboxes Controlling the appearance of desktops

Figure 19-1

Structure of a shortcut

Controlling the appearance of desktops


You can customize the Enterprise Vault Add-Ins using the Outlook settings on the Advanced property page of the Exchange Mailbox Policy. The settings are described in detail in the Administrators Guide. After modifying the settings, you need to synchronize the mailboxes using the Synchronize button in the Exchange Mailbox task properties. You can reverse the changes at any time. Using the advanced policy settings, you can selectively change or remove Enterprise Vault functionality available to users in their Outlook client. The following options are included in these settings:

Automatically deploy Exchange forms for Enterprise Vault to the user's Personal Forms Library. Show or hide Enterprise Vault buttons and menu options, such as Archive Explorer, Search vaults, Store in vault and Restore from vault. Show or hide the Delete From Vault button.

Setting up archiving from mailboxes Editing automatic messages

175

Customize deletion behavior when the user deletes a shortcut. Permit or deny user access to the Enterprise Vault properties on Outlook folders and mailbox items. Enable users to search their offline or online archive using Windows Desktop Search.

Automatically deploying Exchange forms locally


Instead of deploying the Exchange forms for Enterprise Vault using Exchange Organizational Forms Library, you can use the Outlook setting, Deploy Forms Locally, to deploy the forms automatically to the user's Personal Forms Library. The possible values for this setting are as follows:

Never: Never deploy forms locally. When no Org Forms: This is the default. Deploy forms only when there is no Organizational Forms Library available. Always: Always deploy forms locally. Delete: Always delete Enterprise Vault forms from the user's Personal Forms Library.

See About distributing the Microsoft Exchange forms on page 153.

Editing automatic messages


Enterprise Vault sends automatic messages to users when their mailbox is enabled for archiving. Optionally, you can configure Enterprise Vault to send an automatic warning when a users archive is reaching the maximum size, if you have set a limit. Example messages are installed, but you need to customize the text for your organization.

Editing the Welcome message


When Enterprise Vault enables a mailbox for archiving, it automatically sends a Welcome message to that mailbox. The Welcome message provides basic information for users on how to get help and what to expect. You must edit this message before it is sent to reflect how you have set up Enterprise Vault. During the installation, the Welcome message is placed in a folder beneath the Enterprise Vault program folder:

176

Setting up archiving from mailboxes Editing automatic messages

Enterprise Vault\Languages\Mailbox Messages\lang

where lang indicates the language used. The Welcome message is in a file called EnableMailboxMessage.msg. To set up the Welcome message

1 2 3

Decide which language version of EnableMailboxMessage.msg you want to use and locate the file. Using a computer that has Microsoft Outlook installed, double-click the file EnableMailboxMessage.msg in Windows Explorer to edit the message. Review the text and make any changes that you require. If necessary, include instructions to users about how to install the Enterprise Vault Add-Ins on their computers. Save the message. Copy EnableMailboxMessage.msg to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault) on every Enterprise Vault server in the site.

4 5

Editing Archive Usage Limit messages


You can set a maximum allowed size for users archives on the Archive Usage Limit page of Site Properties. On the same page, you can specify if you want messages sent to users who are approaching or have reached their archive limit. For those approaching their limit, you can also define the point at which you want the message sent. If you have selected either of the User Notification check boxes, you need to make the appropriate messages available to all the Enterprise Vault servers in the site. During the installation the archive limit warning messages are placed in a folder beneath the Enterprise Vault Program folder:
Enterprise Vault\Languages\Mailbox Messages\lang

where lang indicates the language used. The message files are called ApproachingArchiveQuotaLimit.msg and ArchiveQuotaLimitReached.msg.

Setting up archiving from mailboxes Starting the Task Controller service and archiving task

177

To set up the archive limit warning messages

Decide which language version of the messages you want to use and locate the files, ApproachingArchiveQuotaLimit.msg and ArchiveQuotaLimitReached.msg. Using a computer that has Microsoft Outlook installed, double-click the files in Windows Explorer to open the messages. Review the text and make any changes that you require. Save the messages. Copy the two message files to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault) on every Enterprise Vault server in the site.

2 3 4 5

Starting the Task Controller service and archiving task


The Task Controller service and archiving task that you created have not yet been started. These must be started before you can enable mailboxes. The default is for archiving tasks to start automatically when the Task Controller service starts. To start the Task Controller service and archiving task

1 2 3 4 5

In the left pane of the Administration Console, expand the Enterprise Vault Servers container. Expand the computer to which you added the Task Controller service and then click Services. In the right pane, right-click Enterprise Vault Task Controller Service and, on the shortcut menu, click Start. In the left pane, click Tasks and ensure that the Exchange Mailbox archiving task has started. The task will run automatically at the times that you have scheduled. You can also force an archiving run by using the Run Now option, which is available on the Schedule properties page and on the menu when you right-click the task.

Enabling mailboxes for archiving


Before new mailboxes can be enabled, they must be processed by the Exchange Provisioning task. On a default system, this task will run once a day. On the task properties, you can schedule the task to run twice a day at specific times. You can

178

Setting up archiving from mailboxes Enabling mailboxes for archiving

also force a run to process new mailboxes that have been added to provisioning groups. After Exchange Server mailboxes have been processed by the Provisioning task, they need to be enabled. This can be done automatically, when the Exchange Mailbox task runs, or manually. When an Exchange Server mailbox is enabled, a new archive is created for the mailbox in the vault store specified for the Provisioning Group. An archive has an associated account that is used for billing purposes, and one or more users who can access the information stored in it. To force the Exchange Provisioning task to process mailboxes

1 2 3 4

In the left pane of the Administration Console, expand Enterprise Vault Servers, and then your Enterprise Vault server. Click Tasks. In the right-hand pane, right-click the Exchange Provisioning task and select Properties. Check that the reporting level is as you require. Full reporting will list each mailbox that is processed, the provisioning group, Mailbox and PST policies assigned the username associated with the mailbox and the action taken. Summary statistics about the task run are included at the end of the report. You can configure the task to generate reports when the task is run in both report or normal mode.

5 6 7

In the right-hand pane, right-click the Exchange Provisioning task and select Run now. Select whether you want the task to run in report or normal mode. The task will then start processing the mailboxes in the provisioning groups. If you selected the option for mailboxes to be enabled for archiving automatically, they will be enabled the next time the Exchange Mailbox task runs. If you did not select the option to enable new mailboxes automatically, you must enable them manually.

To enable one or more mailboxes manually

In the Administration Console, click Enable Mailbox on the Tools menu or click the Enable Mailboxes for Archiving icon on the toolbar. The Enable Mailbox wizard starts.

Follow the instructions, and click Help on any of the wizard screens for further information.

Setting up archiving from mailboxes Installing the Outlook Add-Ins on a server

179

Creating shared archives


There may be times when you want to create extra archives that can be shared by a number of users. For example, you may want to archive all documentation concerning a particular project in the same archive. You create the shared archive manually and then set permissions on the archive to give each of the users access to it. You can add or remove users at any time. Note that shared archives do not contain folders. To create an archive manually

1 2 3 4

Start the Enterprise Vault Administration Console. In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until the Archives container is visible. Expand the Archives container to display the various archive types. Right-click Shared and then click New > Archive. The New Archive wizard starts.

Answer the wizard's questions to create the archive. You will be asked to provide the following information:

The vault store for the archive Indexing service and indexing level to use Billing account

To set access permissions on the shared archive

1 2 3 4 5

In the left pane, expand the Enterprise Vault site hierarchy until the Archives container is visible. Expand the Archives container, and click Shared. In the right pane, double-click the name of the archive that you want to modify. Right-click the archive you want to change and then click Properties. Modify the permissions as required.

Installing the Outlook Add-Ins on a server


There is no requirement for you to install the Enterprise Vault Add-Ins on an Enterprise Vault Server.

180

Setting up archiving from mailboxes Users tasks

Users tasks
If you have set automatic enabling of mailboxes in the Provisioning Group, and you have chosen to initially suspend archiving, users must manually enable automatic archiving for their mailboxes. Instructions on how to turn on archiving for a mailbox are given in the online Enterprise Vault help in Outlook and also included in the Welcome message. How users turn on automatic archiving for their mailbox

1 2 3 4

Open Outlook. In the folder list view, right-click the Mailbox and then click Properties. Click the Enterprise Vault tab. Clear Suspend Enterprise Vault archiving for this mailbox.

Chapter

20

Setting up users desktops


This chapter includes the following topics:

Outlook Add-Ins Making the HTTP-only Self-Installing Outlook Add-In available Forcing Outlook synchronize forms Getting users started What next?

Outlook Add-Ins
The following Enterprise Vault Add-Ins are available:

Outlook Add-In These extensions are available as an Microsoft Windows Installer (MSI) kit, and provide the full Enterprise Vault client functionality. Installer kits for the supported languages are located under Enterprise Vault 2007\Outlook Add-Ins\Outlook Add-In on the Enterprise Vault distribution media. HTTP-only Outlook Add-In These extensions are available as an Microsoft Windows Installer (MSI) kit, and provide the same functionality as the Outlook Add-In extensions, with the exception of access to Enterprise Vault properties on folders, and selecting the archive and retention category when archiving an item manually. Installer kits for the supported languages are located under Enterprise Vault 2007\Outlook Add-Ins\HTTP-only Outlook Add-In. HTTP-only Self-Installing Outlook Add-In These extensions are available as cab and html files. You can set up a web link that installs the files automatically when a user clicks the link. The extensions

182

Setting up users desktops Outlook Add-Ins

provide the same functionality as the HTTP-only Outlook Add-In, with the exception of Windows Desktop Search (WDS) support, which is not included. Files for the supported languages are located under Enterprise Vault 2007\Outlook Add-Ins\HTTP-only Self-Installing Outlook Add-In\xx where xx denotes the language. If Outlook users access Exchange Server 2003 using RPC over HTTP, you will also need to configure Enterprise Vault access on the Exchange Server using the Enterprise Vault RPC server extensions. With Exchange Server 2007, Enterprise Vault server extensions are not required for RPC over HTTP connections. See About configuring RPC over HTTP access on page 261. Before users have access to Enterprise Vault features from within their Outlook, the Add-Ins must be installed on each desktop computer. There are various ways of distributing the Add-Ins. You could, for example, use one of the following methods:

Send users a shortcut to the required MSI kit. See Shortcut to the Setup file in the Welcome message on page 184. Deploy the MSI kit to desktop computers using a software distribution application, such as Systems Management Software (SMS) or Active Directory Group Policy. See Publishing the Add-Ins in Active Directory on page 184. Make the HTTP-only Self-Installing Outlook Add-In available from a link on a Web page, so that they can be installed automatically. See Making the HTTP-only Self-Installing Outlook Add-In available on page 185.

Windows Desktop Search plug-in


A plug-in for Windows Desktop Search is included in Outlook Add-In and HTTP-only Outlook Add-In. Using advanced settings in the Exchange Mailbox Policy, you can enable users to search their offline archive from Windows Desktop Search. Additionally, buttons or menu options can be added to Windows Desktop Search and MSN Search Toolbar to enable users to search their online archive. Note that Windows Desktop Search, and optionally, MSN Search Toolbar, must be installed on the desktop computers before you install the Enterprise Vault Add-Ins. The plug-in is not enabled by default when the extensions are installed.

Setting up users desktops Outlook Add-Ins

183

To enable offline archive users to search their offline archive

1 2 3 4 5

In the Administration Console, open the Advanced properties page of the Exchange Mailbox Policy. Select Offline Vault settings from the drop-down list. Set WDS search auto-enable to Force on. On the Synchronize page of the Exchange Mailbox task properties, synchronize the user mailboxes. When users next start Outlook, the policy changes are implemented. Users can then start Windows Desktop Search indexing items in their offline vault. See Configuring Windows Desktop Search on page 190. Note that to use Windows Desktop Search to search their offline archive, users do not require Administrator privileges on their desktop computer.

Enabling searches of online archives using Windows Desktop Search


The recommended way to enable offline archive searching is using the WDS Search Auto-enable setting in the Exchange Mailbox Policy. Alternatively, you can enable the plug-in during installation by including the command line parameter ACTIVATE_WDS_PLUGIN=1. Note that this command line switch is case-sensitive. For example, the command line for a silent install would be the following:
msiexec /I path_to_installer ACTIVATE_WDS_PLUGIN=1 /qn

where path_to_installer is the path to the required language version of the Enterprise Vault Outlook Add-In and HTTP-only Outlook Add-In MSI file. To enable searches of online archives using Windows Desktop Search

1 2 3 4

To be able to use this feature, users must have Administrator privileges on their desktop computers. In the Administration Console, open the Advanced properties page of the Exchange Mailbox Policy. Select Outlook settings from the drop-down list. Set WDS integration to Full or Partial. You can also modify the settings WDS button and menu name and WDS search application to suit. For full details of these settings, see the online help or the Administrators Guide.

184

Setting up users desktops Outlook Add-Ins

5 6

On the Synchronize page of the Exchange Mailbox task properties, synchronize the user mailboxes. When users next start Outlook, the policy changes are implemented. When they start Windows Desktop Search, users will see either a button or an option in the Locations menu for searching their online archive. If MSN Search Toolbar is installed, the online archive option is also added to the drop-down search locations menu.

Shortcut to the Setup file in the Welcome message


A common method of distributing the Outlook Add-In or HTTP-only Outlook Add-In is to place a shortcut to the MSI file into the Welcome message that is automatically sent to each enabled mailbox. Users can then click the shortcut to install the Add-Ins. Instructions on how to insert the shortcut into the Welcome message are included in the Welcome message itself. See Editing automatic messages on page 175. Note: The user must have local administrator permissions on their computer to perform the installation.

Publishing the Add-Ins in Active Directory


This section describes the steps to publish the the Outlook Add-In or HTTP-only Outlook Add-In using Active Directory Group Policy. To publish in Active Directory

1 2 3 4 5 6 7

Copy the appropriate MSI file from the Enterprise Vault distribution media to the network share from which you want it to be distributed: Click Start, Programs, Administrative Tools, Active Directory Users and Computers. In the left panel, navigate to the Organizational Unit to which you want to make the Add-Ins available. Right-click the Organizational Unit and, on the shortcut menu, click Properties. Click the Group Policy tab. Click New. Enter a name for the new Group Policy Object, for example, "EV Desktop Rollout".

Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available

185

8 9

Click Edit. The Group Policy window appears. In the left pane, under Computer Configuration, expand Software Settings. then Package.

10 Right-click Software installation and, on the shortcut menu, click New and 11 Type in the UNC path of the MSI file that you copied in step 1, for example,
\\mycomputer\distribute, and then click Open.

The Deploy Software window opens.

12 Select Assigned and click OK.


The new package appears in the list of software installations.

13 Close the Group Policy window.


The new package will be installed when each users computer is restarted.

Making the HTTP-only Self-Installing Outlook Add-In available


If you intend to distribute the HTTP-only Self-Installing Outlook Add-In through a Web page, note that users without local Administrator permissions cannot install them because they are not allowed to install ActiveX controls from a Web page. In this case, you must publish the HTTP-only Self-Installing Outlook Add-In in Active Directory. See Enabling the installation of HTTP-only Self-Installing Outlook Add-Ins on page 189. The following sections describe how to distribute this Add-In through a Web page. In summary, the process is as follows:

Place the language folder you want to use into an IIS Virtual Directory. Edit the Enterprise Vault Archived Item form to enable the automatic installation of the HTTP-only Self-Installing Outlook Add-In. By default, this is not enabled. Edit the Enterprise Vault Archived Item form to add the URL of the HTTP-only Self-Installing Outlook Add-In files. Check that the edited form works correctly. Publish the edited form in the Organizational Forms Library.

186

Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available

Copying the files


Different language versions of the files for the HTTP-only Self-Installing Outlook Add-In are located on the distribution media under Enterprise Vault 2007\Outlook Add-Ins\HTTP-only Self-Installing Outlook Add-In\xx where xx denotes the language. Copy *.cab and *.htm files from the language folder to a suitable IIS Virtual Directory from which users can download. Alternatively, create a new IIS Virtual Directory that points to the folder above the language folder in the hierarchy. Do not create the Virtual Directory so that it points to the language folder itself. For example, if the language folder is as follows:
D:\Enterprise Vault\Forms\en

then make the Virtual Directory point to the following:


D:\Enterprise Vault\Forms

If you are implementing an Enterprise Vault building blocks solution, create the same Virtual Directory on each of the Enterprise Vault servers and copy the files to those Virtual Directories. This ensures that, in the event of a fail-over, the Add-In files will still be available for download.

Editing the archived item form


You must edit the Archived Item form so that it includes a pointer to the IIS Virtual Directory that contains the language folder with the downloadable files. Once you have edited the form you need to install it in the Organizational Forms Library, so you must use an account that has Owner permissions on the Organizational Forms folder. You can install the form from Microsoft Outlook using a mailbox that has Owner permissions for the folder in the Organizational Forms Library. To edit the form

1 2 3 4 5 6

On the Tools menu, click Options. Click the Other tab. Click Advanced Options. Click Custom Forms. Click Manage Forms. On the left-hand side of the dialog box, click the Set button.

Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available

187

7 8 9

Click Forms Library and select the Organizational Form Library folder that you created earlier, in About distributing the Microsoft Exchange forms. On the right-hand side of the dialog box, click the Set button. Click Forms Library and select Personal Forms.

10 In the list of Organizational Forms, select Enterprise Vault Archived Item. 11 Click Copy.
The Archived Item form is copied to your Personal Forms library.

12 Click Close and then exit from all the dialog boxes. 13 On the Outlook Tools menu, click Forms and then Design a Form. 14 Next to Look In, select Personal Forms Library. 15 Click Enterprise Vault Archived Item. 16 Hold down the Shift key and click Open.
The form opens, ready for you to make changes.

17 In Outlook 2007, click View Code. In Outlook 2003, click View Code on the
Form menu.

18 Scroll down the form to the Enterprise Vault Administrator section. 19 Find the following line:
Const USE_SELF_INSTALLING_USER_EXTENSIONS=False

20 On this line, change False to True:


Const USE_SELF_INSTALLING_USER_EXTENSIONS=True

21 Find the following line:


Const DOWNLOAD_URL = "http://yourdomainhere"

188

Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available

22 On this line, change the URL so that it points to the IIS Virtual Directory that
contains the language folder with the downloadable files. For example, if the full URL of the folder that the files are in is:
http://server.mydomain.com/EVextensions/en

then you would shorten the URL to:


http://server.mydomain.com/EVextensions

See also the example below.

23 On the form toolbar, click the Publish Form icon.


The form is saved in your Personal Forms Library. For example, if the downloadable files are in D:\Enterprise Vault\Forms\en then you can create a new IIS Virtual Directory Downloadable that maps to D:\Enterprise Vault\Forms. When editing the form, DOWNLOAD_URL becomes:
DOWNLOAD_URL="http://server.mydomain.com/Downloadable/"

Testing the edited form


In order to test the form, you need a shortcut to an archived item and a computer that does not have the Add-Ins installed. If the computer has been used to open shortcuts before it will have a cached version of the Archived Item form. If this is the case, do the following:

Close Outlook. Delete the Outlook file FRMCACHE.DAT. This is normally in C:\WINNT\forms\. Start Outlook.

Double-click a shortcut to an archived item. A message gives you the option of downloading the HTTP-only Self-Installing Outlook Add-In. Click Yes to download and install the software.

Publishing the edited form


You must publish the edited form in the Organizational Forms library.

Setting up users desktops Making the HTTP-only Self-Installing Outlook Add-In available

189

To publish the edited form

1 2 3 4 5 6 7 8 9

On the Tools menu, click Options. Click the Other tab. Click Advanced Options. Click Custom Forms. Click Manage Forms. On the left-hand side of the dialog box, click the Set button. Click Forms Library and select Personal Forms. On the right-hand side of the dialog box, click the Set button. Click Forms Library and select Organizational Forms.

10 In the list of Personal Forms, select Enterprise Vault Archived Item. 11 Click Copy.
The Archived Item form is copied to the Organizational Forms library.

Enabling the installation of HTTP-only Self-Installing Outlook Add-Ins


If you intend to distribute the HTTP-only Self-Installing Outlook Add-Ins through a Web page, Windows Server 2003 and Windows 2000 users without local Administrator permissions cannot install them because they are not allowed to install ActiveX controls from a Web page. See the following Microsoft support articles for more information on publishing ActiveX controls in Windows 2000:

How to Publish ActiveX Controls in Windows 2000 Using IntelliMirror (http://support.microsoft.com/?kbid=241163) HOWTO: Install ActiveX Controls in Internet Explorer Using the Active Directory (http://support.microsoft.com/?kbid=280579)

Note that, to permit the installation of the Self-Installing Outlook Add-Ins, each users Windows Server 2003 or Windows 2000 computer must have a registry value with a name of UseCoInstall under the following registry key:
HKEY_LOCAL_MACHINE \Software \Microsoft \Windows \CurrentVersion \Internet Settings \UseCoInstall

190

Setting up users desktops Forcing Outlook synchronize forms

UseCoInstall can be any type of value and can contain any or no data.

Forcing Outlook synchronize forms


If an Outlook user has enabled Use Cached Exchange Mode, then by default Outlook forms are not synchronized. This results in Enterprise Vault icons not being displayed for archived items. To make Outlook synchronize forms

1 2 3 4 5 6 7

Start Outlook. Click Tools > Send/Receive > Send/Receive Settings. Click Define Send/Receive Groups. Select All Accounts Online and Offline and click Edit. Select Synchronize Forms. Exit from Outlook and then restart it. Open an archived item. This automatically installs the forms.

Getting users started


You should ensure that users know how to install the Enterprise Vault Outlook Add-Ins, if necessary, using one of the methods described in this chapter, and how to use Enterprise Vault. Users browsers must have Java scripting enabled. If you want users to be able to launch Archive Explorer or archive Search in a standalone browser, you will need to tell them the URL to use. You could include this information in the Welcome message. See Editing automatic messages on page 175. If you are making Microsoft Exchange Forms for Enterprise Vault available using Organizational Forms Library, ensure that the forms have been installed on all Microsoft Exchange Server computers that are being processed by Enterprise Vault. See About distributing the Microsoft Exchange forms on page 153.

Configuring Windows Desktop Search


If you have enabled the Enterprise Vault plug-in for Windows Desktop Search, then users can use Windows Desktop Search to search their offline archive or

Setting up users desktops What next?

191

their online archive (depending on the settings that you have configured in the Exchange Mailbox Policy). Before they can do this, they need to start Outlook and the Windows Desktop Search. They can use the following steps to check that the offline archive is configured in Windows Desktop Search indexing, and force Windows Desktop Search to index archived items. To check that offline vault is included in Windows Desktop Search

On the desktop computer, right-click Windows Desktop Search in the icon tray and select Desktop Search Options. (Alternatively, you can access Desktop Search Options from the Views icon in the Windows Desktop Search menu bar.) Select Custom folders and email locations and click Browse. In the Locations dialog, ensure that the evoffline entry is selected. Click OK. Click OK to close Windows Desktop Search options. When the computer is idle, Windows Desktop Search will update the index to include items in the offline archive. If required, you can force the Windows Desktop Search to update the index.

2 3 4 5 6

To force the index to update

1 2 3

Right-click Windows Desktop Search in the icon tray and select Index Now. Indexing will begin and may take some time if you have a large offline archive. Select Index Status to check if indexing of offline archive items is finished.

What next?
You should now have a fully functioning Enterprise Vault system. You may find over time that you need to change some of the properties of Enterprise Vault to suit your requirements. For details about these and any other features of Enterprise Vault, refer to the online Help.

192

Setting up users desktops What next?

Chapter

21

Offline archives for offline users


This chapter includes the following topics:

About this chapter How the offline archive works Offline archive without Archive Explorer Offline archive with Archive Explorer Setting up offline archives

About this chapter


The Enterprise Vault client can maintain a personal, offline archive for offline workers. These are users with offline folder files (.OST files) on their local disks, who use Outlook to synchronize their online and offline folders. The offline archive does the following:

Provides instant access to archived items, even when the user is not connected to your corporate network. Is in addition to, not instead of, the normal, online archive. Works with both mailbox folders and public folders. Is useful to mobile users who use laptop computers. Such users are often used to synchronizing their offline and online folders. May be useful in normal offices if you need to conserve bandwidth or improve performance, because the retrieval of an archived item all takes place on the local computer.

194

Offline archives for offline users How the offline archive works

How the offline archive works


The offline archive works in one of the following ways, depending on whether the user has access to Archive Explorer:

If the user does not have access to Archive Explorer, the offline archive relies on the user having shortcuts to archived items. When the user opens a shortcut, the Enterprise Vault client opens the copy of the archived item that is in the offline archive, rather than attempting to open the version archived online in the user's archive. If the item is not available in the offline archive the client gives the user the choice of downloading the item immediately or later. This mechanism means that the offline archive contains only items that were archived from one of the folders that the user synchronizes using Outlook synchronize; other folders are ignored. If the user has Archive Explorer, offline archive does not rely on shortcuts. Instead, the Enterprise Vault client downloads all items that are in the online archive.

This mechanism means that the offline archive contains a copy of everything that is in the online archive, regardless of which folder it was archived from.

Offline archive without Archive Explorer


When a user who does not have Archive Explorer starts Outlook in offline mode, the following happens:

A short while after Outlook starts, the Enterprise Vault client automatically begins checking through the offline folders, looking for the following:

Enterprise Vault shortcuts. If the corresponding items are not in the offline archive the client adds them to its download list. Items that will be archived from the mailbox fairly soon. These items are copied into the offline archive so that they will already be there when the items become shortcuts in the user's mailbox. These items have already been downloaded by the user as part of the Outlook synchronize, so the copy takes place on the users computer with no further download required.

When the Exchange mailbox items are archived and change to shortcuts, the next Outlook synchronize would delete the corresponding items from the local computer. Because the Enterprise Vault client has already taken copies, the items are available in the offline archive. When the user opens a shortcut in an offline folder, the Enterprise Vault client automatically opens the copy that is in the offline archive. If the item is not in the offline archive, the user is given the option of downloading it

Offline archives for offline users Offline archive with Archive Explorer

195

immediately, or later. If the user chooses later, then item is added to the download list with a high priority.

At some time, a download is started to update the offline archive. This is something that can be done at a time to suit the user, such as immediately after the normal Outlook synchronize. The download to the offline archive can be automatic or can be started by the user. If they want, users can change the order in which items are downloaded. They can also select individual items from the download list and download just those. The remaining items on the list will be downloaded when the user next does a full update of the offline archive.

Offline archive with Archive Explorer


When a user who does have access to Archive Explorer starts Outlook in offline mode, then a short while after Outlook starts, the Enterprise Vault client automatically does the following:

Copies into the offline archive items that will soon be archived in the online archive. The copy takes place on the users computer with no further download required. Obtains a list of all items that need to be downloaded in order to bring the offline archive up to date and downloads them. The download to the offline archive can be automatic or can be started by the user.

If they want, users can change the order in which items are downloaded. They can also select individual items from the download list and download just those. The remaining items on the list will be downloaded when the user next does a full update of the offline archive. If a user has Outlook 2003 running in Exchange Cached Mode, items can be downloaded automatically at any time while there is a connection to Exchange Server. In order to do this, the user must have selected Download items automatically when online in Offline Vault Options.

Setting up offline archives


There are many settings that you can use to control the behavior of Enterprise Vault clients with offline archives. The Enterprise Vault clients automatically determine the site settings and work accordingly. However, if you need to modify any particular behavior, you can do so. When you install Enterprise Vault, the default setting is that users can enable offline archives for themselves. If necessary, you can change this by setting a

196

Offline archives for offline users Setting up offline archives

suitable value of the desktop setting OVEnabled. If you leave the setting as it is, users can create their own offline archives. Note the following:

Users who do not have access to Archive Explorer always have shortcuts created in their mailboxes, regardless of any other setting. Users who do have Archive Explorer do not rely on shortcuts for offline access, so are not forced to have shortcuts created in their mailboxes. If users do not have access to Archive Explorer then they have no means of searching the offline archive. Such users must rely on Enterprise Vault shortcuts in order to access the offline archive. In this case, be careful not to have settings that automatically delete shortcuts too soon. Check your shortcut deletion settings, which are on the Shortcut Deletion tab of the Exchange Mailbox Policy Properties. When a user enables an offline archive, the offline archive is initially empty. The client scans the offline folders, copying some items into the offline archive and building a list of items to download. This can take some time if the user has a large OST file. If the scan is interrupted because the user exits from Outlook, the Enterprise Vault client continues the scan when Outlook is restarted. Because an offline archive is stored in a personal folder for each user, there is no problem with setting up offline archives for different people on the same computer.

Customizing clients
You can use the Offline Vault settings on the Advanced tab of the Exchange Mailbox Policy Properties dialog box to control the appearance and behavior of the Enterprise Vault client when an offline archive has been enabled. You can control the following:

The amount of feedback that the Enterprise Vault client gives to the user Which buttons and menu options are shown The behavior when archiving from synchronized mailbox folders The behavior when archiving from synchronized public folders Whether users can search items in their offline archive using Windows Desktop Search

See the Administrators Guide for more information.

Chapter

22

Setting up archiving from public folders


This chapter includes the following topics:

About archiving from public folders Vault store and partition Creating a public folder archive Adding a Public Folder task Public folder policy settings Adding public folder archiving targets Applying archiving settings to public folders Scheduling the Public Folder task Removing Public Folder targets

About archiving from public folders


Read this chapter to find out how to set up archiving from public folders. In summary, the process of setting up archiving from public folders is as follows:

Add the Exchange Server computer to your organization, create a vault store, and add a Task Controller service. You created these when setting up archiving from mailboxes. Create a public folder archive, if required. Create new retention categories, if required.

198

Setting up archiving from public folders Vault store and partition

Review the public folder policy settings. Add an Exchange Public Folder task. Add Public Folder Archiving Targets. Schedule the Exchange Public Folder task.

In order to set up Public Folder archiving, you must be logged in as an account that has appropriate Exchange Server permissions. The Vault Service account has the correct permissions. Alternatively, set up the account you want to use so that it has the correct permissions. See Assigning permissions on Microsoft Exchange Server on page 60.

Vault store and partition


A vault store and a vault store partition must exist before you enable public folders for archiving. If you want single copies of items that have been sent to user mailboxes and public folders, then use the same vault store partition for mailbox archives and public folder archives. On the partition properties, ensure that you have chosen to share the archived items. If you auto-enable the target public folders for archiving, Enterprise Vault automatically creates archives for the public folders in the vault store selected for the public folder archiving target. See Creating a default vault store and partition on page 143.

Creating a public folder archive


You can configure Enterprise Vault to create archives automatically using the auto-enabler. If you are not going to use the auto-enabler, then you need to create the required archives manually. You then assign the archives when configuring the public folder archiving targets. Multiple public folders can share an archive. To create a public folder archive

1 2

In the left pane of the Administration Console, expand the Archives container. Right-click Public Folder and then, on the shortcut menu, click New > Archive. The New Public Folder Archive wizard starts.

Work through the wizard. You will need to provide the following information:

The Enterprise Vault Indexing service computer The indexing level to use for any items stored in this archive

Setting up archiving from public folders Adding a Public Folder task

199

The billing address

Adding a Public Folder task


This section describes the steps required to add a Public Folder task. To add a Public Folder task

1 2 3 4

In the left pane of the Administration Console, expand the Site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the computer to which you want to add the Public Folder task. Right-click Tasks and then, on the shortcut menu, click New > Public Folder Task. The New Public Folder Task wizard starts.

Work through the wizard. You need to provide the following information:

The Exchange Server hosting the public folders. The name for the task. The Enterprise Vault system mailbox to use when connecting to Exchange Server. This can be the same system mailbox used by the Exchange Mailbox task.

Public folder policy settings


The settings that are used during public folder archiving come from the public folder policy that is being used. There is a default public folder policy, Default Exchange Public Folder Policy, which you can edit as required. Alternatively, you can create further policies as necessary.

Exchange Public Folder policy settings


These settings fall into the following categories:

General tab Archiving Rules tab Archiving Actions tab Shortcuts tab

200

Setting up archiving from public folders Public folder policy settings

Message Classes tab Advanced tab Targets tab Shortcut Deletion tab

General tab
Table 22-1 describes the settings on this tab, which you can use to override the indexing level for the target public folders. Table 22-1 Setting
Name and Description Indexing level

General settings Default value


The name and description of the policy. These can be changed later if required. Whether to use Brief, Medium or Full indexing when archiving from the target public folders. Phrase searching on content is only available with Full indexing. The indexing level can be set at site, policy and archive level. The setting on the archive will take precedence.

Archiving Rules tab


Table 22-2 describes the settings on this tab, which you can use to choose between size-based archiving and quota-based archiving. Table 22-2 Setting
Young items

Archiving Rules settings Description


The minimum age limit at which items can be archived

Default value
2 weeks

Large items

Whether to archive larger items Not set. before smaller items and, if so, the minimum size of the items that are given priority. Archiving is based on the period of time since an item was modified. The time period is six months. Setting is locked.

Archiving strategy Archive items based on age of item.

Setting up archiving from public folders Public folder policy settings

201

Table 22-2 Setting

Archiving Rules settings (continued) Description Default value


Not set.

Archive messages Archive an item only if it has an with attachments attachment, assuming all other only archiving criteria are met. Note that this is not the same as archiving attachments only. See the Administrators Guide for more information.

Archiving Actions tab


Table 22-3 describes the settings on this tab, which you can use to control how Enterprise Vault behaves when it archives an item. Table 22-3 Setting
Delete original item after archiving

Archiving Actions settings Default value


Original item is deleted from public folder after archiving. Setting is locked, which forces users to use policy setting.

Create shortcut to After it has been archived, the item in the public folder is replaced archived item after with a shortcut. archiving Setting is locked, which forces users to use policy setting.

Shortcuts tab
Table 22-4 describes the settings on this tab, which you can use to control the size and behavior of Enterprise Vault shortcuts. Table 22-4 Setting
Include recipient information in shortcut

Shortcuts settings Description


Whether to store recipient information (To: and Cc: details) in shortcuts. Shortcuts always contain the From and Subject information.

Default value
Shortcuts include recipient information.

202

Setting up archiving from public folders Public folder policy settings

Table 22-4 Setting


Shortcut body

Shortcuts settings (continued) Description Default value

How much of the message body to None store in shortcuts. Regardless of the setting value, the full message, with attachments, are still stored in the archive. None. None of the message text is stored in the shortcut. Use message body. Shortcuts contain all of the message body text, but no attachments. Customize. Select the amount of text and links that you want included in shortcuts.

When shortcut is opened

Whether double-clicking a Show contents. shortcut displays the contents of the original item or the properties of the shortcut.

The ShortcutText.txt file is required if you configure customized shortcuts. You can also use this file to process standard shortcuts for untitled attachments. See Using customized shortcuts on page 171.

Message Classes tab


The list on this tab shows the classes of items that will be archived when the policy is applied. Select or clear message class check boxes, as required. If you need to edit the list of available message classes, go to the Message Classes tab of the Directory properties.

Advanced tab
The settings on this tab let you control aspects of public folder archiving, such as how to process items that the task fails to archive. For details of these settings, see the Administrators Guide.

Targets tab
This tab displays the archiving target public folders that will use this policy.

Setting up archiving from public folders Adding public folder archiving targets

203

Shortcut Deletion tab


Shortcut deletion does the following:

Deletes shortcuts that are older than the age you specify on this page. Deletes orphaned shortcuts. These are shortcuts to items that have been deleted, typically by a user, from an archive.

Shortcut Deletion takes place according to the schedule that you define on the Shortcut Deletion tab of the Exchange Public Folder task. Table 22-5 Setting Shortcut Deletion settings Description Default value
Not selected

Delete shortcuts in Setting this makes Enterprise folders Vault delete shortcuts that are older than the age you specify. This does not affect the corresponding archived items. Users can still search for the archived items. For example, you could choose to delete all shortcuts older than 12 months, but retain archived items for several years. Delete orphaned shortcuts This setting makes Enterprise Vault delete shortcuts in public folders if the corresponding archived item has been deleted. If you use shortcuts that contain text from the original message, those shortcuts might be useful to users even though the archived items have been deleted. However, deleting large shortcuts will regain space in the Exchange Server store.

Not selected

Adding public folder archiving targets


An Exchange Public Folder task archives public folder targets. A public folder target is a single public folder hierarchy, starting from its root path and working down. You can have a few, or many Exchange Public Folder tasks, as required. Each Exchange Public Folder task can process multiple public folder targets.

204

Setting up archiving from public folders Adding public folder archiving targets

The Exchange Public Folder task processes all folders beneath each targets root path, except for folders that are processed by another Exchange Public Folder task and folders that have had their Enterprise Vault properties changed to stop the folder from being archived. You can add a public folder target with a root path that is higher up a public folder hierarchy than the root path of an existing public folder target. You cannot add one with a lower root path. If you use Outlook to view the properties of the public folder, you can copy the folder path to the clipboard and then paste it in as the root path for the target public folder. There are several ways to add public folders: manually or automatically.

Manual (standard) method. You select the public folder and the archive that is to be used for it. The same archive is used for the folder and its subfolders. Automatic method. You add an Enterprise Vault "auto-enabler" that then enables folders that are immediately beneath the folder you specify. These folders and their subfolders are all enabled for archiving. By default, a separate archive is automatically created for each folder at this level. For example, if you add an auto-enabler to \myPublic Folder, then new archives will be created for \myPublic Folder\Finance and \myPublic Folder\Property. No archive will be created for \myPublic Folder\Property\Commercial because that folder will use the same archive as its parent (\myPublic Folder\Property). Alternatively, you can select an existing archive to use. If new folders are added later, they are automatically archived too.

Manual (standard) method


This section describes the manual method of adding a public folder. You select the public folder and the archive that is to be used for it. The same archive is used for the folder and its subfolders. To add a public folder archiving target

1 2 3 4

In the left pane of the Administration Console, expand the hierarchy until Targets is visible. Expand Targets. Expand Exchange. Expand the domain that contains the Exchange Server that hosts the folder you want to add.

Setting up archiving from public folders Adding public folder archiving targets

205

5 6 7

Expand Exchange Server. Expand the Exchange Server that has the public folder you want to add. Right-click Public Folder and, on the shortcut menu, click New and then Public Folder. The New Public Folder wizard starts.

Work through the wizard. You will need to provide the following information:

The path to the top-level public folder to be archived The Exchange Public Folder task to use The Exchange Public Folder policy to assign The retention category to use The archive to use

Automatic method
This section describes the automatic method of adding a public folder. You add an Enterprise Vault "auto-enabler" that then enables folders that are immediately beneath the folder you specify. These folders and their subfolders are all enabled for archiving. By default, a separate archive is automatically created for each folder at this level. To add a public folder auto-enabler

1 2 3 4 5 6 7

In the left pane of the Administration Console, expand the hierarchy until Targets is visible. Expand Targets. Expand Exchange. Expand the domain that contains the Exchange Server that hosts the folder you want to add. Expand Exchange Server. Expand the Exchange Server that has the public folder you want to add. Right-click Public Folder and, on the shortcut menu, click New and then Public Folder Auto-Enabler. The New Public Folder Auto-Enabler wizard starts.

Work through the wizard. You will need to provide the following information:

The path to the top-level public folder to be archived.

206

Setting up archiving from public folders Applying archiving settings to public folders

Whether to archive items in the root folder. If yes, you can specify the archive to use. The Exchange Public Folder policy to use. The Exchange Public Folder task to use. The retention category to use. The vault store to create the new archives in.

Applying archiving settings to public folders


The default public folder archiving settings are set on each public folder. These are the settings that you specified on the Archiving Rules and Archiving Actions pages of Exchange Public Folder Policy properties. Using the Enterprise Vault User Extensions for Outlook, only users with Owner access to public folders can customize these settings. To apply archiving settings to a public folder

1 2

View the public folder using an Outlook client that has the Enterprise Vault User Extensions installed. Right-click the public folder and click Properties on the shortcut menu. The properties for the public folder are displayed.

Click the Enterprise Vault tab. The Enterprise Vault property page shows the folder currently has no settings.

Click Change. The Change Enterprise Vault properties dialog box is displayed.

Select the settings you want to apply. Users will be able to apply custom settings to a public folder only if the settings on the Archiving Actions page of the public folder policys properties are not locked.

Once you have finished applying settings, click OK.

Scheduling the Public Folder task


All Public Folder tasks run according to a schedule that you set. Each Exchange Public Folder task can be set to run according to the following:

Setting up archiving from public folders Removing Public Folder targets

207

The schedule, which is defined on the Site Schedule page of site properties. By default all archiving tasks run according to this schedule. Its own schedule, defined on the tasks Schedule property page.

To modify the schedule for a single task

1 2 3 4 5 6 7

In the left pane of the Administration Console, expand the hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the computer that is running the task that you want to modify. Click Tasks. In the right pane, double-click the task that you want to modify. Click the Schedule tab. Modify the schedule as required.

To modify the schedule for all archiving tasks

1 2 3 4

In the Administration Console, expand the contents of the scope (left) pane until the Enterprise Vault site is visible. Right-click the Enterprise Vault site and select Properties. The site properties dialog is displayed. Click the Site Schedule tab. Modify the schedule as required.

Removing Public Folder targets


Be careful when removing lower-level public folder targets. when you remove a public folder target that is below another public folder target, the folders are archived to the same archives as before. In this case, if you want to prevent public folders from being archived, change the settings for the lower-level public folders so that they are not archived. If you want to remove a public folder target, use the Administration Console to do so because this removes the marker that Enterprise Vault places on the root path folder. For example, this is important if you are running a pilot installation of Enterprise Vault that has an Exchange Public Folder task on a computer that you later decide to remove. If you merely take away the Exchange Public Folder task computer, the marker is not removed and so you cannot add another public folder target with that root path.

208

Setting up archiving from public folders Removing Public Folder targets

Chapter

23

Setting up archiving of journaled messages


This chapter includes the following topics:

Before you start Creating a journal vault store and partition Creating a journal archive Adding permissions to the journal archive Adding an Exchange Journaling task Reviewing the journaling policy settings Adding an Exchange Server journal mailbox as a target Starting the Journaling task What next?

Before you start


Before an Enterprise Vault Exchange Journaling task can be configured, you must have configured the Exchange Server to direct all mail to one or many journal mailboxes.

Creating a journal vault store and partition


All items from a journal mailbox need to be archived. It is good practice, for scalability reasons, to store items from journal mailboxes in a different vault store

210

Setting up archiving of journaled messages Creating a journal archive

from those used for mailbox and public folder archiving. If you have multiple journal mailboxes on an Exchange Server computer then, to gain the benefits shared storage, use the same vault store and partition for all of them. You must use the Administration Console to create a vault store for the Journaling task to use. To create a journal vault store and partition

1 2

In the left pane of the Administration Console, expand the hierarchy until Vault Stores is visible. Right-click Vault Stores and, on the shortcut menu, click New and then Vault Store. The New Vault Store wizard starts.

3 4 5

Work through the wizard. When the vault store has been created, you are given the option of creating a new Partition. Work through the New Partition wizard. To enable single-instance storage of items, ensure that Share archived items is selected on the partition properties.

Creating a journal archive


This section describes how to create a Journal archive. You must have already created a journal vault store and partition before you can create a Journal archive. To create a journal archive

1 2 3

In the left pane of the Administration Console, expand the hierarchy until Archives is visible. Expand Archives. Right-click Journal and, on the shortcut menu, click New and then Archive. The New Journal Archive wizard starts.

Work through the wizard. When prompted to select a vault store, choose the one that you just created. You will need to provide the following information:

The vault store in which to create the archive The required Indexing service The indexing level

Setting up archiving of journaled messages Adding permissions to the journal archive

211

A billing account

Adding permissions to the journal archive


You must add permissions for those users who need to be allowed access to items that have been archived from the journal mailbox. Users can have multiple different types of access to an archive:
Read Users can view and retrieve items from the archive. Those who need to search items archived from the journal mailbox, such as auditors, must have at least read access to the archive. Users can archive items in the archive. The owner of the journal mailbox must have at least write access to the archive. This enables items to be archived from the journal mailbox. Users can delete items from the archive. Note that, even though you grant the delete permission here, a user cannot delete from the archive unless you also select "Users can delete items from their archives" on the General tab of Site Properties.

Write

Delete

To add permissions to the journal archive

1 2 3 4

In the left pane of the Administration Console, expand the hierarchy until Archives is visible. Expand Archives. Click Journal. In the right pane, double-click the archive whose permission list you want to modify. The archives properties are shown.

Click the Permissions tab.

Adding an Exchange Journaling task


This section describes how to add an Exchange Journaling task. To add an Exchange Journaling task

1 2

In the left pane of the Administration Console, expand the site hierarchy until Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container.

212

Setting up archiving of journaled messages Reviewing the journaling policy settings

3 4

Expand the name of the computer to which you want to add an Exchange Journaling Task. Right-click Tasks and, on the shortcut menu, click New and then Exchange Journaling Task. The New Exchange Journaling Task wizard starts.

Work through the wizard. You will need to provide the following information:

The Exchange Server hosting the journal mailbox. Name for the task. Enterprise Vault system mailbox to use when connecting to Exchange Server. This can be the same system mailbox used by the Exchange Mailbox task.

Reviewing the journaling policy settings


The settings that used during Exchange Server journal mailbox archiving come from the Exchange Journaling policy that is being used. There is a default Exchange Journaling policy that you can edit as required. Alternatively, you can create further policies as necessary. To review the default Exchange Journaling policy settings

1 2 3

In the left pane of the Administration Console, expand the Policies container. Expand the Exchange container and click Journaling. In the right pane, double-click Default Exchange Journaling Policy. The properties of the policy appear.

Check the settings on the Advanced tab, and change them as necessary. You can click each setting to see a description of what it controls. The settings are described in the online help in the Administration Console and in the Administrators Guide.

Adding an Exchange Server journal mailbox as a target


This section describes how to add an Exchange Server journal mailbox as an archiving target.

Setting up archiving of journaled messages Starting the Journaling task

213

To add an Exchange Server journal mailbox as a target

1 2 3 4 5

In the left pane of the Administration Console, expand Archiving Targets. Expand the domain that contains the Exchange Server with the journal mailbox you are adding. Expand Exchange. Expand the Exchange Server. Right-click Journal Mailbox and, on the shortcut menu, click New > Journal Mailbox. The New Journal Mailbox wizard starts.

Work through the wizard. You will need to provide the following information:

The name of the Exchange journal mailbox to archive The Exchange Journaling task to use The Exchange Journaling policy to apply The retention category to apply to archived items The archive to use

Starting the Journaling task


This section describes how to start an Exchange Journaling task. To start the Journaling task

1 2 3 4 5

In the left pane of the Administration Console, expand the Enterprise Vault site hierarchy until Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the computer that has the Exchange Journaling task you want to start. Click tasks. In the right pane, right-click the task and, on the shortcut menu, click Start. You do not normally need to start the Exchange Journaling task in this manner: by default, the task starts automatically when the Task Controller service is started.

The task runs continually, archiving items immediately from the Exchange Server journal mailbox. Items are deleted from the mailbox as they are archived and no shortcuts are created.

214

Setting up archiving of journaled messages What next?

What next?
It is important that you monitor journal mailboxes to make sure that items are being archived promptly. For details of how to monitor the mailboxes, see the Administrators Guide. You can customize the Exchange Server journal mailbox so that items are archived to different archives and with different retention categories. See the Administrators Guide for details.

Chapter

24

Envelope Journaling
This chapter includes the following topics:

Enterprise Vault and Exchange Server Envelope Journaling

Enterprise Vault and Exchange Server Envelope Journaling


Envelope Journaling is used by Exchange Server to capture the complete recipient list of a message. The Enterprise Vault Journaling task automatically recognizes an envelope message and processes it accordingly. Each journaled message has two parts:

A P1 envelope The original message

In the body of the envelope message there may be uncategorized recipients, in addition to the TO, CC and BCC recipients. This happens when there is no way of discovering the original category of such recipients; for example, when a message is sent over SMTP by Exchange Server 2007. Enterprise Vault classifies such recipients as Undisclosed recipients. You can search for Undisclosed recipients using the Recipient field option on the advanced page of the Enterprise Vault browser search. (The search index property, RNDN, is used for Undisclosed recipients.) Undisclosed recipients are recognized in Compliance and Discovery Accelerator searches. This chapter describes how Enterprise Vault Journaling task handles the envelope messages from Exchange Server 2000, 2003, and 2007.

216

Envelope Journaling Enterprise Vault and Exchange Server Envelope Journaling

How Enterprise Vault handles envelope messages from Exchange Server 2000 and 2003
When the Enterprise Vault Journaling task receives a journaled message from Exchange Server 2000 or 2003:

The complete list of recipients is extracted from the envelope message contents. This list is compared with recipients in the header of the attached message. Recipients found in the envelope message but not the attached message header are classed as Undisclosed Recipients. If a BCC recipient is also in the TO or CC fields and the message arrives over SMTP, then Enterprise Vault will store the recipient in the TO or CC field but not in the Undisclosed field. When messages are addressed to Alternate Recipients and BCC recipients and sent over SMTP, these recipients will be included in the body of the envelope message but not in the message header of the original message. As there is no way of discovering the original category of such recipients, Enterprise Vault will store them as Undisclosed Recipients. When a message is redirected to an Alternate Recipient (that is, forwarded to the Alternate recipient without actually being delivered to the original recipient), then the message headers will show the originally intended recipient and not the final (Alternate) recipient. Both recipients will be indexed, even though the originally intended recipient never actually received the message. This is because it is not possible to determine from the journal message that the original recipient was skipped. If an Alternate recipient also appears as an originally intended recipient (TO or CC), then the recipient will not be stored as an Undisclosed Recipient. A copy of the envelope message, complete with original message attached, will be passed to any external filters (for selective journaling or the Compliance Accelerator Journaling Connector). When the message is archived, only the original message is stored in the Journal archive, not the envelope message.

How Enterprise Vault handles envelope messages from Exchange Server 2007
When the Enterprise Vault Journaling task receives a journaled message from Exchange Server 2007:.

The list of recipients is extracted from the envelope message contents. This list is not compared with recipients in the header of the attached message.

Envelope Journaling Enterprise Vault and Exchange Server Envelope Journaling

217

Uncategorized recipients found in the envelope message body are classed as Undisclosed recipients. For example, recipients of messages that are sent over SMTP will be included in the recipient list in the envelope message body but will not be categorized. A copy of the envelope message, complete with original message attached, will be passed to any external filters (for selective journaling or the Compliance Accelerator Journaling Connector). When the message is archived, the envelope is stored in the Journal archive as a stream in the message saveset.

218

Envelope Journaling Enterprise Vault and Exchange Server Envelope Journaling

Section

Setting up OWA, RPC over HTTP, and ISA Server

Configuring OWA access to Enterprise Vault Configuring RPC over HTTP access to Enterprise Vault Configuring OWA and RPC Extensions in clustered configurations How to uninstall Enterprise Vault OWA Extensions Using Microsoft ISA Server with OWA and RPC Extensions

220

Chapter

25

Configuring OWA access to Enterprise Vault


This chapter includes the following topics:

Enterprise Vault functionality in OWA clients OWA configurations Which OWA Extensions to install Configuring Enterprise Vault access for OWA 2007 users Configuring Enterprise Vault access for OWA 2003 users Configuring Enterprise Vault access for OWA 2000 users Configuring a demonstration system Troubleshooting

Enterprise Vault functionality in OWA clients


The Enterprise Vault functionality available to users depends on the version of OWA running on the Exchange Servers. See Table 25-1 on page 222. Configuration settings in the Enterprise Vault Administration Console (in the Advanced page of the Exchange Mailbox Policy properties) let you customize the Enterprise Vault options available in OWA 2003 and OWA 2007 clients. See the Administrators Guide for more details.

222

Configuring OWA access to Enterprise Vault Enterprise Vault functionality in OWA clients

Table 25-1 OWA version


OWA 2007 and OWA 2003

Enterprise Vault features in OWA clients Enterprise Vault functionality


View items using standard OWA functionality. Reply to and forward shortcuts or original items (using standard OWA functionality). Archive items and folders using Enterprise Vault buttons or menu options. Default archiving properties can be changed. Restore items using Enterprise Vault buttons or menu options. Restore properties can be set. Delete shortcuts and/or archived items using Enterprise Vault buttons or menu options or standard OWA functionality. Archive Explorer button. Integrated search button. (No link to Browser search).

View archived public folder items. Currently this is available in OWA 2003 clients only. With OWA 2007 clients, users can view archived public folder items using archive search or Archive Explorer. Administrator can configure Enterprise Vault functionality available in Premium and Basic clients. OWA 2000

View items. Reply to and forward shortcuts (using standard OWA functionality). Delete shortcuts (using standard OWA functionality). View archived public folder items.

About OWA forms-based authentication


In Enterprise Vault 6.0 or later, when using forms-based authentication, OWA 2003 and OWA 2007 client users are prompted to re-enter login credentials when starting the Enterprise Vault Search or Archive Explorer features in the OWA client. This is because the request accesses a different IIS virtual directory which requires different authentication. The authentication is valid for the session. In addition, if View mode is set to Enterprise Vault in the OWA settings on the Advanced page of the Exchange Mailbox Policy, users are prompted to re-authenticate when they first open an archived item. The View mode setting controls what happens when a user clicks Open the original item in the banner of a custom shortcut. If OWA is set as the value of this setting, then the original item is rendered by OWA (and looks like an OWA message). If Enterprise Vault is set as the value, then the item is rendered by Enterprise Vault (and looks like a Web browser page).

Configuring OWA access to Enterprise Vault OWA configurations

223

OWA configurations
The following figures give examples of some typical OWA environments in which Enterprise Vault can be deployed. The types of authentication supported by Enterprise Vault are also shown.

OWA 2007 configuration


The following configuration shows a simple OWA 2007 environment. Figure 25-1 OWA 2007 configuration

In this configuration Enterprise Vault OWA 2007 Extensions are installed on the same computer as Exchange Server 2007 with Client Access Service (CAS) installed. Typically, Exchange Server 2007 with Mailbox Role would be on a separate computer, but it could be co-located with the CAS server. When a user starts Archive Explorer or an archive search from the OWA client, the client will always try to connect directly to the Enterprise Vault Web Application on the Enterprise Vault server. If clients connect to the Exchange 2007 CAS server using Microsoft ISA Server, then the Enterprise Vault Web Access application must be published by the ISA Server in addition to the Exchange 2007 CAS server.

224

Configuring OWA access to Enterprise Vault OWA configurations

The Exchange 2007 CAS server connects to the Enterprise Vault server using anonymous authentication. On the Enterprise Vault server, a special user manages the anonymous connections.

OWA 2007 and OWA 2003 mixed environment


The following configuration shows a possible mixed OWA 2007 and OWA 2003 environment. OWA 2007 clients access the Exchange 2007 Mailbox server through the Exchange 2007 CAS server. OWA 2003 clients access the OWA 2003 back-end server through the Exchange 2007 CAS server. This mixed configuration may exist while Exchange Servers are gradually being upgraded to Exchange Server 2007.

Configuring OWA access to Enterprise Vault OWA configurations

225

Figure 25-2

Mixed OWA 2007 and OWA 2003 configuration

If an OWA 2003 client accesses a mailbox on Exchange Server 2003 through the Exchange 2007 CAS server, then any Archive Explorer or archive search requests will always attempt to access the Enterprise Vault server directly (irrespective of the value of OWA setting, Client Connection, in the Exchange Mailbox Policy). In this configuration, the Enterprise Vault OWA 2003 Back-End Extensions are installed on the OWA 2003 server and Enterprise Vault OWA 2007 Extensions are installed on the Exchange 2007 CAS server. If clients connect through a Microsoft ISA Server, then you will need to publish to clients the OWA site on the Exchange 2007 CAS server and the Enterprise Vault Web Access application.

226

Configuring OWA access to Enterprise Vault OWA configurations

The OWA 2003 server and the Exchange 2007 CAS server connect to the Enterprise Vault server using anonymous authentication. On the Enterprise Vault server, a special user manages these anonymous connections.

OWA 2000 or 2003 with front-end Exchange Server


In the following configuration is for OWA 2000 or 2003. There is one Exchange Server configured as a front-end OWA server and two Exchange Servers configured as back-end OWA servers. Figure 25-3 Front-end/back-end OWA 2000 or 2003 example configuration

OWA client browser sessions connect to the front-end server. Enterprise Vault OWA 2000 or 2003 Extensions are installed on all front-end and back-end Exchange Servers. If the front-end OWA server is running Exchange Server 2003 and the back-end OWA server is running Exchange Server 2000, clients will only have the Enterprise Vault functionality available with OWA 2000 Extensions. Typically, users connect to the front-end server using basic authentication. Integrated Windows Authentication (IWA) is used for the connection between Exchange Servers and anonymous authentication is used for the connection

Configuring OWA access to Enterprise Vault OWA configurations

227

between the back-end Exchange Server and the Enterprise Vault server. On the Enterprise Vault server, a special user manages the anonymous connections. An Enterprise Vault Exchange Mailbox Policy setting (Client connection) can be used to enable OWA 2003 clients to connect directly to the Enterprise Vault server when users start Archive Explorer or an archive search from their OWA client. If clients connect to the OWA 2003 front-end server through an ISA Server, and direct connections are configured for Archive Explorer and archive search, then the OWA 2003 front-end server and the Enterprise Vault Web Access application must be published to clients. If direct connections are not configured (this is the default for OWA 2003), then only the OWA 2003 front-end server needs to be published.

OWA 2000 or 2003 without front-end Exchange Server


In the following configuration there are no front-end OWA servers.

228

Configuring OWA access to Enterprise Vault OWA configurations

Figure 25-4

Back-end only OWA 2000 or 2003 example configuration

Instead, users connect to one of two Exchange Servers configured as back-end OWA 2000 or 2003 servers. This configuration can provide more security, as you can force users to use IWA authentication instead of basic authentication when connecting to the OWA servers. Anonymous authentication is used for the connection between the Exchange Server and the Enterprise Vault server and a special user is created and configured to manage the anonymous connections. As in previous configurations, an Enterprise Vault Exchange Mailbox Policy setting can be used to enable OWA 2003 clients to connect directly to the Enterprise Vault server when users start Archive Explorer or an archive search from their OWA client. If clients connect to the OWA 2003 back-end server through an ISA Server, and direct connections are configured for Archive Explorer and archive search, then the OWA 2003 back-end server and the Enterprise Vault Web Access application must be published to clients. If direct connections are not configured (this is the

Configuring OWA access to Enterprise Vault OWA configurations

229

default for OWA 2003), then only the OWA 2003 back-end server needs to be published.

Clustered OWA configurations


Figure 25-5 gives an example of an active/passive cluster of OWA 2000 or 2003 servers. The following examples of clustering relate to OWA 2000 and OWA 2003 only. In an Exchange Server 2007 environment, the Exchange Server with Mailbox Role installed can be clustered, but the Exchange 2007 CAS server cannot. As it is the Exchange 2007 CAS server that contacts the Enterprise Vault server, the Enterprise Vault configuration is unaffected when Exchange 2007 Mailbox servers are clustered. Figure 25-5 Clustered OWA 2000 or 2003 servers example

230

Configuring OWA access to Enterprise Vault OWA configurations

In this configuration, Enterprise Vault OWA 2000 or 2003 Extensions must be installed and configured on both Exchange Servers in the cluster. Enterprise Vault automatically adds the necessary cluster addresses to its configuration files when you configure the OWA Extensions. There could also be a front-end OWA server, but this would not normally be included in a cluster configuration. When one OWA server in the cluster fails over to the other, connections to the Enterprise Vault servers are established automatically; users can continue to access items in their Enterprise Vault archives. Figure 25-6 Configuration after failover

Configurations for demonstrating Enterprise Vault with OWA


If you are setting up an Enterprise Vault environment to demonstrate or pilot OWA 2000 or 2003 access to Enterprise Vault archives, the Enterprise Vault server

Configuring OWA access to Enterprise Vault Which OWA Extensions to install

231

and Exchange Server can be installed on one computer. However, installing Exchange Server 2007 on the Enterprise Vault server is not currently supported. See Configuring a demonstration system on page 253.

Which OWA Extensions to install


To provide OWA access to Enterprise Vault for Exchange Server 2007 mailboxes, Enterprise Vault OWA Extensions need to be installed on all computers running Exchange Server 2007 with Client Access Service (CAS) role installed. To provide OWA access to Enterprise Vault for Exchange Server 2000 or 2003 mailboxes, Enterprise Vault OWA Extensions need to be installed on all front-end and back-end OWA Exchange Servers. Table 25-2 shows which OWA Extensions you need to install on your Exchange Servers. Table 25-2 If you have this
Exchange Server 2007 CAS servers

Enterprise Vault OWA Extensions to install Install this


OWA 2007 Extensions using one of the following installers, depending on whether your Exchange Server is running in 32-bit or 64-bit mode:

EV_OWA2007_Extensions_x64.msi EV_OWA2007_Extensions_x86.msi

Exchange Server 2003 or Exchange 2003 Back-end Extensions (OWA & RPC) or Exchange Exchange 2000 (with 2000 OWA Extensions (Back-end) on each back-end server using front-end servers) the Enterprise Vault installer. Exchange 2003 Front-end Extensions (OWA & RPC) or Exchange 2000 OWA Extensions (Front-end) on each front-end server using the Enterprise Vault installer. Exchange Server 2003 or Exchange 2003 Back-end Extensions (OWA & RPC) or Exchange Exchange 2000 (without 2000 OWA Extensions (Back-end) on each Exchange Server front-end servers) computer using the Enterprise Vault installer..

The Enterprise Vault Extensions for OWA 2003 servers are named "Exchange 2003 Front-end Ext. (OWA & RPC)" and "Exchange 2003 Back-end Ext. (OWA & RPC)", as they are also used to support RPC over HTTP connections to Exchange Server 2003. No Enterprise Vault extensions are required to support RPC over HTTP connections to Exchange Server 2007. Note that the Enterprise Vault buttons are not available in OWA clients when using OWA 2000, which means that you can only view archived items with these

232

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users

extensions. To be able to archive, restore and delete archived items from your OWA client and have integrated access to Archive Explorer and Search features, you need to use OWA 2003 on Exchange Server 2003.

Configuring Enterprise Vault access for OWA 2007 users


This section describes how to configure Enterprise Vault servers and Exchange Server 2007 CAS computers to enable Enterprise Vault access for OWA users. The required steps can be summarized as follows:

On Enterprise Vault servers, configure the server to accept anonymous connections from Exchange 2007 CAS servers, and any OWA 2000 or 2003 back-end servers. If required, configure OWA settings in the Exchange Mailbox Policy in the Enterprise Vault Administration Console to change the Enterprise Vault functionality available in OWA clients. On Exchange 2007 CAS server computers, install the Enterprise Vault OWA 2007 Extensions. (You can install the 64-bit or 32-bit version, depending on the mode of your Exchange Server). If you have a environment that includes Exchange 2007 Mailbox Role installed on the Exchange 2007 CAS server computer and also remote Exchange 2007 Mailbox servers, then you need to perform some additional configuration. See Supporting Mailbox Role on both CAS server and remote servers on page 257. When Archive Explorer or archive search is started in an OWA 2007 client, the client will attempt to access the Enterprise Vault server directly. If you are using a firewall or ISA Server, you need to ensure that both the Exchange 2007 CAS server and Enterprise Vault server Web Access application are published to clients. For information on configuring your ISA Server for OWA access: See Using ISA Server with Enterprise Vault on page 297.

If required, there are additional settings that you can configure in the file, web.config, on the Exchange 2007 CAS server to alter the behavior of the extensions and facilitate troubleshooting. See Troubleshooting on page 254. The process for installing Enterprise Vault OWA 2007 Extensions differs considerably from the process for installing and configuring OWA 2000 and OWA 2003 Extensions. With OWA 2007 Extensions:

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users

233

You do not need to run the configuration wizard after installing the extensions. No virtual directories, such as EnterpriseVaultProxy, are required on the Exchange servers for Enterprise Vault. No form registration is required. No proxy bypass list is required. As Enterprise Vault no longer edits the OWA control files, OWA access to Enterprise Vault is more robust when Exchange Server hotfixes that affect OWA control files are applied.

Configuring Enterprise Vault for anonymous connections


To prepare Enterprise Vault servers for anonymous connections from Exchange 2007 CAS servers, or OWA 2000 or 2003 back-end servers, perform the following steps as described in this section:

Create the ExchangeServers.txt file. This contains a list of the IP addresses for all the Exchange 2007 CAS servers, and any OWA 2000 or 2003 back-end servers, that will connect to the Enterprise Vault server. Create or select a domain account to be used for anonymous connections from Exchange Servers to the Enterprise Vault server. Run the script, owauser.wsf, to configure the anonymous user. Synchronize mailboxes and restart Enterprise Vault Admin service.

To create the ExchangeServers.txt file

1 2

Open Notepad. Type the IP address of each Exchange 2007 CAS server and OWA 2000 or 2003 back-end server that will connect to the Enterprise Vault server, one entry per line. Save the file as ExchangeServers.txt in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). Close Notepad.

3 4

234

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users

To configure the anonymous user account for OWA

Create a domain user account to use as the anonymous user account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. The account should not belong to any administrative group. If you are upgrading your OWA Extensions and the existing anonymous user account is a domain account, then use this account. If your existing anonymous user account is a local machine account, then you will need to create a new domain account for the anonymous user.

2 3 4

Log on to the Enterprise Vault server as the Vault Service account. Open a command prompt window and navigate to the Enterprise Vault installation folder. Type and enter the command line:
cscript owauser.wsf /domain:domain /user:username /password:password /exch2003

(Note that you use the parameter, /exch2003, for OWA 2003 and OWA 2007). The file owauser.wsf is installed in the Enterprise Vault installation folder. For domain, give the domain of the anonymous user account. For username, give the username of the anonymous user account. For password, give the password of the anonymous user account. To display help for the cscript command, type
cscript owauser.wsf /?

The progress of the script execution is displayed in the command prompt window. When the configuration script finishes, you are prompted to restart the Enterprise Vault Admin service and synchronize mailboxes.

What owauser.wsf configures


The owauser.wsf script sets up the following on the Enterprise Vault server:

Assigns the following user rights to the anonymous user:


Access this computer from the network (SeNetworkLogonRight) Allow logon locally (SeInteractiveLogonRight) Log on as a batch job (SeBatchLogonRight)

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users

235

Bypass traverse checking (SeChangeNotifyPrivilege)

Creates (or updates) the virtual directory, EVAnon, that points to the Enterprise Vault\WebApp folder and assigns anonymous access permissions to the OWA anonymous user. Access to EVAnon is granted to the servers listed in ExchangeServers.txt. You can check this by displaying the properties of the EVAnon virtual directory, selecting the Directory Security tab and clicking Edit in the IP address and domain name restrictions section. Creates (or updates) the following two Registry values:
HKEY_CURRENT_USER \Software \KVS \Enterprise Vault \AnonymousUser

The value of this setting is the full name, including the domain, of the anonymous user. For example, mydomain\EVOWAUSER.
HKEY_LOCAL_MACHINE \SOFTWARE \KVS \Enterprise Vault \Install \OwaWebAppAlias

The value of this setting is the name of the virtual directory for anonymous connections, EVAnon.

Restart the Admin Service and synchronize mailboxes


To complete the configuration, you need to restart the Enterprise Vault Admin service and synchronize mailboxes, as described in this section. To restart the Admin Service

1 2

Open Control Panel, select Administrative Tools and then select Services. Right-click Enterprise Vault Admin Service and select Restart. Enterprise Vault services and tasks will restart.

Close the Services console.

236

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2007 users

To synchronize mailboxes

1 2

Click Start > Programs > Enterprise Vault Administration Console. Expand the Enterprise Vault Directory container and then your site. Expand Enterprise Vault Servers and select the required Enterprise Vault server. Expand this container. Expand Tasks. In the right hand pane, double-click the Exchange Mailbox Archiving task for the Exchange Server, to display the properties window for the task. Select the Synchronization tab. Make sure All mailboxes and Mailbox properties and permissions are selected. Click Synchronize. Click OK to close the properties window. Close the Enterprise Vault Administration Console.

3 4 5 6 7

Configuring Enterprise Vault Exchange Mailbox Policy


If required, you can customize the Enterprise Vault functionality that you want available in OWA 2007 clients. You can customize OWA clients using the OWA settings on the Advanced page of the Exchange Mailbox Policy properties. For more information on these settings, see the Enterprise Vault Administrator's Guide. If you change settings in the Exchange Mailbox Policy, then you will need to synchronize the mailboxes. SeeTo synchronize mailboxes

Installing Enterprise Vault OWA 2007 Extensions


Two versions of the Enterprise Vault OWA 2007 Extensions are available; one for Exchange Server 2007 in 64-bit mode and one for Exchange Server 2007 in 32-bit mode. These extensions are provided by the following Windows Installer kits on CD 1 of the Enterprise Vault distribution media:

EV_OWA2007_Extensions_x64.msi EV_OWA2007_Extensions_x86.msi

Follow the instructions in this section to install the extensions.

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users

237

To install Enterprise Vault OWA 2007 Extensions

1 2 3 4 5 6 7

On the Exchange 2007 CAS Server, load CD 1 of the Enterprise Vault 2007 release. Open the Enterprise Vault 2007 folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open Enterprise Vault 2007\OWA 2007 Extensions folder. Double-click the appropriate MSI file for your Exchange Server to start the installation wizard. Follow the installation instructions. After you have installed the extensions, you do not need to perform any further configuration on the Exchange Server. Repeat the installation on each Exchange 2007 CAS Server.

Configuring Enterprise Vault access for OWA 2003 users


This section describes how to configure Enterprise Vault servers and Exchange Server 2003 computers to enable Enterprise Vault access for OWA 2003 users. The required steps can be summarized as follows:

If your Exchange Servers are clustered, there is additional information that you need to read before proceeding. See Supported cluster configurations on page 276. See OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters on page 279. See OWA: Enterprise Vault Extensions in an active/active Microsoft cluster on page 282. See Configuring Enterprise Vault OWA and RPC Extensions on VCS on page 287. On Enterprise Vault servers, configure the anonymous user account to handle connections from back-end Exchange Servers. On Enterprise Vault servers, customize settings in the Exchange Mailbox Policy, if required. On back-end Exchange Server 2003 computers, install the Enterprise Vault OWA 2003 Extensions. (The Exchange 2003 Back-end Ext. (OWA & RPC) component.) On back-end Exchange Server 2003 computers, run the Enterprise Vault configuration wizard for the Enterprise Vault OWA Extensions.

238

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users

Use an OWA client browser session on each back-end Exchange Server to check the Enterprise Vault OWA configuration. On front-end Exchange Server 2003 computers, install the Enterprise Vault OWA Extensions. (The Exchange 2003 Front-end Ext. (OWA & RPC) component.) On front-end Exchange Server 2003 computers, run the Enterprise Vault configuration wizard for the Enterprise Vault OWA Extensions. Use an OWA client browser session on each front-end Exchange Server to check the complete Enterprise Vault OWA configuration. If clients connect through an ISA Server, you will need to configure this for Enterprise Vault access. See Using ISA Server with Enterprise Vault on page 297.

OWA 2003: Configuring Enterprise Vault for anonymous connections


On Enterprise Vault servers that support connections from OWA servers, follow the instructions in this section to configure a special user account for handling anonymous connections from OWA servers. To configure the Enterprise Vault server for anonymous connections, you need to perform the following tasks:

Create the ExchangeServers.txt file on the Enterprise Vault server. This holds a list of the IP addresses for all the back-end OWA servers that will connect to the Enterprise Vault server. Create or select domain account to be used for anonymous connections. Run the script, owauser.wsf, to configure the anonymous user. Restart Enterprise Vault Admin service and synchronize mailboxes.

To create the ExchangeServers.txt file

1 2

Open Notepad. Type the IP address of each back-end OWA server (that is, the Exchange Virtual Server IP address), one entry per line. If the OWA servers are clustered, enter the Virtual Server IP addresses first and then add the cluster IP address and the IP addresses of each node.

3 4

Save the file as ExchangeServers.txt in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). Close Notepad.

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users

239

To configure the anonymous user account for OWA

Create a domain user account to use as the anonymous user account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. The account should not belong to any group. If you are upgrading your OWA Extensions and the existing anonymous user account is a domain account, then use this account. If your existing anonymous user account is a local machine account, then you will need to create a new domain account for the anonymous user.

2 3 4

Log on to the Enterprise Vault server as the Vault Service account. Open a command prompt window and navigate to the Enterprise Vault installation folder. Type and enter the command line:
cscript owauser.wsf /domain:domain /user:username /password:password /exch2003

The file owauser.wsf is installed in the Enterprise Vault installation folder. For domain, give the domain of the anonymous user account. For username, give the username of the anonymous user account. For password, give the password of the anonymous user account. To display help for the cscript command, type
cscript owauser.wsf /?

The progress of the script execution is displayed in the command prompt window. See What owauser.wsf configures on page 234. When the configuration script finishes, you are prompted to restart the Enterprise Vault Admin service and synchronize mailboxes.

To restart the Admin service

1 2

Open Control Panel, select Administrative Tools and then select Services. Right-click Enterprise Vault Admin Service and select Restart. Enterprise Vault services and tasks will restart.

Close the Services console.

240

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users

To synchronize mailboxes

1 2

Click Start > Programs > Enterprise Vault Administration Console. Expand the Enterprise Vault Directory container and then your site. Expand Computers and select the required Enterprise Vault server. Expand this container. Expand Tasks. In the right hand pane, double-click the Mailbox Archiving task for the Exchange Server, to display the properties window for the task. Select the Synchronization tab. Make sure All mailboxes and Mailbox properties and permissions are selected. Click Synchronize. Click OK to close the properties window. Close the Enterprise Vault Administration Console. If required, modify OWA client settings in the Exchange Mailbox Policy. See Configuring Enterprise Vault Exchange Mailbox Policy on page 241. You can then install the OWA Extensions on back-end Exchange Server computers. See Installing OWA Extensions on a back-end Exchange Server 2003 on page 242.

3 4 5 6 7 8

What owauser.wsf configures


The owauser.wsf script sets up the following on the Enterprise Vault server:

Assigns the following user rights to the anonymous user:


Access this computer from the network (SeNetworkLogonRight) Allow logon locally (SeInteractiveLogonRight) Log on as a batch job (SeBatchLogonRight) Bypass traverse checking (SeChangeNotifyPrivilege)

Creates (or updates) the new virtual directory, EVAnon, that points to the Enterprise Vault\WebApp folder and assigns anonymous access permissions to the OWA anonymous user. Access to EVAnon is also granted to the back-end OWA servers. You can check this by displaying the properties of the EVAnon virtual directory, selecting the Directory Security tab and clicking Edit in the IP address and domain name restrictions section. Creates (or updates) the following two Registry values:

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users

241

HKEY_CURRENT_USER \Software \KVS \Enterprise Vault \AnonymousUser

The value of this setting is the full name, including the domain, of the anonymous user. For example, mydomain\EVOWAUSER.
HKEY_LOCAL_MACHINE \SOFTWARE \KVS \Enterprise Vault \Install \OwaWebAppAlias

The value of this setting is the name of the virtual directory for anonymous connections, EVAnon.

Configuring Enterprise Vault Exchange Mailbox Policy


If required, you can customize the Enterprise Vault functionality that you want available in OWA 2003 clients. You customize OWA clients using the OWA settings on the Advanced page of the Exchange Mailbox Policy properties. For more information on these settings, see the Enterprise Vault Administrator's Guide. If you want OWA 2003 client requests for Archive Explorer and archive search to connect to the Enterprise Vault directly, and not through the OWA 2003 server (the default action), then modify the value of the Client connection setting to Direct. See To configure direct access to the Enterprise Vault server from OWA 2003 clients. If you change any settings in the Exchange Mailbox Policy, then you will need to synchronize the mailboxes. To configure direct access to the Enterprise Vault server from OWA 2003 clients

1 2 3

In the Enterprise Vault Administration Console, expand the site. Click Policies > Exchange > Mailbox. Double-click the policy that you want to change to display the policy properties. Select the Advanced page.

242

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users

4 5 6 7 8 9

In the drop-down box beside List settings from: select OWA. Double-click the Client connection setting. Select Direct in the drop-down box and click OK to close the dialog. If required, you can also modify other OWA settings to restrict the functionality available in the OWA 2003 clients. Click OK to close the properties dialog. The new values will be set when the mailboxes are synchronized. publish the Enterprise Vault Web Access application in addition to the OWA server. See Using ISA Server with Enterprise Vault on page 297.

10 If clients connect to the OWA server through an ISA Server, you will need to

Installing OWA Extensions on a back-end Exchange Server 2003


Follow the instructions in this section to install the Enterprise Vault OWA Extensions from the Enterprise Vault CD-ROM. To install Enterprise Vault OWA Extensions

1 2 3 4 5

On your Exchange Server, load the Enterprise Vault CD-ROM. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. Follow the installation instructions and select the Exchange 2003 Back-end Ext. (OWA & RPC) component. See Which OWA Extensions to install on page 231. Exchange Server 2003 hotfixes may modify OWA control files. If you have installed an Exchange Server 2003 hotfix that has created an unsupported version of the OWA control files folder, or modified any files in the control files folder, a "Save file error" will be reported when you attempt to install the Enterprise Vault OWA Extensions.

On each back-end OWA 2003 server, you now need to configure the extensions.

Configuring a back-end Exchange Server 2003


After you have installed the OWA Extensions on back-end Exchange Server 2003 computers, configure the OWA Extensions, as described in this section.

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users

243

The Exchange back-end servers require direct access to the Enterprise Vault server, and must not go via a proxy. The configuration wizard creates WinHTTP proxy bypass entries for each Exchange Server that will connect to the Enterprise Vault server. To enable the configuration wizard to add the required entries to the proxy bypass list, create the EVServers.txt file as described in this section. You must create and populate the EVServers.txt file, even if you do not use a proxy server. The steps to configure a back-end Exchange Server are as follows:

Create at least one public folder before you run the configuration wizard. As Microsoft Exchange installation automatically creates a public folder store, Enterprise Vault will attempt to register forms against public folders. Create the EVServers.txt file and add entries for the proxy bypass list. Run the OWA Extensions configuration wizard from the Start menu.

To create the EVServers.txt file

1 2

Open Notepad. Type in, one entry per line, the Vault Site alias in both fully-qualified and LanMan forms. For example:
ourvaultsitealias.domain.com ourvaultsitealias

Also type in any aliases for each Enterprise Vault server computer in the Vault Site. Enter these one per line, in fully-qualified and LanMan forms. For example:
vault1alias.domain.com vault1alias

Save the file as a Unicode file with the name EVServers.txt in the OWA folder in your Enterprise Vault installation folder (typically, C:\Program Files\Enterprise Vault\OWA). Close Notepad.

To run the OWA Extensions configuration wizard on a back-end Exchange Server

1 2

Log on to the Exchange Server computer using an account that has Exchange Full Administrator permission. Ensure the Exchange Server is running and that the Web site associated with the Exchange Server has an ExAdmin virtual directory created.

244

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users

3 4

To start the configuration wizard, click Start > Programs > Enterprise Vault > Exchange Back-end Extensions Configuration > (OWA & RPC). A command prompt window opens and lists what the configuration wizard has done. The program configures the following for each Exchange virtual server it finds on the computer:

An EnterpriseVaultProxy virtual directory for each Web server on the computer. An EVOWA virtual directory for each Web server on the computer. A virtual directory called EnterpriseVaultname for each Exchange mailbox and public folder virtual directory. name is the name of the associated Exchange virtual directory. For example, if Exchange virtual directories are called Exchange and Public, virtual directories called EnterpriseVaultExchange and EnterpriseVaultPublic will be created. Execution of scripts is enabled in the settings of the Exchange mailbox and public folder virtual directories. Enterprise Vault forms are registered. Entries in the proxy bypass list from the EVServers.txt file.

When the configuration wizard has finished, you will see the following line in the command prompt window:
Press ENTER to end

Details of the configuration process are sent to the log file:


Enterprise Vault\OWA\BackEnd2003Setup.wsf.log

Check the log file for any configuration errors.

From a browser, enter the URL for the back-end OWA server. Open an OWA client and check that you can view archived items. In OWA 2003 clients, you should also see the Enterprise Vault buttons. Archive Explorer and Search options should be displayed in the navigation pane. Repeat the above steps to configure the OWA Extensions on each back-end Exchange Server. You can now install the OWA Extensions on front-end Exchange Server computers.

8 9

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2003 users

245

Installing OWA Extensions on a front-end Exchange Server 2003


Follow the instructions in this section to install the Enterprise Vault OWA Extensions from the Enterprise Vault CD-ROM. To install Enterprise Vault OWA Extensions

1 2 3 4 5

On your Exchange Server, load the Enterprise Vault CD-ROM. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. Follow the installation instructions and select the Exchange 2003 Front-end Ext. (OWA & RPC) component. See Which OWA Extensions to install on page 231. Exchange Server 2003 hotfixes may modify OWA control files. If you have installed an Exchange Server 2003 hotfix that has created an unsupported version of the OWA control files folder, or modified any files in the control files folder, a "Save file error" will be reported when you attempt to install the Enterprise Vault OWA Extensions.

On each front-end OWA 2003 server, you now need to configure the extensions.

Configuring a front-end Exchange Server 2003


After you have installed the OWA Extensions on a front-end Exchange Server 2003 computer, you need to configure the extensions, as described in this section. To run the OWA configuration wizard on a front-end Exchange Server 2003

1 2 3

Log on to the Exchange Server computer using an account that has Exchange Full Administrator permission. Click Start> Programs > Enterprise Vault > Exchange Front-end Extensions Configuration > (OWA & RPC). A Command Prompt window opens and lists what the configuration wizard has done. The program configures the following for each Exchange virtual server it finds on the computer:

An EnterpriseVaultProxy virtual directory for each Web server on the computer.

246

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users

Adds the names of back-end Exchange Servers to the proxy bypass list.

When the configuration wizard has finished, you will see the following line in the command prompt window:
Press ENTER to end

Details of the configuration process are sent to the log file:


Enterprise Vault\OWA\FrontEnd2003Setup.wsf.log

Check the log file for any configuration errors.

From a browser, enter the URL for the front-end OWA server. Open an OWA client and check that you can view archived items. In OWA 2003 clients, you should also see the Enterprise Vault buttons. Archive Explorer and Search options should be displayed in the navigation pane. Repeat the above steps to configure the OWA Extensions on each front-end Exchange Server 2003. This completes the basic configuration of your Enterprise Vault OWA environment. If required, the functionality available to OWA 2003 users can be customized by administrators using the Enterprise Vault Administration Console; select OWA 2003 settings on the Advanced tab of the appropriate Exchange Server mailbox policy. If your OWA environment includes a Microsoft ISA Server, you will also need to configure this to enable Enterprise Vault OWA users to access the archived items.

See Configuring access using OWA basic authentication on page 299. See Configuring access using OWA forms-based authentication on page 302.

Configuring Enterprise Vault access for OWA 2000 users


This section describes how to configure Enterprise Vault servers and Exchange Server 2000 computers to enable Enterprise Vault access for OWA 2000 users. The required steps can be summarized as follows:

If your Exchange Servers are clustered, there is additional information that you need to read before proceeding. See Supported cluster configurations on page 276.

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users

247

See OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters on page 279. See OWA: Enterprise Vault Extensions in an active/active Microsoft cluster on page 282. See Configuring Enterprise Vault OWA and RPC Extensions on VCS on page 287.

On Enterprise Vault servers, configure the anonymous user account to handle connections from back-end Exchange Servers. On each back-end Exchange Server 2000, install the Enterprise Vault OWA Extensions. On back-end Exchange Server 2000 computers, run the Enterprise Vault configuration wizard for the Enterprise Vault OWA Extensions. Use an OWA client browser session on each back-end Exchange Server to check the Enterprise Vault OWA configuration. On each front-end Exchange Server 2000, install the Enterprise Vault OWA Extensions. (On front-end OWA 2000 servers, you do not run the OWA Extensions configuration wizard.) Use an OWA client browser session on each front-end Exchange Server to check the complete Enterprise Vault OWA configuration. If clients connect through an ISA Server, you will need to configure this for Enterprise Vault access. See Using ISA Server with Enterprise Vault on page 297.

OWA 2000: Configuring Enterprise Vault for anonymous connections


On Enterprise Vault servers that support connections from OWA 2003 or OWA 2000 servers, follow the instructions in this section to configure a special user account for handling anonymous connections from OWA servers. To configure OWA access on the Enterprise Vault server, you need to perform the following steps:

Create the ExchangeServers.txt file on the Enterprise Vault server. This holds a list of the IP addresses for all the back-end OWA servers that will connect to the Enterprise Vault server. Create or select domain account to be used for anonymous connections. Run the script, owauser.wsf, to configure the anonymous user. Restart the Enterprise Vault Admin service and synchronize mailboxes.

248

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users

To create the ExchangeServers.txt file

1 2

Open Notepad. Type the IP address of each back-end OWA server (that is, the Exchange Virtual Server IP address), one entry per line. If the OWA servers are clustered, enter the Virtual Server IP addresses first and then add the cluster IP address and the IP addresses of each node.

3 4

Save the file as ExchangeServers.txt in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). Close Notepad.

To configure the anonymous user account for OWA

Create a domain user account to use as the anonymous user account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. If you are upgrading your OWA Extensions and the existing anonymous user account is a domain account, then use this account. If your existing anonymous user account is a local machine account, then you will need to create a new domain account for the anonymous user.

2 3 4

Log on to the Enterprise Vault server as the Vault Service account. Open a command prompt window and navigate to the Enterprise Vault installation folder. Enter the following command line:
cscript owauser.wsf /domain:domain /user:username /password:password /exch2000

The file owauser.wsf is installed in the Enterprise Vault installation folder. For domain, give the domain of the anonymous user account. For username, give the username of the anonymous user account. For password, give the password of the anonymous user account. To display help for the cscript command, type
cscript owauser.wsf /?

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users

249

The progress of the script execution is displayed in the command prompt window. See What owauser.wsf configures on page 249. When the configuration script finishes, you are prompted to synchronize mailboxes and restart the Enterprise Vault Admin service. See Restarting the Admin service and synchronizing mailboxes on page 250.

Now you can install the OWA Extensions on each back-end Exchange Server computers. See Installing OWA Extensions on a back-end Exchange Server 2000 on page 250.

What owauser.wsf configures


The owauser.wsf script sets up the following on the Enterprise Vault server:

Assigns the following user rights to the anonymous user:


Access this computer from the network (SeNetworkLogonRight) Allow logon locally (SeInteractiveLogonRight) Log on as a batch job (SeBatchLogonRight) Bypass traverse checking (SeChangeNotifyPrivilege)

Updates the IIS settings for the OWARDR.asp file in the EnterpriseVault virtual directory, so that requests for OWARDR.asp are run under the context of the OWA anonymous user. Access to OWARDR.asp is only granted to the back-end OWA servers. You can check this by displaying the properties of the OWARDR.asp file, selecting the File Security tab and clicking Edit in the "IP address and domain name restrictions" section. Creates (or updates) the following registry value:
HKEY_CURRENT_USER \Software \KVS \Enterprise Vault \AnonymousUser

The value of this setting is the full name, including the domain, of the anonymous user. For example, mydomain\EVOWAUSER.

250

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users

Restarting the Admin service and synchronizing mailboxes


To complete the configuration, you need to restart the Enterprise Vault Admin service and synchronize mailboxes, as described in this section. To restart the Admin service

1 2

Open Control Panel, select Administrative Tools and then select Services. Right-click Enterprise Vault Admin Service and select Restart. Enterprise Vault services and tasks will restart.

Close the Services console.

To synchronize mailboxes

1 2

Click Start > Programs > Enterprise Vault Administration Console. Expand the Enterprise Vault Directory container and then your site. Expand Computers and select the required Enterprise Vault server. Expand this container. Expand Tasks. In the right hand pane, double-click the Mailbox Archiving task for the Exchange Server, to display the properties window for the task. Select the Synchronization tab. Make sure All mailboxes and Mailbox properties and permissions are selected. Click Synchronize. Click OK to close the properties window. Close the Enterprise Vault Administration Console.

3 4 5 6 7

Installing OWA Extensions on a back-end Exchange Server 2000


Follow the instructions in this section to install the Enterprise Vault OWA Extensions from the Enterprise Vault CD-ROM. To install Enterprise Vault OWA Extensions

1 2 3 4 5 6

On your Exchange Server, load the Enterprise Vault CD-ROM. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. Follow the installation instructions and select the correct OWA Extensions component for this Exchange Server. On each back-end OWA 2000 server, you now need to configure the extensions.

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users

251

Configuring a back-end Exchange Server 2000


After you have installed the OWA Extensions on back-end Exchange Server 2000 computers, configure the OWA Extensions, as described in this section. Enterprise Vault requires direct access to the Exchange back-end server, and must not go via a proxy. The configuration wizard creates WinHTTP proxy bypass entries for each Exchange Server that will connect to the Enterprise Vault server. To enable the configuration wizard to add the required entries to the proxy bypass list, create the EVServers.txt file as described in this section. You must create and populate the EVServers.txt file, even if you do not use a proxy server. The steps to configure a back-end Exchange Server are as follows:

Create at least one public folder before you run the configuration wizard. As Microsoft Exchange installation automatically creates a public folder store, Enterprise Vault will attempt to register forms against public folders. Create the EVServers.txt file and add entries for the proxy bypass list. Run the OWA Extensions configuration wizard from the Start menu.

To create the EVServers.txt file

1 2

Open Notepad. Type in, one entry per line, the Vault Site alias in both fully-qualified and LanMan forms. For example:
ourvaultsitealias.domain.com ourvaultsitealias

Also type in any aliases for each Enterprise Vault server computer in the Vault Site. Enter these one per line, in fully-qualified and LanMan forms. For example:
vault1alias.domain.com vault1alias

Save the file as a Unicode file with the name EVServers.txt in the OWA folder in your Enterprise Vault installation folder (typically, C:\Program Files\Enterprise Vault\OWA). Close Notepad.

252

Configuring OWA access to Enterprise Vault Configuring Enterprise Vault access for OWA 2000 users

To run the OWA Extensions configuration wizard on a back-end Exchange Server

1 2 3 4

Log on to the Exchange Server computer using an account that has Exchange Full Administrator permission. Ensure the Exchange Server is running and that the Web site associated with the Exchange Server has an ExAdmin virtual directory created. To start the configuration wizard, click Start > Programs > Enterprise Vault > Exchange OWA Extensions Configuration. A command prompt window opens and lists what the configuration wizard has done. The program configures the following for each Exchange virtual server it finds on the computer:

An EVOWA virtual directory for each Web server on the computer. A virtual directory called EnterpriseVaultname for each Exchange mailbox and public folder virtual directory. name is the name of the associated Exchange virtual directory. For example, if Exchange virtual directories are called Exchange and Public, virtual directories called EnterpriseVaultExchange and EnterpriseVaultPublic will be created. Execution of scripts is enabled in the settings of the Exchange mailbox and public folder virtual directories. Enterprise Vault forms are registered. Entries in the proxy bypass list from the EVServers.txt file.

When the configuration wizard has finished, you will see the following line in the command prompt window:
Press ENTER to end

Details of the configuration process are sent to the log file:


Enterprise Vault\OWA\BackEnd2000Setup.wsf.log

Check the log file for any configuration errors.

Now check the configuration on each back-end OWA server. From a browser, enter the URL for the back-end OWA server. Open an OWA client and check that you can view archived items.

Configuring OWA access to Enterprise Vault Configuring a demonstration system

253

8 9

Repeat the above steps to configure the OWA Extensions on each back-end Exchange Server. You can now install the OWA Extensions on each front-end Exchange Server 2000 computer.

Installing OWA Extensions on a front-end Exchange Server 2000


Follow the instructions in this section to install the Enterprise Vault OWA Extensions from the Enterprise Vault CD-ROM. To install Enterprise Vault OWA Extensions

1 2 3 4 5

On your Exchange Server, load the Enterprise Vault CD-ROM. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. Follow the installation instructions and select the correct OWA Extensions component for this Exchange Server. You do not need to configure front-end OWA 2000 Extensions.

6 7

From a browser, enter the URL for the front-end OWA server. Open an OWA client and check that you can view archived items. Repeat the above steps to configure the OWA Extensions for each front-end Exchange Server 2000. This completes the basic configuration of your Enterprise Vault OWA environment. If your OWA environment includes a Microsoft ISA Server server, then you will also need to configure this to enable Enterprise Vault OWA users to access the archived items. The following sections describe how to configure the ISA Server for Basic or Forms-Based authentication:

See Configuring access using OWA basic authentication on page 299. See Using ISA Server with Enterprise Vault on page 297.

Configuring a demonstration system


If you are setting up an Enterprise Vault environment to demonstrate or pilot Enterprise Vault OWA 2003 Extensions, the Enterprise Vault server and Exchange Server are typically installed on one computer, as shown in Figure 25-7.

254

Configuring OWA access to Enterprise Vault Troubleshooting

Figure 25-7

Typical demonstration configuration

In this example, you would install and configure the Enterprise Vault OWA Extensions for a back-end Exchange Server. To set up an OWA 2003 demonstration systems

Configure the back-end server. See Installing OWA Extensions on a back-end Exchange Server 2003 on page 242. See Configuring a back-end Exchange Server 2003 on page 242.

From a browser, first try connecting to the back-end Exchange Server and check that you can view archived items. In this configuration, the Anonymous account is not required on the Enterprise Vault server.

Troubleshooting
This section offers advice on troubleshooting Enterprise Vault OWA Extensions.

Troubleshooting OWA 2007 Extensions


On the Enterprise Vault server, details of the anonymous user configuration performed by owauser.wsf are written to a log file in the following location:
Enterprise Vault\OWA 2007\Logs

Check the log file for any errors. You can initiate logging for all OWA 2007 sessions, or sessions for specific mailboxes, by adding settings to the following configuration file on the Exchange 2007 CAS server:

Configuring OWA access to Enterprise Vault Troubleshooting

255

Exchange installation folder\ClientAccess\Owa\Web.Config

Table 25-3 lists the settings that you can add to this file. These should be added to the AppSettings section of the file using the following format:
<add key="setting" value="value"/>

Note that entries in this file are case sensitive. For example:
<add key="EnterpriseVault_LogEnabled" value="true"/> <add key="EnterpriseVault_LogMailboxes" value="J.Doe@example.com;P.Coe@example.com"/>

Table 25-3 Setting

Web.Config settings Default Value Notes


The name of the versioned folder containing the Enterprise Vault OWA 2007 resources, such as script files and images. The folder where log files will be saved. Authenticated users need full control access to this folder. Note the trailing backslash. To enable logging, give this setting the value true. Any other value disables logging.

EnterpriseVault_ResourceVersion Set by installer.

EnterpriseVault_LogFolder

C:\Program Files\ EnterpriseVault\ OWA 2007\Logs\

EnterpriseVault_LogEnabled

false

256

Configuring OWA access to Enterprise Vault Troubleshooting

Table 25-3 Setting

Web.Config settings (continued) Default Value


not set

Notes
Use this setting to restrict logging to specific mailboxes. The value is a semicolon delimited list of the primary SMTP addresses for the mailboxes to log. EnterpriseVault_LogEnabled must be set to true. If logging is enabled and this is not set, then all mailboxes are logged. A log file is created for each OWA session for each mailbox; the file name contains the SMTP address of the mailbox and the date: EVOwaLog_SMTPaddr_date.txt

EnterpriseVault_LogMailboxes

EnterpriseVault_WebDAVRequestProtocol https

The protocol used by Exchange 2007 CAS server when connecting to Exchange 2007 Mailbox servers. See Supporting Mailbox Role on both CAS server and remote servers

EnterpriseVault_WebDAVRequestHost localhost

For authenticating HTTPS requests to Mailbox servers, this identifies the Exchange 2007 CAS server where the certificate has been installed. See Supporting Mailbox Role on both CAS server and remote servers

EnterpriseVault_WebDAVRequestVirtualDirectory exchange

The virtual directory used by WebDav for redirecting requests to Mailbox servers.

Configuring OWA access to Enterprise Vault Troubleshooting

257

Supporting Mailbox Role on both CAS server and remote servers


If you have a environment that includes Exchange 2007 Mailbox Role installed on the Exchange 2007 CAS server computer and also remote Exchange 2007 Mailbox servers, then you need perform additional configuration. The configuration required depends on how you want the Exchange 2007 CAS server to connect to remote Exchange 2007 Mailbox servers. If you want the Exchange 2007 CAS server to connect to remote Exchange 2007 Mailbox servers using HTTPS, then do the following:

Edit the web.config file (Exchange installation folder\ClientAccess\Owa\Web.Config), and delete the value, localhost, in the entry, EnterpriseVault_WebDAVRequestHost. Install a certificate on each of the remote Exchange 2007 Mailbox servers.

If you want the Exchange 2007 CAS server to connect to remote Exchange 2007 Mailbox servers using HTTP, then do the following:

Edit the web.config file (Exchange installation folder\ClientAccess\Owa\Web.Config), and edit the entry, EnterpriseVault_WebDAVRequestHost; delete the value, localhost:
<add key="EnterpriseVault_WebDAVRequestHost" value=""/>

Add the following entry:


<add key="EnterpriseVault_WebDAVRequestProtocol" value="http"/>

You do not need to install certificates on remote Exchange 2007 Mailbox servers.

Troubleshooting OWA 2000 and OWA 2003 Extensions


This section provides information on troubleshooting Enterprise Vault in OWA 2000 and OWA 2003 configurations.

Save file error when installing OWA Extensions


Exchange Server 2003 hotfixes may modify OWA control files. If you have installed an Exchange Server 2003 hotfix that has created an unsupported version of the OWA control files folder, or modified any files in the control files folder, a "Save file error" will be reported when you attempt to install the Enterprise Vault OWA Extensions.

258

Configuring OWA access to Enterprise Vault Troubleshooting

See Which OWA Extensions to install on page 231.

Errors when running the configuration wizard


The following error may be generated when configuring the OWA Extensions.

Registration failed
The following error may be generated when configuring the front-end or back-end OWA 2003 Extensions:
registration failed, error: -2147217895 Object or data matching the name, range, or selection criteria was not found within the scope of this operation.

You need to create at least one public folder before you run the configuration wizard. As Microsoft Exchange installation automatically creates a public folder store, Enterprise Vault will attempt to register forms against public folders. If no public folders exist, the error will be displayed.

ADO connection error


The following error may be generated when configuring the front-end or back-end OWA 2003 Extensions:
ADO connection error: -2147217895 Object or data matching the name, range, or selection criteria was not found within the scope of this operation.

This error occurs when the Simple Mail Transfer Protocol (SMTP) domain name of the Microsoft Exchange 2003 Mailbox Store System mailbox is different than that of the Microsoft Exchange 2003 server domain name. For instructions on how to fix this, see the Enterprise Vault TechNote: http://entsupport.symantec.com/docs/280615

WinHTTP configuration problems


When you view the contents of an Enterprise Vault item, you may receive the following error message:
Failed to get the document from the Storage Service (E_ACCESS_DENIED)

This will occur if WinHTTP has not been configured correctly using Proxycfg. See the following articles for more information:

Configuring OWA access to Enterprise Vault Troubleshooting

259

PRB: "Access Denied" Error Message When Using ServerXMLHTTP to Access an Authenticated Site (http://support.microsoft.com/?kbid=291008) You may need to run the Proxycfg tool for ServerXMLHTTP to work (http://support.microsoft.com/?kbid=289481) PRB: Error Message on MSXML3 Setup - "Error Creating Process msiexec.exe" (http://support.microsoft.com/?kbid=289792) Frequently asked questions about ServerXMLHTTP (http://support.microsoft.com/?kbid=290761)

Enterprise Vault buttons not displayed in OWA 2003 client


If the Enterprise Vault buttons do not appear in OWA 2003 clients on a default installation, check the following:

Clear client browser cache. Enterprise Vault forms are registered on the back-end OWA server. You can use Exchange Explorer in the Exchange Server SDK Development Tools to check form registrations. If the forms are not registered, rerun the Enterprise Vault OWA Extensions configuration wizard.
EVOWA Virtual Directory set to use the Exchange Application Pool.

Any Exchange Server 2003 hotfixes applied are supported by Enterprise Vault. See Which OWA Extensions to install on page 231. Enterprise Vault OWA configuration edits the OWA control files on the Exchange Server. If you have installed an Exchange Server 2003 hotfix, this may have modified OWA control files or changed the version of the control file folder.

Error displayed in shortcut preview pane


If the back-end OWA server computer is running Windows 2000, it requires either Windows 2000 SP3, or SP2 and a Microsoft hotfix, because of a problem with IIS 5.0. The problem is described in Microsoft support article 294833. If this is not installed, the OWA preview pane shows the following error instead of the shortcut content:
Error type: Active Server Pages, ASP 0110 (0x80004005) Unable to Allocate required memory. /EVowa/preview.asp, line 2

260

Configuring OWA access to Enterprise Vault Troubleshooting

OWA 5.5 shortcut behavior changed after upgrade


In Enterprise Vault 5.0 it was possible for you to customize the file DesktopSettings.txt so that an OWA 5.5 user viewed the content of a shortcut when opening it, and then had to click a link to open the archived item. If you have customized your system in this manner, the upgrade to Enterprise Vault 7.0 OWA Extensions will change the behavior back to the default, in which opening the shortcut automatically opens the archived item. To retain your customized behavior, after the upgrade

1 2 3 4 5 6

Double-click the appropriate Exchange Server mailbox policy to display its properties. Click the Advanced tab. Next to List settings from, select OWA 2003. In the list, click OWA 5.5 Open Shortcut and then click Modify. Select Shortcut and click OK. Synchronize the mailboxes, using the Synchronize tab in the properties of the Exchange Server mailbox task.

Chapter

26

Configuring RPC over HTTP access to Enterprise Vault


This chapter includes the following topics:

About configuring RPC over HTTP access Configuring Exchange Server 2007 RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

About configuring RPC over HTTP access


Outlook 2007 and Outlook 2003 users can access their mailboxes using Remote Procedure Call (RPC) over HTTP. With this protocol, MAPI protocol is used to tunnel Outlook RPC requests inside an HTTP session. This allows remote Outlook users to connect to their Exchange Server mailbox, without the requirement for Outlook Web Access (OWA) or a virtual private network (VPN) connection. To support user access to Enterprise Vault archives using RPC over HTTP (Exchange Server 2003) you need to install and configure Enterprise Vault RPC Extensions component on your Exchange Server 2003 computers. The steps for configuring OWA 2003 access are different from the steps for configuring RPC over HTTP access. This chapter describes how to install and configure the Enterprise Vault RPC Extensions only. If you want to enable support for both OWA and RPC over HTTP connections, then follow the instructions for enabling OWA 2003 first. You can then work through this chapter to check that you have satisfied the prerequisites and configuration required for RPC over HTTP connections. On Exchange Server 2007, RPC over HTTP access is called Outlook Anywhere. No Enterprise Vault extensions are required to support user access to Enterprise Vault archives using RPC over HTTP with Exchange Server 2007.

262

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2007 RPC over HTTP access to Enterprise Vault

To enable Outlook 2003 or Outlook 2007 users to access Enterprise Vault archives using RPC over HTTP, Enterprise Vault Outlook Add-Ins (any type) must be installed on each client desktop computer. With RPC over HTTP enabled, users can perform the following actions:

View archived items Archive items manually Restore archived items Delete archived items Search archives using Integrated search. (Browser search link is not available). Use Archive Explorer Use Offline Vault Perform client-side PST migrations

When using RPC over HTTP, the Enterprise Vault Outlook Add-Ins will automatically behave like the Enterprise Vault HTTP-only Outlook Add-Ins; that is, the end user will not have access to the Enterprise Vault Properties page on folders, and will not be able to select a different archive or retention category when archiving items manually. When using RPC over HTTP with Exchange Server 2007, clients will always attempt to connect directly to the Enterprise Vault server. With Exchange Server 2003, Archive Explorer and archive search requests can access the Enterprise Vault server using direct connections or the RPC Proxy server (the default). You can configure direct connections using the advanced Outlook setting in the Exchange Mailbox Policy, RPC over HTTP Connection. If RPC over HTTP users access the Exchange Servers through an ISA Server, you will also need to configure the ISA Server to publish to clients the Enterprise Vault Web Access application URL (for direct connections) and the Exchange 2007 CAS servers or RPC proxy servers (Exchange Server 2003). See Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault on page 305.

Configuring Exchange Server 2007 RPC over HTTP access to Enterprise Vault
RPC over HTTP access for Exchange Server 2007 is called Outlook Anywhere. Configuring access to Enterprise Vault requires the following steps.

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2007 RPC over HTTP access to Enterprise Vault

263

Check that prerequisite tasks for setting up RPC over HTTP on Exchange Servers and client computers are completed. See Prerequisite tasks. On the Enterprise Vault server, enable RPC over HTTP in the Exchange Mailbox Policy. See Configuring Enterprise Vault Exchange Mailbox policies.

Prerequisite tasks
The instructions for configuring RPC over HTTP access to Enterprise Vault assume that you have already completed the following tasks:

On your Exchange 2007 CAS server computers, set up RPC over HTTP (Outlook Anywhere) as described in the Microsoft documentation. See http://technet.microsoft.com/en-us/library/bb123889.aspx. On desktop computers, enable Outlook for RPC over HTTP (Outlook Anywhere) as described in the Microsoft documentation. Seehttp://office.microsoft.com/en-gb/outlook/HP101024441033.aspx. Configure your Enterprise Vault server to archive Exchange Server mailboxes. Installed Enterprise Vault Add-Ins (any type) on the desktop computers.

Configuring Enterprise Vault Exchange Mailbox policies


Settings in Enterprise Vault Exchange Mailbox Policy enable RPC over HTTP connections and also allow you to restrict the availability of Enterprise Vault functionality to RPC over HTTP Outlook users. To modify Exchange Mailbox Policy settings

1 2 3 4 5

In the left pane of the Administration Console, expand the hierarchy until Policies is visible. Expand Policies. Expand Exchange. Click Mailbox. In the right-hand pane, double-click the name of the policy you want to edit. The policys properties are displayed.

6 7 8

Click the Advanced tab. Next to List settings from, select Outlook. Edit the following settings as required.

264

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

Double-click a setting to edit it, or click it once to select it and then click Modify.

RPC over HTTP connection. Set this to Direct to enable Exchange Server 2007 RPC over HTTP connections to Enterprise Vault. This must be set to Direct, even if clients connect through an ISA Server. On the ISA Server, you must publish both the Exchange 2007 CAS server and the Enterprise Vault Web Access application URL to clients. RPC over HTTP restrictions controls the functionality available in the Enterprise Vault Add-Ins when using RPC over HTTP. Select one of the following values for this setting:
None Disable User Extensions Disable Offline Vault only Disable PST Import only All Enterprise Vault client functionality is available. RPC over HTTP working is not enabled in the Enterprise Vault Add-Ins. This is the default value. Offline Vault is disabled.

Client-side PST migration is disabled. Note that currently you cannot client-side PST migration to migrate PST files that reside on mapped network drives when using an RPC client, even if this setting is enabled. Offline Vault and client-side PST migration are disabled.

Disable Offline Vault and PST Import

RPC over HTTP Proxy URL is applicable to Exchange Server 2003 only.

Any settings that you modify are applied to users' mailboxes during the next synchronization run of the Exchange Mailbox Archiving task. If you want to apply the changes before the next synchronization, run Synchronize, which is on the Synchronization tab of the Exchange Mailbox Archiving tasks properties.

Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault
Installing and configuring the Enterprise Vault RPC Extensions for Exchange Server 2003 requires the following steps.

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

265

If the RPC target Exchange Servers are in a clustered environment, ensure that you are familiar with the additional configuration requirements before you install and configure the Enterprise Vault extensions. See About configuring OWA and RPC Extensions in clustered configurations on page 275. Check that prerequisite tasks on IIS and Exchange Servers are completed. Prerequisite tasks Install the appropriate Enterprise Vault RPC Extensions component on each RPC proxy (front-end Exchange Server 2003) and each RPC target server (back-end Exchange Server 2003). See Installing RPC Extensions on Exchange Server 2003 on page 266. On each RPC proxy, configure the extensions by running the configuration wizard from the Start menu: Enterprise Vault > Exchange Front-end Extensions Configuration > (OWA & RPC). See Configuring an RPC proxy server (front-end Exchange Server 2003) on page 267. On each RPC target Exchange Server, create the EVServers.txt file, and then configure the extensions by running the configuration wizard from the Start menu: Enterprise Vault > Exchange Back-end Extensions Configuration > (RPC only). See Configuring an RPC target server (back-end Exchange Server 2003) on page 267. On the Enterprise Vault server, create the ExchangeServers.txt file, and an account to be used for anonymous connections, and then run the script, owauser.wsf, to configure the anonymous user account. See Configuring Enterprise Vault servers for RPC over HTTP on page 269. On the Enterprise Vault server, configure RPC over HTTP settings in the Exchange Mailbox Policy to enable and customize RPC over HTTP functionality in Outlook Add-Ins. See Configuring RPC over HTTP in Enterprise Vault Exchange Mailbox Policy on page 272.

Prerequisite tasks
The instructions for configuring RPC over HTTP access to Enterprise Vault assume that you have already completed the following tasks:

Install the RPC over HTTP Windows component on your RPC proxy Exchange Servers. For detailed instructions, see the Microsoft article, http://support.microsoft.com/default.aspx?scid=kb;en-us;833401.

266

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

On the RPC proxy server, ensure that the RPC over HTTP settings in the properties pages are set as shown below. On the RPC target server, ensure that the RPC over HTTP settings in the properties pages are set as shown below.

Obtain and install a valid certificate on the RPC proxy server. Configure SSL on the RPC proxy server. Ensure that the operating system on client computers supports RPC over HTTP connections. All client computers that run Outlook 2003 must have either Windows Server 2003, Microsoft Windows XP SP2, or Microsoft Windows XP SP1 with the update described in the Microsoft Knowledge Base article, http://support.microsoft.com/?kbid=331320. On desktop computers, create an Outlook profile to use RPC over HTTP. See the Microsoft article, http://office.microsoft.com/en-ca/assistance/ha011402731033.aspx Configure your Enterprise Vault server to archive Exchange Server mailboxes or public folders or both. Install Enterprise Vault Add-Ins (any type) on the desktop computers.

Installing RPC Extensions on Exchange Server 2003


This section describes how to install the Enterprise Vault RPC Extensions, on your RPC over HTTP Exchange Servers. Repeat the installation instructions on each RPC proxy and RPC target Exchange Server. To install the Enterprise Vault RPC Extensions component

1 2 3 4 5

Load the Enterprise Vault CD-ROM into the CD-ROM drive of your Exchange Server. Open the Enterprise Vault folder. Check the ReadMeFirst.htm file in this folder for details of any last minute changes. Open the Server folder. Double-click SETUP.EXE to start the installation. On RPC proxy servers, select the Exchange 2003 Front-end Ext. (OWA & RPC) component. On RPC target servers, select the Exchange 2003 Back-end Ext. (OWA & RPC) component.

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

267

6 7

Follow the installation instructions. Now configure the extensions on each RPC proxy server.

Configuring an RPC proxy server (front-end Exchange Server 2003)


After you have installed the Enterprise Vault extensions on the RPC proxy servers, run the configuration wizard, as described in this section, on each RPC proxy server. To configure Enterprise Vault RPC Extensions on an RPC proxy server

1 2 3

Log on to the RPC proxy Exchange Server computer using an account that has Exchange Full Administrator permissions. Click Start > Programs > Enterprise Vault > Exchange Front-end Extensions Configuration > (OWA & RPC). A command prompt window opens and lists what the configuration wizard has done. The configuration wizard sets up the following for each Exchange virtual server it finds on the computer:

An EnterpriseVaultProxy virtual directory for each Web server on the computer. Adds the names of target RPC target Exchange Servers to the proxy bypass list.

Details of the configuration process are sent to the log file:


Enterprise Vault\OWA\FrontEnd2003Setup.wsf.log

Check this log file for any configuration errors.

Configure the target RPC Exchange Servers.

Configuring an RPC target server (back-end Exchange Server 2003)


After you have installed the Enterprise Vault RPC Extensions on an RPC target Exchange Server, you need to perform the following tasks on each RPC target Exchange Server:

Create an EVServers.txt file. Run the extensions configuration wizard. See Configuring the Enterprise Vault Extensions on the RPC target server on page 268.

268

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

Creating the EVServers.txt file


The EVServers.txt file enables the configuration wizard to set up WinHTTP with the correct proxy bypass list for the Enterprise Vault server. The entries you create in the EVServers.txt file will be appended to the proxy bypass list. To create the EVServers.txt file

1 2

Open Notepad. Type the Enterprise Vault site alias in both fully-qualified and LanMan forms, one entry per line. For example:
ourvaultsitealias.domain.com ourvaultsitealias

Also type in the machine name and any aliases for each Enterprise Vault server computer in the Enterprise Vault site. Enter these one per line, in fully-qualified and LanMan forms. For example:
vault1alias.domain.com vault1alias

Save the file as a Unicode file with the name EVServers.txt in the OWA folder in your Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault\OWA). Close Notepad. Configure the Enterprise Vault Extensions on the RPC target server.

4 5

Configuring the Enterprise Vault Extensions on the RPC target server


This section describes how to configure the RPC target Exchange servers. To configure the Enterprise Vault Extensions on an RPC target server

1 2 3

Log on to the Exchange Server computer using an account that has Exchange Full Administrator permissions. Ensure the Exchange Server is running and that the Web site associated with the Exchange Server has an ExAdmin virtual directory created. To configure RPC over HTTP only (not OWA), click Start > Programs > Enterprise Vault > Exchange Back-end Extensions Configuration > (RPC Only) A command prompt window opens and lists what the configuration wizard has done.

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

269

If you run the RPC only configuration wizard, then the following is configured for each Exchange virtual server found on the computer:

An EnterpriseVaultProxy virtual directory for each Web server on the computer. Proxy bypass list.

(If the OWA and RPC configuration wizard is run, then additional virtual directories are created.)

Details of the configuration process are sent to the log file:


Enterprise Vault\OWA\BackEnd2003Setup.wsf.log

Check the log file for any configuration errors.

Configure the Enterprise Vault server for RPC over HTTP.

Configuring Enterprise Vault servers for RPC over HTTP


Connections between RPC target Exchange servers and Enterprise Vault servers use anonymous authentication. To support these connections, you need to perform the following tasks to configure an anonymous user account on the Enterprise Vault servers:

Create the ExchangeServers.txt file. This file contains the IP addresses of all the RPC target Exchange Servers that will connect to the Enterprise Vault server. ExchangeServers.txt file Create and configure an account to be used for anonymous connections. Configuring an anonymous user account for RPC over HTTP Using the Enterprise Vault Administration Console, enable RPC over HTTP in Enterprise Vault mailbox policies. Configuring RPC over HTTP in Enterprise Vault Exchange Mailbox Policy

ExchangeServers.txt file
First, you need to create the ExchangeServers.txt file on the Enterprise Vault server. This holds a list of the IP addresses for all the RPC target Exchange Servers that will connect to the Enterprise Vault server.

270

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

To create the ExchangeServers.txt file

1 2

Open Notepad. Type the IP address of each RPC target Exchange Server (that is, the Exchange virtual server IP address), one entry per line. If the RPC target Exchange Servers are clustered, enter the Virtual Server IP addresses first and then add the cluster IP address and the IP addresses of each node.

3 4

Save the file as ExchangeServers.txt in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). Close Notepad.

Configuring an anonymous user account for RPC over HTTP


Now you can create and configure a user account for the anonymous connections from servers listed in the ExchangeServers.txt file. To configure an anonymous user account

Create a domain user account to use as the anonymous user account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. The account must not belong to any administrative group. If you have an existing anonymous user account, and it is a domain account, then use this account. If your existing anonymous user account is a local machine account, then you will need to create a new domain account for the anonymous user.

2 3

Log on to the Enterprise Vault server as the Vault Service account. Open a command prompt window and navigate to the Enterprise Vault installation folder.

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

271

Type and enter the command line:


cscript owauser.wsf /domain:domain /user:username /password:password /exch2003

The file owauser.wsf is installed in the Enterprise Vault installation folder. For domain, give the domain of the anonymous user account. For username, give the username of the anonymous user account. For password, give the password of the anonymous user account. To display help for the cscript command, type:
cscript owauser.wsf /?

The progress of the script execution is displayed in the command prompt window. The owauser.wsf script sets up the following on the Enterprise Vault server:

Assigns the following user rights to the anonymous user:


SeNetworkLogonRight SeInteractiveLogonRight SeBatchLogonRight SeChangeNotifyPrivilege Access this computer from the network. Allow log on locally. Log on as a batch job. Bypass traverse checking.

Creates (or updates) the virtual directory, EVAnon, that points to the Enterprise Vault\WebApp folder and gives access permissions to the anonymous user. Access to EVAnon is also granted to the RPC target servers. You can check this by displaying the properties of the EVAnon virtual directory, selecting the Directory Security tab and clicking Edit in the IP address and domain name restrictions section. Creates (or updates) the following two Registry values:
HKEY_CURRENT_USER \Software \KVS \Enterprise Vault \AnonymousUser

272

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

The value of this setting is the full name, including the domain, of the anonymous user. For example, mydomain\EVANONUSER.
HKEY_LOCAL_MACHINE \SOFTWARE \KVS \Enterprise Vault \Install \OwaWebAppAlias

The value of this setting is the name of the virtual directory for anonymous connections, EVAnon.

To complete the configuration, you need to restart the Enterprise Vault Admin service and synchronize the mailboxes of RPC users.

If required, you can now customize RPC over HTTP settings in the Enterprise Vault Exchange Mailbox Policy.

Configuring RPC over HTTP in Enterprise Vault Exchange Mailbox Policy


RPC over HTTP settings in Exchange Mailbox Policy enable RPC over HTTP access to Enterprise Vault and allow you to customize the availability of Enterprise Vault functionality to RPC over HTTP users. To modify RPC over HTTP Exchange Mailbox Policy settings

1 2 3 4 5

In the left pane of the Administration Console, expand the hierarchy until Policies is visible. Expand Policies. Expand Exchange. Click Mailbox. In the right-hand pane, double-click the name of the policy you want to edit. The policys properties are displayed.

6 7 8

Click the Advanced tab. Next to List settings from, select Outlook. Edit the following settings as required. Double-click a setting to edit it, or click it once to select it and then click Modify.

RPC over HTTP restrictions. By default RPC over HTTP access is disabled (Disable User Extensions). Configure the functionality required in Outlook by selecting one of the other values:

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

273

None Disable User Extensions Disable Offline Vault only Disable PST Import only

All Enterprise Vault client functionality is available. RPC over HTTP working is not enabled in the Enterprise Vault Add-Ins. This is the default value. Offline Vault is disabled.

Client-side PST migration is disabled. Note that currently you cannot client-side PST migration to migrate PST files that reside on mapped network drives when using an RPC client, even if this setting is enabled. Offline Vault and client-side PST migration are disabled.

Disable Offline Vault and PST Import

RPC over HTTP connection enables you to configure clients to connect directly to the Enterprise Vault server for Archive Explorer and archive search requests. This can be set even if you have an ISA Server configured; in this situation you must publish the Enterprise VaultWeb Access URL to clients on the ISA Server. RPC over HTTP Proxy URL enables you to specify an alternative URL for the Enterprise Vault Web server that clients can contact when Outlook is configured to use RPC over HTTP. By default, clients connect to the virtual directory, EnterpriseVaultProxy, on the RPC proxy server. If you change the name of this virtual directory, then you can use this setting to specify the alternative URL. For example, if you change the virtual directory name to EVProxy, then you would use the RPC over HTTP Proxy URL setting to specify the URL:
HTTP://Web_server/EVProxy

where Web_server is the name RPC proxy server.

The settings are applied to users' mailboxes during the next synchronization run of the Exchange Mailbox task. If you want to apply the changes before the next synchronization, run Synchronize, which is on the Synchronization tab of the Exchange Mailbox tasks properties. over HTTP.

10 Remember that Outlook 2003 users will require a profile enabled for RPC

274

Configuring RPC over HTTP access to Enterprise Vault Configuring Exchange Server 2003 RPC over HTTP access to Enterprise Vault

Chapter

27

Configuring OWA and RPC Extensions in clustered configurations


This chapter includes the following topics:

About configuring OWA and RPC Extensions in clustered configurations Supported cluster configurations OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters OWA: Enterprise Vault Extensions in an active/active Microsoft cluster RPC over HTTP: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters RPC over HTTP: Configuring Enterprise Vault Extensions in an active/active Microsoft cluster Configuring Enterprise Vault OWA and RPC Extensions on VCS

About configuring OWA and RPC Extensions in clustered configurations


Enterprise Vault OWA Extensions for OWA 2000, and OWA and RPC Extensions for OWA 2003, are supported in configurations where the back-end Exchange Servers are configured in clusters that are managed by Microsoft Cluster Server or VERITAS Cluster Server (VCS). Front-end Exchange Servers typically use load balancing, not clustering.

276

Configuring OWA and RPC Extensions in clustered configurations Supported cluster configurations

This section provides additional information on installing the Enterprise Vault OWA and RPC 2000 and 2003 Extensions on clustered back-end Exchange Servers. We recommend that you read the information given here before installing and configuring the extensions on the individual Exchange Servers. As the Enterprise Vault OWA 2007 Extensions are installed on Exchange 2007 CAS servers, which typically use load balancing, not clustering, the information in this section does not apply to Enterprise Vault OWA 2007 Extensions.

Supported cluster configurations


Exchange Servers in active/passive and N+1 configurations are supported. Active/active configurations are also possible, but not recommended by Microsoft. Figure 27-1 illustrates an example basic active/passive Exchange Server cluster configuration. Figure 27-1 Active/passive configuration

NODEA EVS1 (active)

Shared Disk

NODEB (passive)

There is one Exchange Virtual Server, called EVS1, which can run on either node. As it is currently running on NODEA, this is the active node. If a problem occurs on this node, EVS1 will failover to NODEB, which then becomes the active node. Mailbox and public folder information stores and registered forms are held on the shared disks. The configuration information for the Exchange Virtual Server is held in Active Directory. In a basic active/passive configuration, there is one standby node for each active node. N+1 clusters are similar to active/passive configurations in that there is a standby (passive) node to which applications on an active node can failover. However, in an N+1 configuration, the passive node is standby for multiple active nodes. In Figure 27-2, NODEC is the standby node for NODEA and NODEB.

Configuring OWA and RPC Extensions in clustered configurations Supported cluster configurations

277

Figure 27-2

N+1 configuration

NODEA EVS1 (active)

Shared Disk

NODEC (passive)

NODEB EVS2 (active)

Shared Disk

The Exchange Virtual Server, EVS1, can run on either NODEA or NODEC. The Exchange Virtual Server, EVS2, can run on either NODEB or NODEC. Figure 27-3 illustrates an alternative N+1 configuration, in which any of the nodes can act as standby for either of the Exchange Virtual Servers.

278

Configuring OWA and RPC Extensions in clustered configurations Supported cluster configurations

Figure 27-3

Alternative N+1 configuration


NODEA

Shared Disk for EVS1

Shared Disk for EVS2

NODEB

NODEC

Each of the Exchange Virtual Servers, EVS1 and EVS2, can run on NODEA, NODEB or NODEC. Figure 27-4 illustrates an active/active configuration.

Configuring OWA and RPC Extensions in clustered configurations OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters

279

Figure 27-4

Active/active configuration
NODEA EVS1 (active)

Shared Disk (for EVS2)

Shared Disk (for EVS1)

NODEB EVS2 (active)

Note that Microsoft does not recommend active/active configurations. In these configurations there are no passive standby nodes; if the Exchange Virtual Server, EVS1, fails over, then both Exchange Virtual Servers will be running on NODEB, which could cause performance issues. When configuring Enterprise Vault OWA and RPC Extensions for clustered environments, the extensions must be installed and configured on each node on which the Exchange Virtual Server can run. Additional information on installing the extensions in active/passive and active/active clustered environments is given in the following sections.

OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters


Enterprise Vault OWA Extensions are supported on clustered back-end, OWA 2000 or OWA 2003 Exchange Virtual Servers. In active/passive Exchange Virtual Server cluster configurations, you must install the Enterprise Vault OWA 2000 or OWA 2003 Extensions on both active and passive nodes; you can install them on either an active or passive node first. Detailed instructions on how to install and configure the OWA Extensions are given in the following sections:

280

Configuring OWA and RPC Extensions in clustered configurations OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters

See Configuring Enterprise Vault access for OWA 2003 users on page 237. See Configuring Enterprise Vault access for OWA 2000 users on page 246. Figure 27-5 shows the location of the various virtual directories and configuration data used by the Enterprise Vault OWA 2003 and OWA 2000 Extensions. Figure 27-5 Detail of OWA 2003 and OWA 2000 Extensions configuration
Domain Controller Virtual directories in configuration for EVS1 in Active Directory: Exchange Public EnterpriseVaultExchange EnterpriseVaultPublic Enterprise Vault server Configuration includes: EVAnon virtual directory ExchangeServers.txt (with IP addresses for Node A, Node B, EVS1)

Microsoft Cluster

Exchange Virtual Server (EVS1) Node A (active) Node B (passive)

Shared disks

Information stores and registered forms

On both Node A and Node B: Microsoft Exchange Server binaries Enterprise Vault OWA Extensions Proxy bypass list IIS Virtual directories (configured in IIS): EVOWA EnterpriseVaultProxy (OWA 2003 only)

Configuring OWA and RPC Extensions in clustered configurations OWA: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters

281

Configuring the OWA Extensions on the active node first


If you install and configure the OWA Extensions on the active node first, running the Enterprise Vault OWA configuration wizard do the following:

Register forms for the OWA Extensions against the Exchange Virtual Server mailbox and public information stores. Create in Active Directory the following Exchange Server virtual directories for the back-end Exchange Virtual Server:

EnterpriseVaultExchange EnterpriseVaultPublic

Create the following IIS virtual directories on the active node computer:

EntepriseVaultProxy (on OWA 2003 only) EVOWA

Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.

If you examine the log file, Enterprise Vault\OWA\BackEnd200nSetup.wsf.log, after the configuration wizard has run, you will see the lines detailing the mailbox and public folder forms registration.

Configuring the OWA Extensions on the passive node first


If you install and configure the OWA Extensions on the passive node first, running the Enterprise Vault OWA configuration wizard will do the following:

Create in Active Directory the following Exchange Server virtual directories for the back-end Exchange Virtual Server:

EnterpriseVaultExchange EnterpriseVaultPublic

Create the following IIS virtual directories on the passive node computer:

EntepriseVaultProxy (on OWA 2003 only) EVOWA

Populate the Proxy bypass list on the passive node computer from the file, Enterprise Vault\OWA\EVServers.txt.

282

Configuring OWA and RPC Extensions in clustered configurations OWA: Enterprise Vault Extensions in an active/active Microsoft cluster

Note that forms registration is only performed when you run the Enterprise Vault OWA configuration wizard on the active node. If you examine the log file, Enterprise Vault\OWA\BackEnd200nSetup.wsf.log, after the configuration wizard has run on the passive node, you will not see any forms registration lines.

Configuring the OWA Extensions on the associated active or passive node


When you install and configure the OWA Extensions on the active or passive node associated with the node that you have already configured, warning messages in the log file will indicate that the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories already exist. As these virtual directories were created when you configured the OWA Extensions on the first node, you can ignore these warning messages.

ExchangeServers.txt on the Enterprise Vault server


When you configure an Enterprise Vault server to support OWA access, you create the ExchangeServers.txt file, before you run the owauser.wsf script to configure the Anonymous user account.
ExchangeServers.txt holds the IP addresses of all the back-end Exchange Servers

that will contact the Enterprise Vault server. When configuring this file for clustered Exchange Virtual Server configurations, the file must include all the IP addresses of the Exchange Virtual Servers that will access the Enterprise Vault server, and all the IP addresses of the physical computers (nodes) on which the Exchange Virtual Servers can run.

OWA: Enterprise Vault Extensions in an active/active Microsoft cluster


Although Enterprise Vault OWA 2000 or OWA 2003 Extensions are supported in active/active clustered Exchange Virtual Server configurations, such configurations are not recommended by Microsoft and should be avoided, wherever possible. In an active/active configuration, it does not matter which node you install the Enterprise Vault OWA Extensions on first. Running the Enterprise Vault OWA configuration wizard on the first active node will perform the following tasks:

Register the Enterprise Vault OWA forms against the mailbox and public stores in the Exchange Virtual Server.

Configuring OWA and RPC Extensions in clustered configurations OWA: Enterprise Vault Extensions in an active/active Microsoft cluster

283

Create in Active Directory the following Exchange Server virtual directories for the back-end Exchange Virtual Server:

EnterpriseVaultExchange EnterpriseVaultPublic

Create the following IIS virtual directories on the active node computer:

EntepriseVaultProxy (on OWA 2003 only) EVOWA

Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.

If you examine the log file, Enterprise Vault\OWA\BackEnd200nSetup.wsf.log, after the configuration wizard has run, you will see the lines detailing the mailbox and public folder forms registration. When you then run the Enterprise Vault OWA configuration wizard on the other active node, it performs the following tasks for the Virtual Exchange Server associated with that node:

Registers the Enterprise Vault OWA forms against the mailbox and public stores in the Exchange Virtual Server. Create in Active Directory the following Exchange Server virtual directories for the back-end Exchange Virtual Server:

EnterpriseVaultExchange EnterpriseVaultPublic

Create the following IIS virtual directories on the active node computer:

EntepriseVaultProxy (on OWA 2003 only) EVOWA

Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.

When you install and configure the OWA Extensions on the second active node in the cluster, warning messages in the log file will indicate that the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories already exist. As these virtual directories were created when you configured the OWA Extensions on the first node, you can ignore these warning messages.

284

Configuring OWA and RPC Extensions in clustered configurations RPC over HTTP: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters

RPC over HTTP: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters
Enterprise Vault RPC Extensions are supported on clustered RPC target Exchange Virtual Servers (Exchange Server 2003). In active/passive Exchange Virtual Server cluster configurations, you must install the Exchange 2003 Back-end Extensions (OWA & RPC) on both active and passive nodes; you can install them on either an active or passive node first. See About configuring RPC over HTTP access on page 261. Figure 27-6 shows the location of the various virtual directories and configuration data used by the extensions.

Configuring OWA and RPC Extensions in clustered configurations RPC over HTTP: Configuring Enterprise Vault Extensions in active/passive Microsoft clusters

285

Figure 27-6

RPC extensions configuration


Domain Controller Enterprise Vault server Configuration includes: EVAnon virtual directory ExchangeServers.txt (with IP addresses for Node A, Node B, EVS1)

Virtual directories in configuration for EVS1 in Active Directory: Exchange Public

Microsoft cluster

Node A (active)

RPC target Exchange Virtual Server (EVS1)

Node B (passive)

Shared Disks

Information stores and registered forms On both Node A and Node B: Microsoft Exchange Server binaries Enterprise Vault OWA & RPC Extensions Proxy bypass list IIS Virtual directories (configured in IIS): EVOWA EnterpriseVaultProxy

Configuring RPC on the active node first


If you install and configure the extensions on the active node first, running the Enterprise Vault RPC configuration wizard will do the following:

Create the following IIS virtual directories on the active node computer:

EntepriseVaultProxy EVOWA

286

Configuring OWA and RPC Extensions in clustered configurations RPC over HTTP: Configuring Enterprise Vault Extensions in an active/active Microsoft cluster

Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.

Examine the log file, \OWA\BackEnd2003Setup.wsf.log, for any errors.

Configuring RPC on the passive node first


If you install and configure the RPC Extensions on the passive node first, running the Enterprise Vault RPC configuration wizard will do the following:

Create the following IIS virtual directories on the passive node computer:

EnterpriseVaultProxy EVOWA

Populate the Proxy bypass list on the passive node computer from the file, Enterprise Vault\OWA\EVServers.txt.

Examine the log file, \OWA\FrontEnd2003Setup.wsf.log, for any errors.

ExchangeServers.txt on the Enterprise Vault server


When you configure an Enterprise Vault server to support RPC over HTTP access, you create the ExchangeServers.txt file, before you run the owauser.wsf script to configure the Anonymous user account.
ExchangeServers.txt holds the IP addresses of all the RPC target Exchange

Servers that will contact the Enterprise Vault server. When configuring this file for clustered Exchange Virtual Server configurations, the file must include all the IP addresses of the Exchange Virtual Servers that will access the Enterprise Vault server, and all the IP addresses of the physical computers (nodes) on which the Exchange Virtual Servers can run.

RPC over HTTP: Configuring Enterprise Vault Extensions in an active/active Microsoft cluster
Although Enterprise Vault RPC Extensions are supported in active/active clustered Exchange Virtual Server configurations, such configurations are not recommended by Microsoft and should be avoided, wherever possible. In an active/active configuration, it does not matter which node you install the Enterprise Vault Extensions on first.

Configuring OWA and RPC Extensions in clustered configurations Configuring Enterprise Vault OWA and RPC Extensions on VCS

287

Running the Enterprise Vault RPC configuration wizard on the first active node will perform the following tasks:

Create the following IIS virtual directories on the active node computer:

EnterpriseVaultProxy EVOWA

Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.

Examine the log file, Enterprise Vault\OWA\BackEnd200nSetup.wsf.log, for any errors. When you then run the Enterprise Vault RPC configuration wizard on the other active node, it performs the following tasks for the Virtual Exchange Server associated with that node:

Create the following IIS virtual directories on the active node computer:

EnterpriseVaultProxy EVOWA

Populate the Proxy bypass list on the active node computer from the file, Enterprise Vault\OWA\EVServers.txt.

Configuring Enterprise Vault OWA and RPC Extensions on VCS


Enterprise Vault services can be installed on VCS. It is also possible to install the Enterprise Vault OWA and RPC Extensions on a back-end Exchange Server that has been installed on VCS.

288

Configuring OWA and RPC Extensions in clustered configurations Configuring Enterprise Vault OWA and RPC Extensions on VCS

To install and configure the Enterprise Vault OWA and RPC Extensions

1 2

Install the appropriate Enterprise Vault OWA and RPC Extensions on all nodes that could host the Exchange Virtual Server. Run the appropriate Enterprise Vault configuration wizard for the extensions on each Exchange Virtual Server node, while it is the active node. This means that you must run the configuration wizard on the active node, fail over the Exchange Virtual Server to the passive node, and then run the configuration wizard on that node. Repeat this process for all nodes that could host the Exchange Virtual Server.

On the Enterprise Vault server, the ExchangeServers.txt file must include all the IP addresses of the Exchange Virtual Servers that will access the Enterprise Vault server, and all the IP addresses of the physical computers (nodes) on which the Exchange Virtual Servers can run.

Chapter

28

How to uninstall Enterprise Vault OWA Extensions


This chapter includes the following topics:

Uninstalling OWA 2007 Extensions Uninstalling OWA 2000 and 2003 Extensions

Uninstalling OWA 2007 Extensions


To remove Enterprise Vault OWA 2007 Extensions use Add/Remove Programs in the Control Panel. When removing OWA 2000 and 2003 Extensions there are a number of additional steps required, such as running scripts to remove virtual directories and restoring OWA control files. These steps are not required for OWA 2007 Extensions.

Uninstalling OWA 2000 and 2003 Extensions


This section describes how to remove Enterprise Vault OWA 2000 or OWA 2003 Extensions that have been installed and configured on front-end and back-end Exchange Servers. The instructions in this section are also valid if you are removing the OWA Extensions in a clustered environment. In environments where back-end OWA Servers are clustered, you need to perform the steps on each node on which the Exchange Virtual Servers can run. The following steps summarize the process for OWA 2003:

290

How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions

Run the Enterprise Vault OWA Extensions scripts, using the /remove switch, on front-end and back-end OWA 2003 Servers to remove virtual directories, forms registration and Proxy Bypass list configuration. See OWA 2003: Removing OWA virtual directories, forms registration and Proxy Bypass List on page 290. On front-end and back-end OWA 2003 Servers, restore the original OWA control files. See OWA 2003: Restoring OWA control files on page 292. On front-end and back-end OWA 2003 Servers, complete the removal of the Enterprise Vault OWA Extensions using Add/Remove Programs in the Control Panel, and then manually remove configuration and log files. See OWA 2003: Completing the removal of the OWA Extensions on page 293.

The following steps summarize the process for OWA 2000:

Run the Enterprise Vault OWA Extensions scripts, using the /remove switch, on back-end OWA 2000 Servers to remove virtual directories, forms registration and Proxy Bypass list configuration. See OWA 2000: Removing OWA virtual directories, forms registration and Proxy Bypass List on page 293. On front-end OWA 2000 Servers, the OWA Extensions are installed but not configured, so you run the removal script on back-end OWA 2000 Servers only. On front-end and back-end OWA 2000 Servers, complete the removal of the Enterprise Vault OWA Extensions using Add/Remove Programs in the Control Panel and then manually remove configuration and log files. See OWA 2000: Completing the removal of the OWA Extensions on page 295.

OWA 2003: Removing OWA virtual directories, forms registration and Proxy Bypass List
To remove the virtual directories, form registrations, and Proxy Bypass List that are created by the Enterprise Vault OWA Extensions configuration wizard, you need to run some Enterprise Vault scripts from the command line.

How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions

291

To remove the virtual directories and form registrations on front-end OWA 2003 servers

1 2

Open a Command Prompt window. Enter the following command on a single line:
C:\Program Files\Enterprise Vault\OWA>cscript FrontEnd2003Setup.wsf /remove

This deletes the virtual directory, EnterpriseVaultProxy, and the Proxy Bypass List. To remove the virtual directories, form registrations, and Proxy Bypass List on back-end OWA 2003 servers

1 2

Open a Command Prompt window. Enter on a single line the appropriate command for the server:
C:\Program Files\Enterprise Vault\OWA>cscript Backend2003Setup.wsf /remove

In an active/passive OWA 2003 cluster, run this command on the active node first, and then run it on the passive node. This deletes all the Enterprise Vault OWA virtual directories (EnterpriseVaultProxy, EnterpriseVaultPublic, EnterpriseVaultExchange, EVOWA), forms registrations, and Proxy Bypass List.

OWA 2003: Checking that components have been removed


This section describes how you can check that the various components configured for Enterprise Vault OWA Extensions have been removed. To ensure the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories have been removed from Active Directory

1 2 3

On the domain controller, open Exchange System Manager and select the required Exchange Server. Expand Protocols, HTTP folders. Select the name of the required Exchange Virtual Server. EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories should not be listed in the right-hand pane.

292

How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions

To ensure that the EnterpriseVaultProxy virtual directory has been removed from the front-end OWA 2003 Server

1 2

On the front-end OWA Server, open IIS Manager. Expand the required Web site and check that the EnterpriseVaultProxy virtual directory has been removed.

To ensure that EntepriseVaultProxy and EVOWA virtual directories have been removed from the back-end OWA 2003 Server

1 2

On the back-end OWA Server, open IIS Manager. Check that the EntepriseVaultProxy and EVOWA virtual directories have been removed. In a cluster environment, after running the removal script on the passive node, you may still see the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories in IIS. These will be removed when the Exchange Server synchronizes IIS and Active Directory configuration data.

To check that the Proxy Bypass List has been cleared, do the following on the front-end and back-end OWA 2003 Servers

1 2

Open a Command Prompt window. Enter the command:


Proxycfg

The Enterprise Vault OWA entries should not be displayed. If these were the only entries, then nothing will be displayed.

OWA 2003: Restoring OWA control files


This section describes how to restore the original OWA control files. To restore the OWA control files

On front-end and back-end OWA 2003 Servers only, copy the OWA control files from the folder C:\Program Files\Exchsrvr\exchweb\6.5.nnnn.n\Controls-originals to their original location:
C:\Program Files\Exchsrvr\exchweb\6.5.nnnn.n\Controls

You can then remove manually the Enterprise Vault controls folder:
C:\Program Files\Exchsrvr\exchweb\6.5.nnnn.n \Controls-originals copied by Enterprise Vault

How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions

293

OWA 2003: Completing the removal of the OWA Extensions


When all the Enterprise Vault virtual directories, form registrations and Proxy Bypass List have been removed you can complete the removal of the OWA 2003 Extensions as described in this section. To complete the removal of the OWA Extensions

When all the Enterprise Vault virtual directories, form registrations and Proxy Bypass List have been removed, select and remove the Enterprise Vault OWA Extensions in Add/Remove Programs in the Control Panel on front-end and back-end OWA 2003 Servers. You can then remove manually the following files on front-end servers:
C:\Program Files\Enterprise Vault\OWA\EVfrontend.ini C:\Program Files\Enterprise Vault\OWA\ Frontend2003setup.wsf.log

You can also remove manually the following files on back-end servers:
C:\Program Files\Enterprise Vault\OWA\ EVbackend.ini C:\Program Files\Enterprise Vault\OWA\Backend2003setup.wsf.log C:\Program Files\Enterprise Vault\OWA\EVservers.txt

OWA 2000: Removing OWA virtual directories, forms registration and Proxy Bypass List
To remove the virtual directories, form registrations and Proxy Bypass List that are created by the Enterprise Vault OWA Extensions configuration wizard, you need to run the following Enterprise Vault scripts from the command line. On back-end OWA 2000 Servers, run the following command. In an active/passive OWA 2000 cluster, run this command on the active node first, and then run it on the passive node.

294

How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions

To remove the OWA virtual directories, form registrations and Proxy Bypass List

1 2

Open a Command Prompt window. Enter on a single line the appropriate command for the server:
C:\Program Files\Enterprise Vault\OWA>cscript Backend2000Setup.wsf /remove

This deletes all the Enterprise Vault OWA virtual directories (EnterpriseVaultPublic, EnterpriseVaultExchange, EVOWA), forms registrations and Proxy Bypass List. As the OWA Extensions are installed but not configured on front-end OWA 2000 Servers, you do not need to run a removal script on these servers.

OWA 2000: Checking that components have been removed


This section describes how to check that you have completely removed the Enterprise Vault OWA Extensions. To ensure the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories have been removed from Active Directory

1 2 3

On the domain controller, open Exchange System Manager and select the required Exchange Server. Expand Protocols, HTTP folders. Select the name of the required Exchange Virtual Server. EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories should not be listed in the right-hand pane. In a cluster environment, after running the removal script on the passive node, you may still see the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories in IIS. These will be removed when the Exchange Server synchronizes IIS and Active Directory configuration data.

To ensure that EVOWA virtual directory has been removed from the back-end OWA 2000 Server

1 2

On the back-end OWA Server, open IIS Manager. Check that EVOWA virtual directory has been removed. In a cluster environment, after running the removal script on the passive node, you may still see the EnterpriseVaultPublic and EnterpriseVaultExchange virtual directories in IIS. These will be removed when the Exchange Server synchronizes IIS and Active Directory configuration data.

How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions

295

To check that the Proxy Bypass List has been cleared, do the following on back-end OWA 2000 Servers

1 2 3

Ensure that the proxycfg utility is on the C drive. Open a command prompt window. Enter the command:
C:\Proxycfg

The Enterprise Vault OWA entries should not be displayed. If these were the only entries, then nothing will be displayed.

OWA 2000: Completing the removal of the OWA Extensions


When all the Enterprise Vault virtual directories, form registrations and Proxy Bypass List have been removed you can complete the removal of the OWA 2000 Extensions as described in this section. To complete the removal of the OWA Extensions

When all the Enterprise Vault virtual directories, form registrations and Proxy Bypass List have been removed, select and remove the Enterprise Vault OWA Extensions in Add/Remove Programs in the Control Panel on front-end and back-end OWA 2000 Servers. On front-end servers this will remove the following folder and its contents:
C:\Program Files\Enterprise Vault\OWA

On back-end servers, you can then remove manually the following files:
C:\Program Files\Enterprise Vault\OWA\EVbackend.ini C:\Program Files\Enterprise Vault\OWA\ Backend2000setup.wsf.log C:\Program Files\Enterprise Vault\OWA\EVservers.txt

296

How to uninstall Enterprise Vault OWA Extensions Uninstalling OWA 2000 and 2003 Extensions

Chapter

29

Using Microsoft ISA Server with OWA and RPC Extensions


This chapter includes the following topics:

Using ISA Server with Enterprise Vault Configuring ISA Server 2006 for OWA 2007 access to Enterprise Vault Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault Configuring ISA Server 2006 for Exchange Server 2007 RPC over HTTP access to Enterprise Vault Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault

Using ISA Server with Enterprise Vault


If Microsoft Internet Security and Acceleration (ISA) Server 2004 or 2006 is used in an OWA or RPC over HTTP environment then you need to ensure that it is correctly configured to enable clients to access Enterprise Vault. This chapter provides information on the following tasks:

Configuring ISA Server 2006 to provide OWA 2007 access to Enterprise Vault. Configuring ISA Server 2004 to provide OWA 2003 access to Enterprise Vault. Configuring ISA Server 2006 to provide Exchange Server 2007 RPC over HTTP (Outlook Anywhere) access to Enterprise Vault.

298

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2006 for OWA 2007 access to Enterprise Vault

Configuring ISA Server 2004 to provide Exchange Server 2003 RPC over HTTP access to Enterprise Vault.

Configuring ISA Server 2006 for OWA 2007 access to Enterprise Vault
Microsoft ISA Server 2006 can be used to secure access to OWA 2007 servers by using Web publishing rules to make Exchange 2007 OWA Web site available on the Internet. Figure 29-1 shows how ISA Server 2006 can provide access to Enterprise Vault. In addition to publishing the OWA 2007 Web site, you also need to publish to clients the Enterprise Vault Web Access application. This is because Archive Explorer and archive search client requests attempt to connect to the Enterprise Vault server directly. Figure 29-1 Access to Enterprise Vault using ISA Server 2006

ISA 2006 Firewall

Exchange 2007 CAS Server

Exchange 2007 Mailbox Server

Web Publishing Rules /Exchange /Exchweb /EnterpriseVault

Virtual Directories /Exchange /Exchweb

Enterprise Vault server

See the following articles for detailed instructions on how to configure ISA Server 2006: http://www.microsoft.com/technet/isa/2006/deployment/exchange.mspx#client http://www.isaserver.org/tutorials/Using-2006-ISA-Firewall-RC-Publish-OWA-Sites-Part1.html

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault

299

http://www.isaserver.org/tutorials/Using-2006-ISA-Firewall-RC-Publish-OWA-Sites-Part2.html

Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault
Microsoft ISA Server 2004 can be used to secure access to OWA 2003 servers by using Web publishing rules (reverse proxy), to make front-end servers available on the Internet. Figure 29-2 shows how ISA Server 2004 can provide access to Enterprise Vault. Figure 29-2 Access to Enterprise Vault using ISA Server 2004

ISA 2004 Firewall

Exchange Front-End OWA 2000 or 2003 Server

Exchange Back-End OWA 2000 or 2003 Server

Enterprise Vault server

Web Publishing Rules /Exchange /Public /Exchweb /EnterpriseVaultProxy

Virtual Directories /Exchange /Public /Exchweb /EnterpriseVaultProxy

See Configuring access using OWA basic authentication on page 299. See Configuring access using OWA forms-based authentication on page 302.

Configuring access using OWA basic authentication


Configuring ISA Server 2004 for basic authentication is relatively straightforward. The Mail Server Publishing Rule will reference the standard paths, which are the three virtual directories; Exchange, Public and Exchweb. For Enterprise Vault support, the extra path of EnterpriseVaultProxy needs to be added.

300

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault

Prerequisites
Install and configure the Enterprise Vault OWA 2003 Extensions. See Configuring Enterprise Vault access for OWA 2003 users on page 237. Ensure that a suitable Certification Authority (CA) certificate has been installed on the front-end OWA server, and imported onto the ISA Server 2004.

Configuration steps
Perform the steps described in this section to configure access for OWA basic authentication users. To enable OWA basic access to archived items

1 2 3 4 5

Logon to the ISA Server 2004 computer as a local administrator with permissions to configure the ISA Server. Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click the Firewall Policy node. In the right-hand task pane, click the Tasks tab and then click Publish a Mail Server. On the Welcome to the New Mail Server Publishing Rule Wizard page, enter a name for the rule in the Mail Server Publishing Rule name box. For example, OWA Basic (External to Internal). Click Next. On the Select Access Type page, select Web client access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync. Click Next. On the Select Services page, select Outlook Web Access and click Next. On the Bridging Mode page, select Secure connection to clients and mail server, and click Next. On the Specify the Web Mail Server page, enter the name of the front-end OWA server (as identified to the internal network) in the Web mail server box. Alternatively, you can enter the common name of the CA certificate on the front-end OWA server. This is the Issued to name in the certificate. Click Next.

6 7 8 9

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault

301

10 On the Public Name Details page, enter the name that external users will use
to access the OWA site in the Public name box. This must match what is specified in the external DNS entry. Alternatively, select Accept requests for any domain name in the drop-down box. Click Next.

11 On the Select Web Listener page, click New to create a new Web listener.
(This step assumes that no Web listener exists yet.)

12 On the Welcome to the New Web Listener Wizard page, enter a name for the
listener in the Web listener name box. For example, External443. Click Next.

13 On the IP Addresses page, select the External check box. Click Next. 14 On the Port Specification page, clear the Enable HTTP check box, and then
perform the following steps in the order listed:

Select Enable SSL. Click Select. In the Select Certificate dialog box, click the Web site certificate (front-end OWA server), and click OK. Click Next on the Port Specification page.

15 Click Finish on the Completing the New Web Listener Wizard page. 16 Click Edit on the Select Web Listener page, and then perform the following
steps in the order listed:

Select the Preferences tab. In the Web Listener dialog box, click Authentication. In the Authentication dialog box, clear the Integrated check box. Click OK in the prompt dialog. Select the Basic check box. Click Yes in the dialog box informing you that you should use SSL. Click OK in the Authentication dialog box.

17 Click Apply and then click OK in the Web Listener dialog box. 18 Click Next on the Select Web Listener page. 19 On the User Sets page, accept the default setting, All Users, and click Next. 20 Click Finish on the Completing the New Mail Server Publishing Rule Wizard
page.

21 Right-click the newly created rule in the main Firewall Policy pane of the
Microsoft Internet Security and Acceleration Server 2004 management console, and click Properties.

302

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault

22 In the Properties dialog box, click the Paths tab, and then perform the
following steps in the order listed:.

Click Add. In the Path mapping dialog box, enter the value /EnterpriseVaultProxy/* in the box Specify the folder on the Web site that you want to publish. (If you want to publish the entire Web site, leave this box blank.) Select Same as published folder. Click OK.

23 Click Apply and then click OK in the Properties dialog box. 24 Click Apply to save the changes and update the firewall policy. 25 Click OK in the Apply New Configuration dialog box.

Configuring access using OWA forms-based authentication


This section describes how to configure ISA Server 2004 for forms-based authentication. The Mail Server Publishing Rule will reference the standard paths, which are the three virtual directories: Exchange, Public and Exchweb. For Enterprise Vault support, the extra path of EnterpriseVaultProxy needs to be added.

Prerequisites for OWA forms-based authentication


Install and configure the Enterprise Vault OWA 2003 Extensions. See Configuring Enterprise Vault access for OWA 2003 users on page 237. Ensure that a suitable Certification Authority (CA) certificate has been installed on the front-end OWA server, and imported onto the ISA Server 2004. The Microsoft issue described in the Knowledge Base article, KB316431, prevents OWA users from opening attachments to archived messages, when using forms-based authentication. To fix this issue, ensure that the following requirements are configured, if you are using OWA with forms-based authentication:

Install ISA Server 2004 Service Pack 2. Request the Microsoft hotfix, KB924410, from Microsoft Product Support Services. To apply this hotfix, you need to run a script to add URLs to an exclusion list. Add the following URL using the script:
ViewMessage.asp;

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault

303

Note that this is case sensitive.

Configuration steps
After you have installed and configured on ISA Server 2004 the prerequisite software and settings, perform the steps described in this section to configure access for OWA forms-based authentication users. To enable OWA FBA access to archived items

1 2 3 4 5

Logon to the ISA Server 2004 computer as a local administrator with permissions to configure the ISA Server. Open the Microsoft Internet Security and Acceleration Server 2004 management console and expand the server name. Click the Firewall Policy node. In the right-hand task pane, click the Tasks tab and then click Publish a Mail Server. On the Welcome to the New Mail Server Publishing Rule Wizard page, enter a name for the rule in the Mail Server Publishing Rule name box. For example, OWA FBA (External to Internal). Click Next. On the Select Access Type page, select Web client access: Outlook Web Access (OWA), Outlook Mobile Access, Exchange Server ActiveSync. Click Next. On the Select Services page, select Outlook Web Access and click Next. On the Bridging Mode page, select Secure connection to clients and mail server, and click Next. On the Specify the Web Mail Server page, enter the name of the front-end OWA server (as identified to the internal network) in the Web mail server box. Alternatively, you can enter the common name of the CA certificate on the front-end OWA server. This is the Issued to name in the certificate. Click Next.

6 7 8 9

10 On the Public Name Details page, enter the name that external users will use
to access the OWA site in the Public name box. This must match what is specified in the external DNS entry. Alternatively, select Accept requests for any domain name in the drop-down box. Click Next.

11 On the Select Web Listener page, click New to create a new Web listener.
(This step assumes that no Web listener exists yet.)

304

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for OWA 2003 access to Enterprise Vault

12 On the Welcome to the New Web Listener Wizard page, enter a name for the
listener in the Web listener name box. For example, External443. Click Next.

13 On the IP Addresses page, select the External check box. Click Next. 14 On the Port Specification page, clear the Enable HTTP check box, and then
perform the following steps in the order listed:

Select Enable SSL. Click Select. In the Select Certificate dialog box, click the Web site certificate (front-end OWA server), and click OK. Click Next on the Port Specification page.

15 Click Finish on the Completing the New Web Listener Wizard page. 16 Click Edit on the Select Web Listener page, and then perform the following
steps in the order listed:

Select the Preferences tab. In the Web Listener dialog box, click Authentication. In the Authentication dialog box, clear the Integrated check box. Click OK in the prompt dialog. Select the OWA Forms-Based check box. Click Yes in the dialog box informing you that you should use SSL. Click OK in the Authentication dialog box.

17 Click Apply and then click OK in the Web Listener dialog box. 18 Click Next on the Select Web Listener page. 19 On the User Sets page, accept the default setting, All Users, and click Next. 20 Click Finish on the Completing the New Mail Server Publishing Rule Wizard
page.

21 Right-click the newly created rule in the main Firewall Policy pane of the
Microsoft Internet Security and Acceleration Server 2004 management console, and click Properties.

22 In the Properties dialog box, click the Paths tab, and then perform the
following steps in the order listed:

On the Paths tab, click the Add button. In the Path mapping dialog box, enter the value /EnterpriseVaultProxy/* in the box Specify the folder on the Web site that you want to publish. (If you want to publish the entire Web site, leave this box blank.)

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2006 for Exchange Server 2007 RPC over HTTP access to Enterprise Vault

305

Select Same as published folder. Click OK.

23 Click Apply and then click OK in the Properties dialog box. 24 Click Apply to save the changes and update the firewall policy. 25 Click OK in the Apply New Configuration dialog box.

Configuring ISA Server 2006 for Exchange Server 2007 RPC over HTTP access to Enterprise Vault
Microsoft ISA Server 2006 can be used to secure RPC over HTTP access to Exchange 2007 Servers by using Web publishing rules to make the RPC Web site available on the Internet. To configure the ISA 2006, you need to perform the following tasks:

Configure an RPC firewall policy that publishes the \rpc virtual directory on your Exchange 2007 CAS server through ISA Server 2006. Configure on your ISA Server 2006 an Enterprise Vault firewall policy that publishes the \EnterpriseVault virtual directory on your Enterprise Vault server.

The following Microsoft article provides detailed instructions on how to configure ISA Server 2006 for Exchange Server 2007 RPC over HTTP connections: http://support.microsoft.com/kb/884506

Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault
Microsoft ISA Server 2004 can be used to secure access to RPC Exchange Servers by using Web publishing rules (reverse proxy), to make RPC proxy servers available on the Internet. To configure the ISA 2004, you need to perform the following tasks:

Configure an RPC firewall policy that publishes the \rpc virtual directory on your RPC proxy server through ISA Server 2004. See Configuring an RPC firewall policy on page 306. Configure an Enterprise Vault firewall policy that publishes the \EnterpriseVaultProxy virtual directory on your RPC proxy server through ISA Server 2004.

306

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault

See Configuring an Enterprise Vault firewall policy on page 306.

Configuring an RPC firewall policy


On the ISA Server 2004, set up an RPC firewall policy to publish the \rpc virtual directory on the RPC proxy server. See the Microsoft article, Using ISA Server 2004 with Exchange Server 2003 (http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/exchage2003.mspx). In the walk-through procedures described in the article, follow the instructions in Procedure 8, Configure RPC over HTTP for Outlook 2003. When you have completed the instructions given in the article, do the following to check that the correct port is specified in the RPC firewall policy for redirected requests. Check that the correct port is specified in the RPC firewall policy

1 2 3 4 5

On the Firewall Policy page in the ISA Server Management console, right-click the RPC over HTTP rule that you have created and select Properties. Click the Bridging tab. Ensure that Redirect requests to SSL port : 443 is selected. Click Apply and the OK. Click Apply, to save the changes and update the firewall policy. Click OK in the Apply new configuration dialog.

Now configure a firewall policy for Enterprise Vault.

Configuring an Enterprise Vault firewall policy


On the ISA Server 2004, create a Web publishing rule that forwards requests from the \EnterpriseVaultProxy virtual directory to the internal network. To create an EnterpriseVaultProxy Web Publishing Rule

1 2 3

In the ISA Server Management console, expand the server name and click the Firewall Policy node. In the task pane, click the Tasks tab and then click Publish a Web Server. On the Welcome to the New Web Publishing Rule Wizard page, enter a name for the rule in the Web Publishing Rule name text box. For example, EnterpriseVaultProxy. Click Next. On the Select Rule Type page, select Allow as the action to take when rule conditions are met. Click Next.

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault

307

5 6 7 8

On the Define Website to Publish page, enter the computer name or IP address of the RPC proxy Exchange Server. Select Forward the original host header instead of the actual one. Enter /EnterpriseVaultProxy/* in the Path box. Click Next. On the Public Name Details page, enter the name that external users will use to access the RPC Web site in the Public name box. This must match what is specified in the external DNS entry. Alternatively, select Any domain name in the Accept requests for box and click Next. On the Select Web Listener page, in the Web listener box, select the listener that you created earlier, when you configured the RPC firewall policy. Click Next.

10 On the User Sets page, accept the default value, All Users, and click Next. 11 On the Completing the New Mail Server Publishing Rule Wizard page, click
Finish.

12 Click Apply to save the changes and update the firewall policy. 13 In the Apply New Configuration dialog box, click OK.

308

Using Microsoft ISA Server with OWA and RPC Extensions Configuring ISA Server 2004 for Exchange Server 2003 RPC over HTTP access to Enterprise Vault

Section

Setting up Domino Server archiving

Setting up Domino mailbox archiving Setting up Vault Cache Setting up Domino Journaling archiving

310

Chapter

30

Setting up Domino mailbox archiving


This chapter includes the following topics:

About Domino mailbox archiving Preparation for Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault Installing Enterprise Vault extensions for Lotus Notes and DWA clients Editing automatic messages Enabling mailboxes for archiving

About Domino mailbox archiving


The Enterprise Vault Domino Gateway provides the interface between Lotus Notes and Enterprise Vault. Although archiving does not use the Enterprise Vault Domino Gateway, actions on archived data, such as opening, restoring, deleting and searching, are handled by the Enterprise Vault Domino Gateway. Figure 30-1 illustrates the process when archiving an item from a Domino mail file.

312

Setting up Domino mailbox archiving About Domino mailbox archiving

Figure 30-1

Archiving an item

Domino mail server Enterprise Vault extensions for Lotus Domino

Lotus Notes users

mail files Enterprise Vault Enterprise Vault Domino Gateway Domino Server Lotus Notes

Store Enterprise Vault Server Enterprise Vault Admin and Directory Services

Domino Mailbox and Desktop Policies

Domino Mailbox Archiving task

Vault store Partition Domino mail file archives

Other Enterprise Vault Services and Tasks

Figure 30-2 illustrates the process when viewing or restoring an archived item.

Setting up Domino mailbox archiving About Domino mailbox archiving

313

Figure 30-2

Retrieving or restoring an archived item

Domino mail server Enterprise Vault extensions for Lotus Domino

Lotus Notes users Retrieve

mail files Enterprise Vault Enterprise Vault Domino Gateway Domino Server Lotus Notes Restore

Enterprise Vault Server Enterprise Vault Admin and Directory Services

Domino Mailbox and Desktop Policies

Enterprise Vault Storage Service Vault Store

Other Enterprise Vault Services and Tasks

Partition

Domino mail file archives

Enterprise Vault Extension Manager, which is installed by Enterprise Vault on the Enterprise Vault Domino Gateway provides the main functionality of the Enterprise Vault Domino Gateway. This is a server side extension that processes

314

Setting up Domino mailbox archiving Preparation for Domino mailbox archiving

requests from Lotus Notes and DWA clients before passing them on to Enterprise Vault. In order for the extension manager to have unrestricted access to Enterprise Vault data, the Domino server must run under the Vault Service account.

Preparation for Domino mailbox archiving


Before proceeding, ensure that you have done the following:

Checked that software prerequisites are satisfied. See Prerequisite software for Enterprise Vault Domino Gateway on page 72. Installed and configured Domino server on the Enterprise Vault Domino Gateway computer. See Pre-installation tasks for Domino mailbox archiving on page 73. Installed Enterprise Vault and run the configuration wizard. See Installing Enterprise Vault on page 111.

Check Enterprise Vault configuration of Domino server


Now you can check the changes made to the Domino server configuration on the Enterprise Vault Domino Gateway. Enterprise Vault installs the following binary files in the Domino program directory:

EVRT.dll nEVDominoEM.dll nEVDominoHousekeeping.exe

Enterprise Vault installs the following mail template and database files in the Domino data directory:

EVAttach.ntf EVinstall.nsf help\*help.nsf EV\EVDomino.nsf

The Enterprise Vault configuration wizard edits the notes.ini file in the Domino program directory. This file should then contain the following entries:
ExtMgr_Addins=EvDominoEM.dll ServerTasks= ... ,EVDominoHouseKeeping

Setting up Domino mailbox archiving Preparation for Domino mailbox archiving

315

Now start the Domino server on the Enterprise Vault Domino Gateway. If the Enterprise Vault Directory Service is running, the following lines are displayed in the console during start-up:
Symantec Enterprise Vault Extension Manager: SERVER ... EV Housekeeping: Initialization complete. Symantec Enterprise Vault Extension Manager: HTTP

Configure Enterprise Vault for Web connections


When Lotus Notes users start an archive search, a Web connection is made to the Enterprise Vault Domino Gateway. You need to perform the configuration tasks described in this section to support these connections. A new IIS virtual directory called EnterpriseVaultDomino is used to authenticate user access to Enterprise Vault archives when users perform an archive search. The virtual directory points to the Enterprise Vault\WebApp folder and has anonymous access enabled. For security, a Web account is required for this virtual directory. It is advisable to create an account specifically for the purpose of Web access. Do not change the name of the virtual directory, EnterpriseVaultDomino. If you have already configured an account for Exchange Server OWA access, then you must use the same account for Domino mailbox archiving. Create a Windows domain user account to use as the Domino Web Application account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. The account must not belong to any administrative group. To configure the Domino Web Application account

1 2 3 4 5 6

Log on to the Enterprise Vault Domino Gateway computer using the Vault Service account. Start the Enterprise Vault Administration Console. Expand the tree and right-click the Directory container. Select Properties. In the Properties window, select the Domino Web Application Account tab. In the Account box, select the Domino Web Application account.

316

Setting up Domino mailbox archiving Preparation for Domino mailbox archiving

7 8

Enter and confirm the password for the account. Click OK. The EnterpriseVaultDomino virtual directory is created and Anonymous access is granted automatically to the account specified.

To check the anonymous user configuration

On a computer that is not a domain controller, open Local Security Policy in Administrative Tools. On a domain controller, open Domain Controller Security Policy. Click Local Policies > User Rights Assignment. The following permissions should be set: Access this computer from the network (SeNetworkLogonRight). Bypass traverse checking (SeChangeNotifyPrivilege). Log on as a batch job (SeBatchLogonRight). Allow log on locally (SeInteractiveLogonRight).

2 3

The following registry value is also created containing the anonymous account; this ensures that only this user can obtain a list of archives accessible by a Domino User:
HKEY_CURRENT_USER\Software\KVS\Enterprise Vault\AnonymousUser

HKEY_CURRENT_USER is the Vault Service account. The value of this setting is the full name, including the Windows domain, of the anonymous user, for example, mydomain\DomAnonUser.

Vault store and partition


A vault store and a vault store partition must exist before you enable mailboxes for archiving. After you enable the target mailboxes for archiving, Enterprise Vault automatically creates an archive for each mailbox in the selected vault store. A default vault store can be set for the Domino server, or for a Provisioning Group. Note: The vault store is managed by the local Enterprise Vault Storage service. See Creating a default vault store and partition on page 143.

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

317

Configuring Domino targets, tasks and policies in Enterprise Vault


You can now configure Domino mailbox archiving in the Enterprise Vault Directory using the Administration Console. The following list summarizes the tasks which are described in more detail in the following sections:

Check that the list of Domino forms available is correct for the items that you want to archive from mailboxes. Add the target Domino domain. Add the Domino servers hosting the mailboxes to be archived. Optionally, Domino Provisioning and Mailbox tasks can be added when you add the first target Domino server in the Administration Console. Configure Domino mailbox policies, to define how Enterprise Vault archives target Domino server mailboxes. Configure Domino desktop policies, to control the Enterprise Vault functionality available in the Lotus Notes client. Check the Enterprise Vault site settings. Create provisioning groups for the target mailboxes.

Check the list of Domino forms


The types of items that can be archived from Domino server mailboxes are defined using Domino forms or form aliases. The list of forms available is displayed in the Directory Properties. You select the forms of items to archive in the Domino mailbox policy. To check the list of available forms

1 2 3 4 5

Start Enterprise Vault Administration Console. Expand the tree and right-click the Directory container. Select Properties. In the Properties window, select the Domino Forms tab. Ensure the list includes all the required forms for the types of documents to be archived. If necessary, use Add to add forms to the list.

Adding Domino Server archiving targets


In the Administration Console you need to add the Domino domain and Domino Servers that you want to archive.

318

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

Adding a Domino domain


You can now configure the target Domino domain in the Enterprise Vault Administration Console. To add a Domino domain

1 2

In the left pane of the Administration Console, expand the Targets container. Right-click Domino and, on the shortcut menu, click New and then Domino Domain. The New Domino Domain wizard starts.

Work through the wizard. You will be asked for the following information:

The name and password for the ID file that will be used to access Domino domain. This will typically be the ID of the Domino archiving user that you created. The fully-distinguished name of any Domino server in the domain that you are adding.

The Domino domain is then added to the Enterprise Vault directory and displayed in the tree. You can now add the Domino mail servers that you want Enterprise Vault to archive.

Adding target Domino mail servers


Next, add the target Domino mail servers in the Enterprise Vault Administration Console. A single Domino mailbox archiving task can archive several target Domino mailbox servers in a domain. To add a target Domino mail server

1 2 3 4

In the left pane of the Administration Console, expand the Targets container. Expand Domino. Expand the Domino domain to which you want to add a server. Right-click the Domino server container and on the shortcut menu, click New and then Domino Server. The New Domino Server wizard starts.

Work through the wizard. This wizard enables you to select the following:

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

319

The Domino Server that you want to archive. In the wizard, the drop-down box under Select the Domino server from which you want to archive lists all the Domino servers in the domain. Cluster options. If the server you are adding is in a Domino cluster, you can choose to add all servers in the cluster to the Enterprise Vault Site. Additionally, you can set the server you are adding to be the preferred server. The archiving task uses the preferred server when archiving from mailboxes, when possible. A mailbox that is on a different server must be replicated to this preferred server in order for the archiving task to be able to archive using this server. If a mailbox is not replicated to this preferred server, the task archives from the server that hosts the mailbox. The Enterprise Vault tasks that you want created. If preferred, you can add these after adding the Domino mail server. There can be only one Domino Mailbox task on an Enterprise Vault server. There must be one (and only one) Domino Provisioning task for each Domino domain. If the tasks are to be created on a different Enterprise Vault server in the site, you will need the name of the Enterprise Vault server. The ID and password to be used to access the Domino mail server, if this is different from the ID used to access the domain. Typically, this will be the ID of the Domino archiving user that you created. See User ID for Domino mailbox archiving on page 76.

Configuring mailbox policies


Domino mailbox policies define how Enterprise Vault archives target Domino server mailboxes. You can create multiple policies if you want different groups of mailboxes to be archived using different policy settings. If you wish, you can create a custom mailbox policy for each provisioning group. A default Domino mailbox policy is created in the Administration Console by the configuration wizard. To view and modify the properties of the default Domino mailbox policy

1 2 3

Expand your Enterprise Vault site. Click Policies > Domino > Mailbox. Right-click Default Domino Mailbox Policy in the right pane and select Properties. You can modify the properties of this policy, as required, and also create new policies.

320

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

To create a new Domino mailbox policy

1 2 3 4

In the Administration Console, expand your Enterprise Vault site and then click Policies > Domino > Mailbox. Right-click the Mailbox container and select New > Policy to launch the new policy wizard. The new policy is displayed in the right pane. To adjust the policy properties, right-click the policy and select Properties.

General tab
Table 30-1 lists the settings on the General tab. These settings provide a name and description for the policy. Table 30-1 Setting
Name Description

Domino mailbox policy General tab settings Description


A name for the policy. An optional description for the policy, which you can change as often as you wish.

Default value
None. None.

Archiving Rules tab


Table 30-2 lists the settings on the Archiving Rules tab. Use these settings to control the archiving strategy. Table 30-2 Setting
Young items

Domino mailbox policy Archiving Rules tab settings Description


The minimum age limit at which items can be archived

Default value
2 weeks

Large items

Whether to archive larger items Not selected. before smaller items and, if so, the minimum size of the items that are given priority.

Archiving strategy Strategy for archiving the Items that have not been modified remaining items. This is based on for 6 months are archived. the period of time since an item was modified.

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

321

Table 30-2 Setting

Domino mailbox policy Archiving Rules tab settings (continued) Description Default value
Not selected.

Archive messages Archive an item only if it has an with attachments attachment, assuming all other only archiving criteria are met. Note that this is not the same as archiving attachments only. Archive encrypted Archive messages that are messages encrypted. Note that Enterprise Vault cannot index encrypted messages. This means that it cannot display the body of an archived encrypted message, and users will not be able to find or view the body text when performing browser searches. However, users can view an encrypted message that is retrieved or restored from its shortcut, as normal.

Not selected.

Archiving Actions tab


Table 30-3 describes the settings on the Archiving Actions tab. Use these settings to configure whether the item in the mailbox is to be deleted and a shortcut created, and also whether to archive unread items. Table 30-3 Setting
Delete original item after archiving

Domino mailbox policy Archiving Actions tab settings Description


Original item is deleted from mailbox after archiving.

Default value
Selected.

Create shortcut to After it has been archived, the archived item after item in the mailbox is replaced archiving with a shortcut. Archive unread items

Selected.

Archive mailbox items even if they Not selected. have not yet been read.

322

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

Shortcut Content tab


Table 30-4 describes the settings on the Shortcut Content tab. Use these settings to configure what is to be included in shortcuts, and what is to be displayed when a shortcut is opened. Note that Enterprise Vault does not create shortcuts for archived calendar or todo items. Instead, these are kept intact, although you can configure the mailbox archiving policy to strip calendar attachments. See See Advanced tab on page 323. Table 30-4 Setting
Include recipient information

Domino mailbox policy Shortcut Content tab settings Description


Whether to store recipient information (To: and Cc: details) in shortcuts. Shortcuts always contain the From and Subject information.

Default value
Shortcuts include recipient information.

Shortcut body

How much of the message body to None. store in shortcuts. Regardless of the setting value, the full message, with attachments, are still stored in the archive. None. None of the message text is stored in the shortcut. Use message body. Shortcuts contain all of the message body text, but no attachments. Customize. Select the amount of text and links that you want included in shortcuts. See Using customized shortcuts on page 323.

When shortcut is opened

Whether double-clicking a Show contents. shortcut displays the contents of the original item or the properties of the shortcut.

The file LotusShortcutText.txt is required if you configure customized shortcuts. You can also use this file to process standard shortcuts for untitled attachments. See Using customized shortcuts on page 323.

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

323

Forms tab
The list shows the types of items that will be archived when the policy is applied. Select or clear Domino forms check boxes, as required. If you need to edit the list of available forms, go to the Domino Forms tab of the Directory properties.

Advanced tab
Table 30-4 briefly describes the settings on the Advanced tab. These settings enable you to change advanced archiving behavior. Information about each advanced setting is given in the Administrators Guide. Table 30-5 Setting
List settings from

Domino mailbox policy Advanced tab settings Description


Controls the category of settings that are shown in the list. There is only one category:

Archiving General. Settings that control archiving behavior. For example, you can configure the archiving task to strip attachments from calendar and todo items before archiving.

Information about each setting is given in the Administrators Guide. Reset All This returns all the settings in the list to their default values. There is a confirmation prompt that asks if you are sure you want to reset all the values. Enables you to change the value for the selected setting. You can also double-click the setting to modify it. A brief description of what each setting controls.

Modify

Description

Targets tab
Later, when you create provisioning groups to add mailboxes as archiving targets, you will assign the required Domino mailbox policy to each group. The associated provisioning groups will then be displayed in the Targets page of the policy.

Using customized shortcuts


You can use custom shortcuts to change the information that is displayed in shortcuts. In a new installation of Enterprise Vault, a default shortcut contains the following:

324

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

From and Subject information. Recipient information: To, CC, BCC. A banner containing a link to the complete archived item. No text from the message body. No list of attachments or links to attachments

You can change the settings so that shortcuts contain just as much information as you require. Note that the changes you make apply to shortcuts that are generated in the future, not to shortcuts that have already been created. Details of custom shortcut content are held in the file, LotusShortcutText.txt, in the Enterprise Vault folder (typically C:\Program Files\Enterprise Vault). On a new installation, an English version of this file is placed in the Enterprise Vault folder. Language versions of the file are available in the language folders under Enterprise Vault\Languages\ShortcutText. To define custom shortcut content

1 2

Locate the required language version of the LotusShortcutText.txt file (under Enterprise Vault\Languages\ShortcutText). Open LotusShortcutText.txt with Windows Notepad. and make any required changes to the file. See Layout of LotusShortcutText.txt on page 325.

3 4 5 6

Save the file as a Unicode file. Copy the file to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault). Copy the file to the Enterprise Vault program folder on all other Enterprise Vault servers in the Enterprise Vault Site. If Domino Mailbox tasks are already created and running, you will need to restart them to pick up the changes.

To apply the new content to new shortcuts

1 2

Start the Administration Console and go to the Shortcut Content tab in the Lotus Domino Mailbox Policy properties. In the box beside Content of shortcut body, select Customize and then specify which options you want. Click Help on the tab for more information.

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

325

Layout of LotusShortcutText.txt
LotusShortcutText.txt is laid out using the standard Windows .ini file format: [Section] Item1="value1" Item2="value2"

You can change any of the values in the file. Remember to enclose each value in quotes. The sections in LotusShortcutText.txt are as follows:
[Archived text] The entries in this section are displayed in the banner at the top of the shortcut. The entry used for the shortcut is the one that matches the archived items Domino form or form alias. Values in this section all have a space before the final quote. This separates the text from the link text. [Link] The entry in this section specifies the text in the banner that is a link to the archived item.

[Attachment table] The Title entry in this section specifies the text immediately before the list of attachments.

Creating a Domino Provisioning task


If you did not request Enterprise Vault to create the Domino Provisioning task in the New Domino Server wizard, you can create this task manually, as described in this section. A separate Provisioning task is required for each domain. To add a Domino Provisioning task

1 2 3 4

In the left pane of the Administration Console, expand the Site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the sever to which you want to add the Domino Provisioning task. Right-click Tasks and, on the shortcut menu, click New and then Domino Provisioning Task. The New Domino Provisioning Task wizard starts.

Work through the wizard.

326

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

Creating a Domino Mailbox task


If you did not request Enterprise Vault to create the Domino Mailbox task in the New Domino Server wizard, you can create this task manually, as described in this section. There can be only one Domino Mailbox task on an Enterprise Vault server. A single task can process several Domino servers in different Domino domains. A single Domino server can be processed by several Domino Mailbox tasks on different Enterprise Vault servers; in this situation, the Domino mailbox archives would be distributed across multiple vault stores. To add a Domino Mailbox task

1 2 3 4

In the left pane of the Administration Console, expand the Site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the sever to which you want to add the Domino Mailbox task. Right-click Tasks and, on the shortcut menu, click New and then Domino Mailbox Task. The New Domino Mailbox Task wizard starts.

Work through the wizard.

Reviewing the default archiving settings for the Site


Check the default settings configured in the Enterprise Vault Site properties. To review the Site settings

1 2 3

In the Administration Console, right-click your Enterprise Vault Site. On the shortcut menu, click Properties. Site properties include the following settings that are applicable to archiving from Domino servers. Note that you can override some of these at a lower level. For example, you can override the Site archiving schedule for a particular task by setting the schedule in the task properties. The indexing level can also be set at policy level and the default retention category can be set at provisioning group or policy level.

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

327

General

The Site name and description.

The URL that specifies the virtual directory that handles web access application requests, for example, when users perform an archive search using integrated or browser search. A system message for users, if required.

A system message for administrators, if required. The default level of indexing. The default retention category. Whether users can delete items from their archive. If you want users to be able to delete items from their archives, you must select the check box Users can delete items from their archives. The setting Enable recovery of user deleted items enables the retention of user-deleted items so that accidentally-deleted items can be recovered. The schedule for running storage expiry to delete from archives any items that are older than the retention period assigned. If required, you can set limits on the size of archives here or in the vault store properties. The schedule for running automatic, background archiving. Performance counters for monitoring Enterprise Vault.

Archive Settings

Storage Expiry

Archive Usage Limit Site Schedule Monitoring

4 5

Click Help on any of the Site properties screens for further information. Now you can create provisioning groups for the mailboxes that are to be archived.

Adding a Provisioning Group


A provisioning group enables you to apply a Domino mailbox policy and a Domino desktop policy to individual users or to a group of Domino mailbox users. You can have a single provisioning group, comprising the whole corporate hierarchy, or multiple provisioning groups, if you want to assign different policies to different groups of users. You can select the mailboxes to be associated with a provisioning group using any of the following:

Directory group Mailbox

328

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

Organizational Unit Corporate Hierarchy

Note: A mailbox must be added to a provisioning group, and mailboxes in the provisioning group must be configured and enabled by the Domino Provisioning task, before you can archive items from the mailboxes. If you have multiple users using the same Domino mail file, or replicas of the same mail file, then Enterprise Vault will associate the first user only with the mail file archive. Using the Enterprise Vault Administration Console, you can subsequently grant other users access to the archive. If there are a large number of mailboxes, and automatic enabling of mailboxes is not configured for the provisioning group, then there could be a delay in the mailboxes being available to Enterprise Vault for enabling. If you do not want to wait, you can force an update. To force an update, run the following commands in the Domino server console:
LOAD LOAD LOAD LOAD LOAD LOAD UPDALL UPDALL UPDALL UPDALL UPDALL UPDALL NAMES.NSF NAMES.NSF NAMES.NSF NAMES.NSF NAMES.NSF NAMES.NSF -T -T -T -T -T -T "($Users)" "($ServerConfig)" "($VIMGroups)" "($VIMPeople)" "($PeopleGroupsCorpHier)" "($Certifiers)"

To add a Provisioning Group

1 2 3

In the left pane of the Administration Console, expand Targets. Expand the Domino domain that you added. Right-click Provisioning Group and, on the shortcut menu, click New and then Provisioning Group. The New Provisioning Group wizard starts.

Work through the wizard to add a provisioning group. You will need the following information:

The domain containing the Domino Servers that you want to archive. The Domino desktop policy to apply. The Domino mailbox policy to apply. The default retention category to apply, when archiving from the mailboxes. The wizard enables you to create a new retention category, if required.

Setting up Domino mailbox archiving Configuring Domino targets, tasks and policies in Enterprise Vault

329

The default vault store in which the mailbox archives are to be created by Enterprise Vault. If mailboxes in the provisioning group are automatically-enabled for archiving, the vault store will be used for any future mailboxes added to the provisioning group. If you do not explicitly set the vault store for the provisioning group, the default vault store setting is inherited from the Domino Server properties. The default Indexing Service that will be used for mailboxes in the provisioning group that are automatically-enabled for archiving. If you do not explicitly set the Indexing Service for the provisioning group, the default Indexing Service setting is inherited from the Domino Server properties. Whether you want the Domino Provisioning task to enable new mailboxes for archiving automatically. A new mailbox is one that is new to Enterprise Vault. When you first start using Enterprise Vault, all the mailboxes are new. With auto-enabling set, all existing mailboxes are enabled when the Domino Provisioning task next runs. All mailboxes created in the future will also be enabled and the associated archives created automatically. If auto-enabling is not selected, you use the Enable Mailbox wizard to enable the mailboxes for archiving. You can use the Disable Mailbox wizard to explicitly disable individual mailboxes. This prevents the mailbox being enabled automatically, so the mailbox is never archived unless you choose to enable it. See Enabling mailboxes for archiving on page 343.

Ordering provisioning groups


If you create multiple provisioning groups, the order in which they are listed is significant; the groups are processed from the top of the list down. Mailboxes that appear in more than one provisioning group use the settings from the first group in which they appear. Ensure that the most specific group is at the top of the list and the least specific is at the bottom. To re-order provisioning groups

1 2

In Administration Console tree, right-click the Provisioning Group container and select Properties. Use Move Up and Move Down buttons to rearrange the groups.

330

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

Installing Enterprise Vault extensions for Lotus Notes and DWA clients
This section describes the Enterprise Vault client functionality available for Lotus Notes and DWA users, and how to install the necessary mail file design templates to provide the functionality that you require.

About Enterprise Vault clients


The Enterprise Vault functionality for Lotus Notes and DWA is provided by design changes to the mail file. These design changes are applied using revised mail templates. For Domino mail file users you can configure the following Enterprise Vault client features:

Enterprise Vault extensions for Lotus Notes. If you want users to have the full Enterprise Vault client functionality available, you need to install the Enterprise Vault extensions for Lotus Notes on all the target Domino mail servers. Enterprise Vault extensions for DWA. If you want users to have the Enterprise Vault client functionality available in their DWA clients, you need to install the Enterprise Vault extensions for DWA on all the target DWA servers.

Enterprise Vault extensions for Lotus Notes


The Enterprise Vault Lotus Notes extensions have the following features:

All folders and views are updated with a new column to indicate archived, and archive pending items with a special icon. If the user double clicks an archived item, the contents are retrieved (provided the associated Enterprise Vault mailbox policy is configured to retrieve the item). If an archived item has attachments, the paper clip icon is shown in all the views and folders.

The following options are added to the Tools action bar menu:

Enterprise Vault Search. This opens the integrated search application. Enterprise Vault Store. This marks the item for archiving but it is only archived at the next scheduled archiving run.

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

331

Enterprise Vault Cancel. This cancels previous store requests and removes the pending icon from the view. Enterprise Vault Restore. This restores the item back to the mail file. (This action is synchronous). Enterprise Vault Delete. This deletes the shortcut and the archived item, if permitted. (Like restore, this action is synchronous). A prompt enables users to delete just the shortcut or both the shortcut and the archived item. Enterprise Vault Help. This opens the Enterprise Vault help database. About Enterprise Vault. This shows version information and technical support information for Enterprise Vault.

Each of these options can be performed on one or multiple items. If a user attempts to reply to or forward a shortcut, the content of the archived item is included, if requested. If a user attempts to use Copy Into a Memo, Calendar Item or To Do item from a shortcut document, the archived content is copied in, not the shortcut.

Enterprise Vault DWA client features


Enterprise Vault DWA client provides similar functionality to the Enterprise Vault extensions for Lotus Notes. Note that, in order for users to be able to open archived signed or encrypted MIME items, there must be an SSL connection to the Enterprise Vault Domino Gateway. If there is no such connection, users receive the following message:
Unable SSL is but is Please to complete the current operation. required for secure mail, not enabled on Domino Server. notify your administrator.

Installing Enterprise Vault client extensions


If users are to have full Enterprise Vault functionality available in their Lotus Notes or DWA clients, then you need to install the Enterprise Vault client extensions on each of the target Domino mail servers and DWA servers. The client extensions are installed using the Lotus Notes application, Symantec Enterprise Vault 2007 - Domino Installer (the filename of the Lotus Notes database is EVinstall.nsf). During the Enterprise Vault installation, this database is installed in the Domino data directory of the Domino server on the Enterprise Vault Domino Gateway.

332

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

For both Enterprise Vault Domino Gateways and mail servers, if language packs are installed, EVInstall.nsf will install the required changes to support them.

Setting up an account to use EVInstall.nsf to set up an Enterprise Vault Domino Gateway


The account that will run EVInstall.nsf on the Enterprise Vault Domino Gateway must have permissions on a number of files, as described in this section. Note that, depending on the Domino version, not all the files will be present, In order to run EVInstall.nsf on the Enterprise Vault Domino Gateway, the account must have the following on the Enterprise Vault Domino Gateway:

The following permissions on the Security tab of the server document:


Sign agents to run on behalf of the invoker of the agent Create master templates. (This is not required if you choose the Full Access Administrator option.)

One of the following:


Be a Full Access Administrator on the Enterprise Vault Domino Gateway. Manager access to the following files:

Mail8.ntf Mail7.ntf DWA7.ntf EVAttach.ntf EV\EVDomino.nsf EVinstall.nsf If you intend to select the option to modify Domino Web Access forms files you also need Manager access to the following files:

Forms8.nsf Forms7.nsf Forms6.nsf

The following ECL permissions:


Ability to read other databases Access to current database Access to external code

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

333

Ability to modify database Access to file system Ability to Export data

EVInstall.nsf will automatically add the LocalDomainAdmins group to the access control lists (ACLs) of the following files, with Manager access:

EVAttach.ntf EV\EVDomino.nsf EVinstall.nsf

Setting up an account to use EVInstall.nsf to set up a mail server


The account that will use EVInstall.nsf to set up a mail server must have permissions on a number of files, as described in this section. Note that, depending on the Domino version, not all the files will be present, In order to use EVInstall.nsf to set up a mail server, the account must have the following permissions on the mail server:

The following permissions set on the Security tab of the server document:

Sign agents to run on behalf of the invoker of the agent Create master templates. (This is not required if you choose the Full Access Administrator option.)

One of the following:


Be a Full Access Administrator on the mail server. Manager access to the following files:

Mail8.ntf Mail7.ntf Mail6.ntf DWA7.ntf iNotes6.ntf If you intend to select the option to modify Domino Web Access forms files you also need Manager access to the following files:

Forms8.nsf Forms7.nsf Forms6.nsf

334

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

The following ECL permissions in order that users do not receive Execution Security Alerts when using the Enterprise Vault client:

Access to current database Access to Environment Variables Ability to Read Other Databases Ability to Modify Other Databases Access to current Database Ability to send mail

Installing the extensions


Now you can install the Lotus Notes and DWA extensions on the Enterprise Vault and a target Domino mail server, as described in this section. To run EVInstall.nsf you must use the correct Notes client version, as follows:

For a Domino 8 mail server or Enterprise Vault Domino Gateway, you must use a Domino 8.0 Notes client. For a Domino 7 mail server or Enterprise Vault Domino Gateway, you can use either of the following clients:

Notes 8.0 Notes 7.0.2 with Lotus Hotfix 702HF691

For a Domino 6.5 mail server you can use either of the following clients:

Notes 8.0 Notes 7.0.2 with Lotus Hotfix 702HF691

To run EVInstall.nsf to configure mail templates

1 2 3 4 5

Sign EVInstall.nsf with the user ID that will be used to run it. Log on to Lotus Notes on the Enterprise Vault Domino Gateway with the user ID that will run the application. Open the Symantec Enterprise Vault 2007 - Domino Installer application (EVInstall.nsf). In the application page, select the Enterprise Vault Domino Gateway and target Domino mail server. Select the option to sign the database templates with the current Notes ID, and if DWA is required, select Domino Web Access Forms Files.

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

335

6 7

If you want to use vault cache, select Install Vault Cache. Click Install Symantec Enterprise Vault 2007 database design templates to start the process. The application should take several minutes to create the new Enterprise Vault templates.

When the update is complete, double-click each log line in the lower pane of the window and check that there were no errors reported.

Changes made by EVInstall.nsf


This section describes the changes made by EVInstall.nsf.

EVInstall.nsf changes on a Domino 8 Enterprise Vault Domino Gateway


Table 30-6 describes changes made by EVInstall.nsf. Table 30-6 EVInstall.nsf changes on a Domino 8 Enterprise Vault Domino Gateway Master Template Comments
This is the mail template for Enterprise Vault Domino Gateway servers running Domino 8. It is a new database template; mail8.ntf still exists and any previous customizations to mail8.ntf are applied to evdg_mail8.ntf. The master template name of the evdg_mail8.ntf is EVDGR8Mail. forms8.nsf This is the DWA forms database that is used by Domino 8 servers. For this database, the Enterprise Vault changes are inserted into the existing database instead of creating a new forms database. Installed by the Enterprise Vault installation. It is used to display archived attachments in a separate window when the user clicks a link in a shortcut. This file must be signed. EVInstall.nsf has an option to perform the signing.

File

evdg_mail8.ntf EVDGR8Mail

evattach.ntf

336

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

Table 30-6

EVInstall.nsf changes on a Domino 8 Enterprise Vault Domino Gateway (continued) Master Template Comments
The Domino Web Server Configuration database (domcfg.nsf) is a database that can contain customized logon forms that will be displayed when using single sign-on. This database is created on the Enterprise Vault Domino Gateway server so that a customized logon form can be displayed for searching Domino mailbox archives. Installed by the Enterprise Vault installation. This file must be signed. EVInstall.nsf has an option to perform the signing.

File

domcfg.nsf

E V \ e v d o m i n o . n s f

EVInstall.nsf changes on a Domino 8 mail server


Table 30-7 describes changes made by EVInstall.nsf. Table 30-7 File EVInstall.nsf changes on a Domino 8 mail server Master Template Comments
This is the mail template for Domino 8 servers. It is a new database template; mail8.ntf still exists and any previous customizations to mail8.ntf are applied to ev_mail8.ntf. The master template name of the ev_mail8.ntf is EVR8Mail. forms8.nsf This is the DWA forms database that is used by Domino 8 servers. For this database, the Enterprise Vault changes are inserted into the existing database instead of creating a new forms database.

ev_mail8.ntf EVR8Mail

EVInstall.nsf changes on a Domino 7.0.x Enterprise Vault Domino Gateway


Table 30-8 describes changes made by EVInstall.nsf.

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

337

Table 30-8

EVInstall.nsf changes on a Domino 7.0.x Enterprise Vault Domino Gateway Master Template Comments
This is the mail template for Enterprise Vault Domino Gateway servers running Domino 7.0.x. It is a new database template; mail7.ntf still exists and any previous customizations to mail7.ntf are applied to evdg_mail7.ntf. The master template name of the evdg_mail7.ntf is EVDGR7Mail.

File

evdg_mail7.ntf EVDGR7Mail

evdg_dwa7.ntf EVDGdwa7

This is the DWA mail template for Enterprise Vault Domino Gateway servers running Domino 7.0.x. It is a new database template; dwa7.ntf still exists and any previous customizations to dwa7.ntf are applied to evdg_dwa7.ntf. The master template name of the evdg_dwa7.ntf is EVDGdwa7, and EVDGdwa7 inherits its design from EVDGR7Mail (evdg_mail7.ntf).

forms7.nsf

This is the DWA forms database that is used by Domino 7.0 servers. For this database, the Enterprise Vault changes are inserted into the existing database instead of creating a new forms database. This database is added by the Enterprise Vault installation and is then signed by EVInstall.nsf. It is used to display archived attachments in a separate window when the user clicks a link in a shortcut. The Domino Web Server Configuration database (domcfg.nsf) is a database that can contain customized logon forms that will be displayed when using single sign-on. This database is created on the Enterprise Vault Domino Gateway server so that a customized logon form can be displayed for searching Domino mailbox archives. Installed by the Enterprise Vault installation. Optionally, this file can be signed by EVInstall.nsf.

evattach.ntf

domcfg.nsf

E V \ e v d o m i n o . n s f

EVInstall.nsf changes on a Domino 7.0.x mail server


Table 30-9 describes changes made by EVInstall.nsf.

338

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

Table 30-9 File

EVInstall.nsf changes on a Domino 7.0.x mail server Master Template Comments


This is the mail template for Domino 7.0.x servers. It is a new database template; mail7.ntf still exists and any previous customizations to mail7.ntf are applied to ev_mail7.ntf. The master template name of the ev_mail7.ntf is EVR7Mail.

ev_mail7.ntf EVR7Mail

ev_dwa7.ntf EVdwa7

This is the DWA mail template for Domino 7.0.x servers. It is a new database template; dwa7.ntf still exists and any previous customizations to dwa7.ntf are applied to ev_dwa7.ntf. The master template name of the ev_dwa7.ntf is EVdwa7, and EVdwa7 inherits its design from EVR7Mail (ev_mail7.ntf).

ev_inotes6.ntf EViNotes6

This is the iNotes mail template for Domino 6.5.x servers. It is a new database template; inotes6.ntf still exists and any previous customizations to inotes6.ntf are applied to ev_inotes6.ntf. The master template name of the ev_inotes6.ntf is EViNotes6.

forms7.nsf

This is the DWA forms database that is used by Domino 7.0 servers. For this database, the Enterprise Vault changes are inserted into the existing database instead of creating a new forms database.

EVInstall.nsf changes on a Domino 6.5.x mail server


Table 30-10 describes changes made by EVInstall.nsf.

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

339

Table 30-10 File

EVInstall.nsf changes on a Domino 6.5.x mail server Master Template Comments


This is the mail template for Domino 6.5.x servers. It is a new database template; mail6.ntf still exists and any previous customizations to mail6.ntf are applied to ev_mail6.ntf. The master template name of ev_mail6.ntf is EVR6Mail.

ev_mail6.ntf EVR6Mail

ev_inotes6.ntf EViNotes6

This is the iNotes mail template for Domino 6.5.x servers. It is a new database template; inotes6.ntf still exists and any previous customizations to inotes6.ntf are applied to ev_inotes6.ntf. The master template name of the ev_inotes6.ntf is EViNotes6, and EViNotes6 inherits its design from EVR6Mail (ev_mail6.ntf).

forms6.nsf

This is the iNotes forms database for Domino servers running 6.5.x. For this database, the Enterprise Vault changes are inserted into the existing database instead of creating a new forms database.

Completing the installation


This section describes how to check the installation and deploy the Lotus Notes and DWA extensions to target Domino mail servers. To complete template installation

On the Enterprise Vault Domino Gateway and the Domino mail server where the database design templates were created, run the Designer task to update the Enterprise Vault design templates with design elements inherited from their corresponding master templates. To do this, type, in the server console, the command that is appropriate to your system, as follows:

On a Domino 8.0.x Enterprise Vault Domino Gateway: no action required. On a Domino 8.0.x mail server: no action required. On a Domino 7.0 Enterprise Vault Domino Gateway:
load design -f EVDG_DWA7.ntf

On a Domino 7.0 mail server:


load design -f EV_DWA7.ntf

On a Domino 6.5.x mail server:

340

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

load design -f EV_iNotes6.ntf

This will update the Enterprise Vault design templates with changes from the inherited design templates.

2 3

If you had previously customized the templates, confirm that the templates still exist and function properly in the Enterprise Vault mail templates. The Symantec Enterprise Vault 2007 - Domino Installer (EVInstall.nsf) creates new database templates that need to deployed to all Domino mail servers.

Updating mail files with the new design


The final task to give users the full Enterprise Vault client functionality is to replace the design of their mail file with the appropriate Enterprise Vault mail template. The template used will depend on which mail template version users are using and whether they are using iNotes/DWA.

On Domino 8.0.x Lotus Notes and DWA users should be using the EV_Mail8.ntf. On Domino 7.x Lotus Notes users should be using the EV_Mail7.ntf, and DWA users should be using EV_DWA7.ntf. On Domino 6.5.x, Lotus Notes users should be using EV_Mail6.ntf, and iNotes users should be using ev_iNotes6.ntf.

There are two methods of replacing the design:

To update a small number of mail files, you can click File, then Database, and then Replace Design in the Administration client. To update a large number of mail files, stop the mail router and then use the Convert Domino server task. Because the Convert server task is resource intensive, you are recommended to run it out of peak hours. For a large mail server it may take some hours to convert all mail files.

To stop the mail router, type the following command in the Domino server console:
tell router quit

The simplest use of Convert is when the same mail file template is applied to all users. In the following example command, EVR7mail is applied to all users:
Load convert mail\*.nsf * ev_mail7.ntf

Take care when using the asterisk for the existingtemplatename argument, because you can inadvertently convert users to the wrong template. To examine the full syntax of the Convert task, type the following at the Domino server console:

Setting up Domino mailbox archiving Installing Enterprise Vault extensions for Lotus Notes and DWA clients

341

load convert -?

Note: To upgrade existing user-created folders in each mail file with the Enterprise Vault Lotus Notes extensions you use the -s and -u parameters of the Convert utility or choose 'Actions' and the 'Upgrade Folder Design' from within the mail file. The following steps facilitate setting up subsequent new users. These changes ensure that the generic Domino archiving user automatically can access the new mail file and that the mail file is using the correct mail template:

In the Access Control List for the Enterprise Vault Mail Template, add the generic Domino archiving user with Editor access, and 'Delete documents' and 'Create shared folders/views' permissions. When typing in the user, enclose the name in square brackets. This ensures that the user is automatically added to the ACL of any mail file that is created from the template. To ensure that administrators use the correct mail template when registering new users, change the default mail template in the administration preferences. To change the default mail template, do the following:

From the Domino Administrator client select File, then Preferences, then Administration Preferences. Click the Registration tab, and then click Mail Options. Change the mail file template to the appropriate Enterprise Vault mail template and click OK twice to save the preferences.

Accessing Enterprise Vault Search features


There is an Enterprise Vault integrated search, and an Enterprise Vault browser search available in the client extensions. The integrated search requires Internet Explorer 6.0 or later. Browser search supports most modern browsers. In both search applications, users can view and restore archived items. Domino single sign-on (SSO) must be configured to enable access to either search application. Searching is performed using the virtual directory, /EnterpriseVaultDomino. This virtual directory is configured to use anonymous authentication and a special anonymous user account. To start integrated search the user selects the option, Enterprise Vault Search, on the Tools menu in Lotus Notes or DWA. This displays the SSO logon box. The user needs to enter their Lotus Notes user name (common name or full hierarchical name) and their Internet password. The Internet password is defined within the users person document, and may or may not be the same as their Lotus Notes

342

Setting up Domino mailbox archiving Editing automatic messages

user ID password. The user must have an Internet password in order to log on to the integrated search. There is a link to the browser search in the integrated search page. Alternatively, users can start the browser search in a browser by entering the following URL:
HTTP://Domino_Gateway_servername/EnterpriseVaultDomino

In Domino mailbox archiving, this search can only be used to search Domino mailbox archives. In the browser search log on page, the user must enter their Lotus Notes user name (common name or full hierarchical name), their Internet password, and the Domino domain to search. With integrated search a user can only search Domino mailbox archives in the same Domino domain. With browser search, users can search Domino mailbox archives in any Domino domain.

Editing automatic messages


Enterprise Vault sends automatic messages to users when their mailbox is enabled for archiving. Optionally, you can configure Enterprise Vault to send an automatic warning when a users archive is reaching the maximum size, if you have set a limit. Example messages are installed, but you need to customize the text for your organization.

Editing the Welcome message


When Enterprise Vault enables a mailbox for archiving, it automatically sends a Welcome message to that mailbox. The Welcome message provides basic information for users on how to get help and what to expect. You must edit this message before it is sent to reflect how you have set up Enterprise Vault. During the installation, the Welcome message is placed in a folder beneath the Enterprise Vault program folder:
Enterprise Vault\Languages\Mailbox Messages\lang

where lang indicates the language used. The Welcome message is in a file called EVMessages.nsf.

Setting up Domino mailbox archiving Enabling mailboxes for archiving

343

To set up the Welcome message

1 2 3 4 5

Decide which language version of EVMessages.nsf you want to use and locate the file. Using a computer that has Lotus Notes installed, double-click the file EVMessages.nsf in Windows Explorer to edit the message. Review the text and make any changes that you require. Save the file. Copy EVMessages.nsf to the Enterprise Vault program folder (normally C:\Program Files\Enterprise Vault) on every Enterprise Vault server in the site.

Enabling mailboxes for archiving


Mailboxes that are new to Enterprise Vault are configured and enabled for archiving by the Domino Provisioning task. If you have selected the option, Automatically enable mailboxes, on the provisioning group properties, then the Domino Provisioning task will configure the mailboxes and then enable them automatically when it runs. If this option is not selected, then new mailboxes will be configured when the Domino Provisioning task runs, but you will then need to enable the mailboxes manually. When a Domino mailbox is enabled, a new archive is created for the mailbox in the vault store specified for the provisioning group. An archive has an associated account that is used for billing purposes, and can have one or more users who can access the information stored in it. As part of the provisioning process, the Domino Provisioning task configures in the mail file the Enterprise Vault Domino Gateway that is to be used by the client. If the Enterprise Vault Domino Gateway and the Enterprise Vault Storage Service that manages the archive are on the same computer, then the Enterprise Vault Domino Gateway assigned will be the one that is local to the user's archive. If the Enterprise Vault Domino Gateway is not on the same computer as the Enterprise Vault Storage Service that manages the archive, then the Domino Provisioning task will select a Enterprise Vault Domino Gateway at random. The Task Controller service and Domino Provisioning task must be started before you can enable mailboxes. The default is for tasks to start automatically when the Task Controller service starts. On a default system, the Domino Provisioning task will run once a day. On the task properties, you can schedule the task to run twice a day at specific times. You can also force a run to process new mailboxes that have been added to provisioning groups.

344

Setting up Domino mailbox archiving Enabling mailboxes for archiving

You can configure the Domino Provisioning task to generate reports when the task is run in both report or normal mode. The reports are created in the folder Enterprise Vault\Reports\Domino Provisioning. In the task properties, check that the reporting level is as you require. Full reporting will list the following:

Each mailbox that is processed The provisioning group The mailbox policy assigned The username associated with the mailbox The action taken Details of any errors

Summary statistics about the task run are included at the end of the report. To start the Task Controller service and Domino Provisioning task

1 2 3 4 5

In the left pane of the Administration Console, expand the Enterprise Vault Servers container. Expand the computer to which you added the Task Controller service and then click Services. In the right pane, right-click Enterprise Vault Task Controller Service and, on the shortcut menu, click Start. In the left pane, click Tasks and ensure that the Domino Provisioning task has started. The task will run automatically at the times that you have scheduled. You can also force a provisioning run by using the Run Now option, which is available on the Schedule properties page and on the menu when you right-click the task. After the task has run, check the Domino Provisioning report.

To force the Domino Provisioning task to process mailboxes

1 2 3 4

In the left pane of the Administration Console, expand Enterprise Vault Servers, and then your Enterprise Vault server. Click Tasks. In the right-hand pane, right-click the Domino Provisioning task and select Properties. Check that the reporting level is as you require.

Setting up Domino mailbox archiving Enabling mailboxes for archiving

345

5 6 7 8

In the right-hand pane, right-click the Domino Provisioning task and select Run now. Select whether you want the task to run in report or normal mode. The task will then start processing the mailboxes in the provisioning groups. After the task has run, check the Domino Provisioning report. If you selected the option for mailboxes to be enabled for archiving automatically, they will also be enabled by the Domino Provisioning task during the run. If you did not select the option to enable new mailboxes automatically, you must enable them manually.

To enable one or more mailboxes manually

In the Administration Console, click Enable Mailbox on the Tools menu or click the Enable Mailboxes for Archiving icon on the toolbar. The Enable Mailbox wizard starts.

2 3

Follow the instructions, and click Help on any of the wizard screens for further information. If mailboxes to be enabled are not listed as expected, check the Domino Provisioning report to ensure that they have been processed by the Domino Provisioning task.

346

Setting up Domino mailbox archiving Enabling mailboxes for archiving

Chapter

31

Setting up Vault Cache


This chapter includes the following topics:

About vault cache Enabling users for vault cache Disabling vault cache Desktop policy advanced settings

About vault cache


The Enterprise Vault extensions for Lotus Notes can maintain a personal vault cache for users who have local replica-based mail. The vault cache has the following features:

It provides instant access to archived items, even when the user is not connected to the corporate network. It is in addition to, not instead of, the normal, online archive. It is useful to mobile users who use laptop computers. Such users are familiar with replicating their mail. It may be useful in normal offices if you need to conserve bandwidth or improve performance because the retrieval of an archived item takes place on the local computer.

When an offline user starts Notes, the Enterprise Vault client extensions scan the user's mail, looking for the following:

Items that will be archived from the mailbox fairly soon. These items are copied into the vault cache so that they will already be there when the items become shortcuts in the user's mailbox. These items have already been downloaded

348

Setting up Vault Cache Enabling users for vault cache

as part of mail replication, so the copy takes place on the users computer with no further download required.

Enterprise Vault shortcuts. If the corresponding items are not in the offline archive they are automatically added to the download list.

When a user double-clicks a shortcut in the local replica mail database, Notes displays the item that is in the vault cache. When the user double-clicks a shortcut in the online mail database, Notes displays the item that is in the vault cache, if possible. If the item is not available, Notes retrieves the item from the online archive. Users can also perform a full-text search of items that are in the vault cache. Such users must have full-text searching enabled for their offline mail replica databases.

Enabling users for vault cache


You can use the vault cache settings on the Advanced tab of the Domino mailbox policy to control behavior of the vault cache. To enable users for vault cache

Before you start this procedure, you must have modified the mail template databases using the Install Vault Cache option in EVInstall.nsf. See Installing the extensions on page 334.

2 3 4

Open the properties of the Domino mailbox policy and click the Advanced tab. In the List settings from list, click Vault Cache. Double-click Users are enabled for Vault Cache and then select On or Silent and click OK. Select On if you want to allow users to enable vault cache themselves. Select Silent if you want vault cache to be enabled automatically.

5 6

Modify the other vault cache settings on the Advanced tab of the Domino mailbox policy, as required. Synchronize the mailboxes. You can run the Domino Provisioning Task to synchronize the mailboxes. You can do either of the following:

Use Synchronize Individual Mailboxes, which is on the Synchronization tab of the provisioning task's properties. This method requires you to select the mailboxes you want to synchronize. Use Run Now, which is on the Schedule tab of the provisioning task's properties. Run Now processes all mailboxes in the Domino domain, but

Setting up Vault Cache Disabling vault cache

349

may take longer because the mailboxes that are associated with other policies may also be processed. The vault cache will be available to users when they create or update their local replica-based mail.

Disabling vault cache


If you need to disable vault cache, you must edit the mailbox policy in the Administration Console and then replicate the local mail databases. This procedure disables vault cache for all users to whom the policy applies. Note that individual users have the option to disable vault cache by clearing Enable Vault Cache in the Enterprise Vault Cache Options. To disable vault cache

1 2 3 4 5 6 7 8

In the Administration Console, double-click the Domino mailbox policy to display its properties. Click the Advanced tab. Next to List settings from, select Vault Cache. In the list, double-click Users are enabled for Vault Cache. Select Off and then click OK. Click OK to close the policy properties. Run the provisioning task to apply the new policy settings. Replicate the local mail replica databases with the mail databases on the server.

To check that vault cache has been disabled

1 2 3

Open the local mail replica database. Click Tools and then About Enterprise Vault. Check that vault cache is disabled.

Desktop policy advanced settings


This section includes the following topics:

Maximum size (MB) Pause interval Percentage store size

350

Setting up Vault Cache Desktop policy advanced settings

Preemptive archiving threshold Users are enabled for vault cache

Maximum size (MB)


Description Defines the maximum size of the vault cache that is allowed. Set 'Maximum size' to 0 if you want to specify 'Percentage store size'. 'Percentage store size' overrides this setting.

Supported values

An integer that specifies the maximum size in megabytes. Use 0 to disable this setting.

Pause interval
Description Specifies the number of minutes to wait before Enterprise Vault starts searching for the items that need to be added to the vault cache.

Supported values

An integer that specifies a number of minutes. Default is 3.

Percentage store size


Description Percentage of disk capacity to use for vault cache. Percentage store size is checked each time items are downloaded to the vault cache and the vault cache size may be reduced accordingly. This setting overrides Maximum size.

Supported values

An integer that specifies the maximum percentage of the available disk space that the vault cache is allowed to occupy. Default is 10.

Preemptive archiving threshold


Description Specifies the number of days before archiving at which items are added preemptively to the vault cache. The copy takes place on the user's computer with no further download required.

Supported values

An integer that specifies a number of days. Default is 7.

Setting up Vault Cache Desktop policy advanced settings

351

Users are enabled for vault cache


Description Controls whether users are enabled for vault cache. Select 'On' or 'Silent' for this setting to add the Enterprise Vault Cache Options entry to theTools menu when the user opens a local replica mail database. On. Users have the option to enable vault cache for themselves. A user must select 'Enable vault cache' Off (default). Users are not automatically enabled.

Supported values

Silent. Users are automatically enabled.

352

Setting up Vault Cache Desktop policy advanced settings

Chapter

32

Setting up Domino Journaling archiving


This chapter includes the following topics:

Preparation for Domino Journaling archiving Adding a Domino domain Adding a Domino server How to assign a vault store Creating a Domino Journal archive Adding permissions to the journal archive Creating a Domino Journal policy Creating a Domino Journaling task Adding a Domino Journaling location How to configure clients

Preparation for Domino Journaling archiving


Before proceeding, ensure that you have done the following:

Checked that software prerequisites are satisfied Configured the Domino journal databases as required by Enterprise Vault Prepared a Lotus Notes ID file with suitable access to the Domino domain, server and journaling location

354

Setting up Domino Journaling archiving Adding a Domino domain

Adding a Domino domain


You can now configure the target Domino domain in the Enterprise Vault Administration Console. To add a Domino domain

1 2

In the left pane of the Administration Console, expand the Archiving Targets container. Right-click Domino and, on the shortcut menu, click New and then Domino Domain. The New Domino Domain wizard starts.

Work through the wizard.

Adding a Domino server


Next, configure the target Domino Servers in the Enterprise Vault Administration Console. To add a Domino server

1 2 3

In the left pane of the Administration Console, expand the Archiving Targets container. Expand Domino. Right-click the Domino domain to which you want to add a server and on the shortcut menu, click New and then Domino Server. The New Domino Server wizard starts.

Work through the wizard.

How to assign a vault store


Domino Journaling archives can be held in an existing vault store that is also used for other types of archive. Alternatively, you may want to create a new vault store for the archives. If you want to use a new vault store, create the vault store and partition before you add the Domino journaling location. You start the New Vault Store wizard from the Administration Console. To do this from the Administration Console right-click the Vault Store container and, on the shortcut menu, click New and then Vault Store. Alternatively, click the Create new Vault Store icon on the toolbar. Follow the instructions, and click Help on any of the wizard screens for further information.

Setting up Domino Journaling archiving Creating a Domino Journal archive

355

You will need to provide the following information:


The name of the SQL Server. The location for the vault store database files.

The safety copy setting is ignored for journaling; Enterprise Vault deletes the safety copy immediately when journaling. The name you specify for the new vault store must contain any of only the following characters:

The letters A through Z Numbers 0 through 9 Spaces

When the vault store has been created, the wizard then takes you through creating a partition. You can view and customize the properties of vault stores, partitions and archives by right-clicking the object container in the Administration Console tree and selecting Properties. For information on the properties of each object, see the Administration Console online help.

Creating a Domino Journal archive


This section describes how to create a Domino Journal archive. To create a Domino Journal archive

1 2 3

In the left pane of the Administration Console, expand the Site hierarchy until the Archives container is visible. Expand the Archives container. Right-click Domino Journal and, on the shortcut menu, click New and then Archive. The New Domino Journal Archive wizard starts.

Work through the wizard.

Adding permissions to the journal archive


You must add permissions for those users who need to be allowed access to items that have been archived from the journal mailbox. Users can have the following different types of access to an archive:

356

Setting up Domino Journaling archiving Creating a Domino Journal policy

Read: users can view and retrieve items from the archive. Those who need to search items archived from the journal mailbox, such as auditors, must have at least read access to the archive. Write: this is ignored for Domino Journal archives. Delete: users can delete items from the archive. Note that, even though you grant the delete permission here, a user cannot delete from the archive unless you also select Users can delete items from their archives on the General tab of Site Properties.

To add permissions to the journal archive

1 2 3 4

In the left pane of the Administration Console, expand the hierarchy until Archives is visible. Expand Archives. Click Domino Journal. In the right pane, double-click the archive whose permission list you want to modify. The archives properties are shown.

Click the Permissions tab.

Creating a Domino Journal policy


This section describes how to create a Domino Journal policy. To create a Domino Journal policy

1 2 3

In the left pane of the Administration Console, expand the Site hierarchy until the Policies container is visible. Expand the Policies container. Right-click Domino Journaling and, on the shortcut menu, click New and then Policy. The New Domino Journaling Policy wizard starts.

Work through the wizard.

Creating a Domino Journaling task


This section describes how to create a Domino Journaling task.

Setting up Domino Journaling archiving Adding a Domino Journaling location

357

To add a Domino Journaling task

1 2 3 4

In the left pane of the Administration Console, expand the Site hierarchy until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the name of the sever to which you want to add the Domino Journaling task. Right-click Tasks and, on the shortcut menu, click New and then Domino Journaling Task. The New Domino Journaling Task wizard starts.

Work through the wizard.

Adding a Domino Journaling location


This section describes how to add a Domino Journaling location. To add a Domino Journaling location

1 2 3 4

In the left pane of the Administration Console, expand the Archiving Targets container. Expand Domino. Expand the Domino domain that contains the server to which you want to add a location. Expand the Domino server to which you want to add a location and, on the shortcut menu, click New and then Domino Journaling Location. The New Domino Journaling Location wizard starts.

Work through the wizard.

How to configure clients


A Web browser on a client computer can be used to search for archived items. An HTML preview of archived items is always available from within the search results. However, whether an alternate format of the item is available depends on the software that is installed on the users computer. Items are sent to the client computer in one of various formats. The particular format that is used depends on settings in the WebApp.ini initialization file that is used by the Web access application. Table 32-1 shows the requirements and corresponding WebApp.ini settings.

358

Setting up Domino Journaling archiving How to configure clients

Table 32-1

WebApp.ini settings for Domino Requirements


None.

Download format
As a .HTML file that is then opened by the Web browser on the client computer. As a Enterprise Vault saveset (.DVS file) that is then unpacked by the client to create a temporary .PST file containing the item.

WebApp.ini setting
HTMLNotDVS=1

Outlook and the Enterprise None required. Vault User Extensions must be present on the user's computer. If this prerequisite software is not present the Browser Search View Whole Item option in the search results produces an error message. It is not possible to hide the option.

As an EML file that the client Outlook Express or Outlook MsgNotDVS=1 can open immediately must be present on the user's without creating a temporary computer. PST file.

Lotus Notes client


You cannot use a Lotus Notes client to view archived Domino Server messages. The Lotus Notes client installed on the Enterprise Vault server, is used by Enterprise Vault and should not be used by any other user. You cannot start this client while Enterprise Vault is running.

Section

Setting up File System Archiving (FSA)

Setting up File System Archiving (FSA) Using FSA with clustered resources

360

Chapter

33

Setting up File System Archiving (FSA)


This chapter includes the following topics:

Preparing to configure FSA Steps to configure FSA for a new file server Adding a File System Archiving task Adding file servers Adding a volume Adding folders and archive points Managing archive points Scheduling Using Run Now Tips on archiving policy rules Version pruning Client access for FSA Retention folders File Blocking configuration Configuring FSA Reporting FSA Agent uninstallation

362

Setting up File System Archiving (FSA) Preparing to configure FSA

What next?

Preparing to configure FSA


Before you perform the tasks described in this chapter, ensure that you have done the following:

Checked that the prerequisites for your planned system are satisfied. See About the Enterprise Vault prerequisite software and settings on page 37. See About the prerequisites for FSA on page 87. Installed and configured your core Enterprise Vault services. Prepared the target NTFS and NetApp file servers. See Preparing file servers on page 89. Preparing EMC Celerra file servers is described in this chapter, as it requires information about your Enterprise Vault server configuration.

Steps to configure FSA for a new file server


The following steps summarize the tasks that you need to perform to configure FSA for a file server. Note: If you wish to implement File Blocking on the server, read about configuring File Blocking before proceeding. See File Blocking configuration on page 382.

Add a File System Archiving task. Add the file server to the File Server container under Targets in the Administration Console. Install the FSA Agent on target NTFS file servers. Check the settings in the Default FSA Volume Policy. You can edit the settings or create a new volume policy, as required. Add an archiving target volume below the file server container, and apply the volume policy. If you want to override the volume policy for individual folders, create a folder policy or modify the settings in the Default FSA Folder Policy. Add archiving target folders and archive points as required.

Setting up File System Archiving (FSA) Adding a File System Archiving task

363

Schedule the File System Archiving task so that it archives the new file server at the required times. Configure FSA Reporting, if required.

Adding a File System Archiving task


Add a File System Archiving task on the Enterprise Vault server using the Administration Console. To add a File System Archiving task

1 2 3 4

In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand the required server container. Right-click the Tasks container, and select New > File System Archiving Task. The new task wizard starts. Change the default name for the task, if required.

The new task will be displayed in the right-hand pane. Double-click the task object to display the properties of this task.

Adding file servers


You can now add the target file server that you want to archive.

Adding an NTFS file server


You can add a new NTFS file server using the New File Server wizard. The wizard enables you to install the FSA Agent on the file server, if required. The FSA Agent is required if you want to do any of the following on the file server:

Replace archived files with placeholder shortcuts Implement File Blocking Use FSA Reporting

If you do not install the FSA Agent from the New File Server wizard, you can install it at a later date using the Install FSA Agent wizard. See Installing the FSA Agent on NTFS file servers on page 364.

364

Setting up File System Archiving (FSA) Adding file servers

To add a file server

1 2 3 4

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click New and then File Server. The New File Server wizard starts. Work through the wizard to finish adding the file server. You will need to provide the following information:

The fully-qualified DNS name of the file server you are adding. You can browse to select the server. Additionally, if you choose to install the FSA Agent, the wizard asks for the password to the Vault Service account.

When you have added the file server, you can start adding the volumes that you want File System Archiving to process.

Installing the FSA Agent on NTFS file servers


The FSA Agent consists of the following services:

Enterprise Vault File Placeholder Service Enterprise Vault File Blocking Service Enterprise Vault File Collector Service

You must install the FSA Agent on an NTFS file server if you want to do any of the following on the file server:

Replace archived files with placeholder shortcuts Implement File Blocking Use FSA Reporting

You do not need to install the FSA Agent on NetApp file servers or Celerra devices. On these machines, Enterprise Vault uses an FSA Agent on the Enterprise Vault server. You can install the FSA Agent from the Administration Console. You will need to know the username and password of the Vault Service account. The Vault Service account must have administrator permissions on the remote server. Note: The FSA Agent requires Microsoft .NET Framework v 2.0 as a prerequisite on the file server.

Setting up File System Archiving (FSA) Adding file servers

365

To install the FSA Agent

1 2 3 4 5

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container. Right-click the server on which you want to install the FSA Agent and, on the shortcut menu, click Install FSA Agent. The Install FSA Agent wizard starts. Work through the wizard. If the FSA Reporting database has been configured, the wizard asks you if you want to enable data collection for FSA Reporting. If you enable data collection, the wizard gives you the option to configure a non-default data collection schedule for the file server. You can perform all these tasks later, if you wish. See Configuring FSA Reporting on page 392.

Note: Before installing any antivirus product on a file server on which you have installed the FSA Agent, you are recommended to stop the File Placeholder Service. After completing the installation of the antivirus product, you must restart the File Placeholder Service.

Adding a NetApp file server


Before adding a NetApp Filer, ensure that you have set the permissions correctly. See Setting the permissions on a NetApp Filer on page 90. To add a file server

1 2 3 4

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click New and then File Server. The New File Server wizard starts. Work through the wizard to finish adding the file server. Do not select the option to install the FSA Agent. You will be prompted for the fully-qualified DNS name of the file server you are adding. You can browse to select the server. When you have added the file server, you can start adding the volumes that you want File System Archiving to process.

366

Setting up File System Archiving (FSA) Adding file servers

Adding an EMC Celerra device


This section describes how to prepare the EMC Celerra file server for archiving, and how to add the devices as an archiving target.

Preparing an EMC Celerra device


If you intend to use placeholder shortcuts on the Celerra, you must enable the FileMover functionality on the Celerra and create an HTTP connection. To configure the Celerra device

1 2

Log on to the Celerra Control Station. Add an account for Enterprise Vault to use for authentication on the Celerra device. The syntax is as follows:
server_user server_x -add -md5 -passwd DataMover_user_name

where: server_x is the name of the Data Mover DataMover_user_name is the name of the account that you want Enterprise Vault to use for authentication. This user is a Data Mover user, not a domain user.

Enable the file system for Celerra FileMover using this command syntax:
fs_dhsm -modify fs_name -state enabled

where: fs_name is the name of the file system on the Celerra.

Setting up File System Archiving (FSA) Adding file servers

367

Configure the HTTP server on the Data Mover to accept Celerra FileMover API connections using this command syntax:
server_http server_x -append dhsm -users DataMover_user_name -hosts ip_address_policy_engine

where: server_x is the DNS name of the Celerra device. DataMover_user_name is the name of the Data Mover account that you want Enterprise Vault to use for authentication. ip_address_policy_engine is the IP address of the computer that runs the FSA task that will process the Celerra device.

Configure the HTTP connection to use for recall requests, using this command syntax:
fs_dhsm -connection fs_name -create -type http -secondary ev_url -user user -password user_password -cgi n

where: fs_name is the name of the Celerra file system. ev_url is the URL of the Web Access application. The Celerra is case-sensitive, so this URL must use the correct case. user is an account that will have access to all archives from which files will be restored. user_password is the password to the account.

Example configuration
The following example configures a Celerra to use placeholder shortcuts.
$ server_user server_2 -add -md5 -passwd celerraaccessaccount@demo.local $ fs_dhsm -modify fsa_fs -state enabled $ server_http server_2 -append dhsm -users archiveaccessaccount@demo.local -hosts 192.168.1.1 $ fs_dhsm -connection fsa_fs -create -type http -secondary http://EVServer.demo.local/EnterpriseVault -user vaultadmin@demo.local -password p4ssw0rd -cgi n

where:

FSA will use the account CelerraAccessAccount@demo.local to authenticate on the Celerra.

368

Setting up File System Archiving (FSA) Adding file servers

The Celerra will use the account ArchiveAccessAccount to authenticate to Enterprise Vault. The Celerra file system name is fsa_fs. The server name is server_2. The IP address of the FSA task computer is 192.168.1.1. The URL of the Enterprise Vault Web Application is http://EVServer.demo.local/EnterpriseVault. The password for the archive access account is p4ssw0rd.

Adding the Celerra device as an archiving target


Once you have prepared the Celerra device, you can use the Administration Console to add the Celerra device as an archiving target. The New File Server wizard asks you the following:

The fully-qualified DNS name of the file server you are adding. You can browse to select the server. Whether to use placeholder shortcuts. If you do choose placeholder shortcuts you must provide the details of an account on the Celerra Data Mover that has the Celerra dhsm permission.

To add the Celerra device

1 2 3 4

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click New and then File Server. The New File Server wizard starts. Work through the wizard to finish adding the file server:

On the first screen, click Next. On the second screen, enter the DNS name of the Celerra device. Do not select the option to install the FSA Agent. Click Next. On the third screen, choose whether to use placeholder shortcuts. If you choose to user placeholder shortcuts, enter the details of the account you configured on the Celerra that has permission to use the dhsm feature. You can change the account details later, if required, by editing the properties of the Celerra. Click Next to continue. On the summary screen, click Next to add the Celerra device.

Setting up File System Archiving (FSA) Adding a volume

369

On the final screen, click Close to exit from the wizard.

When you have added the file server, you can start adding the volumes that you want File System Archiving to process.

Adding a volume
This section describes how to add a volume so that it can be processed by File System Archiving.

Creating a volume policy


A volume policy contains settings that are to be applied to a complete volume, unless overridden by specific folder policies. The wizard asks you the following:

What name and description to use for the new policy. Whether to enable quotas and, if so, what quotas to use. Which retention category to apply. Whether to leave shortcuts (Placeholder shortcuts or Internet links) to archived files. If you decide to leave Placeholder shortcuts you must install an FSA Agent on each NTFS file server to which this policy will be applied. Which archiving rules to apply as part of the policy.

To create a volume policy

1 2 3 4 5

In the Administration Console, expand the Enterprise Vault site until the Policies container is visible. Expand the Policies container. Expand the File container. Right-click Volume and then, on the shortcut menu, click New and then Policy. Work through the New Policy wizard.

To copy a policy to use as a template for a new policy

1 2 3

In the Administration Console, right-click the policy that you want to copy and then, on the shortcut menu, click Copy Policy. Enter a new name and description for the policy. Click OK to save the copy.

370

Setting up File System Archiving (FSA) Adding a volume

4 5

Double-click the new copy to display its properties. Edit the properties of the copy as required.

Adding a volume
Use the New Volume wizard to add a volume to a file server. The New Volume wizard asks you the following:

Which volume to add. Which vault store to use for files archived from this volume. Which File System Archiving task to use to process this volume. Which volume policy to apply when archiving from this volume.

If FSA Reporting is configured, the wizard also allows you choose whether to enable FSA Reporting for this volume. Before adding the first volume on a Celerra device, ensure you have specified a cache location. See Adding the first Celerra volume on page 370. To add a volume

1 2 3 4 5 6 7 8

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container to show the file servers that have been added. Right-click the file server from which you want to add a volume and then, on the shortcut menu, click New and then Volume. Work through the wizard to finish adding the volume. In the Administration Console, right-click the new policy you have added and, on the shortcut menu, click Properties. Review the volume policy properties and modify them as required. Click OK to close the volume policy properties.

Adding the first Celerra volume


In order to improve performance, an Enterprise Vault server that retrieves files from a Celerra device requires a location to use for temporary files.

Setting up File System Archiving (FSA) Adding folders and archive points

371

Before you add the first volume on a Celerra device you must specify a folder that is local to the Enterprise Vault server that can be used for caching temporary files. Note: Once you have specified a cache location you cannot change it later. To specify a cache location

1 2 3 4 5 6

In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Right-click the server that will archive from the Celerra and, on the shortcut menu, click Properties. Click the Cache tab. Under Cache Location, enter an existing path on the server that can be used to cache files retrieved from the Celerra. Add the Celerra volume. See Adding a volume on page 370.

Adding folders and archive points


When you configure archiving for a volume you place an archive point to control which folders are archived and which archive is used to store files from a particular folder and its subfolders.

Creating a folder policy


A folder policy contains settings that are to be applied to specific folders. These settings override volume policy settings. To make for easier management, you are recommended not to create apply folder policies to folders that have a short life, such as temporary folders. It is better to create folder policies for folders that will have a long life, such as a user's root folder. To create a folder policy

1 2 3

In the Administration Console, expand the Enterprise Vault site until the Policies container is visible. Expand the Policies container. Expand the File container.

372

Setting up File System Archiving (FSA) Adding folders and archive points

4 5

Right-click Folder and then, on the shortcut menu, click New and then Policy. Work through the New Policy wizard.

To copy a policy to use as a template for a new policy

1 2 3 4 5

In the Administration Console, right-click the policy that you want to copy and then, on the shortcut menu, click Copy Policy. Enter a new name and description for the policy. Click OK to save the copy. Double-click the new copy to display its properties. Edit the properties of the copy as required.

Adding a folder and archive point


You can add folders that File System Archiving processes with different policies from the volume policy. The volume policy applies to the whole volume so there is no need to add folders unless you want them to be processed differently from the rest of the volume. The New Folder wizard asks for the following:

The relative path on the volume of the folder that you are adding. Note that it is possible to add a folder and place archive points on all subfolders of that folder. If you have many folders to enable this may be easier than running the wizard many times. The name of the policy to use when archiving from the new folder or its subfolders. Note: Retention Folder policies are special policies that allow you to add a predefined folder hierarchy to folders in the target volume. There is separate documentation for adding folder targets that use retention folder policies. See Retention folders on page 382. Whether to archive from the selected folder. Whether to archive from subfolders of the selected folder. How many archive points to create. You can create any of the following:

An archive point for the selected folder.

Setting up File System Archiving (FSA) Managing archive points

373

An archive point for each subfolder of the selected folder. A new archive will be created for each existing subfolder. Archive points for subfolders of the existing folder and for new subfolders when they are created. The existing folder is referred to as an auto-enabling folder. The archive points for subfolders are created when the archiving task runs in normal mode. This can be useful when you have a folder containing users subfolders and want to create an archive point for each users subfolder. When you add subfolders for new users, archive points are automatically created. If you choose this option, make sure that there is no archive point on any of the parent folders, or on the volume. No archive point. This enables you to use the same archive as for higher-level folders but to choose a different archiving policy for the selected folder.

To add a folder and archive point

1 2 3 4 5

In the Administration Console, expand the Enterprise Vault site until the File Servers container is visible. Expand the File Servers container to show the file servers that have been added. Expand the file server that has the folder you want to add. Right-click the volume that has the folder you want to add and then, on the shortcut menu, click New and then Folder. Work through the wizard to finish adding the folder. If a file is not matched by the rules in a folder policy then, by default, Enterprise Vault applies the rules in the volume policy and tries to find a match there. If you want to force Enterprise Vault not to do this, edit the folder properties in the Administration Console and select Ignore volume rules for this folder.

Managing archive points


To archive files from a folder, both the following conditions must apply:

You must have added the volume. You must have created a suitable archive point.

You create archive points to control which folders can be archived. Enterprise Vault then creates a new archive for each archive point that it finds. Beneath an

374

Setting up File System Archiving (FSA) Managing archive points

archive point you can apply folder policies to control which folders are actually archived. Where possible, Enterprise Vault uses hidden file streams to indicate archive points. The stream archive points are used on Windows 2000 and Windows 2003 NTFS volumes. If the file system does not support streams, Enterprise Vault uses hidden XML files to mark archive points. These file archive points are required on the following:

Windows 2000 FAT volumes Other file systems

When the Enterprise Vault archive server runs, it creates a new archive for the folder with the same name as the archive point folder. The site defaults are used to supply the other attributes of the archive, but you can override the defaults. The easiest way to manage archive points is to use the Administration Console. Additionally, there is a command-line tool, ArchivePoints. For information on how to use ArchivePoints to create, delete, list, show contents, and update archive points, see ArchivePoints in the Utilities manual. It is not possible to use the Administration Console to create an archive point at the root of a volume. If you do need to create an archive point at the volume root you must use the ArchivePoints command-line program.

Listing, editing, and deleting archive points


Note that you can also get a list of archive points by processing a server or volume in Report Mode. The report that is generated lists all the archive points. To list, edit, or delete archive points

1 2 3 4

In the Administration Console, expand Targets. Expand File Server. Expand the file server that hosts the volume you want to manage. Right-click the volume you want to manage and, on the shortcut menu, click Archive Points.

Setting up File System Archiving (FSA) Scheduling

375

Expand the Archive Points listing. Archive points are shown as follows:
Folder with archive point

Auto-enabling folder

6 7 8

To edit an archive point, click the archive point to select it and then click Edit. To delete an archive point, click the archive point to select it and then click Remove. To remove archive points that have been added by an auto-enabling folder, perform the following steps in the order listed:

Click the auto-enabling folder to select it and then click Edit. Select Do not create archive points for immediate subfolders. Select Delete existing archive points from immediate subfolders. Click OK.

Scheduling
This section comprises the following topics:

Schedule File System Archiving Scheduling expiry Scheduling deletion from Celerra Scheduling permissions synchronization

Schedule File System Archiving


A File System Archiving processes its target servers according to the schedule that you define for that task. You can define an individual schedule for each File System Archiving task, or you can use the site schedule. To configure a schedule for a file server

1 2

In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers.

376

Setting up File System Archiving (FSA) Scheduling

3 4 5 6 7

Expand the Enterprise Vault server that runs the task you want to modify. Click Tasks. Right-click the name of the File System Archiving task you want to modify and, on the shortcut menu, click Properties. Click the Schedule tab. Define the schedule that you require and then click OK.

Scheduling expiry
When an item's retention period expires, File System Archiving can automatically delete it. File System Archiving does this according to the schedule that you define with the Administration Console, on the Storage Expiry tab of the Site Properties dialog box. File System Archiving does not delete archived items when either of the following conditions applies:

On the "Storage Expiry" tab of the Site Properties dialog box, the schedule is set to "Never" or you have checked "Run in report mode". On the "Advanced" tab of the Archive Properties dialog box, "Delete expired items from this archive automatically" is unchecked.

Scheduling deletion from Celerra


Celerra deletion takes place if you have chosen either of the following placeholder options in the Celerra volume policy:

Delete archived file when placeholder is deleted Delete archived file when placeholder is recalled

The deletion takes place once or twice each day, according to the schedule you define. Note: The deletion mechanism requires that the Celerra device has FileMover logging enabled. You can check that the logging is enabled from the EMC Celerra tab in the properties of each Celerra volume. To schedule deletion from Celerra

1 2

In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers.

Setting up File System Archiving (FSA) Using Run Now

377

3 4 5 6 7 8

Expand the Enterprise Vault server that runs the File System Archiving task to archive from the Celerra device. Click Tasks. Right-click the File System Archiving task and, on the shortcut menu, click Properties. Click the Celerra tab. Set the AM and PM deletion times that you require. Click OK.

Scheduling permissions synchronization


File System Archiving automatically synchronizes archive permissions with folder permissions. The automatic synchronization run takes place once or twice each day. It is possible to turn off automatic synchronization. If you chose to do this you would then need to synchronize manually. To view or modify the synchronization schedule

1 2 3 4 5 6 7

In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand Enterprise Vault Servers. Expand the Enterprise Vault server that runs the task you want to view or modify. Click Tasks. Right-click the name of the File System Archiving task you want to view or modify and, on the shortcut menu, click Properties. Click the Synchronization tab. Set the schedule you require and then click OK.

Using Run Now


This section comprises the following topics:

Processing a volume immediately Processing a file server immediately

378

Setting up File System Archiving (FSA) Using Run Now

Processing a volume immediately


Normally, File System Archiving processes each volume as part of a scheduled run. Sometimes, though, you may want to process a particular volume outside this schedule. On such occasions, you can use "Run Now" to process the volume immediately. "Run Now" is often useful when you are piloting or demonstrating Enterprise Vault. Note the following:

Run Now reports only on files that are beneath archive points. When archiving by quota, the number of files actually archived may not match the number shown in the report. This is because the order in which the files are processed during a report mode run is unlikely to be the same as the order during the normal run. File System Archiving archives only sufficient eligible files to meet the quota settings, so there may be more, or fewer, files actually archived than shown in the report.

To process a volume immediately

1 2 3 4 5

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container. Right-click the volume that you want to process and then, on the shortcut menu, click Run Now. In the Run Now dialog box, select the mode you want to use.

Normal mode: The volume is processed normally; files that match the archiving criteria are archived. The file name is:
EV_FILESYSTEM_ARCHIVE_REPORT_task_[run now volumename [_more volume names]]_yyyymddhhmmss.TXT

where: task is the name of the File System Archiving task.


yyyymmddhhmmss is the date and time that the report was generated. [_more volume names] indicates the names of additional volumes that

were processed. For example:


EV_FILESYSTEM_ARCHIVE_REPORT_MYFSATASK_20061012091448.txt

Setting up File System Archiving (FSA) Using Run Now

379

Report mode: Nothing is archived, but Enterprise Vault generates a report that shows you what would be archived if you processed the volume in normal mode. The file name is:
EV_FILESYSTEM_[ARCHIVE]_REPORT_task_[run now volumename [_more volume names]]_yyyymddhhmmss.TXT

where: task is the name of the File System Archiving task.


yyyymmddhhmmss is the date and time that the report was generated. [_more volume names]indicates the names of additional volumes that

were processed. For example:


EV_FILESYSTEM_REPORT_MYFSATASK_20061012091448.txt

The report goes into a file in the Reports subfolder of the Enterprise Vault installation folder (normally C:\Program Files\Enterprise Vault\Reports). The fields within the file are tab-separated, so the contents can easily be read into a spreadsheet program for analysis.

Click OK.

Processing a file server immediately


Normally, File System Archiving processes file servers according to the schedule that you specify for the File System Archiving task. Sometimes, though, you may want to process file servers outside this schedule. On such occasions, you can use Run Now to start the tasks immediately. Run Now is often useful when you are piloting or demonstrating Enterprise Vault. Note the following:

If the file servers volumes are archived by different tasks, you need to run each of those tasks in order to archive all the volumes. As an alternative, you can process individual volumes. See Processing a volume immediately on page 378. Run Now reports only on files that are beneath archive points. When archiving by quota, the number of files actually archived may not match the number shown in the report. This is because the order in which the files are processed during a report mode run is unlikely to be the same as the order during the normal run.

380

Setting up File System Archiving (FSA) Tips on archiving policy rules

File System Archiving archives only sufficient eligible files to meet the quota settings, so there may be more, or fewer, files actually archived than shown in the report. To run a task immediately

1 2 3 4 5 6

In the Administration Console, expand the Enterprise Vault site until the Enterprise Vault Servers container is visible. Expand the Enterprise Vault Servers container. Expand the Enterprise Vault server that hosts the task you want to run. Click the Tasks container. In the list, right-click the File System Archiving task you want to run and, on the shortcut menu, click Run Now. In the Run Now dialog box, select the mode to use. The options are as follows:

Normal mode: The file server is processed normally; files that match the archiving criteria are archived. Report mode: Nothing is archived, but Enterprise Vault generates a report that shows you what would be archived if you processed the server in normal mode. The report also includes volumes and folders for which archiving has been disabled. The report goes into a file in the Reports subfolder of the Enterprise Vault installation folder (normally C:\Program Files\Enterprise Vault\Reports). The file is:
EV_FILESYSTEM_REPORT_servername_yyyymmddhhmmss.TXT

where yyyymmddhhmmss is the date and time that the report was generated. The fields within the file are tab-separated, so the contents can easily be read into a spreadsheet program for analysis.

Click OK to start the run.

Tips on archiving policy rules


The archiving policy rules control exactly which files are archived. When you create policy rules, remember the following:

Remember that a rule is applied to a file when all the criteria match. You may find that some files that you expect to be matched by a rule are not matched because, for example, the attributes are not matched exactly.

Setting up File System Archiving (FSA) Version pruning

381

Try not to apply too many rules in a policy. This makes it easier to apply the same policy to multiple volumes or folders. Also, by keeping it simple, you are less likely to get results you do not expect. You can use File Groups to simplify rule creation. A file group enables you to specify several different file types to that are to be treated together for the purposes of file archiving. For example, you could create a file group called "Web Pages" and within it have the file types *.htm, *.html, and *.gif. Within a File System Archiving policy you could then define a rule that applied to "Web Pages". File Groups are in the "File Groups" Administration Console container, under the "File" policies container. When you have set up File System Archiving for a volume or folder, perform an archive run in Report Mode and then check the report to make sure that the rules are matching the files you expect.

Version pruning
By using FSA version pruning, you can control the number of versions of files that are stored in Enterprise Vault archives. Each time a file is recalled and modified, subsequent archiving means that another version of the file is stored in the archive. Pruning is the process of deleting the earlier versions of archived files, until the required number of versions remains. How to configure Version Pruning is described in the Administrators Guide.

Client access for FSA


Items that have been archived by FSA are available to clients as follows:

If shortcuts are created in the items original location, users can access an archived item simply by double-clicking the shortcut on the file server. If shortcuts are not created, users can access the archived items in the archives using Enterprise Vault archive search or Archive Explorer from a stand-alone browser session. When Archive Explorer is launched from within Outlook, it does not display FSA archives. To browse these archives, users need to start Archive Explorer in a separate browser session, using a URL in the form:
http://EV_IIS_server/EnterpriseVault/archiveexplorerui.asp

382

Setting up File System Archiving (FSA) Retention folders

Retention folders
The Retention Folder feature enables you to create single folders or a hierarchy of folders automatically on file servers, to be managed by Enterprise Vault and archived according to assigned policies. For example, you may want to create a hierarchy of retention folders in every users home folder. Items placed in the retention folders are archived by Enterprise Vault according to the policy assigned to each folder. Different folders in a retention folder hierarchy can have different policies assigned. You define the archives to use for the retention folders by specifying where archive points are to be created. If a user deletes any folders in the retention folder hierarchy, Enterprise Vault recreates the folders during the next run of the FSA archiving task in Normal mode. For full details of configuring and managing retention folders, see the Administrator's Guide.

File Blocking configuration


File Blocking enables you to do the following:

Monitor and enforce disk usage policies in real time. Prevent unwanted files from being saved on monitored server volumes.

File Blocking is provided as a component of the FSA Agent. When you add a new file server the wizard gives you the option to include File Blocking. If you have an existing file server, you can add the FSA Agent by right-clicking the file server and selecting "Install FSA Agent". See Adding file servers on page 363. You configure File Blocking within a volume policy and then apply that policy to disk volumes. It is possible for the volumes also to be processed by a File System Archiving task, but there is no requirement to do this. You configure File Blocking for a volume by applying a volume policy in which you have defined File Blocking rules. The rules control the file types that are allowed on the volume, which folders to monitor, and the actions to take when a policy violation occurs. For example, the action could be to allow the file to be created but for a warning message to be sent to the user and the event to be logged. In summary, you must do the following to configure File Blocking:

On NTFS servers, install the FSA Agent.

Setting up File System Archiving (FSA) File Blocking configuration

383

See Adding file servers on page 363.

If you are adding File Blocking for a NetApp device, you must already have installed File Blocking on a Windows file server target that is able to run File Blocking service on behalf of the NetApp device. It is possible for a Windows file server to perform File Blocking for more than one NetApp device, but for best performance you are recommended to have one Windows file server per NetApp device. See Adding file servers on page 363. Define local quarantine locations. Each file server must have a quarantine location that is used when you choose to move blocked files to quarantine. In the case of NetApp devices, the quarantine location must be on the Windows file server that is running the File Blocking service for the NetApp device. See Creating a local quarantine location on page 383. (Optional) Configure a central quarantine location. When this is defined, it is used in preference to the local quarantine locations on each file server. If the central location is not available, the local quarantine locations are used. See Creating a central quarantine location on page 384. Specify how Enterprise Vault is to send mail when a File Blocking rule requires a mail notification. See Specifying the mail delivery mechanism on page 385. Create a suitable volume policy and apply it as required. Optionally, specify for each file server, a list of users whose files are exempt from File Blocking. See Ensuring specific users are never blocked on page 391.

It is possible for you to configure File Blocking so that blocked files are automatically moved to a quarantine folder.

Creating a local quarantine location


You must create a local quarantine location on each file server. If you have also defined a central quarantine location, that central location is used when a File Blocking rule requires that a file is moved to quarantine. However, if the central location is not defined, or is temporarily not available, the local quarantine location is used.

384

Setting up File System Archiving (FSA) File Blocking configuration

To configure a local quarantine location on a file server

Decide on a suitable quarantine location on the file server. Note: The Vault Service account must have write access to the location.

Note: Do not select a location to which a File Blocking rule will be applied.

2 3 4 5 6

Expand the Administration Console tree until the Targets container is visible. Expand the Targets container. Expand the File Server container. Right-click the server on which you want to set the quarantine location and, on the shortcut menu, click Properties. On the File Blocking tab, enter the path to the folder you want to use for quarantine. Click the browse button if you want to select the location from a list. Click OK.

Creating a central quarantine location


File Blocking can, if required by the policy settings, move blocked files to a quarantine location. You can, optionally, define a central quarantine location to be used by all file servers to store quarantined files. If the central quarantine location is not defined or is not available, each file server uses its local quarantine location. Note that, if a central quarantine location later becomes available, files that are in local quarantine locations are not automatically moved to the central quarantine location. To create a central quarantine location

Decide which server will host the quarantine location and on a suitable quarantine location on that server. Note: The Vault Service account must have write access to the location.

Note: Do not select a location to which a File Blocking rule will be applied.

Expand the Administration Console tree until the Targets container is visible.

Setting up File System Archiving (FSA) File Blocking configuration

385

3 4 5

Expand Targets. Right-click the File Server container and, on the shortcut menu, click Properties. On the File Blocking tab, select Enable centralized quarantine and then enter the path to the folder you want to use for quarantine. Click the browse button if you want to select the location from a list. Click OK.

Specifying the mail delivery mechanism


Specify how Enterprise Vault is to send mail when a File Blocking rule requires a mail notification. You can choose to send either SMTP mail or Exchange Server mail. If you choose to send Exchange Server mail then Outlook must be installed on each file server. To specify the mail delivery mechanism:

1 2 3 4 5

Expand the Administration Console tree until the Targets container is visible. Expand Targets. Right-click the File Server container and, on the shortcut menu, click Properties. Click the Mail tab, Select your preferred delivery mechanism: either SMTP mail or Exchange Server mail:

SMTP mail. Enter the name of the SMTP mail server and the name you want to be used for the sender of the notifications. Exchange Server mail. Enter the name of the Exchange Server and the name of the mailbox that you want to use to send mail.

Click OK.

Adding File Blocking to a policy


To add File Blocking when creating a new policy

1 2 3

In the Administration Console, expand the Enterprise Vault site until the Policies container is visible. Expand the Policies container. Expand the File container.

386

Setting up File System Archiving (FSA) File Blocking configuration

4 5 6 7

Right-click Volume and then, on the shortcut menu, click New and then Policy. On the first screen of the New Policy wizard, click Next. On the second screen of the wizard enter a name for the new policy and, optionally, a description. Click Next. On the third screen of the wizard you create the File Blocking rules that you want to apply in the new policy. Click New. The File Blocking Rule properties appear. Complete the details on each tab to define the File Blocking rule, then click OK. The New Policy wizard shows the new rule that you have created. The rule is selected, so it will be enabled when this policy is applied. If you want to disable the rule, clear the checkbox next to the rule.

If you want to create more rules to be applied by this policy, click New.

10 When you have created the required rules, click Next to continue. 11 Work through the remainder of the wizard.
You can create and modify the rules later, if required, by editing the properties of the volume policy. To add File Blocking to an existing policy

1 2 3 4 5 6 7 8 9

In the Administration Console, expand the Enterprise Vault site until the Policies container is visible. Expand the Policies container. Expand the File container. Click the Volume container. In the list of policies, right-click the policy you want to modify and, on the shortcut menu, click Properties. Click the File Blocking Rules tab. This tab enables you to create the File Blocking rules that you want to apply in this policy. Click New. The File Blocking Rule properties appear. Complete the details on each tab to define the File Blocking rule, then click OK. The File Blocking Rules tab shows the new rule that you have created. The rule is selected, so it will be enabled when this policy is applied. If you want to disable the rule, clear the checkbox next to the rule.

10 If you want to create more rules to be applied by this policy, click New.

Setting up File System Archiving (FSA) File Blocking configuration

387

File Blocking rules


This section gives an overview of the various settings that you can configure in a File Blocking rule, which is part of a File Blocking policy. You can have many rules within a single policy. You can define File Blocking rules when adding a new volume policy or by editing the properties of an existing policy. In summary, a File Blocking rule defines the following:

The folders to monitor. The file types to monitor. Whether to scan inside compressed files. What action to take when a file is found that breaks a rule.

File Blocking rule: General tab


Table 33-1 lists the options on the General tab of File Blocking rule properties. Table 33-1 Setting
Name

File Blocking rule: General tab Description


The name of the rule. This must be specified. An optional description of the rule.

Default Value
None.

Description

None.

File Blocking rule: File Groups tab


Table 33-2 lists the options on the General tab of File Blocking rule properties. Table 33-2 Setting
File groups

File Blocking rule: File Groups tab Description Default Value

A list of the defined file groups. You List of groups already select the file groups that you want to defined. No group is selected. monitor. You can then block or allow individual file types within those groups. If necessary, you can define more file groups: in the Administration Console, under Policies, right-click the File Groups container and, on the shortcut menu, click New and then File Group.

388

Setting up File System Archiving (FSA) File Blocking configuration

Table 33-2 Setting


Blocked files

File Blocking rule: File Groups tab (continued) Description


A list of file types to block. Note that *.TMP files are never blocked because this file type is used temporarily when a file is restored.

Default Value
None.

Allowed files

A list of file types to allow.

None.

File Blocking rule: File Blocking Options tab


Table 33-3 lists the options on the File Blocking Options tab of File Blocking rule properties. Table 33-3 Setting
File action

File Blocking rule: File Blocking Options tab Description Default Value

Whether to block or allow a file that File is blocked. breaks the rule. You could, for example, allow the file to be created but send an appropriate notification to an administrator. Whether to scan inside files to determine Content is not checked. their types. This would catch, for example, a .MP3 file that had been renamed to .TXT Whether to scan the contents of files Compressed files are not within compressed files such as ZIP files. scanned. Selecting this option may have some impact on performance. Whether to move files that break the rule Files are not quarantined. to a central quarantine folder. If the central quarantine location is not available, a local quarantine folder is used. The Vault Service account must have write access to the central and local quarantine folders.

Check file content

Scan inside archive

Quarantine file

File Blocking rule: Notifications tab


Table 33-4 lists the options on the Notifications tab of File Blocking rule properties.

Setting up File System Archiving (FSA) File Blocking configuration

389

Table 33-4 Setting


Notify using Messenger Service Send email Run custom command

File Blocking rule: Notifications tab Description


Enables automatic notifications using the Windows Messenger Service.

Default Value
No notification.

Enables automatic notifications by email. No notification. Enables you to run a command when a No notification. rule is broken. For example you could specify a NET SEND command or a batch file to run. The command runs under the local System account.

Log the event

Enables logging to the Enterprise Vault No notification. event log. Enables you to configure the notification message and select the delivery method. See Notification tabs on page 389.

"Configure notifications " button

Notification tabs
The Notification tabs enable you to define the delivery and content of the message you want to be sent when the rule is broken. The tabs that are available depend on the notification methods you selected. Table 33-5 Tab name
Message

Notification tabs options Description


The text of the message that you want to be sent when the rule is broken. You can enter plain text on this tab. If you want to include variables, such as the name of the file that broke the rule and the name of the user who attempted to create the file. Enables you to choose to send a Windows Messenger Service notification message to any combination of the following:

Messenger

A specific member of the Administrators group The user who broke the File Blocking rule. An SNMP trap. This sends the computer name, the file name, the user name, and the message that is defined on the Message tab.

390

Setting up File System Archiving (FSA) File Blocking configuration

Table 33-5 Tab name


Logging

Notification tabs options (continued) Description


Enables you to choose to log File Blocking violations to the following:

Enterprise Vault audit database. Enterprise Vault event log.

Email

Enables you to specify the mail header information to be used when a mail notification is sent. This enables you to define commands to be run automatically when a File Blocking rule is broken. Do not specify a command that requires interaction with the desktop. For example, you could specify a batch file to run or a NET SEND command. You can enter multiple commands, one per line.

Custom Command

Notification variables
Table 33-6 lists the variable names that you can use to make Enterprise Vault insert variable information into notification messages. The variables are replaced with the details that are current at the time the message is sent. Table 33-6 Variable
[USER]

Notification variables Description


Current user who caused the action. Includes domain information. Current user who caused the action without the domain information. Domain name. File path and name that caused the action. Name of the file that caused the action. Name of the policy that is applied to the managed resource. Name of the resource that caused the action. Name of the owner of the file that caused the action without domain information. Name of the owner of the file that caused the action. Includes domain information.

[USER NO DOMAIN]

[DOMAIN] [FILE SPEC] [FILE NAME] [POLICY NAME] [OBJECT NAME] [OWNER NO DOMAIN]

[OWNER]

Setting up File System Archiving (FSA) File Blocking configuration

391

Table 33-6 Variable


[SERVER NAME]

Notification variables (continued) Description


Name of the server where an alarm has been activated. Shared name of the resource. For example, you can enter "H" as in "H:\MyDrive" and the share name is inserted.

[OBJECT NAME SHARE]

File Blocking rule: Folder Filters tab


The Folder Filters tab enables you to specify which folders you want File Blocking to monitor. The folder selection is used on every volume to which you apply this policy, so you must specify path names in relation to the root of the volume. Note: Do not apply a File Blocking rule to a folder that is used for quarantined files. Table 33-7 lists the options on the Folder filters tab of File Blocking rule properties. Table 33-7 Setting
Monitored folders

File Blocking rule: Folder filters tab Description Default Value

The folders that are to be monitored by No monitored folders. File Blocking. You can choose to monitor the whole volume or to monitor specific folders and their subfolders.

Ignored folders

A list of folders that are not to be monitored by File Blocking. If you have chosen to monitor specific folders, this list enables to you to specify exceptions to that list.

No ignored folders.

Ensuring specific users are never blocked


It is possible for you to define, for each file server, a list of users whose files are never blocked. To exempt a user from File Blocking:

1 2

Expand the Administration Console tree until the Targets container is visible. Expand Targets.

392

Setting up File System Archiving (FSA) Configuring FSA Reporting

3 4 5 6 7 8

Expand File Server. Right-click the server on which you want the user to be exempt from File Blocking and, on the shortcut menu, click Properties. On the File Blocking tab, next to Exemptions, click Add. The Add Windows Users and Groups dialog appears. Select the user you want to add to the exemptions list and click Add. Click OK to to close Add Windows Users and Groups. Click OK to close File Server Properties.

Configuring FSA Reporting


FSA Reporting provides summary reports on the active data on your file servers, and on the data that has been archived from them. The FSA reports include data on the following:

The number of archived files for each file server, and the space used and saved as a result of archiving. You can also view the hundred largest files in a volume. Active and archived space usage by different file groups, per server and per archive point. Numbers of unaccessed or duplicated files, and the space they are occupying. Used and free space on the drives of each file server.

Many of the reports can provide either an overall view for all file servers with FSA Reporting configured, or a detailed view for a named file server. The reports include recommendations for improving your file lifecycle management policy. Note that in order to access FSA Reporting's reports, the Enterprise Vault Reporting component must be installed and configured on a machine with the required prerequisites. See About requirements for Enterprise Vault Reporting on page 53. In order to use FSA Reporting you must also do the following:

Configure an FSA Reporting database and set up default data collection schedules. Install the FSA Agent on NTFS servers from which you want to gather data. (The FSA Agent is not required on NetApp file servers or Celerra devices.) Configure individual file servers to specify whether data is to be collected, and to specify a non-default collection schedule.

Setting up File System Archiving (FSA) Configuring FSA Reporting

393

If required, specify whether data is to be collected on individual volumes.

For information on managing, viewing and interpreting the FSA Reports once you have configured FSA Reporting, see the Administrator's Guide.

Configuring the FSA Reporting database and setting the default data collection schedule
Before you can use FSA Reporting you must set up the FSA Reporting database, which holds the data for the FSA reports. You do this using the FSA Reporting Configuration wizard, which also enables you to set a default data collection schedule. To configure the FSA Reporting database and set the default data collection schedule

1 2 3 4

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click Configure FSA Reporting. The FSA Reporting Configuration wizard starts. Work through the wizard. You will need to provide the following information:

The SQL server to use for the FSA Reporting database, and the locations to use on that server for the database and transaction log files. The default data collection frequency and start times. Whether to extend data collection to include data from physical drives.

Note that you cannot rerun the FSA Reporting Configuration wizard once it has been completed. To reconfigure which SQL Server to use for the FSA Reporting database, to change the default data collection schedule, and to enable or disable FSA Reporting for all file servers in the site, you can use the Properties dialog of the 'File Server' container under Targets. See Reconfiguring and disabling or enabling FSA Reporting globally on page 393.

Reconfiguring and disabling or enabling FSA Reporting globally


You can use the Properties dialog of the 'File Server' container under Targets to reconfigure which SQL Server to use for the FSA Reporting database, to change the default data collection schedule, and to enable or disable FSA Reporting for all file servers in the site.

394

Setting up File System Archiving (FSA) Configuring FSA Reporting

To reconfigure FSA Reporting

1 2 3 4 5

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Right-click the File Server container and, on the shortcut menu, click Properties. To change the details of the SQL Server to use for the FSA Reporting database, click the Reporting Database tab, and enter the new details. To enable or disable FSA Reporting globally, change the default data collection schedule, or enable or disable data collection from physical drives, click the Reporting Data Collection tab, and change the required information. Click OK to save your changes and close the Properties dialog.

Installing the FSA Agent on NTFS file servers


NTFS servers require the FSA Agent to be installed in order to gather data for FSA Reporting. See Installing the FSA Agent on NTFS file servers on page 364.

Configuring individual file servers for FSA Reporting


If the FSA Reporting database is configured when you run the New File Server wizard or the Install FSA Agent wizard, the wizard allows you to enable FSA Reporting and to set a non-default FSA Reporting data collection schedule. You can also configure these parameters from the file server's Properties. To configure a file server for FSA Reporting

1 2 3 4 5 6

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container to show the file servers that have been added. Right-click the file server you wish to configure and, on the shortcut menu, click Properties. Click the Reporting Data Collection tab. Select the Enable data collection for FSA Reporting check box.

Setting up File System Archiving (FSA) Configuring FSA Reporting

395

To define a non-default schedule for data collection, clear the Use default schedule for FSA Reporting data collection check box and supply the required data collection schedule. To extend data collection to the file server's physical drives, select Collect data from all physical drives as well. Click OK to save your changes and close the Properties dialog.

8 9

Note that you can also enable or disable FSA Reporting at a volume level. See Enabling or disabling FSA Reporting for a volume on page 395.

Enabling or disabling FSA Reporting for a volume


If FSA Reporting is configured when you run the New Volume wizard, the wizard gives you the option to enable FSA Reporting on the volume. You can also enable or disable FSA Reporting for a volume from the volume's Properties. To enable or disable FSA Reporting for a volume

1 2 3 4 5 6 7

In the Administration Console, expand the Enterprise Vault site until the Targets container is visible. Expand the Targets container. Expand the File Server container to show the file servers that have been added. Expand he file server whose volume you wish to configure to show the volumes that have been added. Right-click the volume you wish to configure and, on the shortcut menu, click Properties. On the General tab, select or clear the Enable FSA Reporting check box. Click OK to save your changes and close the Properties dialog.

Troubleshooting FSA Reporting


If you have problems when configuring or using FSA Reporting, refer to the troubleshooting advice in the following Enterprise Vault TechNote: http://entsupport.symantec.com/docs/288460.

396

Setting up File System Archiving (FSA) FSA Agent uninstallation

FSA Agent uninstallation


Because you must uninstall Enterprise Vault before uninstalling the FSA Agent on a file server, you may prefer to disable the FSA Agent instead of uninstalling it.

What next?
File System Archiving configuration is complete. You can use the Administration Console to add file servers to the list of servers that are processed by File System Archiving, create new volume policies, add new volumes on the new file server, and create archive points as needed to control which folders are archived.

Chapter

34

Using FSA with clustered resources


This chapter includes the following topics:

About FSA clustering Supported cluster software and cluster types Preparation for FSA services in a cluster Configuring the FSA resource for high availability Removing the FSA resource from all cluster groups Troubleshooting

About FSA clustering


In an environment where the file servers are grouped in a cluster, you can make the FSA services that are running on them highly available. Then, if the cluster software detects the failure of the FSA services on one node, it can quickly restart the services on another node in the clustera process that is commonly known as "failover". For example, Figure 34-1 shows an environment in which three file servers are clustered together. All the servers have a shared disk configured; you can only make the FSA services highly available when there is a shared disk resource. If the FSA services on one node in the cluster fail, they automatically failover to another node in the cluster, thereby causing only a momentary pause in service.

398

Using FSA with clustered resources Supported cluster software and cluster types

Figure 34-1

Sample FSA cluster configuration

Shared disk

Three-node cluster of file servers

Remote cluster configuration Enterprise Vault Administration Console

Enterprise Vault administrator

Supported cluster software and cluster types


This FSA clustering feature works with the following cluster software:

Microsoft Cluster Server (MSCS) included with the following:


Windows 2000 Advanced Server or Datacenter Server Windows Server 2003 Enterprise Edition, SP1 Windows Server 2003 R2

VERITAS Cluster Server (VCS) 4.3 MP1 and later

The following cluster types are supported:

Active/passive cluster. To support high availability, the shared cluster resources are made available on one node of the cluster at a time. If a failure on the active cluster node occurs, the shared resources fail over to the passive node and users may continue to connect to the cluster without interruption. Active/active cluster. To support load balancing and high availability, the cluster resources are split among two or more nodes. Each node in the cluster

Using FSA with clustered resources Preparation for FSA services in a cluster

399

is the preferred owner of different resources. In the event of a failure of either cluster node, the shared resources on that node fail over to the remaining cluster nodes.

Preparation for FSA services in a cluster


Before you set up the FSA clustering feature, do the following:

Install the FSA services on each node to which the cluster group can failover. You can use the Vault Administration Console to do this. If the Vault Administration Console and the target file servers are in separate domains, set up a domain trust relationship. Ensure that the cluster group to which you want to add the FSA services resource also has a shared disk resource (sometimes referred to as a physical disk resource or Mount/MountV resource). Only VERITAS or Microsoft Cluster Server groups for which you have configured a shared disk resource are available for selection when you run the FSA Cluster Configuration wizard.

Configuring authentication for FSA services in a VCS cluster


Set up the required authentication on the Enterprise Vault server before you set up the FSA clustering feature on a VCS cluster. If you are using Symantec Product Authentication Services (SPAS, formerly VxSS), then you need to install the SPAS binaries on the Enterprise Vault server computer on which you will run the Enterprise Vault Administration Console. To obtain these binaries, contact Symantec Support. The version of the SPAS binaries installed on the Enterprise Vault server must be the same as the version installed on the VCS cluster nodes. For detailed information on how to set up SPAS, consult Symantec Product Authentication Services QuickStart. On each node in the VCS cluster that is to include FSA services, you can then set the Public network connection to high priority as follows:

Right-click "My Network Places", and then click "Properties". On the "Advanced" menu, click "Advanced Settings". On the "Adapters and Bindings" tab, ensure that the "Public" network is the top entry in the "Connections" list.

If Symantec Product Authentication Services are not available in the cluster, then you need to add users with administrative privileges, such as the Vault Service account, to the VCS user list.

400

Using FSA with clustered resources Preparation for FSA services in a cluster

See How to configure FSA on VCS when SPAS is not available

How to configure FSA on VCS when SPAS is not available


If Symantec Product Authentication Services are not available in the VCS cluster, then users with administrative privileges, such as the Vault Service account, must be added to the VCS user list in order to be able to authenticate and login to the VCS cluster. This section describes how to add the Vault Service account to the VCS user list. To configure the Vault Service account so that it is recognized by the VCS cluster

Launch command prompt on any of the VCS cluster nodes, and type the command:
hauser hauser is a VCS command line utility used to add and authenticate users in

VCS cluster. The executable is installed in the following location:


VCS installation folder\cluster server\bin

Put the cluster in read/write mode:


haconf -makerw

Use hauser to add the Vault Service account:


C:\>hauser add Vault_Service_account priv Administrator

When prompted for the account password, enter the Vault Service account password. Use the following command line to verify that the Vault Service account has been added to the VCS user list as an administrator:
C:\>hauser display Vault_Service_account

The output should be as follows:


Vault_Service_account : ClusterAdministrator

Save the cluster configuration:


haconf -dump -makero

Restart the FSA Cluster Configuration wizard from the Enterprise Vault Administration Console.

Using FSA with clustered resources Configuring the FSA resource for high availability

401

Configuring the FSA resource for high availability


You can add the FSA resource to a cluster group and reconfigure the resource settings by running the FSA Cluster Configuration wizard. To configure the FSA resource for high availability

1 2 3 4

In the left pane of the Vault Administration Console, right-click a clustered file server and then click FSA Cluster Configuration. When the welcome page of the FSA Cluster Configuration wizard appears, click Next. Select Add, remove, or reconfigure the FSA resource for groups that have shared disks, and then click Next. Select the cluster groups that are to include the FSA resource. If you check Services HA for a selected group, and there is a problem with the node on which the FSA services are running, then the FSA services and all the other resources in the group automatically failover to another, working node in the cluster. In effect, by checking Services HA, you make the failure of the FSA services on one node a sufficient reason to move all the resources to another node.

5 6

Click Next, and then wait for the FSA Cluster Configuration wizard to apply your requested settings to the cluster group. When the wizard displays a summary of the changes that it has made to the cluster group, click Finish.

Removing the FSA resource from all cluster groups


When you have no further need to make the FSA services highly available, you can remove them from the cluster groups to which you previously added them. To remove the FSA resource from all cluster groups

1 2 3 4 5

In the left pane of the Vault Administration Console, right-click a clustered file server and then click FSA Cluster Configuration. When the welcome page of the FSA Cluster Configuration wizard appears, click Next. Select Remove the FSA resource from all groups, and then click Next. Click Yes to confirm that you want to remove the FSA resource from the cluster groups. Click Finish.

402

Using FSA with clustered resources Troubleshooting

Troubleshooting
This section gives advice on action you can take if you encounter problems when configuring FSA clustering.

Vault Service account cannot access VCS cluster


If the following message is displayed when you start the FSA Cluster Configuration wizard in the Enterprise Vault Administration Console, it may be because the VERITAS Secure Authentication Service is not available in the VCS cluster and the Vault Service account cannot authenticate and login to the VCS cluster.
"Failed to collect clustering data from file server 'servername'. See the "Installing and Configuring Enterprise Vault" manual for guidance."

Note that this error message is not specific to this situation. It may also be displayed for other cluster related issues. If the VERITAS Secure Authentication Service is not available, then you need to add the Vault Service account to the VCS user list. See How to configure FSA on VCS when SPAS is not available on page 400.

General troubleshooting guidance


If you experience problems when you configure FSA clustering, try the following:

Verify that you have installed and configured the FSA services on each node to which the cluster group can failover. Ensure that the ClusSvc service (for Microsoft Cluster Server) or Had service (for VERITAS Cluster Server) is configured and running on the file server. Check the log files. The FSA Cluster Configuration wizard stores details of the changes that it has made in the file FSACluster.log, which is located in the \Utilities\FSA Cluster subfolder of the Enterprise Vault program folder (typically C:\Program Files\Enterprise Vault). The wizard creates additional log files on the individual cluster nodes when you configure a group for FSA services high availability. These log files are called FSA-MSCSType.log or FSA-VCSType.log, depending on whether you are using Microsoft Server Clusters or VERITAS Cluster Server, and they are stored in the FSA Agent installation folder. The following registry value determines the level of logging:

Using FSA with clustered resources Troubleshooting

403

HKEY_LOCAL_MACHINE\Software\KVS\Enterprise Vault\FSA\LogLevel

LogLevel can have a value in the range 0 through 5, where 0 or 1 records critical messages only, whereas 5 records debug and diagnostic messages.

404

Using FSA with clustered resources Troubleshooting

Section

Setting up SharePoint Server archiving

Configuring SharePoint archiving Installing SharePoint archiving Web Parts User access to archived SharePoint documents

406

Chapter

35

Configuring SharePoint archiving


This chapter includes the following topics:

About SharePoint Server archiving Configuring access to the SharePoint Server Configuring SharePoint archiving in the Administration Console Running the SharePoint archiving task What Next?

About SharePoint Server archiving


You can use Enterprise Vault to archive documents from servers running any of the following:

Microsoft Windows SharePoint Services 3.0 (WSS 3.0) Microsoft Office SharePoint Server 2007 (MOSS 2007) Microsoft Windows SharePoint Services 2.0 (WSS) Microsoft SharePoint Portal Server 2003 (SPS 2003)

At scheduled times, Enterprise Vault automatically copies documents from the SharePoint server and stores them in Enterprise Vault SharePoint archives. Archived documents can be left on the SharePoint server or deleted, as required. Shortcuts can also be created on the SharePoint server. Deleting the original documents and creating shortcuts are configured using the SharePoint policy.

408

Configuring SharePoint archiving About SharePoint Server archiving

If versioning is enabled for a document library, you can configure the number of versions of a document that are to be left on the SharePoint server after archiving. The archived version history link enables users to restore an older version of a document to the SharePoint Server. If you are archiving from WSS 3.0 or MOSS 2007 servers, you can also archive drafts of documents. Note that shortcuts will not be created in document libraries that have document publishing enabled; that is, if the document library is configured for minor versions, or if document approval is required in the document library. Archive Search and Archive Explorer Web Parts enable users to search or browse for archived documents in the SharePoint archives that they have permission to access. A single Enterprise Vault SharePoint archiving task can archive documents from multiple SharePoint servers. For example, Figure 35-1 shows an Enterprise Vault server archiving documents from a Windows SharePoint services server and a SharePoint Portal Server 2003. Figure 35-1 An example SharePoint archiving configuration

On the Enterprise Vault server, you configure the target SharePoint sites, archiving tasks and archiving policies using the Enterprise Vault Administration Console.

Before configuring SharePoint Server archiving


Before you use the Enterprise Vault Administration Console to configure SharePoint archiving, you need to have completed the following tasks:

Configuring SharePoint archiving Configuring access to the SharePoint Server

409

Set up your SharePoint Servers and created the SharePoint site collections and sites that you want to archive. To be able to configure Enterprise Vault you will need to know the URLs of the target SharePoint virtual servers or Web applications for archiving. Installed and configured Enterprise Vault SharePoint components on the SharePoint server. See SharePoint Server requirements on page 94. Installed and configured your Enterprise Vault server. See Installing Enterprise Vault on page 111.

Configuring access to the SharePoint Server


To ensure that Enterprise Vault can access the SharePoint servers, Internet Explorer security settings must be configured on all computers running Enterprise Vault tasks and services and also on any computers running a standalone Enterprise Vault Administration Console. To configure the Internet Explorer security settings

1 2 3 4 5 6

Log on to the Enterprise Vault server computer using the Vault Service account. Open Internet Explorer and click Tools, Internet Options. Click the Security tab on the Internet Options window. Select Local intranet and click Sites. Click Advanced in the Local intranet dialog box. Add the URL of each SharePoint virtual server that you want to archive:
http://sharepoint_server_name

7 8 9

Click OK twice to return to the Internet Options window. Click Custom Level. Scroll down to the User Authentication section, and select Automatic logon only in Intranet zone.

10 Click OK. 11 Click OK to close the Internet Options window.

410

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

Configuring SharePoint archiving in the Administration Console


On the Enterprise Vault server start the Enterprise Vault Administration Console and create the following objects in the order shown below:

A SharePoint archiving task. See Creating a SharePoint task on page 410. One or more SharePoint archiving policies. See Creating a SharePoint archiving policy on page 412. If required, a new vault store to use for the SharePoint archives. See Vault store assignment on page 414. SharePoint Targets. See Adding a SharePoint URL as an archiving target on page 415.

Creating a SharePoint task


This section describes how to create a SharePoint archiving task. You can create one or more SharePoint archiving tasks. A single task can support several SharePoint virtual servers or Web applications. To create a new SharePoint task

In the explorer pane of the Enterprise Vault Administration Console, navigate to the Enterprise Vault computer that is to host the new SharePoint task. Click the computer name to display Services and Tasks. Right-click Tasks and select New, SharePoint Task. This will start the New SharePoint Task wizard. Work through the windows. You will be prompted to give the task a name and description.

2 3

SharePoint archiving task properties


To customize property settings for this task, such as the logon account that runs the task, right-click the SharePoint task in the right hand pane and select "Properties". Table 35-1 Tab
General

SharePoint task properties Property


Site

Description
The Enterprise Vault site to which this task belongs.

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

411

Table 35-1 Tab

SharePoint task properties (continued) Property


Computer Task name Run in report mode

Description
The computer on which this task is created. The name of the task. Select this check box to run in report mode. This mode lists the documents that meet the archiving criteria, without actually archiving any documents. The startup type for this task. You can add a note for this task. This note is visible to other Enterprise Vault administrators, who have access to this task. If selected, this task will use the schedule configured for the Enterprise Vault site. Open site properties to view the site schedule. Select "Never" to stop the scheduled running of the task, or "Selected times", to start the task running at the times and days that you select on this page. This enables you to change the units used in the schedule grid below. You can select or clear times in the grid, as required. Help on how to use the grid is given in the online help.

Startup type Administrative note

Schedule

Use site setting

Run

Interval

Schedule grid

Log On

Select the account that By default, the Vault Service account is selected. You this task will run under can select a different account, if required. The account used must have full access to target site collections and their content. When archiving from SharePoint 3.0 sites, the account must have Site Collection Administrator privileges on the target SharePoint site collections. Generate report files for archive run The "Reports" tab enables you to configure report generation. If you want reports generated each time the archiving task runs, select this check box. Reports are created in the "Reports" folder (typically C:\Program Files\Enterprise Vault\Reports). You can select the amount of detail you want included in reports for this task.

Reports

Logging level for Archiving and Report runs

412

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

Table 35-1 Tab

SharePoint task properties (continued) Property


Number of reports to keep

Description
You can also select the number of reports for this task that you want kept in the "Reports" folder. This tab lists the sites to be archived on the SharePoint server. Targets are assigned to tasks when you create archiving target objects. See Creating archiving target site collections on page 416. A SharePoint task can service several targets. Alternatively, you can create multiple SharePoint archiving tasks and assign targets to each task, as required.

Targets

Targets

Creating a SharePoint archiving policy


This section describes how to create a SharePoint archiving policy. A policy defines what documents are to be archived and, if versioning is enabled on the SharePoint server, how many versions are to be left in SharePoint after archiving. To create a SharePoint archiving policy

1 2 3

In the Enterprise Vault Administration Console tree, expand the Enterprise Vault site and then click Policies. Under Policies, click SharePoint. To create a new policy, right-click in the right hand pane and select New, Policy (alternatively, right-click SharePoint under Policies in the tree). The New SharePoint Policy wizard starts. In the first window, give the policy a name and description. In the next window, select the action you want Enterprise Vault to take after archiving:

4 5

Leave document in SharePoint means that the document will not be deleted from SharePoint once it is archived; users will be able to access all versions of the document both on the server and in the archive. Delete document from SharePoint once archived means that an archived document is deleted from SharePoint and only available in the archive. Prune to n versions of the document enables you to set the number of versions (n) of an archived document that you want left in SharePoint after archiving. Earlier versions will be available in the archive only.

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

413

6 7 8 9

In the next window you can configure age-based archiving, and whether to leave shortcuts to archived documents on the SharePoint Server . In the next window you create one or more rules to select the documents that you want to process with this policy. Click New to display the Rule window. Enter a Name and Description for this rule. In the Rule type section, select the action to be taken with files that match the rule. This can be one of Archive, Do not archive or Delete.

10 In the Filter files using the filename section specify the selection criteria.
The first box lets you include or exclude the files specified in the second box. In the second box enter the files you want to target. You can include wildcards in the filenames. For example:

* on its own means all files. *.doc means all files with the extension .doc.

Separate multiple filenames with a comma.

11 In addition to selection by filename, you can select files by size using the
Filter files using file size options.

12 When you click OK, the rule is added to the list of rules. One or more rules
can be applied when selecting files to process with this policy. Click New to add further rules or Edit to change the highlighted rule. During processing, the rules are applied in order from the top of the list. The first rule that matches will be applied, so you need to ensure that the required default action is last. Use Move Up and Move Down to re-order rules. To disable a rule, clear the check box for that rule. Click Next.

13 When Enterprise Vault archives documents from SharePoint, the copy stored
in the archive is given the same permissions as the folder that contained the original document. This means that users with read access to the folder in SharePoint will be able to access archived copies of any documents in the folder. When archiving from SharePoint 3.0 targets, you can configure whether or not Enterprise Vault is to archive documents with permissions that differ from those of other documents in the folder. When archiving from SharePoint 2.0 targets, any settings on this page are ignored and all documents in the folder are archived with the same permissions as the folder. Click Next.

414

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

14 When archiving from SharePoint 3.0 targets, you can configure Enterprise
Vault to archive drafts of documents. When archiving drafts, you can specify that drafts of a document will only be archived if users who have access to the SharePoint document also have access to drafts of that document. If you select the option to archive drafts but do not select Only archive drafts if they can be viewed by users with read access to the document, then drafts of all documents archived from the target site are archived. This means that anyone with read access to the original document in SharePoint will also be able to view archived drafts of the document in Enterprise Vault, even if they do not have access to drafts in SharePoint. When archiving from SharePoint 2.0 targets, any settings on this page are ignored.

15 The final screen shows a summary of what the policy will do. 16 Click Finish and then Close.

SharePoint policy properties


You can view, edit or copy existing SharePoint policies, that are listed in the right-hand pane of the Administration Console.

To view or edit the properties of an existing policy, right-click it and select Properties. To copy an existing policy and give it a different name, right-click the policy and select Copy Policy.

Vault store assignment


You can either create a new vault store to use for SharePoint archives, or you can assign an existing vault store. If you want to use a new vault store, create the vault store and partition before you create the SharePoint Archiving Target. See Creating a default vault store and partition on page 143. When the archiving task runs, archives are created automatically in the open vault store partition. An archive is created for each SharePoint site collection. In the Administration Console tree, you can see the archives under "Archives", "SharePoint". Note that documents in the top level site and all subsites of that site collection are stored in the same archive. Access permissions on Enterprise Vault archives and archive folders are synchronized automatically with permissions on the corresponding SharePoint sites and document libraries.

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

415

You can view and customize the properties of vault stores, partitions and archives by right-clicking the object in the Administration Console and selecting "Properties". For information on the properties for each object, see the Administration Console online help.

Adding a SharePoint URL as an archiving target


This section describes how to add SharePoint archiving targets in the Enterprise Vault Administration Console. The SharePoint archiving target objects in the Administration Console tree (Targets > SharePoint) are associated with parts of the SharePoint site architecture:

A SharePoint 2.0 virtual server or SharePoint 3.0 Web application object contains the URL of the SharePoint virtual server or Web application to be archived. Site collection objects are associated with existing top-level sites on the SharePoint server. Site objects are associated with existing subsites on the SharePoint server.

Note that, before you can configure the archiving target objects in Enterprise Vault, the SharePoint virtual server or Web application and site collections must exist in SharePoint and the Enterprise Vault components must be installed and configured on the SharePoint server. Internet Explorer security settings must also be set up as described in Creating a SharePoint task. To add a SharePoint target object

1 2 3

Under Targets, right-click the SharePoint container and select New, SharePoint target. This starts a wizard. Click Next on the first screen. Enter the URL for the virtual server or Web application. Click Next.

416

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

If you want Enterprise Vault to archive automatically all sites on this target, select the Auto-enable Site Collections check box. The wizard will then take you through screens that enable you to select the task, policy, vault store and retention category to be used for all sites on this SharePoint target. If auto-enable archiving is on, site collection objects will be added automatically under the SharePoint target object the first time the archiving task runs, and a new archive will be created automatically for each of these site collections. Subsites will also be archived using the default settings for the target site collection object, but target subsite objects will not be displayed in the Administration Console. Documents in subsites will be stored in the archive for the top-level site collection. If you do not want Enterprise Vault to archive some top-level sites, or you want to assign a different policy, retention category or task, clear the Auto-enable Site Collections check box. The wizard will then go directly to the final summary screen. You will need to create target site collection objects manually for any site collections that you do want archived. See Creating archiving target site collections on page 416.

Before the SharePoint target object is created, a summary of the object details is displayed. If they are correct, click Finish and then Close to exit the wizard.

Changing the default archiving settings for a SharePoint target


If you later decide to enable or disable automatic archiving or change default archiving settings, use the SharePoint target properties. To change default archiving settings

Right-click the SharePoint target object in the Administration Console tree and select Properties.

Stopping the archiving of sites on a target


You can stop the archiving of all site collections on a SharePoint target. To stop archiving sites

Clearing the Archive this SharePoint target check box on the SharePoint target properties page.

Creating archiving target site collections


If Auto-enable Site Collections is selected on the SharePoint target object, a target site collection object for each top level site will be created automatically when the archiving task runs.

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

417

Figure 35-1 illustrates the relationship between virtual servers (or Web applications) and sites on the SharePoint targets (on the left) and associated archiving target objects in the Enterprise Vault Administration Console (on the right). In the example shown, Site Collection C is not being archived, so only Site Collection D on SharePoint Virtual Server B has a target site collection object in Enterprise Vault. In this example, automatic archiving of site collections is not enabled on the SharePoint target B object.

418

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

Figure 35-2
SharePoint Server

Archiving Targets
Enterprise Vault Server

SharePoint 2007 Web Application A

SharePoint Target A Object

Site Collection B Site Collection A

Site Collection B Object

Site Collection A Object Subsite

SharePoint 2003 Virtual Server B

SharePoint Target B Object

Site Collection C

Site Collection D

Site Collection D Object

If you only want to archive some site collections, clear the Auto-enable Site Collections check box on the SharePoint target object and create the required target site collection objects manually.

Configuring SharePoint archiving Configuring SharePoint archiving in the Administration Console

419

To create a target site collection object manually

1 2 3

Under Targets, SharePoint, right-click the SharePoint target object and select New, SharePoint Site Collection. This starts a New SharePoint Site Collection wizard. Click Next on the first screen. Enter the URL for the top level site in the site collection, for example:
http://sharepoint/sites/marketing

Note that the default site collection in SharePoint may have the same URL as the virtual server or Web application.

4 5

Select the required scope of archiving for this site collection; the top level Web site only, the subsites only, or both. Click Next. Highlight the vault store to be used for the SharePoint archives. A separate archive will be created automatically in the vault store for each top-level site. Click Next. Select the policy and archiving task to be used to archive the site collection. Click Next. Select the retention category to be applied to any files that are archived. You can use New to create a new retention category, if required. Click Next. The next screen shows a summary of the details for archiving the site collection. If this is correct, click Finish. A prompt confirms that the object has been created. Click Close.

6 7 8 9

Creating archiving target subsites


Target site objects are not added automatically for subsites in a SharePoint site collection, even if the subsites are being archived. If there is no target site object, the subsite is archived using the archiving settings of the top-level site in the site collection. For example, in Figure 35-2, there is no target object in Enterprise Vault corresponding to the subsite under Site Collection A on the SharePoint server. You only need to create a target site object manually if you want to override the default archiving settings in order to include a subsite (when the parent site is not being archived), or to exclude a site (or its subsites) from archiving. Documents archived from all sites in a site collection will be stored in the same archive.

420

Configuring SharePoint archiving Running the SharePoint archiving task

Note that an archiving task can be assigned to a SharePoint 2.0 virtual server, SharePoint 3.0 Web application or top-level site, but not to a subsite. To create archiving target objects for subsites

1 2 3

Under Targets, SharePoint, expand the SharePoint target object and find the target site collection object for the subsite you want to archive. Right-click the site collection object and select New, SharePoint Site. This starts a New SharePoint Site wizard. Click Next on the first screen. The full path of the top-level site will be displayed below the box. Enter in the box the relative path for the subsite. For example, if the top-level site path is
http://sharepoint/sites/marketing

and the full path for the subsite is


http://sharepoint/sites/marketing/presentations

you would just enter:


presentations

4 5 6 7 8 9

Select the required scope of archiving for this site; this site only, the subsites only, or both. Click Next. Select the policy to be used to archive the site and subsites. Click Next. Select the retention category to be applied to any files that are archived. You can use New to create a new retention category, if required. Click Next. The next screen shows a summary of the archiving settings for the site. If this is correct, click Finish. A prompt confirms that the object has been created. Click Close. Target site objects for subsites are displayed in the right hand pane of the Administration Console when you click the site collection object in the tree. They are not shown in the tree.

Running the SharePoint archiving task


You can start an immediate archive run for all sites serviced by an archiving task, or for a particular site collection. Alternatively, to archive regularly all the target sites associated with a task, you can use an Enterprise Vault site schedule or you can set a separate schedule for the SharePoint task.

Configuring SharePoint archiving Running the SharePoint archiving task

421

See Scheduling archive runs on page 421. To archive immediately all target sites serviced by a SharePoint task

In the Enterprise Vault Administration Console tree, navigate to the Enterprise Vault computer that hosts the SharePoint task. Click the computer name to display Services and Tasks. Click Tasks to display the SharePoint task in the right hand pane. Right-click the SharePoint task and select Run Now. You then select how the task is to run. In report mode, nothing is actually archived, but a report is generated showing what documents are ready to be archived. In normal mode, the documents will actually be archived and a report may or may not be generated, depending on the task report properties. You can view the report in the Reports folder (typically C:\Program Files\Enterprise Vault\Reports).

2 3 4

Click OK to start the archive run. A prompt tells you that the task has started. Click OK to dismiss the prompt.

To archive a particular target site collection only

1 2 3 4

In the Enterprise Vault Administration Console tree, expand the Targets container and under this, the SharePoint container. Expand the SharePoint target object to display the site collection objects. To archive all sites in a site collection, right-click the site collection object and select Run Now. Select report or normal mode for the task and click OK to start the archive run.

Scheduling archive runs


You can run SharePoint archiving according to the site schedule or using a separate schedule for the SharePoint task. To use the Enterprise Vault site schedule

First check that the site schedule is suitable. In the Administration Console tree, right-click the Enterprise Vault site container and select Properties. Click the Site Schedule tab to see the default schedule set for all archiving tasks.

In the Administration Console tree, expand the Enterprise Vault Servers container under the Enterprise Vault site and then expand the Enterprise Vault server that is configured to archive the SharePoint server.

422

Configuring SharePoint archiving What Next?

3 4 5 6 7

Click Tasks in the tree. In the right hand pane, right-click the required SharePoint task. (SharePoint will be displayed in the Type column), and select Properties. Select the Schedule tab. Select the Use site setting check box. Click OK.

To create a separate schedule for the SharePoint task

In the Administration Console tree, expand the Enterprise Vault Servers container under the Enterprise Vault site and then expand the Enterprise Vault server that is configured to archive the SharePoint server. Click Tasks in the tree. In the right hand pane, right-click the required SharePoint task. (SharePoint will be displayed in the Type column), and select Properties. Select the Schedule tab. Clear the Use site setting check box. Set the required schedule for this task. Click OK.

2 3 4 5 6 7

What Next?
If required, you can now install the Web Parts on SharePoint Servers for archived versions link, Enterprise Vault Search and Archive Explorer. See the next chapter for details.

Chapter

36

Installing SharePoint archiving Web Parts


This chapter includes the following topics:

Installing Archive Search Web Part Adding Web Parts and version history link to site pages Enterprise Vault access on "all-in-one" systems What next?

Installing Archive Search Web Part


To enable users to search Enterprise Vault archives, you need to install the Archive Search Web Part on your SharePoint Servers. Custom Web Parts are distributed as .cab files. You use the command line tool Stsadm.exe to add Web Parts from a .cab file to one or more virtual servers. For more information on adding custom Web Parts, see the following article on the Microsoft Web site: http://www.microsoft.com/resources/documentation/wss/2/all/adminguide/ en-us/stswp03.mspx A custom Web Part for Enterprise Vault Archive Search is included in the Enterprise Vault SharePoint components. This is distributed in multiple language versions. Once installed, the name of the Web Part in the virtual server gallery will be in the language of the package that you have installed. However, in SharePoint site pages the Web Part text will be displayed to users in the language of the SharePoint site, irrespective of the language package installed.

424

Installing SharePoint archiving Web Parts Installing Archive Search Web Part

To install the Archive Search Web Part

If the language selected for your SharePoint installation is not English, then you need to copy the appropriate language version of the Web Part package to the folder containing Stsadm.exe before you install the Web Part. (When the Enterprise Vault SharePoint components were installed, an English version of the Web Part was placed in this folder.) Copy the Web Part package, EV_SharepointWebPartsCab.cab, from the appropriate language folder under C:\Program Files\Enterprise Vault\Languages\Windows SharePoint Services Web Parts to the folder containing the Stsadm.exe tool. This is typically C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN for WSS 2.0 and SPS 2003, and C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN for WSS 3.0 and MOSS 2007.

On the SharePoint server open a Command Prompt window.

Installing SharePoint archiving Web Parts Installing Archive Search Web Part

425

Use the cd command to go to the directory containing the Stsadm.exe tool and the Web Part CAB file. For example:
cd "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN"

To install the Web Part on every virtual server on a SharePoint server, enter the following command (on one line):
stsadm.exe -o addwppack -globalinstall -force -filename "EV_SharepointWebPartsCab.cab"

To install the Web Part on a particular virtual server, enter the command line:
stsadm.exe -o addwppack -globalinstall -url virtual_server_url -force -filename "EV_SharepointWebPartsCab.cab"

virtual_server_url is the URL of the SharePoint Web application or virtual server on which to install the Web Parts. If you specify the URL of a single Web application or virtual server and the -globalinstall parameter, the Web Part will only appear in the Web Part Gallery of the virtual server that you specified. However, the assembly will be installed in the global assembly cache (GAC). You should see the following installation message displayed:
EV_sharepointwebpartscab.cab: Deploying to http://sharepoint_server_name Operation completed successfully

If an error occurs due to an obvious mistake, such as a typing error, rerun the above command; ensure that the -force switch is included in the command line. This forces the files to be installed over any existing files.

Installing Archive Search Web Part in a Web Server Farm


This section describes the Web Part installation steps if you have configured a medium or large Network Load Balancing Server Farm environment, as described in the Microsoft article in the resource kit: http://www.microsoft.com/technet/prodtechnol/sppt/reskit/c1261881x.mspx For the Archive Search Web Part to be installed correctly, SharePoint virtual servers and Web applications must be configured to use host headers and not IP addresses.

426

Installing SharePoint archiving Web Parts Installing Archive Search Web Part

Configuring SharePoint to use host headers


In the instructions in this section, an example IP address of 172.15.10.200 is used for the SharePoint cluster. The example DNS record for the SharePoint cluster is sharepoint, which means that users enter the URL http://sharepoint in their browsers. Replace these examples with the IP address and DNS value for your configuration. On each Web Server in the cluster, the following steps must be repeated for each SharePoint virtual servers and Web applications (SharePoint Web site in IIS). To configure SharePoint to use host headers

1 2 3 4 5

On the Web Server computer, open Internet Information Services (IIS). Open the properties dialog for the SharePoint Web site and set the IP Address to All Unassigned. Leave the TCP Port as configured. Click Advanced and then Add. In the TCP Port box, type in the required TCP Port. In the Host Header value box, type in a value that corresponds with the value in the DNS record for this SharePoint virtual server or Web application; this would be sharepoint in the given example. Leave the IP Address as All unassigned. Click OK.

In case users connect using the cluster IP address instead of the DNS name, it is advisable to repeat from step 4 and add a host header with the IP address as the host header value; 172.1 5.10.200 in the given example.

Installing the Web Part and verifying the installation


The following steps must be repeated on each Web Server in the cluster.

Installing SharePoint archiving Web Parts Installing Archive Search Web Part

427

To install the Web Part and verify the installation

If the language selected for your SharePoint installation is not English, then you need to copy the appropriate language version of the Web Part package to the folder containing Stsadm.exe before you install the Web Part. (When the Enterprise Vault SharePoint components are installed, an English version of the Web Part is placed in this folder.) Copy the Web Part package, EV_SharepointWebPartsCab.cab, from the appropriate language folder under C:\Program Files\Enterprise Vault\Languages\Windows SharePoint Services Web Parts to the folder containing the Stsadm.exe tool. This is typically, C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN for WSS 2.0 and SPS 2003, and C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN for WSS 3.0 and MOSS 2007.

2 3

Open a Command Prompt window. Use the cd command to go to the directory containing the Stsadm.exe tool and the Web Part CAB file. For example:
cd "C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN"

Enter the following command (on one line):


stsadm.exe -o addwppack -url http://sharepoint -globalinstall -force -filename "ev_sharepointwebpartscab.cab"

where sharepoint is the DNS record for the SharePoint virtual server or Web application.

After installing the Web Part on each Web Server, you can validate the installation as follows:

On any of the Web Servers, open a Command Prompt window, go to the directory containing the Stsadm.exe tool and run the following command:
stsadm.exe -o enumwppacks -farm

A list is displayed with details of each Web Server, for example:


SPSWEB1, ev_sharepointwebpartscab.cab, http://sharepoint/SPSWEB2, ev_sharepointwebpartscab.cab, http://sharepoint/

428

Installing SharePoint archiving Web Parts Adding Web Parts and version history link to site pages

Adding Web Parts and version history link to site pages


This section describes how to add the following to SharePoint site pages:

Archive Search Web Part Archived version history link Archive Explorer Web Part

Adding the Archive Search Web Part to a site


After the Archive Search Web Part has been installed on the SharePoint Server, you can logon to the SharePoint sites and add the Web Part to the site page. To modify the SharePoint site page and add Web Parts you will need to be a site owner or administrator. To add Archive Search Web Part to a site page (SharePoint 2007)

1 2 3 4 5

In Internet Explorer, open the home page for the SharePoint site where you want to add the Archive Search Web Part. On the Site Actions menu , click Edit Page. In the Web Part zone in which you want to add the Web Part, click Add a Web Part. In the Add Web Parts dialog box, select the check box for the Archive Search Web Part (located in the Miscellaneous section). Click Add. The Archive Search Web Part will now be displayed on the page. Irrespective of the language of the Web Part package that you installed, text in the Web Part will be displayed in the language of the site.

To add Archive Search Web Part to a site page (SharePoint 2003)

1 2 3

In Internet Explorer, open the home page for the SharePoint site where you want to add the Archive Search Web Part. Click Modify Shared Page in the top right of the page, and select Add Web Parts, Browse. Click Virtual Server Gallery. The Archive Search Web Part should be listed in the Web Part List. Note that the name of this Web Part will be in the language of the Web Part package that you installed. Drag the Archive Search Web Part to where you want it placed on the page.

Installing SharePoint archiving Web Parts Adding Web Parts and version history link to site pages

429

5 6

Close the Add Web Parts panel. The Archive Search Web Part will now be displayed on the page. Irrespective of the language of the Web Part package that you installed, text in the Web Part will be displayed in the language of the site.

Adding the archived version history link


This section describes how to enable the archived version link on version history pages. If you have multiple virtual SharePoint servers configured on a computer, you only have to perform this task once on the computer. To enable the archived version link

In a browser, enter the URL:


http://spcomputername/_layouts/versionsadmin.aspx

where spcomputername is the name of your SharePoint server computer. This displays the page Enterprise Vault Archived Version History Administration.

Click Install the archived version history link. If you later wanted to remove the link, go to this Web page and click Remove the archived version history link.

3 4

A progress window is displayed briefly while the link is being installed. A confirmation message is displayed when installation is complete. The archived version history link does not appear on the version history page for a document until the library containing the document is archived.

Adding the Archive Explorer Web Part to a site


Optionally, you can add the Archive Explorer Web Part to a SharePoint site page. This is available in multiple language versions. We recommend that you import the Archive Explorer Web Part into an empty Web Part page. To create a new Web Part page for the Web Part

1 2

Navigate to the required site on your SharePoint Server. On SharePoint 2007, click Create on the Site Actions menu. On SharePoint 2003, click Create in the top toolbar.

430

Installing SharePoint archiving Web Parts Adding Web Parts and version history link to site pages

On SharePoint 2007, click Web Part Page. On SharePoint 2003, Web Part Page is in the Web Pages section.

4 5 6

In the form that is displayed, enter a name for the Web Part; for example, Archive Explorer. Select Full Page and Vertical layout options. Click Create. The new Web Part Page is then displayed.

To import the Web Part into the Web Part Page

On SharePoint 2007, in the Web Part zone, click Add a Web Part. On SharePoint 2003, in the top right-hand corner of the new Web Part page, click Modify My Page, if you are using Personal View, or Modify Shared Page, if you are using Shared View.

On SharePoint 2007, in the Add Web Parts dialog box, click Advanced Web Part gallery and options. On SharePoint 2003, click Add Web Parts from the menu.

On SharePoint 2007, click Browse. On the drop-down menu click Import. On SharePoint 2003, click Import.

Specify the path to the required language version of the Archive Explorer Web Part file, Archive Explorer.dwp. This will be in the appropriate language folder under C:\Program Files\Enterprise Vault\Languages\Windows SharePoint Services Web Parts. Click Upload. After uploading the Web part, the page will be refreshed and the Enterprise Vault Archive Explorer Web Part will be listed under Uploaded Web Part.

Drag the icon next to the Web Part to the Full Page zone on the Web Part page. An error is displayed, because you need to set the Enterprise Vault server name.

7 8

Click the arrow beside the Web Part and click Modify Shared Web Part. Change the link property to
http://EV_IIS_computer/EnterpriseVault/ArchiveExplorerui.asp

where EV_IIS_computer is the name of the computer running the Enterprise Vault Web Access application.

Installing SharePoint archiving Web Parts Enterprise Vault access on "all-in-one" systems

431

Click OK.

10 Archive Explorer will appear on the page.

Enterprise Vault access on "all-in-one" systems


If you have installed the Enterprise Vault server and SharePoint server on the same computer, you need to exclude the Enterprise Vault URL as a managed path on the SharePoint server, in order to be able to access the Enterprise Vault browser search page and Archive Explorer. To exclude the Enterprise Vault URL as a managed path (on SharePoint 2007)

1 2 3 4 5

Click Start, Administrative Tools, SharePoint 3.0 Central Administration. Select Application Management in the left navigation menu. Select Define managed paths under Web Application Management. Select the Web application that the Enterprise Vault Web application is installed on; this will typically be the default Web application. In Add a new path, enter enterprisevault in the Path box, and click Check URL. The Enterprise Vault Web application page should be displayed. If it is not displayed, check that you have entered the correct URL. Select Explicit inclusion and click OK.

To exclude the Enterprise Vault URL as a managed path (on SharePoint 2003)

1 2

Click Start, Administrative Tools, SharePoint Central Administration. If you are configuring a SharePoint Portal Server, scroll to the section Portal Site and Virtual Server Configuration and select Configure virtual server settings from the Virtual Server List page. If you are configuring Windows SharePoint services, in the Virtual Server Configuration section, select Configure virtual server settings.

From the Virtual Server List, select the name of the virtual server that the Enterprise Vault SharePoint components are installed on; this will typically be Default Web Site. Select Define managed paths under Virtual Server Management. In Add a new path, enter enterprisevault in the Path box and click Check URL. The Enterprise Vault Web application page should be displayed. If it is not displayed, check that you have entered the correct URL. Select Excluded Path and click OK.

4 5

432

Installing SharePoint archiving Web Parts What next?

What next?
Now find out how to use the Web Parts to access archived documents. See the next chapter for details.

Chapter

37

User access to archived SharePoint documents


This chapter includes the following topics:

Viewing and restoring archived documents

Viewing and restoring archived documents


Users can access documents that have been stored in the Enterprise Vault SharePoint archives as follows:

Using the "Show archived versions for this document" link on the versions history page. From this page users can access versions of a document that are in the archive and also replace the current version of a document on the SharePoint server with a version in the archive. See The version history page on page 434. Using the Archive Search Web Part. The Archive Search Web Part enables users to search for archived documents in the archives. From the search results page, users can view documents and copy archived documents or document versions to the SharePoint server. See Using the Archive Search Web Part on page 434. Using the Archive Explorer Web Part. The Archive Explorer Web Part enables users to browse and search SharePoint archives that they have permission to access. Archived documents can be viewed but not restored using Archive Explorer. See About the Archive Explorer Web Part on page 437. Note: When Archive Explorer is launched from within Outlook, it does not display SharePoint archives.

434

User access to archived SharePoint documents Viewing and restoring archived documents

In sites and document libraries, users will only be able to see documents that they have permission to access. To use Archive Search or Archive Explorer Web Parts, Internet Explorer 6.0 or later, with Java scripting enabled, must be installed on each users desktop computer.

The version history page


If versioning is enabled in SharePoint for a document library, the versions history page displays the versions of a document on the SharePoint server. After the archiving task has run for the first time, a new link, "Show archived versions for this document", is displayed under the SharePoint versions. To access versions of the document stored in the archive, click "Show archived versions for this document". You can "View" or "Restore" the document using the drop down menu from the document name:

"View" enables you to open the archived document or save it on your computer. "Restore" enables you to restore the document to SharePoint as the latest version.

To display only the versions on SharePoint, click "Hide archived versions for this document".

Using the Archive Search Web Part


You use the Archive Search Web Part to find documents stored in the Enterprise Vault SharePoint archive. The search works in the same way as the SharePoint Portal Server search.

User access to archived SharePoint documents Viewing and restoring archived documents

435

To search for archived documents

1 2

In the first box, select the scope for your search: This Site or Site Collection. In the second box, enter words to search for in the document name, subject or content, and then press the Go button. For example, entering the following would return documents with any of the words press, updated or v5 in the name, subject or content:
press updated v5

The wildcard character * can be used to denote one or more characters at the end of a word. At least three characters must precede the wildcard character. For example, new* would find an archived document called December newsletter.doc and a document with the word newer in the content. Note that to be able to search for phrases in the document content, indexing must be set to Full on the archive. To see the indexing level, right-click the site collection archive in the Enterprise Vault Administration Console, select Properties and then click the Advanced tab on the properties window.

3 4

The results of the search will be displayed on the Archive Search Results page. Use the links on the left of the Archive Search Results page to group or sort the results by Author, Date, and so on. When you sort the results, an arrow will indicate the sort order; click the link a second time to reverse the order. The Actions section links enable you to hide or display the preview information for each item (Show Less/Show More), display just the group titles or the items in the groups (Collapse Groups/Expand Groups) and create a complex search filter or a simple search (Advanced Search/Simple Search). The links toggle between these actions, so when you select Show Less, for example, the link changes to Show More.

About the advanced search


With the advanced search, you can search on a combination of the following criteria:

Author Content Document type Document name Created or modified date

436

User access to archived SharePoint documents Viewing and restoring archived documents

"Contains" means that in matching documents the selected property must contain the word or phrase as entered in the next box. "Is exactly" means that in matching documents the selected property must contain exactly the word or phrase as entered in the next box. For example, if the author of a document is John Peter Doe:

Searching for "Author Contains John Peter" will result in a match. Searching for "Author Contains John Doe" or "Doe John" will not result in a match. Searching for "Author Is exactly John Peter Doe" will result in a match. Searching for "Author Is exactly John Peter" will not result in a match.

If you specify two properties, you can manage the way they are applied using the "And/Or" operator options. If three properties are specified, the second and third always use the "And" operator. If you enter values for properties and select a "Modified/Created" date range, the search will look for documents that satisfy both the property criteria and the date criteria.

Using Manage Scope and Manage Properties


You can use these links to customize the search form by adding sites to the scope list and custom properties to the properties listed.

"Manage Scope" enables you to add sites to the "Search scope" drop-down box. For example, you may want to include a site that has been deleted, as there may still be archived documents from this site. "Manage Properties" enables you to add custom properties to the "Search by properties" drop-down box. Custom properties can be defined for document libraries. Enterprise Vault stores these additional properties when it archives documents.

To add a site to the search scope list

1 2 3 4 5 6

Click Manage Scope. Click Add a Site. Enter the Site name and the URL for the required site. Click OK. The site is displayed on the Custom Sites page. Click Back to return to the main search page. When you click the arrow beside the Search scope drop-down box. The new site is now available in the list.

User access to archived SharePoint documents Viewing and restoring archived documents

437

To add a custom property to the Search by properties list

1 2 3 4 5 6

Click Manage Properties. Click Add a Property. Enter the Property name of the required custom property. Click OK. The site is displayed on the Custom Properties page. Click Back to return to the main search page. When you click the arrow beside the property box under Search by properties, the new property is now available in the list.

Restoring a document using the Archive Search Web Part


On the Archive Search Results page, a "Restore" link is displayed below each document listed. To restore a copy of a search result document to the SharePoint server

1 2

Click the Restore link below the required document. The Document Restored page is displayed, showing the name and location of the restored copy. The restored copy is a new file with the name of the original document and a suffix (n), for example:
my document(1).doc

If you restore the original document again from the Archive Search Results page, another new document would be created with the name, my document(2).doc. Restoring a document from the Archive Search Results page does not replace the latest version in the document library. On the version history page for the new document, clicking Show archived versions for this document will display archived versions of the restored document, my document(1).doc in our example, and archived versions of the original document, my document.doc in our example.

About the Archive Explorer Web Part


You can navigate and search SharePoint archives that you have permission to access using Archive Explorer Web Part.

438

User access to archived SharePoint documents Viewing and restoring archived documents

The archives are displayed in a tree structure. All documents in a site collection are stored in the same archive. In the Archive Explorer tree, subsites and document libraries are displayed as child objects of the site collection archive. Expand the required archive in the tree on the left. When you click the document library object in the tree, the documents archived from that library will be displayed on the right. For more information on how to use Archive Explorer, see the online help on the Archive Explorer pages.

Internet Explorer settings for users


To avoid users having to enter credentials every time they access the SharePoint server or Enterprise Vault SharePoint archive, the Enterprise Vault server and SharePoint Server can be added to local intranet sites in Internet Explorer. If you are using Active Directory, you can employ a group policy to apply the zone changes to all domain users running Windows 2000, Windows XP and Windows Server 2003, by editing the "Internet Explorer Maintenance" settings within the policy. To modify the setting for an individual user

1 2 3 4

On each client computer, open Internet Explorer. Go to Tools, Internet Options and click the Security tab. Click Trusted sites and then Sites. Enter the URL for the SharePoint server and click Add. For example:
http://my_sharepoint_server

Enter the Enterprise Vault Web Access application URL and click Add. For example:
http://myEnterpriseVaultServer

6 7 8

Click OK to close the Trusted Sites window. If a pop-up blocker is being used, configure it so that it does not block the Web Access application URL. Close Internet Explorer.

Section

Setting up SMTP archiving

Setting up SMTP archiving

440

Chapter

38

Setting up SMTP archiving


This chapter includes the following topics:

About SMTP archiving Installing the SMTP archiving components Create the holding area Set up the SMTP archiving configuration file Set up File System Archiving Running SMTP archiving How SMTP archiving selects the holding area folder to use

About SMTP archiving


Figure 38-1 illustrates the components used in SMTP archiving.

442

Setting up SMTP archiving About SMTP archiving

Figure 38-1

SMTP architecture

SMTP messages are sent to a third-party SMTP messaging server. This server relays messages to their destination and also sends a blind copy to a Microsoft SMTP Server for archiving by Enterprise Vault SMTP archiving. You can configure SMTP archiving to handle messages for multiple domains, if needed. SMTP archiving processes the messages and stores them as EML files in folders in a holding area. Enterprise Vault File System Archiving (FSA) then retrieves the EML files from the holding area and stores them in archives. See the Introduction and Planning manual for a fuller introduction to the Enterprise Vault SMTP archiving solution.

Overview of setting up SMTP archiving


You need to perform the following steps to configure SMTP archiving:

Setting up SMTP archiving Installing the SMTP archiving components

443

Ensure that the prerequisites are satisfied for the Enterprise Vault server, File System Archiving and SMTP archiving. See Enterprise Vault Deployment Scanner on page 38. See About the prerequisites for FSA on page 87. See About the prerequisites for SMTP archiving on page 99. Install and configure the Microsoft SMTP virtual server. The gateway mail server should relay the message on to its destination, and send a blind copy (BCC) to the Microsoft SMTP Server that will be used for Enterprise Vault SMTP archiving. See Microsoft SMTP Server requirements on page 99. Install and configure the Enterprise Vault SMTP components on the Microsoft SMTP Server computer. See Installing the SMTP archiving components on page 443. Create the required domain root folders for the holding area. This is where the SMTP archiving process puts the EML message files for File System Archiving to archive. See Create the holding area on page 444. On the Microsoft SMTP Server computer, create a suitable SMTP archiving configuration file. See Set up the SMTP archiving configuration file on page 445. On the Enterprise Vault server, configure File System Archiving to archive from the domain root folders. See Set up File System Archiving on page 448.

Installing the SMTP archiving components


This section describes how to install the Enterprise Vault components on the Microsoft SMTP Server computer. To install the SMTP archiving components

1 2 3 4

On the Microsoft SMTP Server computer, log on as a user with local administrator privileges. Put the Enterprise Vault CD-ROM in the drive. Open the Enterprise Vault folder, and then open the Server folder. Double-click Setup.exe to start the installation.

444

Setting up SMTP archiving Create the holding area

In the component selection window, select the SMTP Archiving components check box. This installs the SMTP archiving process (EvSmtpArchiveConfig.exe) and a skeleton configuration file (EvSmtpArchiveConfig.exe.config) in the Enterprise Vault installation folder. This folder is typically C:\Program Files\Enterprise Vault. Follow the on-screen instructions to complete the installation.

Create the holding area


Decide where you want to create the holding area for the EML files. We recommend that this should be on a drive that is local to the SMTP archiving computer. The format of the target location can be FAT or NTFS. If you do use a network drive or share for the holding area, ensure that SMTP archiving can write to the share, as follows:

When you start the SMTP archiving process, you can specify an account with write access to the share. This account will be granted the right "log on as a batch process" on the local system. See Running SMTP archiving on page 449. If you do not specify an account, the default behavior is to use the account used by IIS.

Note that using a network location for the holding area may affect performance. The disk space required for the holding area will depend on the size of the messages and the speed at which Enterprise Vault archives the files. To set up the holding area for the EML files, you need to create a root folder for each message recipient domain that will be archived. Both the account used by SMTP archiving to write to the holding area and the account under which File System Archiving runs (typically, the Vault Service account), must also have read and write access to the holding area folders. SMTP archiving automatically creates the following subfolder structure under the domain root folder that you create:
DomainRoot\MailboxName\Year\Month\Day\Hour

The configuration file associates the DomainRoot folder name with the actual domain in messages.
MailboxName corresponds to the recipient name in the message address.

The archives created by File System Archiving depend on where the archive points are located in the holding area folder structure. In the SMTP archiving configuration file you can configure SMTP archiving to create archive points

Setting up SMTP archiving Set up the SMTP archiving configuration file

445

automatically, or you can create them manually. If they are created automatically, a separate archive is created for each mailbox.

Set up the SMTP archiving configuration file


You configure the following information for SMTP archiving in a configuration file:

The Microsoft SMTP virtual server to which SMTP archiving binds. The recipient address domains that SMTP archiving is to process and the associated path to the domain root folder in the holding area, where SMTP archiving is to put the EML files. The level of indexing to be applied.

The configuration file must be located in the Enterprise Vault installation folder, typically C:\Program Files\Enterprise Vault. A skeleton configuration file, EvSmtpArchiveConfig.exe.config, is installed when you install the SMTP archiving components. The file is in INI format, with several sections containing key=value entries:
[SectionName] key=value key=value ... [SectionName] key=value key=value ...

Edit the skeleton configuration file, or create a new one, using a plain text editor such as Notepad, and save it as a Unicode file. Section and attribute names are not case-sensitive. White space and blank lines are ignored. Comment lines must have a semi-colon in the first non-white space. You can specify local drives or UNC hidden or regular shares in the configuration file, but for security and performance reasons, we recommend that you use local paths where possible. Table 38-1 lists the possible entries in the SMTP archiving configuration file. Table 38-1 Section
Server

Entries in the SMTP archiving configuration file Required? Description


Specify one server section per file.

Entry

446

Setting up SMTP archiving Set up the SMTP archiving configuration file

Table 38-1 Section Entry


Name=servername

Entries in the SMTP archiving configuration file (continued) Required?


Yes

Description
Specifies the name of the virtual server to which SMTP archiving binds. This is the name assigned to the server in IIS Manager, where the default server has the name "Default SMTP Virtual Server". In general, these names are not unique, but the name of the server to use for SMTP archiving must be unique. Determines when the SMTP archiving process is started in relation to other processes registered against the server. The default is 32767 (the lowest priority), as no other processes are started after SMTP archiving. Identifies a folder in which to save messages for unrecognized domains (those not specified in this file). If you do not specify this folder, messages for unrecognized domains are lost. Specifies the number of retry attempts for a message that was not saved because the disk was full. The default value is -1, which means that there is no upper limit. Specifies the indexing level to set for archive points on auto-enabled mailbox folders. This value is effective for any domains for which an indexing level is not explicitly. SiteDefault takes the value from the Enterprise Vault Site Settings. The default is Full. You can specify multiple domain sections in the file.

Priority=n

Optional

NonDeliveryFolder=folderpath

Optional

DiskFullRetryLimit=n

Optional

DefaultIndexingLevel=Brief, Medium,Full or SiteDefault

Optional

Domain

Name=domainname

Yes

Specifies the name of the SMTP domain. Messages addressed to this domain are sent for archiving by SMTP archiving. Specifies the path to the domain folder in the holding area. SMTP archiving automatically creates a folder structure under this folder. See Create the holding area on page 444.

Path=folderpath

Yes

Setting up SMTP archiving Set up the SMTP archiving configuration file

447

Table 38-1 Section Entry

Entries in the SMTP archiving configuration file (continued) Required? Description


If set to True, forces SMTP archiving to create automatically the appropriate mailbox subfolder under the domain root. It also adds an archive point to the mailbox folder. If set to False (the default), you must create the mailbox folders and archive points manually. When a mailbox folder does not exist, then messages are either saved in the non-delivery folder or, if you have not specified that folder, they are lost.

AutoEnableMbxFolders=False or True Optional

Note: If you choose to create the folders


manually, ensure that their names contain characters that are acceptable in Windows folder names. In particular, the following characters are not permitted:

\/:*?"<>|@ ASCII codes 0 through 31 and 127

In general, SMTP archiving cannot handle messages with recipient addresses that contain any of these characters. NonDeliveryFolder=folderpath Optional Specifies where to save messages in the following situations: Message could not be saved in the mailbox subfolder, because of a folder access error (such as disk full or access denied). The mailbox subfolder does not exist and AutoEnableMbxFolders is not set to True.

IndexingLevel=Brief, Medium, Full or SiteDefault

Optional

Specifies the indexing level to set for archive points on auto-enabled mailbox folders for the domain. SiteDefault takes the value from the Enterprise Vault Site Settings. The default is Full.

Example configuration file


Here is an example configuration file that archives messages for two domains, Domain1.Vault.Local and Domain2.Vault.Local:

448

Setting up SMTP archiving Set up File System Archiving

[Server] Name=Default SMTP Virtual Server NonDeliveryFolder=d:\EvMailRoot\ServerNonDelivery DiskFullRetryLimit=15 DefaultIndexingLevel=SiteDefault [Domain] Name=Domain1.Vault.Local Path=D:\EvMailRoot\Domain1 NonDeliveryFolder=d:\EvMailRoot\Domain1\MailboxNonDelivery [Domain] Name=Domain2.Vault.Local Path=D:\EvMailRoot\Domain2 AutoEnableMbxFolders=True NonDeliveryFolder=d:\EvMailRoot\Domain2\MailboxNonDelivery IndexingLevel=Brief

The holding area folders are on a local drive (D) on the SMTP archiving computer. The indexing level set in the Enterprise Vault Site Properties will be used for Domain1, but Brief indexing will be used for Domain2. For Domain2 auto-enabling is set to True, which means that SMTP archiving will create the mailbox folders for this domain in the holding area, and create an archive point for each mailbox folder. For Domain1 mailbox folder creation is not auto-enabled, which means that the administrator must create the mailbox folders and suitable archive points.

Set up File System Archiving


Before you install File System Archiving on the Enterprise Vault server, note the following:

Ensure that Enterprise Vault is installed and configured on the Enterprise Vault server. Add the file server that holds the SMTP archiving domain root folder to the list of servers that are processed by File System Archiving. Create a volume policy to apply retention categories and rules to all the archived items. We recommend that you do not replace the items with placeholder shortcuts, and therefore you do not need to install the File Placeholder service on the SMTP archiving file server.

Setting up SMTP archiving Running SMTP archiving

449

You can manage any archive points that SMTP archiving automatically creates in the same way as regular archive points. We recommend that one archive is used for each recipient. This is the default if you configure SMTP archiving to create archive points automatically. When setting an index level for the archives, choose "Full" if you want to be able to search for phrases in the message content. If no value is set for "DefaultIndexingLevel" in the configuration file, SMTP archiving sets the indexing level to "Full" for archive points on auto-enabled mailbox folders. Note that custom SMTP headers (X-headers) are not indexed (with the exception of "x-KVS-MessageType", which is used by Compliance Accelerator to enable searches on Instant, Bloomberg and Exchange messages).

Running SMTP archiving


This section describes how to start and stop the SMTP archiving process, and how SMTP archiving selects the correct folder in the holding area for a message. To start the SMTP archiving process and assign the required configuration file

1 2 3

Log on to the SMTP archiving computer using the account configured for the SMTP archiving process (typically the Vault Service account). Open a Command Prompt window and change to the Enterprise Vault installation folder. Enter the following command:
EvSmtpArchiveConfig config_file

where config_file is the name of the required configuration file. The default file is EvSmtpArchiveConfig.exe.config. You can register one SMTP archiving process per virtual server instance. If you run the above command multiple times against the same virtual server, the previous settings are overwritten.

450

Setting up SMTP archiving How SMTP archiving selects the holding area folder to use

You are prompted to specify an account to be used for writing to the holding area. You can use this option to specify an account with write permissions to the holding area if it is on a network share. To use the IIS account (LocalSystem by default), press return without entering an account. To specify an account, enter the domain and username in the form domain_name\username. This account will be granted the right "log on as a batch process" on the holding area system. When you specify an account, it will be used until you stop and unregister the SMTP archiving process (EvSmtpArchiveConfig.exe), or run the process again.

A message is sent to the Enterprise Vault event log when the SMTP archiving process starts.

To stop SMTP archiving

1 2 3

Log on to the SMTP archiving computer using the account configured for the SMTP archiving process (typically the Vault Service account). Open a Command Prompt window and change to the Enterprise Vault installation folder. Unregister the SMTP archiving process by entering the following command:
EvSmtpArchiveConfig config_file /U

where config_file is the name of the configuration file. The default file is EvSmtpArchiveConfig.exe.config.

A message is sent to the Enterprise Vault event log when the SMTP archiving process stops.

How SMTP archiving selects the holding area folder to use


SMTP archiving examines the recipient email address on each message to decide which folder in the holding area to use for that message. SMTP archiving examines the message recipient address and selects the target folder as follows:

It checks to see if a folder exists for the recipient domain.

Setting up SMTP archiving How SMTP archiving selects the holding area folder to use

451

If it does not exist, the message is sent to the ServerNonDelivery folder. If this folder does not exist, an error is written to the event log and the message discarded. Under the appropriate domain folder, it checks for a mailbox folder for the recipient name. If this is found, the message is stored as an EML file in that folder. If the folder does not exist, and auto-enabling is on, a new folder is created for the recipient name. If the folder does not exist, and auto-enabling is off, the message is sent to the MailboxNonDelivery folder. If this folder does not exist, an error is written to the event log and the message discarded.

Figure 38-2 gives an example of the holding area folders that could exist for the configuration described in the example configuration file.

452

Setting up SMTP archiving How SMTP archiving selects the holding area folder to use

Figure 38-2

Example holding area folders used

If SMTP archiving encounters a Disk Full error for at least one of the folders, it waits for 60 seconds and then tries to store the message again. You can set a limit on the number of times that SMTP archiving retries by specifying the DiskFullRetryLimit value in the configuration file. See Set up the SMTP archiving configuration file on page 445.

Setting up SMTP archiving How SMTP archiving selects the holding area folder to use

453

If SMTP archiving encounters an error, messages are sent to the Enterprise Vault event log. Critical messages are also sent to the Windows Application log and to Microsoft Operations Manager (MOM), if configured.

454

Setting up SMTP archiving How SMTP archiving selects the holding area folder to use

Section

Custom filtering and properties

Introduction to filtering Configuring filtering Configuring custom properties

456

Chapter

39

Introduction to filtering
This chapter includes the following topics:

About filtering Selective Journaling Group Journaling Setting up custom filtering Setting up custom properties Journal Filters with Envelope Journaling

About filtering
Read this chapter to find out:

The different filtering options available with Enterprise Vault A summary of the steps required to configure filtering

Filtering provides more granular control over how Enterprise Vault archiving tasks process items during an archiving run. Note: Set up and test filtering on a development server before implementing it on your production servers. Enterprise Vault provides the following filtering features:

Selective journaling. This feature provides simple filtering of Exchange Server journaled messages. You set up a filter for the Exchange Journaling task that selects, by address, the messages to archive. Other messages are deleted.

458

Introduction to filtering Selective Journaling

Group journaling. This feature enables the Exchange Journaling task to mark selected messages, in order to reduce the scope of subsequent searches. This can be particularly useful where there is a high volume of journaled email and you want to be able to identify messages sent between particular groups of users. Custom filtering. This feature provides more sophisticated filtering for Exchange Server user and journal mailbox archiving, public folder archiving and Domino server journal archiving. You create rules that select messages by matching one or more attributes, such as email addresses, subject text, message direction or the value of certain message properties. The rules also include instructions on how selected messages are to be processed. This can include assigning a particular retention category, storing in a specified archive, deleting attachments of a specified type or size and deleting or marking the message. The following functionality is not yet available when filtering Domino server messages:

Messages cannot be selected based on the value of custom message properties Message attachments cannot be removed Selected messages can only be archived or marked and not archived; they cannot be deleted

Custom properties. This feature is an extension of custom filtering. It enables you to configure Enterprise Vault to index additional properties on messages selected by the custom filters. These properties may be standard properties that a default Enterprise Vault system does not index or they may be properties added to messages by a proprietary, third party application. Custom properties also introduces the concept of "content categories" for grouping the settings that are to be applied to messages that match a rule. These settings can include the retention category to assign, the archive to use and the additional properties to index.

Selective Journaling
For detailed setup instructions, see Configuring selective journaling. To set up Selective Journaling

1 2

Set up Exchange Server Journal archiving. Create a rules file called SelectiveJournal_config.dat and place it in your Enterprise Vault directory (normally C:\Program Files\Enterprise Vault).

Introduction to filtering Group Journaling

459

This file defines the attributes to match when selecting messages to archive. You can filter on any of the following:

Distinguished Name Exact SMTP mail address Character string in the address (starts with, ends with, or contains)

3 4 5

Configure the required registry setting to call the filter SelectiveJournal.SJFilter. If required, set additional registry key to force a hard delete of items that are not archived. Restart the Exchange Journaling task.

Group Journaling
For detailed setup instructions, see Configuring group journaling. To set up Group Journaling

1 2

Set up Exchange Server Journal archiving. Create a rules file called SJGroupFilter.dat and place it in your Enterprise Vault directory (normally C:\Program Files\Enterprise Vault). This file defines the distribution lists that contain the addresses to match, the retention category to assign and a sample rate, if required. Create the retention category to be assigned to matched messages. Create the distribution lists and populate them with the required user addresses. Configure the required registry setting to call the filter SelectiveJournal.SJGroupFilter. Restart the Enterprise Vault Journaling task.

3 4 5 6

Setting up custom filtering


To use custom filtering, Microsoft .NET Framework v1.1 or later must be installed on the Enterprise Vault server. A suitable version of .NET Framework is installed automatically with Windows Server 2003.

460

Introduction to filtering Setting up custom properties

To set up custom filtering

Enable custom filtering by configuring the required registry settings for each type of archiving that you want to filter. Custom filtering can be applied to the following types of archiving:

Exchange Server user mailbox archiving Exchange Server journal mailbox archiving Exchange Server public folder archiving Domino server journal archiving

Configure the required filter rules and actions in XML ruleset files in the Custom Filter Rules folder. You can have one default set of rules applied to all types of archiving enabled for filtering, or separate rules for different archiving locations, such as Exchange Server public folders, particular user or journal mailboxes or Domino server journal locations. In addition, for Exchange Server user mailbox archiving, you can set different filtering actions for specific users by creating a separate ruleset file for each of the the targeted users. All other users would have the default ruleset file applied. A ruleset file can include one or more rules. Each rule includes a set of one or more message attribute filters for evaluating items and an action to be applied to items that match the message attribute filters.

When the required XML files have been set up, restart the archiving tasks that have custom filtering applied.

Distributed Enterprise Vault environments


In a distributed environment, with archiving tasks on more than one computer, the registry entries must be set up on each computer that hosts archiving tasks that are to be enabled for custom filters. Similarly, the XML configuration files must be copied to all computers that host archiving tasks that are enabled for custom filters. If you change the registry settings or XML files, remember to propagate the changes to each of the other computers.

Setting up custom properties


As the custom properties feature provides extended functionality to custom filtering, it is enabled with custom filtering and shares custom filtering configuration.

Introduction to filtering Setting up custom properties

461

To configure custom properties

1 2

Enable custom filtering by configuring the required registry settings for each type of archiving that you want to filter. Define the required custom properties and content categories in an XML file called custom properties.xml in the Custom Filter Rules folder in the Enterprise Vault installation folder (typically C:\Program Files\Enterprise Vault). This file contains the following information:

The content categories available. A content category is a group of settings that are to be applied to an archived item. This can include a list of the additional properties that are to be indexed by Enterprise Vault. The custom properties available. This is where the additional properties are defined for Enterprise Vault. The presentation fields available. These define how external applications, such as the Enterprise Vault browser search, can access content categories and custom properties.

To configure Enterprise Vault to index specific custom properties on all messages, without performing any filtering, create a custom properties.xml file but no ruleset file. The custom properties.xml file must include definitions of the custom properties and a default content category. The default content category will be applied to all messages and defines which properties Enterprise Vault is to index. To configure Enterprise Vault to filter messages and only assign content categories to specific messages that match filter rules, you create both a custom properties.xml file and also suitable ruleset files. The custom properties and content categories are defined in custom properties.xml and the filtering rules and actions are defined in the ruleset files.

When the required XML files have been created, restart the archiving tasks that have custom filtering applied. The presence of ruleset files and content categories (in custom properties.xml) enables you to control whether Enterprise Vault implements custom property indexing or custom filtering or both. See Control of default settings on page 515.

462

Introduction to filtering Journal Filters with Envelope Journaling

Journal Filters with Envelope Journaling


All methods of filtering journal mailboxes support Microsoft Exchange Server Envelope Journaling. This feature ensures that target addresses in all BCC, Undisclosed and Alternate Recipient fields are captured. See Enterprise Vault and Exchange Server Envelope Journaling on page 215. If you have journal filtering enabled and intend enabling Envelope Journaling, we recommend that you test your existing filters and check the results before enabling Envelope Journaling on your production Exchange Server. Filters that only identify sender and recipient addresses, but do not attempt to modify the message, should continue to work as before. Addresses will be identified, even if they are classed as undisclosed recipients. Filters that attempt to modify the message will fail, as the envelope message (with the original message attached) is passed to the filters, instead of just the original message. Before enabling Envelope Journaling, you will need to make changes to any proprietary journal filters that modify the selected message, so that the envelope message or the original message are accessed, as required. See "Custom filtering" in the Application Programmers Guide for more information.

Chapter

40

Configuring filtering
This chapter includes the following topics:

About configuring filtering Configuring selective journaling Configuring group journaling Configuring custom filtering

About configuring filtering


Read this chapter to find out detailed instructions on the following tasks:

How to configure selective journaling How to configure group journaling How to configure custom filtering

Custom filtering can be extended to use custom properties. See About configuring custom properties on page 513. Note: It is important that you test your filtering configuration on a development server, using realistic data, before implementing it on your production servers.

Configuring selective journaling


You can configure an Exchange Journaling task to call the selective journaling external filter that decides whether to archive or delete an item. To select messages, you set up filtering rules to match the To, CC, and From fields. If a message matches any of these rules it is archived, otherwise it is deleted.

464

Configuring filtering Configuring selective journaling

All the normal, site-defined Enterprise Vault filtering rules are obeyed first; if an item is not eligible for default archiving then the external filter is not called (in the case of journaling, all items are eligible for archiving, so the external filter will always be called). If you enable selective journaling on an Enterprise Vault server, it will be enabled for all Exchange Journaling tasks that are hosted on that computer. To set up selective journaling, do the following on each computer that hosts an Enterprise Vault Exchange Journaling task

1 2 3 4 5

Set up Exchange Journal archiving. Create a filtering rules file. The same filtering rules file will be used by all Exchange Journaling tasks that are hosted on the computer. Add the selective journaling registry settings for the Exchange Journaling task. Restart the Exchange Journaling task.

Creating the selective journaling rules file


This section describes how to create a file of journaling filtering rules. To set up the filtering rules file

1 2

Log on to the Exchange Journaling task computer as the Vault Service account. Use Notepad to create a file called SelectiveJournal_config.dat in the Enterprise Vault installation folder (normally C:\Program Files\Enterprise Vault). In the file, specify the rules that you want the filter to use to select journaled messages for archiving. See Selective journaling filter rules on page 464.

Save the file as a Unicode file.

Selective journaling filter rules


Each line of the rules file takes the following format:
keyword:value

Table 40-1 describes the keywords and values that you can enter in the file.

Configuring filtering Configuring selective journaling

465

Table 40-1 Keyword


cont

List of Selective Journaling keywords for rules Value


A text string. For example: cont:flashads The string can be part of an SMTP address.

Description
Archive all items that have been sent to addresses that contain the specified text.

distlist

Archive all items that have been sent to anyone who is on the specified distribution list.

The Distinguished Name of the distribution list. For example: distlist:/o=acme/ou=finance/cn=recipients/cn=allfinance

ends

Archive all items that have been A text string. For example: sent to addresses that end with the ends:example.com specified text. The string can be part of an SMTP address. Archive all items that have been The SMTP email address of the recipient. For example: sent to the specified email address. smith@example.com Archive all items that have been The Distinguished Name of the recipient user account or sent to the specified recipient. The distribution list. For example: recipient can be a user account or a recip:/o=acme/ou=developer/cn=recipients/cn=smithj distribution list. Archive all items that have been A text string. For example: sent to addresses that start with the starts:john specified text. The string can be part of an SMTP address.

exact

recip

starts

If you want to ensure that you archive all email to an internal email recipient, specify both the Distinguished Name and SMTP address of the recipient mailbox, for example,
recip:/o=symantec/ou=first administrative group/cn=recipients/cn=John Doe exact:john_doe@example.com

Alternatively, specify a distribution list that the recipient is a member of. For example,
distlist:/o=symantec/ou=first administrative group/cn=recipients/cn=ArchiveList exact:archivelist@example.com

466

Configuring filtering Configuring selective journaling

Adding selective journaling registry settings


This section describes how to configure the registry settings for selective journaling. To add the selective journaling registry settings

1 2

Log on to the Journaling task computer as the Vault Service account. Run regedit and navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Journaling

Add the External Filtering key under Enterprise Vault, and the Journaling key under External Filtering, if they do not exist.

In Journaling, create a new STRING value with the name 1 and set its value to SelectiveJournal.SJFilter. By default, items that are not archived are sent to the Deleted Items folder in the journal mailbox. If you want items to be deleted immediately, without going to the Deleted Items folder, add the DWORD , HardDeleteItems, to the following location and give it a value of 1:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \Agents \SelectiveJournal

Add the SelectiveJournal key, if it does not exist.

To enable your changes, stop and restart all Journaling tasks on the server. You need to do this whenever you make a change to the rules file or if you modify the registry values.

Managing invalid distribution lists


You can set the following registry entry to control what the Exchange Journaling task does if a distribution list is invalid.

Configuring filtering Configuring group journaling

467

To manage invalid distribution lists

1 2

Log on to the Journaling task computer as the Vault Service account. Run regedit and navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \Agents

Create a new DWORD value with the name ActionForInvalidDL and set its value to one of the following:
0 (Default) If a distribution list is invalid, continue to process the remainder of the recipient list. If a distribution list is invalid, stop processing the recipient list. If a distribution list is invalid, treat this as a match and archive message. If a distribution list is invalid, leave the message in the journaling mailbox and log an error event in the Event Log.

1 2 3

Configuring group journaling


Group journaling stamps a message with a specific retention category if it was sent between two identified groups. The scope of subsequent searches can be substantially reduced by including the retention category in the search criteria. You can also specify that only a sample of messages with the retention category are to be archived. The percentage is specified in the configuration (minimum of 0.1%; 1 in every 1000). If you enable group journaling on an Enterprise Vault server, it will be enabled for all Exchange Journaling tasks that are hosted on that computer. To set up group journaling

1 2

Set up Exchange Server Journal archiving. Create a rules file. This file specifies the addresses to match, the retention category to assign and the sample size. The same rules file will be used by all Exchange Journaling tasks that are hosted on the computer.

468

Configuring filtering Configuring group journaling

If it does not exist, create the retention category to be assigned to matched messages. See the Administrators Guide for instructions on how to do this.

4 5 6

In Exchange Server, ensure that the distribution lists exist and are populated with the required users. On the Enterprise Vault Exchange Journaling task computer, add the group journaling registry settings. Restart all Exchange Journaling tasks on the computer and test your configuration.

Creating the group journaling rules file


This section describes how to create the group journaling rules file. The same rules file will be used by all Exchange Journaling tasks that are hosted on the computer. To set up the filtering rules file

1 2 3

Log on to the Exchange Journaling task computer as the Vault Service account. Use Notepad to create a file called SJGroupFilter.dat in the Enterprise Vault installation folder (normally C:\Program Files\Enterprise Vault). In the file, specify the rules that you want the filter to use to select journaled messages for archiving. See Group journaling filter rules on page 468.

Save the file as a Unicode file.

Group journaling filter rules


Each line of the rules file takes the following format:
<keyword>:<value>

Table 40-2 shows the keywords and values that you can enter in the file. Table 40-2 Keyword
retcat

List of Group Journaling keywords for rules Value

Description

The retention category to assign to Retention category name. For example: matching messages. The file must retcat:Flagged contain a retention category line and the retention category must exist

Configuring filtering Configuring group journaling

469

Table 40-2 Keyword


sample

List of Group Journaling keywords for rules (continued) Value

Description

The percentage sample rate of Integer (without % sign). For example: matching messages to be archived. If sample:25 this line is missing, the sample rate defaults to 100% Used to define the groups of user Distinguished Name of the distribution list. For example: addresses to be matched. The rules file userset:/o=acme/ou=research/cn=recipients/cn=groupa must contain two userset lines; one for each group. Each line defines a distribution list containing the addresses of group members. The specified distribution lists must not be empty

userset

Using the following example rules file, 25% of the messages sent by members of one distribution list to members of the other distribution list will be assigned the retention category, Flagged.
userset:/o=acme/ou=research/cn=recipients/cn=groupa userset:/o=acme/ou=research/cn=recipients/cn=groupb retcat:Flagged sample:25

Adding group journaling registry settings


This section describes how to configure the registry settings for group journaling. To add the group journaling registry settings

1 2

Log on to the Journaling task computer as the Vault Service account. Run regedit and navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Journaling

Add the External Filtering and Journaling keys, if they do not exist.

470

Configuring filtering Configuring custom filtering

3 4

Create a new STRING value called 1 and set its value to SelectiveJournal.SJGroupFilter. Restart all Enterprise Vault Exchange Journaling tasks on the computer.

Testing group journaling settings


This section describes how to test the group journaling settings. To test the group journaling settings

1 2

Send a message from a user in one of the specified distribution lists to a user in the other distribution list. Wait for Enterprise Vault to archive it and then search for it using the Retention Category field on the Advanced page of the Enterprise Vault browser search. (For the Advanced page, the URL should end with Search.asp?Advanced.) The message should have the group journaling retention category assigned.

Now repeat the test only in reverse; send a message from a user in the second distribution list to a user in the first distribution list. Again, the message should have the group journaling retention category assigned.

Next, send a message from a user in the first distribution list to someone who is not in the second distribution list. The message should be archived with the retention category specified in the default Exchange journal mailbox policy.

Send a message from a user in the second distribution list to someone not in the first distribution list. Again, the message should be archived with the retention category specified in the default Exchange journal mailbox policy.

Configuring custom filtering


Selective and group journaling provide very limited filtering capabilities and are only available with Exchange Server journal mailbox archiving; the same filtering is applied to all journal mailboxes serviced by the Exchange Journaling tasks configured on the Enterprise Vault server computer. Custom filtering provides more sophisticated filtering for all types of Exchange Server archiving (user and journal mailbox and public folder) and can also be used with Domino server journal archiving. For example, you may want items with a particular subject, sender or

Configuring filtering Configuring custom filtering

471

recipients to be sent to a separate archive, or you may want messages sent within the company to be given a special retention category of "Internal". You can set up default filters that apply to all archiving tasks that are enabled for custom filtering. In addition, you can create separate custom filters for Exchange Server public folder archiving, specific mailboxes (user or journal mailboxes) and specific Domino journaling locations. If custom properties have been added to items, you may want these properties indexed for selected items. How to extend custom filtering to use the custom properties feature is described in About configuring custom properties. To implement custom filtering

Enable custom filtering for the required archiving tasks by configuring registry settings.

See Registry settings for Exchange Server journal filtering on page 473. See Configuring registry settings for Exchange Server user mailbox filtering on page 474. See Configuring registry settings for Exchange Server public folder filtering on page 476.

472

Configuring filtering Configuring custom filtering

See Configuring registry settings for Domino server journal filtering on page 477.

Create filter rules and actions. These are held in one or more XML ruleset files, which must be placed in the folder, Enterprise Vault\Custom Filter Rules. Restart the archiving tasks that have custom filtering enabled. If custom filtering is enabled for Exchange Server archiving tasks, the following message is sent to the Enterprise Vault event log when the archiving tasks start:
EventID = 45329 Description = External Filter 'EnterpriseVault.CustomFilter' initialising...

The following message is sent to the Enterprise Vault event log when the Exchange Server archiving tasks stop:
EventID = 45330 Description = External Filter 'EnterpriseVault.CustomFilter' stopped.

If custom filtering is enabled for Domino server archiving tasks, the following message is sent to the Enterprise Vault event log when the archiving tasks start:
EventID = 41086 Description = External Filter 'KVS.EnterpriseVault.LotusDomino.CustomFilter' initialising...

The following message is sent to the Enterprise Vault event log when the Domino server archiving tasks stop:
EventID = 41087 Description = External Filter 'KVS.EnterpriseVault.LotusDomino.CustomFilter' stopped.

Distributed Enterprise Vault environments


In a distributed environment, with archiving tasks on more than one computer, the registry entries must be set up on each computer that hosts archiving tasks that are to be enabled for custom filtering.

Configuring filtering Configuring custom filtering

473

Similarly, the XML ruleset files must be copied to all computers that host archiving tasks that are enabled for custom filtering. If you change the registry settings or XML files, remember to propagate the changes to each of the other computers.

Registry settings for Exchange Server journal filtering


Configuring the registry settings described in this section will enable custom filtering for all the Exchange Journaling tasks hosted on the server. By creating a named ruleset file, as described in About custom filtering ruleset files, you can limit filtering to particular journal mailboxes. Note: If the Compliance Accelerator Journaling Connector is being used to capture a required percentage of all journaled messages, do not configure a custom filter that deletes selected messages; this will compromise the accuracy of the Compliance Accelerator monitoring policy, because any deleted messages are not available for capture by the Journaling Connector. To configure the registry settings to enable custom filtering for Exchange Journaling tasks

1 2 3

On the computer that hosts the Enterprise Vault Exchange Journaling task, log on as the Vault Service account. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Journaling

If the External Filtering key does not exist, create it by performing the following steps in the order listed:

Right-click Enterprise Vault and select New > Key. Name the key External Filtering.

Similarly, if the Journaling key does not exist, create it as follows:


Right-click External Filtering and select New > Key Name the key Journaling.

474

Configuring filtering Configuring custom filtering

If the Journaling key does exist, any existing filters will be listed under it. Filter names will be an unbroken numbered sequence starting at 1. If the Compliance Accelerator Journaling Connector is installed (KVS.Accelerator.PlugIn.Filter), it must be the last in the sequence, so you will need to rename it before creating the new custom filtering setting. For example, if the Journaling Connector is currently named 1, rename this setting as 2 and create the new custom filtering setting with the name 1. To rename the Journaling Connector setting, do as follows:

Right-click the setting name and select Rename. Enter the new name, for example, 2.

Create a new string value for the new custom filtering setting. The name of this setting must fit into the existing number sequence. If no other journaling filters exist, set the name to 1. Give it the value EnterpriseVault.CustomFilter. If an entry called Override exists and has a non-zero value, set its value to 0. If custom filtering is implemented and a rule action has marked messages as "Do not archive", setting Override to 0 (zero) prevents the Exchange Journaling task from re-examining the messages each time it processes the journal mailbox. If you later change the rule action, you can temporarily set Override to 1 to force the Exchange Journaling task to reprocess any messages in the journal mailbox.

If it does not exist, create a DWORD value called MoveOnFilterFailure and set its value to 1. This entry controls whether the Exchange Journaling task moves messages to the folder Failed External Filter when an unhandled error occurs in the external filter. This folder is automatically created when required in the journal mailbox.

8 9

Close Regedit. After you have configured the required XML filter rules, as described in About custom filtering ruleset files, restart the Journaling tasks.

Configuring registry settings for Exchange Server user mailbox filtering


Configuring the registry settings described in this section will enable custom filtering for all the Exchange Mailbox tasks hosted on the server.

Configuring filtering Configuring custom filtering

475

By creating named ruleset files, About custom filtering ruleset files, you can limit filtering to particular mailboxes. To configure the registry settings to enable custom filtering for Exchange Mailbox tasks

1 2 3

On the computer that hosts the Enterprise Vault Exchange Mailbox task, log on as the Vault Service account. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering

If the External Filtering key does not exist, create it by performing the following steps in the order listed:

Right-click Enterprise Vault and select New > Key. Name the key External Filtering.

Create a Mailbox key as follows:


Right-click External Filtering and select New > Key. Name the key Mailbox.

5 6

Create a new string value called 1 for the new custom filtering entry. Right-click the new entry and select Modify. Give it the value:
EnterpriseVault.CustomFilter

Create a new DWORD called Override and set its value to 0 (zero). If custom filtering is implemented and a rule action has marked messages as "Do not archive", setting Override to 0 (zero) prevents the Exchange Mailbox task from re-examining the messages each time it processes the mailbox. If you later change the rule action, you can temporarily set the Override entry to 1 to force the Exchange Mailbox task to reprocess such messages.

476

Configuring filtering Configuring custom filtering

If it does not exist, create a DWORD value called MoveOnFilterFailure and set its value to 1. This entry controls whether the Exchange Mailbox task moves messages to the folder Failed External Filter when an unhandled error occurs in the external filter. This folder is automatically created when required in the user mailbox.

Close Regedit. Mailbox tasks.

10 After you have configured the required XML filter rules, restart the Exchange

Configuring registry settings for Exchange Server public folder filtering


Configuring the registry settings described in this section will enable custom filtering for all the Exchange Public Folder tasks hosted on the server. You can create a public folder ruleset file to apply specific rules to public folder archiving. Unlike mailbox filtering, you cannot use named ruleset files to configure filtering for particular public folders. To configure the registry settings to enable custom filtering for Exchange Public Folder tasks

1 2 3

On the computer that hosts the Enterprise Vault Exchange Public Folder task, log on as the Vault Service account. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering

If the External Filtering key does not exist, create it as follows:


Right-click Enterprise Vault and select New > Key. Name the key External Filtering.

Create a PublicFolder key as follows:


Right-click External Filtering and select New > Key. Name the key PublicFolder.

Create a new string value called 1 for the new custom filtering entry.

Configuring filtering Configuring custom filtering

477

Right-click the new entry and select Modify. Give it the value:
EnterpriseVault.CustomFilter

Create a new DWORD called Override and set its value to 0 (zero). If custom filtering is implemented and a rule action has marked items as "Do not archive", setting Override to 0 (zero) prevents the Exchange Public Folder task from re-examining the items each time it processes the public folder. If you later change the rule action, you can temporarily set the Override entry to 1 to force the Exchange Public Folder task to reprocess such items.

8 9

Close Regedit. After you have configured the required XML filter rules, as described in About custom filtering ruleset files, restart the Exchange Public Folder tasks.

Configuring registry settings for Domino server journal filtering


Each Domino journal archiving target is configured in Enterprise Vault Administration Console as a Domino "Journaling Location" during the setup process. Figure 40-1 shows an example of a Domino journaling location configured in the Enterprise Vault Administration Console. Figure 40-1 Domino journaling location in the Administration Console

In this example, the target Domino server is "Server1" in the Domino organization, "Org1", and the target journaling location is the folder called Symantec in the Domino Data directory. Configuring the registry settings described in this section will enable custom filtering for all the Domino Journaling tasks hosted on the server. By creating a named ruleset file, you can limit filtering to particular journaling locations.

478

Configuring filtering Configuring custom filtering

See About custom filtering ruleset files on page 479. Note: The Compliance Accelerator Journaling Connector does not currently support Domino server messages. To configure the registry settings to enable custom filtering for Domino Journaling tasks

1 2 3

On the computer that hosts the Enterprise Vault Domino Journaling task, log on as the Vault Service account. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Lotus Journaling

If the External Filtering key does not exist, create it as follows:


Right-click Enterprise Vault and select New > Key. Name the key External Filtering.

Similarly, if the Lotus Journaling key does not exist, create it as follows:

right-click External Filtering and select New > Key. Name the key Lotus Journaling.

4 5

If the Lotus Journaling key does exist, any existing filters will be listed under it. Filter names will be an unbroken numbered sequence starting at 1. Create a new string value for the new custom filtering setting. The name of this setting must fit into the existing number sequence. If no other journaling filters exist, set the name to 1. Give it the following value
KVS.EnterpriseVault.LotusDominoCustomFilter!KVS.EnterpriseVault. LotusDomino.CustomFilter

Configuring filtering Configuring custom filtering

479

If an entry called Override exists and has a non-zero value, set its value to 0. If custom filtering is implemented and a rule action has marked messages as "Do not archive", setting Override to 0 (zero) prevents the Domino Journaling task from re-examining the messages each time it processes the Domino journaling location. If you later change the rule action, you can temporarily set Override to 1 to force the Domino Journaling task to reprocess any messages in the Domino journaling location.

7 8

Close Regedit. After you have configured the required XML filter rules, restart the Domino Journaling tasks.

About custom filtering ruleset files


You create filter rules and actions in XML ruleset files. A ruleset file can contain one or more rules for selecting items that the archiving task is processing. Each rule has an associated action, which the archiving task applies to any item that matches the rule. All ruleset files must be available in the folder Custom Filter Rules in the main Enterprise Vault folder (typically C:\Program Files\Enterprise Vault) on the computer hosting the archiving tasks that are enabled for custom filtering. After Enterprise Vault has been installed, this folder contains the following XML files:

Example Filter Rules.xml This provides examples of filter rules. ruleset schema.xdr This contains the XML schema for validating the XML

ruleset files.

Example Custom Properties.xml This provides example entries for the custom properties.xml file.

See General format of custom properties.xml on page 520.

customproperties.xsd This contains the XML schema for validating the

custom properties XML file. When you modify a ruleset file, you must restart the associated archiving tasks to pick up the changes. In a distributed environment, you must copy the updated file to each computer with tasks enabled for custom filtering, and then restart the associated tasks on each computer.

480

Configuring filtering Configuring custom filtering

Note: It is important to set permissions on the ruleset files to prevent unauthorized editing. For increased security, you could also enable Windows file auditing on these files. A ruleset file contains one or more rules. Each rule contains the following:

A set of one or more attribute filters for evaluating messages or message attachments or both. An action to be applied to messages or attachments that match the attribute filters. Examples of actions are applying a particular retention category or storing the item in a specified archive. More than one action can be applied to matching items.

Default filtering rules for all custom filtering


If you create a ruleset file called Default Filter Rules.xml, this will be used as the default ruleset file for all custom filtering; both Exchange Server and Domino server filtering. To implement specific filtering for public folders, particular mailboxes or particular Domino journaling locations, you can create named ruleset files in addition to the default ruleset file. Each target location associated with a named ruleset file is processed according to the rules in its named ruleset file. All other custom filtering will use the rules in the default ruleset file. If no custom filtering is to be applied other than those specified by named ruleset files, it is more efficent to omit the default ruleset file, Default Filter Rules.xml, and configure the IGNORENODEFAULT registry setting, as described in Setting IGNORENODEFAULT registry entry. In this way, custom filtering is only applied to target locations explicitly defined by named ruleset files. If you want the same actions applied to all items that the archiving tasks process (that is, specific items are not selected for processing by matching attributes), you can omit ruleset files altogether and define a default content category in the file, custom properties.xml. For information on content categories and the custom properties.xml file, see About configuring custom properties.

Configuring filtering Configuring custom filtering

481

Filtering for individual Exchange Server mailboxes


To set up custom filtering for an individual Exchange Server user or journal mailbox, you need to create a separate ruleset file for each mailbox you want to filter. The name of each ruleset file must be:
mailbox_owner.xml

The mailbox owner will typically be the same as the account Display Name, but could be different if you have changed the mailbox owner name, for some reason. For example, if you want to filter John Does mailbox, and John Doe is the mailbox owner name, you would create a ruleset file called "John Doe.xml". To apply filtering to a journal mailbox with the mailbox owner name "Journal US1", you would create a ruleset file called "Journal US1.xml". Any other mailboxes that do not have a named ruleset file and are serviced by the archiving tasks which have been enabled for custom filtering, are processed using the default ruleset file, "Default Filter Rules.xml". If archiving tasks are enabled for custom filtering, but neither the default ruleset file nor named ruleset files exist, the archiving tasks will attempt to use a default content category, as defined in custom properties.xml. If none of the above exists, an error is logged and the archiving tasks stop. You can configure archiving tasks to manage missing defaults gracefully using the IGNORENODEFAULT registry setting. See Control of default settings on page 515. This registry setting is particularly useful if you want to restrict filtering to named mailboxes only. Note: If custom filtering is enabled for all Exchange Server mailbox archiving and you want to apply different rules to Exchange Server user and journal mailboxes, you could create a named ruleset file for the Exchange Server journal mailbox and configure the default ruleset file for filtering all user mailboxes. This would avoid having to create a large number of named ruleset files.

Filtering rules for individual public folders


To set up specific filtering for Exchange Server public folders, you need to create a separate ruleset file called Public Folder Rules.xml. This will be used by all Exchange Public Folder tasks hosted on the Enterprise Vault server computer. If Public Folder Rules.xml does not exist, the default ruleset file, Default Filter Rules.xml, will be used. (If neither of these files exist, but a default content

482

Configuring filtering Configuring custom filtering

category is defined in custom properties.xml, items will be archived according to the settings in the default content category. See About configuring custom properties for content categories and the file custom properties.xml.) If none of the above existsPublic Folder Rules.xml, Default Filter Rules.xml or a default content categoryan error will be logged and the archiving tasks will stop, unless you have configured the IGNORENODEFAULT registry setting. You can configure archiving tasks to manage missing defaults gracefully using the IGNORENODEFAULT registry setting.

Filtering for individual Domino journaling locations


To set up custom filtering for specific Domino journaling locations, you need to create a separate ruleset file for each journaling location that you want to filter. The name of each ruleset file must be:
journaling_location_name.xml

For example, if you want to filter the Domino journaling location that is shown as "Symantec/*" in the Administration Console, you would create a ruleset file called "Symantec.xml". Any other journaling locations that are serviced by the Domino archiving tasks and which have been enabled for custom filtering, are processed using the default ruleset file, Default Filter Rules.xml. If archiving tasks are enabled for custom filtering, but neither the default ruleset file nor named ruleset files exist, the archiving tasks will attempt to use a default content category, as defined in custom properties.xml. If none of the above exists, an error is logged and the archiving tasks stop. You can configure archiving tasks to manage missing defaults gracefully using the IGNORENODEFAULT registry setting. See Control of default settings on page 515. This registry setting is particularly useful if you want to restrict filtering to named mailboxes only.

General format of ruleset files


This section describes the required overall format of the XML ruleset files. Ruleset files must be located in the Custom Filter Rules folder, in the main Enterprise Vault folder (typically C:\Program Files\Enterprise Vault) on the computer hosting the archiving tasks that are enabled for custom filtering. Ruleset files have the following general format:

Configuring filtering Configuring custom filtering

483

<?xml version="1.0" encoding="UTF-8"?> <RULE_SET xmlns="x-schema:ruleset schema.xdr"> <RULE [NAME="rule_name"] [ACTION="match_action"] [ATTACHMENT_ACTION="match_action"] [CONTENTCATEGORY="content_category"] [RETENTION="retention_category"] [ARCHIVEID="archiveid"]> <message_attribute [attribute_value_operators]> <attribute_value> [<attribute_value>] </message_attribute> [<message_attribute>... </message_attribute>] [<attachment_attributes> [attribute_value_operator]> <attachment_attribute_values> [<attachment_attribute_values>] </attachment_attributes>] [<attachment_attributes>... </attachment_attributes>] </RULE> [<RULE> ... </RULE>] </RULE_SET>

The ruleset can contain one or more rules. Naming a rule (NAME="<rule_name>") is optional. It is advisable to include it for documentation purposes and to distinguish the rule in trace output. Each rule contains one or more message attribute filters for evaluating messages. With Exchange Server filtering, a rule may also contain attachment attribute filters for evaluating attachments to messages. Attachment filtering is not currently available with Domino server filtering. You can use a combination of the following message attributes to select messages:

Author Recipients Direction Subject text Named MAPI properties (Exchange Server messages only)

484

Configuring filtering Configuring custom filtering

You can use the following attachment attributes to select specific files attached to Exchange Server messages:

File name File size

Matching against attribute values is case insensitive. All message attribute filters in a rule will be applied to a message, so the order of message attribute filters in a rule is not significant. A message matches a rule when it matches all the message attribute filters contained in that rule. When a message matches a rule, the action specified by ACTION= is applied to the message. With Exchange Server filtering, if the message attributes satisfy a rule, any attachments are then evaluated using attachment attributes. When an attachment matches a rule, the action specified by ATTACHMENT_ACTION= is applied to the attachment. Each rule has a message action associated with it. ACTION="<match_action>" defines the action to be applied to the message when it matches a rule. For example, an action could be to mark the item as evaluated but not archive it (ACTION="MARK_DO_NOT_ARCHIVE"). If the action is to archive the item, additional actions can be specified, such as assigning a specific retention category (RETENTION="<retention_category>") or storing the item in a particular archive (ARCHIVEID="<archive_ID>"). If no action is specified, it defaults to "ARCHIVE_ITEM". The preferred way to specify how messages that match a rule are to be archived is to assign a content category. A content category is a group of settings that are to be applied to an archived item. This can include a retention category, an archive ID and a list of the additional properties that are to be indexed by Enterprise Vault. You define content categories in the file custom properties.xml. See Content categories on page 527. If attachments to Exchange Server messages are to be evaluated, a rule must have an attachment action associated with it; ATTACHMENT_ACTION="<match_action>". If an attachment action is specified, an attachment attribute element ( <FILES> element) must also be present in the rule. This defines the file names or file size (or both) to use when matching attachments. If attachments match the specified attachment filter, the attachment action is performed. Attachments to nested messages are also processed by the filter.

Configuring filtering Configuring custom filtering

485

Note: For messages (and then attachments), each rule in the ruleset file will be evaluated in the order in which they appear in the file and only the first matching rule will be executed. For this reason, it is important to put the highest priority rules first.

Validation of XML ruleset files


Archiving tasks that are enabled for custom filtering validate ruleset XML against the schema, ruleset schema.xdr, when they start archiving items. If any of the XML is invalid, the tasks stop and you must correct any errors before restarting them. To avoid disrupting tasks because of syntactic errors, it is a good idea to validate your XML file before it is accessed by the tasks. You could use a third party tool, such as xsdvalidator:
http://apps.gotdotnet.com/xmltools/xsdvalidator/Default.aspx

When using the tool, specify the namespace as:


x-schema:ruleset schema.xdr

The schema file, ruleset schema.xdr, is shipped in the Custom Filter Rules folder . The schema must be referenced at the start of any ruleset files as follows:
<?xml version="1.0" encoding="UTF-8"?> <RULE_SET xmlns="x-schema:ruleset schema.xdr">

If the file contains non-ANSI characters, ensure the correct encoding is set on the first line and save the file using the appropriate encoding. Note: All the XML tags and predefined values shown in upper case in this document are case sensitive and must be entered as upper case in the ruleset file. Values entered should also be treated as case sensitive.

Rule actions
The following actions can be applied to messages that match a rule filter:

ACTION="ARCHIVE_ITEM" Archive the message. This is the default action if you do not include the ACTION= clause or a message does not match any of the rules. With this action you can have additional actions: assigning a retention category (RETENTION="<retention_category>") to the item, sending the item to a specific

486

Configuring filtering Configuring custom filtering

archive (ARCHIVEID="<archive_ID>") and assigning a particular content category.

ACTION="MARK_DO_NOT_ARCHIVE" Do not archive the message; leave it in the original location. Note: Messages marked as MARK_DO_NOT_ARCHIVE remain in the original location. If you are applying filtering to the journal mailbox or Domino journaling location, this action should only be used for a small number of messages, as leaving lots of messages may affect journaling performance. If you later change the rule action, you can temporarily set the Override registry key to 1 to force the task to reprocess marked items. The Override key is described in the sections describing how to configure custom filtering registry settings for archiving tasks:

Registry settings for Exchange Server journal filtering Configuring registry settings for Exchange Server user mailbox filtering Configuring registry settings for Exchange Server public folder filtering Configuring registry settings for Domino server journal filtering

ACTION="MOVE_DELETED_ITEMS" Do not archive the message; move it to the Deleted Items folder. This action is only supported for Exchange Server filtering. This action cannot be used with public folder filtering; if this action is configured, an error will be logged and the tasks will stop. ACTION="HARD_DELETE" Do not archive the message; delete it immediately without moving it to the Deleted Items folder. This action is only supported for Exchange Server filtering, but is not recommended for Exchange Server public folder filtering. Note: If the Compliance Accelerator Journaling Connector is being used to capture a required percentage of all Exchange Server journaled messages, do not configure a custom journal filter that deletes selected messages; this will compromise the accuracy of the Compliance Accelerator monitoring policy, because any deleted messages are not available for capture by the Journaling Connector.

With Exchange Server filtering, the following actions can be applied to message attachments that match an attachment filter:

Configuring filtering Configuring custom filtering

487

ATTACHMENT_ACTION="REMOVE" If a file attached to a message matches the name or size specified in the attachment attribute filter, delete it. ATTACHMENT_ACTION="REPLACE" If a file attached to a message matches the name or size specified in the attachment attribute filter, replace it with a file called Deleted Attachments.txt, which lists the attachments that have been deleted.

If the message has nested messages with attachments, the action will be applied to all nested message attachments. If the action applied to a message is "HARD_DELETE", no attempt is made to evaluate any files attached to the message. The extract below shows how a rule name, message action and attachment action might be specified in the ruleset file. In this example, any messages that satisfy the message attribute filters will be archived in the default archive. Also, any Exchange Server messages attachments that match the attachment filter will be deleted and replaced with a file called Deleted Attachments.txt:
<RULE NAME="Archive Rule 1" ACTION="ARCHIVE_ITEM" ATTACHMENT_ACTION="REPLACE"> <message attribute filters> <attachment attribute filter> </RULE>

Deleted Attachments.txt file


If the attachment action is "REPLACE", users will see a file called Deleted Attachments.txt attached to messages that have had attachments deleted by the filter. When they open this file, it contains a list of the files that have been deleted. The contents of this file are taken from the file, CF_Replace_Attachment.txt, in the Enterprise Vault directory (typically, C:\Program Files\Enterprise Vault). If required, you can modify the text of this file. For example, you may want to localize the descriptive text.

Assigning a retention category


The RETENTION="<retention_category>" option is only applicable if the rule action is ACTION="ARCHIVE_ITEM". Retention_category is the name of an existing retention category defined in Enterprise Vault. A different retention category may be specified for different rules.

488

Configuring filtering Configuring custom filtering

The extract below shows how the option might be specified in the ruleset file. In this example, any messages that satisfy the message attribute filters will be archived and given the retention category, Legal:
<RULE NAME="Example rule2" ACTION="ARCHIVE_ITEM" RETENTION="Legal"> <message attribute filters> </RULE>

Specifying a specific archive


The ARCHIVEID="<archive_ID>" option is only applicable if the rule action is ACTION="ARCHIVE_ITEM". Archive_ID identifies an existing, enabled archive. You can define a different archive for different rules. If you do not specify an archive, the default archive for the mailbox or public folder is used. The extract below shows how the option might be specified in the ruleset file. In this example, any messages that satisfy the message attribute filters will be stored in the archive specified:
<RULE NAME="Example rule" ACTION="ARCHIVE_ITEM" ARCHIVEID="15165263832890493848568161647.server1.local"> <message attribute filters> </RULE>

To find the ID of the required archive

1 2

Right-click the archive in the Enterprise Vault Administration Console. Select Properties. The archive ID is displayed on the Advanced page of Properties.

Message attribute filters


Each rule can contain one or more message attribute filters. Each message attribute filter defines an attribute in the message to evaluate. To match a rule, a message must satisfy all the message attribute filters included in the rule. That is to say, there is an implicit AND between all message attributes included in a rule. The order of the attributes within a rule is not significant. Message attributes are defined in a rule using the following general format:
<RULE NAME="rule_name" ...> <message_attribute [attribute_value_operators]> <attribute_value> [<attribute_value>]

Configuring filtering Configuring custom filtering

489

</message_attribute> [<message_attribute>... </message_attribute>] </RULE>

<message_attribute> defines a message attribute to match. This can be AUTHOR, RECIPIENTS, DIRECTION or SUBJECTS. <attribute_value> defines the message attribute value(s) to match. For each attribute there may be one or more values. <attribute_value_operators> are special operator options that enable you to define how values for an attribute are to be applied. The operators INCLUDES= and ALLOWOTHERS= are particularly useful if you want to define negative and positive matches when filtering on AUTHOR, RECIPIENTS and SUBJECTS. See The INCLUDES and ALLOWOTHERS operators on page 493. Attribute value operators are not available when filtering on message DIRECTION.

Filters for message authors and recipients


To match message sender ("From" address) and recipient addresses ("To", "cc", "Bcc" and "Undisclosed" addresses), you can use the message attributes <AUTHOR> </AUTHOR> and <RECIPIENTS></RECIPIENTS>; in the ruleset file outline, message attributes are shown as:
<message_attribute> ...</message_attribute>

You can specify the actual addresses to match as SMTP email addresses, display names or SMTP domains using the following XML elements (these are represented by the <attribute_value> lines in the ruleset file outline):

<EA>name@domain</EA> This form can be used to specify SMTP addresses. The value specified must be the complete SMTP email address; if the value specified here is only part of an address, the message will not match. Wildcard characters cannot be used. If the character & is included in an SMTP address, the character must be replaced with
&amp;

as & is a special character in XML. For example, the SMTP address admin&finance@ourcompany.com should be specified in the XML file as:
admin&amp;finance@ourcompany.com

<DISPN>display name</DISPN>

490

Configuring filtering Configuring custom filtering

This form can be used to specify display names. As with the SMTP address, the value must be the full display name, without wildcard characters. An example display name for Exchange Server messages is
<DISPN>John Doe</DISPN>

For Domino server messages, the format of display names will depend on the Domino server configuration. To match all required messages, ensure that you include all possible variations for a display name. For example, display names could take one or more of the the following forms:
<DISPN>Kevin Smith/exampleorg@exampledomain</DISPN> <DISPN>CN=Kevin Smith/O=exampleorg@exampledomain</DISPN> <DISPN>Kevin Smith/exampleorg%dominodomain@exampledomain</DISPN>

If Organizational Units are included in display names, these must also be specified. For example,
<DISPN>CN=Kevin Smith/OU=Sales/O=exampleorg@exampledomain</DISPN>

<DOMAIN>exampledomain.com</DOMAIN> This form can be used to specify SMTP domains. The value specified can be the full domain or a subdomain. For example, if the following domain value is specified:
<DOMAIN>ourcompany.com</DOMAIN>

The following addresses will match:


john.doe@ourcompany.com jack.doe@hq.ourcompany.com jane.doe@uk.hq.ourcompany.com

but the following address will not match:


john.doe@hqourcompany.com

<DL>distribution list name</DL> This option is only supported for Exchange Server filtering. Use this form when you want to match messages that have been sent to any members of the specified distribution list. For example, if a rule contains the following line:
<DL>ALL SALES</DL>

Configuring filtering Configuring custom filtering

491

Then messages sent to any member of the distribution list called ALL SALES will match, irrespective of whether the members name is shown as the Display Name or SMTP address on the message. See Distribution lists in attribute values on page 492. Note: Matching attribute values is case-insensitive. The following example shows how you can specify a simple rule to archive and set the retention category "Legal" on any messages sent from anyone in the domain, ourcompany.com, with legal@ourcompany.com or the Lotus Notes user, Greg Court, in the recipient list:
<RULE ... ACTION=ARCHIVE_ITEM RETENTION=legal> <AUTHOR> <DOMAIN>ourcompany.com</DOMAIN> </AUTHOR> <RECIPIENTS> <EA>legal@ourcompany.com</EA> <DISPN>Greg Court/ourorg@ourcompany.com</DISPN> </RECIPIENTS> </RULE>

The attribute value operators, INCLUDES= and ALLOWOTHERS=, enable you to define complex filters. See The INCLUDES and ALLOWOTHERS operators on page 493. Note the following:

There are situations where messages may not have an SMTP address; for example, messages imported into a mailbox from a PST file and Exchange Server addresses set up for internal messaging only. For this reason you may want to include both the display name and the email address in a rule (provided you are not using the INCLUDES="ALL" operator). Be aware that display names do not have to be unique; an external sender, for example, could have the same display name as an internal sender. If changes to your Microsoft Exchange Server Global Address List (or Global Address Catalog in Active Directory) affect users or distribution lists included in custom filters, you may have to update your custom filter rules accordingly. For example, if you are filtering on the display name of a distribution list and then change the display name, you will need to update the appropriate ruleset file entry. Changes made to the Microsoft Exchange Server Global Address List will not become effective until the next scheduled GAL update. If, for example, a users

492

Configuring filtering Configuring custom filtering

address has been changed to their married name, and you have set up a filter that includes the new address as AUTHOR, there may be a delay before messages are matched.

To ensure that Bcc and Undisclosed recipients are available when filtering on the Exchange Server journal mailbox, Envelope Journaling must be enabled on your Microsoft Exchange Server. For more information on this subject, see Enterprise Vault and Exchange Server Envelope Journaling.

Distribution lists in attribute values


If you want to match all messages sent to members of a particular Exchange Server distribution list, then use the <DL> </DL> message attribute. For example,
<RECIPIENTS> <DL>ALL SALES</DL> </RECIPIENTS>

would match any message sent to any member of the distribution list, ALL SALES. For this matching to work, ensure that expansion of distribution lists is enabled in the Administration Console (in the "Archiving General" settings on the "Advanced" tab of the Exchange journal policy). Also, the distribution list must not be included in the "blacklisted" distribution list registry setting, BlacklistedDLs, which can be created in the following location:
HKEY_LOCAL_MACHINE \SOFTWARE \KVS \Enterprise Vault \Agents

For Domino server filtering (and also Exchange Server filtering), you can specify distribution lists using the <EA>, <DISPN> and <DOMAIN> message attributes. However, only messages with the specified string will match; no attempt is made to compare message recipients with individual members in the specified distribution list. For example, the members of an Exchange Server distribution list called ALL SALES are:

john.doe@ourcompany.com ken.brookes@ourcompany.com len.scott@ourcompany.com

In the ruleset file, the following message attribute filter is specified in a rule:

Configuring filtering Configuring custom filtering

493

<RECIPIENTS> <DISPN>ALL SALES</DISPN> </RECIPIENTS>

If a message has the display name ALL SALES in the recipient list, the message will satisfy the attribute filter above. If the message does not have the display name ALL SALES in the recipient list, it will not match the attribute filter, even if the recipient list does include the email address of a member of the distribution list.

The INCLUDES and ALLOWOTHERS operators


You can create more complex filters by specifying several values for AUTHOR or RECIPIENTS message attributes and using the operators, INCLUDES= and ALLOWOTHERS= to define how the attribute values are to be matched. INCLUDES= can have the following values:

INCLUDES="NONE" means match messages that do not include the values specified for the attribute INCLUDES="ANY" means match messages that include one or more of the values specified for the attribute INCLUDES="ALL" means match messages that include all of the values specified for the attribute

If the INCLUDES= operator is not specified, INCLUDES="ANY" is assumed. ALLOWOTHERS= can have the following values:

ALLOWOTHERS="N" means match messages that include only the values specified in the filter and no others ALLOWOTHERS="Y" means that matched messages can include attribute values other than those listed in the filter can be included

If the ALLOWOTHERS= operator is not specified, ALLOWOTHERS="Y" is assumed. In the following example, messages will match the rule if they have all three of the listed email addresses (INCLUDES="ALL"), and only these addresses (ALLOWOTHERS="N"), in the recipient list:
<RULE ... > <RECIPIENTS INCLUDES="ALL" ALLOWOTHERS="N"> <EA>john.doe@ourcompany.com</EA> <EA>ken.brookes@ourcompany.com</EA> <EA>len.scott@ourcompany.com</EA> </RECIPIENTS> </RULE>

494

Configuring filtering Configuring custom filtering

In the next example, messages will match the rule if they have any of the listed email addresses (INCLUDES="ANY") but nothing else (ALLOWOTHERS="N"):
<RULE ... > <RECIPIENTS INCLUDES="ANY" ALLOWOTHERS="N"> <EA>john.doe@ourcompany.com</EA> <EA>ken.brookes@ourcompany.com</EA> <EA>len.scott@ourcompany.com</EA> </RECIPIENTS> </RULE>

In the next example, messages will match the rule if they do not include any of the listed email addresses in the recipient list (INCLUDES="NONE"). Matched messages can have other addresses in the recipient list (ALLOWOTHERS="Y"):
<RULE ... > <RECIPIENTS INCLUDES="NONE" ALLOWOTHERS="Y"> <EA>john.doe@ourcompany.com</EA> <EA>ken.brookes@ourcompany.com</EA> <EA>len.scott@ourcompany.com</EA> </RECIPIENTS> </RULE>

If you want to specify both positive and negative matches within a single rule, you can have multiple message attribute entries and use INCLUDES="NONE" or INCLUDES="ALL", as appropriate. For example:
<RULE ... > <RECIPIENTS INCLUDES="NONE"> <EA>john.doe@ourcompany.com</EA> <EA>len.scott@ourcompany.com</EA> </RECIPIENTS> <RECIPIENTS> INCLUDES="ALL"> <EA>Ken.Brookes@ourcompany.com</EA> <EA>robert.hill@ourcompany.com</EA> </RECIPIENTS> </RULE>

In the above example, messages will match if they do not include john.doe@ourcompany.com or len.scott@ourcompany.com in the recipient list:
<RECIPIENTS INCLUDES="NONE" ...</RECIPIENTS>

but do include both ken.brookes@ourcompany.com and robert.hill@ourcompany.com

Configuring filtering Configuring custom filtering

495

<RECIPIENTS INCLUDES="ALL" ... </RECIPIENTS>

By using different combinations of INCLUDES= and ALLOWOTHERS= values, you can set fairly complex filters. Table 40-3 shows filter results for different messages when different combinations of values are set for the operators, INCLUDES= and ALLOWOTHERS=, in the following example filter:
<RULE ... ACTION="ARCHIVE_ITEM"> <RECIPIENTS INCLUDES="NONE|ANY|ALL" ALLOWOTHERS="N|Y"> <EA>Ann@example.com</EA> <EA>Bill@example.com</EA> </RECIPIENTS> </RULE>

Ann@example.com and Bill@example.com are the recipient addresses to match. Table 40-3 Operator values set Msg 1: recipient is Ann
no match

Effect of using different operator value combinations Msg 2: Msg 3: Msg 4: Msg 5: recipients are recipients are recipients are recipient is Ann & Bill Ann, Bill & Bill & Colin Colin Colin
no match no match no match match

INCLUDES="NONE" + ALLOWOTHERS="Y" INCLUDES="NONE "+ ALLOWOTHERS="N" INCLUDES="ANY "+ ALLOWOTHERS="Y" INCLUDES="ANY" + ALLOWOTHERS="N" INCLUDES="ALL" + ALLOWOTHERS="Y" INCLUDES="ALL" + ALLOWOTHERS="N"

no match

no match

no match

no match

no match

match

match

match

match

no match

match

match

no match

no match

no match

no match

match

match

no match

no match

no match

match

no match

no match

no match

In the table, the main column headings show the recipients in five different test messages. (For brevity, the recipients are called Ann, Bill, and Colin in the column headings.)

496

Configuring filtering Configuring custom filtering

The first column shows different combinations of values set for the INCLUDES= and ALLOWOTHERS= operators. "no match" means that, if the operator combination shown in the left column is set, a message sent to the recipients shown in the column heading would not satisfy the filter rule and would not be archived (that is, the rule action is not applied). "match" means that, if the operator combination shown in the left column is set, a message sent to the recipients shown in the column heading would satisfy the filter rule and be archived. Figure 40-2 and Figure 40-3 illustrate what happens in two of the scenarios in Table 40-3. Figure 40-2 Msg 1 with INCLUDES="NONE" and ALLOWOTHERS="N"

Configuring filtering Configuring custom filtering

497

Figure 40-3

Msg 1 with INCLUDES="ANY" and ALLOWOTHERS="Y"

Message direction filters


The <DIRECTION></DIRECTION> message attribute enables you to match messages based on the direction of the message, in relation to the organization, without needing to specify the author or recipient details in the rule. Message direction can be internal to the organization, outbound from the organization or inbound to the organization. This option is available for both Exchange Server and Domino server filtering. One or more of the following values can be specified in the <DIRECTION></DIRECTION> message attribute:

INTERNAL="Y" means match the message if it is from an internal address to an internal address. The message must not include any external addresses in the recipient list. OUTBOUND="Y" means match the message if it is from an internal address to an external address. The message must include at least one external address in the recipient list. INBOUND="Y" means match the message if it is from an external address to an internal address. The message must include at least one internal address in the recipient list.

If the value is not specified, it defaults to "N". For any messages to match, at least one value must be set to "Y".

498

Configuring filtering Configuring custom filtering

The following example rule will archive and set the retention category "Internal", on messages from one internal address to another internal address only. Note that a message from one internal address to another internal address that also has an external address in the recipient list will be treated as external:
<RULE NAME="Internal only" RETENTION="Internal" > <DIRECTION INTERNAL="Y" OUTBOUND="N" INBOUND="N"/> </RULE>

The following example rule will archive and set the retention category "External", on messages sent to or received from addresses outside the organization:
<RULE NAME="External" RETENTION="External" > <DIRECTION OUTBOUND="Y" INBOUND="Y"/> </RULE>

Defining which addresses are internal


To determine whether addresses are internal or external addresses, Enterprise Vault uses the SMTP address domains listed for the system mailbox account associated with the Enterprise Vault Journaling task. You can see the email addresses associated with a mailbox in Active Directory. For example, if the following SMTP addresses are listed for the system mailbox:

VaultAdmin@ourcompanyplc.com VaultAdmin@ourcompanyinc.com

then any of the following addresses will be recognized as internal:


*@ourcompanyplc.com *@[*.]ourcompanyplc.com *@ourcompanyinc.com *@[*.]ourcompanyinc.com

where [*.] means the string can be repeated, as in john.doe@sales.emea.ourcompanyplc.com. Any other addresses are treated as external. With Exchange Server filtering, addresses from local Microsoft Exchange Servers are also regarded as internal. (These addresses include the MAPI attribute, PR_SENDER_ADDRTYPE.) For Exchange Server users, you can change the email addresses associated with a mailbox in Active Directory.

Configuring filtering Configuring custom filtering

499

Alternatively, you can specify additional internal domains using the InternalSMTPDomains registry key. Use this method to define internal addresses for Domino server filtering. To add domains using the registry key, do the following on each computer with an Enterprise Vault Exchange or Domino Journaling task

Start Regedit and navigate to the following location:


HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \Agents

2 3

Create a new String Value called InternalSMTPDomains. Modify the key and in the Value Data field enter the required domains as a semicolon delimited string. For example, setting this string to the following means that addresses such as jld@eng.uk.ourcompanyinc.com and kv@hq.ourcompany.parentcorp.com will also be treated as internal:
"ourcompanyplc.com; ourcompanyinc.com; ourcompany.parentcorp.com"

Message subject filters


The <SUBJECTS></SUBJECTS> message attribute enables you to match messages on the subject text of the message. Within a <SUBJECTS> attribute, values to match can be defined as follows:

Match any message with a subject that is exactly the same as the specified string:
<SUBJ MATCH="EXACT">string</SUBJ>

Match any message with a subject that contains the specified string:
<SUBJ MATCH="CONTAINS">string</SUBJ>

Match any message with a subject that starts with the specified string:
<SUBJ MATCH="STARTS">string</SUBJ>

Match any message with a subject that ends with the specified string:

500

Configuring filtering Configuring custom filtering

<SUBJ MATCH="ENDS">string</SUBJ>

Matching against attribute values is case insensitive. Wildcards cannot be used. In the following example, messages that have a subject of exactly "Welcome New Employee" or starts with "Salary Summary for" or ends with "Message Notification" will be moved to the wastebasket without being archived:
<RULE NAME="Delete" ACTION="MOVE_DELETED_ITEMS"> <SUBJECTS> <SUBJ MATCH="EXACT">Welcome New Employee</SUBJ> <SUBJ MATCH="STARTS">Salary Summary for</SUBJ> <SUBJ MATCH="ENDS">Message Notification</SUBJ> </SUBJECTS> </RULE>

The INCLUDES="NONE" operator can be used to match messages with a subject that does not include particular strings. For example, the following rule will match messages that do not have any of the specified values in the message subject:
<RULE ... > <SUBJECTS INCLUDES="NONE"> <SUBJ MATCH="EXACT">Welcome New Employee</SUBJ> <SUBJ MATCH="STARTS">Salary Summary for</SUBJ> <SUBJ MATCH="ENDS">Message Notification</SUBJ> </SUBJECTS> </RULE>

MAPI named properties filters


This option is only available with Exchange Server filtering. The <NAMEDPROP> </NAMEDPROP> message attribute enables you to select Exchange Server messages for processing depending on the value assigned to specific MAPI named properties. Named properties can be single-valued or multi-valued. The custom properties feature is used to define the required properties, so that they are indexed by Enterprise Vault. Users can then search archived messages for those with a particular value set for the named property. To find out how to define named properties, see Additional properties. A named property filter takes the following general format:
<NAMEDPROP TAG="EV_tag_name" INCLUDES="operator_value"> <PROP VALUE="value" />

Configuring filtering Configuring custom filtering

501

[<PROP VALUE="value" />] </NAMEDPROP>

The value of the TAG attribute is the name by which Enterprise Vault knows the property. This is the TAG value set in the custom properties.xml file. The operator value can be "ANY", "NONE" or "ALL". Each <PROP> line defines a specific value for the property that custom filtering is to use when evaluating messages. Assuming that a third party application adds a multi-valued, named MAPI property called "Location" to messages, to identify the department and location of the sender or recipient. This named property is identified in the custom properties.xml file and given the tag name, "Loc". The following example shows a filter that would match messages that have the value "Pittsburgh" or "Finance" set for the "Location" property. Any messages that match are archived with the retention category, "Confidential".
<!--Example: Archive items that have Pittsburgh or Finance as values for the Location property --> <RULE NAME="Location rule" ACTION="ARCHIVE_ITEM" RETENTION="Confidential"> <NAMEDPROP TAG="Loc" INCLUDES="ANY"> <PROP VALUE="Pittsburgh" /> <PROP VALUE="Finance" /> </NAMEDPROP> </RULE>

Searches could be performed for messages that have specific values set for that named property. For more information on named properties, see the Microsoft article: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/mapi/html/ 838aafb5-13d1-4ab9-860a-2398d885b5c7.asp

Attachment attribute filters


This option is only available with Exchange Server filtering. To enable you to delete certain attachments before archiving messages, a rule can contain attachment attribute filters which define which attachment files to select. The following example XML shows how you can include one or more attachment attribute filters in a rule:

502

Configuring filtering Configuring custom filtering

<RULE NAME="rule_name" ... ATTACHMENT_ACTION="<action>"> [<message_attribute>... </message_attribute>] <FILES INCLUDES="ANY|ALL|NONE"> <FILE FILENAME="<filename>" SIZE_GREATER_THAN_KB="<integer>" /> <FILE ... /> ... </FILES> <FILES INCLUDES="ANY|ALL|NONE"> <FILE ... /> ... </FILES> </RULE>

The <FILES> tag defines an attachment filter. If you specify an attachment action (ATTACHMENT_ACTION=), then you need to include at least one attachment filter (using the <FILES> tag). For an attachment to match a rule (and the attachment action applied), the attachment must satisfy all attachment filters specified in the rule. The order of attachment filters in a rule is not significant. The INCLUDES= operator enables you to define how the following attribute lines are to be applied, when evaluating each attachment. An attachment filter contains one or more <FILE> elements, that define the attributes to match. Each <FILE> element contains one or both of the following attributes:

FILENAME="<filename>" <filename> is all or part of the file name to match. Wildcards can be included in the file name. You can use this attribute to filter files with specific text strings in the name or extension, for example, "*.AVI". When selecting files using the file extension, custom filtering only evaluates the file name, it does not check the type of the file contents; If files that would normally be deleted by a filter are given a different extension, they will not be deleted by the filter. Also, files contained in compressed files, such as .ZIP files, are not evaluated.

SIZE_GREATER_THAN_KB="<integer>" This enables you to configure the filter to remove attachments over a certain size.

Configuring filtering Configuring custom filtering

503

Where file name and size are specified in a <FILE> element, both must be satisfied for an attachment to match. For example, if an attachment is to match the following line, it must have an extension of .MP3 and be larger than 1 MB:
<FILE FILENAME="*.MP3" SIZE_GREATER_THAN_KB="1000" />

If you specify multiple <FILE> elements to use in evaluating attachment files, each one will be applied. For an attachment to match the rule, it must match each <FILE> element. To define how the <FILE> lines are to be applied, when evaluating each attachment, use the INCLUDES= operator:

INCLUDES="ANY" means that the attachment matches if it has the attributes specified in at least one of the <FILE> lines. This is the default action if the operator is not specified. INCLUDES="ALL" means that the attachment matches only if it has the attributes specified in all the <FILE> lines. INCLUDES="NONE" means that the attachment matches if it does not include any of the attributes specified in the <FILE> lines.

In the following example, an attachment will match the filter if all the following are true:

The file is an MP3 file larger than 2MB The file name includes the text, "enlarge", and the file is larger than 1 MB The file has the extension, MPG The file is larger than 12 MB

<FILES INCLUDES="ANY"> <FILE FILENAME="*.MP3" SIZE_GREATER_THAN_KB="2000" /> <FILE FILENAME="*enlarge*.*" SIZE_GREATER_THAN_KB="1000" /> <FILE FILENAME="*.MPG" /> <FILE SIZE_GREATER_THAN_KB="12000" /> </FILES>

The following example shows how multiple attachment filters can be used to exclude certain attachments from deletion:
<RULE NAME="Filter attachments rule" ... ATTACHMENT_ACTION="REMOVE"> [<message_attribute>... </message_attribute>] <FILES INCLUDES="NONE"> <FILE FILENAME="signature.jpg" />

504

Configuring filtering Configuring custom filtering

</FILES> <FILES INCLUDES="ANY"> <FILE SIZE_GREATER_THAN_KB="5000" /> </FILES> </RULE>

With these attachment filters, attachments will be deleted if they do not have the filename, signature.jpg, and are larger than 5 MB.

How message and attachment filters are applied


This section describes the order in which message and attachment evaluation is applied when filtering Exchange Server messages. Note: With Domino server filtering, attachment evaluation is not available. This means that only message attribute filters are applied and attached messages are not evaluated. When custom filters processes messages, the following general points are observed:

Messages and attachments are evaluated separately. Messages are evaluated first against rules in the ruleset file, and then attachments are evaluated against any rules that contain an attachment action. If an attachment is a message, the message is evaluated using message filters in rules (with attachment action set) and then any attachments to the nested message are evaluated using attachment filters in rules. When evaluating a message, only the first rule in the ruleset file that matches the message is applied. Similarly, when evaluating attachments, only the first rule that matches is applied to the attachment. For this reason the order of rules in a ruleset file is significant. The rule action (and attachment action) are only applied to a message (or attachment) that satisfies all the filters in the rule. The default action for both messages and attachments is to archive the item. This means that messages and attachments that do not match any rules will be archived.

Figure 40-4 shows how custom filtering processes a message with attachments.

Configuring filtering Configuring custom filtering

505

Figure 40-4

Processing attachments

The message illustrated has a nested message attached and that message has a file attached. The simple ruleset file has two rules that contain message filters and one rule that contains attachment filters, as follows:

The top-level message is evaluated using the first message rule, rule1. If that rule does match, then the rule ACTION is applied to the message. If the rule does not match, then rule2 is tried. (If the message ACTION is HARD_DELETE", no further evaluation is done.) As there is a rule with ATTACHMENT_ACTION, and the message has an attachment, the message attachment is evaluated using the attachment filters in rule3. Custom filters recognizes that the attachment is a message, so the message is evaluated against message filters in any rules with ATTACHMENT_ACTION set. In this example, only rule3 has ATTACHMENT_ACTION set and it does not have any message filters, so the message will not match the rule. Items that do not match filter rules are archived (the default action). The attachment to the nested message is then evaluated using the attachment filters in rule3. If the attachment matches the attachment filters then the ATTACHMENT_ACTION is applied to the attachment.

Message filters and attachment filters can be combined in a single rule to select attachments to particular messages. Figure 40-5 shows an example message to the recipient, Karen Little, that has an MP3 file attached and also a message attached (a nested message).

506

Configuring filtering Configuring custom filtering

Figure 40-5

Example message with attachments

The message may also have attachments. The following example ruleset file contains a single rule to be applied to this message. The overall effect of this rule is to delete certain attachments in Exchange Server messages to recipients other than Gill Smith or John Doe. Attachments in messages to Gill Smith or John Doe are not deleted. Attachments with the following attributes will be deleted:

MP3 attachments larger than 2 MB JPG attachments larger than 1 MB MPG files larger than 5 MB

<?xml version="1.0" encoding="UTF-8"?> <RULE_SET xmlns="x-schema:ruleset schema.xdr"> <!--Disallowed attachment rule: This rule will delete the specified attachments for all recipients except Gill Smith and John Doe.--> <RULE NAME="Disallowed attachments (except directors)" ATTACHMENT_ACTION="REMOVE" > <RECIPIENTS INCLUDES="NONE" ALLOWOTHERS="N"> <EA>Gill.Smith@example.com</EA> <EA>John.Doe@example.com</EA> </RECIPIENTS> <FILES INCLUDES="ANY"> <FILE FILENAME="*.MP3" SIZE_GREATER_THAN_KB="2000" /> <FILE FILENAME="*.JPG" SIZE_GREATER_THAN_KB="1000" /> <FILE FILENAME="*.MPG" SIZE_GREATER_THAN_KB="5000" /> </FILES> </RULE>

Configuring filtering Configuring custom filtering

507

Assuming the appropriate archiving task has custom filtering enabled, the filters in this ruleset will be applied to the example message, as follows:

First apply the message attribute filter (the <RECIPIENTS> element) to the top-level message. The recipient is not Gill Smith or John Doe, so the message attribute filter matches. As the message matches the rule, it will be archived (ACTION=). Is there a rule that contains ATTACHMENT_ACTION? Yes. This means that any attachments to the message must be evaluated using <FILES> attachment filters. Does the attachment file name and file size match any of the <FILE> attribute lines in the rule? Yes, the attached file matches the first <FILE> line. This means that the attachment matches the rule, so delete the attachment, as specified in the ATTACHMENT_ACTION. Does the message have another attachment? Yes, there is an attached message. Custom filtering recognizes that the attachment is a message and evaluates the message using the message attribute filter (the <RECIPIENTS> element). As the nested message is to John Doe, the <RECIPIENTS> filter is not satisfied. The message is therefore archived together with its attachments.

Example ruleset file


The following shows an example of the ruleset file, "Default Filter Rules.xml" (a renamed copy of "Example Filter Rules.xml"). If the registry keys have been set to enable custom filtering for Domino journaling locations and Exchange Server user and journal mailboxes and public folders, this file will be used for filtering any archiving targets that do not have a named ruleset file.
<?xml version="1.0" encoding="UTF-8"?> <RULE_SET xmlns="x-schema:ruleset schema.xdr"> <!-- Example Rule 1: This rule will exclude any email from archiving if it originates from someone in the Employee Benefits distribution list.--> <RULE NAME="Benefits correspondence" ACTION="MARK_DO_NOT_ARCHIVE"> <AUTHOR> <DISPN>HR Employee Benefits</DISPN> </AUTHOR> </RULE>

508

Configuring filtering Configuring custom filtering

<!--Example Rule 2: This rule will exclude any email from archiving if it is sent to someone in the Employee Benefits distribution list.--> <RULE NAME="Benefits correspondence" ACTION="MARK_DO_NOT_ARCHIVE"> <RECIPIENTS> <DISPN>HR Employee Benefits</DISPN> </RECIPIENTS> </RULE> <!--Example Rule 3: This rule will move email to the wastebasket if it comes from any of the sources listed, and is about any of the subjects listed.--> <RULE NAME="Newsletters" ACTION="MOVE_DELETED_ITEMS"> <AUTHOR INCLUDES="ANY"> <EA>icweek@ucg.com</EA> <EA>WebDirect@ACLI.com</EA> <DOMAIN>limra.com</DOMAIN> </AUTHOR> <SUBJECTS INCLUDES="ANY"> <SUBJ MATCH="STARTS">Society SmartBrief</SUBJ> <SUBJ MATCH="EXACT">TaxFacts ENews</SUBJ> </SUBJECTS> </RULE> <!--Example Rule 4: Delete mail from known junk-mail sources, (and others), if it contains certain common spam subjects--> <RULE NAME="Junk Mail" ACTION="HARD_DELETE"> <AUTHOR INCLUDES="ANY" ALLOWOTHERS="Y"> <DOMAIN>indiatimes.com</DOMAIN> <DOMAIN>websavings-usa.net</DOMAIN> </AUTHOR> <SUBJECTS INCLUDES="ANY"> <SUBJ MATCH="CONTAINS">enlargement</SUBJ> <SUBJ MATCH="CONTAINS">weight loss</SUBJ> </SUBJECTS> <SUBJECTS INCLUDES="ALL"> <SUBJ MATCH="CONTAINS">debt</SUBJ> <SUBJ MATCH="CONTAINS">consolidate</SUBJ> <SUBJ MATCH="CONTAINS">loan</SUBJ>

Configuring filtering Configuring custom filtering

509

</SUBJECTS> </RULE> <!--Example 5: Take default action (ARCHIVE_ITEM) if the subject matches the composite rule: Must start with "MEMO", contain "INTERNAL" and end in "OurCompany" e.g. "MEMO : Contains information internal to OurCompany" would match, but "MEMO : do not distribute" would not match Also allocates the message to a content category "Memoranda"--> <RULE NAME="Internal Memo" CONTENTCATEGORY="Memoranda"> <SUBJECTS INCLUDES="ALL"> <SUBJ MATCH="STARTS">Memo</SUBJ> <SUBJ MATCH="CONTAINS">Internal</SUBJ> <SUBJ MATCH="ENDS">OurCompany</SUBJ> </SUBJECTS> </RULE> <!--Example 6: take default action (ARCHIVE_ITEM) on any email from management members included here Email from management will be categorised under "ManagementMail" and retained as "Important"--> <RULE NAME="Management" CONTENTCATEGORY="ManagementMail" RETENTION="Important"> <AUTHOR INCLUDES="ANY"> <EA>mike.senior@management.com</EA> <EA>jon.little@management.com</EA> <EA>jill.taylor@management.com</EA> </AUTHOR> </RULE> <!--Example 7: take default action (ARCHIVE_ITEM) if an email is addressed to any of the managers AND NO ONE ELSE The message will be archived in a special archive reserved only for this kind of email - specified by the ARCHIVEID--> <RULE NAME="Sent to Management ONLY" ARCHIVEID="16611B008A3F65749BC4118182E0021461110000evsite. ourcompany.com "> <RECIPIENTS INCLUDES="ANY" ALLOWOTHERS="N"> <EA>mike.senior@management.com</EA>

510

Configuring filtering Configuring custom filtering

<EA>jon.little@management.com</EA> <EA>jill.taylor@management.com</EA> </RECIPIENTS> </RULE> <!--Example 8: do not archive mail that was sent to someone outside OurCompany--> <RULE NAME="External Recipient" ACTION="MARK_DO_NOT_ARCHIVE"> <RECIPIENTS INCLUDES="NONE"> <DOMAIN>OurCompany.com</DOMAIN> </RECIPIENTS> </RULE> <!--Example 9: Archive and give the existing Retention Category, Internal, to any email that was sent only to employees in OurCompany.--> <RULE NAME="Internal Recipient" ACTION="ARCHIVE_ITEM" RETENTION="Internal"> <DIRECTION INTERNAL="Y"/> </RULE> </RULE_SET> <!--Example 10: use a special retention category for mail addressed to any members of the specified DL This feature is not currently supported for Domino server filtering --> <RULE NAME="On the VIP list" RETENTION="VeryImportant"> <RECIPIENTS> <DL>TheVIPs</DL> </RECIPIENTS> </RULE> <!--Example 11: delete MP3 attachments before archiving - This feature is not currently supported for the Domino server filtering --> <RULE NAME="DeleteMP3s" ATTACHMENT_ACTION="REMOVE"> <FILES> <FILE FILENAME="*.MP3"/> </FILES> </RULE> <!--Example 12: match against named MAPI properties defined in Custom Properties.XML - This feature is not currently supported

Configuring filtering Configuring custom filtering

511

for the Domino server filtering --> <RULE NAME="Category Match" ACTION="ARCHIVE_ITEM"> <NAMEDPROP TAG="CaseAuthor" INCLUDES="ANY"> <PROP VALUE="Engineering"/> <PROP VALUE="Support"/> </NAMEDPROP> <NAMEDPROP TAG="CaseStatus" INCLUDES="ANY"> <PROP VALUE="Open"/> <PROP VALUE="Pending"/> </NAMEDPROP> </RULE>

512

Configuring filtering Configuring custom filtering

Chapter

41

Configuring custom properties


This chapter includes the following topics:

About configuring custom properties Control of default settings General format of custom properties.xml Additional properties Content categories Defining how properties are presented in applications Summary of custom property elements and attributes

About configuring custom properties


Read this chapter to find out:

How to include in Enterprise Vault indexes additional properties on an item, for example, properties that have been added to messages by third-party applications. How to configure the browser search to enable users to search on these indexed properties. How to configure content categories.

The custom properties feature is an extension to custom filtering that enables Enterprise Vault to access and index additional message properties when archiving

514

Configuring custom properties About configuring custom properties

items. Properties can be Exchange Server MAPI or Domino server properties that have been added to messages by a third-party application, as follows:

Standard MAPI properties that are not currently indexed by Enterprise Vault Custom MAPI properties Named MAPI properties Domino server message properties

Content categories are groups of settings to be applied to messages as they are archived. Settings can include a retention category to be applied, an archive to be used and particular message properties to be indexed. You can configure Enterprise Vault to apply a content category on all messages archived by particular archiving tasks. Alternatively, by using custom filtering together with custom properties, you can configure Enterprise Vault to apply a content category on selected messages only. Using named MAPI properties and custom filtering, you can also select messages to archive based on the value of specific named properties. You define custom properties and content categories in the XML file, "custom properties.xml", which must be located in the folder "Enterprise Vault\Custom Filter Rules". Additional entries in this file enable you to make the indexed properties available to the Web browser search, or other third party applications, so that users can include the custom properties in archive search criteria. An example of this file is installed in "Custom Filter Rules" with the name "Example Custom Properties.xml". An API is available to enable third-party applications to access the custom properties. If you have special filtering requirements for your archiving system, Symantec Corporation can supply the appropriate custom filters. To configure custom properties or content categories

Ensure that the custom filtering registry settings for the required archiving tasks are configured. These need to be set, even if you want to implement custom properties or content categories, without filtering. The registry settings are described in the following sections:

Registry settings for Exchange Server journal filtering Configuring registry settings for Exchange Server user mailbox filtering Configuring registry settings for Exchange Server public folder filtering

Configuring custom properties Control of default settings

515

Configuring registry settings for Domino server journal filtering

Create the XML file, custom properties.xml. Place this file in the folder Enterprise Vault\Custom Filter Rules. See General format of custom properties.xml on page 520. The entries in this file enable you to do the following:

Index custom properties on messages. Define required content categories. Display custom properties and content categories in Web search applications, so that users can include them in search criteria.

To configure Enterprise Vault to index specific custom properties on all messages, without performing any filtering, create a custom properties.xml file but no ruleset file. The custom properties.xml file must include definitions of the custom properties and a default content category. The default content category will be applied to all messages and defines which properties Enterprise Vault is to index. This behavior can be altered using the IGNORENODEFAULT registry setting. See Control of default settings on page 515.

If you want to index the properties on selected messages or apply content categories to selected messages, create the required filter rules and actions in XML ruleset files. These are held in one or more XML ruleset files, which must also be placed in the folder, Enterprise Vault\Custom Filter Rules. See Configuring custom filtering on page 470.

Restart the archiving tasks that have custom properties and filters enabled.

Control of default settings


If Enterprise Vault archiving tasks are enabled for filtering, the action they take when archiving is determined by the existence of the various configuration entities:

XML ruleset files in the folder, Enterprise Vault\Custom Filter Rules The XML ruleset file, Default Filter Rules.xml The XML custom properties file, custom properties.xml Content category entries in custom properties.xml

An additional configuration option, IGNORENODEFAULT registry entry, can be used to alter the archiving task behavior, if some of the configuration entities are not defined.

516

Configuring custom properties Control of default settings

See Setting IGNORENODEFAULT registry entry on page 516. Different configurations and the resulting actions of archiving tasks for each configuration are shown in Table 41-1 and Table 41-2.

Setting IGNORENODEFAULT registry entry


If the appropriate registry keys are configured to enable custom filtering and properties for archiving tasks, then certain configuration entities are required to define the default actions of the archiving tasks. For example, if specific targets are to be archived using particular filter rules, then a named XML ruleset file must exist for each of the archiving targets for custom filtering, and a Default Filter Rules.xml file must also exist to provide filtering rules for the other archiving targets serviced by the archiving tasks. If this file does not exist, then the archiving tasks will stop and an error reported in the event log. Alternatively, if the Default Filter Rules.xml file does not exist, but you configure the IGNORENODEFAULT registry entry, the archiving tasks ignore the fact that the file is missing and use the default archiving task policy settings when archiving all targets that do not have a named ruleset file. The IGNORENODEFAULT registry entry also enables you to restrict custom filtering to target archiving targets with named ruleset files only. (If the Default Filter Rules.xml file exists, it is used as the default by all archiving tasks enabled for custom filtering.) Similarly, to apply custom property indexing to specific target archiving locations, you would typically require the following configuration entities:

A custom properties.xml file with entries defining the custom properties to index and an associated content category. A separate, named ruleset file for each of the archiving targets requiring custom property indexing. In custom properties.xml, a default content category to use for all messages archived from other locations that are not covered by the named ruleset files.

However, if you want to restrict custom filtering and custom property indexing to the named targets, it is more efficient to omit setting the default content category in custom properties.xml and set the IGNORENODEFAULT registry entry. In this way, custom property indexing is applied only to locations explicitly defined by named ruleset files.

Configuring custom properties Control of default settings

517

To set the IGNORENODEFAULT registry entry for Exchange Server filtering

1 2 3

Log in as the Enterprise Vault Service account on the computer running the archiving tasks enabled for custom properties and filters. Start Regedit. Navigate to the following location:
HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Journaling|Mailbox|PublicFolder

4 5 6 7

Right-click the required archiving key (Journaling, Mailbox or PublicFolder) and select New,Key. Name the new key EnterpriseVault.CustomFilter. Right-click EnterpriseVault.CustomFilter and create a new DWORD called IGNORENODEFAULT. Set the value to 1 to ignore missing default files or settings. This key will apply to all tasks for the selected type of archiving.

8 9

Close Regedit. Restart the associated archiving tasks. In a distributed environment, where you have archiving tasks running on more than one computer, you need to perform these steps on each computer running archiving tasks that have been enabled for custom filtering and properties.

To set the IGNORENODEFAULT registry entry for Domino server filtering

1 2

Log in as the Enterprise Vault Service account on the computer running the archiving tasks enabled for custom properties and filters. Start Regedit.

518

Configuring custom properties Control of default settings

Navigate to the following location:


HKEY_LOCAL_MACHINE \Software \KVS \Enterprise Vault \External Filtering \Lotus Journaling

4 5 6 7

Right-click the Lotus Journaling key and select New,Key. Name the new key KVS.EnterpriseVault.LotusDomino.CustomFilter. Right-click KVS.EnterpriseVault.LotusDomino.CustomFilter and create a new DWORD called IGNORENODEFAULT. Set the value to 1 to ignore missing default files or settings. This key will apply to all Domino Journaling tasks on the computer.

8 9

Close Regedit. Restart the associated archiving tasks. In a distributed environment, where you have archiving tasks running on more than one computer, you will need to perform these steps on each computer running archiving tasks that have been enabled for custom filtering and properties.

Summary of default archiving actions


Table 41-1 shows ten different configurations for custom filtering and properties. The resulting actions taken by archiving tasks in each case are described in Table 41-2. In all cases it is assumed that the appropriate registry settings have been configured to enable the archiving task for custom filtering. The following configuration entities are considered:

Named XML ruleset files in the folder, Enterprise Vault\Custom Filter Rules. In the example cases shown, John Doe.xml and Sam Cole.xml are named ruleset files for the mailboxes John Doe and Sam Cole respectively. Remember that named ruleset files can also be created for Exchange Server public folders, specific Exchange Server journal mailboxes, or specific Domino server journaling locations. See About custom filtering ruleset files on page 479.

Configuring custom properties Control of default settings

519

The default ruleset file for all types of archiving, Enterprise Vault\Custom Filter Rules\Default Filter Rules.xml. The custom properties XML file, Enterprise Vault\Custom Filter Rules\custom properties.xml, with custom properties defined for indexing. Content category entries in the custom properties.xml file. The registry setting, IGNORENODEFAULT, with a value of 1. Example custom filter and custom property configurations Named ruleset file exists: John Doe.xml
No No Yes Yes Yes Yes No No No No

Table 41-1 Case Custom properties file exists


No No No No No No Yes Yes Yes Yes

Default content category defined


No No No No No No No No Yes Yes

Named ruleset file exists: Sam Cole.xml


No No No No No No Yes Yes Yes Yes

Default ruleset file exists


No No No No Yes Yes No No No No

I G N O R E N O D E F A U L T set

1 2 3 4 5 6 7 8 9 10

No Yes No Yes No Yes No Yes No Yes

Table 41-2 Case


1

Resulting actions for example configurations

Resulting action
An error is written to the event log and the archiving task stops, because custom filtering is enabled but there is no ruleset file or custom property file. Missing defaults are ignored and both mailboxes are archived according to the default Exchange mailbox policy. An error is reported for Sam Coles mailbox and the archiving task stops, because no default ruleset file or custom properties file exists.

520

Configuring custom properties General format of custom properties.xml

Table 41-2 Case


4

Resulting actions for example configurations (continued)

Resulting action
John Does mailbox is archived according to rules in John Doe.xml and Sam Coles mailbox is archived according to the default Exchange mailbox policy. Missing defaults are ignored. John Does mailbox is archived according to rules in John Doe.xml and Sam Coles mailbox is archived according to the rules in Default Filter Rules.xml. No custom properties are indexed. Content categories cannot be used.

6 7

As for case 5. The fact that IGNORENODEFAULT is set makes no difference. An error is reported for John Does mailbox and the archiving task stops, because there is no applicable named ruleset file or default ruleset file or custom property file. John Does mailbox is archived according to rules in the default Exchange mailbox policy. Sam Coles mailbox is archived according to the rules in Sam Cole.xml. All messages are archived from John Does mailbox and custom properties indexed. Messages are archived from Sam Coles mailbox according to the rules in Sam Cole.xml. As for case 9. The fact that IGNORENODEFAULT is set makes no difference.

10

General format of custom properties.xml


For Enterprise Vault to access and index additional custom or standard MAPI properties on Exchange Server messages or additional properties on Domino server messages, the properties must be defined in the file, custom properties.xml, which you create in the Enterprise Vault\Custom Filter Rules folder on the computer running the archiving tasks enabled for custom filtering. The installed file, Enterprise Vault\Custom Filter Rules\Example Custom Properties.xml provides an example of this file. If this file is to contain non-ANSI characters, ensure the correct encoding is set on the first line and save the file with the appropriate encoding. The file has the following sections:

<CONTENTCATEGORIES></CONTENTCATEGORIES> This section defines available content categories. A content category is a group of settings that will be applied to an item when it is archived. This can include custom properties to index. See Content categories on page 527.

Configuring custom properties General format of custom properties.xml

521

<CUSTOMPROPERTIES></CUSTOMPROPERTIES> This section defines the additional message properties that are to be available to Enterprise Vault. See Additional properties on page 523. <PRESENTATION></PRESENTATION> This section defines how the content categories and custom properties are displayed to users in external applications, such as the Enterprise Vault Web Access application browser search. See Defining how properties are presented in applications on page 531.

Note: The order of these sections is significant. The following outline shows the general format of the file:
<?xml version="1.0" encoding="UTF-8"?> <CUSTOMPROPERTYMETADATA xmlns:xsi="http://www.w3.org/2001/ XMLSchema-instance" xsi:noNamespaceSchemaLocation="customproperties.xsd"> <!-- 1. DEFINITION OF CONTENT CATEGORIES AVAILABLE --> <CONTENTCATEGORIES> <CONTENTCATEGORY> ... </CONTENTCATEGORY> [<CONTENTCATEGORY> ... </CONTENTCATEGORY>] </CONTENTCATEGORIES> <!-- 2. DEFINITION OF CUSTOM PROPERTIES AVAILABLE --> <CUSTOMPROPERTIES> <NAMESPACE> ... </NAMESPACE> [<NAMESPACE> ... </NAMESPACE>] </CUSTOMPROPERTIES> <!-- 3. DEFINITION OF PRESENTATION PROPERTIES AVAILABLE --> <PRESENTATION> <APPLICATION> <FIELDGROUPS> <FIELDGROUP> ... </FIELDGROUP> [<FIELDGROUP> ... </FIELDGROUP>] </FIELDGROUPS> <AVAILABLECATEGORIES> <AVAILABLECATEGORY> ... </AVAILABLECATEGORY> [<AVAILABLECATEGORY> ... </AVAILABLECATEGORY>] </AVAILABLECATEGORIES> </APPLICATION> [<APPLICATION> ... </APPLICATION>] </PRESENTATION>

522

Configuring custom properties General format of custom properties.xml

Table 41-3 gives a summary description of all mandatory and optional elements and attributes in the file. Whenever you modify the file, you must restart the associated archiving tasks. In a distributed environment, you must copy the updated file to each computer with tasks enabled for custom properties, and then restart the associated tasks on each computer. If the browser search is being used to search for custom properties, then the Enterprise Vault Application Pool in IIS Manager must also be restarted.

How to validate custom properties.xml


When Enterprise Vault is installed, customproperties.xsd is placed in the Custom Filter Rules folder. This is the XML schema for validating custom properties.xml. The schema file must be referenced in the CUSTOMPROPERTYMETADATA entry at the start of the custom properties.xml file, as follows:
<?xml version="1.0" encoding="UTF-8"?> <CUSTOMPROPERTYMETADATA xmlns:xsi="http://www.w3.org/2001/ XMLSchema-instance" xsi:noNamespaceSchemaLocation="customproperties.xsd">

The XML is validated when the associated task starts processing messages. If anything is invalid, the task stops and you must correct any errors before restarting the task. To avoid disrupting tasks because of syntactic errors, it is a good idea to validate your XML file before it is accessed by the tasks. You could use a third party tool, such as xsdvalidator:
http://apps.gotdotnet.com/xmltools/xsdvalidator/Default.aspx

When using the tool, specify the namespace as:


x-schema:customproperties.xsd

Note: All the XML tags and predefined values shown in upper case in this document are case sensitive and must be entered as upper case in the file. Values entered should also be treated as case sensitive.

Configuring custom properties Additional properties

523

Additional properties
In the <CUSTOMPROPERTIES> section of custom properties.xml, you define the additional message properties that you want Enterprise Vault to evaluate or index. For Exchange Server messages, you define MAPI properties. You can also define additional Domino server properties.

MAPI properties
Before MAPI properties can be defined in custom properties.xml, they must be defined in the MAPI subsystem. Currently, the Enterprise Vault custom properties feature supports only STRING and DOUBLE properties. Enterprise Vault supports single or multi-valued properties. In MAPI, properties are grouped by NAMESPACE. Typically, properties accessed by a particular application are defined in the same namespace. Each namespace is identified by a GUID. Each property is defined by its STRING ID and namespace GUID. For each property that you want to include, you will need the following details from the property definition in the MAPI subsystem:

If the property is a standard MAPI property, the Identifier part (bits 16 to 31) of the hexadecimal MAPI tag. For example, if the MAPI tag for the standard property is 0x0070001E, the Enterprise Vault NAME value would be 0x0070. If the property is a custom property, the GUID of the propertys namespace. If the property is a custom property, the propertys STRING ID. If the property is a named property, the ID will be a name.

You can use third party MAPI tools, such as OutlookSpy, to view the MAPI properties associated with mailbox items. Figure 41-1 shows how MAPI properties on a message are displayed in OutlookSpy.

524

Configuring custom properties Additional properties

Figure 41-1

Viewing MAPI properties

The selected property is the named property, "Keywords". This multi-valued property holds the Outlook categories assigned to the message. Details of the selected property are displayed on the right-hand side of the window. Note that the "Keywords" property is only used here as an example of a named MAPI property. You do not need to add it as a custom property, because it is already indexed in a default Enterprise Vault system. To make MAPI properties available to Enterprise Vault, you define them in the <CUSTOMPROPERTIES> section of custom properties.xml. The properties defined in this section can then be referenced in the content category and presentation sections. Here is an example showing how properties can be defined:
<!-- 2. DEFINITION OF CUSTOM PROPERTIES AVAILABLE --> <CUSTOMPROPERTIES> <NAMESPACE TYPE="MAPI" GUID="{DA6007CD-01AA-408f-B7D3-6DA958A09583}"> <PROPERTY NAME="Author1" TAG="CaseAuthor"/> <PROPERTY NAME="Status1" TAG="CaseStatus"/> </NAMESPACE> <NAMESPACE TYPE="MAPI" GUID="{EF1A0001-01AA-408f-B7D3-6DA958A09583}"> <PROPERTY NAME="Author2" TAG="Client"/> </NAMESPACE> <NAMESPACE TYPE="MAPI"> <PROPERTY NAME="0x0070" TAG="Topic"/> </PROPERTY> <PROPERTY NAME="0x1035" TAG="MsgID"/> </PROPERTY>

Configuring custom properties Additional properties

525

</NAMESPACE> </CUSTOMPROPERTIES>

In this example there are three NAMESPACES. The first two define custom MAPI properties, so the GUID of the NAMESPACE is required. As the properties defined in the third NAMESPACE are standard MAPI properties, no GUID is required. The value of the TYPE attribute identifies the property type; in this example, the properties are MAPI properties. Within each NAMESPACE the properties are defined in PROPERTY elements using NAME and TAG values, as follows:

If the property is a custom named MAPI property, NAME is the STRING ID defined in the MAPI subsystem. The value is case sensitive and must match exactly the value in the MAPI subsystem. If the property is a standard MAPI property, NAME is the Identifier part (bits 16 to 31) of the hexadecimal MAPI tag. TAG identifies the property within Enterprise Vault. It can contain only alphanumeric characters (A-Z, a-z, or 0-9); spaces and underscore characters are not permitted. The value assigned to the property TAG must be unique within the XML file; although you can cross refer to the property using the TAG value, the same value cannot be used to identify any other entities in the file. If you want to select messages by matching the values of specific properties, you need to create a <NAMEDPROP> filter in the appropriate XML ruleset file and specify the TAG value defined here. See MAPI named properties filters on page 500.

Domino properties
To include custom Domino message properties in Enterprise Vault indexes, you define the required properties in custom properties.xml. In the Lotus Notes client, you can view Domino properties on a message as shown in Figure 41-2.

526

Configuring custom properties Additional properties

Figure 41-2

Viewing Domino message properties

To view Domino message properties

1 2 3

In the Lotus Notes client, right-click the message. Select Document Properties in the menu. Select the Fields tab in the dialog that is displayed. The property names are listed in the left-hand pane. When you select a property in the left-hand pane, details of that property are displayed in the right-hand pane.

Making Domino message properties available to Enterprise Vault


To make Domino message properties available to Enterprise Vault, you define them in the <CUSTOMPROPERTIES> section of custom properties.xml. The properties defined in this section can then be referenced in the content category and presentation sections. The properties are grouped using the <NAMESPACE> element. Typically, properties accessed by a particular application are defined in the same namespace. This outline of the custom properties section shows how Domino properties are defined:
<!-- 2. DEFINITION OF CUSTOM PROPERTIES AVAILABLE -->

Configuring custom properties Content categories

527

<CUSTOMPROPERTIES> <NAMESPACE TYPE="LOTUS"> <PROPERTY NAME="Domino_prop_name" LOTUSTYPE="Domino_data_type" TAG="EV_prop_name"/> [<PROPERTY ... />] </NAMESPACE> </CUSTOMPROPERTIES>

The TYPE="LOTUS" identifies the property as a Domino property. Within each <NAMESPACE> element, the properties are defined in <PROPERTY> elements using NAME and TAG attributes, as follows:

In NAME="Domino_prop_name", the value is the property name displayed in the Lotus Notes document properties. The value is case sensitive and must match exactly the value displayed in the Lotus Notes client. LOTUSTYPE="Domino_data_type" identifies the property data type. The following types are supported: "TEXT", "NUMBER", "TIME". Enterprise Vault indexes "NUMBER" properties as integers. TAG identifies the property within Enterprise Vault. It can contain only alphanumeric characters (A-Z a-z 0-9); spaces and underscore characters are not permitted. The value assigned to the property TAG must be unique within the XML file; although you can cross refer to the property using the TAG value, the same value cannot be used to identify any other entities in the file.

Content categories
In the <CONTENTCATEGORIES> section of custom properties.xml, you define the content categories that you want to apply to filtered messages. A content category defines a group of settings that are to be applied to an item when it is archived. The settings can include the following:

The retention category to assign to the item The destination archive A list of the additional message properties that Enterprise Vault is to index

There can be more than one content category defined in the <CONTENTCATEGORIES> element. In ruleset files, the actions associated with a rule can include assigning a particular content category to messages that satisfy the rule. The content category definition

528

Configuring custom properties Content categories

in custom properties.xml provides the default settings for the content category. Some of these can be overridden for particular rules. See Assigning content categories in rules on page 529. The following example shows entries for a content category called Litigation:
<!-- 1. DEFINITION OF CONTENT CATEGORIES AVAILABLE --> <CONTENTCATEGORIES DEFAULT="Litigation"> <CONTENTCATEGORY NAME="Litigation" RETENTIONCATEGORY="Litigation" ARCHIVEID="15165263832890493848568161647.server1.local"> <INDEXEDPROPERTIES RETRIEVE="Y"> <PROPERTY TAG="CaseAuthor"/> <PROPERTY TAG="CaseStatus"/> </INDEXEDPROPERTIES> </CONTENTCATEGORY> </CONTENTCATEGORIES>

<CONTENTCATEGORIES></CONTENTCATEGORIES> defines the content category section in the file. The DEFAULT attribute specifies the content category to be used as the default. This default applies to all types of archiving enabled for custom filtering. This attribute is optional, if custom filtering is used, but mandatory if there are no ruleset files (unless the registry setting IGNORENODEFAULT is configured). If filters are configured in ruleset files and a default content category is specified, any item that does not match any rules will be archived according to the settings in the default content category. If no default content category is specified, then a content category will only be applied to an item if specified by a matching rule in a filter ruleset file. If no applicable ruleset files exist, then you must specify a default content category using the DEFAULT attribute in the <CONTENTCATEGORIES> element in custom properties.xml. The settings in the content category are then applied to all messages archived (unless the registry setting IGNORENODEFAULT is configured). The actions of archiving tasks are determined by combinations of ruleset files, custom properties, content categories and the registry setting IGNORENODEFAULT. The <CONTENTCATEGORY> element defines a particular content category. There must be at least one content category defined. The content category NAME is used to identify this content category in the presentation section of the file, rules in custom filter ruleset files and external

Configuring custom properties Content categories

529

subsystems, such as the Enterprise Vault Indexing service. The name must have at least five characters, which can include alphanumeric characters only (A-Z a-z 0-9); space and underscore characters are not permitted. If the content category is included in the presentation section of the file, it will be possible to search on the content category name in order to find all items archived using this particular content category.

RETENTIONCATEGORY is optional and enables you to assign a retention category to each item archived using this content category. The retention category must already exist in Enterprise Vault. ARCHIVEID is optional and enables you to specify a destination archive for the item. The archive must exist and be enabled. To find the ID of an archive, display the archive properties in the administration console and click the "Advanced" tab. The <INDEXEDPROPERTIES> element is mandatory and groups the additional properties that Enterprise Vault is to index. The RETRIEVE attribute (optional) determines whether or not the defined properties should be returned with archive search results. By default, the properties are not displayed with search results (RETRIEVE="N"). A <PROPERTY> element is required for each additional property to be indexed. The TAG value must match the associated Enterprise Vault TAG value specified in the custom properties section. See Additional properties on page 523.

Assigning content categories in rules


The preferred way to specify the actions to be taken for messages that match a filter rule is to assign a content category in the rule, in the ruleset file. You define the default settings included in a content category in the content categories section of custom properties.xml. In the ruleset file, you assign a content category as follows:
<RULE NAME="Example rule" ACTION="ARCHIVE_ITEM" CONTENTCATEGORY="content_category_name"> <message attribute filters> </RULE>

The value of "content_category_name" is the name of the required content category as specified in custom properties.xml. In the ruleset file, content categories can only be assigned when ACTION="ARCHIVE_ITEM".

530

Configuring custom properties Content categories

How to override default content category settings


A rule can assign a content category and override some of the default content category settings. For example, if you have a content category that defines all the custom properties to index, a retention category and a destination archive, different rules can assign the content category but override values for the archive or retention category, as required. For example, if a content category called Litigation is defined in custom properties.xml as follows:
<CONTENTCATEGORY NAME="Litigation" RETENTIONCATEGORY="Litigation" ARCHIVEID="15165263832890493848568161647.server1.local"> <INDEXEDPROPERTIES RETRIEVE="Y"> <PROPERTY TAG="AUTHOR01"/> <PROPERTY TAG="CASESTATUS"/> </INDEXEDPROPERTIES> </CONTENTCATEGORY>

It can be referenced in a ruleset file as follows:


<RULE NAME="Example rule1" ACTION="ARCHIVE_ITEM" CONTENTCATEGORY="Litigation"> <message attribute filters> </RULE> <RULE NAME="Example rule2" ACTION="ARCHIVE_ITEM" CONTENTCATEGORY="Litigation" ARCHIVEID="1516526383289049384890493848.server2.local"> <message attribute filters> </RULE>

Additional properties defined in the content category will be indexed with both rules. The second rule uses the same content category, but items that match this rule will be stored in a different archive. Note: Before you alter an existing configuration, make sure that you understand what default behavior has been configured for each type of archiving. Check the DEFAULT content category attribute in custom properties.xml and the IGNORENODEFAULT registry setting. See Control of default settings on page 515.

Configuring custom properties Defining how properties are presented in applications

531

Defining how properties are presented in applications


The presentation section of the file, <PRESENTATION>, defines how available content categories and custom properties are presented to external applications, such as an archive search engine. Separating the presentation of properties from the underlying property definitions enables flexible mapping of custom property details onto a user interface. This also facilitates the support of multiple languages. To access the custom property information in the custom properties.xml file, external applications must use the custom filter and property API. See the Enterprise Vault Application Programmers Guide. Entries in the presentation section define the following:

Custom properties available for displaying by the named application How properties are to be grouped and displayed in the application Content categories available to the application How each content category should be displayed in the application

Presentation information can be defined for each application that will require access to custom properties in archived items. Here is an example of a presentation section (partially completed) that shows how to define how custom properties are displayed in the Enterprise Vault browser search application:
<!-- 3. DEFINITION OF PRESENTATION PROPERTIES AVAILABLE --> <PRESENTATION> <APPLICATION NAME="search.asp" LOCALE="1033"> <FIELDGROUPS> <FIELDGROUP LABEL="Case Properties"> <FIELD TAG="CaseAuthor" LABEL="Author" CATEGORY="Litigation"> </FIELD> <FIELD TAG="CaseStatus" LABEL="Status" CATEGORY="Litigation"> </FIELD> </FIELDGROUP> <FIELDGROUP LABEL="Client Properties"> <FIELD TAG="Client" LABEL="Client Name" CATEGORY="ClientAction"> </FIELD> <FIELD TAG="Topic" LABEL="Message Topic" CATEGORY="ClientAction"> </FIELD> </FIELDGROUP>

532

Configuring custom properties Defining how properties are presented in applications

</FIELDGROUPS> <AVAILABLECATEGORIES> <AVAILABLECATEGORY CONTENTCATEGORY="Litigation" LABEL="Litigation"> </AVAILABLECATEGORY> <AVAILABLECATEGORY CONTENTCATEGORY="ClientAction" LABEL="Client Action"> </AVAILABLECATEGORY> </AVAILABLECATEGORIES> </APPLICATION> <APPLICATION NAME="mysearch.asp" LOCALE="1041"> <FIELDGROUPS> <FIELDGROUP LABEL="..."> <FIELD TAG="CaseAuthor" LABEL="..." CATEGORY="Litigation"></FIELD> <FIELD TAG="CaseStatus" LABEL="..." CATEGORY="Litigation"></FIELD> </FIELDGROUP> <FIELDGROUP LABEL="..."> <FIELD TAG="Client" LABEL="..." CATEGORY="ClientAction"></FIELD> <FIELD TAG="Topic" LABEL="..." CATEGORY="ClientAction"> </FIELD> </FIELDGROUP> </FIELDGROUPS> <AVAILABLECATEGORIES> <AVAILABLECATEGORY CONTENTCATEGORY="Litigation" LABEL="..."> </AVAILABLECATEGORY> <AVAILABLECATEGORY CONTENTCATEGORY="ClientAction" LABEL="..."> </AVAILABLECATEGORY> </AVAILABLECATEGORIES> </APPLICATION> </PRESENTATION>

The example shows entries for two applications the US English (locale "1033") version of the Enterprise Vault browser search and a Japanese (locale "1041") version of a proprietary application. In this particular case, the same elements and attributes have been specified for both applications, but the LABEL values for the second application (omitted in the example) would be in Japanese. Note the following:

The properties available to each application are grouped using the <APPLICATION> element. The NAME attribute identifies the application. The value of the LOCALE attribute is defined by the calling application. The Enterprise Vault browser search uses the standard Microsoft Locale ID for the

Configuring custom properties Defining how properties are presented in applications

533

language that the application will use: 1033 represents US English. The second application in the example, mysearch.asp, also uses the Microsoft Locale ID; 1041 represents Japanese. In the Web search page, custom properties are displayed in groups defined by their content category; that is, when a particular content category is selected, the custom properties with that content category are displayed. Note the following:

The <FIELDGROUPS> element is used to define all the groups of custom properties to be displayed. Each group is defined in a <FIELDGROUP> element. The LABEL attribute gives the title that will be displayed in the application for the group of properties. The value of the LABEL attribute must be unique in the application. <FIELD> elements define each property to be displayed in the group. The value of the TAG attribute identifies the property to be displayed. The value specified here must match the associated TAG value of the property in the <CUSTOMPROPERTIES> section of the file. The value of the CATEGORY attribute identifies the content category with which this property is to be associated. When the user selects this content category in the search criteria, a box for this property will be displayed. The value specified for CATEGORY must match the associated NAME for the content category in the content category section of the file. Also, CATEGORY must be one defined in the <AVAILABLECATEGORIES> element. TAG must be unique in the <FIELDGROUP> and the TAG/CATEGORY combination must be unique within the <APPLICATION> element. LABEL defines the name that you want displayed in the user interface for the custom property. <AVAILABLECATEGORIES> groups the content categories that are to be available for selection in the application. Each content category is defined using the <AVAILABLECATEGORY> element; the value of the CONTENTCATEGORY attribute must match the name of the content category specified in the content category section of the file. The LABEL attribute defines the name you want displayed for the content category in the user interface.

How to display custom properties in the browser search


The Enterprise Vault browser search application uses the custom filter and properties API to access custom properties defined in the custom properties.xml file. This section shows how the example presentation section entries would be displayed in the US English version of this application.

534

Configuring custom properties Defining how properties are presented in applications

Figure 41-3 shows the Enterprise Vault browser search with the example custom properties and content categories displayed. Figure 41-3 Example presentation properties displayed in the browser search page

The "Content Category" dropdown box shows the content categories available to be used in searches. These were defined using the <AVAILABLECATEGORIES> element. You can change the content categories listed in the dropdown box, but you cannot change or hide the label, "Content Category". Selecting a content category in the box and clicking "Search" will return all items that were archived with the selected content category. The "Case Properties" and "Client Properties" sections display each group of custom properties (FIELDGROUP) associated with the selected content category. Entering a value for a custom property and clicking "Search" will search the custom property index entry of archived items. To see the additional property details in the search results, "Details" must be set to "Full". If the user selects a different content category, the custom properties available will change. As RETRIEVE="Y" was set in the definition of the "Litigation" content category, and "Details" was set to "Full" on the Search page, custom properties in search result items will be displayed at the end of the list of normal message attributes.

Configuring custom properties Summary of custom property elements and attributes

535

Figure 41-4

Custom properties displayed in search results

Note the following on displaying custom properties in browser search:


You must include the LOCALE attribute. If custom properties are to be used in the Enterprise Vault browser search, Internet Explorer security settings must allow cookies for the Enterprise Vault server site. When changes are made to the custom property configuration, you need to restart the Enterprise Vault Application Pool in IIS Manager. If the contents of the custom properties.xml file is changed, searches may return different results. For example, if an item is indexed using one content category and the properties included in the content category are changed, the custom properties returned by subsequent searches will be different. To ensure you can still search on the original properties, leave the original content category and create a new one.

Summary of custom property elements and attributes


Table 41-3 summarizes all elements and attributes in custom properties.xml. The value in the "Mandatory" column assumes that the IGNORENODEFAULT registry setting is not used. Table 41-3 Element
CONTENTCATEGORIES

XML elements and attributes in the custom properties.xml file Mandatory


Yes

Attribute

Description
Defines the content category section of the file.

536

Configuring custom properties Summary of custom property elements and attributes

Table 41-3

XML elements and attributes in the custom properties.xml file (continued) Mandatory
No

Element

Attribute
DEFAULT=

Description
Value is the name of the content category to be used as default. Required if custom properties in all items are to be indexed. Defines a group of settings that are to be assigned to an archived item. Value is a unique name to identify category to ruleset and presentation interface. Value is a retention category to be assigned to the archived item. retention category must exist in Enterprise Vault. Value is the ID of the archive to store the item in. Value can be found in the properties of the archive in the Enterprise Vault Administration Console. Defines a set of additional properties in the content category. Value is "Y" or "N". Indicates whether or not properties in this set should appear in the search results. Default is "N". Defines an additional property to index for items that are assigned this content category. Value is the Enterprise Vault TAG of the property. Defines the custom property section of the file. Defines a NAMESPACE that contains a group of custom properties.

CONTENTCATEGORY

Yes

NAME=

Yes

RETENTIONCATEGORY=

No

ARCHIVEID=

No

INDEXEDPROPERTIES

Yes

RETRIEVE=

No

PROPERTY

Yes

TAG=

Yes

CUSTOMPROPERTIES

Yes

NAMESPACE

Yes

Configuring custom properties Summary of custom property elements and attributes

537

Table 41-3

XML elements and attributes in the custom properties.xml file (continued) Mandatory
Yes

Element

Attribute
TYPE=

Description
Type of property. Value can be "MAPI " or "LOTUS". MAPI properties only. Value is identity of NAMESPACE to external applications. Defines a custom property. If the property is a custom MAPI property, value is the STRING ID defined in the MAPI subsystem. The value is case sensitive and must match exactly the value in the MAPI subsystem. If the property is a standard MAPI property, value is the Identifier part (bits 16 to 31) of the hexadecimal MAPI tag. If the property is a Domino property, value is the identity of the property as displayed in message properties in the Lotus Notes client. Value must be unique in NAMESPACE.

GUID=

Yes

PROPERTY NAME=

Yes Yes

LOTUSTYPE=

Yes

Value is the Domino property data type: "TEXT", "NUMBER" or "TIME". TAG identifies the property within Enterprise Vault. It can contain only alphanumeric characters (A-Z a-z 0-9); spaces and underscore characters are not permitted. The value must be unique within the XML file. TAG value is the property name that will be stored in the index.

TAG=

Yes

PRESENTATION

Yes

Defines the presentation property section of the file.

538

Configuring custom properties Summary of custom property elements and attributes

Table 41-3

XML elements and attributes in the custom properties.xml file (continued) Mandatory
Yes

Element
APPLICATION

Attribute

Description
Defines a group of fields for use by a named application. Value is the name of the application that will use the fields in this definition. The value depends on what the calling application requires to define the language. The Enterprise Vault browser search uses standard Microsoft Locale ID number that the application will run under. (Currently only "1033", US English, is supported for displaying custom properties in the browser search.) Define the field groups available to the application. A logical grouping of fields for the presentation interface. Value will be presented to the application for this field group. The label must be unique within the application. Defines a field that will reference a custom property. Value will be displayed on the application user interface to represent this custom property. Value is the name of a content category listed in AVAILABLECATEGORIES for the application. Value is the TAG of a custom property. The tag must be unique in the FIELDGROUP.

NAME=

Yes

LOCALE=

Yes

FIELDGROUPS

Yes

FIELDGROUP

Yes

LABEL=

No

FIELD

Yes

LABEL=

Yes

CATEGORY=

Yes

TAG=

Yes

Configuring custom properties Summary of custom property elements and attributes

539

Table 41-3

XML elements and attributes in the custom properties.xml file (continued) Mandatory
Yes

Element
AVAILABLECATEGORIES

Attribute

Description
Define which content categories are available to the application. Defines a content category. Value defines how the content category is to appear in the user interface. Value is the NAME of the required content category as specified in the Content Category section of the file.

AVAILABLECATEGORY LABEL=

Yes Yes

CONTENTCATEGORY=

Yes

540

Configuring custom properties Summary of custom property elements and attributes

Section

10

Clustering Enterprise Vault with VERITAS Cluster Server

Introducing clustering with VCS Installing and configuring VERITAS Storage Foundation HA Configuring the service group Running the Enterprise Vault Configuration wizard Implementing an SFW HA-VVR disaster recovery solution Troubleshooting clustering with VCS

542

Chapter

42

Introducing clustering with VCS


This chapter includes the following topics:

Supported VCS configurations and software About the VCS GenericService agent Typical Enterprise Vault configuration in a VCS cluster Installation order

Supported VCS configurations and software


Both active/passive and N+1 configurations are supported, but active/active configurations are not. In an active/passive configuration, a dedicated spare server is available for each Enterprise Vault server, ready and waiting for the primary server to go down. In an N+1 configuration, there is a computer for each Enterprise Vault server and then one or more spare servers waiting for any of the active servers to fail over. The following software must be installed:

VERITAS Storage Foundation HA for Windows, version 4.3 MP1 or later Enterprise Vault Windows Server 2003

Note that Compliance Accelerator and Discovery Accelerator are not supported within a cluster. However, an unclustered Compliance Accelerator or Discovery Accelerator can reference a clustered Enterprise Vault virtual server.

544

Introducing clustering with VCS About the VCS GenericService agent

About the VCS GenericService agent


VCS uses the GenericService agent to monitor the Enterprise Vault services on different nodes based on the information in the Enterprise Vault Directory database. The agent brings online the following services, monitors their status, and takes them offline:

Admin service Directory service Indexing service Shopping service Storage service Task Controller service

See the VERITAS Cluster Server Bundled Agents Reference Guide for detailed information on the GenericService agent, including the resource type definitions, attribute definitions, and sample configurations. The GenericService agent detects an application failure if a configured service is not running. When this happens, the Enterprise Vault service group is failed over to the next available system in the service groups system list, and the services are started on the new system. This ensures continuous availability for the data that Enterprise Vault is managing and archiving.

Typical Enterprise Vault configuration in a VCS cluster


Figure 42-1 illustrates a typical configuration.

Introducing clustering with VCS Installation order

545

Figure 42-1

Active/passive failover configuration


SQL Server

VCS private network

System 1

System 2

Enterprise Vault data Shared disks/cluster disk groups Public network

Here, the volumes for the Enterprise Vault services data are configured in a cluster disk group on shared storage. The Enterprise Vault virtual server is configured on the active node (System 1). If System 1 fails, System 2 becomes the active node, and the Enterprise Vault virtual server comes online on System 2.

Installation order
The order in which you install and configure the various components in a clustered environment is important, as follows:

Ensure that all prerequisite components have been installed on each of the cluster nodes Complete the installation and configuration of VERITAS Storage Foundation HA with VCS Install Enterprise Vault Server components on all the nodes in the cluster Configure disk groups and volumes Configure the Enterprise Vault service group Run the Enterprise Vault cluster configuration wizard Test that the nodes in the cluster fail over correctly

546

Introducing clustering with VCS Installation order

Chapter

43

Installing and configuring VERITAS Storage Foundation HA


This chapter includes the following topics:

About this chapter Installing and configuring SFW HA Managing disk groups and volumes

About this chapter


This chapter outlines the steps required to install and configure VERITAS Storage Foundation HA for Windows (SFW HA) with Enterprise Vault. You can also implement a disaster recovery solution. See About the SFW HA-VVR disaster recovery solution on page 569.

Installing and configuring SFW HA


Except where noted, you can get detailed instructions on how to perform the steps outlined in this section from the VERITAS Storage Foundation and High Availability Solutions Guide. To install and configure SFW HA

Install SFW HA 4.3 or later on each node that is to be a part of the cluster. There are several stages to this process:

548

Installing and configuring VERITAS Storage Foundation HA Managing disk groups and volumes

Review the product installation requirements, disk space requirements, and requirements for SFW HA. Configure the network and storage. Install SFW HA.

If you have installed SFW HA 4.3, upgrade to 4.3 MP1. For detailed instructions, see the VERITAS Storage Foundation and High Availability Solutions 4.3 Maintenance Pack (MP) 1 Release Notes. Configure the cluster by running the VCS Configuration wizard. Install Enterprise Vault on all systems in the cluster. Configure the disk group and volumes from the first node. You must create shared volumes to store the following:

3 4 5

Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas

We also recommend that you create separate volumes to store the MSMQ and registry replication data.

Mount the volumes on the system where you will configure the Enterprise Vault service group. See Managing disk groups and volumes on page 548.

Configure the Enterprise Vault service group. See About configuring the service group on page 551.

Run the Enterprise Vault Configuration wizard to create the Enterprise Vault services and resources. See About the Enterprise Vault Configuration wizard on page 557.

Verify the cluster configuration and test the failover capability.

Managing disk groups and volumes


This section describes how to perform the following activities:

Importing a dynamic disk group Mounting a shared volume

Installing and configuring VERITAS Storage Foundation HA Managing disk groups and volumes

549

Unmounting a volume and deporting a disk group

While you set up an SFW HA environment, keep the following points in mind:

You must mount the volumes on the system where you will configure the Enterprise Vault service group. When a disk group is initially created, it is imported on the node where it is created. A disk group can be imported on one node only at a time. To move a disk group from one node to another, unmount the volumes in the group, deport the group from its current node, import it to a new node, and mount the volumes.

To import a dynamic disk group

1 2

Start the VERITAS Enterprise Administrator. Right-click a disk name in the dynamic disk group or the dynamic disk group name in the tree view, and then click Import Dynamic Disk Group on the context menu. Follow the on-screen instructions.

To mount a volume

1 2 3 4

If you have yet to do so, open the VERITAS Enterprise Administrator and import the dynamic disk group. Right-click the volume, and then click File System > Change Drive Letter and Path. In the Drive Letter and Paths dialog box, click Add. Select one of the following options, depending on whether you want to assign a drive letter to the volume or mount it as a folder.
To assign a drive letter. Click Assign a Drive Letter, and then choose the required letter. Click Mount as an empty NTFS folder, and then click Browse to locate an empty folder on the shared disk.

To mount the volume as a folder.

Click OK.

550

Installing and configuring VERITAS Storage Foundation HA Managing disk groups and volumes

To unmount a volume and deport the dynamic disk group

1 2 3 4 5

In the VERITAS Enterprise Administrator, right-click the volume and then click File System > Change Drive Letter and Path. In the Drive Letter and Paths dialog box, click Remove. Click OK. Right-click the disk, and then click Deport Dynamic Group. Click Yes to confirm that you want to deport the disk group.

Chapter

44

Configuring the service group


This chapter includes the following topics:

About configuring the service group Before you begin Creating a service group Modifying an existing service group Deleting a service group

About configuring the service group


In VCS, a service group represents a virtual server. Each service group contains a set of resources, which you can bring online or offline when a group fails over to another node in the cluster. You can arrange a combination of these resources to make a complete Enterprise Vault server. These resources include the following:

IP address Computer name (Lanman resource) MSMQ Disk/storage (MountV and DiskGroup resources) Service resources

Before you can configure Enterprise Vault in a cluster, you must configure a service group to represent the Enterprise Vault server. VCS provides several ways

552

Configuring the service group Before you begin

to configure a service group, including the Enterprise Vault Cluster Setup wizard, Cluster Manager (both Java Console and Web Console), and the command line. This chapter describes how to configure a service group with the Enterprise Vault Cluster Setup wizard.

Before you begin


Before you configure an Enterprise Vault service group, do the following:

Verify your DNS server settings. You must ensure that a static DNS entry maps the virtual IP address with the virtual server name. Refer to the appropriate DNS document for more information. Verify that the Command Server is running on all systems in the cluster. Verify that the VERITAS High Availability Daemon (HAD) is running on the system from where you will run the Enterprise Vault Cluster Setup wizard. Ensure that you have Cluster Administrator privileges. You must also be a Local Administrator on the node where you run the wizard. Verify that MSMQ is installed locally on each node. Mount the shared volumes that you have created to store the following:

Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas

Unmount the volumes from other nodes in the cluster.

Creating a service group


Note that the Enterprise Vault Cluster Setup wizard is available from the Windows Start menu if you install Enterprise Vault after you install VCS. If you install Enterprise Vault first, you must separately install the wizard. To do this, locate and run the file Enterprise Vault Cluster Setup Wizard.msi. To create the service group

1 2

Start the Enterprise Vault Cluster Setup Wizard. Review the information in the Welcome page, and then click Next to display the Wizard Options page.

Configuring the service group Creating a service group

553

3 4 5

Click Create service group, and then click Next to display the Service Group Configuration page. In the Service Group Name box, type a name for the group, such as EVGRP1. Move to the Systems in Priority Order box those systems on which you want to configure the service group. If you want to change the priority of the systems in the Systems in Priority Order box, click a system and then click the up-arrow or down-arrow button.

6 7

Click Next to validate the configuration and display the Virtual Server Configuration page. Complete the fields by following these steps in the order listed:

In the Virtual Server Name box, type the server name that you mapped to the virtual IP address when you set up the static DNS entry. In the Virtual IP address box, type the address that you mapped to the virtual server. This should be in the same subnet as the current computer, but it should not currently be in use on the network. Enter the subnet mask to which the virtual server belongs. For each system in the cluster, select the public network adapter name. The wizard lists all the TCP/IP-enabled adapters on the system, including the private network adapters if they are TCP/IP enabled. Be sure to select the adapters to assign to the public network, and not those assigned to the private network. Click Advanced to specify details for the Lanman resource. You must select the distinguished name of the organizational unit for the virtual server. By default, the Lanman resource adds the virtual server to the default container Computers. The user account for VCS Helper service must have adequate privileges on the specified container to create and update computer accounts.

In the Virtual Server Configuration page, click Next to display the MSMQ and RegRep Directory Details page. This page enables you to virtualize the MSMQ resource so that it can be accessed using its virtual name. This resource also ensures that the queue state is maintained after failover.

Complete the fields as follows:

In the MSMQ Directory field, enter the path to the required directory.

554

Configuring the service group Creating a service group

In the Replication Directory field, enter the path to the registry replication directory. The replication data contains a list of the registry keys to replicate.

We recommend that you configure the MSMQ and replication directories on different volumes.

10 Click Next to display the Storage Location Details page.


This page lets you select the volumes that you want to configure for Enterprise Vault services. A volume is available for selection only if you have configured it on the shared disk. The available volumes do not include those that you selected in the previous page of the wizard, when specifying the storage locations for MSMQ and registry replication.

11 In the Available Volumes box, select each volume on which you have
configured the services and then click the right-arrow button to move it to the Selected Volumes box. You must select the volumes that you configured for each of the following:

Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas

12 Click Next to display the Service Group Summary page. 13 Review your configuration. If you want to modify an attribute name for any
reason, follow these steps in the order listed:

Click the resource, and then click the attribute that you want to modify. Click the Edit icon at the end of the table row. In the Edit Attribute dialog box, enter the attribute values. Click OK. Repeat the procedure for each resource and attribute.

14 Click Next to display the Completion page. 15 Click Bring the service group online, and then click Finish.
When you have finished adding the service group, check that it can fail over between nodes without error.

Configuring the service group Modifying an existing service group

555

Modifying an existing service group


Table 44-1 lists the items that you can modify in a service group. Table 44-1 Item
System list

Modifiable service group items Notes


You can add nodes to or remove them from the cluster. If you want to remove a node, make sure that it is not the active one. You can add or remove volumes. If you remove a volume on which an Enterprise Vault service is configured, the service ceases to be highly available and is not monitored. You can change the virtual IP address if the service group is offline. You cannot change the virtual server name, which is fixed when you create the service group.

Volumes

Virtual IP

You can modify an Enterprise Vault service group in several ways, including the Enterprise Vault Cluster Setup Wizard, Cluster Manager (both Java Console and Web Console), and the command line. The following steps describe how to modify the service group with the Enterprise Vault Cluster Setup Wizard. Before you proceed, note the following:

You must run the wizard from a node on which the service group is online. You can then use the wizard to add resources to or remove them from the configuration. You must take the service group partially offline to change the resource attributes. However, the MountV and VMDg resources for the service group should be online on the node where you run the wizard and offline on all other nodes. Mount all the volumes created to store Storage service data (vault stores), registry replication information, Shopping service data, Indexing data and MSMQ data. If you want to modify the system list or volumes, the service group must be online.

To modify an existing service group

1 2

Start the Enterprise Vault Cluster Setup Wizard. Review the information in the Welcome page, and then click Next to display the Wizard Options page.

556

Configuring the service group Deleting a service group

3 4

Click Modify service group, and then click Next. Follow the instructions to modify the service group. Note that if you add a system to an online service group, any resources with local attributes may briefly have a status of UNKNOWN. After you add the new node to the group, run the Enterprise Vault Configuration Wizard on this node to configure the Enterprise Vault services for it.

Deleting a service group


Follow the steps below to delete a service group with the Enterprise Vault Cluster Setup wizard. To delete an Enterprise Vault service group

1 2 3 4 5 6

Start the Enterprise Vault Cluster Setup Wizard. Review the information in the Welcome page, and then click Next to display the Wizard Options page. Click Delete service group, and then click Next. In the Service Group Summary page, click Next. When the wizard prompts you to confirm that you want to delete the service group, click Yes. Click Finish.

Chapter

45

Running the Enterprise Vault Configuration wizard


This chapter includes the following topics:

About the Enterprise Vault Configuration wizard Before you begin Setting up an active/passive configuration Setting up an N+1 configuration

About the Enterprise Vault Configuration wizard


The Enterprise Vault Configuration wizard provides options for setting up Enterprise Vault in a cluster. This chapter describes the options that you must select to do this.

Before you begin


Before you run the Enterprise Vault Configuration wizard, ensure the following:

The Enterprise Vault service group exists and is online on the node from which you want to run the wizard. See About configuring the service group on page 551. You have installed VSFW HA 4.3 MP1 or later.

558

Running the Enterprise Vault Configuration wizard Setting up an active/passive configuration

Setting up an active/passive configuration


As well as describing how to set up cluster support in a first-time installation of Enterprise Vault, this section describes how to upgrade an existing, standard installation of Enterprise Vault to a clustered environment.

Adding cluster support in a first-time Enterprise Vault installation


You must run the Enterprise Vault Configuration wizard on each node of the cluster. On the first node, choose the option to "Create a new Enterprise Vault server with cluster support". On each additional node, choose the option to "Add this node as a failover node for an existing clustered server". Note: If during the running of the configuration wizard you receive an error related to the configuring of the Enterprise Vault Monitoring database, complete the configuration wizard and refer to Troubleshooting configuration of the Monitoring database. To create a new Enterprise Vault server with cluster support

On the Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration). The first page of the wizard appears.

2 3

Click Create a new Enterprise Vault server with cluster support, and then click Next. Follow the on-screen instructions. When the wizard prompts you for the DNS alias for the vault site, enter a DNS alias that points to the virtual server name. In addition, take care to review the storage locations for the Indexing and Shopping services, when the wizard prompts you to do so.

4 5

In the Finish page, click Bring all the resources online, and then click Finish. After you have configured the server on the first node, run the wizard from each additional node that you want to configure as a failover node. Note that the path to the Enterprise Vault program folder must be the same on all nodes in the cluster. This is typically C:\Program Files\Enterprise Vault. If the path varies from one node to another, problems can occur during failover.

Running the Enterprise Vault Configuration wizard Setting up an active/passive configuration

559

To add a failover node for an existing clustered server

1 2 3

On the Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration. Click Add this node as a failover node for an existing clustered server, and then click Next. Follow the on-screen instructions. When the wizard prompts you for the name of the service group to which you want to add the node, select the name of the service group that you chose for the first node.

In the summary page, review the information, and then click Next. The wizard informs you that it will create the Enterprise Vault service group on the new node.

5 6

In the Finish page, click Finish to exit the wizard. Check that you can bring the resources online on the failover node. You can do this with Cluster Explorer, by clicking Switch To on the context menu.

Troubleshooting configuration of the Monitoring database


If during the running of the configuration wizard you receive errors indicating that configuring of the Enterprise Vault Monitoring database has failed, complete the configuration wizard and then run the Monitoring Configuration Utility to configure the Monitoring database and the Monitoring agents manually. For information on how to do this, see the following Enterprise Vault TechNote on the Symantec Support Web site: http://entsupport.symantec.com/docs/287449. The TechNote also describes how to troubleshoot issues with Monitoring agents.

Upgrading an existing Enterprise Vault installation to a cluster


There are two types of Enterprise Vault installation that you can upgrade to a cluster: a single, non-clustered Enterprise Vault server, and a building blocks configuration that contains multiple Enterprise Vault servers. To be eligible for upgrade to a cluster, the Enterprise Vault installation must have the following features:

Enterprise Vault should already be configured in a non-clustered configuration, and it must not already be part of a cluster. Enterprise Vault must be configured using DNS aliases rather than fully qualified names.

560

Running the Enterprise Vault Configuration wizard Setting up an active/passive configuration

The Enterprise Vault server must have a full set of Indexing, Shopping, Task Controller and Storage services. However, it must not contain the SharePoint Portal Server 2001 service, as this is not supported in a cluster. In a building blocks environment, an Enterprise Vault server that is hosting services must not be running in failover mode.

To upgrade an existing installation to a clustered Enterprise Vault environment

Run the Enterprise Vault Cluster Setup wizard to create an Enterprise Vault cluster service group and add to the group the server that you are going to configure. Ensure that the following items are all on highly-available shared storage devices.

Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas

If they are not, correct the locations in the Enterprise Vault Directory database and then move the associated data to the new locations. See Moving data to highly-available locations on page 561.

3 4 5

On the Windows Start menu, click All Programs > Enterprise Vault > Convert to Cluster. Read the introductory information, and then click Next. When the wizard prompts you to confirm that all locations are highly available shared storage devices, check the box at the bottom of the page and then click Next. If the wizard detects that there are messages in the Enterprise Vault MSMQ queues, choose whether to proceed with the conversion without migrating them to the clustered MSMQ queues. Wait until the queues have cleared and then rerun the Convert to Cluster wizard. Any messages that are still in the queues are ignored in the new cluster. To accelerate the process of clearing the queues, stop the Task Controller service and ensure that File System Archiving is not performing an archiving run.

When the wizard prompts you to choose a service group in which to create the cluster resources for each Enterprise Vault service, select the group that you created earlier.

Running the Enterprise Vault Configuration wizard Setting up an active/passive configuration

561

8 9

Click Next to create the cluster resources, and then review the list of actions that the wizard has carried out. Click Finish to close the wizard. the site alias and computer name alias to point to the virtual server name rather than the local name.

10 Using the DNS snap-in to the Microsoft Management Console (MMC), change

11 Use VERITAS Cluster Manager to bring the resources in the cluster online.

Moving data to highly-available locations


In outline, the procedure for moving the data to highly-available locations is as follows:

Stop the Indexing, Shopping, Storage, and Task Controller services. Make a backup copy of the Enterprise Vault Directory database and data files. Use the Vault Administration Console or run a SQL query against the Enterprise Vault directory to move the data, as described below.

IndexRootPathEntry Move the contents of this location to a highly available location. [IndexRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM IndexRootPathEntry WHERE (IndexRootPathEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE IndexRootPathEntry SET IndexRootPath = '<THE NEW LOCATION>' WHERE (IndexRootPathEntryId = '<ID FROM LOG FILE>')

PartitionEntry [AccountName]

Move the pool entry authorization (.pea) file to a highly available location. Use the Vault Administration Console to view the properties of the EMC Centera partition and then, on the Connection tab, edit the Pool Entry Authorization File Location box to point at the new location.

562

Running the Enterprise Vault Configuration wizard Setting up an active/passive configuration

PartitionEntry Move the contents of this location to a highly available location. [PartitionRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry WHERE (PartitionEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE PartitionEntry SET PartitionRootPath = <THE NEW LOCATION> WHERE (PartitionEntryId = '<ID FROM LOG FILE>')

PartitionEntry/Locations Move the secondary storage files to a highly available location. [SecondaryLocation] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry INNER JOIN Locations ON PartitionEntry.SecondaryLocation = Locations.LocationIdentity WHERE (PartitionEntry.PartitionEntryId = <ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE Locations SET Location = '<NEW LOCATION>' WHERE LocationIdentity = (SELECT SecondaryLocation FROM PartitionEntry WHERE PartitionEntryId = <ID FROM LOG FILE>')

Running the Enterprise Vault Configuration wizard Setting up an N+1 configuration

563

PartitionEntry Move the contents of this location to a highly available location. [StagingRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry WHERE (PartitionEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE PartitionEntry SET StagingRootPath = <THE NEW LOCATION> WHERE (PartitionEntryId = '<ID FROM LOG FILE>') PSTMigratorTask 1 [MigrationDirectory]

Move the contents of the location to a highly available location. Use the Vault Administration Console to view the properties of the PST Migrator Task and update the Temporary files folder.

ShoppingServiceEntry Move the contents of this location to a highly available location. [ShoppingRootPath] Use the Vault Administration Console to edit the Shopping service location to the new highly available location. SiteEntry Move the contents of the location to a highly available location. [PSTHoldingDirectory] Use the Vault Administration Console to view the site properties and update the PST Holding Folder property to point at the new location.

Setting up an N+1 configuration


As a cheaper alternative to setting up an active/passive cluster, you can set up an N+1 configuration in which there is a single spare node for the cluster. There are two basic types of N+1 configurations:

The clustered Enterprise Vault servers run on two nodes, and there is a shared spare node. The two Enterprise Vault servers are configured to run on any of the three nodes in the cluster.

The following sections describe how to set up Enterprise Vault in these two configurations.

564

Running the Enterprise Vault Configuration wizard Setting up an N+1 configuration

N+1 configuration option 1


Figure 45-1 illustrates a configuration in which there is a spare node in addition to the two nodes on which the Enterprise Vault servers are running. Figure 45-1 N+1 configuration option 1

NODEA EVSERVER1

Shared Disk

NODEC (SPARE)

NODEB (EVSERVER2)

Shared Disk

You configure the service group for EVSERVER1 to run on both NODEA and NODEC, and the service group for EVSERVER2 to run on both NODEB and NODEC. EVSERVER1 and EVSERVER2 are both virtual computer names from the service group. To set up this N+1 configuration

Mount the volumes on the system where you will configure the Enterprise Vault service group. See Managing disk groups and volumes on page 548.

On either NODEA or NODEC, run the Enterprise Vault Cluster Setup wizard and create a service group called EVSERVER1 for these two nodes.

Running the Enterprise Vault Configuration wizard Setting up an N+1 configuration

565

3 4

On either NODEB or NODEC, run the Enterprise Vault Cluster Setup wizard and create a service group called EVSERVER2 for these two nodes. Take the actions described below on NODEA and NODEB, depending on whether you are performing a first-time installation of Enterprise Vault or upgrading an existing installation. Node
NODEA

New installation
Run the Enterprise Vault Configuration wizard. Choose to configure a new Enterprise Vault server with cluster group for EVSERVER1. Run the Enterprise Vault Configuration wizard. Choose to configure a new Enterprise Vault server with cluster group for EVSERVER2.

Upgrade installation
Run the Convert to Cluster wizard. Choose to create the service resources in the EVSERVER1 service group.

NODEB

Run the Convert to Cluster wizard. Choose to create the service resources in the EVSERVER2 service group.

On NODEC, run the Enterprise Vault Configuration wizard and choose to add this node as a failover node for an existing clustered server. Select either service group. When you bring the service groups online on NODEA and NODEB, Cluster Explorer may falsely indicate a problem with the GenericService resources (their icons in the left pane may have question marks). This is because VCS assumes that each resource is simultaneously online on two nodes. You can ignore this situation.

N+1 configuration option 2


The second option involves configuring both EVSERVER1 and EVSERVER2 to run on any of three nodes. This has the advantage that if NODEB fails, the server moves to NODEC. NODEB can then be brought back online and act as a failover server for EVSERVER1 and EVSERVER2.

566

Running the Enterprise Vault Configuration wizard Setting up an N+1 configuration

Figure 45-2

N+1 configuration option 2


NODEA

Shared Disk for EVSERVER1

Shared Disk for EVSERVER2

NODEB

NODEC

To set up this N+1 configuration

Mount the volumes on the system where you will configure the Enterprise Vault service group. See Managing disk groups and volumes on page 548.

2 3

With the Enterprise Vault Cluster Setup wizard, create a service group for EVSERVER1 that contains nodes NODEA, NODEB, and NODEC. With the Enterprise Vault Cluster Setup wizard, create a service group for EVSERVER2 that contains nodes NODEA, NODEB, and NODEC.

Running the Enterprise Vault Configuration wizard Setting up an N+1 configuration

567

Take the actions described below on NODEA and NODEB, depending on whether you are performing a first-time installation of Enterprise Vault or upgrading an existing installation. Node
NODEA

New installation
Run the Enterprise Vault Configuration wizard. Choose to configure a new Enterprise Vault server with cluster group for EVSERVER1. Run the Enterprise Vault Configuration wizard. Choose to configure a new Enterprise Vault server with cluster group for EVSERVER2.

Upgrade installation
Run the Convert to Cluster wizard. Choose to create the service resources in the EVSERVER1 service group.

NODEB

Run the Convert to Cluster wizard. Choose to create the service resources in the EVSERVER2 service group.

On NODEC, run the Enterprise Vault Configuration wizard and choose to add this node as a failover node for an existing clustered server. Select either service group. Notice that the only difference in configuration between this option and option 1 is that, when you create the service groups, you must select all the nodes rather than a subset of the nodes. You can take a similar approach if you require your system to have more than one spare server (N+2, N+3, N+4, and so on). In each case, you must configure a node for each Enterprise Vault server and then add the spare nodes as failover nodes.

Disallowing two Enterprise Vault servers on the same node


You cannot run multiple Enterprise Vault service groups on the same node in a cluster. When configuring the cluster in an N+x configuration, you can stop this from happening by setting the Limits and Prerequisites attributes for every node, as described below. For more information on these steps, see the VERITAS Cluster Server Administrators Guide.

568

Running the Enterprise Vault Configuration wizard Setting up an N+1 configuration

To prevent two Enterprise Vault servers from running on the same node

1 2 3

Use VERITAS Cluster Manager to log on to the cluster. Click anywhere in the Cluster Monitor panel to open Cluster Explorer. For each node in the cluster, perform the following steps in the order listed:

In the configuration tree at the left, click the node whose attributes you want to edit. In the View panel, click the Properties tab. Click Show all attributes to open the Attributes View dialog box. Find the Limits attribute. Click the Edit icon at the right of the row. In the Edit Attribute dialog box, add a key called EnterpriseVault and give it a value of 1. Click OK to close the dialog box and return to the Attributes View dialog box. Repeat for the Prerequisites attribute on each Enterprise Vault service group.

When both the Limits and Prerequisites attributes have a key called EnterpriseVault with a value of 1, two Enterprise Vault servers cannot run on the same node.

Chapter

46

Implementing an SFW HA-VVR disaster recovery solution


This chapter includes the following topics:

About this chapter About the SFW HA-VVR disaster recovery solution

About this chapter


This chapter describes how to install and configure VSFW HA-VVR with Enterprise Vault. The steps are similar to those documented in the VERITAS Storage Foundation and High Availability Solutions Guide.

About the SFW HA-VVR disaster recovery solution


In this scenario,there is a source host on the primary site and a destination host on the secondary site. The application data is stored on the primary site and replicated to the secondary site by using the VERITAS Volume Replicator (VVR). The primary site provides data and services during normal operation. If a disaster occurs on the primary site and its data is destroyed, a secondary host can take over the role of the primary host to make the data accessible. The application can be restarted on that host. Figure 46-1 shows an SFW HA-VVR configuration.

570

Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution

Figure 46-1
Primary Site

SFW HA-VVR configuration


Secondary site

Internet

System1

System2

System1

System2

DB Log

DB Log

Data Replicator Log Replicator Log

Data Replicated Volumes

Original Volumes

This example has one disk group on each site for the application. Note that a VVR replicator log is needed on each site. If there are multiple disk groups, an additional replicator log is required for each one.

Installing and configuring SFW HA-VVR


To install and configure SFW HA-VVR, complete the following tasks in the order specified:

Set up the cluster on the primary site. Set up the cluster on the secondary site. Add the VVR components for replication. Add the Global Cluster Option (GCO) components for wide-area recovery.

The following sections describe these tasks in detail.

Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution

571

Setting up the cluster on the primary site


Complete the following steps to set up the cluster on the primary site. Except where noted, you can obtain more information on how to perform these steps from the chapter "Implementing an SFW HA-VVR Disaster Recovery Solution" in the VERITAS Storage Foundation and High Availability Solutions Guide. To set up the cluster on the primary site

Install SFW HA 4.3 or later on each node that is to be a part of the cluster on the primary site. There are several stages to this process:

Review the product installation requirements, disk space requirements, and requirements for SFW HA. Install Windows and configure the network settings. Install SFW HA on the primary site. Be sure to select the VVR and GCO options during the installation. Using the VVR Security Service Configuration wizard, configure the VERITAS Volume Replicator Security Service (VxSAS).

If you have installed SFW HA 4.3, upgrade to 4.3 MP1. For detailed instructions, see the VERITAS Storage Foundation and High Availability Solutions 4.3 Maintenance Pack (MP) 1 Release Notes. Configure the cluster by running the VCS Configuration wizard. Install Enterprise Vault. Configure the disk group and volumes. You must create shared volumes to store the following:

3 4 5

Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas

We also recommend that you create separate volumes to store the MSMQ and registry replication data.

Configure the VCS service group at the primary site. See About configuring the service group on page 551. See About the Enterprise Vault Configuration wizard on page 557.

Verify the cluster configuration, and test the failover capability.

572

Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution

Setting up the cluster on the secondary site


The process of setting up a cluster on the secondary site is similar to that on the primary site. Except where noted, you can obtain more information on how to perform these steps from the chapter "Implementing a SFW HA-VVR Disaster Recovery Solution" in the VERITAS Storage Foundation and High Availability Solutions Guide. To set up the cluster on the secondary site

1 2

Create a parallel environment on the secondary site. If you have installed SFW HA 4.3, upgrade to 4.3 MP1. For detailed instructions, see the VERITAS Storage Foundation and High Availability Solutions 4.3 Maintains Pack (MP) 1 Release Notes. Configure the cluster by running the VCS Configuration wizard. Install Enterprise Vault. Configure the disk groups and volumes on the secondary site. The disk group and volume setup on the secondary site must be identical to that on the primary site. The disks, disk groups, and volumes must be the same sizes, have the same names, and must be of the same type.

3 4 5

6 7

Configure the VCS service group at the secondary site, taking care to specify the same service group name that you specified on the primary site. Verify the cluster configuration, and test the failover capability.

Adding the VVR components for replication


This section provides information on configuring the VVR components for replication. You can obtain more information on how to perform these steps from the VERITAS Storage Foundation and High Availability Solutions Guide. To add the VVR components for replication

1 2

Create a replicator log volume at each site. Set up the replicated data sets for VVR on the hosts for the primary and secondary sites. Note that the Setup Replicated Data Set wizard lets you configure replicated data sets for both sites. Create the VVR RVG service group. You must run the Volume Replicator Agent Configuration wizard from the system that contains the application service group.

Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution

573

Adding the GCO components for wide-area recovery


You require the Global Cluster Option (GCO) components to manage global clustering for wide-area disaster recovery. For information on how to perform the steps below, see the chapter "Implementing a SFW HA-VVR Disaster Recovery Solution" of the VERITAS Storage Foundation and High Availability Solutions Guide. To add the GCO components for wide-area recovery

1 2 3 4

Ensure that your environment meets the requirements for global cluster operations. Link clusters by adding a remote cluster. Convert the local service group to a global group. Perform additional global cluster administration tasks.

574

Implementing an SFW HA-VVR disaster recovery solution About the SFW HA-VVR disaster recovery solution

Chapter

47

Troubleshooting clustering with VCS


This chapter includes the following topics:

VCS logging Enterprise Vault Cluster Setup wizard error messages Viewing the clustered message queues

VCS logging
VCS generates two error message logs: the engine logs and the agent logs. Log file names are appended by letters, where A indicates the first log file, B the second, C the third, and so on; for example, agent_A.txt. The agent log is located at %VCS_HOME%\log (typically c:\Program Files\VERITAS\cluster server\log). The format of agent log messages is as follows:
<Timestamp> <Mnemonic> <Severity> <Message ID> <Message Text>

where:
Timestamp

Shows the date and time when the message was logged.
Mnemonic

Identifies the product (for example, VCS).


Severity

576

Troubleshooting clustering with VCS Enterprise Vault Cluster Setup wizard error messages

Indicates the severity of the error, which can be CRITICAL, ERROR, WARNING, NOTICE, or INFO. CRITICAL messages are the most severe, whereas INFO messages are the least severe.
Message ID

Is the unique numeric ID of the error message. The prefix V-16 denotes VCS.
Message Text

Is the message generated by VCS. For example, a typical agent log message looks like this:
2006/01/24 11:04:17 VCS ERROR V-16-10051-6026 GenericService: CLSEV1-EnterpriseVaultAdminService:monitor:Th e LanmanResName attribute has not been configured.

Enterprise Vault Cluster Setup wizard error messages


Table 47-1 describes some messages that you may see when you run the Enterprise Vault Cluster Setup wizard. Table 47-1 Message Enterprise Vault Cluster Setup wizard error messages Explanation

Access Denied. You must have Administrator Only users who are members of the local privileges to run the wizard. administrators group can run this wizard. VCS not running on the local machine. Either Verify that the VCS service has started and the service has not been started or it is in a is running on the local machine. stale state. MSMQ is not configured properly. The wizard verifies that MSMQ is installed and configured on all the nodes. The error message is shown if MSMQ is not installed on one node or the configuration is different. To resolve the problem, verify that MSMQ has been installed and configured before proceeding with the Enterprise Vault Cluster Setup wizard. The required resource type MSMQ is not installed on this system. The wizard verifies that the MSMQ resource type is installed on the system. This resource type is installed with the 4.3 MP1.

Troubleshooting clustering with VCS Viewing the clustered message queues

577

Viewing the clustered message queues


In a clustered Enterprise Vault installation the Computer Management snap-in does not show Enterprise Vault message queues by default: it shows only queues for the local computer. To view the clustered message queues for an Enterprise Vault virtual server

1 2 3

Ensure the Enterprise Vault virtual server is online on the node you want to view the queues from. Open a command prompt window and change to the Enterprise Vault installation folder, typically C:\Program Files\Enterprise Vault. Enter the following command:
ClusterCompMgmt

This launches the Computer Management snap-in with the environment variables set so that it displays the clustered message queues.

Expand Services and Applications, then expand Message Queuing. The Enterprise Vault virtual server queues are listed under Private Queues.

578

Troubleshooting clustering with VCS Viewing the clustered message queues

Section

11

Clustering Enterprise Vault with Microsoft server clusters

Introducing clustering with Microsoft server clusters Preparing to cluster with Microsoft server clusters Configuring Enterprise Vault in a Microsoft server cluster Troubleshooting clustering with Microsoft server clusters

580

Chapter

48

Introducing clustering with Microsoft server clusters


This chapter includes the following topics:

About clustering with Microsoft server clusters Supported cluster configurations Required software and restrictions Typical Enterprise Vault configuration in a Microsoft server cluster Control of services in a clustered environment

About clustering with Microsoft server clusters


You can cluster Enterprise Vault in a Microsoft server cluster on either Windows 2003 Enterprise Edition or Datacenter Edition, to provide a high availability solution for Enterprise Vault. If you are setting up Enterprise Vault in an environment where Microsoft Exchange and SQL server are clustered, you may want to cluster Enterprise Vault to ensure that you can meet your service level agreements, recovery times, and recovery point objectives. High availability is provided by creating an Enterprise Vault virtual server that can fail over between physical nodes in the cluster. When Enterprise Vault services are running on a virtual server they operate with virtual IP addresses, a virtual computer name, virtual Microsoft Message Queues, and highly available shared disks. When a failure occurs, the cluster software can move the virtual servers resources to a different physical node in the cluster.

582

Introducing clustering with Microsoft server clusters Supported cluster configurations

Note: To cluster Enterprise Vault in a Microsoft server cluster, you need a working knowledge of Microsoft server clusters. For detailed information on Microsoft server clusters, see your Microsoft documentation.

Supported cluster configurations


An Enterprise Vault cluster consists of:

One or more primary nodes, each normally hosting an Enterprise Vault virtual server. One or more failover nodes: standbys that can take over the job of hosting an Enterprise Vault virtual server if a primary node fails.

Enterprise Vault does not permit "active/active" cluster configurations. That is, only one Enterprise Vault virtual server can run on a clustered node at any one time. You can configure Enterprise Vault in any operation mode that adheres to this restriction, such as:

An active/passive failover pair: a primary node with a dedicated failover node. N+1 (hot standby server): two or more primary nodes share a single failover node. Only one node failure can be accommodated at any one time. N+M: an extension of the hot standby concept with N primary nodes and M failover nodes. Only M node failures can be accommodated at one time. N+M any-to-any: identical to N+M, except that there is no need to fail back to the original node after a failover. When the original node becomes available again, it can operate as a failover node.

Required software and restrictions


The following software is required on each primary and failover node:

Windows Server 2003 Enterprise Edition or Datacenter Edition. Each node must be running the same operating system. Exchange System Manager, unless you are only using Enterprise Vault for File System Archiving or SharePoint Archiving. See Installing Exchange System Manager on page 583.

Note the following restrictions:

A clustered Enterprise Vault server cannot contain the SharePoint Portal Server 2001 Service. However, SharePoint 2003 runs as an Enterprise Vault task and is unaffected by this restriction.

Introducing clustering with Microsoft server clusters Typical Enterprise Vault configuration in a Microsoft server cluster

583

Compliance Accelerator and Discovery Accelerator are not supported within a cluster. However, an unclustered Compliance Accelerator or Discovery Accelerator can reference a clustered Enterprise Vault virtual server.

Installing Exchange System Manager


Unless Enterprise Vault is to be used only for File System Archiving or SharePoint Archiving, it requires Exchange System Manager to be present on each primary node and failover node. If possible, ensure that Exchange System Manager is installed on each node before you create the cluster. If you have already created the cluster, then Microsoft Distributed Transaction Coordinator (MSDTC) must be present as a cluster resource before you can install Exchange System Manager. You should add an MSDTC resource to the Cluster Group resource group, and then install Exchange System Manager on the cluster nodes. Once Exchange System Manager is installed you can remove the MSDTC resource if you wish.

Clustering existing Enterprise Vault installations


If you have an existing Enterprise Vault 7.0 or later installation then, subject to certain restrictions, you can use the Enterprise Vault Convert to Cluster wizard to convert the Enterprise Vault servers to servers with cluster support. The conversion requires you to move the Enterprise Vault data manually to highly available locations. See Converting an existing Enterprise Vault installation to a cluster on page 602.

Typical Enterprise Vault configuration in a Microsoft server cluster


Figure 48-1 illustrates a typical configuration.

584

Introducing clustering with Microsoft server clusters Control of services in a clustered environment

Figure 48-1

Enterprise Vault in an active/passive failover pair configuration


SQL Server

Private cluster network NODEA NODEB

Enterprise Vault data Shared storage

Public network

In this example:

NODEA and NODEB are the two Enterprise Vault nodes in the Microsoft server cluster. NODEA is the primary node. NODEB is the failover node. The SQL server and Microsoft Exchange may also be configured in the cluster: this does not affect Enterprise Vault. The volumes for the Enterprise Vault services data are configured on shared storage. The Enterprise Vault virtual server is configured on the primary node, NODEA. If NODEA fails, the virtual servers resources fail over to NODEB, and the virtual server comes online on NODEB.

See Configuration examples on page 597.

Control of services in a clustered environment


The following overview describes how in a clustered environment a common set of Enterprise Vault services are controlled by an Enterprise Vault virtual server. See the following chapters for instructions on how to set up the cluster and configure Enterprise Vault.

Introducing clustering with Microsoft server clusters Control of services in a clustered environment

585

Enterprise Vault services in a clustered environment


Whether you configure Enterprise Vault as a server with cluster support, or as a failover node for an existing clustered server, the Configuration wizard installs the following set of Enterprise Vault services on the node:

Directory Service Index Service Shopping Service Storage Service Task Controller Service

An Admin Service is already present from when Enterprise Vault was installed. The presence of this set of services is mandatory on each node, to ensure a common configuration on all nodes in the cluster. You cannot remove Enterprise Vault services in a clustered configuration. The Configuration wizard sets the Enterprise Vault services to manual startup, to enable the cluster software to start and stop them as required. Note: In a clustered configuration, you cannot start or stop services using the Administration Console or the EVService utility. If you stop a service using Windows Service Control manager, the cluster software assumes this is due to a system failure, and will restart the service or initiate a failover. To start or stop Enterprise Vault services safely, use only Cluster Administrator or the Windows command line utility cluster.exe. See Starting and stopping services on page 611.

Resource groups and resources


Before configuring an Enterprise Vault server as a server with cluster support, you must create a cluster resource group, which will become the Enterprise Vault virtual server. The Enterprise Vault Configuration wizard adds the following Enterprise Vault service resources to the resource group, to control and monitor the equivalent Enterprise Vault services on the active node:

Admin Service resource Directory Service resource Index Service resource Shopping Service resource

586

Introducing clustering with Microsoft server clusters Control of services in a clustered environment

Storage Service resource Task Controller Service resource

The Configuration wizard also adds one more resource to the group: an Enterprise Vault Server Instance resource. All the other Enterprise Vault resources in the group are configured to be dependent on this resource, directly or indirectly. Its purpose is to prevent failovers to nodes already running Enterprise Vault, avoiding an active/active operation mode.

What happens at failover


If an active node fails, the Enterprise Vault virtual server attempts to fail over to the next available node in the resource groups preferred node list, assuming all the resources have that node as a possible owner. The Server Instance resource fails over first, provided the failover node is not already running an Enterprise Vault virtual server. The remaining resources then fail over in order of dependency. The resources start the Enterprise Vault services on the failover node, ensuring continuing availability for the data that Enterprise Vault is managing and archiving.

Chapter

49

Preparing to cluster with Microsoft server clusters


This chapter includes the following topics:

Preparing to cluster Enterprise Vault Setting up the shared disks and volumes Setting up the resource groups

Preparing to cluster Enterprise Vault


This chapter describes the preparations you must take before you can cluster a new or existing Enterprise Vault installation in a Microsoft server cluster. Note: The information in this chapter provides only an overview of the tasks you need to perform. For general information on how to configure a Microsoft server cluster, refer to your Microsoft documentation. To prepare for clustering with Microsoft server clusters

Decide on the operation mode for your cluster, including:

The number of primary nodes (each normally hosting an Enterprise Vault virtual server). The number of failover nodes. Which nodes are to be the preferred owners of each virtual server.

Ensure that your setup meets the requirements. See Required software and restrictions on page 582.

588

Preparing to cluster with Microsoft server clusters Setting up the shared disks and volumes

Set up the shared disks and volumes for the cluster. See Setting up the shared disks and volumes on page 588.

4 5

Use Cluster Administrator to create the cluster and to add the primary and failover nodes. Set up a resource group, including the prerequisite resources, for each Enterprise Vault virtual server you require. See Setting up the resource groups on page 589.

Create a static DNS host entry and an alias entry for each Enterprise Vault virtual server. For example, you might create a virtual server host entry EVSERVER1, and an alias entry EVSERVER1Alias, pointing at EVSERVER1. For information on creating DNS settings, refer to your DNS documentation.

Setting up the shared disks and volumes


You must set up shared storage and volumes for the cluster, ready to accept the shared data. Each Enterprise Vault virtual server requires one or more volumes in which to store the following:

MSMQ data Indexing Service data Storage Service data (vault store partitions) Shopping Service data PST holding folders EMC Centera staging areas

It is good practice for MSMQ data, Indexing Service data and Storage Service data to each have a separate physical disk resource. Placing them on the same drives may result in degraded performance. For example, if you are setting up two Enterprise Vault virtual servers, EVSERVER1 and EVSERVER2, you might allocate the shared storage for the cluster as follows:
Cluster Group EVServer1

Volume Q: Quorum data Volume I: MSMQ data Volume J: Index data Volume K: Vault store data Volume L: PST holding folders, Shopping service data, staging areas

Preparing to cluster with Microsoft server clusters Setting up the resource groups

589

EVServer2

Volume M: MSMQ data Volume N: Index data Volume O: Vault store data Volume P: PST holding folders, Shopping service data, staging areas

Note the following when setting up the shared disks and volumes:

You must configure the storage for different resource groups on different physical disks, since only one server can connect to a physical disk at a time. Configure shared disks and volumes such that the required nodes will be able to access to the clustered disk resources on failover. For example, in a 2+1 configuration, the failover node must have access to the quorum data volume, plus all the volumes used by both virtual servers.

Setting up the resource groups


You must create and configure a resource group for each virtual server the cluster is to support. For example, for an N+M cluster, you require N resource groups. Table 49-1 Resource type
Physical Disk (Configure one physical disk resource for each volume you have set up for use by this virtual server.) IP Address None

Prerequisite resources for Enterprise Vault resource groups Dependencies


None

Parameters
Specify the required disk volume.

Specify the IP address for the virtual server. Specify the public network. Enable NetBIOS for this address.

590

Preparing to cluster with Microsoft server clusters Setting up the resource groups

Table 49-1

Prerequisite resources for Enterprise Vault resource groups (continued) Dependencies


IP Address resource

Resource type
Network name

Parameters
Use the group name as the network name. We recommend that you select the "DNS Registration Must Succeed" check box. You must select the "Enable Kerberos Authentication" check box. This is required by the Message Queuing resource.

Message Queuing

The Physical Disk resource for this virtual servers MSMQ data The Network Name resource

None

To set up a resource group

1 2

Use Cluster Administrator to create and name the resource group. In the Properties of the resource group, specify the nodes that are to be the preferred owners of this resource group. List the nodes in the preferred order, according to your chosen operation mode. Add the prerequisite resources to the resource group. Add one resource of each resource type listed in the following table, except where noted. We recommend you use the following naming format for the resources: groupname-resourcetype For example, if you named a resource group EV1 and you are adding a physical disk resource, name the resource EV1-PhysicalDisk. Later, the Enterprise Vault Configuration wizard adds Enterprise Vault service resources to the resource group using this naming format. Specify the required nodes as possible owners for each resource, according to your chosen operation mode.

When you have finished setting up the resource group, check that it can fail over between nodes without error.

Chapter

50

Configuring Enterprise Vault in a Microsoft server cluster


This chapter includes the following topics:

About configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support Converting an existing Enterprise Vault installation to a cluster Modifying an existing Enterprise Vault cluster

About configuring Enterprise Vault in a Microsoft server cluster


This chapter describes:

Setting up a new Enterprise Vault installation with cluster support. Converting an existing Enterprise Vault installation to a cluster. Modifying an existing Enterprise Vault cluster to add another Enterprise Vault clustered server or failover node, or to add more shared storage.

Before proceeding, you must have performed the preparatory steps for clustering. See Preparing to cluster Enterprise Vault on page 587.

592

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

Setting up a new Enterprise Vault installation with cluster support


This section describes how to set up a first-time Enterprise Vault installation as a cluster. Note: If during the running of the configuration wizard you receive an error related to the configuring of the Enterprise Vault Monitoring database, complete the configuration wizard and refer to Troubleshooting configuration of the Monitoring database. To set up a new Enterprise Vault installation with cluster support

Install Enterprise Vault on all the nodes that are to run Enterprise Vault, both primary and failover, but do not run the Enterprise Vault Configuration wizard on any node at this stage. For instructions on installing Enterprise Vault, see Sections I and II of this manual. Configure the Enterprise Vault servers that are to act as clustered servers. See Configuring a new Enterprise Vault server with cluster support on page 592.

Configure Enterprise Vault on the nodes that are to act as failover nodes. See Configuring a failover node on page 596.

Test the cluster to ensure the failovers work as planned.

Configuring a new Enterprise Vault server with cluster support


Perform one of the following procedures on a newly installed Enterprise Vault server to configure it as an Enterprise Vault server with cluster support. Choose the appropriate procedure depending on which of the following you want to do:

Create an Enterprise Vault Directory on the Enterprise Vault server. This is mandatory for the first Enterprise Vault server you configure. The Directory is a container for Enterprise Vault Sites, which define common settings for Enterprise Vault servers. Every Enterprise Vault server must belong to just one Site. The configuration process creates a new Site in the new Directory and adds the Enterprise Vault server to that Site. It also creates a Directory database on the SQL server you specify. Join an Enterprise Vault Directory on another Enterprise Vault server (typically a previously configured Enterprise Vault virtual server). You can add the Enterprise Vault server to an existing Enterprise Vault Site in the Directory,

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

593

or create a new Site in the Directory and add the Enterprise Vault server to that. To configure an Enterprise Vault server with cluster support, creating an Enterprise Vault Directory on the server

1 2

Use Cluster Administrator to ensure that a suitable resource group you prepared earlier is online on the Enterprise Vault server node. On the nodes Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration. The first page of the Enterprise Vault Configuration wizard appears. Click Create a new Enterprise Vault server with Cluster support, and then click Next. The wizard lists the resource groups that are currently online on this node. Select the prepared resource group and click Next. On the next Wizard page, select Yes to choose the option to create an Enterprise Vault Directory on this computer. Then click Next. Select the language you want Enterprise Vault to use when populating the default settings in the Administration Console. Then click Next. The wizard asks for details of the Vault Service account. This is the account you created earlier as part of the preinstallation tasks for Enterprise Vault. Use the format domain_name\username, for example cluster\vaultadmin. Alternatively, use the ... button to browse for the account. Enter the password details and then click Next. The wizard then displays a couple of messages relating to the Vault Service account having been granted user rights on the computer, and the creation of the Directory Service.

3 4 5 6 7

8 9

When prompted, enter the location of the SQL Server to use for the Enterprise Vault Directory database and click Next. The wizard prompts you to enter the locations for the Enterprise Vault Directory database and transaction log. For performance reasons it is good practice to place these on separate disks. If default locations are shown, change them if they are incorrect. If you specified a SQL server on a remote computer, the paths must be valid paths on that computer, such as \\DC\C$\Program Files\Microsoft SQL Server\MSSQL\Data. Then click Next.

594

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

10 When prompted, enter the location of the SQL Server to use for the Enterprise
Vault Monitoring database. Leave Start Monitoring immediately selected to begin monitoring as soon as the configuration is complete on this Enterprise Vault server. Then click Next.

11 The wizard prompts you to enter the locations for the Enterprise Vault
Monitoring database and transaction log. For performance reasons it is good practice to place these on separate disks. If default locations are shown, change them if they are incorrect. If you specified a SQL server on a remote computer, the paths must be valid paths on that computer. Then click Next.

12 The wizard then prompts you for a name and description for the new Vault
Site.

13 For the Vault Site alias, enter the DNS alias for the Enterprise Vault resource
group you selected in step 4.

14 Click Next to continue. 15 The wizard confirms the Enterprise Vault Site and Enterprise Vault Directory
computer you have selected. It prompts you to specify the DNS Alias for the computer you are currently configuring.

16 Enter again the DNS alias for the Enterprise Vault resource group that you
selected in step 4.

17 Click Next to update the Enterprise Vault Directory. 18 The wizard lists the Enterprise Vault services that are to be added to this
computer. Click Next to add the services.

19 The wizard lists the Enterprise Vault services that it has now added, giving
you the option to check their properties. Note that in a cluster configuration you are not allowed to add or remove services. Click Next to continue.

20 The wizard displays the storage locations for the Indexing and Shopping
services. These locations default to the first disk resource in the selected resource group. If the locations are suitable, click Next. If you want to specify different storage locations, click Back and edit the properties of the service. The wizard displays a warning if you try to modify these to a local location such as C:\Shopping.

21 The Configuration wizard indicates that it needs to create cluster resources


for each of the Enterprise Vault services. If you wish, select Bring resources online to allow Enterprise Vault to bring the resources online in the cluster. Alternatively you bring the resources online later using Cluster Administrator.

22 The final wizard page displays a list of the actions the wizard has performed,
and the results. Click Finish to exit the wizard.

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

595

To configure an Enterprise Vault server with cluster support, joining an Enterprise Vault Directory on another computer

1 2

Use Cluster Administrator to ensure that a suitable resource group you prepared earlier is online on the Enterprise Vault server node. On the nodes Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration. The first page of the Enterprise Vault Configuration wizard appears. Click Create a new Enterprise Vault server with Cluster support, and then click Next. The wizard lists the resource groups that are currently online on this node. Select the prepared resource group and click Next. On the next wizard page, select No to join an Enterprise Vault Directory on another Enterprise Vault server, and specify the DNS alias for the remote Enterprise Vault server. Typically this is the DNS alias for an Enterprise Vault virtual server you previously configured into the cluster. Click Next and continue. On the next wizard page, do one of the following:

3 4 5

Select the option to create a new Vault Site in the remote Enterprise Vault Directory. Click Next and continue from step 7. Or select the option to join an existing Vault Site in the remote Enterprise Vault Directory, and select a Vault Site from the list displayed. Then click Next and continue from step 10.

7 8 9

The wizard then prompts you for a name and description for the new Vault Site. For the Vault Site alias, enter a DNS alias for the remote Enterprise Vault server you specified in step 5. Click Next to continue. computer you have selected. It prompts you to specify the DNS Alias for the computer you are currently configuring.

10 The wizard confirms the Enterprise Vault Site and Enterprise Vault Directory

11 Enter the DNS alias for the Enterprise Vault resource group you selected in
step 4.

12 Click Next to update the Enterprise Vault Directory. 13 The wizard lists the Enterprise Vault services that are to be added to this
computer. Click Next to add the services.

596

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

14 The wizard lists the Enterprise Vault services that it has now added, giving
you the option to check their properties. Note that in a cluster configuration you are not allowed to add or remove services. Click Next to continue.

15 The wizard displays the storage locations for the Indexing and Shopping
services. These locations default to the first disk resource in the selected resource group. If the locations are suitable, click Next. If you want to specify different storage locations, click Back and edit the properties of the service. The wizard displays a warning if you try to modify these to a local location such as C:\Shopping.

16 The Configuration wizard indicates that it needs to create cluster resources


for each of the Enterprise Vault services. If you wish, select Bring resources online to allow Enterprise Vault to bring the resources online in the cluster. Alternatively you bring the resources online later using Cluster Administrator.

17 The final wizard page displays a list of the actions the wizard has performed,
and the results. Click Finish to exit the wizard.

Configuring a failover node


Perform this procedure on the nodes that are to act as failover nodes. To configure a failover node

On the nodes Windows Start menu, click All Programs > Enterprise Vault > Enterprise Vault Configuration. The first page of the Enterprise Vault Configuration wizard appears. Click Configure the node as a failover node for an existing clustered server, and then click Next. The wizard prompts you for the name of the resource group for which you want to add the node as a failover node. Select any resource group that is configured to fail over to this node. The resource group must be online on one of the nodes that you have configured as an Enterprise Vault primary node, and its resources must all have the failover node as a possible owner. Select the name of the resource group, and then click Next. On the next wizard page, enter the password for the Vault Service account, and then click Next. The next wizard page lists the actions the wizard will take if you proceed. To continue click Next, then click and then click OK to confirm the actions taken. The final wizard page displays a list of the actions the wizard has performed, and the results. Click Finish to exit the wizard.

2 3

4 5 6

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

597

Troubleshooting configuration of the Monitoring database


If during the running of the configuration wizard you receive errors indicating that configuring the Enterprise Vault Monitoring database has failed, complete the configuration wizard and then run the Monitoring Configuration Utility to configure the Monitoring database and the Monitoring agents manually. For information on how to do this, see the following Enterprise Vault TechNote on the Symantec Support Web site: http://entsupport.symantec.com/docs/287449. The TechNote also describes how to troubleshoot issues with Monitoring agents.

Configuration examples
These examples describe how to set up first-time installations of Enterprise Vault in various cluster operation modes.

Active/passive failover pair


This example describes setting up a new Enterprise Vault installation of an "active/passive" failover pair. Figure 50-1 illustrates a single failover pair, consisting of a primary node, NODEA, running the Enterprise Vault virtual server EVSERVER1, plus a dedicated failover node, NODEB. Figure 50-1
NODEA EVSERVER1 (Primary Node)

Failover pair configuration

NODEB (Failover Node)

Shared Disk

To set up this failover pair

Prepare for clustering Enterprise Vault as follows:

598

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

Create a node for the primary server (NODEA). Create a node for the failover server (NODEB). Create a resource group EVSERVER1 for the virtual server, with the preferred owners set to NODEA followed by NODEB. Add the prerequisite resources to resource group, ensuring that they have NODEA and NODEB as their possible owners. Create a DNS entry for the virtual server, and an alias EVSERVER1Alias, pointing at it.

2 3

Install Enterprise Vault on NODEA and NODEB, without running the Enterprise Vault Configuration wizard. On NODEA, run the Enterprise Vault Configuration wizard and choose to configure a new Enterprise Vault server with cluster support. Select EVSERVER1 as the resource group in which to create the Enterprise Vault service resources. Specify EVSERVER1Alias as the Vault Site alias and computer DNS alias. On NODEB, run the Enterprise Vault Configuration wizard and choose to configure a failover node for an existing clustered server. Select EVSERVER1 as the resource group for which you want to add this node as a failover node. Test the failover from NODEA to NODEB.

2+1 configuration without "any-to-any"


Figure 50-2 illustrates a configuration in which there is a single spare node in addition to the two nodes on which the Enterprise Vault servers are running.

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

599

Figure 50-2

2+1 configuration without "any-to-any" support

NODEA EVSERVER1

Shared Disk

NODEC (SPARE)

NODEB (EVSERVER2)

Shared Disk

If either NODEA or NODEB fails, the virtual Enterprise Vault server running on that node can fail over to NODEC. This is not an "any-to-any" configuration so if a node fails the resources must be moved back after the node is recovered, in order to return to high availability. To set up this 2+1 configuration

Prepare for clustering as follows:


Add three nodes to the cluster (NODEA, NODEB, NODEC). Create two resource groups (EVSERVER1, EVSERVER2), and add the prerequisite resources to each group. Configure the groups and resources so that the following nodes are the preferred owners, in the order shown:
EVSERVER1 EVSERVER2 NODEA, NODEC NODEB, NODEC

600

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

Create DNS entries for the virtual servers EVSERVER1 and EVSERVER2, and provide aliases for each (EVSERVER1Alias, EVSERVER2Alias).

2 3

Install Enterprise Vault on NODEA, NODEB, and NODEC, but do not run the Enterprise Vault Configuration wizard. On NODEA, run the Enterprise Vault Configuration wizard and choose to configure a new Enterprise Vault server with cluster support. Select EVSERVER1 as the resource group in which to create the Enterprise Vault service resources. Specify EVSERVER1Alias as the Vault Site alias and computer DNS alias. On NODEB, run the Enterprise Vault Configuration wizard and choose to configure a new Enterprise Vault server with cluster support. Select EVSERVER2 as the resource group in which to create the Enterprise Vault service resources. Specify EVSERVER2Alias as the Vault Site alias and computer DNS alias On NODEC, run the Enterprise Vault Configuration wizard, and choose to configure a failover node for the existing clustered server. Select either EVSERVER1 or EVSERVER2 as the resource group for which you want to add this node as a failover node. Test the cluster to confirm that if NODEA fails, the EVSERVER1 resources fail over successfully to NODEC. Then return the EVSERVER1 resources to NODEA and confirm that if NODEB fails, the EVSERVER2 resources fail over successfully to NODEC.

2+1 configuration "any-to-any"


This second option for a 2+1 operation mode involves configuring the Enterprise Vault virtual servers EVSERVER1 and EVSERVER2 to run on any of the three nodes. This has the advantage that, for example, if NODEA fails and EVSERVER1 fails over to NODEC, you can bring NODEA back online to act as the failover node for EVSERVER1 and EVSERVER2.

Configuring Enterprise Vault in a Microsoft server cluster Setting up a new Enterprise Vault installation with cluster support

601

Figure 50-3

2+1 "any-to-any" configuration


NODEA

Shared Disk for EVSERVER1

Shared Disk for EVSERVER2

NODEB

NODEC

You can extend the setup process for an N+M configuration with any number of primary and failover nodes, up to the total of 8 clustered nodes supported by Microsoft server clusters. To set up this 2+1 any-to-any configuration

Prepare for clustering as follows:


Add three nodes to the cluster (NODEA, NODEB, NODEC). Create two resource groups (EVSERVER1, EVSERVER2), and add the prerequisite resources to each group. Configure the groups and resources so that the following nodes are the preferred owners, in the order shown:
EVSERVER1 EVSERVER2 NODEA, NODEC, NODEB NODEB, NODEC, NODEA

Follow steps 2 to 5 of the 2+1 configuration without "any-to-any" support.

602

Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster

3 4 5

See 2+1 configuration without "any-to-any" on page 598. Test the cluster to confirm that if an active node fails, the virtual server fails over to the appropriate node. For example, if you have configured the preferred owners of the resource groups as suggested in step 1:

Confirm that if NODEA fails, EVSERVER1 fails over successfully to NODEC. Then bring NODEA back online as the spare node and confirm that if NODEB fails, EVSERVER2 fails over to NODEA.

Converting an existing Enterprise Vault installation to a cluster


There are two types of Enterprise Vault installation that you can convert to a Microsoft server cluster: a single, non-clustered Enterprise Vault server, and a building blocks configuration that contains multiple Enterprise Vault servers, provided no server is running in failover mode. To be eligible for conversion to a cluster, the existing Enterprise Vault installation must meet the following conditions:

Enterprise Vault should already be configured in a non-clustered configuration, and it must not already be part of a cluster. Enterprise Vault must be configured using DNS aliases rather than fully qualified node names. The Enterprise Vault server must have a full set of Indexing, Shopping, Task Controller, and Storage services. However, it must not contain the SharePoint Portal Server 2001 service, as this is not supported in a cluster.

Note that Compliance Accelerator and Discovery Accelerator are not supported within a cluster. However, an unclustered Compliance Accelerator or Discovery Accelerator can reference a clustered Enterprise Vault virtual server. You can cluster an existing Enterprise Vault installation in any of the operation modes previously described. Note that:

You can configure a combination of new and existing Enterprise Vault servers as virtual servers, if required. You must perform a new installation of Enterprise Vault on the nodes that are to act as failover nodes.

Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster

603

To convert an existing Enterprise Vault installation to a cluster

Prepare for clustering. See Preparing to cluster Enterprise Vault on page 587.

Install Enterprise Vault on the failover nodes and, if required, on any additional primary nodes you are adding to the existing installation. Do not run the Enterprise Vault Configuration wizard on any node at this stage. For instructions on installing Enterprise Vault, see Sections I and II of this manual. Convert your existing Enterprise Vault servers to servers with cluster support. See Converting an existing Enterprise Vault server to a server with cluster support on page 603.

If you are adding any new Enterprise Vault servers, configure the new Enterprise Vault servers as servers with cluster support. See Configuring a new Enterprise Vault server with cluster support on page 592.

Configure Enterprise Vault on the failover nodes. See Configuring a failover node on page 596.

Test the cluster to ensure the failovers work as planned.

Converting an existing Enterprise Vault server to a server with cluster support


This section describes how to convert an existing Enterprise Vault server to a server with cluster support, including moving data to highly-available locations. To convert an existing Enterprise Vault server to a server with cluster support

Ensure that the following items are all on highly-available shared storage devices.

Indexing service data Shopping service data Vault store partitions PST holding folders EMC Centera staging areas

If they are not, correct the locations in the Enterprise Vault Directory database and then move the associated data to the new locations.

604

Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster

See Moving data to highly-available locations on page 605.

2 3

Use Cluster Administrator to ensure that a suitable resource group you prepared earlier is online on the Enterprise Vault server node. On the Windows Start menu, click All Programs > Enterprise Vault > Convert to Cluster. The first page of the Enterprise Vault Convert to Cluster wizard appears. Click Next to continue. The wizard makes a number of checks relating to the suitability of the installation for conversion to a cluster. It then displays a warning reminder that when the wizard has successfully completed you must update the DNS alias or Hosts file entry that is currently pointing at the physical node, so that it points at the virtual server name. The wizard then displays a list of the current file locations for the Enterprise Vault services and partitions. You must confirm that these locations are all on highly-available shared storage devices before continuing. Either select the check box to confirm high-availability, and click Next to continue, or click Cancel to exit from the wizard and move the required data to highly-available locations before running the wizard again. If the wizard detects that there are messages in the Enterprise Vault MSMQ queues, it displays a page indicating the name of each queue and the number of messages on it. The wizard cannot move these messages to the clustered message queues due to permissions constraints. We recommend you cancel from the wizard and leave the services running in a non-clustered environment until Enterprise Vault has cleared the message queues. You can then re-run the Convert to Cluster wizard. If you continue without doing this, the messages remain on the node-specific queues and are not processed. If you want to continue without clearing the queues, select the Continue converting configuration to a cluster check box and click Next. The wizard lists the resource groups that are currently online on this node. Select the required resource group and click Next. The wizard creates the necessary resources, updates the Enterprise Vault services to manual startup, and updates the Directory database tables to remove the local computer name from the computer entry table and the message queue names. The final wizard page displays a list of the actions the wizard has performed, and the results. Click Finish to exit the wizard. If you have not already done so, manually update the DNS alias to point at the virtual server name rather than the local node name.

7 8

10 Bring the virtual server resources online using Cluster Administrator.

Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster

605

Moving data to highly-available locations


In outline, the procedure for moving the data to highly-available locations is as follows:

Stop the Indexing, Shopping, Storage, and Task Controller services. Make a backup copy of the Enterprise Vault Directory database and data files. Use the Enterprise Vault Administration Console or run a SQL query against the Enterprise Vault Directory to move the data, as described below.
IndexRootPathEntry Move the contents of this location to a highly available location. [IndexRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM IndexRootPathEntry WHERE (IndexRootPathEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE IndexRootPathEntry SET IndexRootPath = '<THE NEW LOCATION>' WHERE (IndexRootPathEntryId = '<ID FROM LOG FILE>')

PartitionEntry [AccountName]

Move the pool entry authorization (.pea) file to a highly available location. Use the Enterprise Vault Administration Console to view the properties of the EMC Centera partition and then, on the Connection tab, edit the Pool Entry Authorization File Location box to point at the new location.

606

Configuring Enterprise Vault in a Microsoft server cluster Converting an existing Enterprise Vault installation to a cluster

PartitionEntry Move the contents of this location to a highly available location. [PartitionRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry WHERE (PartitionEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE PartitionEntry SET PartitionRootPath = <THE NEW LOCATION> WHERE (PartitionEntryId = '<ID FROM LOG FILE>')

PartitionEntry/Locations Move the secondary storage files to a highly available location. [SecondaryLocation] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry INNER JOIN Locations ON PartitionEntry.SecondaryLocation = Locations.LocationIdentity WHERE (PartitionEntry.PartitionEntryId = <ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE Locations SET Location = '<NEW LOCATION>' WHERE LocationIdentity = (SELECT SecondaryLocation FROM PartitionEntry WHERE PartitionEntryId = <ID FROM LOG FILE>')

Configuring Enterprise Vault in a Microsoft server cluster Modifying an existing Enterprise Vault cluster

607

PartitionEntry Move the contents of this location to a highly available location. [StagingRootPath] Update the database using SQL to point at the new location. The SQL to view the current location is as follows: SELECT * FROM PartitionEntry WHERE (PartitionEntryId = '<ID FROM LOG FILE>') The SQL to update the location is as follows: UPDATE PartitionEntry SET StagingRootPath = <THE NEW LOCATION> WHERE (PartitionEntryId = '<ID FROM LOG FILE>')

PSTMigratorTask Move the contents of the location to a highly available location. [MigrationDirectory] Use the Enterprise Vault Administration Console to view the properties of the PST Migrator Task and update the Temporary files folder. ShoppingServiceEntry Move the contents of this location to a highly available location. [ShoppingRootPath] Use the Enterprise Vault Administration Console to edit the Shopping service location to the new highly available location. SiteEntry Move the contents of the location to a highly available location. [PSTHoldingDirectory] Use the Enterprise Vault Administration Console to view the site properties and update the PST Holding Folder property to point at the new location.

Modifying an existing Enterprise Vault cluster


This section describes how to modify an existing Enterprise Vault cluster to do the following:

Add a node to host a new Enterprise Vault virtual server or to act as a failover node. Add shared storage for a virtual server.

Adding a node
You may want to add a node to an existing Enterprise Vault cluster to host a new Enterprise Vault virtual server or to act as a failover node.

608

Configuring Enterprise Vault in a Microsoft server cluster Modifying an existing Enterprise Vault cluster

To add a node to an existing cluster

1 2 3

Share the required disk volumes on the new node. Use Cluster Administrator to add the node to the cluster. If you are adding a new Enterprise Vault virtual server, prepare a new resource group and add the prerequisite resources. See Setting up the resource groups on page 589.

4 5 6 7

Specify the new node as a possible owner of all resources in all the resource groups that are required to run on it. Add the new node at a suitable position in the preferred owners list of any resource group that is required to run on it. Install Enterprise Vault on the node. Run the Enterprise Vault Configuration wizard and choose either Create a new Enterprise Vault server with Cluster support, or Configure the node as a failover node for an existing clustered server, as required. Test the modified cluster to confirm that failovers to or from the new node work as planned.

Adding shared storage


You may want to add shared storage to an existing Enterprise Vault cluster, to provide more storage for a virtual server. To add shared storage to an existing Enterprise Vault cluster

1 2

Set up the additional shared disks and volumes, sharing the volumes on the nodes that require access to them. For the virtual server that is to use the new storage:

Add a Physical Disk resource to the resource group for each new volume. Make the Physical Disk resource dependent on the Enterprise Vault Server Instance resource. Change the Properties of the Admin Service resource to add a dependency on each new Physical Disk resource.

3 4

Specify the required nodes as possible owners for the new Physical Disk resources, according to your cluster operation mode. Test the modified cluster to confirm that the Enterprise Vault virtual server can access the new shared storage successfully before and after failover.

Chapter

51

Troubleshooting clustering with Microsoft server clusters


This chapter includes the following topics:

About this chapter Event logs and the server cluster log Resource ownership and dependencies Registry replication Viewing the clustered message queues Starting and stopping services

About this chapter


This chapter describes how to troubleshoot problems with Enterprise Vault in a Microsoft server cluster. Note: For information on backing up and recovering a clustered Enterprise Vault environment, see the Administrators Guide.

610

Troubleshooting clustering with Microsoft server clusters Event logs and the server cluster log

Event logs and the server cluster log


There are no specific Enterprise Vault event messages for clustering, but Enterprise Vault continues to write messages to the standard Application and Enterprise Vault event logs, so check these for errors. If any Microsoft server cluster resources fail to come online, check the event logs and also the Microsoft server cluster log text file, typically C:\WINDOWS\Cluster\cluster.log. To see the operations related to Enterprise Vault, search for Enterprise Vault.

Resource ownership and dependencies


Resource ownership must be set up correctly to avoid problems when configuring Enterprise Vault in a cluster. The Configuration wizard only lists a resource group for selection if every resource in the group has the node on which you are running the wizard listed as a possible owner. Resource ownership and resource dependencies must also be set up correctly to ensure failovers work as planned. Table 49-1 describes the dependencies you must set for the prerequisite resources. Enterprise Vault Configuration wizard sets up the dependencies for the Enterprise Vault service resources and the Server Instance resource when it adds them to the resource group. If you add a shared disk to an existing cluster you must ensure you set up the disk resource and dependencies correctly. See Adding shared storage on page 608.

Registry replication
As part of configuring the virtual server, the Configuration wizard sets up a registry checkpoint on the Admin service resource, to provide the required registry replication on the clustered nodes. If you suspect problems with registry entries related to an Enterprise Vault virtual server, view the checkpoint to confirm it is set up correctly. Enter the following command using the Windows command line utility cluster:
cluster resource EnterpriseVaultAdminService /check

where EnterpriseVaultAdminService is the name of the Admin service resource, for example EVSERVER1-EnterpriseVaultAdminService.

Troubleshooting clustering with Microsoft server clusters Viewing the clustered message queues

611

You should see listed one checkpoint for the Admin service resource: Software\KVS\Enterprise Vault.

Viewing the clustered message queues


In a clustered Enterprise Vault installation the Computer Management snap-in does not show Enterprise Vault message queues by default: it shows only queues for the local computer. To view the clustered message queues for an Enterprise Vault virtual server

1 2 3

Ensure the Enterprise Vault virtual server is online on the node you want to view the queues from. Open a command prompt window and change to the Enterprise Vault installation folder, typically C:\Program Files\Enterprise Vault. Enter the following command:
ClusterCompMgmt

This launches the Computer Management snap-in with the environment variables set so that it displays the clustered message queues.

Expand Services and Applications, then expand Message Queuing. The Enterprise Vault virtual server queues are listed under Private Queues.

Starting and stopping services


In a clustered environment the clustering software must have control of the Enterprise Vault services. To allow this, the Enterprise Vault Configuration wizard sets the startup of these services to manual. Do not attempt to change the startup to automatic. If a service starts or stops outside of the control of the cluster software, the cluster software assumes this is due to a change in system condition. For example, if a service stops, the cluster software assumes a failure, and will attempt to restart the service or initiate a failover. You should not attempt to start or stop Enterprise Vault services, except through the cluster software in one of the following ways:

Use Cluster Administrator to bring the associated service resource online or offline. Or use the Windows command line utility cluster. For the syntax of this command, open a command prompt window and enter:

612

Troubleshooting clustering with Microsoft server clusters Starting and stopping services

cluster /?

For more details, see, for example, the following TechNet article:
http://technet2.microsoft.com/WindowsServer/en/librar y/8da99e1e-619f-4deb-acf0-cd8d61ac2ed01033.mspx

To help prevent the starting and stopping of services by other means, Enterprise Vault behaves as follows in a clustered configuration:

The Enterprise Vault Administration Console buttons for starting and stopping services are unavailable. You cannot start or stop services using the EVService utility. However, you can continue to use EVService to control tasks. Enterprise Vault blocks attempts to start Enterprise Vault services using the Windows Service Control Manager, and logs an event message. However, Enterprise Vault cannot block the stopping of services using Windows Service Control Manager, so be careful to avoid this.

Index

Symbols
.NET Framework requirement 459

A
Active Directory Publishing the Outlook Add-Ins 184 active/passive failover configuration 544 Add-Ins distributing 182 installing on a server 179 Admin permissions 140 Administration Console Japanese fonts 138 Using 138 Advanced mailbox policy settings 163 Domino mailbox archiving 323 agent configuration modifying 555 Archive points managing 373 archiving initially suspended impact to users 180 Assigning administrator roles 140 Authorization Manager 140 AutoEnableMbxFolders 447

B
BlacklistedDLs 492

C
Celerra scheduling deletion 376 Client computer customizing security 119 Clustering Microsoft server clusters 581 VERITAS Cluster Server 543 Collection 144

computer adding new 125 configuration modifying using wizard 555 typical setup 544 Configuration Program 138 configuration wizard 124 configuration wizards Exchange Server Configuration 552 configurations active/passive failover 544 Content categories introduction 458 Custom filtering assigning archive 488 assigning retention category 487 attachment filtering 486 configuring 470 default rules 480 Domino registry settings 477 events 472 filtering attachments 501 filtering messages 488 filtering on DLs 490, 492 filtering on message direction 497 filtering on message subject 499 format of ruleset files 482 introduction 458 named ruleset files 481482 registry settings 471 rule actions 485 ruleset file example 507 ruleset file schema 479 ruleset file security 480 ruleset files 479 Custom properties introduction 458, 460 supported properties 514 Custom properties.xml introduction 461 schema 479 Customized filters 514

614

Index

D
Default domain with basic authentication 117 Deleted Attachments.txt file 487 Demonstration system 47 DiskFullRetryLimit 446, 452 DNS alias 47 Domino archiving adding a domain 318 adding a Domino mail server 318 Domino Journaling adding a domain 354 adding a location 357 adding a server 354 adding permissions to the journal archive 355 assigning a vault store 354 configuring access for Enterprise Vault 84 configuring the journaling databases 83 creating a task 356 creating a vault store 354 creating an archive 355 Database Management 83 Domino Journaling Archiving 353 set up 356 Domino journaling location 477 Domino journaling locations ruleset file name 482 Domino mailbox archiving Domino Mailbox task 326 Domino Provisioning task 325 installing client templates 330 mailbox policies 319 setting up 311

Enterprise Vault Operations Manager (continued) requirements 49 Enterprise Vault Reporting accessing 134 configuring 131 requirements 53 Enterprise Vault site creating new 125 DNS entry for 47 Enterprise Vault Web site 26 Entourage clients 66 Envelope Journaling 462 EVMessages.nsf 342 Exchange supported versions 543 Exchange agent about 544 configuring using wizard 552 supported services 544 troubleshooting 575 typical setup 544 Exchange cluster active/passive setup 544 Exchange cluster configuration Active/Passive failover 544 Exchange permissions 60 Exchange Service agent 544 Exchange service group modifying 555 External filters 459, 474

F
File servers adding 363 processing immediately 379 File System Archiving scheduling 375 scheduling expiry 376 scheduling permissions synchronization 377 Filtering Custom filtering 458 Group journaling 458 Selective journaling 457 Folders adding 372 creating a folder policy 371 Fonts in Administration Console 138

E
EnableMailboxMessage.msg 176 enabling Domino mailbox manually 345 enabling mailbox manually 178 wizard 178, 345 Enterprise Vault configuring 123, 214 installing 111, 149 web page URL 26 Enterprise Vault documentation 25 Enterprise Vault Operations Manager accessing 130 configuring 129

Index

615

FSA Reporting configuring 392 FSA Reporting database disk space requirements 35

G
Group journaling configuring 467 introduction 458 registry settings 469 rules file 468

H
HTTPS support 147

Microsoft Exchange Forms distributing 153 Microsoft server clusters 581 configuring 591 Microsoft SQL Server setting up 85 Migration 144 Monitoring database disk space requirements 35 troubleshooting 129 MSMQ setting up 47, 85 MSN Search Toolbar 65

N
NetApp Filer setting permissions on 90 New Vault Store wizard starting 414 NonDeliveryFolder for domains 446 NonDeliveryFolder for mailbox name 447

I
IMAP clients 66 INCLUDES and ALLOWOTHERS operators 493 Internal addresses Defining 499 InternalSMTPDomains 499 Internet Explorer for users 65

O
Operations Manager accessing 130 configuring 129 requirements 49 Organization Forms Library 153 Outlook 2003 Cached Exchange Mode 190 Outlook Add-Ins 181 Publishing in Active Directory 184 requirements 64 Outlook versions for users 65 OWA client support 65

J
Japanese fonts in Administration Console 138

L
License keys 107 obtaining 108 Licenses 107

M
MAC clients 66 Mail message archive limit messages 176 mailbox enabling manually 178, 345 Mailbox policies Domino mailbox archiving 319 MAPI named properties 500 MDAC version 44 Message classes 163, 202, 323 Microsoft .NET Framework 42 Microsoft Authorization Manager 140

P
permissions for Vault Service account [permissions Vault Site] 60 Permissions, to install Outlook Add-Ins 184 POP3 clients 66 Production license defined 107

R
Reporting accessing 134 configuring 131

616

Index

Reporting (continued) requirements 53 Retention Category creating new 141 None impact to users 180 Retention folders about 382 Roles assigning administrator 140 Roles-based administration 140 RPC over HTTP overview 182 Ruleset file schema 485 Ruleset files introduction 460

SMTP Archiving (continued) virtual SMTP server 446 where to install SMTP server 100 SMTP configuration file 445 SMTP holding area folders 444 SQL login for Vault Service account 46 Support contact information 24 supported services 544 supported versions 543

T
TCP/IP required on client computers 65 Temporary license defined 107 Trialware license defined 107 troubleshooting Exchange service agent 576 troubleshooting information 575

S
Safari browser support 66 Security on client computers 119 security for Web Access application [security Web] 115 Selective journaling configuring 463 introduction 457 registry settings 466 rules file 464 Server alias 48 service group modifying 555 Services configuring 127 starting during configuration 128 SharePoint archives contents 414 permissions 414 Site Settings reviewing 170, 326 SMTP Archiving command line 449 domain to folder mapping 446 format of holding area 444 holding area 444 holding folder permissions 444 MAPI messages 100 relaying 100 unrecognized domains 446

V
Vault Directory creating new 125 Vault Directory Database disk space requirements 34 Vault Directory Service and Vault Site alias [Vault Directory Service Vault Site alias] 47 Vault server alias 48 Vault Service account 60 permissions 60 requirements 44 SQL login 46 Vault Site alias configuring 127 creating 47 in a pilot system [Vault Site alias pilot system] 47 Vault Store name valid characters 355 Vault Store Database disk space requirements 34 Vault Stores Overview 143 VCS 543

Index

617

VERITAS Cluster Server 543 Volumes adding 370 creating a volume policy 369 processing immediately 378

W
Web Access application application pool 42 basic authentication 117 https support 147 setting up security 115 specifying a port 147 web page URL 26 Welcome Message editing 175, 342 location of 175, 342 Windows Desktop Search OS requirements 65 Overview 182 versions supported 65 Windows Server for users 65 wizards Enable Domino mailboxes for archiving 345 Enable Mailboxes for Archiving 178 Exchange Server Configuration 552

You might also like