Veritas Enterprise Vault™ Classification using the Veritas Information Classifier

Last Published:
Product(s): Enterprise Vault (12.2)
  1. About this guide
    1. Introducing this guide
      1.  
        Relationship between the Veritas Information Classifier and other classification methods
    2.  
      What's in this guide
    3. Where to get more information about Enterprise Vault
      1.  
        Enterprise Vault training modules
  2. Preparing Enterprise Vault for classification
    1.  
      About the preparatory steps
    2.  
      What you need
    3.  
      Checking the cache location on the Enterprise Vault storage servers
    4.  
      Setting up the Data Access account
    5.  
      Enabling the Veritas Information Classifier on all Enterprise Vault servers
    6.  
      Configuring the Veritas Information Classifier for secure client connections
  3. Setting up Veritas Information Classifier policies
    1.  
      Introducing the Veritas Information Classifier
    2.  
      Opening the Veritas Information Classifier
    3.  
      Finding your way around
    4. About policies
      1.  
        Creating or editing policies
      2.  
        About policy conditions
      3.  
        Enabling or disabling policies
      4.  
        Resetting policies
      5.  
        Deleting policies
    5. About patterns
      1.  
        Creating or editing patterns
      2.  
        Deleting patterns
    6. About tags
      1.  
        Creating or editing tags
      2.  
        About the Enterprise Vault index properties
      3.  
        How classification property values and retention categories interact
      4.  
        Points to note on setting retention categories
      5.  
        Deleting tags
  4. Defining and applying Enterprise Vault classification policies
    1.  
      About Enterprise Vault classification policies
    2. Defining classification policies
      1.  
        Configuring classification policies to assign retention categories with the shortest duration
    3.  
      About the PowerShell cmdlets for working with classification policies
    4.  
      Associating classification policies with retention plans
    5.  
      About the PowerShell cmdlets for working with retention plans
    6.  
      Applying retention plans to your Enterprise Vault archives
  5. Running classification in test mode
    1.  
      About classification test mode
    2.  
      Implementing classification test mode
    3.  
      About the PowerShell cmdlets for running classification in test mode
    4.  
      Understanding the classification test mode reports
  6. Appendix A. Enterprise Vault properties for use in custom field searches
    1.  
      About the Enterprise Vault properties
    2.  
      System properties
    3.  
      Attachment properties
    4.  
      Custom Enterprise Vault properties
    5.  
      Custom Enterprise Vault properties for File System Archiving items
    6.  
      Custom Enterprise Vault properties for SharePoint items
    7.  
      Custom Enterprise Vault properties for Compliance Accelerator-processed items
    8.  
      Custom properties for use by policy management software
    9.  
      Custom properties for Enterprise Vault SMTP Archiving
  7. Appendix B. PowerShell cmdlets for use with classification
    1.  
      About the classification cmdlets
    2.  
      Disable-EVClassification
    3.  
      Get-EVClassificationPolicy
    4.  
      Get-EVClassificationStatus
    5.  
      Get-EVClassificationTestMode
    6.  
      Get-EVClassificationVICTags
    7.  
      Initialize-EVClassificationVIC
    8.  
      New-EVClassificationPolicy
    9.  
      Remove-EVClassificationPolicy
    10.  
      Set-EVClassificationPolicy
    11.  
      Set-EVClassificationTestMode
  8. Appendix C. Classification cache folder
    1.  
      How Enterprise Vault caches the items that it submits for classification
    2.  
      Limits on the size of classification files
    3.  
      Configuring Enterprise Vault to keep the classification files in the cache folder
  9. Appendix D. Migrating from FCI classification to the Veritas Information Classifier
    1.  
      Converting FCI classification rules for use with the Veritas Information Classifier
  10. Appendix E. Monitoring and troubleshooting
    1.  
      Auditing
    2.  
      Checking the classification performance counters
    3.  
      Troubleshooting classification
    4.  
      Searching archives for items that the Veritas Information Classifier has classified

Configuring the Veritas Information Classifier for secure client connections

The Veritas Information Classifier engine is a Java application that is managed by Internet Information Services (IIS). By default, client users can access the Veritas Information Classifier using HTTP on the standard Enterprise Vault IIS port, which is typically TCP port 80. However, you can strengthen the security of your Veritas Information Classifier deployment by configuring it to use HTTPS with Secure Sockets Layer (SSL).

Note the following:

  • The following procedure secures the connections between client computers and IIS, but it does not secure the connections between IIS and the Veritas Information Classifier engine. However, as both IIS and the Veritas Information Classifier engine reside on the same server, this is unlikely to be a problem; there is no network traffic for a malicious user to intercept.

  • Implementing HTTPS with SSL for the Veritas Information Classifier also implements it for other Enterprise Vault features, such as Enterprise Vault Search.

To configure the Veritas Information Classifier for secure client connections

  1. In the Vault Administration Console, in the properties for your Enterprise Vault site, ensure that you have selected the option Use HTTPS on SSL Port.

    The default port for HTTPS is 443, but you can choose an alternative port, if necessary.

  2. Create and submit an SSL certificate request.

    We recommend that you obtain a certificate from a trusted certificate authority, but a self-signed certificate is also acceptable.

  3. On the Enterprise Vault server, perform the following steps in IIS Manager:

    • Use the Server Certificates feature to install the new certificate.

    • In the site bindings for the Default Web Site, add a binding for the HTTPS protocol and link it to the new certificate.

    See the IIS documentation for more information on how to perform these two steps.
  4. If your certificate has not come from a trusted certificate authority, import it into the Java Runtime Environment (JRE) keystore that is in the Enterprise Vault installation folder on your Enterprise Vault server (typically, C:\Program Files (x86)\Enterprise Vault\Services\JRE\lib\security\cacerts).

    You can use the Keytool utility to import the certificate. This utility is included in the JRE, and you can find instructions on how to run it on the Oracle website. For example:

    http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html

    The Keytool command for importing certificates has the following form:

    keytool -importcert -trustcacerts -alias alias_name -file path_to\certificate_file -keystore path_to\keystore_file -storepass keystore_password

    For example:

    keytool -importcert -trustcacerts -alias mydomain.cdb.local -file C:\MyKey.cer -keystore C:\Program Files (x86)\Enterprise Vault\Services\JRE\lib\security\cacerts -storepass changeit

    Note:

    Each time you upgrade Enterprise Vault, it first makes a backup copy of the cacerts keystore file and then replaces it with a new version of the file. So, you must import your SSL certificate into the keystore file again. For this reason, it is advisable to keep a copy of the certificate. Alternatively, you can export the certificate from the backup copy of the keystore file by following the instructions in this article:

    http://www.veritas.com/docs/000126903

  5. Confirm that you have successfully imported the certificate into the keystore by running a Keytool command like the following one:

    keytool -list -keystore C:\Program Files (x86)\Enterprise Vault\Services\JRE\lib\security\cacerts