Enterprise Vault™ Classification using the Veritas Information Classifier

Last Published:
Product(s): Enterprise Vault (12.5)
  1. About this guide
    1. Introducing this guide
      1.  
        Relationship between the Veritas Information Classifier and other classification methods
    2.  
      What's in this guide
    3. Where to get more information about Enterprise Vault
      1.  
        Enterprise Vault training modules
  2. Preparing Enterprise Vault for classification
    1.  
      About the preparatory steps
    2.  
      What you need
    3.  
      Checking the cache location on the Enterprise Vault storage servers
    4.  
      Setting up the Data Access account
    5.  
      Enabling the Veritas Information Classifier on all Enterprise Vault servers
    6.  
      Configuring the Veritas Information Classifier for secure client connections
  3. Setting up Veritas Information Classifier policies
    1.  
      Introducing the Veritas Information Classifier
    2.  
      Opening the Veritas Information Classifier
    3.  
      Finding your way around
    4.  
      Analyzing sample content for policy matches
    5. About policies
      1.  
        Creating or editing policies
      2.  
        About policy conditions
      3.  
        Enabling or disabling policies
      4.  
        Exporting or importing policies
      5.  
        Resetting policies
      6.  
        Deleting policies
    6. About patterns
      1.  
        Creating or editing patterns
      2.  
        Exporting or importing patterns
      3.  
        Deleting patterns
    7. About tags
      1.  
        Creating or editing tags
      2.  
        Exporting or importing tags
      3.  
        About the Enterprise Vault index properties
      4.  
        How classification property values and retention categories interact
      5.  
        Points to note on setting retention categories
      6.  
        Deleting tags
  4. Defining and applying Enterprise Vault classification policies
    1.  
      About Enterprise Vault classification policies
    2. Defining classification policies
      1.  
        Configuring classification policies to assign retention categories with the shortest duration
    3.  
      About the PowerShell cmdlets for working with classification policies
    4.  
      Associating classification policies with retention plans
    5.  
      About the PowerShell cmdlets for working with retention plans
    6.  
      Applying retention plans to your Enterprise Vault archives
  5. Running classification in test mode
    1.  
      About classification test mode
    2.  
      Implementing classification test mode
    3.  
      About the PowerShell cmdlets for running classification in test mode
    4.  
      Understanding the classification test mode reports
  6. Using classification with smart partitions
    1.  
      About smart partitions
    2.  
      How Enterprise Vault determines whether to archive an item to a smart partition
    3.  
      Setting up smart partitions
    4.  
      Verifying that Enterprise Vault has archived items to smart partitions
  7. Appendix A. Enterprise Vault properties for use in custom field searches
    1.  
      About the Enterprise Vault properties
    2.  
      System properties
    3.  
      Attachment properties
    4.  
      Custom Enterprise Vault properties
    5.  
      Custom Enterprise Vault properties for File System Archiving items
    6.  
      Custom Enterprise Vault properties for SharePoint items
    7.  
      Custom Enterprise Vault properties for Compliance Accelerator-processed items
    8.  
      Custom properties for use by policy management software
    9.  
      Custom properties for Enterprise Vault SMTP Archiving
  8. Appendix B. PowerShell cmdlets for use with classification
    1.  
      About the classification cmdlets
    2.  
      Disable-EVClassification
    3.  
      Get-EVClassificationPolicy
    4.  
      Get-EVClassificationStatus
    5.  
      Get-EVClassificationTestMode
    6.  
      Get-EVClassificationVICTags
    7.  
      Initialize-EVClassificationVIC
    8.  
      New-EVClassificationPolicy
    9.  
      Remove-EVClassificationPolicy
    10.  
      Set-EVClassificationPolicy
    11.  
      Set-EVClassificationTestMode
  9. Appendix C. Classification cache folder
    1.  
      How Enterprise Vault caches the items that it submits for classification
    2.  
      Limits on the size of classification files
    3.  
      Configuring Enterprise Vault to keep the classification files in the cache folder
  10. Appendix D. Migrating from FCI classification to the Veritas Information Classifier
    1.  
      Converting FCI classification rules for use with the Veritas Information Classifier
  11. Appendix E. Monitoring and troubleshooting
    1.  
      Auditing
    2.  
      Checking the classification performance counters
    3.  
      Troubleshooting classification
    4.  
      Searching archives for items that the Veritas Information Classifier has classified

Configuring the Veritas Information Classifier for secure client connections

The Veritas Information Classifier engine is a Java application that is managed by Internet Information Services (IIS). By default in a new installation of Enterprise Vault 12.3 or later, client users access the Veritas Information Classifier using HTTPS on the configured port for the Enterprise Vault Web Access application, which is typically port 443. If a certificate does not exist, Enterprise Vault configures Secure Sockets Layer (SSL) in IIS using a self-signed certificate. We recommend that you replace this certificate as soon as possible with one obtained from a trusted certificate authority. The instructions in this section describe how to import and apply a new certificate.

If you have upgraded from a version of Enterprise Vault that is earlier than 12.3, then Enterprise Vault does not change the existing IIS configuration. If Enterprise Vault is configured to use HTTP over TCP port 80, we recommend that you strengthen the security of your Veritas Information Classifier deployment by configuring it to use HTTPS with SSL, as described in this section.

Note the following:

  • The following procedure secures the connections between client computers and IIS, but it does not secure the connections between IIS and the Veritas Information Classifier engine. However, as both IIS and the Veritas Information Classifier engine reside on the same server, this is unlikely to be a problem; there is no network traffic for a malicious user to intercept.

  • Implementing HTTPS with SSL for the Veritas Information Classifier also implements it for other Enterprise Vault features, such as Enterprise Vault Search.

To configure the Veritas Information Classifier for secure client connections

  1. In the Vault Administration Console, in the properties for your Enterprise Vault site, ensure that you have selected the option Use HTTPS on SSL Port.

    The default port for HTTPS is 443, but you can choose an alternative port, if necessary.

  2. Create and submit an SSL certificate request. We recommend that you obtain a certificate from a trusted certificate authority.

  3. On the Enterprise Vault server, perform the following steps in IIS Manager:

    • Use the Server Certificates feature to install the new certificate.

    • In the site bindings for the Default Web Site, add a binding for the HTTPS protocol and link it to the new certificate.

    See the IIS documentation for more information on how to perform these two steps.
  4. If your certificate has not come from a trusted certificate authority, import it into the Java Runtime Environment (JRE) keystore that is in the Enterprise Vault installation folder on your Enterprise Vault server (typically, C:\Program Files (x86)\Enterprise Vault\Services\JRE\lib\security\cacerts).

    You can use the Keytool utility to import the certificate. This utility is in the \Services\JRE\bin subfolder of the Enterprise Vault installation folder. For instructions on how to run Keytool, see:

    http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html

    The Keytool command for importing certificates has the following form:

    keytool -importkeystore -srckeystore path_to\certificate_file -srcstoretype pkcs12 -destkeystore path_to\keystore_file -storepass keystore_password

    For example:

    keytool -importkeystore -srckeystore "C:\MyKey.pfx" -srcstoretype pkcs12 -destkeystore "C:\Program Files (x86)\Enterprise Vault\Services\JRE\lib\security\cacerts" -storepass changeit

    Note the following:

    • The -alias option provides an arbitrary name for the certificate in the keystore. It does not matter what you choose for the alias, but the certificate will be listed by this alias when you list the contents of the keystore in step 5.

    • The keystore password is the default password, changeit.

    • Each time you upgrade Enterprise Vault, it first makes a backup copy of the cacerts keystore file and then replaces it with a new version of the file. So, you must import your SSL certificate into the keystore file again. For this reason, it is advisable to keep a copy of the certificate. Alternatively, you can export the certificate from the backup copy of the keystore file by following the instructions in this article:

      https://www.veritas.com/docs/100034115

  5. Confirm that you have successfully imported the certificate into the keystore by running a Keytool command like the following one:

    keytool -list -keystore C:\Program Files (x86)\Enterprise Vault\Services\JRE\lib\security\cacerts