Veritas Alta™ Archiving : Cloudlink Administration Guide

Last Published:
Product(s): Veritas Alta Archiving (1.0)
  1. About this guide
    1.  
      About this guide
    2.  
      Prerequisite knowledge
  2. About CloudLink
    1.  
      Changes in CloudLink version 4.1.4
    2.  
      Changes in CloudLink version 4.1.2
    3.  
      Changes in CloudLink version 4.1.1
    4.  
      Changes in CloudLink version 4.1.0
    5.  
      CloudLink revision history
    6.  
      About CloudLink
    7.  
      About CloudLink synchronization with Active Directory
    8.  
      About CloudLink synchronization with Domino Directory
    9.  
      About configuring Personal.cloud web folders for Exchange mailboxes
    10.  
      How you use CloudLink
  3. About Exchange mailbox delegation synchronization
    1.  
      Introduction to Exchange mailbox delegation synchronization
    2.  
      About the effects of synchronized delegation permissions
    3.  
      About the synchronization of delegation permissions with recurring tasks
    4.  
      Requirements for delegation permissions synchronization
    5.  
      Synchronizing the delegation permission for a user or a shared mailbox with delegates from different active directory domains
  4. System requirements for CloudLink
    1.  
      About the requirements for CloudLink
    2.  
      About the Microsoft Exchange and IBM Domino configurations that are compatible with CloudLink
    3.  
      CloudLink server requirements
    4.  
      About the account credentials that CloudLink requires
  5. Steps to set up CloudLink
    1.  
      Steps to set up CloudLink
  6. Installing or upgrading the CloudLink application
    1.  
      About installing and upgrading CloudLink
    2.  
      Performing a new installation of CloudLink
    3.  
      Upgrading CloudLink
    4.  
      Uninstalling CloudLink
  7. Setting up CloudLink with Microsoft Exchange
    1.  
      About setting up CloudLink with Microsoft Exchange
    2.  
      Creating a CloudLink service account for an Exchange environment
    3. Configuring Exchange 2003 servers for CloudLink
      1.  
        Ensuring that the WebDAV protocol is enabled
      2.  
        Assigning administrator permissions for the CloudLink service account
      3.  
        Configuring Exchange Server 2003 for remote login with forms-based authentication
    4. Configuring Exchange Server 2007, 2010, 2013, and 2016 servers for CloudLink
      1.  
        Setting the rights for the CloudLink service account to create and remove web folders
      2.  
        Enabling Personal.cloud web folders in OWA
    5.  
      Starting and closing the CloudLink application
    6. Configuring CloudLink for Microsoft Exchange
      1.  
        Selecting the CloudLink configuration tasks for an Exchange environment
      2.  
        Specifying the CloudLink service account
      3.  
        Registering the domain controllers
      4.  
        Registering the secondary domain controllers (Optional)
      5.  
        Specifying the credentials
      6.  
        Configuring the Active Directory properties to synchronize
      7.  
        Configuring the additional Active Directory synchronization options
      8.  
        Synchronizing additional email aliases from the Active Directory Extension attribute
      9.  
        Configuring the SMTP server settings for email alerts
      10.  
        Choosing the Exchange Server settings for web folder management
      11.  
        Configuring the web folder properties
      12.  
        Configuring report management and logging
      13.  
        Configuring the welcome message template
      14.  
        Disabling Personal.cloud login and archiving for accounts with disabled mailboxes
      15.  
        Disabling Personal.cloud login and archiving for users who leave distribution groups that are targeted with Group-based Sync
    7.  
      Reviewing or changing the CloudLink configuration
  8. Creating CloudLink tasks for Exchange
    1.  
      About creating CloudLink tasks for Exchange
    2.  
      Accessing Task Manager
    3.  
      About the Task Manager Welcome page and the Archive User Browser in an Exchange environment
    4.  
      Creating CloudLink tasks for Exchange
    5. Selecting the Active Directory users, groups, or OUs to perform a task
      1.  
        Selecting users and groups from the Archive User Browser
      2.  
        Selecting users, groups, or OUs from the Task Manager Wizard
    6.  
      About granting remote account management for CloudLink
    7.  
      Selecting the actions for a task to perform in an Exchange environment
    8.  
      Deselecting task actions for specific users or groups
    9.  
      Configuring the web folder properties for a task
    10.  
      Naming and scheduling a task
  9. Setting up CloudLink with Domino
    1.  
      About setting up CloudLink with Domino
    2.  
      Creating a CloudLink service account for a Domino environment
    3.  
      Creating a Notes account for CloudLink and setting up Notes on the CloudLink server
    4.  
      About configuring the Domino Global Domain Document
    5.  
      Starting and closing the CloudLink application
    6. Configuring CloudLink for Domino
      1.  
        Selecting the CloudLink configuration tasks for a Domino environment
      2.  
        Specifying the CloudLink service account
      3.  
        Specifying the Notes ID password
      4.  
        Specifying the account credentials
      5.  
        Configuring the Domino properties to synchronize
      6.  
        Specifying the additional Domino synchronization options
      7.  
        Configuring report management and logging
      8.  
        Configuring the welcome message template
    7.  
      Reviewing or changing the CloudLink configuration
  10. Creating CloudLink tasks for Domino
    1.  
      About creating CloudLink tasks for Domino
    2.  
      Accessing Task Manager
    3.  
      About the Task Manager Welcome page and Archive User Browser in a Domino environment
    4.  
      Creating CloudLink tasks for Domino
    5.  
      Selecting the Domino view on which to perform the task
    6.  
      Choosing whether to disable Personal.cloud access for users in Domino deny groups
    7.  
      About granting remote account management for CloudLink
    8.  
      Selecting the actions for a task to perform in a Domino environment
    9.  
      Scheduling a task
    10.  
      Reviewing the task parameters
  11. Monitoring and managing tasks and archive accounts
    1.  
      About managing tasks and monitoring their results
    2.  
      Viewing the Created Task List
    3.  
      Editing, copying, and deleting tasks
    4.  
      Viewing the task reports
    5.  
      About the CloudLink log files
    6.  
      Optimizing the cloud archive status synchronization
    7.  
      Exporting archive account information from the Archive User Browser
  12. Known issues and limitations
    1.  
      About the known issues and limitations with CloudLink
    2.  
      CloudLink Personal.cloud web folder deployment issues and limitations
    3.  
      CloudLink Active Directory synchronization limitations
    4.  
      General CloudLink limitations

Requirements for delegation permissions synchronization

Table: Requirements for delegate permissions synchronization lists the conditions under which a CloudLink task considers a delegate for delegate permissions synchronization.

Table: Requirements for delegate permissions synchronization

Delegate type

Requirement for delegate permissions synchronization

User

The user must have a pre-existing archive account.

Mail-enabled security group

The synchronization task must target the group.

Note that if the delegate type is a user, there is no requirement for the task to target the user, provided the user already has an archive account. Conversely, if the delegate type is a group, the task must target the group for the delegation permissions to be synchronized.

Access restrictions when the requirements are not met for a delegate with deny permission

Table: Delegate access restrictions if a delegate has a deny permission and synchronization requirements are not met lists the restrictions on delegate access if the synchronization requirement is not met for a delegate with a Deny delegation permission.

Table: Delegate access restrictions if a delegate has a deny permission and synchronization requirements are not met

Delegate type with Deny permission

If this situation applies

Synchronization task takes this action

Result

User

The user does not have a pre-existing archive account.

The task removes any existing synchronized delegate permissions for the delegated mailbox.

No-one has delegate access to the mailbox archive.

Mail-enabled security group

The synchronization task does not target the group.

The task removes any existing synchronized delegate permissions for the delegated mailbox.

No-one has delegate access to the mailbox archive.

Enterprise Vault.cloud imposes these delegate access restrictions to ensure that users do not gain delegate access to archive accounts when a Deny delegation permission may have been set to prevent it.

Figure: Example: Mailbox with delegation permissions set for users and mail-enabled security groups shows a user mailbox or shared mailbox to which the Exchange administrator has assigned a number of mailbox delegation permissions.

Figure: Example: Mailbox with delegation permissions set for users and mail-enabled security groups

Example: Mailbox with delegation permissions set for users and mail-enabled security groups

In this example, the Exchange administrator has granted User A and members of Group 1 Full Access permission to the mailbox. In contrast, User B and members of Group 2 have been given Deny Full Access permission. Assuming that CloudLink has synchronized all of these delegation permissions, then User A and members of Group 1 have access to the delegated mailbox archive, subject to the precedence of any deny delegation permissions.

  • But suppose that User B does not have an archive account. Since User B has a deny delegation permission, the task removes any synchronized delegation permissions for the mailbox. No-one has delegate access to the mailbox archive.

  • Or suppose that Group 2 is not targeted by the synchronization task, or that it becomes no longer targeted by a recurring synchronization task. For example, the group could be moved to an organizational unit that is not within the scope of the task. The task removes any synchronized delegation permissions for the mailbox, so that no-one has delegate access to the mailbox archive.

More Information

Introduction to Exchange mailbox delegation synchronization