Symantec Enterprise Vault 7.0 - Release Notes (Part 1 of 2)

Article:TECH49745  |  Created: 2009-01-28  |  Updated: 2011-04-21  |  Article URL http://www.symantec.com/docs/TECH49745
Article Type
Technical Solution


Environment

Subject

Issue



Symantec Enterprise Vault 7.0 - Release Notes (Part 1 of 2)


Solution



Last updated: 7 June 2007

This document provides important information about the Symantec Enterprise Vault 7.0 release and is in two parts.
Information regarding new features, changes and points to note within Symantec Enterprise Vault 7.0 are below.
Known issues and eLearning course information can be found in Part 2:  http://entsupport.symantec.com/docs/286420 .

For the latest information on supported devices and versions of software, see the Enterprise Vault Compatibility Charts  http://entsupport.symantec.com/docs/276547 .
For the latest information on Enterprise Vault 7.0 sizing and performance, see the Enterprise Vault Performance Guide  http://entsupport.symantec.com/docs/286105 .

Contents

1. New features and changes in Enterprise Vault 7.0
 
1.1  Licensing
 
1.2  Clustering with Microsoft Server clusters
 
1.3  Roles-based administration
 
1.4  Granular provisioning of Exchange Server mailboxes
 
1.5  Enhancements to File System Archiving
 
1.6  Enterprise Vault monitoring and reporting
 
1.7  Tool for removing orphaned shortcuts
 
1.8  Outlook not required for FSA or SharePoint archiving
 
1.9  Client support on Mac computers
 
1.10 New look Enterprise Vault browser search
 
1.11 Accessing Outlook hidden message
 
1.12 Self-healing client
 
1.13 Searching offline archive from Windows Desktop Search (WDS)
 
1.14 Language versions available
 
1.15 Enterprise Vault Add-ons
 
2. Points to note
 
2.1  Deployment Scanner
 
2.2  Changed prerequisites for Enterprise Vault
 
2.3  Software no longer supported
 
2.4  Enterprise Vault servers
 
2.5  Roles-based administration
 
2.6  File System Archiving
 
2.7  Exchange Server archiving
 
2.8  Enterprise Vault 7.0 OWA 2003 Extensions
 
2.9  Installing SMTP archiving license
 
2.10 Enterprise Vault clients
 



Before you install or upgrade to Enterprise Vault 7.0, it is important to read the following sections:

2. Points to note
3. Known issues (this section can be found in Part 2 of the Release Notes  http://entsupport.symantec.com/docs/286420 )

If you are performing a new installation of Enterprise Vault, follow the installation instructions in the Enterprise Vault Installing and Configuring guide.
If you are upgrading from an earlier version of Enterprise Vault, follow the instructions in Upgrading to Enterprise Vault 7.0.  http://entsupport.symantec.com/docs/286079


1. New features and changes in Enterprise Vault 7.0

1.1 Licensing

1.1.1 Enterprise Licensing System

Enterprise Vault 7.0 uses a new type of licensing: the Enterprise Licensing System (ELS). ELS replaces the previous text file-based licensing technology.

If you are running a previous version of Enterprise Vault, your current license file will not work with Enterprise Vault 7.0. You will need to obtain upgraded licenses for Enterprise Vault 7.0.  

To upgrade to Enterprise Vault 7.0 from an earlier version, you must download and install a new ELS license that covers all your existing Enterprise Vault product features.
Each ELS license file has a unique name and the extension .slf. The Enterprise Vault installation wizard prompts for the location of your ELS license file, which can be in any folder, and copies the file to the top-level Enterprise Vault folder (typically C:\Program Files\Enterprise Vault).
You can continue Enterprise Vault installation without an ELS license file, but Enterprise Vault will operate in read-only mode until you obtain and install a new ELS license.

Any ELS license present in the top-level Enterprise Vault folder is installed automatically each time the Enterprise Vault Admin service starts. For a multi-server Enterprise Vault deployment, you must copy the ELS license file to the top-level Enterprise Vault folder on each Enterprise Vault server.

The license installation process creates a new folder named Installed Licenses under the top-level Enterprise Vault folder. The Installed Licenses folder contains the ELS license files successfully installed by the Enterprise Vault Admin service when it starts. The files are moved to this folder so that the licenses are not reinstalled on a subsequent restart of the Enterprise Vault Admin service.

For information about licenses and how to obtain them, contact Symantec Customer Care:  http://www.symantec.com/enterprise/licensing/index.jsp

1.1.2 Separate license for Domino Server Journal archiving

In previous releases, the Exchange Journal archiving license enabled journal archiving from Exchange Servers and Domino Servers. At this release, a separate Domino Journaling license is required for journal archiving from Domino Servers.


1.2  Clustering with Microsoft Server clusters

You can cluster Enterprise Vault servers in a Microsoft server cluster on either Windows 2003 Enterprise Edition or Windows 2003 Datacenter edition, to provide a high availability solution for Enterprise Vault. For more information, see the Installing and Configuring manual.


1.3  Roles-based administration

You can now create multiple Enterprise Vault administration roles, each with different levels of permissions. This means that administrators can be given limited access to the Administration Console in order to perform certain everyday tasks. Access to the Vault Service account can then be reserved for senior Enterprise Vault administrators.

In an administration role you can define the following:
 
  • Which operations an administrator can perform in the Administration Console
  • Which Enterprise Vault objects an administrator can access in the Administration Console
In the Administration Console, administrators with a limited access role will see only the functionality options and objects permitted by their administration role. The Directory Service, Task Controller Service and Storage Service perform access permission checks when any other applications, such as Policy Manager, attempt to perform Enterprise Vault administration tasks.

The Vault Service account still has access to all Enterprise Vault objects, and can perform all Enterprise Vault management operations, including creating roles. When you run the Configuration wizard, you must be logged in as the Vault Service account.

Note that Enterprise Vault services and tasks must run as either the Vault Service account or as an account assigned to the predefined Enterprise Vault role, Power Administrator.


1.4 Granular provisioning of Exchange Server mailboxes [Ref: 853656]

In this release, each Exchange Server mailbox to be archived must be a member of a Provisioning Group. You create the required Provisioning Groups in the Administration Console and apply a suitable Exchange Mailbox archiving policy to each one. A Provisioning Group can be one of, or any combination of, the following:
 
  • A Windows group.
  • An individual user.
  • A Distribution Group (Distribution group type in Active Directory).
  • An Organizational Unit (OU).
  • Users returned by an LDAP query.
  • All users in an Exchange domain.
Granular provisioning reduces the need to use Policy Manager to enable mailboxes. The vault store and Indexing service to use when enabling mailboxes can be set for a Provisioning Group, an Exchange Server, or an Enterprise Vault server. Using the auto-enable feature, this means that different mailboxes can be enabled on different vault stores depending on their Exchange Server or their Provisioning Group. Policy Manager can still be used to enable mailboxes and apply filters, but users must be assigned to a Provisioning Group before they can be processed.

Provisioning Groups are processed by the new Provisioning task. This task determines all mailboxes that belong to each Provisioning Group and writes the appropriate data to the Directory for each mailbox. There is one Provisioning task per Exchange Server domain. This task is created automatically when the administrator adds the first Exchange Server archiving task to the domain.

Note that the Provisioning task does not enable mailboxes. You can choose to enable mailboxes automatically in the Provisioning Group settings, or you can use the Enable Mailbox wizard to enable mailboxes manually. See the Day-to-day administration section in the Administrator's Guide for more information on Provisioning Groups and enabling mailboxes.

The order in which the Provisioning task processes Provisioning Groups is determined by the order of the Provisioning Groups in the Administration Console. If a mailbox belongs to several Provisioning Groups, the first Provisioning Group that the mailbox belongs to determines the settings that are applied. You can reorder the list of Provisioning Groups in the Administration Console.

Reports created by the Provisioning task provide information about mailboxes enabled, including the following:
 
  • The Exchange Mailbox and PST policies assigned to the mailbox.
  • The Provisioning Group to which the mailbox belongs.
  • The username associated with the mailbox.
  • The action taken by the Provisioning task.


1.5 Enhancements to File System Archiving

1.5.1 Task-based administration of FSA

File System Archiving is now configured in the same task-based manner as other Enterprise Vault archiving. This provides more flexibility than before. In particular, it is now possible to configure an archiving task as follows:

 
  • To archive volumes from multiple file servers. This enables the archiving of smaller file servers to be consolidated into a single task, which may simplify administration. There is a limitation that all volumes archived by the task must be archived to vault stores on the same Storage Service computer.
  • To configure multiple tasks to archive volumes from a single file-server. This enables a large file server to be archived by a collection of Enterprise Vault servers.

1.5.2 Remote installation of NTFS Placeholder Service

The FSA Placeholder Service can now be installed on remote NTFS file servers from the Administration Console and also from the Enterprise Vault 7.0 media.

1.5.3 Placeholders on EMC Celerra devices

It is now possible to create placeholder shortcuts on EMC Celerra devices. The Placeholder Service for Celerra devices runs on the Enterprise Vault server; you do not install it on the file server.

When a Celerra placeholder is opened, the corresponding archived file is recalled automatically.

It is also possible to configure Enterprise Vault so that deleting a placeholder on a Celerra device also deletes the corresponding archived file.

1.5.4 Placeholder Service in a clustered environment

It is now possible to make the Placeholder Service highly-available on Microsoft clustered servers and on VERITAS Cluster Server (VCS). See the Installing and Configuring guide for prerequisite software requirements.

Both active/passive and active/active clusters are supported.

1.5.5 File Groups

It is now possible to specify several different file types to be treated together for the purposes of file archiving. This is a file group. For example, you could create a file group called "Web Pages" and within it have the file types *.htm, *.html, and *.gif. Within an FSA policy you could then define a rule that applies to "Web Pages". There is no requirement for you to use file groups.

You can assign file groups to rules in an FSA archiving policy. During an archiving run, files will be archived according to the file groups assigned in the policy rules.

If a file group associated with a policy is modified, then the changes will be reflected in the next archiving run.

Several file groups have already been defined for your use and are available in the Administration Console in the File Groups container, under File System Archiving.

1.5.6 Configuration of archive points

FSA archive points can now be configured from within the Administration Console. Previously, archive points had to be configured using a command-line tool.

When you create a new folder archiving target, the New Folder wizard enables you to create archive points.

You can view and edit archive points using the new Archive Point wizard, which is started by right-clicking a volume in the Administration Console, and selecting the menu option Archive Points.

1.5.7 Automatic deletion when recalling or deleting a placeholder

FSA folder policies now have options that enable you to control whether the archived copy of a file is deleted when its placeholder is recalled or deleted. The options, Delete archived file when placeholder is deleted and Delete archived file when placeholder is recalled are on the Shortcuts tab of the policy properties. The default is not to delete the archived copy.

NOTE: Care should be taken when using Delete archived file when placeholder is deleted. If you temporarily restore a folder from a backup, and the folder contains placeholder shortcuts, then the archived items will be deleted when you delete the temporary folder.

1.5.8 FSA data mover utility

The new utility, FSAUtility, is a command-line program that enables you to do the following:

 
  • Recreate placeholders for files that have already been archived
  • Recreate archive points
  • Restore some or all files to a volume or folder
  • Move placeholders

NOTE: With EV 7.0 FSAUtility only supports NTFS file systems.

1.6 Enterprise Vault monitoring and reporting

1.6.1 Monitoring database and Monitoring agents

There is now one Monitoring database per Directory database. A Monitoring agent on each Enterprise Vault server gathers status information every few minutes and records it in the Monitoring database. This information includes the status of Enterprise Vault services and archiving tasks, and the values of performance counters for vault stores, disk, memory, and processors.

The Monitoring database data is used by Enterprise Vault Operations Manager, and by Enterprise Vault Reporting in some of its reports.

1.6.2 Enterprise Vault Operations Manager

Enterprise Vault Operations Manager is a Web application that makes remote monitoring of an Enterprise Vault site possible from any computer with Internet Explorer 6.0 or later. It enables you to monitor:
 
  • The status of Enterprise Vault services and archiving tasks
  • Performance counters for vault stores, disk, memory, and processors
  • Exchange Server journal mailbox target archiving parameters, including message counts for Inbox, archive pending, and failed operations such as failed DL expansion
To use Operations Manager to monitor the Enterprise Vault servers in an Enterprise Vault site, you must install the Operations Manager component on at least one Enterprise Vault server in the site. For more details, see the Installing and Configuring manual.

1.6.3 Enterprise Vault Reporting

Enterprise Vault Reporting provides enterprise-level reporting, using Microsoft SQL Server Reporting Services as the reporting mechanism. Administrators view reports and manage report content using the Reporting Services Report Manager Web application.

The supplied reports cover a variety of topics, including:
 
  • The status of Enterprise Vault services and tasks
  • The volume of archived items
  • Mailbox archiving status and Vault store usage
  • Archive quota usage per user
  • Exchange Server journal mailbox archiving trends
You can customize report content, export reports in several formats, and schedule the running of reports at regular intervals.

To use Enterprise Vault Reporting, you must install the Enterprise Vault Reporting component on a machine running Microsoft Reporting Services, after you have installed and configured your Enterprise Vault servers. For more details, see the Installing and Configuring manual.

1.7 Tool for removing orphaned shortcuts

An orphaned shortcut is an Enterprise Vault shortcut that points to an item that no longer exists in the archive. This can occur if a user does the following:
 
  • Deletes an item in the archive using one of the Enterprise Vault search applications.
  • Copies a shortcut, and then deletes the archived item using the original shortcut.
In this release, the deletion of orphaned shortcuts during a scheduled shortcut deletion run is supported for Exchange Server mailboxes and public folders.

Shortcut deletion is controlled using options on the Shortcut Deletion page of the archiving policy properties. To enable the deletion of orphaned shortcuts, select the option Delete orphaned shortcuts on this page.

Shortcut deletion runs are scheduled using the Shortcut Deletion page in the properties of Exchange Mailbox and Public Folder tasks.

Details of orphaned shortcuts that have been deleted are included in the report produced during a shortcut deletion run.

1.8 Outlook not required for FSA or SharePoint archiving [Ref:854434]

In Enterprise Vault 7.0, Outlook is only needed on Enterprise Vault servers that perform Exchange Server archiving. It is no longer required for new installations of FSA or SharePoint archiving.

In a new installation of FSA or SharePoint archiving, if you plan to archive Exchange Server MAPI messages on file servers or SharePoint Servers, then you will need to install Outlook on the Enterprise Vault server that hosts the Storage service.

If you are upgrading to Enterprise Vault 7.0 from an earlier version, you still require Outlook on all Enterprise Vault servers that host the Enterprise Vault Storage service in order to access items archived using earlier versions.

1.9 Client support on Mac computers

Customized shortcuts, Integrated Search and Browser Search are supported on Mac computers with Entourage and Safari installed.

1.10 New look Enterprise Vault Browser Search [Ref CAP422]

Enterprise Vault 7.0 introduces a new look, or skin, to the Browser Search, with new icons, colors, and the Symantec logo.

There have been no changes to the names of options or to their functionality or relative positioning.

1.11 Accessing Outlook hidden message

In Outlook, you can display information about the Enterprise Vault User Extensions by clicking Tech Info on the About Enterprise Vault dialog. The Enterprise Vault Information dialog is displayed. The information displayed has been extended to include hidden messages; at the end of the System Information list, a section called Hidden Messages in Folder has been added. This section lists details of all the Enterprise Vault hidden messages for the currently selected folder.

If enabled on the user's computer, the user can also delete an Enterprise Vault hidden message by using the Delete Hidden Message button on the Enterprise Vault Information dialog. This button only appears if a hidden message is listed and the DWORD registry setting,
HKEY_CURRENT_USER\Software\KVS\Enterprise Vault\Client\DeleteHiddenMsgBtnVisible
is configured on the user's computer with a non-zero value.

1.12 Self-healing client

There are new Desktop policy settings, in the Advanced page of the Exchange Mailbox policy properties, that enable the Enterprise Vault User Extensions to automatically attempt to fix the following issues:

 
  • Enterprise Vault (Valkyrie.dll) is disabled as an add-in to Outlook.
By default, the client will detect the problem and automatically try and re-enable itself.
 
  • Unable to view archived items using the Web access application because the Internet Explorer cache is full.
Detecting this problem automatically is not enabled in the default settings.
 
  • Setting the Outlook option Allow script in shared folders automatically.
This is not enabled in the default settings.

A settings is also available to provide status information on the HTTP connection to the Enterprise Vault Web server. This is given in The Tech Info dialog, displayed when you click Help > About Enterprise Vault >Tech Info.

In addition, the utility, ResetEVClient, enables administrators to perform a number of housekeeping tasks in an attempt to fix common client problems.

1.13 Searching offline archive from Windows Desktop Search (WDS)

A Windows Desktop Search (WDS) plug-in is included with the Enterprise Vault User Extensions (EVClient_lang.msi) and the Windows Installer version of the Self-Installing User Extensions (EVClientHTTP_lang.msi). This plug-in enables users to include their offline vault in searches using WDS. You enable this feature using an Offline Vault setting on the Advanced page of the Exchange Mailbox Policy properties.

Additionally, Desktop settings in the Exchange Mailbox Policy properties enable you to add Enterprise Vault search links to WDS. Using these links, users can search their online archive using WDS.

Only Windows Desktop Search 2.6.5 is supported at this release. For the optional, online archive search links, MSN Search Toolbar V02.06 is supported.

The WDS plug-in is supported with Outlook XP and Outlook 2003, but not Outlook 2000.

Note that the WDS feature is not available with the web-based installation of the Self-Installing User Extensions (EVDesktop.cab).

1.14 Language versions available

The Enterprise Vault Administration Console, help and administration manuals are available in English and Japanese.

The User Extensions, Archive Explorer, Enterprise Vault Search applications and SharePoint Archive Search Web Parts are available in:
 
  • Danish
  • Dutch
  • English
  • French
  • German
  • Hebrew
  • Italian
  • Japanese
  • Simplified Chinese
  • Spanish (Castillian)
  • Swedish

1.15 Enterprise Vault Add-ons

An increasing number of storage management applications are being integrated with Enterprise Vault to manage the collection and migration of archived data. For details of these integrations and instructions on what you need to configure to use the products with Enterprise Vault, see the Symantec support knowledge base article  http://entsupport.symantec.com/docs/286013 .

Enterprise Vault 7.0 media contains the following third party applications and adapters that integrate with Enterprise Vault to provide additional functionality.

1.15.1 Adapter for RMS 7.0

The Enterprise Vault Adapter for RMS enables the removal of RMS protection, and encryption, from Exchange Server journaled email messages as they are stored in Enterprise Vault.

Protection is also removed from supported office documents and other email messages that are attached to protected email messages.

The Adapter stores certain parameters or metadata about the protection in the archive. You can later search the archive and tailor your query based on these parameters.

Full documentation on how to install and configure the software is included with the software.

1.15.2 Automatic Classification Engine 4.7

Enterprise Vault Automatic Classification Engine (ACE) is an OEM version of Orchestria Active Policy Management (APM). It extends the existing capabilities of Enterprise Vault to include intelligent categorization using tagging rules. Specifically, it enables Enterprise Vault to apply rules to Exchange Server journaled messages to categorize them according to their content or context.

These rules enable Enterprise Vault to:
 
  • Determine whether messages need to be archived or discarded.
  • Assign appropriate tags to each message. For each message, one smart tag corresponds to an Enterprise Vault retention category, which in turn determines how long the message must be retained in the archive.
  • Other (optional) tags enable managers to categorize messages by their content or to specify reviewing requirements. In both cases, the tags enable managers to zero-in on items of interest when using the Symantec Compliance Accelerator to review archived messages.
Full documentation on how to install and configure the software is included with the software.

1.15.3 Connector for EMC Documentum Retention Policy Server 7.0

The Enterprise Vault integration to Documentum provides two main features:
 
  • Exchange Server mailbox messages archived in Enterprise Vault can be browsed, searched, and accessed from Documentum applications.
  • Documentum Retention Policy Services can manage retention for messages stored in Enterprise Vault.
Full documentation on how to install and configure the software is included with the software.

1.15.4 User Classification Engine 7.0

This feature integrates Trusted Edge Desktop Data Management with Enterprise Vault Exchange Server mailbox archiving, to provide additional document classification, capture and retention capabilities at user desktops.

The administrator uses Trusted Edge to create policies that determine which files should be captured, and where they should be stored. These policies are then implemented on user desktops, using the Enterprise Vault user extensions; users are required to apply Trusted Edge policy information to items created in their Exchange Server mailbox.

When mailbox items are archived by Enterprise Vault, the policy information is stored with the item. Depending on the policy settings, the item can also be stored automatically in additional repositories, such as a records repository.

Trusted Edge can upload captured documents to one or more repositories. Currently supported repositories include
 
  • IBM Content Manager and IBM Records Manager
  • Microsoft® SharePoint® Portal Server
  • Open Text™ Livelink
  • EMC Documentum® ApplicationXtender
  • WebDAV and File share servers
Full documentation on how to install and configure the software is included with the software.

1.15.5 IM Manager 8.1

Symantec IM Manager is a software proxy for securing, managing, and logging IM messages for public and enterprise IM protocols. It delivers real-time threat protection, management, and compliance for your organization's IM activity through the following features:
 
  • Threat protection. Symantec IM Manager security features enable you to protect your corporate network against external threats such as IM viruses, worms, and malicious URLs.
  • Management. Symantec IM Manager management features enable you to define the corporate policies and rules to which your IM users must adhere.
  • Compliance. Symantec IM Manager compliance features help you to enforce regulatory requirements.
Enterprise Vault IM Archiving Option delivers the compliance features necessary to log and archive Instant Messages to Enterprise Vault. For security features a full license of IM Manager 8.1 is required - contact your local Symantec representative for upgrade options, if desired.

Full documentation on how to install and configure the software is included with the software.


2. Points to note

2.1 Deployment Scanner

The Deployment Scanner has been updated for Enterprise Vault 7.0, and is included in the folder Deployment Scanner on Enterprise Vault 7.0 media.

Before installing Enterprise Vault 7.0, or upgrading, we strongly recommend that you run the Deployment Scanner to check prerequisite software and settings.

Use the Vault Service account when running the Deployment Scanner.

To install Deployment Scanner Windows Installer 3.1 must be installed on the Enterprise Vault server computers. You can download Windows Installer 3.1 from the Microsoft Download Center.

Note:  Deployment Scanner supersedes the older Environment Scanner.

2.2 Changed prerequisites for Enterprise Vault

It is important that you check in the Installing and Configuring guide the prerequisites for the types of archiving and Enterprise Vault features that you plan to implement.

Note Microsoft .NET Framework 2.0 is required on the Enterprise Vault Reporting computer for all supported versions of Microsoft SQL Server Reporting Services. (This requirement is documented incorrectly in the Installing and Configuring guide).

If you are upgrading to Enterprise Vault 7.0, this section highlights the significant changes to prerequisites.
 
  • All the following are now required on all Enterprise Vault servers:
  • Both Microsoft .NET Framework 1.1 and Microsoft .NET Framework 2.0 are required on Enterprise Vault servers.
  • Internet Explorer 6.0 or later.
  • To install the Placeholder Service on an NTFS file server, Windows Installer 3.1 must be installed on the NTFS file server. There may be additional requirements for file servers, depending on how you are installing the Placeholder Service. See Installing the Placeholder Service on a remote NTFS file server.
  • On user desktop computers, Internet Explorer 6.0 is now the minimum requirement for Enterprise Vault Browser Search, Integrated Search, and Archive Explorer.

2.3 Software no longer supported

The following software is no longer supported on Enterprise Vault servers:
 
  • Exchange 5.5.
Archiving from Exchange 5.5 is no longer supported. Also, Enterprise Vault OWA Extensions are no longer available for Exchange 5.5.
 
  • SharePoint Portal Server 2001.
Archiving from SharePoint Portal Server 2001 is no longer supported.

2.4 Enterprise Vault servers

2.4.1 Outlook on Enterprise Vault servers

If Outlook is required on the Enterprise Vault server, do not install Outlook 2000 or Outlook 2002 (from Office XP). Enterprise Vault 7.0 servers are not compatible with these versions of Outlook.

If you install Outlook 2003, the installation is not complete until you run Outlook. If you install Outlook 2003 as a prerequisite on an Enterprise Vault server then, before you install Enterprise Vault, you must start Outlook, complete its configuration, and close it.

If you plan to use earlier versions of the User Extensions and Self-Installing User Extensions with Enterprise Vault 7.0 servers, or need to access data archived using earlier versions of Enterprise Vault, Outlook is required on Enterprise Vault servers that host the Enterprise Vault Storage service.

2.4.2 Lotus Notes client support on Enterprise Vault servers [Ref 858858]

On an Enterprise Vault server that is archiving from Domino, the only Notes client that is supported is 7.0.1.

It is important that you do not run the Lotus Notes client on the Enterprise Vault server when the Domino Journaling task is running.

2.4.3 Domino archiving limitation [Ref 859149]

You cannot use a Domino archiving task to archive from more than one Domino domain.

2.4.4 Maximum number of tasks [Ref 31631]

Do not exceed a maximum of 40 running tasks per Enterprise Vault server. Note that this maximum includes tasks that have been started but are not processing because they are not within their scheduled archiving windows.

2.4.5 Administering the Monitoring database

For supplementary information on maintaining and managing the Monitoring database, see the following document on the Symantec Support Web site  http://entsupport.symantec.com/docs/286081 .

2.4.6 Backing up Enterprise Vault in a clustered environment

For supplementary information on backing up Enterprise Vault in a VCS cluster or Microsoft server cluster, see the following document on the Symantec Support Web site  http://entsupport.symantec.com/docs/285839 .

2.5 Roles-based administration

The Vault Service account still has access to all Enterprise Vault objects, and can perform all Enterprise Vault management operations, including creating roles.

If you want other accounts to be able to perform a large number of Enterprise Vault administration tasks, apart from running the configuration program, then the Vault Service account needs to assign the required accounts to the predefined Power Administrator role.

When you run the Configuration wizard, you must be logged in as the Vault Service account.

To run the Administration Console you must be logged on either using the Vault Service account, or using an account that has been assigned an Enterprise Vault administration role by the Vault Service account. You cannot run the Administration Console using a local administrator account that has not been assigned to an Enterprise Vault administration role.

Enterprise Vault services and tasks must run as either the Vault Service account (recommended) or as an account assigned to the predefined Enterprise Vault role, Power Administrator.

2.5.1 Prerequisite software for roles-based administration

Roles-based administration uses Microsoft Windows Authorization Manager. Creating and managing roles using the Administration Console requires the Authorization Manager MMC snapin, which is only available on the following:
 
  • Windows Server 2003
  • Windows XP Professional with Windows Server 2003 Administration Tools Pack
Windows Server 2003 Administration Tools Pack can be downloaded from  http://www.microsoft.com/downloads/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&DisplayLang=en

For roles-based administration settings to be honored on Windows 2000, the following must be installed:
 
  • Windows 2000 Server SP 4 with Windows 2000 Authorization Manager Runtime
Microsoft do not provide an Authorization Manager MMC snapin for Windows 2000 Server, so changes to the roles and role assignments must be done using an Administration Console on Windows Server 2003 or Windows XP Professional.

Windows 2000 Authorization Manager Runtime can be downloaded from  http://www.microsoft.com/downloads/details.aspx?FamilyID=7edde11f-bcea-4773-a292-84525f23baf7&DisplayLang=en

2.5.1 Local administration rights required if Windows Server 2003 SP1 is installed [Ref 858584]

If you use the roles-based administration facility to assign an Enterprise Vault administration role to a user, and you have installed Enterprise Vault on a Windows Server 2003 SP1 computer, that user can only run the Administration Console remotely if he or she has local administration rights on the Enterprise Vault computer.

2.5.2 Limitations to administrator permissions [Ref 83753]

In Enterprise Vault 7.0 you can assign administrator permissions to grant or deny access to individual targets in the Administration Console. You could, for example, grant an administrator access to a single Exchange Server computer.

You can assign permissions to grant or deny access to any of the following:
 
  • A file server
  • An Exchange Server
  • A SharePoint Virtual Server
  • An Enterprise Vault server
You cannot, however, assign permissions to control access to tasks. Thus, for example, if you have denied an administrator access to a particular file server, you cannot prevent that administrator from running the tasks that process that file server.

For more information about using administrator permissions, see the "Managing Administrator Security" chapter in the Administrator's Guide.

2.5.3 Permissions required by Exchange Provisioning task [Ref 843908]

If you configure the Exchange Provisioning task to log on as a user other than the Vault Service account, you must give the account extra permissions, as follows:
 
  • Assign the Enterprise Vault Power Administrator role to the account. See the "Managing Administrator Security" chapter in the Administrator's Guide information on assigning roles.
  • Use Exchange System Manager to delegate the Exchange View Only administrative permissions to the account that the task will use. You must do this for each Administrative Group or each Exchange Server in the domain that will be processed by the task. This enables the task to read mailbox store information from Active Directory.

2.6 File System Archiving

2.6.1 Installing the Placeholder Service on a remote NTFS file server

If you are installing the Placeholder service using the Install Placeholder wizard in the Administration Console, then the remote file server must have the following prerequisite software installed:
 
  • Windows Server 2003 (SP1)
  • or Windows Storage Server 2003(SP1)
  • or Windows Server 2003 R2
  • or Windows 2000 Server (SP4 + Update rollup package 1 for SP4)
  • Windows Installer 3.1
  • Internet Explorer 6.0 or later
Alternatively, you can install the Placeholder service on a file server using the Windows Installer kit:
Enterprise Vault\EVPush\Agent\Enterprise Vault File System Archiving.msi

If you install the MSI kit on a file server running Windows Server 2003, then the prerequisites for the remote file server are as follows:
 
  • Windows Server 2003
  • or Windows Storage Server 2003
  • or Windows Server 2003 R2
  • or Windows 2000 Server (SP3)
  • Windows Installer 3.1
  • Internet Explorer 6.0 or later
When you install the Placeholder Service using the Install Placeholder wizard in the Administration Console, you must supply the credentials of a user account that has administrator permissions on the file server.

2.6.2 Placeholder services in a VCS cluster

When installing Placeholder services in a VCS cluster, the following additional step is required.

After Installing VCS Authentication client on the Enterprise Vault server, you need to set up a trust between the Enterprise Vault server and the Veritas Security Service Root Broker for VCS (VCS SS Broker). This only needs to be done once, not for each node.

To set up the trust:

1. Navigate to:
 
C:\Program Files\VERITAS\Security\Authentication\bin
 
2. Enter the following line:
 
vssat setuptrust -broker <VCS_SS_Broker> --securitylevel low
 
3. If the trust is successfully created, the following message is displayed:
 
setuptrust
 
----------------------
 
----------------------
 
Setup Trust With Broker: <VCS_SS_Broker>
 
----------------------
 

2.6.3 Creating archive points on NTFS volumes

When you create a new folder archiving target, the New Folder wizard enables you to create folder archive points. To create an archive point for a volume, use the ArchivePoints.exe command line tool.

You can view and edit archive points using the new Archive Point wizard, which is started by right-clicking a volume in the Administration Console, and selecting the menu option Archive Points.

2.6.4 Celerra placeholder delete option restricted to volume level [Ref 841475]

The placeholder folder policy option Delete archived file when placeholder is deleted does not apply to Celerra devices. For Celerra volumes, use the same option in the volume policy properties.

2.6.5 Avoiding duplicate placeholder shortcuts [Ref 854415]

Archived items can be deleted unintentionally when you are using the policy settings Delete archived file when placeholder is deleted or Delete archived file when placeholder is recalled.

The typical situation in which this occurs is as follows:

1.  A user inadvertently deletes some files that are needed.
2.  The help desk restores the whole folder to a temporary location so that the user can copy the required files. If the restored folder contains placeholder shortcuts, these may now be duplicates.
3.  The user checks the files, copies the ones that were inadvertently deleted, and then deletes the temporary folder. This can have the following consequences:
 
  • If Delete archived file when placeholder is deleted is in use, deleting the shortcuts in the temporary folder also deletes the archived items.
  • If Delete archived file when placeholder is recalled is set, the user may inadvertently have deleted archived items when opening placeholder shortcuts to check whether they were the required files.
It is possible to turn off the automatic deletion by setting the registry values DeleteOnRecall and DeleteOnDelete, but these registry values affect the whole file server. Thus, disabling automatic deletion for that one user also disables automatic deletion for all users on that file server. See Automatic deletion of archived items for a description of these registry values.

It may be possible to restore the folder to a temporary location without restoring any placeholder shortcuts.

Alternatively, instead of restoring the items to a temporary folder on the same file server, if the placeholder shortcuts have been backed up from an NTFS volume, it may be possible to restore them to a file server that does not have DeleteOnDelete or DeleteOnRecall set.

2.6.6 Automatic deletion of archived items [Ref 846814,846052]

Enterprise Vault 7.0 volume policies and folder policies have the following options that enable you to control the deletion of archived items:
 
  • Delete archived file when placeholder is recalled: Select this to indicate that Enterprise Vault is to delete archived files when their corresponding placeholders are recalled.
  • Delete archived file when placeholder is deleted: Select this to indicate that Enterprise Vault is to delete archived files when their corresponding placeholders are deleted.
CAUTION

If you use these settings, take care to avoid duplicate placeholder shortcuts, otherwise it is possible to delete archived items unintentionally. See 2.6.6 Avoiding duplicate placeholder shortcuts for more information.

When a placeholder is deleted or recalled, the policy is applied in two stages, as follows:

1.  The setting of Delete archived file when placeholder is recalled or Delete archived file when placeholder is deleted are checked to see whether the policy requires the archived item to be deleted.
2.  If the policy requires that the item is to be deleted, a server registry value is checked to determine whether the deletion is allowed.
The registry entries that control whether deletion is allowed are as follows:

 
Registry Entry Type Value
DeleteOnDelete DWORD 0: (Default) Do not allow the deletion of an archived item when its placeholder is deleted.
    1: Allow the deletion of an archived item when its placeholder is deleted.
DeleteOnRecall DWORD 0: (Default) Do not allow the deletion of an archived item when its placeholder is recalled.
    1: Allow the deletion of an archived item when its placeholder is recalled


These registry values are created automatically by the Placeholder service the first time it starts, under the following location:

HKEY_LOCAL_MACHINE
\SOFTWARE
 \KVS
  \Enterprise Vault
   \FSA
    \ArchivedFilesFlags

For NTFS devices the registry on the file server is used, which is the one that is local to the Placeholder service.

For NetApp and Celerra devices, the registry that is used is the one on the Enterprise Vault Storage Service server that archives the volume.

The default values of DeleteOnDelete and DeleteOnRecall prevent the automatic deletion of archived items. If you change either value you must restart the appropriate service the in order to implement the change, as follows:
 
  • NTFS - restart the Placeholder service on the file server.
  • NetApp - restart the Admin service on the Storage Service computer on which you changed the registry entry.
  • Celerra - no restart required. The new values is used automatically on the next run of the deletion task.
These registry entries give you the flexibility to control, for each file server, whether the policy settings for Delete archived file when placeholder is deleted and Delete archived file when placeholder is recalled are obeyed.

Note that the policy that is applied when a placeholder shortcut is deleted or recalled depends to some extent on the type of device that is being archived, as follows:
 
  • NTFS and NetApp devices: The policy information is stored in the shortcut. Thus, the policy that is applied is the policy that was in force at the time of archiving.
  • Celerra devices: The policy information is not stored in the shortcut. It is checked by the scheduled deletion run after the shortcut has been deleted. Thus, the policy that is applied is the policy that is in force at the time of the shortcut deletion run.

2.6.7 Preparation for FSAUtility [Ref 859092]

If you intend to use FSAUtility to restore files, you must do the following so that multiple file recalls do not exceed the recall limits:

1.  Set the BypassRecallLimitsForAdmins registry entry so that multiple file recalls do not exceed the recall limits:
 
a. If the file server is a NetApp device, start the Administration Console, open the properties of the file server and select Ignore recall limits for local administrators.
 
b. For other file servers, create a DWORD entry called BypassRecallLimitsForAdmins under the following registry key: on the file server that runs the Placeholder service:
 
HKEY_LOCAL_MACHINE
 
\SOFTWARE
 
 \KVS
 
  \Enterprise Vault
 
   \FSA
 
    \PlaceholderService
 
c. Give BypassRecallLimitsForAdmins a value of 1 to enable local administrator accounts to bypass the recall limits.
 
2. Use FSAUtility from an account that has local administrator permissions on the file server that is running the Placeholder service.

*NOTE: With EV 7.0 FSAUtility is supported only for NTFS file systems.

2.6.8 Copying or restoring placeholders for very large files [Ref 32648]

When copying or restoring a placeholder for a large file, typically hundreds of megabytes, it may not be possible to retrieve the file. The user receives the error Cannot copy filename: The remote storage service was not able to recall the file. where filename is the name of the file.

At the same time, an event such as the following is logged to the Enterprise Vault event log:

Event Type: Error
Event Source: Enterprise Vault
Event Category: File Placeholder Service
Event ID: 20539
Date: 23/11/2006
Time: 16:01:35
User: N/A
Computer: MYSERVER
Description:Downloaded file is not the expected size

The problem is due to an IIS file size restriction.

The file can be restored successfully using Archive Explorer.


2.7 Exchange Server archiving

2.7.1 Exchange System Manager on Enterprise Vault servers [Ref: 29546]

If Exchange Server archiving is being implemented, Enterprise Vault servers with an Exchange Mailbox task, Exchange Journaling task, or the Storage Service must have the Exchange System Manager tools and fixes shown below:

 
Operating System on Enterprise Vault Server Exchange 2000 Exchange 2003
Windows Server 2003 Exchange Server 2003 Exchange System Manager Exchange Server 2003 Exchange System Manager
Windows 2000 Server Exchange Server 2000 Exchange System Manager with SP3 and Post SP3 rollup 6487.1 Exchange Server 2000 Exchange System Manager with SP3 and Post SP3 rollup 6487.1


2.7.2 Vault Service account 'Send As' permission on Exchange Servers

As a result of the Microsoft Exchange 2003 Service Pack 2 updates (KB912442 and KB916803) there have been changes to the Send As Exchange permission. These changes are detailed in the following knowledge base article: http://support.microsoft.com/kb/912918.

If you have installed these updates, you need to check whether the Vault Service account still has Send As permission on the Exchange servers.

For information about how to set up Exchange Server permissions, see the Enterprise Vault Installing and Configuring guide.

2.7.3 Mailbox permissions for groups

Enterprise Vault synchronizes mailbox permissions to the corresponding archives. If a group with Full mailbox access or Owner permissions has access to the mailbox then, after synchronization, every member of the group will have the equivalent access to the archive.

You are recommended to check that mailbox permissions are set correctly before you install Enterprise Vault 7.0.

2.7.4 Synchronizing mailbox permissions [Ref: 29084]

Enterprise Vault synchronizes permissions for each newly-enabled mailbox. In the Administration Console, the permissions for the corresponding archive show that only the mailbox owner has access. (This is the equivalent of the SELF mailbox right.)

If, however, additional users have been granted Full Mailbox rights (using the Extended Mailbox Rights tab in Active Directory Users and Computers) you may see a much more extensive list because the synchronization includes other mailbox rights such as 'Enterprise Admins', 'Exchange Domain Servers', and so on. This behavior results from the way Active Directory handles permissions and is expected.


2.8 Enterprise Vault 7.0 OWA 2003 Extensions [CAP-0951]

Exchange Server 2003 hotfixes may modify OWA control files. If you have installed an Exchange Server 2003 hotfix that has created an unsupported version of the OWA control files folder, or modified any files in the control files folder, a "Save file error" will be reported when you attempt to install the Enterprise Vault OWA Extensions.

The Enterprise Vault 7.0 OWA Extensions provide support for the following versions of OWA 2003 control files:

 
Version Path
Exchange Server 2003 SP1 \exchweb\6.5.7226.0
Exchange Server 2003 SP2 \exchweb\6.5.7638.1
Exchange Server 2003 SP2 + Hotfix KB 911829 v 1 \exchweb\6.5.7651.9
Exchange Server 2003 SP2 + Hotfix KB 911829 v 2 \exchweb\6.5.7651.25
Exchange Server 2003 SP2 + Hotfix KB 924334 Exchange install folder>\exchweb\6.5.7651.43


2.9 Installing SMTP archiving license

Enterprise Vault licenses are automatically installed by the Enterprise Vault Admin service. To install the SMTP Archiving service on a separate Windows SMTP Server computer, that does not have the Enterprise Vault Admin service, follow the instructions given in the support note  http://entsupport.symantec.com/docs/286104 .

2.10 Enterprise Vault clients

2.11 Enterprise Vault User Extension version support

The following table shows supported combinations of Enterprise Vault User Extensions versions with Enterprise Vault server versions.

 
User Extension Version Enterprise Vault 5.0 Enterprise Vault 6.0 Enterprise Vault 7.0
5.0 Y Y N
6.0 Y Y Y
7.0 N N Y


If users have the Beta version of the Enterprise Vault 7.0 User Extensions installed, these must be removed before installing the released version of the User Extensions.

Use the same type of Enterprise Vault User Extensions when upgrading. This means that existing User Extensions should be upgraded to Enterprise Vault 7.0 User Extensions, and Self-Installing User Extensions should be upgraded to Enterprise Vault 7.0 Self-Installing User Extensions.

If you want to upgrade from User Extensions to Self-Installing User Extensions or vice versa, additional steps are required. For details, see the support note  http://entsupport.symantec.com/docs/286107 .

2.12 Installing the User Extensions on Enterprise Vault servers

The Enterprise Vault server installation includes the User Extensions. You cannot do a separate installation of the User Extensions on an Enterprise Vault server.

2.13 Offline Vault

Due to restrictions in cross-domain security, Offline Vault is not supported if the user's computer is in an untrusted domain.

2.14 Archive Explorer pilot recommended

If you intend to use Archive Explorer you are recommended to pilot with a small number of users to determine the performance characteristics in your environment before rolling it out to all users.

If you are implementing Exchange Server mailbox archiving, you can create a provisioning group for the required users and configure the Desktop setting, "Archive Explorer" button visible, on the Advanced page of the Exchange Mailbox Policy properties.

If you are implementing File System Archiving, users will use Archive Explorer in a stand-alone browser session. You do not need to configure policy settings, but you will need to send the required users the Archive Explorer URL. This will take the form:  


HTTP:\\ev_webserver\EnterpriseVault\archiveexplorerui.asp

2.15 Changes to WebApp.ini settings for Archive Explorer

The following WebApp.ini settings, which controlled aspects of Archive Explorer behavior, are no longer supported. If you have any of these settings in WebApp.ini you are recommended to remove them:
 
  • ArchiveExplorerDelete
  • ArchiveExplorerHelp
  • ArchiveExplorerRestore
  • ArchiveExplorerSearch
  • ArchiveExplorerSettings



Legacy ID



286078


Article URL http://www.symantec.com/docs/TECH49745


Terms of use for this information are found in Legal Notices