Video Screencast Help
Archiving and eDiscovery Community Blog

Making Enterprise Vault More Secure

Created: 07 Jan 2014 • Updated: 29 May 2014 • 2 comments
Rob.Wilcox's picture
+1 1 Vote
Login to vote

From time to time people ask questions about how to make Enterprise Vault data 'more secure'. This is usually around the under-the-covers activities like when a client retrieves an archived item, and it's transmitted back to the client can that be secured? The answer is yes, lets discuss how.

First of all the default transmission is HTTP

HTTP.png

And as you can see in Enterprise Vault 10.0.4 (and other flavours of EV too) you get a security warning, which when clicked, gives you a simple pop-up which says:

"Non-HTTPS traffic is not encrypted on the network. Do not use this option unless you are using a secure network".

The second thing to notice is that this is a site wide setting.

So, life is good if we are using a secure network. I know that there are philisophical discussions to be had about whether ANY network can be termed secure, but now lets just say that if all traffic is inside the corporate file it's secure.

But what about people who use Outlook Web Access?

This is a problem if Enterprise Vault is configured with Outlook Web Access extensions. Uses can access Outlook Web Access from 'anywhere'. Therefore when they retrieve an archived item, or perform a search and so on, the transmission, by default, is not going to be secure.

We need to change to HTTPS. For this there are two considerations:

Green Field

In a green field deployment, or in other words a fresh deployment of Enterprise Vault, HTTPS can be enabled and configured from Day 1... before ANYTHNG is archived. This is of course the ideal situation.

Brown Field

The brown field deployment, or in other words an existing deployment of Enterprise Vault can also be changed to use HTTPS. No problem there; except of course that all the existing shortcuts will then be broken. So if you do go down this route, you will need to take a look at the options of recreating Enterprise Vault shortcuts, which I've written about before in this blog post. (http://thingsilearnedtoday.net/2013/12/17/how-to-r...). It might not be necessary to perform those steps though, for example if archived items do not have shortcuts created at all (good for customers who push Virtual Vault usage)

Remember

It's also worth remembering that you don't just make this change in Enterprise Vault, if you look at the online help you have to obtain and install a valid certificate on the default web site in IIS.

Do you use HTTP or HTTPS in your Enterprise Vault deployment? Let me know in the comments.

 

Comments 2 CommentsJump to latest comment

EdLacey's picture

Good refresher about this feature Rob. The one thing I would recommend anyone implementing HTTPS to do is put a reminder in you calendar to renew the certificate before it expires. On more than one occasion in the past I've had a call that "EV has just stopped working!" to eventually find it was down to an expired cetificate.

0
Login to vote
Baris Aydogmusoglu's picture

My last project I deployed EV /w https. "https" option was enabled and configured from day 1 :)

Everything is fine,  have not encountered a problem yet.

Senior System Expert

Microsoft Exchange Server

Symantec Enterprise Vault

http://www.aydogmusoglu.com

http://www.e-vault.info

0
Login to vote