Chat now with support
Chat con el soporte

Metalogix Sensitive Content Manager 1.90.1 - Installation Guide

Metalogix Sensitive Content Manager

Metalogix Sensitive Content Manager (SCM) provides a reliable, accurate and flexible solution for detecting sensitive information such as Personally Identifiable Information (PII), Protected Health Information (PHI) and Payment Card Industry (PCI) within enterprise content management systems. With on-demand scanning, administrators can flag specific libraries, sites, or site collections for content discovery, or enable real-time content shield by analyzing files as they are created, modified, moved, or destroyed.

This guide contains instructions for installing Metalogix Sensitive Content Manager.

Integration with Metalogix ControlPoint and Microsoft SharePoint

Metalogix Sensitive Content Manager Server can leverage the existing security, compliance and administration capabilities of Metalogix ControlPoint to enforce policies using the full range of Microsoft SharePoint's permissions management, auditing and user activity reporting. The combination of Metalogix Sensitive Content Manager and Metalogix ControlPoint offers a powerful Data Loss Prevention (DLP) solution that enables clients to identify, track, and secure documents using advanced neural network powered machine learning, which ensures a more robust level of information governance inside increasingly complex enterprise environments.

Metalogix Sensitive Content Manager Components

Metalogix Sensitive Content Manager comprises of several components that can be deployed on a single server or distributed across several servers. These components work together to analyze documents using regular expressions and machine learning technology.

Content Analysis Admin Portal

The Content Analysis (CA) Admin Portal is the primary user interface for administration of the Metalogix Sensitive Content Manager services. The portal provides the administrator with services like license management, monitoring the system health, server management, and other administrative tasks like profile settings, search specifications, thresholds and more, to manage the operations of the Metalogix Sensitive Content Manager.

Content Analysis File Submit Service

When integrated with Metalogix ControlPoint, the Content Analysis (CA) File Submit Service receives REST API request with a physical file as payload or a batch of files that need analysis. It stores these files in a temporary folder in the SCM Server and creates a job queue for the Content Analysis Job Service.

Content Analysis Result Service

When integrated with Metalogix ControlPoint, a REST API call requests the Content Analysis (CA) Result Service to return the metrics and results of the files that were analyzed by the CA Job Service.

Content Analysis Jobs Service

The Content Analysis (CA) Jobs service is a windows service that provides the heavy-lifting to analyze the files using regular expressions and machine learning technology. It is also called the Metalogix SCM Jobs Engine. Each instance of the CA Job service monitors the job queue in the SCM database. If a job is pending, the relevant files from the temporary storage on the SCM Server, are analyzed. It stores the result of the analysis in the SCM Database and deletes the files from the temporary storage. Sensitive files are permanently deleted from the temporary storage when the analysis is completed.

SCM Database

The SCM Database is the central repository for the configuration, analysis results and operational metrics of the Metalogix Sensitive Content Manager.

System Requirements

The table below lists the minimum system requirements to install and use the Metalogix Sensitive Content Manager.

Component Type

Component

Operating System

Windows Server 2012, 2012 R2, 2016 or 2019

Database

SQL Server 2012, 2014, 2016 or 2017 (for the server that will host the SCM Database).

Software framework

Microsoft .NET Framework 4.7.1 or later.

Application software

The Metalogix Sensitive Content Manager installer can install the following prerequisites. If you choose to install the prerequisite software applications manually, the following list will indicate the requirements depending on your environment.

·Microsoft Web Deploy 3.6

·Microsoft System CLR Types for Microsoft SQL Server 2016

·Microsoft SQL Server 2016 Management Objects (x64)

Browser

·Chrome® (latest version recommended)

·Firefox® (latest version recommended)

·Internet Explorer 11®

 

Deployment Planning

The deployment topologies described below are based on simple estimates to provide some guidance about how to think about load sizing and analysis server distribution. Since processing efficiencies are heavily dependent on your analysis load and server configurations, some research and verification will be necessary to arrive at optimum server load configurations. It is recommended that you contact your Quest representative to assist you in this process.

In this topic:

·Standalone SCM deployment topology

·Distributed SCM deployment topology
 

info

NOTE: Names of computers or servers used in subsequent topics are referenced from the illustrations below, to serve as conceptual and visual aids.


Standalone SCM deployment topology

This deployment topology is based on the assumption that you have several hundred kilobytes of files (but less that a gigabyte) from a single Microsoft SharePoint or another file server, that needs analysis.

The suggested approach for this scenario would be to install the SCM database, CA Admin Portal and other services on a single physical or virtual machine. This would be the stand-alone SCM server (SCMDEMO). You could then use Metalogix ControlPoint to submit file analysis jobs to the SCM server from the connected SharePoint or another file server.

img-0002


Distributed SCM deployment topology

This deployment topology is based on the assumption that you have several terabytes of files spread across a Microsoft SharePoint server farm, and about a gigabyte of these files need to be analyzed per day.

The suggested approach for this scenario would be to install the SCM database on a dedicated server (SCMDB), the CA Admin Portal and related services on a separate server (SCMSVR), and additional CA Jobs services on multiple dedicated servers (CAJOBS-1 to CAJOBS-N).

When the SCM Server is integrated with your Metalogix ControlPoint server that connects to your SharePoint farm, you can submit files for analysis. The files that are submitted through Metalogix ControlPoint can be efficiently distributed between the CA Jobs services on the dedicated servers including the CA Jobs service on SCMSVR. The distributed nature of the Content Analysis Jobs servers ensures efficient retrieval and processing of the files required for analysis.

The number of dedicated servers that are deployed for Content Analysis Job services are dependent on the number of files requiring analysis. You need to deploy only when needed.

img-0004

Pre-install Preparation

Before you begin installing Metalogix Sensitive Content Manager, your environment must be configured to ensure a successful installation of the Metalogix Sensitive Content Manager.

info

IMPORTANT: This release of Metalogix Sensitive Content Manager is not compatible with versions prior to 1.90. You must uninstall all SCM components including the database and any distributed CA Jobs Services before you install this version of SCM. See Steps to manually uninstall all SCM components for more information.

info

NOTE: If an integration with Metalogix ControlPoint is planned, the SCM Server must be in a domain that is in a full trust relationship with the domain in which ControlPoint is installed. Specifically, verify that the SCM Server is reachable from the ControlPoint Server.

In this topic:

·Setting up users and groups in the Active Directory

·Steps to grant permissions to the CA Jobs Service windows account

·Steps to setup the SCM Server installer account

·Steps to configure the inbound rules for the service ports on the SCM Server

·Steps to download the install media

·Steps to disable Internet Explorer Enhanced Security
 


Setting up users and groups in the Active Directory

To manage SCM operations it is recommended that you create the following domain users and group in the Active Directory.

Object

Example

Description

Security Group

SCM Users

All SCM users who can log in to the CA Admin Portal

Admin user

SCM Administrator

(mydomain\scmadmin)

Designated administrator for SCM. Responsible for the installation and configuration of SCM services and components on one or more machines. This account can also be used to install and run CA Job Services on dedicated servers.

Regular user

SCM Analyst

(mydomain\scmanalyst)

Any user of SCM services who can submit jobs but cannot log in to the CA Admin Portal because the user account is not a member of the SCM Users group.

img-0008

info

NOTE: The SCM Users group contains any user that can log in to the CA Admin Portal.


Steps to grant permissions to the CA Jobs Service windows account

The windows account designated to run the CA Jobs Service on dedicated servers must be granted elevated permissions to operate on the SCM Service Connection Point. Contact your domain administrator to help with these steps if needed.

1.Log in to your domain controller

2.Click Start > Run. Enter ADSIEdit.msc and click OK to start the Active Directory Service Interfaces Editor.

3.From the Console Tree, expand the computers node and select the SCM Server (eg. CN=SCMSVR).

img-0063

4.Right-click the SCM Server node and select Properties from the context menu.

5.Select the Security tab.

6.Click Add and follow the steps to add a domain user designated to run the CA Jobs Service (eg. SCM Administrator)

img-0065

7.In the Permissions window, select all the Allow check boxes.

8.Click OK to close the window.


Steps to setup the SCM Server installer account

1.The SCM Administrator must be granted the following memberships/privileges on the SCM Server:

a.Must be a member of the local Administrators group.

info

NOTE: The SCM Administrator must be a member of the local Administrators group on every computer where Sensitive Content Manager components are installed. For example, if dedicated servers are deployed for the SCM Database and CA Jobs Services, then the SCM Administrator must be a member of the local Administrators group on those servers as well.

b.Must be granted log in rights to the SCM database instance with dbowner, dbcreator and securityadmin roles.

c.Must be granted remote desktop access if necessary. For more information see Steps to grant Remote Desktop Access.


Steps to configure the inbound rules for the service ports on the SCM Server

info

NOTE: The steps below are required if the Domain Network firewall on the SCM Server is turned on. These steps must be repeated for each of the three service ports. The port numbers indicated here are samples and you may choose your own port numbers.

·44300 - CA Admin Portal

·44301 - CA Result Service

·44302 - CA File Submit Service

1. Go to Control Panel > All Control Panel Items > Windows Defender Firewall.

or

Click Start > Run. Enter firewall.cpl and click OK to open the Windows Defender Firewall settings window.

2.Click Advanced Settings.

3.From the Console Tree, right-click Inbound rules and select New Rule from the context menu. The New Inbound Rule Wizard starts.

4.In the Rule Type step, select Port. Click Next.

5.In the Protocol and Ports step, select TCP. Then select Specific Local Ports.

6.Enter the port number in the field. For example, if this is the inbound rule for the CA Admin Portal, enter 44300. Click Next.

7.In the Action step, select Allow the connection. Click Next.

8.In the Profile step, accept the defaults. Click Next.

9.In the Name step, enter the name of the inbound rule. For example, if this is the inbound rule for the CA Admin Portal, enter CA Admin Portal.

10.Click Finish. The inbound rule is created.

img-0058

11.Repeat these steps for the other services.


Steps to download the install media

1.From your browser, navigate to  or https://www.quest.com/products/metalogix-controlpoint/sensitive-content-manager.aspx

or

From your browser, navigate to the http://www.quest.com/trials page. Locate the product Metalogix ControlPoint. The Metalogix Sensitive Manager product is combined with the Metalogix ControlPoint product.

2.Click the Download Free Trial button.

3.Fill the Download Your Free Trial registration form and click Download Trial. The file download page appears.

4.Download the install media zip file.

5.The the trial license key is specified in the email that is sent to you.

6.Ensure that the files are available locally on the machine on which you are planning to install the Metalogix Sensitive Content Manager components.


Steps to disable IE Enhanced Security issues on the SCM Server

The IE enhanced security windows feature prevents Internet Explorer from navigating to sites that are not listed in the browser's 'trusted sites'. You can either add the SCM sites or follow the steps below to disable the enhanced security.

1.Open the Server Manager (Start > Server Manager).

2.In the Properties section, scroll to the right until you see this option: IE Enhanced Security Configuration, and toggle the setting to Off.

3.In the Internet Explorer Enhanced Security Configuration window, disable the IE ESC for Administrators and Users

4.Click OK.

 

Herramientas de autoservicio
Base de conocimientos
Notificaciones y alertas
Suporte de productos
Descargas de software
Documentación técnica
Foros de usuarios
Tutoriales en video
Comuníquese con nosotros
Obtenga asistencia con las licencias
Soporte Técnico
Ver todos
Documentos relacionados