InTrust 11.4.2 - Understanding InTrust Repositories

Introduction to InTrust Repositories

The repository is the primary type of audit data store in InTrust. The other type is the audit database. Repositories are intended for long-term archiving of data in a compressed format. You can do the following with an InTrust repository:

• View its contents in InTrust Repository Viewer
• Generate reports from the contents in Repository Viewer
• Use it as the source of data for an import job
• Use it as the source or the target for a consolidation job
• Clear unnecessary data from it using repository cleanup jobs

Repository Types

There are two types of repositories in InTrust: file-based and Centera-based.

• File-based repositories are specially organized structures of folders and compressed files.
• Centera-based repositories use EMC Centera™ devices for storage.

File-Based Repositories

File-based repositories can store large amounts of data (because it is compressed), and they have a hierarchical structure, which ensures fast access and easy data selection and retrieval.

Repositories of this type differ from arbitrary file system hierarchies in that they contain files with very long paths and need specialized tools for handling. This means that some generic file and folder operations may not work with file-based repositories. For example, it is not recommended that you copy a repository to another location as you would a regular folder or share. For information about copying and backing up repositories, see the Cloning Repositories topic in this document.

Centera-Based Repositories

Centera is a powerful networked storage solution that integrates hardware and software components. Audit data is one of the types of data that Centera is designed for. Event records must remain unchanged once they are created, they need to be retained as long as compliance regulations specify, and they should always be readily available.

To successfully set up Centera-based repositories, an InTrust administrator should at least be familiar with the basic concepts described below, which have a direct bearing on interoperation between InTrust and Centera. For additional information, refer to the Centera documentation.

Centera offers the following advantages over file-based repositories:

• Data integrity—data is guaranteed to remain unmodified
• Data protection—due to flexible retention policies, only expired data is cleared
• Data safety—Centera provides failover capabilities ensuring that no data is lost; this is achieved through redundancy
• High scalability
• Streamlined performance
• Reliability
• Additional application-level security

Centera Clusters

A cluster is the largest physical unit of a Centera storage. Clusters are made up of cubes. Cubes contain between 4 and 32 nodes, which are the smallest physical elements.

Failover facilities are cluster-wide, meaning that you ensure failover for the entire cluster rather than specific nodes.

Centera Nodes and Their Roles

A node is a physical device that can be represented by a network identity and can act as an interface between the network environment outside the Centera cluster and the data stored in the cluster.

Whether the node can provide this interface depends on the role it is assigned. The following roles are available for Centera nodes:

• Access role
• Storage role

Nodes with the access role are gateways to the data stored in Centera. These nodes have IP addresses on the network and are responsible for authentication. If you successfully connect to one such node, you have access to the entire cluster. However, to connect faster, you can specify several available nodes with the access role.

Applications such as InTrust use these nodes to access the storage facilities. The properties of a Centera-based InTrust repository include the IP address of the Centera node with the access role that provides data access.

Centera Security Model

Centera is designed for access by applications, not by security principals. For this reason, security is configured on a per-application basis and does not involve any accounts in the environment.

Centera authorization is also built around this model. Centera provides application profiles that determine which data is made available to specific applications.

The Centera cluster must have an application profile for InTrust before any jobs can use the Centera-based repository. The properties of a Centera-based InTrust repository include settings for all supported authentication methods.

For more information, see the Creating and Editing Repositories topic.

Centera Retention Policy

Centera associates retention periods with the data it stores, based on the properties of the data. A retention period is the period after which the data can be deleted by an application that works with it.

Retention models differ depending on the Centera edition: Basic, Compliance Edition Plus, and Governance Edition. For more information, refer to the Centera documentation.

The properties of a Centera-based InTrust repository include retention period settings. For more information, see theCreating and Editing Repositories topic.

Differences from File-Based Repositories

Working with Centera-based repositories is essentially the same as working with file-based repositories. You can select the type—file-based or Centera-based—when you create a repository. Further settings depend on the repository type you select.

Although there are differences in repository properties, the auditing workflow is uniform for both types. Whichever type of repository you create, you can use it in any job that involves repositories.

You cannot convert one repository type to another. However, you can use InTrust consolidation jobs to relocate data.

From the user perspective, the difference is that Centera-based repositories cannot be viewed in InTrust Repository Viewer. Instead, use the Legacy Repository Viewer MMC snap-in shipped with InTrust.

Centera Access

A Centera-based repository is a split structure that has two parts:

• Actual Centera node
• Service folder, which is a network share with InTrust-generated data for data referencing

The service folder does not contain actual audit data, but redirects InTrust to the Centera node and helps perform read and write operations. This service data cannot be located in the Centera node, because this contradicts Centera's data immutability requirement.

Therefore, connecting to a Centera-based repository is different from connecting to a file system-based repository. To access Centera, InTrust must have access to both of the locations.

Repository Structure Integrity

Although a Centera-based repository is made up of two parts, it should be considered a single unit. The service folder must always reference data in the same Centera cluster; otherwise, the data will become unavailable.

For example, the properties of a Centera-based repository must always specify access nodes that belong to the same cluster. Supplying the IP address of a node in a different cluster will not prevent gathering, but will result in data unavailability.

In addition, if the IP addresses of your Centera nodes with the access role are changed, edit the properties of your Centera-based repositories accordingly.

Repository Connections

Connections to production repositories normally occur through an InTrust server, unlike connections to idle repositories. The distinction between these two kinds of repository is as follows:

• A production repository is managed by an InTrust server and is available in InTrust Manager.
• An idle repository is not attached to any InTrust server. For example, it can be a backup copy of a production repository or a store for historical data.

For successful connections to production repositories, make sure all InTrust servers in the organization have the agent communication port (900 by default) and InTrust Server management port (8340 by default) open for inbound traffic.

Creating and Editing Repositories

Make sure that the file server where you create a new repository share has fast and reliable connections to InTrust Server.

To create a file-based repository in InTrust Deployment Manager

1. Start creating a collection or editing an existing collection.
2. On the Data Sources and Repository step of the wizard, create your repository.

To create a file-based repository in InTrust Manager

1. Expand the Configuration | Data Stores node.
2. Right-click Repositories and select New Repository to start the New Repository Wizard.
3. On the Repository Type step of the wizard, select File-based storage.
4. Complete the remaining steps.

To create a Centera-based repository (only in InTrust Manager)

1. Expand the Configuration | Data Stores node.
2. Right-click Repositories and select New Repository to start the New Repository Wizard.
3. On the Repository Type step of the wizard, select EMC Centera.
4. On the Centera Settings step, either specify a Centera connection string or select Proceed with the wizard to define settings.
   
   If you select to specify settings for the connection in the wizard, the remaining steps prompt you for the following:
   • Connection settings
   • Security settings

5. Select the location for the service folder. This is a share or local folder with files used for referencing data in the Centera storage.
6. Finish the wizard.

To edit an existing repository

• If you are using InTrust Deployment Manager, start editing a collection that gathers to the repository you want to edit, and proceed to the Data Sources and Repository step of the wizard.
• If you are using InTrust Manager, find the repository you need under Configuration | Data Stores | Repositories and open its properties.

The same configuration options described in the procedures above (for Centera-based repositories, also the ones detailed below) are available in the repository properties.

Centera Connection and Security Settings

The New Repository Wizard can automatically generate Centera connection strings using the values you specify.

On the Connection Settings step, specify the names or IP addresses of Centera nodes with the access role. The default port for connection is 3218; specify a different port number if necessary.

On the Security Settings step, configure the Centera authentication method InTrust must use by choosing one of the following:

• Explicit credentials (profile name and secret)
• Anonymous profile
  
  This is a profile that does not require authentication. Although the profile is supported by InTrust, EMC does not recommend using it.
• Credentials from a .pea file
  
  Files with the .pea extension store Centera authentication information.

After you have created a Centera-based repository, these settings are available in the repository’s properties dialog box on the Centera tab.

Centera Retention Policy

Every unit of data in Centera has a retention policy associated with it. The retention policy determines how long the data is kept before it expires and can be cleared.

Centera retention policy settings for audit data gathered with InTrust are not specified during repository creation. To access retention policy settings, open the properties of a Centera-based repository, select the Centera tab, and click Retention Policy.

You have three options for audit data retention, as follows:

• No retention
  
  This option specifies that the retention period is zero.
• Retention class
  
  This option lets you associate InTrust data with a specific retention class defined on the Centera cluster.
• Retention period
  
  This option lets you specify precisely how long InTrust data must be retained.

Retention policy settings have precedence over InTrust repository cleanup job settings. If you run a cleanup job on a Centera-based repository where the retention period has not yet expired for the specified data, then the data is not deleted, and the repository cleanup session will contain errors. Centera permits cleanup procedures only after the retention period has expired.

Repository Indexing Configuration

InTrust repository indexing is a big topic, described separately in Repository Indexing for Advanced Search Capabilities.