Arctera Insight Information Governance Administrator's Guide

Last Published:
Product(s): Data Insight (7.2)
Platform: Windows
  1. Section I. Getting started
    1. Introduction to Arctera Insight Information Governance administration
      1. About Arctera Insight Information Governance administration
        1.  
          Operation icons on the Management Console
        2.  
          Information Governance administration tasks
    2. Configuring Information Governance global settings
      1.  
        About Information Governance licensing
      2.  
        SQLite WAL mode
      3.  
        Configuring SMTP server settings
      4. About scanning and event monitoring
        1. Configuring scanning and event monitoring
          1.  
            Considerations for running a parallel scan
      5.  
        Monitoring Indexer Node Storage Utilization
      6. About filtering certain accounts, IP addresses, and paths
        1.  
          About exclude rules for access events
        2.  
          About exclude rules for Scanner
        3. Adding exclude rules to Information Governance
          1.  
            Add/Edit Exclude rule for access events options
          2.  
            Add/Edit Exclude rule for Scanner options
      7. About archiving data
        1.  
          About purging data
        2.  
          Configuring data retention settings
        3.  
          Parameterized Purging of access data using Data Retention
        4.  
          Purging indexes by date/whitespace for deleted files
      8. About Information Governance integration with Data Loss Prevention (DLP)
        1.  
          About configuring Information Governance to integrate with Data Loss Prevention (DLP)
        2.  
          Configuring Data Loss Prevention settings
        3.  
          Importing SSL certificate from the DLP Enforce Server to Information Governance Management Server
        4.  
          About Data Loss Prevention (DLP) integration with Information Governance
      9.  
        Importing sensitive files information through CSV
      10. Configuring advanced analytics
        1.  
          Choosing custom attributes for advanced analytics
      11. About open shares
        1.  
          Configuring an open share policy
      12. About user risk score
        1.  
          User risk weight configuration
      13.  
        Configuring file groups
      14.  
        Configuring Workspace data owner policy
      15.  
        Configuring Management Console settings
      16. About bulk assignment of custodians
        1.  
          Assigning custodians in bulk using a CSV file
        2.  
          Assigning custodians based on data ownership
      17.  
        Configuring Watchlist settings
      18. Configuring Metadata Framework
        1.  
          Using the metadata framework for classification and remediation
      19.  
        Proof of concept
  2. Section II. Configuring Information Governance
    1. Configuring Information Governance product users
      1.  
        About Information Governance users and roles
      2.  
        Reviewing current users and privileges
      3. Adding a user
        1.  
          Add or edit Information Governance user options
      4.  
        Editing users
      5.  
        Deleting users
      6.  
        Configuring authorization for Data Loss Prevention users
      7.  
        Configuring single sign-on (SSO) using security assertion markup language (SAML)
      8.  
        Disabling single sign-on (SSO)
    2. Configuring Information Governance product servers
      1.  
        About Information Governance product servers
      2.  
        Adding a new Information Governance server
      3.  
        Managing Information Governance product servers
      4.  
        Viewing Information Governance server details
      5. About node templates
        1.  
          Managing node templates
        2.  
          Adding or editing node templates
      6.  
        Adding Portal role to a Information Governance server
      7.  
        Adding Classification Server role to a Information Governance server
      8.  
        Assigning Classification Server to a Collector
      9.  
        Associating a Classification Server pool to a Collector
      10.  
        Viewing in-progress scans
      11.  
        Configuring Information Governance services
      12.  
        Configuring advanced settings
      13.  
        Monitoring Information Governance jobs
      14.  
        Rotating the encryption keys
      15.  
        Viewing Information Governance server statistics
      16. About automated alerts for patches and upgrades
        1.  
          Viewing and installing recommended upgrades and patches
      17.  
        Deploying upgrades and patches remotely
      18.  
        Using the Upload Manager utility
      19.  
        About migrating storage devices across Indexers
      20.  
        Viewing the status of a remote installation
    3. Configuring saved credentials
      1. About saved credentials
        1.  
          Managing saved credentials
      2.  
        Handling changes in account password
      3.  
        Information Governance Hash Utility
    4. Configuring directory service domains
      1.  
        About directory domain scans
      2. Adding a directory service domain to Information Governance
        1.  
          Add/Edit Active Directory options
        2.  
          Add/Edit LDAP domain options
        3.  
          Add/Edit NIS domain options
        4.  
          Add/Edit NIS+ domain options
        5. Add/Edit Azure active directory service
          1.  
            Prerequisites for configuring Azure AD
          2.  
            Registering Information Governance with Microsoft to scan Azure AD
          3.  
            Configuring application without user impersonation for Microsoft 365
          4.  
            Creating an application in the Microsoft Azure portal
      3.  
        Managing directory service domains
      4.  
        Fetching users and groups data from NIS+ scanner
      5.  
        Configuring attributes for advanced analytics
      6.  
        Deleting directory service domains
      7.  
        Scheduling scans
      8.  
        Configuring business unit mappings
      9.  
        Importing additional attributes for users and user groups
    5. Configuring containers
      1.  
        About containers
      2. Adding containers
        1.  
          Add new container/Edit container options
      3.  
        Managing containers
    6. Server Pools
      1.  
        About Server Pools
      2.  
        Adding Server Pools
      3.  
        Managing Server Pools
  3. Section III. Configuring native file systems in Information Governance
    1. Configuring clustered NetApp file server monitoring
      1.  
        About configuring a clustered NetApp file server
      2.  
        About configuring FPolicy in Cluster-Mode
      3.  
        Pre-requisites for configuring clustered NetApp file servers
      4.  
        Credentials required for configuring a clustered NetApp file server
      5.  
        Preparing a non-administrator local user on the clustered NetApp filer
      6.  
        Preparing a non-administrator domain user on a NetApp cluster for Information Governance
      7.  
        Persistent Store
      8.  
        Preparing Information Governance for FPolicy in NetApp Cluster-Mode
      9.  
        Preparing the ONTAP cluster for FPolicy
      10. About configuring secure communication between Information Governance and cluster-mode NetApp devices
        1.  
          Generating SSL certificates for NetApp cluster-mode authentication
        2.  
          Preparing the NetApp cluster for SSL authentication
      11.  
        Enabling export of NFS shares on a NetApp Cluster-Mode file server
      12.  
        Enabling SSL support for Cluster Mode NetApp auditing
    2. Configuring EMC Celerra or VNX monitoring
      1. About configuring EMC Celerra or VNX filers
        1.  
          About EMC Common Event Enabler (CEE)
        2.  
          Preparing the EMC filer for CEPA
        3.  
          Preparing Information Governance to receive event notification
      2.  
        Credentials required for configuring EMC Celerra filers
    3. Configuring EMC Isilon monitoring
      1.  
        About configuring EMC Isilon filers
      2.  
        Prerequisites for configuration of Isilon or Unity VSA file server monitoring
      3.  
        Credentials required for configuring an EMC Isilon cluster
      4.  
        Configuring audit settings on EMC Isilon cluster using OneFS GUI console
      5.  
        Configuring audit settings on EMC Isilon cluster using the OneFS CLI
      6.  
        Configuring Isilon audit settings for performance improvement
      7.  
        Preparing Arctera Insight Information Governance to receive event notifications from an EMC Isilon or Unity VSA cluster
      8.  
        Creating a non-administrator user for an EMC Isilon cluster
      9.  
        Utilizing access zone's SmartConnect Zone/Alias mappings
      10.  
        Purging the audit logs in an Isilon filer
    4. Configuring EMC Unity VSA file servers
      1.  
        About configuring Dell EMC Unity storage platform
      2.  
        Credentials required for configuring an EMC Unity VSA file server
      3.  
        Configuring audit settings on EMC Unity cluster using Unisphere VSA Unity console
    5. Configuring Hitachi NAS file server monitoring
      1.  
        About configuring Hitachi NAS
      2.  
        Credentials required for configuring a Hitachi NAS EVS
      3.  
        Creating a domain user on a Hitachi NAS file server for Information Governance
      4.  
        Preparing a Hitachi NAS file server for file system auditing
      5.  
        Advanced configuration parameters for Hitachi NAS
    6. Configuring Windows File Server monitoring
      1.  
        About configuring Windows file server monitoring
      2.  
        Credentials required for configuring Windows File Servers
      3.  
        Using the installcli.exe utility to configure multiple Windows file servers
      4.  
        Upgrading the Windows File Server agent
    7. Configuring Arctera File System (VxFS) file server monitoring
      1.  
        About configuring Arctera File System (AxFS) file servers
      2.  
        Credentials required for configuring Arctera File System (AxFS) servers
      3.  
        Enabling export of UNIX/Linux NFS shares on AxFS filers
    8. Configuring monitoring of a generic device
      1.  
        About configuring a generic device
      2.  
        Credentials required for scanning a generic device
    9. Managing file servers
      1.  
        About configuring filers
      2.  
        Viewing configured filers
      3. Adding filers
        1.  
          Add/Edit NetApp cluster file server options
        2.  
          Add/Edit EMC Celerra filer options
        3.  
          Add/Edit EMC Isilon file server options
        4.  
          Add/Edit EMC Unity VSA file server options
        5.  
          Add/Edit Windows File Server options
        6.  
          Add/Edit Arctera File System server options
        7.  
          Add/Edit a generic storage device options
        8.  
          Add/Edit Hitachi NAS file server options
      4.  
        Custom schedule options
      5.  
        Editing filer configuration
      6.  
        Deleting filers
      7.  
        Viewing performance statistics for file servers
      8.  
        About disabled shares
      9. Adding shares
        1.  
          Add New Share/Edit Share options
      10.  
        Managing shares
      11.  
        Editing share configuration
      12.  
        Deleting shares
      13.  
        About configuring a DFS target
      14.  
        Adding a configuration attribute for devices
      15.  
        Configuring a DFS target
      16.  
        About the DFS utility
      17.  
        Running the DFS utility
      18.  
        Importing DFS mapping
    10. Renaming storage devices
      1.  
        About renaming a storage device
      2.  
        Viewing the device rename status
      3.  
        Considerations for renaming a storage device
  4. Section IV. Configuring SharePoint data sources
    1. Configuring monitoring of SharePoint web applications
      1.  
        About SharePoint server monitoring
      2.  
        Credentials required for configuring SharePoint servers
      3.  
        Configuring a web application policy
      4. About the Information Governance web service for SharePoint
        1.  
          Installing the Information Governance web service for SharePoint
      5.  
        Viewing configured SharePoint data sources
      6. Adding web applications
        1.  
          Add/Edit web application options
      7.  
        Editing web applications
      8.  
        Deleting web applications
      9. Adding site collections
        1.  
          Add/Edit site collection options
      10.  
        Managing site collections
      11.  
        Removing a configured web application
    2. Configuring monitoring of SharePoint Online accounts
      1. About SharePoint Online account monitoring
        1.  
          Prerequisites for configuring SharePoint Online account
      2.  
        Configuring user with minimum privileges in Microsoft 365
      3.  
        Creating an application in the Microsoft Azure portal
      4.  
        Configuring application without user impersonation for Microsoft 365
      5.  
        Adding SharePoint Online accounts
      6.  
        Managing a SharePoint Online account
      7. Adding site collections to SharePoint Online accounts
        1.  
          Add/Edit site collection options
      8.  
        Managing site collections
  5. Section V. Configuring cloud data sources
    1. Configuring monitoring of Box accounts
      1.  
        About configuring Box monitoring
      2.  
        Using a co-admin account to monitor Box resources
      3. Configuring monitoring of cloud sources in Information Governance
        1.  
          Add/Edit Box account
      4.  
        Configuring Box cloud resources through proxy server
      5.  
        Information Governance limitations for Box permissions
    2. Configuring OneDrive account monitoring
      1.  
        About configuring OneDrive monitoring
      2.  
        Configuring user with minimum privileges in Microsoft 365
      3.  
        Creating an application in the Microsoft Azure portal
      4.  
        Configuring application without user impersonation for Microsoft 365
      5.  
        Add/Edit OneDrive account
      6. Adding OneDrive cloud accounts
        1.  
          Add/edit OneDrive user accounts
    3. Configuring Azure Netapp Files Device
      1.  
        About Azure Netapp Files
      2.  
        Configuring Azure Netapp Files Device
    4. Managing cloud sources
      1.  
        Viewing configured cloud sources
      2.  
        Managing cloud sources
  6. Section VI. Configuring Object Storage Sources
    1. Amazon S3
      1.  
        About Amazon Simple Storage Service (Amazon S3)
      2.  
        Configuring Amazon S3 account monitoring
      3.  
        Configuring Audit Events in AWS
      4.  
        Creating an Athena table
      5.  
        Adding Amazon S3 account
      6.  
        Limitations for Amazon S3 in Information Governance
      7. Managing Amazon S3 data source
        1.  
          Monitored Buckets
        2.  
          Classification
  7. Section VII. Health and monitoring
    1. Using Arctera Insight Information Governance dashboards
      1.  
        Viewing the system health overview
      2.  
        Viewing the scanning overview
      3.  
        Viewing the scan status of storage devices
      4.  
        Viewing the scan history of storage devices
    2. Monitoring Information Governance
      1.  
        Viewing events
      2.  
        About high availability notifications
      3.  
        Monitoring the performance of Information Governance servers
      4.  
        Configuring email notifications
      5.  
        Enabling Windows event logging
      6.  
        Viewing scan errors
  8. Section VIII. Alerts and policies
    1. Configuring policies
      1.  
        About Information Governance policies
      2. Managing policies
        1.  
          Create Data Activity Trigger policy options
        2.  
          Create User Activity Deviation policy options
        3.  
          Create Real-time Data Activity Policy options
        4.  
          Create Real-time Permitted User-based Activity Policy options
        5.  
          Create Real-time Restricted User-based Activity Policy options
        6.  
          Create Real-time Sensitive Data Activity policy options
      3.  
        Managing alerts
  9. Section IX. Remediation
    1. Configuring remediation settings
      1. About configuring permission remediation
        1.  
          Managing and configuring permission remediation
        2.  
          Configuring exclusions for permission recommendation
      2.  
        About managing data
      3.  
        About deleting files
      4. About configuring archive options for Enterprise Vault
        1.  
          Adding new Enterprise Vault servers
        2.  
          Managing Enterprise Vault servers
        3.  
          Mapping file server host names
      5. Configuring Microsoft Purview Information Protection (MIP) Label
        1.  
          Removing MIP Label
      6.  
        Using custom scripts to manage data
      7.  
        Viewing and managing the status of an operation
  10. Section X. Reference
    1. Appendix A.  Information Governance best practices
      1.  
        Understanding Information Governance best practices
    2. Appendix B.  Migrating Information Governance components
      1.  
        Migrating Information Governance components
    3. Appendix C. Backing up and restoring data
      1.  
        Selecting the backup and restore order
      2.  
        Backing up and restoring the Information Governance Management Server
      3.  
        Backing up and restoring the Indexer node
      4.  
        Understanding Information Governance best practices
    4. Appendix D. Arctera Information Governance health checks
      1. About Information Governance health checks
        1.  
          Services checks
        2.  
          Deployment details checks
        3.  
          Generic checks
        4.  
          Information Governance Management Server checks
        5.  
          Information Governance Indexer checks
        6.  
          Information Governance Collector checks
        7.  
          Information Governance Windows File Server checks
        8.  
          Information Governance SharePoint checks
        9.  
          Classification server health checks
        10.  
          Information Governance self service portal server health checks
    5. Appendix E. Command File Reference
      1.  
        fg.exe
      2.  
        indexcli.exe
      3.  
        reportcli.exe
      4.  
        scancli.exe
      5.  
        installcli.exe
    6. Appendix F. Arctera Information Governance jobs
      1.  
        Scheduled Information Governance jobs
    7. Appendix G. Troubleshooting
      1.  
        About general troubleshooting procedures
      2.  
        About the Health Audit report
      3.  
        Location of Information Governance logs
      4.  
        Downloading Information Governance logs
      5.  
        Migrating the data directory to a new location
      6. Troubleshooting FPolicy issues on NetApp devices
        1.  
          Viewing FPolicy-related errors and warnings
        2.  
          Resolving FPolicy connection issues
      7.  
        Troubleshooting EMC Celera or VNX configuration issues
      8.  
        Troubleshooting EMC Isilon configuration issues
      9.  
        Troubleshooting SharePoint configuration issues
      10.  
        Troubleshooting Hitachi NAS configuration issues
      11.  
        Troubleshooting installation of Tesseract software
      12.  
        Troubleshooting RHEL 9 upgrade issue
      13.  
        Troubleshooting CyberArk Password Manager Configuration Issues

Adding SharePoint Online accounts

Adding SharePoint Online accounts

Information Governance discovers and scans the data residing in the SharePoint Online accounts that are configured on the Management Console.

Note:

Information Governance disables addition of SharePoint Online accounts if you do not have a valid cloud license or if your license has expired. Also, Information Governance will not discover new accounts that have been added after the expiry of the license.

To add a SharePoint Online account

  1. In the Console, click Settings > SharePoint Sources.

    The SharePoint page displays the list of configured web applications and Online accounts.

  2. Click Add SharePoint Source > SharePoint Online Account.
  3. On the Add New SharePoint Online Account page, specify the URL of the account you want to add and enter the properties.
  4. Click Save.

Note:

For verification of the permission for the newly added SharePoint account, wait till the account's next incremental or full scan, triggered after Local User Scan. By default, LocalUserScanJob runs at 12.30a.m every day on the Collector node. You can manually run the job by navigating to Settings >> Information Governance Servers >> Server >> Jobs >> Select LocalUserScanJob >> Actions >> Run

Add/Edit SharePoint Online account options

Use this dialog box to add a new SharePoint Online account to Arctera Insight Information Governance or to edit the configuration of an existing account.

Table: Add/Edit SharePoint Online account options

Field

Description

SharePoint Online Account URL

Enter the URL of the SharePoint Online URL that you want Information Governance to monitor. For example, https://myaccount.sharepoint.com

Collector

Do the following:

  1. Click Select Collector.

    The Select Collector pop-up displays the configured Collectors that are available for selection.

  2. Review the performance parameters such as disk and CPU utilization and backlog of files accumulating on the configured nodes. It is recommended that you assign a node on which the resource utilization is low.

  3. Click Select to assign the Collector to the filer.

Information Governance connects to the SharePoint server from the Collector node. It is recommended to choose the Collector worker node that is close in proximity to the SharePoint Online account server.

Indexer

Do the following:

  1. Click Select Indexer.

    The Select Indexer pop-up displays the configured indexers that are available for selection.

  2. Review the performance parameters such as disk and CPU utilization and backlog of files accumulating on the configured nodes. You can also view the number of devices, shares or site collections assigned to each configured node. It is recommended that you assign a node on which the resource utilization is low.

  3. Click Select to assign the Indexer to the filer.

Events and metadata that are collected from the site collections are processed and stored on the Indexer node.

Client ID

Client Secret Key

Tenant ID

The client ID is the unique application ID assigned when you create and register an app with Microsoft. You can add up to 5 client IDs.

Client Secret Key: In the SharePoint App, navigate to the Certificates & secrets page. There is a code in the Value column under the Client secret section. You need to use that code as a Client Secret Key while configuring a SharePoint account in Information Governance.

Tenant ID: This is an unique ID assigned to an organization

If you have missed copying the code, go back to the Certificates & secrets page in the SharePoint app and click + New client secret. Copy the code in the Value column and use it as a Client Secret Key in Information Governance.

You can add up to 5 client secret keys. Follow the procedure described in the following topic to get these details:

Note:

Microsoft servers might briefly block certain client credentials for initiating frequent requests. In such scenarios, Information Governance fails to retrieve data from the Microsoft servers. To eliminate such delay, you can add up to 5 client credentials to the SharePoint Online account. If one client credential is blocked by Microsoft, another client credential will be used to fetch data.

Add one client ID, Client Secret Key, authorize the app and click Add More Apps to add another set of client credentials.

Authorize access

Do the following:

  1. Click Authorize. This invokes the application authorized to access the SharePoint Online account.

    Note:

    Ensure that you use the credentials of a Microsoft 365 user with Microsoft Minimum Privileges user role for authorizing Information Governance.

    This step creates an authorization token that is stored as a named credential in the Information Governance configuration. You will be redirected to the Information Governance console to complete the rest of the configuration.

  2. Information Governance can now access the user, folder and file metadata and the information about the activities performed on these files and folders.

Note:

After authorization, do not update the same set of client and secret key.

Automatically discover and add site collections in this SharePoint Online account

This check box is selected by default. This option allows you to automatically include all site collections in the selected SharePoint Online account for the purpose of monitoring.

Clear the check box to add site collections manually. You can do this from the SharePoint Online account details page.

Discovery of site collections takes place as soon as you add a SharePoint Online account and then twice each day at 2:00 A.M. and 2:00 P.M.

Exclude following site collections from discovery

Enter the details of the site collections which should not be included during discovery.

This option is available when you select Automatically discover and add site collections in the added SharePoint Online Accounts. Specify comma separated patterns that you want to ignore. Patterns can have 0 or more wildcard * characters.

For example, https://onlineaccount1/sites/test* ignores site collections https://onlineaccount1/sites/testsite1 and https://onlineaccount1/sites/testsite2.

Monitor SharePoint accesses to this SharePoint Online account

By default, Microsoft SharePoint Online Event Monitoring is enabled. If disabled, select this check box to enable event monitoring on the SharePoint Online account. You must manually enable auditing in the Microsoft 365 Admin Center to enable Information Governance to collect audit logs for the SharePoint Online account.

Enable Scanning for this SharePoint Online account

Select the check box to enable SharePoint Online account scanning according to the specified schedule.

Scanning schedule (for full scans)

Select one of the following to define a scanning schedule for the SharePoint Online account:

  • Use the Collector's scanning schedule.

  • Define custom schedule.

    From the drop-down, select the appropriate frequency.

Arctera Insight Information Governance periodically scans site collections to obtain file metadata. Each Collector worker node by default initiates a full scan of the SharePoint device at 11:00 P.M. each night.

Note:

You can also customize the schedule for each site collection using the Add/Edit Site Collection dialog box.

Scan newly added site collections immediately

Select this option to scan newly added site collections immediately instead of waiting for the regular scan schedule. Scanning will still proceed only when scanning is permitted on the Collector node.

Fetch Microsoft Labels

Check the box if you want to fetch Azure Information Protection (AIP) and Microsoft Sensitive labels for this SharePoint Online account. AIP label is a functionality that enables organizations to classify documents and emails in Microsoft 365.

Scan all versions of the documents

Check the box if you want to scan all versions of the document. If unchecked, only the latest version of the document will be scanned.

Note:

If you select this option, scanning will be at least 20% slower.