advertisement
Clearwell eDiscovery
Platform
™
System Administrator Guide
7.1.2
Clearwell eDiscovery Platform™: System Administrator Guide
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
Last updated: 2012-8-30.
Legal Notice
Copyright © 2012 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, Clearwell and the Clearwell eDiscovery Platform are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/ reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION
SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE,
OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT
NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and
Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043 http://www.symantec.com
Contents
About This Guide
Revision History
Obtaining More Product Information
Documentation Comments/Feedback? 8
Technical Support
Contacting Technical Support 9
10
Product Documentation
Managing the Clearwell Platform
About the Clearwell Platform
The Clearwell Administration User Interface
14
16
Initial Configuration of the Clearwell Platform
17
Setting up a Virtual Appliance
18
Configuring the Clearwell Services
19
Using a Distributed Architecture Deployment 21
Logging In and Out as an Administrator 22
(Optional) Adding Appliances to a Cluster
23
24
Configuring the Backup Location
28
Virus Scanning Guidelines
31
Disabling Your Anti-Virus Software 31
Ensuring Security Software and Windows Management Instrumentation
Maintaining Clearwell Appliances
36
Enabling, Disabling, and Restarting Appliances 38
Moving Cache (On or Off) the Appliance
40
Summary of Additional Administrative Tasks
Managing User Accounts
Defining a Local or Enterprise User Account
45
Administering User Accounts
49
Managing User Accounts For a Specific Case
55
Defining Case Access Profiles 58
Disabling Case Access for User Account 60
61
Enterprise Authentication
Moving to an Enterprise Authentication Environment 63
Configuring User Authentication for LDAP
63
Configuring Integrated Windows Authentication (IWA)
68
Configuring Header-based Authentication 69
Automatic Clearwell User Creation and Role Assignment
70
70
Automatic Clearwell Role Assignment
70
Secure LDAP SSL/TLS Support
Additional Configuration Examples
72
Discovering Archive Sources
75
About Active Directory Discovery
About Discovering HP IAP Archives
75
About Discovering Symantec Enterprise Vault Sources
About Discovering Lotus Domino Sources
76
Managing Schedules and Jobs
77
Managing Schedules
77
Viewing Jobs and Accessing Exported Files
Using the Support Features
81
Backup and Restore
89
About Backups
91
Developing your Backup Routine
92
Creating Case Backups
93
Managing the Case Backup Destination 95
Troubleshooting Case Backups 97
98
Creating Appliance Backups
99
100
Managing Appliance Backup Destination
101
Troubleshooting Appliance Backups
102
Appliance Backup Maintenance 102
Creating System Backups
103
Managing System Backup Destination 103
Backing up a Cluster
About Archiving
Managing Backups and Archives
105
About Restore
106
About Backing up Case Source Data
108
Troubleshooting
Reporting Problems
Managing Logs
109
Appendix: Web Services Access Options
Web Interface Access Ports
Redirecting all HTTP Requests to HTTPS
111
Certificates
Certificate Options Summary 113
Clearwell Utility-Generated Certificate 114
Provider-Generated Certificate
115
SSL Consideration Details
119
System Administration Guide : Revision History PAGE: 7
Welcome to the Clearwell eDiscovery Platform System Administration Guide. The System
Administration Guide provides an administrator’s view of the Clearwell eDiscovery platform and describes how to perform basic and advanced system setup, account management, support, backup and restore, and troubleshooting tasks associated with managing and maintaining the
Clearwell appliance.
This section contains the following sections:
•
“About This Guide” in the next section
•
•
“Obtaining More Product Information” on page 8
•
•
“Product Documentation” on page 11
About This Guide
This guide is intended for, but not limited to, system administrators who are responsible for the configuration, installation and maintenance of the Clearwell eDiscovery Platform. For information about the administration tasks regarding setting up cases in Clearwell, refer to the
"Case Administration Guide" .
Revision History
The following table lists the information that has been revised or added since the initial release of this document. The table also lists the revision date for these changes.
Revision Date
Sept 2012
June 2012
May 2012
New Information
• Integrated Windows Authentication (IWA) and header-based authentication configuration
• User Accounts section now has Document Access Rights for Transparent Predictive Coding.
• Appendix: Web Access Interface Options; updated step 3 on page 120, in instructions for installing a certificate.
About This Guide : Obtaining More Product Information PAGE: 8
Revision Date
March 2012
Feb 2012
Nov 2011
May 2011
Feb 2011
Dec 2010 •
•
•
•
•
•
•
•
•
•
•
•
•
New Information
• Branding
• This guide incorporates content from the following (formerly stand-alone) documents:
– LDAP Active Directory Configuration Reference
– Virus Scanning Guidelines
– Web Access Interface Options (Appendix)
• Added Discovering Archive Sources content (also in the Case Administration
Guide)
New Update License wizard in System > License
New top menu navigation, case selection, and System administration workflow
Integrated Dashboard for single view of status and activity for all cases and single cases
Additional options to control reviewer access to item notes and tag history comments
Distributed architecture mode using RDMS for distributed review.
Exception warning messages administration
Support Feature updates
Additional security and administrative options, including:
– allow OCR processing (after initial case processing)
Relocate cache (on or off) the appliance
Export job enhancements
(Minor revisions, updates, and graphics enhancements throughout)
Updated Technical Support Contact Information
(Minor revisions and graphics enhancements throughout)
Obtaining More Product Information
To obtain more information, refer to:
• Clearwell Products Web site — Go to http://www.symantec.com/business/products
• Documentation link — To obtain the most current online and PDF versions of the documentation, click the Documentation link at the bottom of any page in the Clearwell eDiscovery Platform.
• Online help — Click the Help link in the Clearwell user interface to access online help.
Documentation Comments/Feedback?
• Got questions or comments on this guide, or other user documentation? Feel free to contact us at [email protected]. We appreciate your feedback!
About This Guide : Technical Support PAGE: 9
Technical Support
The primary role of the Clearwell Technical Support team is to respond to our customers to help resolve technical issues affecting features or functionality of the Clearwell eDiscovery Platform.
This includes configuration, workflow, and internal system issues, but does not include assistance with legal-related or case-specific queries. For additional help with technical issues, refer also to Clearwell’s Knowledge Base content available online at: http://www.clearwellsystems.com/support-portal.php
For information about Symantec's support offerings, visit our Web site at: http://www.symantec.com/business/support/
Contacting Technical Support
Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the system on which the problem occurred, in case it is necessary to replicate the problem.
When you contact Technical Support, please have the following information available:
• Product version and patch level
• Service tag number
• Available memory, disk space, and NIC information
• Operating system
• Problem description:
– Affected case name
– Screenshots demonstrating behavior
– Accurate reproduction steps
– Error messages and log files
– Troubleshooting that was performed before contacting Symantec
– Recent software configuration changes and network changes
Note: You must have administrative access to the system in order to perform most troubleshooting. Be sure to have this available, as well as a system/network administrator resource in the event access is required.
To contact Clearwell Technical Support, use any of the following methods:
• Customer Support Portal — (Clearwell Products)
– http://www.clearwellsystems.com/support-portal.php
• Phone — Toll-Free (North America):
– 1-877-Clearwell (253-2793)
About This Guide: Technical Support PAGE: 10
Licensing Portal
If your Clearwell product requires registration or a license key, access our Licensing Portal:
• Symantec Licensing Portal
– https://licensing.symantec.com/acctmgmt/index.jsp
Customer Service
To contact Symantec Customer Care, use any of the following methods:
• Customer Care Portal — (Non-Technical Support) Enterprise Products
– http://customercare.symantec.com
• Phone — Toll-Free (North America):
– 1-800-721-3934
For other regions: http://www.symantec.com/business/support/assistance_care.jsp
Customer Service is available to assist with non-technical questions, such as the following types of issues:
• Questions regarding product licensing or serialization
• Product registration updates, such as address or name changes
• General product information (features, language availability, local dealers)
• Latest information about product updates and upgrades
• Information about upgrade assurance and support contracts
• Information about the Symantec Buying Programs
• Advice about Symantec's technical support options
• Non-technical pre-sales questions
• Issues that are related to manuals
About This Guide : Product Documentation PAGE: 11
Product Documentation
The table below lists the end-user documentation that is available for the Clearwell eDiscovery
Platform product.
Clearwell eDiscovery Platform Documentation
Document
Installation and Configuration
Comments
Installation Guide
Upgrade Overview Guide
Upgrade Guide
Utility Node Guide
Describes prerequisites, and how to perform a full install of the Clearwell software application
Provides critical upgrade information, by version, useful prior to upgrading an appliance to the current product release
Describes prerequisites and upgrade information for the current customers with a previous version of the Clearwell software application
For customers using utility nodes, describes how to install and configure appliances as utility nodes for use with an existing Clearwell software setup.
Native Viewer Installation Guide
Distributed Architecture
Deployment Guide
Getting Started
Navigation Reference Card
Export and Production Guide
Transparent Predictive Coding
Guide
Describes how to install and configure the Brava Client for native document rendering and redaction for use during analysis and review in Clearwell.
Provides installation and configuration information for the Review/
Processing Scalability feature (7.x) in a distributed architecture deployment
Clearwell QuickStart Guide
Reviewer QuickStart Guide
Provides a mapping of the Clearwell user interface (7.x) compared to 6.x
Describes basic appliance and case configuration
A reviewer's reference to using the Analysis & Review module in Clearwell
User and Administration
Legal Hold Guide Describes how to set up and configure a Clearwell appliance for Legal Holds, and use the Legal Hold module as an administrator in Clearwell.
Identification and Collection Guide Describes how to prepare and collect data for processing, using the
Identification and Collection module
Case Administration Guide Describes case setup, processing, and management, plus pre-processing navigation, tips, and recommendations. Includes processing exceptions reference and associated reports, plus file handling information for multiple languages, and supported file types and file type mapping.
System Administration Guide
Load File Import Guide
Includes system backup, restore, and support features, configuration, and anti-virus scanning guidelines for use with Clearwell.
Describes how to import load file sources into Clearwell
User Guide Describes how to perform searches, analysis, and review, including detailed information and syntax examples for performing advanced searches
Describes how to use, produce, and troubleshoot exports
Describes how to use the Predictive Coding feature in Clearwell to train the system to predict results from control data and tag settings.
About This Guide: Product Documentation PAGE: 12
Clearwell eDiscovery Platform Documentation
Document
Reference and Support
Collection
Comments
OnSite Collection
Review and Redaction
Keyboard Shortcuts
Production
A quick reference card of how to collect data in Clearwell
A quick reference for performing OnSite collection tasks
Reviewer's reference card of all redaction functions
A quick reference card listing all supported shortcuts
Administrator's reference card for production exports
A quick reference card for managing user accounts User Rights Management
Online Help
Includes all the above documentation (excluding Installation and Configuration) to enable search across all topics.
To access this information from within the Clearwell user interface, click Help.
Release
Release Notes Provides latest updated information specific to the current product release
For the latest product information: http://www.symantec.com/business/products
Managing the Clearwell Platform : About the Clearwell Platform PAGE: 13
This section describes managing the Clearwell Platform.
•
“About the Clearwell Platform” in the next section
–
“The Clearwell Administration User Interface” on page 14
–
“Managing Clearwell Appliances” on page 16
•
“Initial Configuration of the Clearwell Platform” on page 17
–
“Setting up a Virtual Appliance” on page 18
–
“Configuring the Clearwell Services” on page 19
–
“Using a Distributed Architecture Deployment” on page 21
–
–
“Logging In and Out as an Administrator” on page 22
–
“(Optional) Adding Appliances to a Cluster” on page 23
–
“Defining System Settings” on page 24
–
“Configuring the Backup Location” on page 28
–
“Managing Platform Security” on page 29
•
“Virus Scanning Guidelines” on page 30
–
“Directory Configuration” on page 30
–
“Excluded Directories” on page 30
–
“Scanned Directories” on page 30
–
“Running Review Cache Job” on page 31
–
“Disabling Your Anti-Virus Software” on page 31
•
“Maintaining Clearwell Appliances” on page 32
–
“Managing Your License” on page 32
–
“Adding New Appliances” on page 35
–
“Changing Appliance Settings” on page 36
–
“Enabling, Disabling, and Restarting Appliances” on page 38
–
–
“Moving Cache (On or Off) the Appliance” on page 40
•
“Summary of Additional Administrative Tasks” on page 42
About the Clearwell Platform
The Clearwell eDiscovery Platform automates the analysis and review of information stored in
Microsoft Exchange servers, email archives, Personal Information Store (PST) files, Lotus Notes
Files (NSF), and other information stores.
Managing the Clearwell Platform : About the Clearwell Platform PAGE: 14
Clearwell manages documents by case. To define a case, you specify the sources of the documents that you want to index and analyze. The scope of a case can be as broad or narrow as required, and can be updated dynamically as new content is added to the specified sources.
You can have many cases active at one time, and each case can be managed independently of other cases, with its own discrete set of documents and access controls.
The Clearwell Administration User Interface
Clearwell 7.x versions employ an enhanced Clearwell user interface designed to improve case management with an end-to-end workflow within each case. (For more information about mapping 6.x menu items to the newest version, refer to the Clearwell Navigation Reference Card.
From the All Cases view, system administrators can also see a single Dashboard view displaying status and activity for all cases across your eDiscovery lifecycle.
Dashboard status can be filtered by All Cases, or a type of case, and provides the number of cases, active legal holds, and data volumes that have been collected, processed, reviewed, and produced.
Note: The System Manager role has privileges to perform and access case management tasks as well as system management tasks which affect not only the selected case, but all cases (such as the All Cases, All Processing, and System views).
Managing the Clearwell Platform : About the Clearwell Platform PAGE: 15
When a case is selected on the top navigation bar, from the Case Home view, system administrators can see case details, plus manage all activity for a selected case.
The following example shows three main areas of case activity, starting with the Legal Hold
“Insider Trading Hold” for the SEC v Tamas case.
There are a total of four notices for this case, displaying the current status of custodian confirmations. This view also allows the option of adding new legal hold notices, or performing actions on the existing ones.
Collection data displays tasks by source and by custodian, showing the total volume of data collected for each. The bottom box shows the total data volume of sources processed by batch, and review/analysis tags associated with this case.
For more information about mapping administrative functions within the new user interface, refer to the 3-page Clearwell Navigation Reference Card.
Managing the Clearwell Platform : About the Clearwell Platform PAGE: 16
Managing Clearwell Appliances
Clearwell appliances can be managed as standalone systems, in cluster configurations.
• Standalone. A Clearwell appliance managed individually requires no additional setup related to other appliances, and the various appliance menus can be ignored.
• Cluster. A designated master appliance can be used to manage multiple appliances. After you define the Clearwell appliances in a cluster, you can use any appliance in the cluster to administer the other appliances and search any case on any appliance, provided the master appliance is active and accessible from the appliance where you log in. Cluster operation requires the master appliance to be available at all times.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 17
Initial Configuration of the Clearwell Platform
Overview: Setting Up a Clearwell Appliance
This list describes the process of bringing a Clearwell appliance online.
1.
Connect the Clearwell appliance to your network and configure the network settings and
services. See “Configuring the Clearwell Services” on page 19 .
2.
3.
(Optional) Verify Internet Explorer is configured correctly.
See
“Browser Settings” on page 21 .
4.
Log in as an administrator.
See
“Logging In and Out as an Administrator” on page 22
.
Note: To create a cluster, see “(Optional) Adding Appliances to a Cluster” on page 23
.
5.
Configure the system settings.
See
“Defining System Settings” on page 24 .
6.
Specify an external location where case and system backups are stored.
See
“Configuring the Backup Location” on page 28
.
7.
Review the appliance security issues.
See
“Managing Platform Security” on page 29 .
8.
Install or check your anti-virus software according to Clearwell guidelines.
See
“Virus Scanning Guidelines” on page 30
9.
Configure the Windows firewall.
See
“Summary of Additional Administrative Tasks” on page 42
.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 18
Setting up a Virtual Appliance
Clearwell can either run on a dedicated appliance, or as a guest operating system on a virtual appliance using VMware. While a number of options are available for running VMware images,
Clearwell recommends using VMware vSphere ESX 4.0, or ESXi 4.0.
Note: All servers running Clearwell require licensing. Contact your Clearwell Sales representative to purchase a license, and to discuss additional information depending on your intended use and requirements.
The Symantec Clearwell software optimizes the use of resources by dynamically tuning processing speeds based on the amount of memory and number of CPUs available. Following is a standard configuration for a Clearwell VMware virtual guest.
Typical Clearwell VMware Guest Configuration
Component
Memory
Hard drive
CPU
Recommendation
32 GB RAM (minimum)
Note: When using more than 32 GB RAM, a
Windows Enterprise Edition license is required.
1.5 TB (thin provisioning not recommended)
16 cores (virtual sockets X cores per socket) minimum.
Note: Symantec Clearwell recommends VMware vSphere 5 to best support these memory and
CPU requirements.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 19
Configuring the Clearwell Services
The following list describes the services that run on the Clearwell eDiscovery Platform. Each service must run under a login user account in your Windows domain, and each account must have the appropriate permissions and belong to the local Windows Administrator group.
For detailed information on configuring accounts, see the Clearwell QuickStart Guide.
To configure the Clearwell services
1.
On the Clearwell appliance, right-click on My Computer and select Manage.
2.
To change a service logon account, select Services and Applications > Services, rightclick on the service, and select Properties.
3.
To add an account to the Windows Administrator group, select
Local Users and Groups > Groups, select Administrators, and add the account.
List of Clearwell Services
EsaApplicationService:Firedaemon
Controls the Clearwell Application Server, which is responsible for indexing the incoming documents and processing search requests. This service depends on the MySQL service. No configuration is required, except in the following cases:
– To crawl PST files or loose files on a network share that requires a username and password, this service must run under a login account with those permissions.
– To crawl an Active Directory domain other than the domain of the Clearwell platform, this service must run under a login account in that domain (used mainly for lab tests).
EsaEvCrawlerService
EsaEvRetrieverService
Responsible for crawling and retrieving documents on Symantec Enterprise Vaults. The login user name must match the name used by the Symantec services (generally the “Vault
Service Account”).
EsaExchangeCrawlerService
EsaExchangeRetrieverService
Responsible for crawling and retrieving documents on Exchange servers. The login user must have the following permissions:
– Read
– Execute
– Read permissions
– List contents
– Read properties
– List objects
– Open mail send queue
– Read metabase properties
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 20
– Administer information store
– Create name properties in the information store
– View information store status
– Receive As
EsaPstCrawlerService
EsaPstRetrieverService
Responsible for crawling and retrieving PST data stores. Note the following:
– If the PST files are on a network share that requires a username and password, these services must run under a login account with read and write access to the network share.
– If the PST files are on a storage device attached to the Clearwell platform, then only local permissions are required.
Tip: The Clearwell platform requires different accounts but similar privileges for each of the PST crawler, and retriever services. Setting up separate accounts avoids potential memory contention and management issues with Microsoft’s MAPI interface which could result in sub-optimal performance.
EsaNsfCrawlerService
EsaNsfRetrieverService
Responsible for crawling and retrieving NSF data stores. These services must be configured with the permissions needed to access NSF files over the network. Note the following:
– If the NSF files are on a network share that requires a username and password, these services must run under a login account with read and write access to the network share.
– If the NSF files are on a storage device attached to the Clearwell platform, then only local permissions are required.
Tip: Maker sure that these two services are configured to use the same account.
EsaRissCrawlerService
EsaRissRetrieverService
Responsible for crawling and retrieving documents on the Hewlett-Packard Integrated
Archive Platform (IAP), formerly called the Reference Information Storage System (RISS). To properly start and run, the account you use for this service must be setup with access the
RISS shares.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 21
Using a Distributed Architecture Deployment
The Clearwell appliance can be configured to run in a distributed environment. In a distributed configuration, Clearwell uses a dedicated MySQL located on a separate machine for the underlying database server component which, when coupled with proper assignment and provisioning of appliances, efficiently spreads the review and processing workload across multiple appliances.
Appliances and their roles are viewed and managed from two locations:
• With a case selected, in Case Home > Appliance Roles
• In All Cases view, in System > Settings > Appliances > [selected appliance] > Appliance
Roles.
Case-Level Appliance Roles Screen
To assign review and processing appliances to be used immediately without running another processing job, you can provision appliances manually using the Provision link in the Review
Status column.
Note: The “Provision” link is only displayed if the review appliance does not have the latest processed data. For example, if Case A does not yet have any data, the link does not appear because its review appliances will automatically be provisioned as soon as the first processing job completes. The “De-Provision” link provides the option of removing (unassigning) the
Review Role from appliances that are already provisioned, and which are not the Case Home
(Master) appliance.
For more information, and to set up and configure your appliances to use a distributed architecture model, refer to the Distributed Architecture Deployment Guide.
Browser Settings
Internet Explorer version 8, 9, or 10 is required to access and manage Clearwell appliances. If using Internet Explorer 10, the browser must be run in compatibility mode. (Clearwell currently supports only Internet Explorer and can only be accessed from Windows computers.) The browser should be run on a remote client, not on the Clearwell appliance.
Note: Clearwell does not officially support Mozilla® FireFox, Safari (Mac), or Google® Chrome
Web browsers.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 22
The following list describes the required browser settings. If you have any problems accessing an appliance, you may need to add the appliance to the list of trusted sites.
Required Settings
• Turn off popup blocker for Clearwell zone/domain/hosts
• Persistent cookies
• Active-X controls and plug-ins
• Disable automatic prompting for downloads
• Scripting: allow programmatic clipboard access
• Set headers and footers to empty on each appliance (for native-view production and export).
• Active scripting
• File downloads
• Allow META-REFRESH
• Cookies (session based)
• Open files based on content
• Submit non-encrypted form data
• Enable visual styles on buttons and controls
• Use HTTP 1.1
• Show pictures
• Play animations
• Enable native XMLHTTP support
Logging In and Out as an Administrator
Your access privileges depend on the role associated with your account. The default admin account has unrestricted access to all cases and administrative functions.
To log in to a Clearwell appliance as an administrator
4.
Type the name or IP address of a Clearwell appliance in your browser: http://<ClearwellServerName>
5.
When logging in for the first time, type the Clearewell-provided default user name and password and click Login.
Note: Be sure to change the default account password. The password is the same on every
Clearwell appliance. Leaving the default password opens your system up to vulnerabilities.
6.
If you have access to multiple cases you will be prompted to select a case immediately after logging in. Select a case.
7.
If your preferences are set to save your session when you log out, when you log back in you might be prompted to resume your last session. You will not be prompted if you chose to always automatically resume the previous session.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 23
To change the default password
•
Click Profile at the top of the screen or see “Defining User Accounts” on page 46
.
To log out of a Clearwell appliance
• To log out, click Logout at the top of the screen.
When you log out of Clearwell while viewing search results or reviewing documents in the
Analysis & Review module, you have the option to save your place. The next time you log in, you have the option to return where you left off or to log in to the default screen.
Note: Inactive users are logged out automatically after a configurable amount of time (default is 30 minutes). If your session times out, you will be returned to your current state if you have previously logged out and (1) specified that you want your search state to be saved and (2) that you don’t want to be prompted to save state again.
(Optional) Adding Appliances to a Cluster
You can manage a cluster of multiple Clearwell appliances by defining a master appliance. To create a cluster, the system administrator must start all appliances, log into the appliance which will serve as the cluster master, then add the other appliances to the master appliance.
Note: All cluster members must be running the same version (including fix packs).
After you add one or more appliances, you can use any appliance in the cluster to administer the other appliances and search any case on any appliance. Note that the master appliance must always be active, and must be accessible from the appliance where you log in.
To define the appliances in a cluster
1.
Login to the master appliance.
2.
From the System view, click Appliances.
The Manage Appliances screen shows the host name, appliance status, free disk space, and the number of cases, indexed documents, and active user sessions for each appliance in the cluster. A house icon, , indicates the master appliance.
3.
To add an appliance to the cluster
A. Verify that the appliances to be added are installed on your network and activated.
B. Click Add, and specify the following information. An asterisk (*) indicates a required field.
Appliance Details
Field
Appliance Name*
Host Name*
Clearwell Appliance
Port*
Description
Type an appliance name (up to 35 characters).
Type the appliance host name (up to 255 characters).
Type the port used for inter-appliance communication. Do not change the default (2595) unless instructed by Clearwell Technical Support.
C. Click Save to add the new appliance.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 24
Defining System Settings
The system settings specify various options, such as the email address of a local administrator to be notified if a problem occurs, the maximum size of individual files that can be printed or exported, the minimum password length, and the idle timeout (automatic logoff).
Note: If you define a cluster of appliances, the system settings apply to all appliances in the cluster.
To change the system settings
1.
From the System view, click Settings.
2.
Click a tab to view or change the associated settings. The System Settings table describes the settings for each tab. An asterisk (*) indicates a required field.
3.
Click Save on any screen to save all the settings under each tab
System Settings
Field
General
Administrator email address*
SMTP server hostname/
IP*
SMTP server authentication
Confirmation server hostname/IP*
Description
The email address of an administrator to be notified when a problem occurs.
This field updates the Feedback link in the Clearwell footer.
Note: In rare cases, an error message may include a Report Problem link that users can click to notify the administrator.
The name or IP address of the SMTP email server used to send summaries of document tagging operations, as well as to send problem notices to the administrator.
Note: This is also used to send legal hold notifications to custodians. (For more information, refer to "Setup Requirements" Legal Hold Setup Guide .
The user name and password to be used when additional SMTP server authentication is required beyond the user name and password associated with your SMTP server.
The name or IP address of the Confirmation server to be used for legal hold notifications to custodians as well as to identified system administrators.
Note: This is required during set up of a licensed Legal Hold module. Follow the steps to configure your Confirmation server with the appropriate hostname/IP.
For more information, refer to the Appendix in the Clearwell eDiscovery Platform
Legal Hold Reference Guide.
Auto-Recovery Enable appliance auto-recovery. If an appliance fails or cannot access the master appliance, the appliance attempts to recover automatically, up to a maximum number of retries (default is three). If this option is disabled, or each of the retries fails, the appliance is taken off-line and must be restarted manually
(see “Enabling, Disabling, and Restarting Appliances” on page 38
). Note that a master appliance and standalone appliances always attempt to recover automatically.
Support Web Page URL URL to be used as the Support link in the Clearwell footer.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 25
System Settings (Continued)
Field
Windows authentication for
Clearwell appliance
Additional account for mail conversion
Description
The user name and password to be used for file browsing or accessing network resources from the Clearwell appliance.
This user name and password should match the logon account credentials used for the Clearwell EsaApplicationService.
(Optional) Clearwell will use the extra account to multi-thread OST and MBOX conversion. Specify an administrative Windows account that is not used by any
Clearwell Windows services and IGC services.
Locations
Extracted Files
Converted Files
The location where Clearwell will store PST and NSF email files that are extracted from EnCase evidence files and other containers (such as ZIP and RAR files) during pre-processing.
• Default directory—Use the default directory:
<appliance installation dir>\containedPstNsf\<case
ID>\
• Custom directory—Specify the parent directory you would like Clearwell to use to store extracted PST and NSF files. Case-specific folders will be automatically added underneath the parent directory (\<case ID>\).
Note: The Clearwell administration is responsible for maintaining the integrity of the PST/NSF extraction directory, and Clearwell recommends that you include it in the Clearwell backup plan. However, if the contents of the directory are ever removed, Clearwell will automatically re-extract the necessary PST and NSF files from their container and replace them in the directory.
The location where Clearwell stores converted MBOX and OST files. Original
MBOX and OST files are kept intact at their original location.
Note: This setting can be overridden at the case level. From Case > Settings >
Configure processing parameters and features, you can specify a different location for each case.
Known File Filtering
When setting locations, specify a File Share or disk drive location that:
• Is consistently accessible to the appliances in the cluster
• Has sufficient disk space to handle your expected volume of converted mail
(OST/MBOX file type) items. Specify the location by using a UNC path,
\\servername\directory
Put contained and converted files and known files on a separate network sharefrom the local clearwell applianced drive. This is a requirement for distributed environments and is highly recommended for all configurations for optimum performance and processing.
For other system settings (including service account credentials) information, refer to the Clearwell QuickStart Guide.
The storage directory for known file lists. Type the directory or click Browse to specify the storage directory.
The directory must be accessible from all appliances in a Clearwell cluster, and it will not be backed up or managed by Clearwell. See “Pre-Process Your Source
Data” on page 52 for more information on known file filtering and how it is used.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 26
System Settings (Continued)
Field
Indexing
Items to Include in
Processing
Description
Clearwell allows you to specify at the overall system level what types of
Exchange/PST items (Contacts, Calendar Items, Tasks, Journal entries, and
Posts) should be included in processing.
By default, all items except for contacts are included. For other sources (notes and archives), all content types are always included.
Different rules apply in a distrbuted architecture. Refer to the Distributed
Architecture Deployment Guide for more information.
Note: If Contacts are included, all crawlers must be restarted. Go to Support
Features and select Crawler Manager.
Security
Session timeout*
Minimum password length*
Password change interval*
Failed logins allowed*
User Password Policy
Lockout message
User Logon Help
Message
The number of minutes (5 to 720) a user’s session can be idle before the user is logged out (default is 30).
The minimum number of characters (4 to 25) required in an account password
(default is 6).
The number of days (0 to 365) before a password expires (default is 0). A zero indicates that passwords never expire.
The number of consecutive failed login attempts allowed (0 to 100) before the user account is automatically disabled (default is 5). A zero indicates any number of failed attempts is allowed.
The option to require users to change their passwords on initial login.
If you select this option, the user is prompted to change the password.
When an administrator sets the password for another user and this check box is selected, the user must reset the password upon next login.
The message displayed to the user (up to 255 characters) when the user account is locked out because the number of password retries was exceeded.
There are options and delivery methods for a user message:
• Enter the text (up to 255 characters) that is presented when the user clicks
Need help? on the login screen.
• Enter the email address and text
• Enter a URL link and text
HTTPS
Errors and warnings
Forces redirection to HTTPS for all access attempts.
Click the Connect Securely link to test whether you can access the web interface using HTTPS.
In the event of an error, this option will display more detailed information in the message window which will help the Clearwell support team in diagnosing the issue. Errors with detailed information display next to the username with a yellow warning sign icon.
Enter the maximum size of individual files (in megabytes) that can be printed from the Clearwell platform. A file that exceeds the maximum size is broken up into multiple files. Contact Clearwell Technical Support if you are changing this value in a multi-appliance cluster
• Maximum CSV file size* (10 to 2000, default is 20)
• Maximum PDF file size* (10 to 2000, default is 100)
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 27
System Settings (Continued)
Field
Confidentiality footer used on printed reports
Description
An alphanumeric string (up to 150 characters) used to print confidentiality information on printed reports.
By default, this field is empty.
Time and Date
Note: Note: The date, time, and time zone formats are used for display in all administrative and document contexts across all cases on the cluster, unless the values are overridden at the case level.
Date Format Choose the format from the drop-down list.
Time Format
Time Zone
Choose the format (12-hour or 24-hour clock) from the drop-down list.
Choose a time zone from the drop-down list, or use the current appliance time zone (default).
Branding
Enable Branding Select the check box to enable co-branding of the Clearwell application with your own logo in addition to the standard Clearwell logo. The additional logo will be displayed on the login screen and in the banner image that is shown on all screens.
Supported image types include bitmap (.bmp), JPEG (.jpeg, .jpg), GIF (.gif ), and
PNG (.png).
When you select the Enable Branding check box, display options are presented.
• Click the Change button in the Login screen logo or Banner area logo section to open the Upload branding image pop-up window.
• Click and browse to select and upload the image. The image is automatically scaled to fit the available space.
• Click Save. The image is now included in the application banner and/or on the login screen.
• Type the tooltip label in the appropriate field.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 28
Configuring the Backup Location
By default, case and system backups are saved on the local appliance. Clearwell recommends saving backups to a shared network location for disaster recovery in the event of an appliance failure. Saving backups to an external location also makes it easier to move cases between appliances in a cluster to optimize the use of available disk space. To perform case and system backups, see
“Backup and Restore” on page 89 .
To change the backup location
1.
From the System view, click Support Features.
2.
Select Property Browser from the feature menu, and click Submit to view the properties that you can change.
3.
Enter the following information. An asterisk (*) indicates a required field.
Directory Properties
Field
Name of property to change
Description
Enter the following property name: esa.case.backupDir
You can change this value by editing the esa.case.backupDir
property using the Property Browser support feature. You must specify the
backupDir for each appliance in the cluster by repeating the process for each appliance in the Choose an appliance drop-down list.
You must also set the esa.case.sharedBackupDir
property to true in order for the cluster to recognize the backupDir location as a shared location that is visible by all appliances in the cluster. It is not necessary to set this property for each appliance in the cluster.
Confirm change* Select the check box to confirm the change.
4.
Click Submit to apply the change.
Managing the Clearwell Platform : Initial Configuration of the Clearwell Platform PAGE: 29
Managing Platform Security
The Clearwell eDiscovery Platform is supported on Microsoft Windows 2008 64-bit Standard and Enterprise Server Editions. Clearwell recommends that you follow standard practices for securing Microsoft Windows 2008 Server.
Note: Windows 2008 Enterprise Server Edition is required on appliances that have more than
32 GB memory.
You should change the default Windows Server password that ships with the appliance to a password that meets your security policies.You should also change the default password of the superuser account used to access the Clearwell application. Refer to the Clearwell QuickStart
Guide.
Additional security issues to consider:
• Firewall. The Windows firewall is enabled by default, and Clearwell applications are registered by name (rather than by port) to communicate through the firewall. To view the
Note: On utility nodes, the Windows firewall is disabled by default.
• Data Security. By default, documents are indexed where they currently reside, and are not copied to the Clearwell appliance. Users can retrieve and view indexed documents, but cannot change them. When the user logs off, any documents fetched during the session are flushed from the system. Note the following:
– Printed and exported documents ARE copied to the appliance, so users should delete their print and export jobs after they download the files. For added security, users can flush the browser cache after a session.
To configure the confidentiality footer for printed reports, from the System view, click
Settings > Export/Print tab.Type the new confidentiality footer text in the field
provided. (See Table 4-2 “System Settings”.)
– Clearwell does not scan documents for viruses. If you want to install anti-virus software on a Clearwell appliance, contact Technical Support for configuration instructions.
• Network Security. Clearwell recommends using Secure Sockets Layer (SSL) encryption to secure access to the Clearwell appliances from any untrusted network. Clearwell uses port
443 for SSL and recommends that only this port should be accessible from an untrusted network.
Clearwell is certified to work with the browser’s default security settings. If you use custom security settings, contact Clearwell Technical Support for guidance on known security issues.
Note: For additional security, you can force redirection to HTTPS for all access attempts. Refer to
“Defining System Settings” on page 24
.
Managing the Clearwell Platform : Virus Scanning Guidelines PAGE: 30
Virus Scanning Guidelines
The Clearwell eDiscovery Platform does not come with bundled anti-virus software. Clearwell recommends that users perform an anti-virus scan of the data that they wish to use Clearwell to analyze and provide anti-virus software on their end-user PCs since Clearwell users do have the ability to download native files on their own.
Clearwell recognizes the need for security compliance within an organization and the requirement for deploying anti-virus software. If you install anti-virus software on the Clearwell appliance, consider the following guidelines for scanning directories and processes.
Refer to the following topics in this section:
•
“Directory Configuration” on page 30
•
“Running Review Cache Job” on page 31
•
“Disabling Your Anti-Virus Software” on page 31
•
“Ensuring Security Software and Windows Management Instrumentation (WMI) Operability” on page 31
Directory Configuration
Follow the steps in this section to configure directories
Excluded Directories
You should exclude the following directories from your virus scan.
– d:\mysql
Note: If the mysql directory is scanned, the anti-virus software is likely to quarantine or delete the files. The first symptom of this scenario is that your backups start failing.
– d:\mysqltemp
Note: If the mysqltemp directory is scanned, the anti-virus software is likely to quarantine or delete the files. The first symptom of this scenario is that your backups start failing.
– d:\CW\<current_version>
Note: Note: The following subfolder needs to be scanned: d:\CW\<current_version>\scratch\temp\esadb\attCacheDir\
Scanned Directories
Before a document is displayed to the Reviewer in native view, the document is generated as a temporary file in its native format. Document rendering can be initiated in two different ways:
(1) by downloading documents in real time through Review Mode's Native View or (2) as a batch process through Search Cache Job.
Note: Scanning documents will impact performance.
Managing the Clearwell Platform : Virus Scanning Guidelines PAGE: 31
Downloading files in Real Time
When you review documents in their native format without running the Review Cache Job, the files are downloaded and converted in real time. By default, converted files are saved in the d:\CW\<current_version>\scratch\temp\esadb\attCacheDir\ directory.
The attCacheDir directory is a staging area for documents and attachments that need to be scanned for viruses prior to being displayed to the user.
Summary: Configure your anti-virus software to scan the directory: d:\CW\<current_version>\scratch\temp\esadb\attCacheDir\
Running Review Cache Job
When you run the Review Cache Job, every document within the group is converted into its native format and then stored in an unspecified directory. To ensure these native-format files are scanned, you need to create a staging directory called d:\CW\netitScan\ and then point your anti-virus software to that directory.
After creating the netitScan directory, files are converted to native format, copied to d:\CW\netitScan , scanned by your anti-virus software, and then copied to their final home.
How to create a fixed location to automatically scan temporary, native-format files
1.
On the Clearwell appliance, create the d:\CW\netitScan\ directory if not already there.
2.
Log on to the Clearwell appliance and navigate to System > Support Features.
3.
From the Choose a support feature drop-down list, select Property Browser.
4.
In the Name of property to change field, type esa.netit.virus_scanner_dir.
5.
In the New value (leave blank to remove) field, type d:\CW\netitScan.
6.
Select the option Confirm change. Are you sure?.
7.
Click Submit to save the configuration.
Disabling Your Anti-Virus Software
If you decide to discontinue the practice of scanning documents for viruses, ensure that you remove the esa.netit.virus_scanner_dir property through the Support Features >
Property Browser. Before upgrading or installing a new version of Clearwell, Clearwell strongly recommends disabling your anti-virus software first.
Note: For upgrade information, refer to the Clearwell Upgrade Overview, and Clearwell Upgrade
Guide. For new installations, refer to the Clearwell Installation Guide.
Ensuring Security Software and Windows Management Instrumentation (WMI)
Operability
Clearwell depends on Windows Management Instrumentation (WMI) in order to gather hardware utilization statistics for adjusting processing speeds. In the event that Clearwell is unable to obtain WMI statistics, the system will not be able to discover or process data successfully. Ensure that your security software configuration is not blocking or interfering with WMI and its ability to collect Clearwell management data.
Managing the Clearwell Platform : Maintaining Clearwell Appliances PAGE: 32
Maintaining Clearwell Appliances
For information about how to manage the Clearwell appliances in a cluster, refer to the following topics:
•
“Managing Your License” in the next section
•
“(Optional) Adding Appliances to a Cluster” on page 23
•
“Changing Appliance Settings” on page 36
•
“Enabling, Disabling, and Restarting Appliances” on page 38
Managing Your License
Your license key is supplied by Clearwell Technical Support based on the terms of your license agreement. For new Clearwell appliances, the license key is usually already installed and activated. If you have upgraded your license to allow for expanded case and document processing, you may receive a new license file.
Use the System > License screen to view the license information and to update your license. On the associated Detail screen, you can view how much of your licensed capacity each case currently uses.
To view or update license information
1.
From the System view, select License.
In this example, the current capacity is for 500 custodians. Periodically note this count, particularly each time a collection set or task is deleted, or a custodian is released from a legal hold from a case.
Managing the Clearwell Platform : Maintaining Clearwell Appliances PAGE: 33
2.
To view details for your cases, click View Details. The Details page shows each case with the capacity used for each.
– Click Done to return to the License screen.
– Click an underlined case link to open the Status screen for that case.
3.
To update the license, click Update License.
The Update License Wizard opens.
4.
Select the method you want to use to update your license. (As shown in this example, you can choose to copy and paste the license information you received from an email message.)
Click Next.
5.
Click Paste the place the copied text into the window. (Click Clear to delete.)
Click Next.
Managing the Clearwell Platform : Maintaining Clearwell Appliances
6.
Review the license information to be applied (replacing your existing license).
PAGE: 34
To confirm and continue, click Next. (Alternatively, click Previous to re-apply the license information.)
7.
The final screen of the Wizard displays a message reflecting your license status. In this example, the license was applied successfully.
Click Finish. (Alternatively, click Previous to re-apply the license information.)
Managing the Clearwell Platform : Maintaining Clearwell Appliances PAGE: 35
Adding New Appliances
You can manage a cluster of up to six Clearwell appliances by defining a master appliance.
Simply log in to the appliance that you want to serve as the master, and add the other appliances. After you add one or more appliances, you can use any appliance in the cluster to administer the other appliances and search any case on any appliance, provided the master appliance is active and accessible from the appliance where you log in.
Global system changes are applied to all members of the cluster. There are some exceptions to this rule and these pertain to particular distributed architecture configurations. Refer to the
Distributed Architecture Deployment Guide for more information. New cases are assigned to the appliance with the most free disk space, unless you manually select a specific appliance.
Note: An appliance must be idle (no users logged into any case, no jobs running) when it is added to a cluster. The master appliance can have any number of cases. If you add an appliance that has its own cases to a cluster, the cases are in a “recoverable” mode after the appliance is added.
To define the appliances in a cluster
1.
From the System view, click Appliances.
The Manage Appliances screen shows the host name, appliance status, free disk space, and the number of cases, indexed documents, and active user sessions for each appliance in the cluster. A indicates the master appliance.
2.
To add an appliance to the cluster
A. Verify that the appliances to be added are installed in your network and activated.
B. Click Add, and specify the following information. An asterisk (*) indicates a required field.
Appliance Details
Field
Appliance Name*
Host Name*
Clearwell Application
Port*
Description
Enter an appliance name (up to 35 characters).
Enter the appliance host name (up to 255 characters).
Enter the port used for inter-appliance communication. Do not change the default (2595) unless instructed by Clearwell Technical Support.
C. Click Save to submit the new appliance, or click Cancel to discard your changes.
3.
To restart an appliance, remove an appliance from the cluster, or perform other appliance management tasks, see
“Enabling, Disabling, and Restarting Appliances” on page 38 .
Managing the Clearwell Platform : Maintaining Clearwell Appliances PAGE: 36
Changing Appliance Settings
You can change an appliance name, monitor its current memory and disk space, view and terminate active user sessions, stop the job manager, stop or delete jobs, and enable or disable access to email server/archive document sources.
Note the following guidelines:
• Each appliance should be restarted once a month to maintain optimum performance (see
“Enabling, Disabling, and Restarting Appliances” on page 38 ).
• As an appliance’s disk becomes full, you can:
A. Back up one or more cases, and restore the cases to another appliance with more disk space (see
“Backup and Restore” on page 89 ).
B. Delete the backed-up cases from the original appliance (refer to "Managing Cases" in the
Case Administration Guide ).
• When you change user access privileges, you may want to terminate the active sessions.
Some privilege changes do not take effect until the next time the user logs in.
To manage individual appliances
1.
From the System view, click Appliances.
2.
To view or change an appliance’s settings
A. Click the appliance name.
The Appliance details screen displays.
B. Click a tab to view or change the associated settings. The following table describes the settings for each tab.
Appliance Settings
Tab
Appliance
Sessions
Description
View the appliance details, such as the software version, available memory, and the available disk space on the drive where Clearwell is installed.
To change the appliance name, enter a new name (up to 35 characters), and click Save.
View the current active sessions for the appliance. To terminate a session, click the trash can icon placed in the user’s row. To view the active sessions for
all appliances in the cluster, see Viewing System Sessions.
Managing the Clearwell Platform : Maintaining Clearwell Appliances PAGE: 37
Appliance Settings (Continued)
Tab
Jobs
Sources
Description
View the recent jobs for the appliance, such as indexing, exporting, printing,
and tagging. To view the jobs for all appliances in the cluster, see “Viewing
Jobs and Accessing Exported Files” on page 79
.
You can do any of the following:
• To limit the list of jobs displayed, select a user, case, or update time from the User, Context, and Jobs updated menus. Select System Jobs from the
Context menu to view just the backup/restore and purge jobs. Note that discovery jobs for email server/archive sources are monitored on their respective screens (refer to "Discovering Archive Sources" in the Case
Administration Guide ).
• To view the job log for a job, click in the status column.
• To stop a running job, select the check box next to the job, and click Stop
Jobs. To stop or pause the Job Manager, click Stop or Pause. Stopping the
Job Manager cancels all running jobs. To restart or reactivate the Job Manager, click Start or Resume. To stop a paused Job Manager, click Resume, and then click Stop.
• To delete a job, click for the job, or select the check box next to the job, and click Delete Jobs. To delete all jobs older than 60, 30, or 14 days, select the time interval from the jobs older than menu, and click Purge. All files associated with a deleted job are also deleted, and will no longer be accessible from the Jobs window.
View the discovered email server/archive sources that can be accessed by the appliance. To enable or disable access to these sources, select the check box next to the appropriate sources, and click Enable or Disable. To view and enable or disable these sources for all appliances in the cluster, see
“Managing Schedules and Jobs” on page 77 .
Managing the Clearwell Platform : Maintaining Clearwell Appliances PAGE: 38
Enabling, Disabling, and Restarting Appliances
We recommend that you restart all appliances, including the master appliance, once a month to maintain optimum performance.
Note: Restarting the master appliance restarts all slave appliances and terminates all user sessions
If an appliance other than the master appliance malfunctions, you can disable it to ensure that it does not affect other appliances in the cluster. You can then re-enable it or remove it from the cluster.
The transition of a non-master appliance from disable to enable state may take some time (up to
30 minutes) depending on how quickly communication can be re-established with the master appliance. To avoid this time delay, you can intervene and manually restart the services on the non-master appliance to enable the appliance and bring it online.
Note: You can check the non-master log file to verify that the appliance is in this state.
To enable, disable, or restart an appliance
1.
From the System view, click Appliances.
The appliance list shows the host name, appliance status, the free disk space on the drive where Clearwell is installed, and the number of cases, indexed documents, and active user sessions. Note the following appliance status values:
– Disabled. The appliance is part of the cluster, but it cannot be accessed by users or other appliances.
– Off-line. The appliance is part of the cluster, but is temporarily unavailable, such as during system backups or an auto-recovery (see the auto-recovery settings in
System Settings” on page 24 ). You may have to restart the appliance to change its status
to On-line.
2.
To restart an appliance
A. Select the check box next to the appliance you want to restart.
B. Select Restart from the menu at the bottom of the screen, and click Go.
C. If the Off-line status does not change, restart EsaApplicationService on the appliance.
I .
On the Clearwell platform, right-click on My Computer and select Manage.
II .
Select Services and Applications > Services, right-click on EsaApplicationService, and select Restart.
3.
To enable or disable appliances
A. Select the check box next to the appropriate appliances.
B. Select Enable or Disable from the menu at the bottom of the screen, and click Go.
4.
To remove an appliance from the cluster, click for the appliance. Note the following:
Managing the Clearwell Platform : Maintaining Clearwell Appliances PAGE: 39
– You can delete an on-line appliance that has cases, provided that the appliance is idle.
To delete cases from an appliance, go to the All Cases view and click the trashcan icon
for the case. To first move a case to another appliance, see “Migrating Cases” on page 107
.
When you delete an appliance with cases, the cases are also removed from the cluster, but the case data remains intact and recoverable on the deleted appliance.
– There is no need to make a distinction between the online/offline/disabled state of the appliance - appliances can now be deleted in any state.
– A disabled appliance can be deleted without first deleting its cases.
– When you delete an appliance from a cluster, it becomes accessible as a singleappliance cluster and the cases on the appliance have the status “Recoverable.”
Upgrading Cases
When you upgrade the Clearwell platform, the system is unavailable until all services and internal data have been upgraded. After the upgrade completes and services come online, users are able access the Clearwell interface.
When a newly-upgraded appliance comes online, the appliance automatically begins creating and running upgrade jobs for existing, upgradable cases. When Clearwell upgrades cases automatically, the most recently-created cases are upgraded first.
If you have cases that need to be upgraded first, you can control the order in which the cases are upgraded.
Note: You cannot delete a case while it is being upgraded.
Case Upgrade Phases
1.
Upgradable
The initial state of a case after a software upgrade.
A case can also be labeled “Upgradable” if the upgrade job for the case is manually stopped or if it fails to upgrade for a non-critical reason. Upgrading the cases again at a later point causes the upgrade to pick up where it left off when the job was stopped.
2.
Upgrading
The case is currently being upgraded. The last step in an upgrade job is to start a postprocessing job for the case, if it’s needed.
You can view the status of upgrading cases from the status log of each upgrade job.
3.
Processing
The case has finished upgrading and is running through post-processing.
4.
Online
The case upgraded and ready to be accessed.
Managing the Clearwell Platform: Maintaining Clearwell Appliances PAGE: 40
To view the status of upgrading cases
You can view the status of upgrading cases from the Jobs window found above the navigation bar. When you click the file icon associated with the Upgrade job, the case log displays.
After the upgrade completes, the upgrade job is removed from the Jobs window.
To view the details of a completed upgrade job
You can view the logs of a completed upgrade job from System > Jobs. Click the file icon associated with the upgraded case, and the log file displays.
To specify the order in which to upgrade cases
1.
From the Jobs window, stop the existing upgrade jobs.
2.
From All Processing > Cases, select the case that you want to upgrade first.
3.
Click Recover/Upgrade to upgrade the case.
You can view the progress of the case upgrade from the case log file that can be accessed from the Jobs window.
4.
In the order that you want to upgrade the cases, select and upgrade each high-priority case.
Note: By default, up to five cases can be upgraded at a time. If more than five cases are submitted for upgrade, the cases are upgraded in the order they are submitted.
5.
After each high-priority case is upgraded, you can select the remaining cases and click
Recover/Upgrade.
Moving Cache (On or Off) the Appliance
To improve processing efficiency, system administrators can configure Clearwell to store cached data in another location either on or off the appliance. This storage solution provides the flexibility and capacity for larger document caches. Thus, you can relocate cache as a method for reducing interruptions that can occur between cases when appliance storage caching is in progress. (This feature applies to the appliance as a whole. Clearwell does not support moving cached data at the case level.)
Before you begin: Be sure to backup your Clearwell appliance before moving cached data off
the appliance. (See “Creating Appliance Backups” on page 99 .)
Best practice: After backing up your appliance, create a directory on an external file system.
To relocate cache
1.
From the System view, click Support Features.
2.
From the Choose a support feature drop-down list, select Property Browser.
3.
Choose an appliance where you want to move cached data.
Managing the Clearwell Platform : Maintaining Clearwell Appliances PAGE: 41
4.
For selecting the case (or system), select System. (Moving cached data applies to the appliance only.)
5.
For name of property to change, type: esa.cluster.externalBaseDir
6.
To return to default settings for cached data on the appliance, leave the New value field blank. (This removes the property in order to revert to the default location on the local appliance.)
7.
To move cached data off the Clearwell appliance, for the New value field, type the UNC path: \\[sharename]\extdata
This value will not be used by the appliance until services are restarted.
Note: If you are moving the cache off the appliance, be sure to use a shared folder rather than a mapped drive.
8.
Select the Confirm change. Are you sure? option.
9.
Click Submit.
10. Stop services on the appliance.
11. Move the existing local extdata and exttemp directories to the new external path, as described in the following table:
Moving Cached Data esa.cluster.externalBaseDir
value not set
{esa.home}/extdata/
{esa.common.db.dbname}
{esa.home}/scratch/exttemp/
{esa.common.db.dbname} esa.cluster.externalBaseDir
value set
{externalBaseDir}/extdata/
{esa.common.db.dbname}
{externalBaseDir}/scratch/exttemp/
{esa.common.db.dbname}
Note: For a typical environment, there will only be one “esadb” directory for
{esa.common.db.dbname} . It is generally safe to move the entire “extdata” directory to the external location. The target location is expected to be empty when performing the cache relocation.
12. Restart services on the appliance, then log on to Clearwell.
In a cluster, the above steps should be performed for each appliance in the cluster. Each appliance must use a distinct value for the external directory. If the appliances are going to share the same device, they should each be configured to write into a different subdirectory on the device.
Managing the Clearwell Platform: Summary of Additional Administrative Tasks PAGE: 42
Summary of Additional Administrative Tasks
The following table summarizes additional tasks that Clearwell administrators can perform.
Summary of Additional System Tasks
Task
Defining User Accounts
Discovering Email Server/
Archive Document Sources
Defining and Monitoring
Cases
Monitoring Appliances
Description
A user’s account and its associated user role determine the system administration tasks the user can perform, and the cases the user can search and/or administer. In addition, an access profile can override the case privileges in a user’s role, and limit document visibility within a case to specific folders and/or a specific date range.
To collect and process email content from Microsoft Exchange servers, Hewlett-Packard Integrated Archive Platform (IAP) archives, and/or Symantec Enterprise Vaults, you must configure Clearwell to discover these sources (see "Discovering Archive Sources" in the
Case Administration Guide ).
You can skip this task if you plan to index content exclusively from
PST or NSF files and/or other “loose” files.
At least one case is required to specify the sources of the documents that you want to index and analyze. For example, a case might include all Exchange servers and archives in an enterprise, or a combination of Exchange mailboxes, archives, selected PST files, and one or more directories of loose files.
You can also:
• Monitor the indexing progress for each source and the statistics on indexed email messages and loose files (refer to "Monitoring
Source Processing Status" in the Case Administration Guide ).
• Define folder names and tag categories that Clearwell users can assign to documents in the case to expedite the review process
(refer to "Processing (or Resubmitting) Documents for OCR" in the Case Administration Guide ).
• Define customized groups of internal email users to easily monitor the email activity of any arbitrary group of users (refer to "Viewing
Groups" in the Case Administration Guide ).
• Define new topics used to classify email, and/or edit the topics that are discovered automatically (refer to "Viewing Groups" in the
Case Administration Guide ).
If you plan to create multiple cases, consider creating templates for the most common case settings. For example, if you often use the same folder names or tag categories, define them in a template and use the template to create new cases (refer to "Defining Case
Templates" in the Case Administration Guide ).
Available disk space and memory can be monitored on each appliance, along with the tasks, user sessions, and the email server/ archive document sources that each appliance is allowed to access
(see “Maintaining Clearwell Appliances” on page 32
).
Managing the Clearwell Platform : Summary of Additional Administrative Tasks PAGE: 43
Summary of Additional System Tasks (Continued)
Task Description
Managing Schedules and
Jobs
Backing Up and Restoring
Cases
Discovery of email server/archive document sources and the processing of case document sources can be scheduled to occur
automatically (see “Managing Schedules” on page 77
). Tasks can be stopped and started as needed (see
Accessing Exported Files” on page 79
).
Cases should be backed up periodically to minimize data loss in the event of a system failure (see
“Creating Case Backups” on page 93 ).
Backing Up the System Files The system files on the master appliance must also be backed up
periodically (see “Creating Appliance Backups” on page 99
).
Managing Licenses
You can view and update the system license (see “Managing Your
).
Troubleshooting System logs can be uploaded to Technical Support for analysis (see
).
Managing the Clearwell Platform: Summary of Additional Administrative Tasks PAGE: 44
Managing User Accounts : Defining a Local or Enterprise User Account PAGE: 45
This section describes managing user accounts.
•
“Defining a Local or Enterprise User Account” on page 45
•
“Administering User Accounts” on page 46
–
“Defining User Accounts” on page 46
–
“Defining User Roles” on page 49
–
“Viewing System Sessions” on page 54
•
“Managing User Accounts For a Specific Case” on page 55
–
“Defining Case User Accounts” on page 55
–
“Defining Case Access Profiles” on page 58
–
“Disabling Case Access for User Account” on page 60
–
“Viewing User Activity Reports” on page 61
•
“Enterprise Authentication” on page 63
–
“Configuring User Authentication for LDAP” on page 63
–
“Configuring Integrated Windows Authentication (IWA)” on page 68
–
“Configuring Header-based Authentication” on page 69
•
“Automatic Clearwell User Creation and Role Assignment” on page 70
•
“Secure LDAP SSL/TLS Support” on page 71
Defining a Local or Enterprise User Account
If your Clearwell appliance is configured for LDAP Authentication (rather than the Symante c
Clearwell default authentication), you have the option of designating users as Local or
Enterprise, depending on how each should be authenticated. This determines whether Clearwell should authenticate users against the username and password stored in Clearwell or an enterprise authentication solution. Three enterprise-level solutions are available: LDAP,
Integrated Windows Authentication (IWA), and header-based authentication.
Local versus Enterprise Users
A local user will always be authenticated against the username and password stored for that user in the Clearwell database, regardless of whether Clearwell is configured for enterprise authentication. An enterprise user however, will be authenticated against one of the enterprise authentication mechanisms, after enterprise authentication is enabled. If not enabled, the enterprise user will be authenticated in Clearwell against their username and password in the
same manner as a local user. For more information on enterprise authentication, see “Enterprise
.
Managing User Accounts : Administering User Accounts PAGE: 46
To define local or enterprise users
1.
From the System view, click Users.
2.
At the bottom of the Users tab, Click Add.
Under the User Profiles tab, (with appliances configured for LDAP authentication only), the user selections appear, along with Identity Source and Search for user fields.
3.
Select Local User or Enterprise (default).
4.
To search for the user, start typing the user’s login name.
5.
Complete the remaining fields as described in “Defining User Accounts” on page 46 .
Administering User Accounts
For information about how to manage user accounts and the roles that determine each user’s access permissions, refer to the following topics:
•
“Defining User Accounts” in the next section
•
“Defining User Roles” on page 49
•
“Viewing System Sessions” on page 54
Defining User Accounts
A user’s account and its associated user role determine the system administration tasks the user can perform and the cases the user can search and administer.
A system administrator can define accounts with system access to any case, and can define the accounts, roles, and access profiles for all users. Case administrators can define user accounts and access profiles for each of their authorized cases. Accounts created by a case administrator can have case administrative privileges, but not system administrative privileges (refer to
"Viewing Case Participants and Groups" in the Case Administration Guide ).
Note: For each case, an access profile can override the case privileges in a user’s role, and limit visibility within a case to the documents in specific folders and/or a specific date range. The predefined superuser account allows access to all administrative functions and cases.
To add or view user accounts
1.
From the System view, click Users.
2.
Use the Show menu to view all accounts or just the enabled, disabled, or expired accounts
(enabled accounts are listed by default).
3.
To add a new user account with system access:
A. Click Add to open the Add User screen.
Managing User Accounts : Administering User Accounts PAGE: 47
B. Specify the following information. An asterisk (*) indicates a required field.
User Account
Field
User Name*
Full Name
Role*
Account Status
Expires
Description
Enter a login name for the user (up to 35 characters). The name is not case sensitive, but must be unique. Use only letters, numbers, and underscores.
Enter the user’s full name (up to 255 characters).
Select a role to specify the user’s access. The predefined roles are:
• Case Admin. Allows access to all case administration, search, tagging, export, and reporting functions (no system administration functions).
• Case Manager. Allows access to one or more cases (includes case admin rights, except source setup) plus all case user rights.
• Case User. Allows access to most case search, tagging, export, and reporting functions (no system or case administration functions).
• Collection Admin. Allows user to only manage the Identification Data Map and perform Collections.
• eDiscovery Admin. Allows user to manage the Identification Data Map, perform Collections, and Process, Analyze, and Review. System administration privileges are not included.
• Legal Hold Admin. Allows access and management of Legal Holds.
• System Manager. Allows access to all system and case administration, search, and reporting functions.
The predefined roles cannot be changed. To define new roles, see
.
Select whether the account is enabled, disabled (if not expired). Disabling or expired accounts prevent users from logging in, and the account is removed from the user lists.
Select Never or select On and click and select a month and day when the account expires (or enter the date as MM/DD/YYYY). The account expires at 12:01 AM on the selected date.
Enter and verify a case-sensitive password for the account.
Password*
Verify Password*
Email Address
Show Info-bubbles
Display Microsoft
Office documents
Comments
Enter the user’s email address (up to 255 characters).
Select whether information icons are displayed next to some fields.
Moving the cursor over the icon opens a “bubble” describing the field.
Select whether a selected Microsoft Office document is opened in the browser (the default) or in a separate application window (requires Microsoft
Office 2007 or later).
Enter additional comments about the account.
C. To limit access to specific cases (all cases are authorized by default), click the Cases tab, click Selected Cases, select the appropriate cases in the left column, and click to move them to the Authorized Cases list.
Managing User Accounts : Administering User Accounts PAGE: 48
D. To override the case access rights specified in the user role, click the Case Access
Profiles tab, and select an access profile for the appropriate cases. The following profiles are predefined:
› Admin Only. Allows access to case administrative functions only (no search or report functions).
› Case Only. Allows access to all case search and report functions (no case administrative functions).
To define new access profiles, such as to limit document visibility to specific folders and/ or dates, see
“Defining Case Access Profiles” on page 58
.
E. Click Save to submit the new account, or click Cancel to discard your changes.
4.
To change or enable/disable an account, click the account name, change the account settings, and click Save.
5.
To delete a user account, follow the steps in
“Disabling Case Access for User Account” on page 60 .
Managing User Accounts : Administering User Accounts PAGE: 49
Defining User Roles
A user role specifies a set of access permissions that can be assigned to user accounts. Only a system administrator with the role management privilege can create and assign user roles.
To assign a role to an account, see
“Defining User Accounts” on page 46 . The following roles are
predefined:
• Case Admin. Allows access to all case administration, search, tagging, export, and reporting functions.
• Case Manager. Allows access to one or more cases (includes case admin rights, except source setup) plus all case user rights.
• Case User. Allows access to most case search, tagging, export, and reporting functions
(export, smart tagging, system and case administration functions are not accessible).
• Collection Admin. Allows user to only manage the Identification Data Map and perform
Collections.
• eDiscovery Admin. Allows user to manage the Identification Data Map, perform
Collections, and Process, Analyze, and Review. System administration privileges are not included.
• System Manager. Allows access to all system and case administration, search, and reporting functions.
To add or view user roles
1.
From the System view, click Users.
2.
Click the Roles tab to view the list of user roles.
3.
To add a new user role:
A. Click Add.
B. Specify the following information. An asterisk (*) indicates a required field.
User Role Details
Field
Role Name*
Description
General Rights
Description
Enter a role name (up to 35 characters).
Enter a description of the role (up to 255 characters).
Managing User Accounts : Administering User Accounts PAGE: 50
User Role Details (Continued)
Field Description
Select check boxes to allow general access rights:
• Allow integrated analytics access—Allows the user to access the Analytics charts found on the Case Home > Data Analytics screen.
• Allow analysis tags dashboard access—Permit viewing of tags on Review
Dashboard.
– Allow access to management charts—Permit viewing of case management-level charts on the Review Dashboard.
• Allow pre-processing reports access—Allows the user to access reports available on the Processing > Pre-Processing Reports screen.
Allow mobile access—Enable access to case information using mobile device.
Collection Rights
Select check boxes to allow collections access rights:
• Allow collections access—Allow users read-only access to the Identification and Collection screens in the user interface. This includes Collections, Collection
Templates, Collection Sets, Sources, Source Accounts, Source Groups, Custodians, and Destinations.
If you select this check box, you can choose the following options:
– Data Map management—Allows users to also add/modify data map objects. Includes: Sources, Destinations, Source Accounts, Source Groups,
Custodians, and Collection Templates.
– Collections management—Allows users to also add/modify collections.
– Clearwell collection sets management—Allows users to also add/modify collection sets.
Document Access Rights
Select check boxes to allow viewing and tagging rights:
• Allow viewing—Permit viewing of documents.
– Allow tagging—Select and assign values for one or more tag categories.
(Tagging can be enabled only if viewing documents is enabled.)
–Allow moving or removing from folders—Enable assignment/ reassignment/removal of documents to/from folders.
–Allow bulk tagging—Enable users to tag multiple documents at once.
(Bulk tagging can be enabled only if access to item notes is enabled.)
–Allow smart tagging—Allow user to apply a set of tag values and comments to all current and/or future documents that match the specified search criteria. (Smart tagging can be enabled only if bulk tagging is enabled.)
–Allow viewing of prediction ranks—Enable viewing of prediction ranks under the Analysis and Review module.
–Allow predictive coding actions—Allow user to apply and manage
Transparent Predictive Coding actions.
Managing User Accounts : Administering User Accounts PAGE: 51
User Role Details (Continued)
Field Description
– Allow access to tag event comments—Enable viewing of, and adding tag event comments as part of tagging. (Tag event comments can be enabled only if viewing documents is enabled.)
– Allow access to item notes—Enable viewing of, and adding item notes as part of tagging. (Item notes can be enabled only if viewing documents is enabled.)
• Allow redacting—Enable redacting functions. This option appears only if the cluster is licensed for the redaction features.
– Prompt for reason code—Enable user to enter a reason code for the redaction when prompted. This option is only available if redacting is enabled.
• Allow tag history viewing—Enable viewing of tag history.
– Allow tag history searching—Enable searching of tag history.
• Allow exporting—Enable the export of documents from the Clearwell platform.
• Allow printing—Enable the printing of documents to PDF files.
• Allow native download—Enable download of native documents.
• Allow caching for review—Allows user to cache case data in preparation for review.
• Allow searching and filtering by processing flags
Case Administration Rights
Case
Administration
Rights
Allow users to perform case administration functions. If a user does not have case administration for any cases, the case management screens are not displayed.
Select an option from the drop-down menu:
• No case admin rights—The user cannot perform any case administration functions.
• All case admin rights—The user can perform all case administration functions.
• Custom case admin rights—Select from the following options to customize the use case rights:
– Allow case status access—Allows full access to “View Case Status” screen, in addition to the error/warning logs and the remediation area. If you choose not to allow the role to access to case status, you can still individually configure the other administration rights shown below. If you choose to allow access, choose whether to allow case processing setup:
–Allow case processing source setup—Allows access to the “ Sources & Pre-
Processing” screen for the case. (If the parent permission is not selected, this option is not available.)
Managing User Accounts : Administering User Accounts PAGE: 52
User Role Details (Continued)
Field Description
– All user management—Allows user to access the “Manage Users” area within the case. User can enable/disable access for system admin users to the case. User can manage case admin users for all the same admin permissions also belonging to this user. However, with this permission, the user is not able to enable/disable permissions that they themselves do not have.
– Allow activity report access—Allows user to view activity reports.
– Allow group and topic management—Allows management of groups and topics
– Allow tag definition—Allows the user to define tags.
– Allow folder Setup—Allows the user to configure folders and batch documents into multiple review sets using the Batch interface.
Select from the following sub-options:
–Allow folder check-out management—Allows the user to enable reviewers to check in and check out review set folders and to stop or complete a review begun by another reviewer.
–Allow production folder management—Allows the user to configure production folders. This option appears only if the cluster is licensed for the production feature and is selectable only if Allow Folder Setup is selected.
–Allow unlocking of production folders after export.
– Allow custodian management—Allows the user to administer custodians.
– Allow participant management—Allows the user to define aliases and add, delete and edit the list of participants in an alias.
– View exceptions—Allows access to view processing exceptions associated with a case.
–Manage exceptions—Allows access to view and manage the processing errors and warnings for the case. User can also search and filter on warnings in the end-user administrator interface.
– Allow OCR processing—Allows user to process (or resubmit) documents for conversion to OCR after the case has initially processed. (For user procedures, refer to "Viewing Documents Processed for OCR" in the Case Administration Guide .)
–Other case management functions (e.g. jobs, batches, etc.)
Managing User Accounts : Administering User Accounts PAGE: 53
User Role Details (Continued)
Field Description
System Administration Settings
• Allow Case Home and All Cases Dashboard Access—Enables user to view all activity for a single case from the Case Home view, as well activity across all cases from the All Cases > Dashboard view.
• Allow system management—Allow all system management functions, except for the support, case, and user functions listed below. If none of the system management functions are allowed, the System view does not display. If case management also is not allowed for any cases, case management modules are not displayed.
Note: This privilege allows users to manage jobs and schedules for ALL cases
(see “Managing Schedules and Jobs” on page 77
).
• Allow new case creation, case backup, restore, deletion, template cre-
ation—Allow the user to create and manage cases and case templates, and back up and restore cases.
• Allow collections and data map backup, restore—Allows the user access to the Data Map and Collections Backup tab in the Backups screen under the
System view. Users will be able to create new collection backups and restore existing backups of collections. This option does not effect system level or case level backups and only pertains to the Collection Evidence Repository.
• Allow user management—Allow the user to add or edit non-system administrative accounts.
If this check box is selected, you can also select:
– Allow admin user and role management—allows the user to add or edit user roles and system administrative user accounts.
C. Click Save to submit the new role, or click Cancel to discard your changes.
4.
To change a role, click the role name, change the settings, and click Save.
Note: You cannot change the Case Admin, Case User, or System Manager roles.
5.
To delete a role, click for the role.
Managing User Accounts : Administering User Accounts PAGE: 54
Viewing System Sessions
The Sessions screen lists the users who are currently logged in to each appliance in the cluster, and lets you terminate user sessions. The appliance name, login time, session duration, and the client name or IP address are shown for each active user. You may want to terminate user sessions when:
• A user’s access permissions are changed (the changes are not applied to existing sessions)
• An appliance must be backed up, renamed, or deleted
To view the active user sessions
1.
From the System view, Sessions.
2.
To view the user sessions for just a single appliance, select the appliance from the
Appliance menu (all appliance sessions are listed by default).
• To terminate a user session, click the trash can icon placed in the user’s row.
Note: Terminating a user's session does not cancel any of their jobs, the results of which are accessible from the Jobs window found above the navigation bar and the Jobs screen found in the System view.
Managing User Accounts : Managing User Accounts For a Specific Case PAGE: 55
Managing User Accounts For a Specific Case
For information about how to manage user accounts and access profiles for a specific case, refer to the following topics:
•
“Defining Case User Accounts” in the next section
•
“Defining Case Access Profiles” on page 58
•
“Disabling Case Access for User Account” on page 60
•
“Viewing User Activity Reports” on page 61
Defining Case User Accounts
System and case administrators can define user accounts limited to the currently selected case.
These accounts default to the “Case User” role, with no administrative access. Case administrators cannot change the role, but they can assign an access profile to the account to override the role’s case access privileges, and to limit document visibility by folder and/or date.
Also, case access can be disabled for any account, except for accounts that have the System
Manager role.
Disabling User Accounts
When you want to ensure security and/or restrict previous user access, you can disable a user account. For example, when a user has left the company, changed roles, or had their access revoked, their user account can be disabled from any cases to which the user had access, and then disabled in the system. For information on how to disable a user, see
“Disabling Case Access for User Account” on page 60 .
Change Password Protection
To ensure security, case administrators cannot change passwords for case users, according to two use cases: 1) If you access to the Case Home > Users screen, you can change your own password or the password of any user having access to a subset of the cases to which you have access. 2) If you have access to the Case Home > Users screen, you cannot edit users, roles, or change passwords, unless if you have the permission to “Allow admin user and role management”.
User accounts added for a specific case are added to the list of user accounts, where they can be
modified by a system administrator (see “Defining User Accounts” on page 46
).
To add or view case user accounts
1.
From the All Cases view, select a case.
2.
Click Users to view user accounts with access to the selected case.
3.
Use the Show drop-down menu to view all accounts or accounts without access to this case.
4.
To add a new case user account:
A. Click Add.
Managing User Accounts : Managing User Accounts For a Specific Case PAGE: 56
B. Specify the following information. An asterisk (*) indicates a required field.
Case User Profile
Field
User Name*
Full Name
Profile*
Account Status
Expires
Password*
Verify Password*
Show InfoBubbles
Display Microsoft
Office documents
Comments
Description
Enter a login name for the user (up to 255 characters). The name is not case sensitive, but must be unique. Use only letters, numbers, and underscores.
Enter the user’s full name (up to 255 characters).
Select an access profile if you want to override the case access privileges in the default “Case User” role. The predefined roles are:
• Case Admin. Allows access to case administrative functions only (no search or report functions).
• Case User. Allows access to all case search and report functions (no case administrative functions).
The predefined access profiles cannot be changed. To define new profiles, such as to limit document visibility to specific folders and/or dates, see
“Defining Case Access Profiles” on page 58
.
Select whether the account is enabled or disabled. Disabling an account prevents users from logging in and removes the account from user lists.
Select Never or select On and click and select a month and day when the account expires (or enter the date as MM/DD/YYYY). The account expires at 12:01 AM on the selected date.
Enter and verify a case-sensitive password for the account (up to 17 characters).
Enter the user’s email address (up to 255 characters).
Select whether information icons are displayed next to some fields.
Moving the cursor over the icon opens a “bubble” describing the field.
Select whether a selected Microsoft Office document is opened in the browser (the default) or in a separate application window (requires Microsoft
Office 2007).
Enter additional comments about the account.
C. Click Save to submit the new account, or click Cancel to discard your changes.
5.
To import user information from a file:
A. Click Import to open the Import File dialog box.
Note: Clearwell strongly recommends checking the sample CSV file to ensure your file contains all required columns and data before import. Click the Download example
CSV file link.
Managing User Accounts : Managing User Accounts For a Specific Case PAGE: 57
Access Profile
Account Status
Expire Date
Password
Confirm Password
Email Address
Show Info Bubbles
Display MS Office docs in application
Comments
Access to all cases
Cases
The following table shows the required entries in the CSV file.
CSV File Contents
Item
User Name
Full Name
Identity Source
Comment
User’s name
Complete name to identify the user
Local or Enterprise
Note: This is required for appliances configured for
LDAP authentication. For more information about local
versus enterprise users, see “Defining a Local or
Enterprise User Account” on page 45 .
System manager, case administrator, case user
Enabled or disabled
Date that the user information expires
User password
User password (must match Password)
User email address
Yes or No
Yes or No
Text comment
(User has access to all cases, current and future)
TRUE or FALSE
(Provide the names of cases the user will have access to)
Example: Case1|Case2|Case3
B. Click to select the file to upload using the following format, with one record per line.
C. Click Next to upload the selected file. The uploaded items are displayed.
D. Click the Use first row as column header check box to maintain a separate header row that is not imported as data.
E. Click Finish.
The users are added to the list on the Manage User screen.
6.
To change an account, click the account name, change the account settings, and click Save.
7.
To enable or disable case access for one or more accounts, select the check box next to the appropriate accounts, select the menu option at the bottom of the screen, and click Go.
Managing User Accounts : Managing User Accounts For a Specific Case PAGE: 58
Defining Case Access Profiles
An access profile overrides the default access privileges for a specific case. Only system administrators can create and assign access profiles. The following predefined access profiles can be used for any case (they cannot be changed):
• Case Admin. Allows access to case administrative functions only (no search or report functions).
• Case Manager. Allows access to one or more cases (includes case admin rights, except source setup) plus all case user rights.
• Case User. Allows access to all case search and report functions (no case administrative functions).
If you add a new access profile, it can be used only for the current case. To assign a new access profile to an account, see
“Defining Case Access Profiles” on page 58
or
.
To add or view access profiles
1.
From the All Cases view, on the top navigation bar, select a case.
2.
Click Users.
3.
Click the Access Profiles tab.
4.
To view an access profile, click the profile name, or click Add to add a new access profile for this case.
A. Specify the following information. An asterisk (*) indicates a required field.
Access Profile Details
Field
Profile Name
Description
Enter a profile name (up to 255 characters).
Description
Features Tab
Enter a description of the profile (up to 255 characters).
General Rights
Select check boxes to allow general access rights:
• Allow integrated analytics access—Permit viewing of documents.
• Allow analysis tags dashboard access—Permit viewing of tags on Review
Dashboard.
– Allow access to management charts—Permit viewing of case management-level charts on the Review Dashboard.
• Allow pre-processing reports access—Enable access to the reports shown on the Review Dashboard screens.
Allow mobile access—Enable access to case information using mobile device.
Managing User Accounts : Managing User Accounts For a Specific Case PAGE: 59
Access Profile Details (Continued)
Field
Document Access
Rights
Description
Select check boxes to allow viewing and tagging rights:
• Allow viewing—Permit viewing of documents.
– Allow tagging—Select and assign values for one or more tag categories. (Tagging can be enabled only if viewing documents is enabled.)
–Allow moving or removing from folders—Enable assignment/ reassignment/removal of documents to/from folders.
–Allow bulk tagging—Enable users to tag multiple documents at once. (Bulk tagging can be enabled only if access to item notes is enabled.)
–Allow smart tagging—Allow user to apply a set of tag values and comments to all current and/or future documents that match the specified search criteria. (Smart tagging can be enabled only if bulk tagging is enabled.)
– Allow access to tag event comments—Enable viewing of, and adding tag event comments as part of tagging. (Tag event comments can be enabled only if viewing documents is enabled.)
– Allow access to item notes—Enable viewing of, and adding item notes as part of tagging. (Item notes can be enabled only if viewing documents is enabled.)
• Allow redacting—Enable redacting functions. This option appears only if the cluster is licensed for the redaction features.
– Prompt for reason code—Enable user to enter a reason code for the redaction when prompted.
• Allow tag history viewing—Enable viewing of tag history.
– Allow tag history searching—Enable searching of tag history.
• Allow exporting—Enable the export of documents from the Clearwell platform.
• Allow printing—Enable the printing of documents to PDF files.
• Allow native download—Enable download of native documents.
• Allow caching for review—Allows user to cache case data in preparation for review.
• Allow searching and filtering by processing flags
• Case Administration Rights—No case administration, all case administration, or custom case administration rights. For custom rights, you can select additional custom rights, including the ability to manage production folders. The production option appears only if the cluster is licensed for the production feature.
Managing User Accounts: Managing User Accounts For a Specific Case
Access Profile Details (Continued)
Field
Documents Tab
Description
PAGE: 60
Show all documents
Restrict visibility
Tags Tab
Select to make all documents visible for the access profile.
Select options to restrict folder rights. Click the + icons as needed to expand the listing.
• Documents not in any folders—Specify whether to show or not show documents that are assigned to any folder.
• Documents in folders according to the settings below—Specify the visibility for specific folders.
– Show folder and contents—Allow users to view and search the selected folder and the documents within the folder.
– Don’t show folder—Prevent users from viewing and searching the folder. This option has no effect on document visibility.
– Don’t show folder or contents—Prevent users from viewing and searching the folder and any of the documents within the folder.
If a document is assigned to both a visible and non-visible folder, the document is visible and can be viewed and searched. To hide a document completely, make sure it is assigned only to non-visible folders.
Click the tag set and set the visibility by selecting the Show or Hide options on the right.
B. Click Submit to submit the new access profile, or click Cancel to discard your changes.
5.
To change a profile, click the profile name, change the settings, and click Save.
Note: You cannot change the Admin Only, Case Only, or Unrestricted profiles.
6.
To delete a profile, click for the profile.
Disabling Case Access for User Account
To disable case access for the user account
1.
From the All Cases view, select a case.
2.
Click Users to view user accounts with access to the selected case, then click to select the user you want to disable.
3.
Select Disable Case Access then click Go.
Managing User Accounts : Managing User Accounts For a Specific Case PAGE: 61
Viewing User Activity Reports
Activity reports list all events for specific users, specific events for all users, or tagging events for specific folders. The events include login, logout, searches, and the tagging, exporting, and printing of search results. A one-line summary of the search results is shown for each search. All activity reports are limited to the selected case.
To view activity reports
1.
From the All Cases view, select a case and click Activity Reports to open the View Activity
Report screen.
2.
Specify the following information.
Generating Activity Reports
Field
Type
Format
Date Range
Description
Select the report type:
• Users. Displays all events for one or more case users. Click Users, and select the users to be included in the report.
• Events. Displays selected events for all case users. Click Events, and select the events to be included in the report.
Select whether the report is in PDF or comma-separated value (CSV) format.
Select a report for the last 7 or 30 days, or click end dates for the report.
and specify start and
3.
Click Generate, and then follow the prompt to open or save the file.
Managing User Accounts: Managing User Accounts For a Specific Case PAGE: 62
The following example shows all search, export, and print events for the case. The Folder column indicates whether the search was limited to a specific folder. The Total Docs column indicates the number of documents in the search results or the number of documents exported or printed.
Managing User Accounts : Enterprise Authentication PAGE: 63
Enterprise Authentication
Clearwell supports two types of authentication: Clearwell authentication and enterprise authentication. With regular Clearwell authentication, users are authenticated against a user name and password stored in the Clearwell database. With enterprise authentication, users are authenticated against an enterprise authentication solution using their logon name. Three enterprise-authentication mechanisms are currently available.
• LDAP
• Integrated Windows Authentication (IWA)
• Header-based authentication
When Clearwell is configured to use enterprise authentication, system administrators have the ability to create users as local or enterprise users. Enterprise users will be authenticated against the enterprise-authentication mechanism and local users (such as superuser) will always be authenticated against the username and password stored in the Clearwell database.
System administrators may want to create local users for users who are do not have access to the internal domain (such as external contractors using the system). However, in most cases users will be added as enterprise users and authenticated against the configured methods of enterprise authentication.
Moving to an Enterprise Authentication Environment
Until enterprise authentication is enabled, all users act as local users, meaning that they must have a Clearwell username and password to log in. When enterprise authentication is enabled, all Clearwell user password facilities are removed from the user interface and users are logged in automatically.
Note: The superuser account always requires a password to log in.
After enterprise authentication is enabled, users without internal domain accounts (or users without access to the domain) must be assigned new local user accounts. With the new local user accounts, they can log in from the following url: http://CW_appliance_server/esa/public/login.jsp
Configuring User Authentication for LDAP
When Clearwell's LDAP feature is enabled, all user authentication is performed via LDAP except
Local accounts. Local accounts, including superuser, always authenticate locally to the appliance.
Note: Users created by the Case Admin will always be enterprise users, and thus will always be authenticated against either LDAP (if LDAP authentication is enabled), or Clearwell (if LDAP is not enabled). Only system administrators can create local users.
Managing User Accounts: Enterprise Authentication PAGE: 64
To set up authentication via LDAP
Clearwell has identified the minimum number of properties that are required to get authentication via LDAP running.
Before you begin: To access a Clearwell appliance, users must have a user account and role on the Clearwell appliance.
1.
Using an account with System Management permissions, log onto the Clearwell web interface.
2.
From the System > Support Features, select the Property Browser.
Note: All property changes related to enterprise authentication should be made using the
Property Browser. The Property Browser automatically updates the Clearwell appliance each time you add a new property. If you manually configure the configuration properties file, you have to manually restart the services each time you want to test a newlyconfigured property.
3.
Configure a limited set of properties to get authentication working.
See the List of Required LDAP Configuration Properties .
4.
Verify the LDAP configuration properties are set correctly by running the LDAP
Configuration Tester on each Clearwell appliance in your cluster.
To test the configuration, have the user type their user name and password.
5.
Enable LDAP authentication by setting esa.ldap.enabled to true.
6.
Configure additional LDAP properties as needed and retest.
Next Steps:
• User account creation and role assignment can be automated by using the configuration
options to automatically create users and assign roles. For details, see “Automatic Clearwell
User Creation and Role Assignment” on page 70
.
List of Required LDAP Configuration Properties ldap.connectionName = domain user assigned by Customer; password should not change; a service account is perfect esa.ldap.connectionPassword.enc = supplied by Customer; encrypted through the LDAP Utility esa.ldap.connectionURL = supplied by Customer esa.ldap.enabled = true esa.ldap.userBase = supplied by Customer; keep in mind security and performance when deciding how many users to include in the userBase parameter esa.ldap.userSubtree = true esa.ldap.userSearch = (&(sAMAccountName={0})(objectclass=user)) esa.ldap.referrals = follow
Managing User Accounts : Enterprise Authentication PAGE: 65
LDAP Property Configuration Reference
LDAP integration is controlled by a set of configuration properties that are shared among all appliances in a cluster.
esa.ldap.enabled
Set true to enable LDAP authentication
Required: True. The default value is false. esa.ldap.connectionURL
URL to connect. Supplied by the network administrator.
Required: True
Example: ldap://ldap.foo.com:389 esa.ldap.connectionAltURL
Alternate URL to try when connection to the primary URL fails esa.ldap.connectionName
The domain user account to use to connect to LDAP. The network administrator assigns the user account. The password for this account should not change.
Tip: A service account is perfect.
Example: user@domain esa.ldap.connectionPassword
Cleartext credentials for connection user. If set, overrides any setting of esa.ldap.connectionPassword.enc
Required: If this (or the encrypted version below) is not specified, userPattern is required.
Example: myS3cret esa.ldap.connectionPassword.enc
Cleartext credentials for connection user. Supplied by the network administrator and encrypted by Clearwell through the LDAP Utility. Access the LDAP Utility from System >
Support Features > LDAP Utility.
Required: If this credential or esa.ldap.connectionPassword is not specified, userPattern is required.
Example: CWE1i23VEHXSNf8SjLnQaP6IAL7v+s4= (This is the encrypted form of myS3cret )
Managing User Accounts: Enterprise Authentication PAGE: 66 esa.ldap.userBase
Base DN used to search for users. Supplied by the network administrator.
Tip: For best results, try to be as selective and specific as possible. Restrict the query to the minimally required branch of the tree or forest
Required: Either this base DN(along with userSearch) or userPattern much be specified
Example: ou=Clearwell,dc=foo,dc=com esa.ldap.userSearch
Pattern used to search for users
Required: Either this (along with userBase) or userPattern much be specified
Example: (&(sAMAccountName={0})(objectclass=user)) esa.ldap.userPattern
DN pattern to use for binding after an anonymous connection. Used when connectionName and connectionPassword are omitted
Required: Either this DN pattern or userSearch and userBase must be specified. If no connectionName and connectionPassword are specified, this is required.
Example: cn={0},ou=Clearwell,dc=foo,dc=com esa.ldap.userSubtree
True to search the sub tree of the base. The default is true.
esa.ldap.roleBase
Base DN used to identify roles
Example: ou=Clearwell,dc=foo,dc=com esa.ldap.roleSearch
Search pattern used to identify roles
Example: ({memberOf={0}) esa.ldap.roleName
Name of role attribute
Example: name esa.ldap.roleSubtree
True to search the sub tree of the base esa.ldap.createUnknownUsers
If true, when a user authenticates successfully via LDAP and there is no matching Clearwell user account, create one. LDAP is used to identify a role for this user. If there is no matching role, the default role is used. If there is no match and no default role, the user is denied log in.
Optional: The default value is false.
Managing User Accounts : Enterprise Authentication PAGE: 67 esa.ldap.useLDAPRoles
If true, when a user authenticates successfully via LDAP and there is a matching LDAP role for this user, modify the user to have that role. If there is no matching LDAP role and there is a default role use that. When this is false, the Clearwell user will maintain the previously configured role.
Optional: The default value is false.
esa.ldap.newUserCaseList
List of cases that automatically-created users are assigned access to. Special value of
'<all-cases>' gives access to all cases. Empty gives access to none.
Optional: If createUnknownUsers is true, it is recommended that you set this. The default is empty.
Example: case-of-the-missing-money,who-said-what-to-whom esa.ldap.defaultRole
Default role that LDAP users will get, when no matching LDAP role is found. If roleBase, roleSearch, roleName are not specified and createNewUsers is true, this will be required to give new users a default role.
Optional: Although not required, it is strongly recommended that you set the default role.
Example: Case User esa.ldap.newUserEmailDomain
Email domain appended to user name for automatically created Clearwell user accounts
Example: foo.com
esa.ldap.userComment
Comment applied to automatically created Clearwell user accounts esa.ldap.referrals
Required: True. Set value to follow.
This is usually a required value for Active Directory.
Untested Properties esa.ldap.protocol esa.ldap.authentication esa.ldap.derefAliases
Managing User Accounts: Enterprise Authentication PAGE: 68
Configuring Integrated Windows Authentication (IWA)
The Clearwell platform supports enterprise authentication via Integrated Windows
Authentication (IWA).
To set up authentication via IWA
Before you begin: LDAP must be configured and enabled against the Active Directory domain from which Windows users will be authenticating. This is required to permit selection of domain users for access to the Clearwell application.
1.
Using an account with System Management permissions, log onto the Clearwell web interface.
2.
From the System > Support Features, select the Property Browser.
Note: All property changes related to enterprise authentication should be made using the
Property Browser. The Property Browser automatically updates the Clearwell appliance each time you add a new property. If you manually configure the configuration properties file, you have to manually restart the services each time you want to test a newlyconfigured property.
3.
Configure a limited set of properties to get authentication working.
– esa.iwa.enabled
Required. Set value to true.
– esa.iwa.allowLdap
Optional. To enable LDAP form authentication, set to true.
– esa.iwa.allowNtlm
Optional. To use NTLM authentication between hosts, set to ALL.
To use IWA authentication from the local machine to itself, set to LOCAL.
4.
For Active Directory configurations, set the Service Principal Name (SPN) for each system in the cluster.
Note: The setspn command can be run by a domain administrator from any system in the domain. The command must be run for each node in the cluster.
setspn -A HTTP/cw.server.fqdn customer-domain\user-running-esa cw.server.fqdn
The fully-qualified domain name (FQDN) for each server in the cluster. For example:
ClearwellAppServer.corp.com
customer-domain
The fully-qualified domain name. Example: corp.local user-running-esa
The user account running the application service. Example: esaAdmin
5.
Add the fully-qualified domain name (FQDN) to the browser’s list of secure websites.
A. In Internet Explorer, click Tools > Internet Options > Security > Local Intranet > Sites
> Advanced.
B. Add the domain name, click Add and Close.
Managing User Accounts : Enterprise Authentication PAGE: 69
Configuring Header-based Authentication
Clearwell supports authentication in an environment with an existing header-based, single sign-on (SSO) solution.
Note: You must be able to configure applications to be accessible through reverse proxy.
To set up header-based authentication
Before you begin:
If user accounts are stored in a company LDAP directory, configure
LDAP so that the accounts can be added to the Clearwell application.
1.
Using an account with System Management permissions, log onto the Clearwell web interface.
2.
From the System > Support Features, select the Property Browser.
Note: All property changes related to enterprise authentication should be made using the
Property Browser. The Property Browser automatically updates the Clearwell appliance each time you add a new property. If you manually configure the configuration properties file, you have to manually restart the services each time you want to test a newlyconfigured property.
3.
Configure a limited set of properties to get authentication working.
– esa.auth.header.enabled
Required. To enable header-based authentication, set to true.
– esa.auth.header.headerName
Optional. Name of the HTTP header, which specifies the username to authenticate.
– esa.auth.header.loginURI
Optional. URL of the webpage that the user should be sent to upon logging out.
– esa.auth.header.allowedHosts
Optional. Space or comma-separated list of host names or IP addresses to be accepted.
This is the list of expected reverse-proxy servers. If a list is supplied, any host not on the list will be denied access.
Next Steps
• To verify header-based authentication is set correctly,
add a user account to Clearwell and then attempt to access the Clearwell application through the reverse-proxy SSO server using this account. You should be granted access.
Managing User Accounts: Automatic Clearwell User Creation and Role Assignment PAGE: 70
Automatic Clearwell User Creation and Role Assignment
Refer to the following topics in this section:
•
“Automatic User Creation” on page 70
•
“Automatic Clearwell Role Assignment” on page 70
Automatic User Creation
This feature is not enabled by default. When Clearwell LDAP integration is configured to create unknown users automatically:
– Created users are stored with empty passwords. Should LDAP be disabled, these
Clearwell accounts will still exist, but they will not be accessible because you cannot log in with an empty password. Should an administrator desire to modify or edit these accounts while LDAP is disabled, they will need to provide the user with some nonempty password.
– By default, Clearwell will set case access for the user to all cases. This can be controlled via a comma-separated list of case names like: esa.ldap.newUserCaseList=case1, case2
– Newly-created users will always be assigned their role based on the same logic that is described below for automatic role assignment.
Automatic Clearwell Role Assignment
This feature is not enabled by default. When configured, LDAP-authenticated users are assigned a role based on their first matching LDAP role that starts with the prefix 'Clearwell ' (note the space at the end).
esa.ldap.useLDAPRoles=
The prefix can also be modified by using: esa.ldap.rolePrefix=
When LDAP is enabled, if there is no LDAP matching role, the user will be given a configured default Role. If there is no matching role and no default role, login will be denied. esa.ldap.defaultRole=
Managing User Accounts : Secure LDAP SSL/TLS Support PAGE: 71
Secure LDAP SSL/TLS Support
Clearwell can be configured to communicate over TLS (SSL) to LDAP.
For example, to enable LDAP communication over SSL/TLS, set the connectionURL property
(URL to the LDAP server) to: ldaps://host:636. The format is ldaps://hostname[:port]) and, in this example, the connection to the host is over the default secure LDAP port 636.
If the host's certificate does not have a valid trust chain, you will need to import into the JRE's default keystore for both:
– The hosts certificate
– The hosts's root CA certificate
Note: Re-installation of these certificates may be required during a Clearwell upgrade that modifies the version(s) of the JDK/JRE.
For details and steps to import certificates, see
“Appendix: Web Services Access Options” on page 111
. This appendix provides information on configuring your HTTP settings, and installing and enabling certificates.
Tip: Save backup copies of the cacerts files before modifying them with keytool.
Example: Symantec (VeriSign) Certificates
To import the root certificate
1.
Enter the path:
# C:\jrockit-jdk1.6.0_29-R28.2.0-4.1.0x64\jre\lib\security>c:\jrmc-3.1.2-1.6.0-x32\bin\keytool.exe
-import -trustcacerts -alias verisignClass3rootCA
-file c:\temp\LDAP_rootCA_cert.der -keystore cacerts
2.
Enter the keystore password.
3.
If the certificate already exists in the keystore under alias <verisignclass3ca>, you will be prompted whether to add it. Enter no.
The certificate was not added to the keystore.
Managing User Accounts: Secure LDAP SSL/TLS Support PAGE: 72
To import the intermediate certificate
1.
Enter the path:
# C:\jrockit-jdk1.6.0_29-R28.2.0-4.1.0x64\jre\lib\security>c:\jrmc-3.1.2-1.6.0-x32\bin\keytool.exe
-import -trustcacerts -alias LDAPintermediateCA
-file c:\temp\LDAP_intermediateCA_cert.der -keystore cacerts
2.
Enter the keystore password.
The certificate was added to the keystore.
To import the ldapssl certificate
1.
Enter the path:
# C:\jrockit-jdk1.6.0_29-R28.2.0-4.1.0x64\jre\lib\security>c:\jrmc-3.1.2-1.6.0-x32\bin\keytool.exe
-import -trustcacerts -alias ldapssl
-keystore cacerts -file c:\temp\LDAPhost_cert.der
2.
Enter the keystore password.
The certificate was added to the keystore.
IMPORTANT: Repeat each set of steps for C:\jrockit-jdk1.6.0_29-R28.2.0-
4.1.0-x64 . When finished, run step 7 (
“Enterprise Authentication” on page 63
) on the Clearwell
Utility.
Additional Configuration Examples
Because Active Directory (AD) exposes an LDAP listener, it is possible to communicate with AD via LDAP.
• Access for all Corporate Accounts
• Access via a Corporate Domain
• LDAP Configuration Property Example
Access for all Corporate Accounts
The following example is a configuration to integrate with a corporate AD server. These settings enable all corporate accounts to have Case User role access to all cases on the Clearwell appliance. User names will be the company account names, like 'smith'.
Managing User Accounts : Secure LDAP SSL/TLS Support PAGE: 73
View of the Property Browser Output: esa.ldap.enabled=true esa.ldap.connectionPassword=yourPassword esa.ldap.connectionURL=ldap://server.corp.local:389 esa.ldap.connectionName=corp.local\yourAccount esa.ldap.referrals=follow esa.ldap.userBase=ou=Company Users,dc=corp,dc=local esa.ldap.userSearch=(sAMAccountName={0}) esa.ldap.roleName=name esa.ldap.roleBase=ou=Company Users,DC=corp,DC=local esa.ldap.roleSearch=(member={0}) esa.ldap.defaultRole=Case User esa.ldap.createUnknownUsers=true esa.ldap.newUserCaseList=<all-cases> esa.ldap.newUserEmailDomain=company.com
Access Through a Corporate Domain
Here's another AD example that uses anonymous bind. Here user account names will be the user's DN (or full name) like 'John Smith'.
View of the Property Browser Output esa.ldap.enabled=true esa.ldap.connectionURL=ldap://server.local:389 esa.ldap.createUnknownUsers=true esa.ldap.defaultRole=Case User esa.ldap.newUserCaseList=<all-cases> esa.ldap.newUserEmailDomain=company.com
esa.ldap.userBase=OU=Test Users,DC=company,DC=local esa.ldap.userPattern=CN={0},OU=Test Users,DC=company,DC=local esa.ldap.userSearch=(sAMAccountName={0}) esa.ldap.userSubtree=true esa.ldap.referrals=follow esa.ldap.roleBase=OU=Test Users,DC=company,DC=local esa.ldap.roleName=name esa.ldap.roleSearch=(member={0}) esa.ldap.roleSubtree=true
LDAP Configuration Property Example
You can access the configuration properties file at
<CW_Home>\config\configs\esauser\config.properties
.
View of the config.properties File
# Default esa.ldap.enabled is false esa.ldap.enabled=true
# URL to use to connect to the LDAP server; when LDAP is
# enabled this is REQUIRED esa.ldap.connectionURL=ldap://ldap-server.foo.com:389
# Name and password of an account that has
# some minimal privs on the LDAP server
# when LDAP is enabled this is REQUIRED esa.ldap.connectionName=corp.local\yourAccount esa.ldap.connectionPassword=sOOperS3cret
# LDAP DNs and attributes to identify users and their account name
# When LDAP is enabled the following two are REQUIRED esa.ldap.userBase=ou=Company Users,dc=foo,dc=com esa.ldap.userSearch=(sAMAccountName={0})
Managing User Accounts: Secure LDAP SSL/TLS Support PAGE: 74
# If true, we'll search the full DN tree esa.ldap.userSubtree=true
# The following specifies the name of the LDAP role attribute
# When LDAP is enabled this is REQUIRED esa.ldap.roleName=name
# LDAP DNs and attributes to identify users' role(s); these can be used
# to provide default roles for newly created users.
# When LDAP is enabled the following three are REQUIRED esa.ldap.roleBase=ou=Company Users,DC=foo,DC=com esa.ldap.roleSearch=(member={0}) esa.ldap.roleSubtree=true
# The remaining config vars are OPTIONAL.
# If true, if a user authenticates via LDAP and there is no
# matching Clearwell username, create a new user. esa.ldap.createUnknownUsers=true
# Comma-separated list of cases to which access is given for newly
# created Clearwell users, special value: <all-cases> gives access to
# all cases.
# Default is empty (no cases).
esa.ldap.newUserCaseList=<all-cases>
# Prefix stripped from any LDAP role before attempting to identify
# a matching Clearwell role. Default is 'Clearwell ' (note the space
# character).
esa.ldapRolePrefix=Clearwell-
# Default role given to users that don't have any matching LDAP roles esa.ldap.defaultRole=Case User
# Email domain appended to user name as part of email address
# for newly created Clearwell users esa.ldap.newUserEmailDomain=foo.com
# Comment stored for new users.
esa.ldap.userComment=LDAP user
Discovering Archive Sources : About Active Directory Discovery PAGE: 75
Note: You must have system administrator privileges, with access across all cases to perform all system configuration and archive discovery tasks on the Clearwell appliance.
For information about how to discover and manage archive document sources, refer to the following topics:
•
“About Active Directory Discovery” in the next section
•
“About Discovering HP IAP Archives” on page 75
•
“About Discovering Symantec Enterprise Vault Sources” on page 76
•
“About Discovering Lotus Domino Sources” on page 76
About Active Directory Discovery
The Active Directory (AD) crawler discovers your Microsoft Exchange servers, the mailboxes on each server, and your organizational data, such as physical locations and departments (groups).
The Clearwell appliance must belong to a Windows domain for the AD crawler to run. To schedule the AD discovery to be run periodically, see
“Managing Schedules” on page 77
.
To view the discovered Exchange servers, limit the appliances that can access them, or change the user account or password required to access each server, refer to "Adding Email Server/
Archive Sources" Case Administration Guide . To index the documents on a discovered Exchange server, the server must be added to a case (refer to "Defining New Cases" Case Administration
Guide ).
For details on how to perform Active Directory discovery, refer to "Step 3: Source Setup" in the
Network Setup Guide .
About Discovering HP IAP Archives
If you have Hewlett-Packard (HP) Integrated Archive Platform (IAP) archives in your network, you can define them by running the HP IAP discovery process to discover the mailboxes in each archive. To schedule the IAP discovery to be run periodically, see
“Managing Schedules” on page 77 .
case (refer to "Defining New Cases" Case Administration Guide ).
For details on how to perform Active Directory discovery, refer to "Step 3: Source Setup" in the
Network Setup Guide .
Discovering Archive Sources : About Discovering Symantec Enterprise Vault Sources PAGE: 76
About Discovering Symantec Enterprise Vault Sources
For detailed information on performing EV discovery, refer to "Step 3: Source Setup" in the
Network Setup Guide .
To schedule the Symantec EV discovery to be run periodically, or to limit the appliances that can access a discovered archive, see
“Managing Schedules and Jobs” on page 77
. To index the documents on a discovered vault, the vault must be added to a case (refer to "Defining New
Cases" Case Administration Guide ).
About Discovering Lotus Domino Sources
To schedule discovery on the Lotus Domino source to be run periodically, or to limit the
appliances that can access a discovered archive, see “Managing Schedules and Jobs” on page 77 .
To index the documents on a discovered source, the source must be added to a case (refer to
"Defining New Cases" in the Case Administration Guide ).
For detailed information on performing discovery on Lotus Domino Sources, refer to "Step 3:
Source Setup" in the Network Setup Guide .
Managing Schedules and Jobs : Managing Schedules PAGE: 77
For information about how to manage schedules and jobs, refer to the following topics:
•
“Managing Schedules” in the next section
•
“Viewing Jobs and Accessing Exported Files” on page 79
Managing Schedules
On the Schedules screen, you can schedule system and case backups, depending on your view
(System > Schedules, or Case Home > Schedules). For information on scheduling case jobs,
(such as change, disable, or delete any schedule, including the document processing schedules for specific cases), refer to "Managing Case Schedules and Jobs" in the Case Administration Guide .
From System view, you can schedule document discovery for an Active Directory server,
Enterprise Vault directory server, HP IAP archive, or Lotus Domino server, including scheduling a system backup, or setting up a bulk source, or custodian import. For more information about
system and case backups, see “Backup and Restore” on page 89 .
To manage schedules (across all cases)
1.
From the System view, click Schedules.
2.
Use the Show menu to view all schedules or just the system schedules.
By default, all schedules display.
3.
To enable or disable a schedule, select the check box next to the schedule(s), and click
Enable or Disable.
The Scheduled Time column shows the first scheduled run time. The Case column shows a case name only for document processing schedules.
Note: To select all jobs, click the check box in the header row.
4.
To change a scheduled job, select the job type (the job type cannot be changed).
Note: For a document crawler job, you can change the maximum job duration and the document sources to be crawled.
5.
To delete a schedule, click the trash can icon, , associated with the schedule.
Managing Schedules and Jobs : Managing Schedules PAGE: 78
To create a new schedule
1.
Click Add.
2.
Specify the following information. An asterisk (*) indicates a required field. (The Scope will always be “System” in System view.)
Schedule Properties
Field
Description
Task Type
Initial Run Date*
Description
Enter a description of the job (up to 255 characters).
Select the Backup task or a discovery job for an Active Directory, HP IAP, or
Symantec EV server.
Specify the date of the first execution of the job:
• Click , and select a month and day .
or
• Enter the date directly as: MM/DD/YYYY.
IMPORTANT: The first time the Active Directory discovery is run, the job must be allowed to finish before a document processing job is run for any case. In general, run the discovery and processing jobs daily or weekly—first the discovery jobs, then the document processing jobs for each case. To ensure that all new documents are processed, do not schedule the discovery and document processing jobs to run at the same time.
Enter the start time in 24-hour format (HH:MM).
Start Time*
Frequency Select a recurring schedule (Daily, or Weekly).
Backup tasks
Note: Files requiring conversion during processing are not automatically backed up or restored by this backup. These files should be backed up separately. For more information about system and case
backups, see “Backup and Restore” on page 89 .
Cases to backup
System backup
For a backup job, select one of the following options:
• All cases at the time of the backup. Backs up all cases (the default).
• Selected currently available cases. Allows you to select zero or more cases to be backed up.
Select the check box to back up the master appliance system files after the cases are backed up (recommended). The cluster will be unavailable while the system backup is running.
Collections, Data Map backup
Backup name* Enter a name for the backup (up to 100 characters).
Bulk Import tasks (Source or Custodian)
Import Script File*
Select the check box to back up collections and sources in the data map for all cases, or selected case(s) on the appliance.
Enter, or click Browse to assign the script file to be used for either a scheduled bulk Source or Custodian import.
3.
Click Save to submit the new schedule, or click Cancel to discard your changes.
Managing Schedules and Jobs : Viewing Jobs and Accessing Exported Files PAGE: 79
Viewing Jobs and Accessing Exported Files
On the Jobs screen, you can stop jobs that are still running, and delete jobs that are completed or stopped. You can access jobs in different ways, in one of two views: From the System, or Case
Home view.
From the System view, you can see backup and restore jobs; those that pertain to all cases across the system. From there, if you select a case, or navigate to Case Home > Jobs, you will see jobs specific to that case. System, or case-specific jobs (depending on your view) are visible from the Jobs window while the job is currently running.
Case specific jobs can include all jobs for that case, such as exporting, and printing documents, plus any legal hold or identification and collections jobs. (Scheduled jobs are created and managed either from the System > Schedules, or Case Home > Schedules view.) For information on viewing case jobs, refer to "Managing Case Schedules and Jobs" in the Case Administration
Guide .
For export jobs, users normally download the exported documents from the Jobs window as a
single zip file. If the exported documents exceed the specified maximum size (see “Defining
System Settings” on page 24 ), you must access the files directly on the Clearwell appliance. Click
in the Jobs window to view the export job ID. The exported files can be accessed from:
<esa_root>\data\filemanager\<username>\jobRun-<jobid> For more information about running and producing export jobs, refer to "Performing Exports" in the Export and Production Guide .
To view/manage current jobs:
1.
To view jobs from either the System view (across all cases), or within a selected case:
A. On the top navigation bar, from All Cases view, click System > Jobs.
B. On the top navigation bar, with a case selected, click Case Home > Jobs. (For more information, refer to "Managing Case Schedules and Jobs" in the Case Administration
Guide .)
2.
To view the job log for a job, from the Jobs window, click in the status column.
3.
To limit the list of jobs displayed, select a user, case, or update time from the User, Context, and Jobs updated menus. Select System Jobs from the Context menu to view just the backup/restore jobs and email server/archive source discovery jobs. The Jobs window shows system jobs when you are in System view, and shows only case jobs when you are in
Case Home view, or search screen.
4.
To stop a running job, select the check box next to the job, and click Stop Jobs.
When a job is stopped, users can see the status change in the Jobs window. To open the
Jobs window, click Jobs above the navigation bar. Only users with one or more system administrative privileges can view system jobs in the Jobs window.
5.
To delete a completed or stopped job, click for the job, or select the check box next to the job, and click Delete Jobs. Note that all files associated with a deleted job are also deleted, such as PDF reports and PST zip files, and will no longer be accessible from the
Jobs window found above the navigation bar.
6.
To view errors, click Jobs at the top of the screen.
Managing Schedules and Jobs : Viewing Jobs and Accessing Exported Files PAGE: 80
If an error occurred while running the job, a warning indicator is shown next to the Jobs link. The status of your job displays, with a link to Find failed docs under the Actions column. Click to view details for the errors that occurred to each document.
When you click the link, the Export Errors filter appears in the Filter list, displaying the errors by type. This allows you to address the issues before re-running the job. For more information about filtering the export errors by problem type, refer to the section "Filtering
Search Results" in the User Guide .
Using the Support Features PAGE: 81
Clearwell offers advanced support features for administrators under System > Support
Features menu options.
To access the support features
1.
From the System view, click Support Features.
2.
Select an item from the Choose a support feature drop-down list.
3.
Optionally choose an appliance to which the feature will apply.
4.
Specify the information in the following table, according to the selected feature. To configure an additional features, click the tab. An asterisk (*) Indicates a required field.
Support Feature Settings
Field Description
Checksum Comparator
Choose an Appliance
(optional)
Select the case
Select the appliance
Case of the documents to be compared with a checksum of their content
Document ID 1
Document ID 2
Document ID in dotted notation or long value
Document ID in dotted notation or long value
Clear Native View Rendering Errors
Enter the following parameters for case*
Select a specific case to view rendering errors, or select ALL (by default).
Save output to file as
TXT?
Redirects the output to a unique TXT file.
Confirmation Server Management
(For Legal Hold licensed users only)
Refer to the Appendix in the Legal Hold User Guide for more information on how to configure your confirmation server for the Legal Hold module.
Crawler Manager
Select the case (or system)*
Select a source for the properties.
Pattern to match
Name of property to change
New value
Confirm change*
Find properties that match the specified pattern.
Specify the full-qualified property name.
Specify the property value, or leave blank to remove the property.
Select to require confirmation of the change to the property value.
Using the Support Features PAGE: 82
Support Feature Settings (Continued)
Field
Crawler Command*
Description
•
Specify the command crawler command:
Configure —Displays the list of settings that you can change. For an example of how to change a setting, see
“Configuring the Backup Location” on page 28
.
• Help—Displays a description of the menu options.
• Status—Indicates which services are enabled.
• StartCrawlers—Enables all the Clearwell services.
• StopCrawlers—Disables all the Clearwell services.
File Based Search
Case
Query file path
Folder to restrict search
Folder for results
Save output file as
TXT?
Select the case that you want to search
The file containing the search query terms
Specify which folders you want to search
Specify the new folder’s name. Search results will be tagged and placed in this folder. The folder is created under the Root folder. If the folder already exists, results are copied to the existing folder.
Redirects the output to a unique TXT file.
File Warnings
File warnings are for processed data errors. Errors during discovery are not reported.
Select the case* Select the case for which you want to list non-indexed files. (On the
Processing > Exceptions screen, informational messages are hidden by default; only warnings are displayed by default). For example, messages describing simply that a “file has been OCR processed by Clearwell”, is not displayed, and instead, only shows errors that occurred, such as “file OCR conversion error” in which Clearwell was unable to process the file.
Note: To view information and warnings, clear the Show Warnings Only check box in the View drop-down menu on the Exceptions screen. (This option can be disabled under File Notices, Message Warnings, and
Unprocessed Documents tabs. (Settings are not saved in the system.) To change the default, select the Property Browser support feature, and in the
Name of property to change field, enter esa.analytics.exceptionInfo
and set the New value to false.
When enabled, both information and warnings will be shown to the user for the selected case.
Reason Code
File Format
Select the reason to include in the generated report.
Choose CSV or XML as the format for excluding the file from processing.
Using the Support Features PAGE: 83
Support Feature Settings (Continued)
Field
Firewall Browser
Firewall Command*
Description
The Windows firewall is enabled by default, and Clearwell applications are registered by path name as trusted applications. A system administrator can view the firewall status and settings through the Clearwell web interface. In general, changes to the firewall should be made through Windows, but several Clearwell commands are provided to configure the firewall from the appliance command line. In most cases, no changes should be necessary.
Firewall command options:
• Help—Displays a description of the menu options.
• Status—Indicates whether the Windows firewall is enabled and displays the list of registered Clearwell applications and all registered port numbers.
• Windows—Displays all the Windows firewall settings.
• Config—Displays the list of Clearwell applications that are registered by name with the Windows firewall. Port number 3389 is also registered to support the Remote Desktop application. Use this option to view the Clearwell applications that must be registered with the new firewall.
The following commands can be entered on the command line of the
Clearwell appliance. These commands apply only to the Windows firewall.
• firewall enable—Enables the Windows firewall (if disabled) and registers the Clearwell applications by path name. Port number 3389 is also registered for the Remote Desktop application.
• firewall disable—Disables the Windows firewall and deregisters the Clearwell applications and ports.
• firewall status—Displays the status of the Windows firewall and lists the registered Clearwell applications and registered ports.
• firewall reset—Resets the Windows firewall to its original Windows server default settings. This deregisters both Clearwell and non-Clearwell applications and ports.
Redirects the output to a unique TXT file. Save output to file as
TXT
Generate new collection encryption keys
Save output to file as
TXT
Saves output to TXT file.
Get Service Tag
Note: The service tag is required to license a server.
Save output to file as
TXT
Saves output to TXT file.
This information is used when updating license information.
Imports tagging Errors
Select the case
Row Limit
Save output to file as
TXT
Select the case containing import tagging errors.
Specify the maximum number of import tagging errors to report.
Saves output to TXT file.
Using the Support Features PAGE: 84
Support Feature Settings (Continued)
Field Description
LDAP Configuration Tester
User Name and password
Domain user account and password used to connect to LDAP
Save output to file as
TXT
Saves output to TXT file.
LDAP Utility
Clear-text password Type a clear-text password in the field. Click Submit and Clearwell encrypts the password.
List Frequent Terms criteria for list Generates a list of terms frequently indexed within a case.
Output can be saved to a TXT file.
Message Warnings
Lists messages that have been indexed with warnings for a case
Select the case (or system)*
Select the case for which you want to retrieve a list of indexed warning messages. If you want to filter out any information-level warnings reported on the Processing > Exceptions screen. Doing so will display only errors encountered when processing. (For example, messages describing simply that a “file has been OCR processed by Clearwell”, would not be displayed, and instead, only show errors that occurred, such as “file OCR conversion error” in which Clearwell was unable to process the file.
Note: You can change the default from viewing only warnings exceptions to showing all information messages to users for a specified case. To do this, select the Property Browser support feature, and in the Name of property to
change field, enter esa.analytics.exceptionInfo
and set the New value to false
Upon changing this property, all message exceptions (not just warnings) will be displayed by default, to the user for the selected case. (Users would need to select the Show Warnings Only check box on the Exceptions screen to filter their view.)
Select the reason to include in the generated report.
Reason Code
File Format Choose CSV or XML as the format for excluding the documents from processing.
PKI Certificate Installer
PKI Certificate information
Provide the location of the PKI certificates along with the appropriate authentication information to install the certificates on the Clearwell server.
Production Pre-mediation
For case* Run pre-mediation for selected case (or ALL, by default).
Size threshold for file Set the threshold at which the file is considered to be large. (Default is 75 MB).
Note: A file can be any type, for example, PDF, EML, DOC, PPT.
Using the Support Features PAGE: 85
Support Feature Settings (Continued)
Field
Size threshold for
Excel file
Large timeout (sec.)
Description
Set the threshold at which an XLS file is considered to be large. (Default is 50
MB).
Maximum timeout
(sec.)
Set the value (in seconds) that is considered to be a high timeout. (Default is
3600 seconds.)
Set the maximum value (in seconds) beyond which the file should be skipped.
(Default is 7200 seconds.)
Number of attachments
Number of embeddings
Start from scratch?
Set the threshold for considering the number of attachments in a message to be large.(Default is 100 attachments.)
Note: This value does not include the number of embeddings.
Set the threshold for considering the number of embeddings in a message to be large. (Default is 500 embeddings.)
Select whether to run pre-mediation on the selected case(s) from scratch.
Note: If a job is running, it will be stopped and a new one will be started.
Saves output to TXT file.
Save output to file as
TXT
Page Counter Settings
Enable Page Counter This option must be enabled.
File types
Domain
UserName
You must select at least one of the following file types: MS Excel, MS
PowerPoint, MS Word, or PDF.
The domain for the user account that runs the process
The name of the dedicated user account
Password
Save output to file as
TXT
Password for the user account
Saves output to TXT file.
Production Slip Sheet Report
Case Name Select the case that contains the produced documents.
Name of the production folder.
Folder Name
Property Browser
Select the case*
Pattern to match
Name of property to change
New value
Confirm change*
Save output to file as
TXT
Select the case for which you want to specify properties.
Find properties that match the specified pattern.
Specify the name of the property to change. To see a list of properties, click
Submit .
Specify the property value, or leave blank to remove the property.
Select to require confirmation of the change to the property value.
Saves the output at a TXT file. When you click Submit , a link to the file is displayed. If you do not select this option, the converted password is displayed on the screen under the Submit button.
Using the Support Features PAGE: 86
Support Feature Settings (Continued)
Field Description
Source Locator Modifier
Within case Updates source location values for selected case (for documents whose source locations are to be modified).
Note: This is intended for archiving source data only; do not use for moving
'Collection' sources.
OPERATION
SOURCE
DESTINATION
Save output to file as
TXT
Select whether to:
• execute—archive source data
• verify—verify the row counts from tables that will be affected
Enter the source path to be identified and replaced.
Enter the destination path that would replace the source.
Saves output to TXT file.
System Stats
Save output to file as
TXT
Saves the output at a TXT file. When you click Submit , a link to the file is displayed. If you do not select this option, the converted password is displayed on the screen under the Submit button.
Note: System statistics provide the total number of bytes processed for messages and loose files across all cases, and for each individual case. To view more detailed statistics for a specific case, refer to "Monitoring Source
Processing Status" in the Case Administration Guide .
Unmount all UNC paths mounted by Clearwell appliance
Click Submit to unmount all UNC paths mounted during identification and collection.
Unprocessed Documents
Select the case* Select the case for which you want to retrieve the unprocessed documents.
Reason Code
File Format
Select the reason to exclude the documents from processing.
Choose CSV or XML as the format for excluding the documents from processing.
Unprocessed Mailboxes
Select the case* Select the case for which you want to retrieve the unprocessed documents.
Upload to Support
Name
Current Appliance
Only
Date Range
Enter a name to identify the log file package to send. A timestamp is automatically appended to the name.
Select the check box to restrict the logging only the appliance that was selected. If this check box is not selected, log content from all appliances for which the selected appliance is the master is sent.
Includes logs for all dates, or limit the logs to today or from a specified date to the current time. Click to specify the starting date.
Using the Support Features PAGE: 87
Support Feature Settings (Continued)
Field
How to Send
Description
Select whether to send the information to Clearwell by HTTPS or FTP, or to generate a ZIP file.
Include Extra System
Information
Select the check box to include additional information, such as case information. Because this option requires system communication and processing resources, considering deselecting this check box if you are concerned about system load.
Utility Node Resource Management
Mode Each mode performs a different management task.
• Add Utility Node—adds a node. Specify the Utility Type and use the
Utility Nodes to Add/Remove field to specify the node name.
• Remove Utility Node—removes a node. Specify the Utility Type (IGC,
RETRIEVER, or STELLENT) and use the Utility Nodes to Add/Remove field to specify the node name.
• Resource List—generates a comprehensive list of resources. Select the node by using the Utility Node menu. Select the type of Resource with the
Resource Type menu.
• Conversions—generates a list of conversions. Select the node by using the
Utility Node menu. Select the type of Resource with the Resource Type menu.
• Statistics—provides the following statistics for the node: Job Count, Error
Count, Capacity, and Conversions currently taking place. Specify the Utility
Type (IGC, RETRIEVER, or STELLENT) . Select the node by using the Utility
Node menu. (Optional) You can select the number of hours to be used in the Hour-range to be used for Statistics Mode menu.
• Configure Resource Manager—enables you to define a new resource manager. Specify the new resource manager by using the Resource
Manager Host Name field.
• View Retriever Source Mappings—provides the mappings of PST/NSF source files to the PST/NSF retrievers running on various nodes. No other fields are required to perform this task.
Utility Node
Resource Type
Name of the node
Type of resource. The list of resource types includes DOC, PDF, DRW,
STELLENT, PST, NSF.
Three Utility Types exist: IGC, RETRIEVER, STELLENT
Select the number of hours to be used to generate statistics.
Utility Type
Hour-range to be used for Statistics
Mode
Utility Nodes to Add/
Remove
Resource Manager
Host Name
When adding or removing utility nodes, specify the node name.
When configuring the resource manager, provide the new resource manager name in this field.
For information about Pre-Processing Reports, refer to "Generating Pre-Processed Data" in the
Case Administration Guide .
Using the Support Features PAGE: 88
Backup and Restore : About Backups PAGE: 89
This section describes basic administrative tasks involving backup and restore.
•
•
“Creating Case Backups” on page 93
•
“Creating Appliance Backups” on page 99
•
“Creating System Backups” on page 103
•
“Backing up a Cluster” on page 104
•
•
“Managing Backups and Archives” on page 105
•
•
“About Backing up Case Source Data” on page 108
About Backups
Creating a backup routine is a critical aspect of system administration. You can backup your
Clearwell data by case, appliance, and system. Cluster backups are performed through a combination of backup types.
Note: Clearwell does not back up source case files (PST, NSF, Loose Files, converted files, etc) in either a case or appliance backup. You need to back your source files up using a separate data backup product.
The following diagram illustrates the difference between case, appliance, and system backups.
Backup and Restore : About Backups PAGE: 90
• Case backups
Case backups contain all the index and database information related to the selected case, including user-generated tags and notes.
Case backups are used to checkpoint a case, that is, restore a case to a previous state. Case backups can also be used as a tool to transfer cases to different appliances.
Note: For more information about case backups in a distributed environment, refer to the
Distributed Architecture Deployment Guide.
• Appliance backups
Appliance (or node) backups include all index and database information for all cases on the appliance.
Appliance backups are the backup option to guard against appliance failure.
Note: When you restore from an appliance backup you restore the entire appliance. You cannot restore specific cases from an appliance backup.
• System backups
System backups include the system files on the master appliance required to restore a cluster on a new master appliance. System backups do not include all system data.
The following data is not included in a system backup. You can only obtain this data from an appliance backup:
– System statistics and logs
– List of data sources enabled for each cluster appliance
– Schedules or history of system-level jobs (such as backup/restore)
– Backups or exported results stored on the master appliance
System backups, when paired with case backups for all cases, enable you to restore a cluster.
• Cluster backups
Cluster backups are a combination of backups that enable you to restore the cluster. There are two backup combinations that can result in a successful cluster backup.
– Appliance backups for each appliance
– Case backups for all cases AND a system backup
Note: For more information about node backups in a distributed environment, refer to the
Distributed Architecture Deployment Guide
• Data Map and Collections Backups
For more information on data map and collections backups, refer to "Running Collections
Backups" in the Identification and Collection Guide .
Backup and Restore : About Backups PAGE: 91
Common Backup Practices
The following tips represent common backup practices in use by Clearwell customers.
Backup Frequency
• On-demand Case Backups
– After initial case processing has completed and before end-user work begins.
– Before processing additional batches.
Because Clearwell does not allow you to back out or delete processed batches, strategically-used case backups provide a way to back out problematic batches.
• Scheduled Case Backups
Based on checkpoint requirements, case-level backups are often scheduled to run nightly with a rolling 7-day case backup history.
• Scheduled, Appliance Backups
Based on recovery sensitivity, an appliance-level backup is often scheduled to run weekly during an off-hour weekend backup window.
.
Backup Location
Your case and system files should be backed up periodically on an external device for disaster recovery in the event of an appliance failure.
• The backup destination for case- and appliance-level backups should be changed to a network-based directory off of the Clearwell appliance.
• If the backup destinations are not changed, it is suggested to schedule a script to copy any local backups off of the Clearwell appliance to a network-based directory (This script is not provided by Clearwell).
Note: Clearwell strongly recommends a high bandwidth, low latency network connection between the Clearwell appliance and the destination backup network directory.
Cautionary Practices
• Using Third-party backup software packages
Third-party backup software is often unable to back up the MySQL database and other locked files while Clearwell services are running.
Note: Do not attempt to back up cases manually by copying the case data store folders on the appliance. Case information is stored in multiple locations.
Backup and Restore : About Backups PAGE: 92
Developing your Backup Routine
You can implement a range of different backup strategies based on your end-user requirements for check-pointing and your sensitivity to recover in the event of a failure.
The following scenarios describes how the (intensity of use) impacts your backup routine. These examples are on opposite ends of the spectrum. Your environment will most likely fall between these cases.
Scenario: Your Clearwell server is in constant use.
• Case administrators and reviewers work late into the night
• You have several large cases
• Processing jobs run most weekends while users are offline
Recommendation: Schedule case backups nightly and appliance backups for every weekend.
Reason: If your cases are being used during off-peak business hours or your cases are very large, your nightly case backups are likely to fail.
Case backups automatically fail if a user is logged into the case: if users work on case files after business hours, the case backup will not run.
If cases are large, the nightly backup might not complete by the time users are ready to start reviewing again. In this situation, the backup is likely to be cancelled so the work can continue.
Repeated cancellations of your case backups can put your work product at risk by not having an up-to-date backup.
To address this, you can ensure that you get a weekly backup by running an appliance backup over each weekend. Appliance backups ensure your work product and appliance are backed up.
The downside is that appliance backups shut down the system and can interfere with other tasks that are likely to be scheduled for non-working hours.
Summary: If case backups fail every night, use an appliance backup every weekend. Schedule a maintenance window to ensure processing jobs do not interfere with the appliance backup.
Scenario: Your Clearwell server has no off-hour traffic and your cases are not too large.
Recommendation: Schedule case backups every day and appliance backups monthly or as needed.
Reason: If your cases and system backup regularly, you can restore your cases without the need of an appliance backup. Appliance backups provide more system data than a system backup, however, you can perform appliance backups on a less rigorous schedule.
The Benefit: Weekend processing time (when users are not online and accessing cases) can be used to process, create productions, and perform other tasks which require users to be offline.
Backup and Restore : Creating Case Backups PAGE: 93
Creating Case Backups
Case-level backups are often used to checkpoint end-user work in order to provide a point-intime backup of tags, exports, etc. for the case. Case backups are recommended before indexing new data, large tagging operations, or other substantial changes.
Additionally, you can use case backups to move cases from one appliance to another. As a case becomes larger and requires more disk space, you can move the case to another appliance by backing up the case and then restoring it to another appliance in the cluster.
Case backups can be performed on-demand or scheduled to run on a daily or weekly basis.
Note: For more information about case backups in a distributed environment, refer to the
Distributed Architecture Deployment Guide.
Case Backup Characteristics
• All index and database information related to the selected case is backed up.
• Source case files (PST, NSF, Loose Files, converted files, etc) are never backed up in either a case, appliance, or system backups.
• Best Practice: Only use alphanumeric characters in backup names.
• For a case backup to start, all users must be logged out of the case and no jobs related to the case can be running (for example, processing or export jobs).
• Once started, users cannot access the case until the case backup completes.
• By default, case backups are saved locally to the Clearwell appliance at
D:\CW\<current_product_version>\caseBackups
On-Demand Case Backups
On-demand backups are a convenient way to mark milestones in a case workflow. You can create checkpoints to establish fallback positions should your data become unusable.
It is typical to perform an on-demand, case-level backup after indexing any new data and before end-user work begins.
To backup a case on demand
Before you begin: Verify that no one is currently using the case.
To backup a case, you must have System Management permissions.
1.
From the All Processing view, click the Cases tab.
2.
Select the check box of the case you want to backup.
3.
Click Backup.
The Backup Case screen displays.
4.
Provide a backup name.
Best Practice: Only use alphanumeric characters in backup names.
Backup and Restore : Creating Case Backups PAGE: 94
5.
Verify that you want to perform a system backup on completion.
The Clearwell system will not be available during a system backup. Clearwell delays userperformed operations that impact the system until the system backup completes. System backups typically run between 1-5 minutes.
6.
Click Start Backup.
The backup begins.
The duration of a case backup depends on the size of the case and the backup location.
Next Steps:
• To stop the backup, click Jobs at the top of the screen, and click Stop.
• To verify that the backup was successful, go to System > Jobs. Successful jobs are automatically pruned from the jobs list. If you do not see the backup in the Jobs pane and it has completed running, it was successful.
Scheduled Case Backups
Scheduled cases help you maintain a set of up-to-date backups.
Each scheduled case backup overwrites the most recent backup with the same backup name. If you need to preserve multiple copies of a case backup, schedule a weekly backup to occur on each day of the week.
For example, you can create seven weekly-backup schedules with one backup for each day of the week. This would result in a scheduled Sunday backup, Monday backup, Tuesday backup,
Wednesday backup, Thursday backup, Friday backup, and Saturday backup
Note: If you schedule several weekly backups and plan to have a full, appliance backup over the weekend, consider skipping a case backup on Saturday and Sundays since they are redundant to the appliance backup.
To schedule a case backup
Before you begin: To schedule a case backup, you must have System Management permissions.
1.
From the System view, click Schedules.
The Schedule pane displays with a list of current schedules.
2.
At the bottom of the Schedule pane, click Add.
The Add Schedule screen displays.
3.
From the Task Type menu, select Backup.
4.
Set the Initial Run Date, Start Time.
5.
Choose whether the backup should be run daily or weekly.
Remember that scheduled case backups overwrite the most recent backup with the same backup name.
Backup and Restore : Creating Case Backups PAGE: 95
6.
Select Enabled to run the scheduled backup at the next scheduled time.
7.
Select the case or cases that you want to backup.
Note: If the case name is changed after setting up a backup schedule, the new case name is automatically added to the schedule, and the case continues to be backed up. Backups made with the old case name are not deleted.
8.
Provide a backup name.
You identify specific case backups from the combination of Case name and Backup name.
For example, you can identify your Tuesday backup of your case named, Patent Lawsuit by naming your backup “Tuesday”. From the All Processing > Backups screen, each case name displays with the backup name.
Best Practice: Only use alphanumeric characters in backup names.
9.
Verify that you want to perform a system backup on completion.
The Clearwell system will not be available during a system backup. Clearwell delays userperformed operations that impact the system until the system backup completes. System backups typically run between 1-5 minutes.
10. Click Save.
The new case backup displays in the Schedule pane.
Next Steps:
• To view when the backup ran, go to System > Schedules. The Last Run column lists the most recent time that the backup ran.
• To verify that the backup was successful, go to System > Jobs. Successful jobs are automatically pruned from the jobs list. If you do not see the backup in the Jobs pane and it has completed running, it was successful.
To view the case backup schedule
• You can view all scheduled tasks, including backups, from System > Schedules.
The Schedule pane describes when the task is scheduled to run, when it was last run, and whether the task is enabled.
Managing the Case Backup Destination
By default, case backups are saved locally to the Clearwell appliance at
D:\CW\<current_product_version>\caseBackups .
For a higher level of redundancy and to simplify management of clustered deployments, direct case backups to a shared network location.
Tip: Clearwell strongly recommends a high-bandwidth, low-latency network connection between the Clearwell appliance and the destination network share.
Backup and Restore : Creating Case Backups
To view the case backup destination
1.
From the System view, click Support Features.
2.
Select Property Browser from the drop-down menu.
3.
Select the appliance that hosts the case.
4.
Click Submit.
The backup directory displays as the esa.case.backupDir.
In the following example, the default caseBackups directory is being used.
PAGE: 96
To change the backup location
1.
From the System view, click Support Features.
2.
Select Property Browser from the feature menu, and click Submit to view the properties that you can change.
Backup and Restore : Creating Case Backups PAGE: 97
3.
Enter the following information. An asterisk (*) indicates a required field.
Directory Properties
Field
Name of property to change
New value (leave blank to remove)
Confirm change*
Description
Enter the following property name: esa.case.backupDir
You can change this value by editing the esa.case.backupDir
property using the Property Browser support feature. You must specify the
backupDir for each appliance in the cluster by repeating the process for each appliance in the Choose an appliance drop-down list.
You must also set the esa.case.sharedBackupDir
property to true in order for the cluster to recognize the backupDir location as a shared location that is visible by all appliances in the cluster. It is not necessary to set this property for each appliance in the cluster.
Enter the full path of the backup location in Uniform Naming Convention
(UNC) format (up to 256 characters). For example:
\\pine\backup_folder
Select the check box to confirm the change.
4.
Click Submit to apply the change.
Troubleshooting Case Backups
A case backup (either on-demand or scheduled) will fail if:
• A user is logged into the case being backed up.
By default, users are automatically logged out after 30 minutes of inactivity.
• The case name includes special characters such as ampersand ("&").
• Another job (processing, tagging, export, etc.) is running for the case being backed up.
• Your virus scanning software is setup incorrectly.
Verify that the mysqltemp directory is excluded from your virus scans. If the mysqltemp directory is scanned, the virus scanner is likely to quarantine or delete the files. These files are necessary for backups to complete successfully.
Note: If the backup for a case fails, scheduled backups for other cases are still attempted.
Backup and Restore : Creating Case Backups PAGE: 98
Case Backup Maintenance
To ensure that backups run smoothly, perform the following tasks periodically.
Check Disk Space and Date/Time of backups
From the All Processing view, click Backups. On the Backups screen, you can check the Disk
Space and Date/Time of the case backups.
• Disk Space - Case backups contain the case's entire job output, including any export jobs for the case. Cases with large export jobs can result in larger-than-expected backup sizes.
Note: The available disk space at the backup destination should be frequently monitored to ensure there is adequate disk space for the backups.
• Date/Time - Verify that backups complete during the desired backup windows. If you find that backups are running over their allotted time, you can reduce the number of cases being backed up in an evening or move inactive cases to archive status.
View Failed Backup Jobs
From the System view, click Jobs and check for any failed case backup jobs.
Unneeded case export jobs can be deleted from here to reduce the size of a case's backup.
Delete Backups
You might want to delete unwanted backups if you are running low on disk space.
To delete a case backup
• From the All Processing > Backups screen, find the unwanted case backup and click the delete icon.
Backup and Restore : Creating Appliance Backups PAGE: 99
Creating Appliance Backups
Appliance (or node) backups are often used to guard against the rare event of an appliance failure.
Appliance backups include index and database information for all cases on the appliance into a single appliance backup package.
Appliance backups are performed through the desktop Clearwell Utility or through a command line script. Appliance backups can be scheduled to run on a daily or weekly basis or performed on-demand.
See “Common Backup Practices” on page 91 for more information on determining the frequency of your
backups.
Appliance Backup Considerations
• An appliance backup stops all Clearwell services for the entire duration of the backup.
This will render the Clearwell interface unusable during the appliance backup.
• Old appliance backups are not purged through the scheduled appliance backup process.
Consideration should be given to periodically clean up the old appliance backups from the destination appliance backups directory.
• If the appliance backup destination is modified to point to a network share, the Windows account you are logged in as when running an on-demand appliance backup needs to have read/write permissions to the network share.
WARNING: Do not schedule appliance backups and case backups to run at the same time.
Appliance backups include case backups. If a case backup starts and is interrupted by an appliance backup, the case backup will restart after the appliance backup completes. This is not harmful, but can result in extra time being committed unnecessarily to the backup process.
On-Demand Appliance Backups
On-demand appliance backups are performed on the Clearwell Appliance through the Clearwell
Utility.
To backup an appliance on demand
1.
On the Clearwell appliance, double-click the Clearwell Utility icon (shortcut icon on the desktop).
A shortcut link to the Clearwell Utility is also on the Clearwell appliance desktop.
2.
Type 1 to perform an appliance backup.
All Clearwell services will be stopped and the appliance backup will prompt the user for the following information:
A. Type the appliance backup name.
Best Practice: Only use alphanumeric characters in backup names.
B. Would you like to backup log files?
Type yes. Backup log files are not necessary to restore an appliance, however, they help with debugging issues.
C. Would you like to backup case backups?
Type no.
Each case is backed up into the appliance backup package. This option determines whether or not to also backup any existing case-level backups into the appliance backup package.
Note: This prompt should not be presented if the case backup destination has been changed to a remote location. If the option displays, type
no.
Backup and Restore : Creating Appliance Backups PAGE: 100
Scheduled Appliance Backups
Clearwell provides a backup script to use for scheduling appliance backups. Using this script in conjunction with the Windows Scheduled Task Wizard is the recommended way to schedule appliance backups.
The scheduled backup script will copy the appliance backup to the configured backup appliance destination using a folder named with the backup date and time in the form
YYYYMMDD_HHMM. For more information on changing the backup appliance destination, see
“Managing Appliance Backup Destination” on page 101
.
When using the backup script, log files are backed up and case backups are not backed up.
Note: Scheduled appliance backups are less common than on-demand appliance backups.
Because large processing and production tasks tend to occur during optimal backup windows, it is likely that a backup cannot be scheduled at a predictable interval.
To schedule an appliance backup
For clustered deployments, the backup script on each appliance in the cluster should be configured to run at the same time.
Before you begin: This procedure must be completed on each appliance in the cluster.
1.
On the Clearwell appliance, access Scheduled Tasks from the Control Panel.
Click Start > Settings > Control Panel > Scheduled Tasks > Add Scheduled Task.
2.
When the Scheduled Task Wizard opens, click Next.
3.
On the Program Selection screen, browse to
D:\CW\<current_product_version>\bin\scheduledNodeBackup.pl
and click Open.
4.
Type the task name (example: ApplianceBackup), select a frequency for the task
(example: Weekly), and click Next.
5.
Select additional time and frequency options and click Next.
6.
Type the user name and password to execute the task and click Next.
Note: Configure the task to start with an account that has permission to run a scheduled task and write to the backup destination directory.
7.
Click Finish.
Backup and Restore : Creating Appliance Backups PAGE: 101
Managing Appliance Backup Destination
By default, appliance backups are saved locally to the Clearwell appliance under
D:\CW\<current_product_version>\backups\
For a higher level of redundancy and to simplify management in clustered deployments, it is possible to direct the appliance backup destination to a network share.
Clearwell strongly recommends a high bandwidth, low latency network connection between the Clearwell appliance and the destination network share.
If the appliance backup destination is modified to point to a network share, the Windows account you are logged in as when running an on-demand appliance backup needs to have read/write permissions to modify the network share.
To verify that the user account has modification permissions
1.
Log in to the appliance with the user account being used for the backup.
2.
Create a temporary directory.
› If it succeeds, the user account is configured correctly.
› If you cannot create a temporary directory with the user account, modify the user account permissions or update the service to run under a user account with the correct permissions.
To view the appliance backup destination
The default location of an appliance backup is
D:\CW\<current_product_version>\backups\
Use this procedure to determine if the location has been changed from the default.
1.
From the appliance, view the config.properties file.
D:\CW\<current_product_version>\config\configs /
\esauser\config.properties
2.
Search the file for the auto.backup.dir property.
This property configures the appliance backup directory.
Note: If it is not listed, the default location is being used.
To change the appliance backup destination
Create a network directory to store the backups which is accessible via UNC from the Clearwell appliance. For a clustered deployment, it is recommended to write each appliance backup to a directory of the same name such as:
\\FileShareServer\Directory\applianceBackups\Appliance1
\\FileShareServer\Directory\applianceBackups\Appliance2
\\FileShareServer\Directory\applianceBackups\Appliance3
1.
Open the config.properties file under
D:\CW\<current_product_version>\config\configs /
\esauser\config.properties
Backup and Restore : Creating Appliance Backups PAGE: 102
2.
At the end of the file, insert the following lines where the UNC path is that of the respective appliance directory created in Step 1.
Note: For this configuration property, forward slashes / must be used in the directory path syntax.
#Configure Remote Appliance Backup directory auto.backup.dir=//FileShareServer/Directory/appliance-
Backups/Appliance1
3.
Save and close the file.
4.
On the appliance desktop, double-click the Clearwell Utility.
5.
Select Option 7 to Build Incremental Configuration Changes.
6.
For a clustered deployment, repeat this procedure on each appliance in the cluster.
Troubleshooting Appliance Backups
Appliance backups fail in these situations.
• The appliance backup is directed to a non-existent location.
• The backup name is incorrect or misspelled.
• The appliance backup is stopped before it completes. See
“Appliance Backup Maintenance” on page 102 for information on partial appliance backups.
Appliance Backup Maintenance
Clean up partial appliance backups.
WARNING: If an appliance backup does not complete successfully, you must manually delete the backup folder. Otherwise, you might attempt an appliance restore with a partial backup, leading to the loss of your case data.
1.
Navigate to the appliance backup directory.
The backup directory destination is configured in the config.properties file. For more information, see
“To change the appliance backup destination” on page 101
.
2.
Delete the directory containing the incomplete backup.
3.
Rerun your appliance backup.
Check Disk Space
Verify that you have sufficient disk space for additional appliance backups.
Backup and Restore : Creating System Backups PAGE: 103
Creating System Backups
If the master appliance fails, a current backup of the system files is required to restore the cluster on a new master appliance.
System backups rarely need to be performed on their own. By default, all case backups include a system backup.
You might want to create a system backup after performing the following tasks.
• Creating user accounts
• Updating or creating user roles
• Creating or editing global data sources
To backup system files
1.
From the System view, click Backup.
2.
Provide a name for the system backup, and click Start Backup.
Managing System Backup Destination
The system backup destination is the same as the case backup destination. For more
information, see “Managing the Case Backup Destination” on page 95 .
Backup and Restore : Backing up a Cluster
Backing up a Cluster
A combination of backups that enable you to restore the cluster:
• Appliance backups for each appliance
PAGE: 104
• Case backups for all cases and a system backup
About Archiving
When Clearwell archives a case, it creates a new backup of the case and then deletes the case from the list of active cases.
To archive a case
1.
From the All Processing view, click the Cases tab.
2.
Select the case you want to archive, and click Archive.
• You can view the archived case by clicking the Archives tab.
Backup and Restore : Managing Backups and Archives PAGE: 105
Managing Backups and Archives
A backup is a copy of a case that you make while the case is on-line and accessible. You can use backups to provide case checkpoints, or make a copy for disaster recovery purposes. A backup is portable to other Clearwell clusters provided that the cluster has a different cluster ID than the original cluster.
An archive is a final backup of a case. The system performs a backup and then removes the active version of the case from the system. The license quota is returned (the space becomes available) if you have a concurrent license. You can restore archives, only if sufficient quota space is available to bring the base back online. Contact Clearwell for licensing information.
Use the Backups and Archives tab under the Manage Cases screen to manage case backups and archives.
To manage backups and archives
1.
From the All Processing view, click the Backup or Archives tab.
2.
Use the controls at the top of the screen to filter the list:
A. Choose the backups you want to view from the Show drop-down list.
B. Specify a date range by entering the date (mm/dd/yyyy format) or clicking the calendar icons and selecting dates.
C. Click Filter to display the filters results.
3.
To export a table of information from the Cases screen (in CSV format), select the backup and click Export.
4.
To restore a backup, select the backup and click Restore. Verify the information, and click
Start Restore.
The progress of the restore is shown on the Backup screen.
Backup and Restore : About Restore PAGE: 106
About Restore
The process of restoring a backup and restoring an archived case is the same.
• Restoring a backup overwrites your current, live case data.
To prevent data loss, verify that your backup of the live case is current before performing a backup restore.
• Restoring an archive creates a new copy of the case.
Before restoring an archive, verify that the case will not cause the system to exceed your licence quota.
To restore a backed up or archived case
1.
From the All Processing module, click the Backups or Archives tab.
2.
Find the backup or archive that you want to restore.
– To view case backups or system backups, select All Case Backups or All System Backups from the Show menu.
Note: System backups are view-only. To restore a system backup, contact Technical
Support.
– To view all case archives or all system archives, select All Case Archives or All System
Archives.
3.
Note: If you are restoring either an archive or a backup that contains more data than the current live version of the case, you will need a sufficient archive restoration license quota.
To limit the backups for a specific date range, click and click Filter.
to specify the from and/or to dates,
4.
Select the backup or archive to restore, and click Restore.
5.
Verify the case name, select an appliance, and click Start Restore.
Note: If the backups are stored in a shared network location, you can restore a backup to any appliance. If backups are stored on the appliance, each backup can be restored only on the local appliance unless you manually copy the backup directory.
To restore an appliance or cluster
An appliance- or cluster-level restoration restores all cases in the appliance backup package.
Specific cases can not be restored from an appliance backup package.
Contact Clearwell Customer Support for assistance regarding a full appliance or cluster restoration.
Note: Clearwell relies on the integrity of a case backup when restoring a case, which may optionally contain empty folders. When copying a case backup from one location to another,
Clearwell strongly recommends the use of an application which creates a true replica of the source folder, such as Robocopy, which ships with Windows® Server 2008. The use of /E: and /
DCOPY:T are highly recommended options for backup copying.
Backup and Restore : About Restore PAGE: 107
Migrating Cases
Case migration is the process of restoring a case backup on a different appliance. You can migrate cases between appliances or clusters.
You might want to migrate a case in the following scenarios.
• To share case data with a geographically-dispersed team
• To maximize the disk space on your appliances.
Large cases require more disk space. Distributing large cases between different appliances can improve performance.
Case Migration Considerations
You can move a case between Clearwell appliances or between Clearwell clusters.
When a case is moved to a new cluster, the system data associated with the appliance moves with it. This means that users with access to one cluster will have access to the new cluster when the case is moved.
Clearwell resolves user accounts if the information matches. If the user account information does not match, new user accounts are created on the system.
To ensure users accounts are properly defined, verify the user accounts and user roles continue to be set correctly after the case migration completes.
To migrate a case
Before you begin: In clustered environments, verify the configuration property, sharedBackupDir , is set to true.
1.
Backup the case that you want to migrate.
2.
Restore the case.
– To migrate the case to a new appliance within the same cluster using a shared network location, click the Restore button and select the new appliance when prompted.
Backup and Restore : About Backing up Case Source Data PAGE: 108
– To migrate the case to a new cluster or to an appliance using an unshared backup location:
A
.
Navigate to the case backup destination.
The backup directory uses this structure.
...caseBackups/<case_ID>_<case_Name>/<backup_Name>
For example, ...caseBackups/0.6.1.28_SECvsTamas/MondayWeekly
For instructions on locating the case backup destination, see
Backup Destination” on page 95 .
B
.
Copy the backup directory.
In the example above, the entire MondayWeekly directory is copied.
C
.
Paste the backup directory on the new appliance under the ...caseBackups directory.
From the Clearwell web interface, the backup displays in the list of archived cases.
D
.
From the All Processing module, click the Archives tab.
E
.
Select the archived case and click Restore.
The case is restored on the new appliance and displays on the Cases screen.
3.
If you migrated the case to a new cluster, verify the user accounts and user roles continue to be set correctly after the case migration completes.
About Backing up Case Source Data
Backing up case source data
Case source data is never backed up by Clearwell. Your backup routine needs to include a plan for handling case data.
Backing up converted data
OST and MBOX files are converted to PSTs for processing. These converted source files are not backed up by Clearwell and need to be added to your source file backup routine.
To see where converted files are stored, click System > Settings > Locations. The directory containing the converted files displays.
Backup and Restore : About Backing up Case Source Data PAGE: 109
Backup and Restore : About Backing up Case Source Data PAGE: 110
Troubleshooting : Reporting Problems PAGE: 109
This section describes how to report problems to the local administrator and Clearwell
Technical Support. Refer to the following topics:
•
“Reporting Problems” on page 109
•
Reporting Problems
To report problems to the administrator, users can:
• Click Support at the bottom of any screen
• Click Report Problem on a displayed error message
When the user enters a problem description and clicks Send, an email is sent to the address defined on the Resources screen (see
“Defining System Settings” on page 24
). The email includes a link to a zip file that contains a copy of the server and crawler logs made at the time the problem report is sent.
To send an email to your organization’s Technical Support, click Feedback at the bottom of any screen. (This is configured in System > Settings.) To contact Clearwell Technical Support, click the Support link at the bottom of any screen. This opens Clearwell’s website where you can access Clearwell’s Support Portal.
Managing Logs
System administrators can view all appliance and case logs, send logs to Clearwell Technical
Support, delete outdated logs, and change or add log settings (when instructed by Technical
Support). Case administrators can send or view only the logs for their cases.
To manage the logs:
1.
To manage all the logs, from the System view, click Logs.
2.
To send or view the logs for one case, select a case from the All Cases view, and click Logs.
3.
To send the logs to Clearwell Technical Support, specify the following information, and click
Submit. An asterisk (*) indicates a required field.
Note: You can also upload logs by choosing System > Support Features and then choosing Upload to Support from the drop-down list.
Troubleshooting : Managing Logs PAGE: 110
Upload Parameters
Field Description
Choose an Appliance Select an appliance. If you select the master appliance, you can upload logs for all the appliances in the cluster.
Name*
Current Appliance
Only
Enter a name for the uploaded logs (up to 255 characters).
Note: When associated with a Support case, the name should be the case number.
If you select the master appliance, the logs are uploaded for the entire cluster by default. Select the check box to upload only the logs for the selected appliance (required if the selected appliance is not the master).
Date Range
Since Date
To limit the uploaded logs, select one of the following:
• Today. Uploads only the logs modified today.
• Since Specified Date.Uploads only the logs modified on or after the date specified in the Since Date field.
Specify the date of the oldest log you want to be uploaded:
• Click and select a month and day .
or
• Enter the date directly as: MM/DD/YYYY.
How to Send
Include Extra System
Information
Select one of the following options:
• HTTPS directly to Clearwell. Posts a ZIP file directly to the Clearwell support site.
• FTP directly to Clearwell. Sends a ZIP file directly to the Clearwell support site.
• Generate ZIP file to send manually.Stores a ZIP file on the appliance. To view the file location, click Jobs at the top of the screen, and click in the status column when the task is complete.
Include additional case-related system information. Clearwell recommends that you deselect this check box if your system is heavily loaded or responding slowly.
4.
To view or purge the logs, click the View Logs tab. To change the log settings, click the
Settings tab. These options should be used only with guidance from Clearwell Technical
Support.
Troubleshooting : Managing Logs PAGE: 111
Troubleshooting: Managing Logs PAGE: 112
Appendix: Web Services Access Options : Web Interface Access Ports PAGE: 111
This appendix describes how to configure your system to optimize access to the Clearwell Web user interface.
Refer to the following topics in this section:
•
“Web Interface Access Ports” on page 111
–
–
“Redirecting all HTTP Requests to HTTPS” on page 111
–
“Cluster Considerations” on page 112
•
–
“Certificate Options Summary” on page 113
–
“Default Certificate” on page 113
–
“Clearwell Utility-Generated Certificate” on page 114
–
“Provider-Generated Certificate” on page 115
•
“SSL Consideration Details” on page 119
Web Interface Access Ports
Default Ports
By default, both HTTP and HTTPS are enabled for accessing the Clearwell web interface. HTTP is enabled on port 80 and HTTPS is enabled on port 443. Each of these ports may be changed from their default ports. Please contact Clearwell Support for additional detail.
Redirecting all HTTP Requests to HTTPS
Clearwell provides a feature to re-direct all HTTP requests to the HTTPS port. It is strongly suggested to enable this feature for Internet accessible deployments or deployments that require stringent security.
To redirect HTTP requests to HTTPS
1.
Under System > Settings select the Security tab.
2.
Select the option Requires secure connections (HTTPS).
Note: This option may only be enabled while connected via HTTPS. View the info bubble for additional detail.
Appendix: Web Services Access Options : Web Interface Access Ports PAGE: 112
Cluster Considerations
All appliances in a cluster should be configured with the same setting.
Appendix: Web Services Access Options : Certificates PAGE: 113
Certificates
Refer to the Certificate Options Summary for a reference of the certificate options, and error
messages. Refer also to the following topics:
•
“Default Certificate” on page 113
•
“Clearwell Utility-Generated Certificate” on page 114
•
“Provider-Generated Certificate” on page 115
Certificate Options Summary
Certificate Options
Certificate Option
Clearwell Default
Certificate
Clearwell Utility
Generated Certificate
Provider generated certificate
Error Message?
(Yes/No)
Yes, even if user installs certificate
Yes, Yes, until certificate is installed
No
"Certificate Error" displayed in Internet
Explorer's address bar? (Yes/No)
Yes, even if user installs certificate
Yes, Yes, until certificate is installed
No
Default Certificate
Symantec ships the Clearwell appliance with a default Clearwell-signed (self-signed) certificate that does not have a valid trust chain.
As a result, users attempting access the Clearwell interface over HTTPS will receive an Internet
Explorer There is a problem with this website's security certificate warning every time they access the login screen. Users can still proceed to access the interface by clicking Continue to
this website.
Appendix: Web Services Access Options: Certificates PAGE: 114
Going through the steps to install this certificate will not suppress the message: There is a
problem with this website's security certificate or Certificate Error warnings.
Clearwell Utility-Generated Certificate
Symantec provides a feature through the appliance's Windows Desktop Clearwell Utility to generate and install a self-signed certificate with the DNS name of the appliance. Note that the certificate generated through this feature will not be known by Internet Explorer trust chains.
As a result, users will receive the messages: There is a problem with this website's security
certificate and Certificate Error warnings when they access the login screen. However, unlike the default certificate, if the user installs this certificate they will no longer receive these warnings.
Generating the self-signed certificate:
1.
From the Clearwell Utility (found on the appliance's Windows Desktop), Select Option 9 to
Generate self-signed certificate.
2.
When prompted, enter the exact DNS name that end-users will ultimately use to access the appliance.
3.
Once complete, restart the Clearwell services using the Clearwell Utility.
Cluster Considerations
Since the Clearwell web interface for all appliances in a cluster is exposed to end users, a certificate is needed for each appliance in the cluster
Appendix: Web Services Access Options : Certificates PAGE: 115
Provider-Generated Certificate
Overview
Deployments that require stringent security and/or those that wish to avoid browser warnings should obtain and install a certificate from a provider.
For new certificates or to change certificate providers, follow the instructions below to generate a new CSR, then generate a new keystore containing that certificate, and direct Clearwell to leverage this certificate.
Generate a CSR File
This section describes the process of generating a CSR file for the Clearwell platform.
For further details, refer to Oracle's Java security documentation: http://docs.oracle.com/javase/
6/docs/technotes/guides/security/ and in particular, the chapter on PKCS: http:// docs.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html
Note: The web server that Clearwell ships with is Tomcat. This is important to know, since most certificates are generated based on the type of web server being secured. If Tomcat is not an option with your provider, use Apache instead. If you generate a certificate based on a different web server type (like Microsoft IIS), the certificate will not work with Clearwell.
To generate a CSR file
Before you begin: In order to take the actions below you will need to establish a remote connection, e.g. Remote Desktop, to the Clearwell server and not in your Internet browser.
1.
Open a Command Prompt either from Start > Command Prompt or Start > Run and type cmd.
2.
Go to the JRockit directory.
cd c:\ jrockit -jdkversion-x64\bin
Note: Press tab until the proper 64-bit version, e.g. jrockit-jdk1.6.0_29-R28.2.0-
4.1.0-x64
, is printed and hit Enter.
3.
Create a certificate signing request “CSR” by creating a new keystore that matches the name/IP address of your appliance.
keytool -genkey -alias clearwellkey -keyalg RSA -keystore \ new-server.keystore
Note: If the certificate provider requires 2048-bit encryption, add the switch -keysize
2048 to the end of the aforementioned command.
Enter keystore password: 123456
What is your first and last name?
[Unknown]: your_appliance_name
What is the name of your organizational unit?
[Unknown]: your_org_unit
What is the name of your organization?
[Unknown]: your_org
What is the name of your City or Locality?
[Unknown]: your_city
Appendix: Web Services Access Options: Certificates PAGE: 116
What is the name of your State or Province?
[Unknown]: your_state
What is the two-letter country code for this unit?
[Unknown]: your_country_code
Is CN=your_appliance_name, OU=your_org_unit, O=your_org,
L=your_city, ST=your_state, C=your_country_code correct?
[no]: yes
Note: In order for Clearwell to recognize the new keystore, the password MUST be 123456 and the response for first and last name (CN) must be the exact DNS name or IP address that end-users will ultimately use to access the appliance. You must use the fully qualified
DNS name instead of the IP address in case the IP address changes in the future. All other responses do not matter; in general, items starting with 'your' should be replaced with appropriate values.
4.
Create the CSR.
keytool -certreq -keyalg RSA -alias clearwellkey -file my.csr \
-keystore new-server.keystore
Note: If the certificate provider requires 2048-bit encryption, add the switch -keysize
2048 to the end of the aforementioned command.
5.
Acquire the certificate by transmitting the CSR to your certificate provider.
You must acquire or convert your certificate in a form that can be imported in to Java via keytool.exe.
Java's SSL keytool can import X.509 v1, v2, and v3 certificates, and PKCS#7 formatted certificate chains consisting of certificates of that type. The data to be imported must be provided either in binary encoding format, or in printable encoding format (also known as
Base64 encoding) as defined by the Internet RFC 1421 standard. In the latter case, the encoding must be bounded at the beginning by a string that starts with "-----BEGIN", and bounded at the end by a string that starts with "-----END".
Appendix: Web Services Access Options : Certificates PAGE: 117
Install the Certificate
These steps will depend on your certificate provider. You should receive and follow the instructions from your certificate provider for installing the certificate into Sun's Java and/or
Tomcat. Examples for several certificate providers are provided below. For certificate providers not listed in this document, contact Clearwell Support for further instructions.
Note: Use caution if using copy/paste with the examples below as some PDF clients do not copy/paste the "-" character properly into a Command Prompt.
To install the certificate
Before you begin: Establish a remote connection, e.g. Remote Desktop, to the Clearwell server and not in your Internet browser.
Note: If this is a certificate renewal that has not expired, the file(s) provided by the certificate provider can be installed using steps 1, 2, and 3 except that the install can be done directly to into
CW\V<version>\config\templates\tomcat\server.keystore
.
1.
Open a Command Prompt either from Start > Command Prompt or Start > Run and type cmd.
2. Create a backup copy of the previously-used keystore.
A. Make a new directory to contain the keystore.
d: cd CW\V<version>\config\templates\tomcat
(Press tab until the proper CW version, e.g. V711, is printed.) mkdir oldcerts && mv server.keystore oldcerts
B. Go to the JRockit directory.
cd c:\ jrockit- -jdk <version>-x64\bin
(Press tab until the proper 64-bit version, e.g. jrockit-jdk1.6.0_29-R28.2.0-4.1.0-x64, is printed and press Enter.)
C. Copy the certificate provider’s certificates into intermediary files.
Generally, there will be at least two intermediary files generated.
3. Import certificates as shown in the appropriate examples.
Comodo Example
The following is an example of how to import certificates from Comodo: keytool -import -trustcacerts -alias root -file
AddTrustExternalCARoot.crt -keystore new-server.keystore
keytool -import -trustcacerts -alias INTER -file
ComodoUTNServerCA.crt -keystore new-server.keystore
keytool -import -trustcacerts -alias clearwellkey -file
EssentialSSLCA.crt -keystore new-server.keystore
Appendix: Web Services Access Options: Certificates PAGE: 118
GoDaddy Example
The following is an example of how to import certificates from GoDaddy: keytool -import -trustcacerts -alias root -file valicert_class2_root.crt -keystore new-server.keystore
keytool -import -trustcacerts -alias cross -file gd_cross_intermediate.crt -keystore new-server.keystore
keytool -import -trustcacerts -alias intermed -file gd_intermediate.crt -keystore new-server.keystore
keytool -import -trustcacerts -alias clearwellkey -file
<SSL-cert-name>.crt -keystore new-server.keystore
Note: The root certificate for GoDaddy.com is typically a separate download and can be found at
https://certs.godaddy.com/anonymous/repository.seam
Instant SSL Example
The following is an example of how to import certificates from Instant SSL: keytool -import -trustcacerts -alias root -file
AddTrustExternalCARoot.crt -keystore new-server.keystore
keytool -import -trustcacerts -alias INTER -file
ComodoUTNServerCA.crt -keystore new-server.keystore
keytool -import -trustcacerts -alias clearwellkey -file
EssentialSSLCA.crt -keystore new-server.keystore
Network Solutions Example
The following is an example of how to import certificates from Network Solutions:
Note: Refer to
“SSL Consideration Details” on page 119 .
keytool -import -trustcacerts -alias root -file
AddTrustExternalCARoot.crt -keystore new-server.keystore
keytool -import -trustcacerts -alias INTER -file
NetworkSolutions_CA.crt -keystore new-server.keystore
keytool -import -trustcacerts -alias clearwellkey -file <SSL-certname> -keystore new-server.keystore
Thawte Example
The following is an example of how to import certificates from Thawte: keytool -import -trustcacerts -alias clearwellkey -file <SSL-certfile-name> -keystore new-server.keystore
Appendix: Web Services Access Options : SSL Consideration Details PAGE: 119
Symantec (VeriSign) Example
The following is an example of how to import certificates from Symantec (VeriSign): keytool -import -trustcacerts -alias primaryIntermediate -file primary_inter.cer -keystore new-server.keystore
keytool -import -trustcacerts -alias secondaryIntermediate -file secondary_inter.cer -keystore new-server.keystore
keytool -import -trustcacerts -alias clearwellkey -file <SSL-certname>.cer -keystore new-server.keystore
4.
Verify the imported certificate information in the keystore.
Note: For further review of the certificate entries dump the output to a text file by adding
> cert.txt
at the end of the command.
keytool -v -list -keystore new-server.keystore
5.
Create a backup copy of the newly-created keystore.
Note: See
for detailed instructions.
6.
Copy the newly created keystore to the SSL cert directory.
cp new-server.keystore / d:\CW\V<version>\config\templates\tomcat\server.keystore
7.
From the Clearwell utility, run option 7, Build Incremental Configuration Changes, to redeploy the Clearwell application.
Note: This step must be done in order to deploy keystore. Performing this action stops
Clearwell services for a short duration (5-7 minutes), thus should be done at an appropriate time (when no users are logged in and no jobs are currently running).
8.
Attempt to access the newly-secured site by browsing to the fully-qualified domain name
(FQDN) of the server, as used during the generation of the certificate signing request.
9.
Verify server name, expiry date, and provider information is correct.
Cluster Considerations
Since the Clearwell web interface for all appliances in a cluster is exposed to end-users, a certificate is needed for each appliance in the cluster.
SSL Consideration Details
By default, the SSL configuration in the Clearwell eDiscovery Platform is set to accept 128-bit or greater ciphers and requires the use of SSLv3 or TLSv1 protocols. SSLv2 is disabled. The set of supported ciphers and protocols can be modified if needed. See also
. Contact Clearwell Technical Support for further details.
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
