HP TRIM and Microsoft SharePoint Optimizing Information Flow and

HP TRIM and Microsoft SharePoint Optimizing Information Flow and
HP TRIM and Microsoft SharePoint Optimizing
Information Flow and Compliance
Technical white paper
Table of contents
Executive summary............................................................................................................................... 2
Integrating HP TRIM software ................................................................................................................ 3
Records Management challenges .......................................................................................................... 4
Use of the Microsoft SharePoint Web Portal ............................................................................................ 4
Proof of concept .................................................................................................................................. 4
Transparency and Ease of Integration .................................................................................................... 5
Security .............................................................................................................................................. 8
Conclusion ........................................................................................................................................ 10
Executive summary
Government enterprises and especially defense agencies need to facilitate information sharing among
many other agencies and external service providers in order to execute their responsibilities of
service delivery.
To achieve this agencies must provide central access to its records and the records of its constituent
organization to both internal and external users. At the same time, they must protect the security of
those records, both to protect the integrity of its business as well as to comply with Department of
Defense records management standards.
To identify a way to accomplish these two critical, although at times possibly conflicting objectives,
one Defense Agency evaluated an integrated HP TRIM and Microsoft® SharePoint records
management solution. Following this evaluation, it was determined that this solution met all of that
Agency’s requirements for its records management environment:
• Quick and easy installation of the HP TRIM server and integration application.
• Depth of the integration HP TRIM and Microsoft SharePoint. Records management functions
managed by a common user interface.
• HP TRIM provides the rigorous record management compliance required by the Defense Agency, in
conjunction with Microsoft SharePoint.
This white paper describes the agency’s records management challenges and details how the
functionality of the integrated HP TRIM enterprise records management software and Microsoft
SharePoint can enable the command to meet those requirements. The white paper also describes a
proof of concept that the Agency performed to validate the transparency, ease of integration, and
security management features of the solution.
2
Integrating HP TRIM software
An integrated HP TRIM and Microsoft SharePoint foundation meets the first two of key requirements
as follows:
• HP TRIM complements Microsoft SharePoint in providing “content from anywhere:” the ability to
reach digital content from anywhere using any digital device.
• HP TRIM meets Defense Agency specifications for security and records control and is certified for all
chapters of U.S. Department of Defense (DoD) 5015.2 Version 3 (visit:
http://jitc.fhu.disa.mil/recmgt/register.html)
– Mandatory Requirements—Chapter 2 and Chapter 5
– Management of Classified Records—Chapter 3
– Managing Records for the Privacy Act and the Freedom of Information Act—Chapter 4
– Non Mandatory Features—Chapter 6.
An integrated HP TRIM and Microsoft SharePoint solution offers significant benefits of importance to
the agency. HP TRIM software is a leading enterprise records management solution and has been in
use for 25 years. During this time, the solution has been enhanced to support fast installation,
configuration, and deployment, which in turn means a fast return on investment.
HP TRIM provides seamless integration and makes it an effective solution for managing all content in
Microsoft SharePoint. It also supports records management for email, flat files, documents from office
productivity tools, and content from database applications such as Oracle, SQL, and SAP.
The Agency’s mission also requires that its records management environment meet a number of
specific requirements. These include:
• Converged Collaboration (Content from Anywhere): The Agency needs to minimize the
number of places where content is stored and at the same time reduce the cost to manage,
maintain, share, and search information. The solution must support the ability to centrally manage
information from anywhere. An example of this would be a user in the field.
• Compliance: The government organizations making up for example a Defense Agency are all
under obligation to maintain records management compliance by DoD 5015.2. The solution must
meet revision three of the specification as well as all prior revisions and meet the rigorous security
requirements for classified records, freedom of information (FOI), and privacy records.
• Transparency and Ease of Integration: The Agency needs a seamless solution that saves
both time and cost in implementation and maintenance. The command therefore requires its records
management solution to support seamless, out of the box integration with its SharePoint application.
In addition, the Agency required that the solution maintain appropriate integrity of both data
and metadata.
• Security: Many of the organizations that require access to the Government SharePoint portals
maintain proprietary information that may not be shared with other organizations. For security
purposes, it is vital that parties accessing agency records are restricted to authorized content only.
3
Records Management challenges
Managing these records has emerged as a primary challenge for the Agency for a number of
reasons. First, the information is generated by countless disparate sources, which makes them difficult
to centralize and standardize. The Agency has had difficulty establishing a retention policy for this
reason as well. This has, in turn, made it difficult to reduce the amount of information retained.
In addition, directorates, component commands, and groups that represent the Agency do not use or
process the data in a uniform manner.
The data is stored in various places, which creates redundancy challenges. When data is analyzed,
subsets are copied to common repositories; this exacerbates the redundancy problems further.
The multiple copies of information are frequently out of regulatory compliance guidelines for records
management, which leaves the Agency vulnerable in an audit.
The lack of standardized processes and best practices has made the Agency’s records management
unnecessarily expensive and time-consuming. It has also made it difficult for the Agency to ensure it
meets the requirements of regulations such as the FOI and Privacy Acts.
Use of the Microsoft SharePoint Web Portal
Microsoft SharePoint provides a simple, familiar, and consistent user experience for sharing business
information. From a management point of view, the software also provides a single, integrated
platform to manage intranet, extranet, and Internet applications across the enterprise to effectively
manage and reuse content. For this reason, many government organizations have implemented
Microsoft SharePoint.
Within the Agency, Microsoft SharePoint allows the command to both centralize its information and
provide access on behalf its constituent organizations. The Agency also needs to meet the data
integrity and security requirements of DoD 5015.2 standard, which have been strengthened since the
standard ware originally published in 1998. Of particular concern to the Agency are provisions
within the current revision of the DoD 5015.2 that require the Agency to:
• Restrict records access to users with appropriate privileges, and
• Maintain an audit log to monitor user activity within the records management environment.
Effectively sharing data among its constituent government organizations is critical. The challenge is to
support this critical data exchange while also maintaining effective security and control.
One way to address this challenge is to implement HP TRIM integrated with Microsoft SharePoint.
HP TRIM adds value to this environment by meeting the rigorous records management requirements of
the U.S. Department of Defense’s (DoD) Design Criteria Standard for Electronic Records Management
Software Applications, also known as the DoD 5015.2 v3.
Proof of concept
To validate the transparency, ease of integration, and security features of the integrated HP TRIM and
Microsoft SharePoint, the Agency performed a proof of concept test of the combined solution. During
the proof of concept, the Agency observed the combined solution of Microsoft SharePoint and
HP TRIM in a test environment.
The following sub-sections describe the outcome of the pilot as it relates to the Agency’s final two
requirements for the solution.
4
Transparency and Ease of Integration
To better understand the trait of transparency, Microsoft SharePoint and HP TRIM were installed on
separate servers. Next the HP TRIM SharePoint integration was installed. It is important to note that
the installation in this proof of concept is typical of most use cases. Unlike many integrations, the
connection of the two applications requires very little configuration. The integration only requires
agreement to the license terms.
The following screenshot shows how the Windows Microsoft SharePoint Services Solution Framework
File (WSP) is deployed from a browser window.
Figure 1: Deploying Microsoft SharePoint
As this screen shows, very little configuration is required for HP TRIM to work with Microsoft
SharePoint.
5
The following screenshot shows how simple it is to perform the HP TRIM integration with Microsoft
SharePoint. From this configuration page in Microsoft SharePoint, the user simply associates the
HP TRIM instance with the Microsoft SharePoint application.
The integration is configured from a single screen and does not require expert level understanding of
either application.
Figure 2: Integration of HP TRIM with Microsoft SharePoint
6
Note that another attribute of the transparency of HP TRIM with Microsoft SharePoint is that direct
records management functions are added to Microsoft SharePoint.
Another key benefit of an integrated HP TRIM and Microsoft SharePoint solution is ease of use.
Figure 3: Accessing HP TRIM from SharePoint
The above screen shot shows how critical functions such as finalizing an object, archiving an object,
or relocating an object are performed using a simple right click of the mouse. This functionality
enables records managers to easily move, protect, or begin the process of disposal of the content in
Microsoft SharePoint.
Although the administrators can set HP TRIM to manage all content generated by this Microsoft
SharePoint site, the solution also provides extensive flexibility to manage a portal, a site, or to content
down to the granularity of a list. These functions can be automated or performed manually. The
solution also leverages the intuitive nature of the Microsoft SharePoint administration interface.
7
Security
To validate that an integrated HP TRIM and Microsoft SharePoint solution would satisfy the Agency’s
requirements for data security and protection, the proof of concept included two possible
security scenarios.
Depending on content, the Agency has an obligation under DoD 5015.2 to prove certain information
is protected. The command must depend on Microsoft SharePoint and HP TRIM to both use the
appropriate user permissions to allow for proper authentication.
The first scenario was designed to manage internal the Agency users via Active Directory logons.
From Active Directory, users and groups requiring authentication by HP TRIM and Microsoft
SharePoint were created. Next, security groups were defined within the Active Directory console, and
users were added to the appropriate groups as depicted in the screenshot below.
Figure 4: Setting up security
Note that using the operating system authentication is not only typical for administrators, it is also a
proven method for securing an entire range of content.
In the second scenario, HP TRIM acted as the gatekeeper, providing enhanced security for users
accessing the Microsoft SharePoint portal via a browser. Note that HP TRIM can be configured to
provide unlimited access to records; it can restrict access to individuals who have certain permissions
for a container record; or can restrict access by location. Users or groups are assigned to the
appropriate access levels via a list.
Using this HP TRIM feature, administrators can grant access to records, while concurrently restricting
access to non-authorized users; these users are restricted from even viewing certain document records.
8
The screenshot below shows how these access levels are set. The Microsoft SharePoint documents can
be viewed only by an authorized user.
Figure 5: Restricting access
During the proof of concept, both of these security management functions were proven to be effective
in maintaining security internally to the Agency without inhibiting the sharing of content with external
partners. All attempts by external users to access data were refused when proper credentials were not
provided through HP TRIM. More importantly, during the proof of concept the external users could
only access those public libraries in Microsoft SharePoint where permissions had been granted.
Meeting these security requirements validated that the HP TRIM and Microsoft SharePoint when
integrated together meets DoD 5015.2 v3 certification standards. In addition, the proof of concept
demonstrated that the solution supports the replication of content to a neutral repository and thus
meets the requirements of centralization as well as regulatory compliance.
9
Conclusion
It is ambitious for the Agency to not only provide converged content, but to brave the new world of
Government to Government (G2G) by sharing data and conducting electronic exchanges between
governmental organizations.
While implementing a Microsoft SharePoint portal enables the Agency to leverage an established
application that is used effectively by other government organizations, the Agency also required
additional functionality to ensure data security and integrity and meet DoD 5015.2 v3 certification for
baseline, classified records and FOI and privacy records.
The Agency’s proof of concept validated the effectiveness of a records management system that uses
Microsoft SharePoint as a Web portal while leveraging HP TRIM as the enterprise records
management engine in the background. The proof of concept showed that the integrated solution
allows administrators to retain the familiar Microsoft SharePoint interface while synchronizing access
permissions for users between the two applications. The successful proof of concept also demonstrated
that the integrated solution meets the Agency’s security and data integrity requirements.
For more information on HP TRIM documentation, evaluation software, and QuickSpecs, please
visit HP TRIM website: www.hp.com/go/hptrim
For details on best practices, insight from industry experts, and blogs, visit HP Information
Management Digital Hub: www.hp.com/go/imhub/trim
© Copyright 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
change without notice. The only warranties for HP products and services are set forth in the express warranty
statements accompanying such products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft is a U.S. registered trademark of Microsoft Corporation. Oracle is a registered trademark of Oracle
and/or its affiliates.
4AA3-2298ENW, Created March 2011
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement