im l07 configuring enterprise vault data classification ...vox. l07.pdf · configuring enterprise...

Download IM L07 Configuring Enterprise Vault Data Classification ...vox. L07.pdf · Configuring Enterprise Vault

Post on 19-Aug-2018

220 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • IM L07 Configuring Enterprise Vault Data Classification Services

    Description This lab will enable you to configure Data Classification Services (DCS) to work with Enterprise Vault. See how DCS can help meet retention and governance requirements, how email can be instantly classified and how classified emails are easier to find in Discovery Accelerator (DA), Browser Search and Clearwell eDiscovery Platform.

    At the end of this lab, you should be able to

    Configure a Data Classification Policy and test the policy using test mode

    Understand how to use Data Classification Services to tag emails pertaining to Mergers and Acquisition activity and search for the tags in Discovery Accelerator

    Understand how to use Data Classification services to define emails containing contract related information as they are written to the archive to assist in retention management

    Notes You should follow the lab exercises in order because each exercise is reliant on the previous ones being completed.

    Always fully start the Domain Controller (VM_SERV1_x64) before starting the other virtual machines.

    Do not use the Power Off option in VMware during the labs because this will revert the virtual machines to the starting snapshot, and you will lose all your work.

    A brief presentation will introduce this lab session and discuss key concepts.

    Be sure to ask your instructor any questions you may have.

    Thank you for coming to our lab session.

    Lab Exercise 1:

  • 2 of 13

    Topic 1: Introduction to and testing the Data Classification Server

    In this lab exercise you are going to get an introduction to the Data Classification Server Enforce Console and test the operation of the Data Classification Server using test mode.

    15 Minutes

    Lab Exercise 2:

    Topic 2: Testing the operation of the Data Classification Server against a Classification for eDiscovery use case

    In this lab exercise you are going to test the operation of the Data Classification Server against a Classification for eDiscovery use case. In this exercise, you are the data custodian who interfaces with the legal department. You have been tasked to configure Enterprise Vault and Data Classification Services to identify and tag emails containing discussions of sensitive Merger and Acquisition activity. You will then demonstrate to the legal department that a Discovery Accelerator search can be run to find only the tagged content.

    20 Minutes

    Lab Exercise 3:

    Topic 3: Testing the operation of the Data Classification Server against a Classification for Retention Management use case

    In this lab exercise you are going to test the operation of the Data Classification Server against a Classification for Retention Management use case. In this exercise, you are the data custodian who interfaces with the legal department. You have been tasked to configure Enterprise Vault and Data Classification Services to identify emails containing contractual information and specify that Enterprise Vault use the Contracts retention category to archive the corresponding emails. You will demonstrate to the legal department that Enterprise Vault has correctly archived the identified content using the Enterprise Vault Web Browser Search.

    20 Minutes

  • 3 of 13

    Lab Layout:

    The lab exercises use three different VMware virtual machines, which are described below.

    Virtual machine VM_SERV1_x64

    Active Directory domain: evexample.local

    Computer name: EVSERV1

    IP address: 169.254.64.30/24

    Domain controller

    SQL server 2008

    Exchange Server 2010 SP1

    SharePoint 2010 (services are started and stopped by a desktop shortcut)

    Discovery Accelerator client 10.0.1

    Office 2010

    Desktop shortcuts for users: Mike Smith, Diana Palmer and Vivian Vance

    Virtual machine VM_SERV2_x64

    Computer name: EVSERV2

    IP address: 169.254.64.31/24

    Enterprise Vault 10.0.1

    Discovery Accelerator 10.0.1

    Virtual machine Enforce

    Computer name: ENFORCE

    IP address: 169.54.64.40/24

    Oracle 11g

    Symantec DLP 11.1 with Enterprise Vault Data Classification Pack

    Lab Exercise 1: Introduction and testing the operation of the Data Classification Server

    In this lab exercise you are going to get an introduction to the Data Classification Server Enforce Console and test the operation of the Data Classification Server using test mode.

    15 Minutes

    1. Make sure that you are on the virtual machine Enforce and are logged in as Admin with a password of symc4now.

    2. Select Start > Programs > Symantec Data Loss Prevention > Symantec Enforce Server. Click the link Continue to this website (not recommend).

    3. In the Login field type Administrator (this is case sensitive) and in the Password field type protect4 and click Login.

  • 4 of 13

    4. When you first login to the Enforce console, you will land in the Home screen where you have the option of using 4 menu items to access other areas of the console. The options are Home, Incidents, Manage, and System. Well take a quick run through of each area but will be mostly focused on the Manage area. Notice that the location for the Help is located at the far right. The Home screen shows recent items that have been flagged as a positive result against a DCS policy running test mode.

    5. Click on Incidents. 6. In the Incidents area, custom reports can be created or a canned report for all classification entries can

    be viewed. 7. Since there is only one saved report, click on Events all. We havent classified any messages with

    DCS yet so the report is empty. 8. In the Menu, click on Manage. This will take you to the Manage Policies area. In this area youll be

    able to examine, edit, create, and delete policies. 9. In the Menu, mouse over Manage, then select Response Rules. In this section you can create,

    modify, delete, and order the response rules (action of DCS upon a match) of DCS. 10. Next mouse over Manage, and then select Data Identifiers. In this section, youll be able to view,

    modify, and add data identifiers, for example the format of a social security number or bank account. 11. Finally, mouse over Manage and then select User Groups. In this section, youll be able to set up

    groups of users that can be used in Policy rules that allows DCS to compare the To or From fields to classify emails based on groups of users.

    12. Mouse over System in the menu. We wont go through all of the options but some of the things you can do are add users for roles based administration, configure alerts, enable logging, and update the license key.

    13. Now lets take a closer look at a DCS policy. 14. Choose Manage > Policies and this will list all the built-in EV data classification policies. Examine the

    policies that are available then click Solicitations - Private Investment 15. Notice in the Policy Actions section that the policy is currently in Test Mode, do not change this

    currently. In the Rules section click the rule to see the details of the rule. Notice that this rule is examining e-mail message for the proximity of keywords. Make a note of some of the keywords in both lists so that you will be able to create an e-mail message which causes a policy match. Click Cancel, then click OK at the warning dialog box.

    16. Select the Groups tab and note that no group rules exist. Therefore, this policy is not concerned with specific groups of users as either recipients or senders.

    17. Select the Response tab, note that there is one response rule called Classify Enterprise Vault

    Content and click this link to examine the details of the rule. Click OK to discard changes to the main policy.

    18. Note that the messages that match this policy will be archived and assigned the Default Retention

    Category. Change the Rule Name to Classify Exchange Mailbox Extended. Change the Assign

  • 5 of 13

    retention category field to Exchange Mailbox Extended. Note that all the retention categories from Enterprise Vault are listed because they have been imported into DCS from Enterprise Vault using an export utility on the Enterprise Vault server. Click Save to save the response rule.

    19. Click Policies, this will display the default policies again. Click the red icon next to Solicitations -

    Private Investment to enable the policy, then click OK to confirm that you want the policy enabled. The circle should change from red to green.

    20. Leave the Symantec Data Loss Prevention browser window open. 21. Switch to the virtual machine VM_SERV1_x64 and login as Admin with a password of symc4now. 22. Click the desktop icon Logon as Mike Smith.rdp and when prompted type symc4now in the

    Password field and click OK. 23. Start Outlook 2010 using the desktop shortcut. 24. Send an e-mail to Diana Palmer including some of the keywords that you noted down earlier. Hint: If

    you didnt write down words from the lists in the policy rule then use the following in the message body I am looking for your support to establish a start-up. Please contact me at 111-111-1111 to discuss venture funding and to get in on the ground floor of the next great investment opportunity.

    25. Log off the Mike Smith.rdp session 26. Launch Microsoft Outlook on VM_SERV1_X64 and choose the Journal profile. 27. Logon to the Journal mailbox as username: Journal and password: symc4now 28. Monitor the Journal mailbox until the message has been archived by EV. 29. Switch to the virtual machine Enforce and return to the open Symantec Data Loss Prevention

    browser window. Click Incidents &gt