2.3 Storage Tab

Use this tab to specify where the Retain archive files are stored and to manage encryption of archive BLOB files.

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab

The Storage tab contains the following panels:

2.3.1 Storage Panel

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab > Storage Panel

Table 2-8 Using the Storage Panel

Option, Field, or Sub-panel

Information and/or Action

Storage Engine

Only informational. Configurable in the Storage Manager

Base Storage Path

Sets the default path for where the Retain archive, XML files, search index files, PDF exports, backups, and license files are stored.

Customized paths for these can be set by clicking the Advanced Settings link and deselecting the Derive all file locations ... option.

Advanced Settings

Use this link to access customizable storage paths for the Retain archive, XML files, search index files, PDF exports, backups, and license files.

Deselect the Derive all file locations ... option to display the list of paths.

You can specify customized paths for the following:

  • Attachments

  • XML Mappings

  • Indexes

  • PDF Exports

  • Backups

  • License Files

Compression

A reminder that compression is always used.

2.3.2 Storage Encryption Panel

NOTE:Encryption is not currently supported on MS SQL databases.

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab > Storage Encryption Panel

Table 2-9 Using the Storage Encryption Panel

Option, Field, or Sub-panel

Information and/or Action

IMPORTANT:The following options, fields, etc. display only after you change the Storage Encryption option to aes.

Storage Encryption option

  • none: This is the default state. Jobs run normally and Retain archive files are not encrypted.

    If you switch back to this option after encrypting archive files, new archive archive files won’t be encrypted, but files that are already encrypted remain encrypted.

  • aes: When you select this, Job processing is suspended until a new key is generated using the Generate Key button.

    After a key is generated, Job processing resumes, and Retain encrypts new files as they come in. Existing files are encrypted in the background when the server is idle.

    Although encrypting a large amount of archived data can take some time, there are no impacts on user tasks or the overall user experience.

Key Status field

  • Initial: This indicates that the system is waiting for key generation. Jobs are suspended until that is done.

  • Active: This indicates that the key with the Alias name displayed below is currently being used to encrypt the Retain archive files.

  • Revoked This indicates that the encryption key that was previously active is no longer in use for encrypting archive files. Encryption is currently suspended until a new key is generated and stored in the keystore.

Key Alias

This is the system name that Retain assigned to the currently active encryption key. Keys are listed in the keystore using this system name (alias).

Key Type

The encryption type and level of the currently active encryption key.

Retain generates new keys to the 256-bit Advanced Encryption Standard (AES 256).

Generate Key button

Clicking this causes Retain to generate a new AES 256 key and to begin encrypting the Retain archive files with that key.

When generating the system’s first key, you must set and confirm a keystore password that

  • Contains at least 6 upper- or lower-case alphanumeric characters.

  • Does not contain special characters.

IMPORTANT:Make sure you don’t lose the keystore password.

For generating subsequent keys, you need only enter the password once.

Revoke Key button

Clicking this and confirming the action, causes the encryption key to be revoked. Encryption of incoming archive items is suspended and the Key Status changes to Revoked.

The revoked key is saved in the keystore so that Retain can decrypt any archive files that were encrypted with it.

Revoked keys are only removed after all items that were previously encrypted by the revoked keys are re-encrypted by a new key through Retain’s Storage Re-encryption functionality.

Keystore Sub-panel

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab > Storage Encryption Panel > Keystore Sub-panel

Table 2-10 Using the Keystore Sub-panel

Option, Field, or Sub-panel

Information and/or Action

Display Keys button

Clicking this displays the names (key aliases) and modification dates of all keys in the keystore.

To view the contents of an exported .jks file that is offline, use one of the following options.

At a terminal prompt,

  1. Install Java 1.8.

  2. Use the command line tool keytool.exe to view the file.

    For example,

    keytool -list -v -keystore key-store-file.jks

In a desktop GUI environment,

  1. Install and use a GUI tool, such as Portecle.

Export Keys button

Clicking this and entering the keystore password causes the keystore to be exported as a .jks file named retainKeyStore.jks and downloaded to the browser’s default download location on the machine that is running the management browser.

We recommend renaming this file to reflect its origin. For example, Retain-svr01-KeyStore.jks for a retain server named Retain-svr01.

Import Keys button

Before clicking this button, you must first browse to and choose a .jks file.

After clicking this button, you must enter the keystore password for this Retain server and then the keystore password for the keystore on the server where the.jks file originated.

Choose File button

Click this button to browse to and select a .jks keystore file for importing.

Change Password button

Click this button to change the keystore password for this Retain server.

Storage Re-encryption Sub-panel

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab > Storage Encryption Panel > Storage Re-encryption Sub-panel

Table 2-11 Using the Storage Re-encryption Sub-panel

Option, Field, or Sub-panel

Information and/or Action

Configuration Section: Use the following to manage and control the re-encryption process.

Enable Re-encryption Process option

Re-encryption only runs when this is enabled.

Schedule drop-down list

You can schedule re-encryption processes to run daily, weekly, or monthly.

Run at option

Specify when you want re-encryption processes to run in 24-hour time.

Mail report to Retain administrator option

If you have configured the system with SMTP services and the Retain administrator has an associated email account, enabling this causes Retain to email the administrator with status updates.

Limit processing time option

If you want to limit the length of time spent on re-encryption in each run cycle, enable this option.

Hours field

Specify the number of hours the system can spend on re-encryption in each run cycle.

Processing threads option

Specify the number of threads the system can devote to re-encryption processes.

Start Re-encryption Now button

Click this to circumvent the schedule and start re-encryption immediately.

Stop button

Click this to halt the current re-encryption process.

Process Status Section: Informational fields for tracking re-encryption process status.

Current cycle

  • Not running

  • Running

Status of previous cycle

  • Unknown

  • End_of_Processing

  • Manual_stop

Items to process

The total number of archived items that require re-encryption.

Processed in current cycle

The total number of items encrypted during the current cycle.

Processing rate (items/second)

The average number of items processed per second.

Duration (hhh:mm:sec)

How long the current cycle has been running.

Update Stats button

Click this to immediately update the statistics displayed above it.