6.1 Server Configuration

The overall operation of Retain is configured in this section.

Each tab will be explained below.

Along the top, you will see configuration options for the Retain server and workers known to this server.

The most important topic is communications. These are the settings you have set when you initially installed Retain. You may make changes here.

After changing any communications options, it is strongly recommended that Tomcat be restarted immediately.

The settings for the Communications tab are set in the initial setup of Retain. These include the connection to the SQL Database server, the REST and Router connection information, and the notification or SMTP information. If any changes in the system or corrections are needed, they should be configured here.

The Database Connectivity tab contains the connection information for both the configuration and storage databases. This information should never change unless the database server is being migrated to a new location.

In this location, the admin user specifies what address receives notifications about the general system, as well as what SMTP Gateway to utilize to send these notifications. This is also used for forwarding messages from Retain to the SMTP Mail Server for transmission to the recipients.

This location dictates the connection address, port, and protocol to which the Retain Server will listen for communications from the Router and from any other REST applications. The communication settings must be correct from the point of view of the applications trying to use it. The hostname or IP address must successfully connect to the Retain Server.

The Index tab allows the management of the indexing engine as well as the ability to decide what kinds of attachments are indexed and what size.

The default storage path for your Retain archives is listed here. You can also manage encryption of the BLOB files in the archive.

The accounts tab allows you to control the creation of accounts.

Account Management

Expire unused accounts after how many days: Enabling this will remove ANY account, including admin, not logged into for the set number of days (0=never expire)

Disable new accounts: will prevent new accounts from being enabled by default.

Prohibited logins: Block specific users from logging into Retain. Enter the username or email address and add or select and press Remove selected address.

Password strength

Open System vs. Closed System

Normally, Retain lets all mail system users log in. This is considered to be an “open” system. When that happens, Retain will check to see if a Retain account already exists and if not, it will create a new account for them and assign them to the group default.

Sometimes, you don’t want certain users to have access to the Retain archives. In this case, you may add these users to the list of Prohibited Logins. You do so by entering their name in the Address field and click “Add”.

To make a “closed” Retain system, simply click on “Disable New Accounts”. If you use this option, it means that you will have to manually create accounts in Retain for authorized users. In other words, the only people who can access your system will be people who you specifically create an account for.

In Retain, user accounts expire after 30 days of inactivity by default. You may choose the number of days or choose 0 for “accounts never expire”.

See “User Rights” for more information.

Password Strength

User-created passwords may be controlled for strength. By default, Retain accepts any password set by users. To require a higher security password, select the higher level desired. Requirements for the low, medium, and high settings are defined as:

Will accept any password

Low: Must be between 5 and 15 characters in length.

Medium: Must be between 5 and 20 characters in length, with at least 1 lower case characters, at least 1 upper case characters and at least 1 numerical characters.

High: Must be between 8 and 20 characters in length, with at least 2 lower case characters, at least 2 upper case characters, at least 2 numerical characters, and at least 2 special characters.. Also, the password will be checked against a dictionary.

KeyShield SingleSignOn

Retain supports the use of KeyShield SSO for users. To use the KeyShield client in coordination with Retain, Retain needs to have an open connection to the KeyShield server, the User ID alias, and the API key. Specify the KeyShield SSO Server URL, Alias, and API key. The Timeout is set in seconds, and may be anything required, 5 is recommended. Test the connection to ensure proper function.

When configured, Retain checks to see if the KeyShield client is running and if the user is currently logged in. If they are logged in, Retain checks the user against the specified KeyShield Server and then either fails authentication and sends users to the login page, or immediately passed them to their interface. The effect is that users who are already logged into the KeyShield client will not be required to login to Retain, but will be immediately taken to their appropriate interface.

Intruder Lockout

Accounts may be locked if multiple failed attempts are detected, according to the specified time window. This is useful to deny password cracking attempts on the server.

To enable Intruder Lockout, select the checkbox next to the ‘Enable Intruder Lockout’ option and save the changes. All changes will be immediate as soon as the save button is selected.

If a user has locked their account and requires immediate access to the system, all lockouts may be cleared. To clear any locked accounts, select the ‘clear lock outs’ button at the bottom of the page. There is no need to save changes; the clear command is immediate.

Maintaining a Retain system involves many tasks:

These items are all controlled here.

This configuration database – the “Embedded” database:

Index Maintenance

You can also configure how often indexes get backed up and how often the indexes are optimized for speed.

Retain also lists a history of backups and maintenance here.

You must backup:

Some mail systems allow for the addition of non-system, or external domains. Sometimes, you might do this to add external domains to the mail system address book. However, the mail system cannot pull up e-mail from these domains and you may want to tell Retain to ignore references to these external domains to avoid wasting time during data collection.

Specify these domains in this window.

Configure the system logging here. Normally, you want verbose logging. Diagnostic is ordinarily done just for troubleshooting purposes.

You also specify how long to keep logs here. By default, logs are deleted after 10 days. Logs may be compressed to save disk space.

Retain now will create an auditing record of all actions, specified by the user, which are taken on a specific piece of mail. Auditing records can be removed automatically after a specified length of time.

The variable is set in days. All of the options associated with this feature are found under the Server Configuration page, Logging tab.

This logging option creates very detailed activity logs for the options selected. It is very important to know that if every option is turned on the logs can become extremely large. However, the audit log cannot be searched for any items or activity which is not configured to be logged. If activity on any of the offered items it must first be enabled here. It is highly recommended that an expiration date is set for the logs so that they are automatically removed from the system to avoid filling up your disk space. Selecting all options for logging will also adversely affect performance. Do not select all the options at one time unless requested by Support.

You may choose the default worker password here. One is automatically generated for you when you create a worker but you may change the password here if you like.

This XML Export function is included in Retain in case you have an XML compliance mandate. You enable it here.

When selected, each attachment will have an XML export file of its parent message. In other words, an XML representation of the metadata is created and linked to the blobs as the messages are stored. There's nothing more done.

Ordinarily, you would not want to do this because it consumes enormous quantities of disk space, loads up your file system and degrades performance.

When you do NOT use the XML export function, you will benefit from Retain’s single-instance message storage and data compression to save disk space and improve performance.

Modules can be set to forward all new items to another location.

SMTP Forwarding

SMTP Forwarding is a feature which instructs Retain to forward a copy of any archived message data to the specified address and domain, when the message item is archived. For Module Forwarding to function, it must be configured here on the Server Configuration and also enabled on the specific desired module. Any module which has the SMTP Forward option enabled will send messages according to the settings configured here.

This setting is designed for exporting data to an external SMTP system for redundant archival. This is most often used for mobile, social, or blackberry message systems. SMTP Forwarding will take a text, pin, sms, or posted message and message data, convert it into a MIME file and send the message to the specified SMTP system. The Forward process checks for and sends any queued data once every 10 minutes. If a message is unable to be sent for any reason, after 5 days the MIME file will be saved to the local disk and may be reviewed and repaired by an administrator.

This feature is not recommended for use with any SMTP system which Retain is currently archiving. If Module Forwarding is enabled and configured to use the SMTP system which Retain is currently archiving, duplicate data will be archived; Mobile, Blackberry, and Social data will be doubled in the Retain archive.

DO NOT use SMTP Forwarding with any email module if Retain is archiving the destination SMTP Mail System. This will cause a feedback loop which will rapidly fill the archive and email system.

Requirements

Configuration

The SMTP Forwarding feature requires a SMTP Mail Server connection configured. Input the destination Mail Server's DNS name, protocol, and port.

The SMTP Mail From Address will be the address which displays as the 'from' address for the forwarded messages.

The SMTP To Address is the destination account for messages. If a single address is to be used, it should be a journaling mailbox. Retain can also send each message to a destination mailbox for each originating user. If it is desired to send the messages to each respective owner's mailbox, configure the 'SMTP To Address' with: {userid}@<yourdomain>.com

Retain will automatically use the userID of the originating device or account. Use of this feature requires that the SMTP server has an existing mail account for each user which matches the userID Retain shows for the mobile or Blackberry device.

If the destination SMTP server requires a login, provide an appropriate login. The login username and password will have no bearing on the 'from' address.

Press the “Test Connection” button to have Retain send a test message to the destination.

For troubleshooting, attempting to telnet from the Retain server to the SMTP server may provide useful information. Configuration data is stored in ASConfig.cfg.

FTP Forwarding

This feature instructs Retain to take a copy of any archived message data to the specified location, when the data item is archived. This feature must be configured here, in Server Configuration as well as selected on the desired system module configuration page.

FTP Forwarding is designed for exporting data to an external FTP server for redundant archival. While the FTP Forwarding service does not have the inherent danger of duplicating data as the SMTP Forwarding feature does, it is important to note that should the exported data be sent through any system the Retain system archives, it will duplicate data in the Retain archive. FTP forwarding simply sends a copy of the data in the format that it is received, (Mime, text, etc.). The FTP Forwarding service is run every 10 minutes, checking for any data queued for delivery.

Requirements

Configuration

The FTP Forwarding feature must have a configured FTP Server connection before the forward option will appear in the Module configuration pages. To configure the FTP Forwarding option fill out all the required information and then test the connection. Test results will be displayed after the test completes.

FTP Server is the connection address or DNS name of the FTP Server

FTP Security Protocol is the security of the receiving FTP server. Options are Unencrypted, SSL, or TLS.

FTP Port is the listening port of the FTP server.

FTP Upload Location is the path to the desired destination directory of the FTP Server. This must be the location as you would view it in an FTP client. FTP Username and Password are the login credentials to the FTP Server.

Once configured, select 'Test Connection' and then save the settings by selecting the disk icon at the top right of the page. Now the FTP Forwarding option has been configured the FTP option will appear in the module forwarding section of each individual module configured in the system. Only the modules which have had the FTP option saved will utilized FTP Forwarding. The feature must be configured in both places in order to function.

For troubleshooting, attempting to FTP from the Retain server to the FTP server may provide useful information. Configuration data is stored in ASConfig.cfg.

The REST API is an interface built into Retain which allows third-party applications to input data into the Retain archive. This API was developed to open new horizons to the Retain Archive for any application which conforms to the API requirements. Because of the access the API grants to applications, an additional API license file is required for each application. This license contains credentials and access rights. In order for a third-party application to utilize the REST API, the application must have a credentialed key provided by Micro Focus.

The REST API is an input protocol only. For Archive security, the API prohibits migrating data out of the Retain Archive. There are also limits placed in each applications API license file to protect the integrity of the data being input into the archive, based on the application.