2.3 Storage Tab

Use this tab to specify where the Retain archive files are stored and to manage encryption of archive BLOB files.

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab

The Storage tab contains the following panels:

2.3.1 Storage Panel

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab > Storage Panel

Table 2-8 Using the Storage Panel

Option, Field, or Sub-panel	Information and/or Action
Storage Engine	Only informational. Configurable in the Storage Manager
Base Storage Path	Sets the default path for where the Retain archive, XML files, search index files, PDF exports, backups, and license files are stored. Customized paths for these can be set by clicking the Advanced Settings link and deselecting the Derive all file locations ... option.
Advanced Settings	Use this link to access customizable storage paths for the Retain archive, XML files, search index files, PDF exports, backups, and license files. Deselect the Derive all file locations ... option to display the list of paths. You can specify customized paths for the following: Attachments XML Mappings Indexes PDF Exports Backups License Files
Compression	A reminder that compression is always used.

2.3.2 Storage Encryption Panel

NOTE:Encryption is not currently supported on MS SQL databases.

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab > Storage Encryption Panel

Table 2-9 Using the Storage Encryption Panel

Option, Field, or Sub-panel	Information and/or Action
IMPORTANT:The following options, fields, etc. display only after you change the Storage Encryption option to aes.
Storage Encryption option	none: This is the default state. Jobs run normally and Retain archive files are not encrypted. If you switch back to this option after encrypting archive files, new archive archive files won’t be encrypted, but files that are already encrypted remain encrypted. aes: When you select this, Job processing is suspended until a new key is generated using the Generate Key button. After a key is generated, Job processing resumes, and Retain encrypts new files as they come in. Existing files are encrypted in the background when the server is idle. Although encrypting a large amount of archived data can take some time, there are no impacts on user tasks or the overall user experience.
Key Status field	Initial: This indicates that the system is waiting for key generation. Jobs are suspended until that is done. Active: This indicates that the key with the Alias name displayed below is currently being used to encrypt the Retain archive files. Revoked This indicates that the encryption key that was previously active is no longer in use for encrypting archive files. Encryption is currently suspended until a new key is generated and stored in the keystore.
Key Alias	This is the system name that Retain assigned to the currently active encryption key. Keys are listed in the keystore using this system name (alias).
Key Type	The encryption type and level of the currently active encryption key. Retain generates new keys to the 256-bit Advanced Encryption Standard (AES 256).
Generate Key button	Clicking this causes Retain to generate a new AES 256 key and to begin encrypting the Retain archive files with that key. When generating the system’s first key, you must set and confirm a keystore password that Contains at least 6 upper- or lower-case alphanumeric characters. Does not contain special characters. IMPORTANT:Make sure you don’t lose the keystore password. For generating subsequent keys, you need only enter the password once.
Revoke Key button	Clicking this and confirming the action, causes the encryption key to be revoked. Encryption of incoming archive items is suspended and the Key Status changes to Revoked. The revoked key is saved in the keystore so that Retain can decrypt any archive files that were encrypted with it. Revoked keys are only removed after all items that were previously encrypted by the revoked keys are re-encrypted by a new key through Retain’s Storage Re-encryption functionality.

Keystore Sub-panel

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab > Storage Encryption Panel > Keystore Sub-panel

Table 2-10 Using the Keystore Sub-panel

Option, Field, or Sub-panel	Information and/or Action
Display Keys button	Clicking this displays the names (key aliases) and modification dates of all keys in the keystore. To view the contents of an exported .jks file that is offline, use one of the following options. At a terminal prompt, Install Java 1.8. Use the command line tool keytool.exe to view the file. For example, keytool -list -v -keystore key-store-file.jks In a desktop GUI environment, Install and use a GUI tool, such as Portecle.
Export Keys button	Clicking this and entering the keystore password causes the keystore to be exported as a .jks file named retainKeyStore.jks and downloaded to the browser’s default download location on the machine that is running the management browser. We recommend renaming this file to reflect its origin. For example, Retain-svr01-KeyStore.jks for a retain server named Retain-svr01.
Import Keys button	Before clicking this button, you must first browse to and choose a .jks file. After clicking this button, you must enter the keystore password for this Retain server and then the keystore password for the keystore on the server where the.jks file originated.
Choose File button	Click this button to browse to and select a .jks keystore file for importing.
Change Password button	Click this button to change the keystore password for this Retain server.

Storage Re-encryption Sub-panel

Path: Retain Server Manager > Configuration > Server Configuration > Storage Tab > Storage Encryption Panel > Storage Re-encryption Sub-panel

Table 2-11 Using the Storage Re-encryption Sub-panel

Option, Field, or Sub-panel	Information and/or Action
Configuration Section: Use the following to manage and control the re-encryption process.
Enable Re-encryption Process option	Re-encryption only runs when this is enabled.
Schedule drop-down list	You can schedule re-encryption processes to run daily, weekly, or monthly.
Run at option	Specify when you want re-encryption processes to run in 24-hour time.
Mail report to Retain administrator option	If you have configured the system with SMTP services and the Retain administrator has an associated email account, enabling this causes Retain to email the administrator with status updates.
Limit processing time option	If you want to limit the length of time spent on re-encryption in each run cycle, enable this option.
Hours field	Specify the number of hours the system can spend on re-encryption in each run cycle.
Processing threads option	Specify the number of threads the system can devote to re-encryption processes.
Start Re-encryption Now button	Click this to circumvent the schedule and start re-encryption immediately.
Stop button	Click this to halt the current re-encryption process.
Process Status Section: Informational fields for tracking re-encryption process status.
Current cycle	Not running Running
Status of previous cycle	Unknown End_of_Processing Manual_stop
Items to process	The total number of archived items that require re-encryption.
Processed in current cycle	The total number of items encrypted during the current cycle.
Processing rate (items/second)	The average number of items processed per second.
Duration (hhh:mm:sec)	How long the current cycle has been running.
Update Stats button	Click this to immediately update the statistics displayed above it.