Data Loss Prevention v14 - About External Storage for Incident Attachments
Last Updated November 05, 2015
Symantec has published an import Alert for this feature. Please see details here: https://support.symantec.com/en_US/article.ALERT1905.html
About external storage for incident attachments
You can store incident attachments such as email messages or documents on a file system rather than in the Symantec Data Loss Prevention database. Storing incident attachments externally saves a great deal of space in your database, providing you with a more cost-effective storage solution.
You can store incident attachments either in a directory on the Enforce Sever host computer, or on an stand-alone computer. You can use any file system you choose. Symantec recommends that you work with your data storage administrator to set up an appropriate directory for incident attachment storage.
To set up an external storage directory, Symantec recommend these best practices:
If you choose to store your incident attachments on the Enforce Server host computer, do not place your storage directory under the /SymantecDLP/ folder.
If you choose to store incident attachments on a computer other than your Enforce Server host computer, take the following steps:
Ensure that both the external storage server and the Enforce Server are in the same domain.
Create a "protect" user with the same password as your Enforce Server "protect" user to use with your external storage directory.
If you are using a Linux system for external storage, change the owner of the external storage directory to the external storage "protect" user.
If you are using a Microsoft Windows system for external storage, share the directory with Read/Write permissions with the external storage "protect" user.
After you have set up your storage location you can enable external storage for incident attachments in the Upgrade Wizard. After you have upgraded your system to Symantec Data Loss Prevention 14, all new incident attachments will be stored in the external storage directory.
In addition, a migration process runs in the background to move your existing incident attachments from the database to your external storage directory. Incident attachments in the external storage directory cannot be migrated back to the database. Incident attachments stored in the external storage directory are encrypted and can only be accessed from the Enforce Server administration console.
The incident deletion process deletes incident attachments in your external storage directory after it deletes the associated incident data from your database. You do not need to take any special action to delete incidents from the external storage directory.
To change the settings for external storage of incident attachments
The Protect.properties file contains values that control the External Storage for Incident Attachments. To change these settings locate and edit the file: