'archive' Service

enaio® 11.0 »

The configuration of the 'archive' service is used to set up and configure connections to the following archiving systems.

iCAS/iCAS FS S3/HCP-Archive/Cloudian Hyperstore/Dell ECS S3/Dell EMC ECS/Amazon S3/Netapp StorageGRID S3/enaio® cloud-archive

The configuration is carried out using profiles in the application-storage.yml configuration file from the \services\service-manager\config\ directory.

Configuration values such as user name and password can be specified in the encrypted configuration file.

The installed configuration file contains sample profiles with profile parameters for supported archiving systems.

The 'archive' service must be restarted via enaio® services-admin after changes have been made to the application-storage.yml configuration file.

Profile for iCAS/iCAS FS:
storage:  
profiles:  
iternity:  
profileName:

Profile name.

The profile name is specified during configuration of the virtual archive in enaio® enterprise-manager.

You can create more than one profile.
userName:

Name of the user with the appropriate rights for the archive.
userPassword: The user's password.
endpoint: URL of the iCAS/iCAS FS web service.
cscMode

Storage mode for documents and index data.

The storage mode is specified with a sequence of four parameters:

Documents Index data
Compression Encryption Compression Encryption
S (without) N (without) S (without) N (without)
L (with) S (standard) L (with) S (standard)
  A (AES 256)   A (AES 259)

Example:

LSSN

The document is compressed (L) and encrypted with the standard method (S); the index data is not compressed (S) and not encrypted (N).
maxCreateCscSize

Determines the maximum size of containers created with the 'CreateCsc' write method.

The information is expressed in bytes. Default: 10 MB.
maxCreateCscFile

Determines the maximum number of documents for the containers created with the 'CreateCsc' write method.

Default: 1000 files.
maxCreateCscSingleFileLimit

Determines the individual size limit of a document. The 'CreateCsc' write method is used up to this limit.

The information is expressed in bytes. Default: 4 MB.

If the limit is exceeded, the 'AddToWork' write method, which is less memory-intensive and creates the containers divided over several chunks, is used.
maxWorkChunkSize

Determines the maximum size of a single chunk for the 'AddToWork' write method.

The information is expressed in bytes. Default: 5 MB.

clientSslTrustStore:

Optional: Resource path to a certificate trust store for encrypted communication with iCAS.

The path to the certificate file is specified with a 'file' log.

Example: clientSslTrustStore: file:D:\s-m\zertifikate\cert_icas.PFX

clientSslTrustStorePassword:

Optional: Password for the certificate trust store.

defaultRetentionInDays:

Retention time in days, default: 0 (do not transmit retention time)

For documents with a scheduled retention time, this has priority over any times specified here.

Profile for iCAS FS S3:
storage:  
profiles:  
iternity_s3:  
profileName:

Profile name.

The profile name is specified during configuration of the virtual archive in enaio® enterprise-manager.

You can create more than one profile.
access-key:

Access key
secret-key: Password
url: URL for S3
bucket: Name of the bucket in the storage system for filing.

defaultRetentionInDays:

Retention time in days, default: 0 (do not transmit retention time)

For documents with a scheduled retention time, this has priority over any times specified here.
region: Optional: Location of the data center where new buckets are created. If no entry, the value is determined using the S3 'GetBucketLocation' method.
objectLock:

Optional: Boolean value that determines whether the archive-internal retention (objectLock) is required (true) or optional (false) for the corresponding bucket.

  • true (default):

    • Buckets that are automatically created by the 'archive' service have ObjectLocking activated.

    • Documents with retention set (enaio:rm_expirationDate or defaultRetentionInDays) can only be saved in buckets with ObjectLocking activated.

  • false:

    • Buckets that are automatically created by the 'archive' service have ObjectLocking deactivated.

    • No archive-internal native retention is defined for documents stored in buckets with ObjectLocking deactivated. This means that documents can be protected against manipulation via enaio® endpoints, but not against manipulation through direct memory access.
pathTemplate: Optional: This parameter can be used to save objects in specific directories within a bucket.
retentionMode:

Optional: Parameter for selecting a retention mode for S3 Object Lock.

  • COMPLIANCE (default)

    Objects with retention cannot be changed or deleted, not even by a storage administrator.

  • GOVERNANCE

    Objects with retention can be changed and deleted by a storage administrator with specific permissions.

Profile for Hitachi Content Platform:
storage:  
profiles:  
hcp_s3:  
profileName:

Profile name.

The profile name is specified during configuration of the virtual archive in enaio® enterprise-manager.

You can create more than one profile.
access-key:

Access key
secret-key: Password
url: URL for HCP
bucket: Name of the bucket in the storage system for filing.

defaultRetentionInDays:

Retention time in days, default: 0 (do not transmit retention time)

For documents with a scheduled retention time, this has priority over any times specified here.

Profile for Cloudian HyperStore:

In order to configure the Cloudian Hyperstore archive, you need to configure the following S3-relevant parameters.

storage:  
profiles:  
cloudian_s3:  
profileName:

Profile name.

The profile name is specified during configuration of the virtual archive in enaio® enterprise-manager.

You can create more than one profile.
access-key:

Access key
secret-key: Password
url: URL for Cloudian HyperStore
bucket: Name of the bucket in the storage system for filing.

defaultRetentionInDays:

Retention time in days, default: 0 (do not transmit retention time)

The retention (enaio:rm_expirationDate) set by the caller in the index data of the object during the import takes precedence over the retention time specified here.
An administrator with access to the storage system can delete the objects unless ObjectLocking is activated for the storage system.
region: Optional: Location of the data center where new buckets are created. If no entry, the value is determined using the S3 'GetBucketLocation' method.
objectLock:

Optional: Value that specifies whether the archive-internal retention (objectLock) is required or optional for the corresponding bucket.

  • true

    • Buckets that are automatically created by the 'archive' service have ObjectLocking activated.

    • Binary content files with retention set (enaio:rm_expirationDate or defaultRetentionInDays) can only be saved in buckets with ObjectLocking activated.

  • false

    • Buckets that are automatically created by the 'archive' service have ObjectLocking deactivated.

    • An archive-internal native retention will be defined for binary content files stored in buckets with ObjectLocking activated.

    • No archive-internal native retention will be defined for binary content files stored in buckets with ObjectLocking deactivated. This means that binary content files can be protected against manipulation via enaio® endpoints, but not against manipulation through direct memory access.

    Default: true
retentionMode:

Optional: Parameter for selecting a retention mode for S3 Object Lock.

  • COMPLIANCE (default)

    Objects with retention cannot be changed or deleted, not even by a storage administrator.

  • GOVERNANCE

    Objects with retention can be changed and deleted by a storage administrator with specific permissions.
pathTemplate Optional: Parameter to save objects in specified directories within a bucket.

Profile for Dell ECS S3:
storage:  
profiles:  
ecs_s3:  
profileName:

Profile name.

The profile name is specified during configuration of the virtual archive in enaio® enterprise-manager.

You can create more than one profile.
access-key:

Access key
secret-key: Password
url: URL for Dell ECS S3
bucket: Name of the bucket in the storage system for filing.

defaultRetentionInDays:

Retention time in days, default: 0 (do not transmit retention time)

The retention (enaio:rm_expirationDate) set by the caller in the index data of the object during the import takes precedence over the retention time specified here.
An administrator with access to the storage system can delete the objects unless ObjectLocking is activated for the storage system.
region: Optional: Location of the data center where new buckets are created. If no entry, the value is determined using the S3 'GetBucketLocation' method.
objectLock:

Optional: Value that specifies whether the archive-internal retention (objectLock) is required or optional for the corresponding bucket.

  • true

    • Buckets that are automatically created by the 'archive' service have ObjectLocking activated.

    • Binary content files with retention set (enaio:rm_expirationDate or defaultRetentionInDays) can only be saved in buckets with ObjectLocking activated.

  • false

    • Buckets that are automatically created by the 'archive' service have ObjectLocking deactivated.

    • An archive-internal native retention will be defined for binary content files stored in buckets with ObjectLocking activated.

    • No archive-internal native retention will be defined for binary content files stored in buckets with ObjectLocking deactivated. This means that binary content files can be protected against manipulation via enaio® endpoints, but not against manipulation through direct memory access.

    Default: true
pathTemplate: Optional: This parameter can be used to save objects in specific directories within a bucket.
retentionMode:

Optional: Parameter for selecting a retention mode for S3 Object Lock.

  • COMPLIANCE (default)

    Objects with retention cannot be changed or deleted, not even by a storage administrator.

  • GOVERNANCE

    Objects with retention can be changed and deleted by a storage administrator with specific permissions.

Profile for Dell EMC ECS:

It is necessary to make customizations for Dell EMC ECS.

storage:  
profiles:  
ecs-cas:  
profileName:

Profile name.

The profile name is specified during configuration of the virtual archive in enaio® enterprise-manager.

You can create more than one profile.
access-key:

User name
password: Password
clusterId Number of the cluster that is being accessed.
url: URL to Dell EMC ECS
bucket: Name of the bucket to be displayed in the health check.
defaultRetentionInDays

Retention time in days, default: 0 (do not transmit retention time)

For documents with a scheduled retention time, this has priority over any times specified here.
calculateDigestMetadata Default: false, optional: It may be necessary to compute a digest in the getMetadata query.
calculateDigestContent Default: false, optional: It may be necessary to compute a digest in the getContent query. The digest is sent in the Content-hash-HTTP header.

Customizations for Dell EMC ECS

The following customizations for Dell EMC ECS are required:

  • Integrate libraries

    • Download the archive dell_ecs_cas_lib64.zip, extract the archive on the enaio® service-manager computer, and extend the 'Path' system variable with the path to the directory.

    • Make sure that the following files are available in the System32 or Syswow64 directory:

      msvcp110.dll and msvcr110.dll

      If these files are not found in the directory, they can be installed via the Microsoft Visual C++ 2012 Redistributable Package.

    • Restart the computer.

 

Profile for Amazon S3:
storage:  
profiles:  
s3:  
profileName:

Profile name.

The profile name is specified during configuration of the virtual archive in enaio® enterprise-manager.

You can create more than one profile.
access-key:

Access key
secret-key: Password
url: URL for S3
bucket: Name of the bucket in the storage system for filing.

defaultRetentionInDays:

Retention time in days, default: 0 (do not transmit retention time)

For documents with a scheduled retention time, this has priority over any times specified here.
retentionMode:

Optional: Parameter for selecting an object lock

  • COMPLIANCE

    Objects with retention cannot be changed or deleted, not even by storage administrators.

  • GOVERNANCE

    Storage users with specific permissions can change or delete objects under retention.

Default: COMPLIANCE
region:

Optional: Specifies the location of the data center where new buckets should be created.

Default: Determined via the S3 method 'GetBucketLocation'.
objectLock:

Optional: Value that specifies whether the archive-internal retention (objectLock) is required or optional for the corresponding bucket.

  • true

    • Buckets that are automatically created by the 'archive' service have ObjectLocking activated.

    • Binary content files with retention set (enaio:rm_expirationDate or defaultRetentionInDays) can only be saved in buckets with ObjectLocking activated.

  • false

    • Buckets that are automatically created by the 'archive' service have ObjectLocking deactivated.

    • An archive-internal native retention will be defined for binary content files stored in buckets with ObjectLocking activated.

    • No archive-internal native retention will be defined for binary content files stored in buckets with ObjectLocking deactivated. This means that binary content files can be protected against manipulation via enaio® endpoints, but not against manipulation through direct memory access.

    Default: true
pathTemplate: Optional: Parameter to save objects in specified directories within a bucket.

Profile for NetApp StorageGRID S3
storage:  
profiles:  
netapp_s3:  
profileName:

Profile name.

The profile name is specified during configuration of the virtual archive in enaio® enterprise-manager.

You can create more than one profile.
access-key:

Access key
secret-key: Password
url: URL for NetApp StorageGRID S3
bucket: Name of the bucket in the storage system for filing.

defaultRetentionInDays:

Retention time in days, default: 0 (do not transmit retention time)

The retention (enaio:rm_expirationDate) set by the caller in the index data of the object during the import takes precedence over the retention time specified here.
An administrator with access to the storage system can delete the objects unless ObjectLocking is activated for the storage system.
region Optional: Location of the data center where new buckets are created. If no entry, the value is determined using the S3 'GetBucketLocation' method.
objectLock

Optional: Value that specifies whether the archive-internal retention (objectLock) is required or optional for the corresponding bucket.

  • true

    • Buckets that are automatically created by the 'archive' service have ObjectLocking activated.

    • Binary content files with retention set (enaio:rm_expirationDate or defaultRetentionInDays) can only be saved in buckets with ObjectLocking activated.

  • false

    • Buckets that are automatically created by the 'archive' service have ObjectLocking deactivated.

    • An archive-internal native retention will be defined for binary content files stored in buckets with ObjectLocking activated.

    • No archive-internal native retention will be defined for binary content files stored in buckets with ObjectLocking deactivated. This means that binary content files can be protected against manipulation via enaio® endpoints, but not against manipulation through direct memory access.

    Default: true
pathTemplate Optional: This parameter can be used to save objects in specific directories within a bucket.
retentionMode

Optional: Parameter for selecting a retention mode for S3 Object Lock.

  • COMPLIANCE (default)

    Objects with retention cannot be changed or deleted, not even by a storage administrator.

  • GOVERNANCE

    Objects with retention can be changed and deleted by a storage administrator with specific permissions.

  

Profile for enaio® cloud-archive

A plug-in must be integrated for enaio® cloud-archive.

Profile for enaio® cloud-archive
storage:  
profiles:  
enaio-cloud-archive:  
profileName:

Profile name.

The profile name is specified during configuration of the virtual archive in enaio® enterprise-manager.

You can create more than one profile.
url: URL
tenant:

Tenant
username: User name
password: Password
silo:

Value to categorize data and make it easier to find.

No configurations are needed in enaio® cloud-archive in order to specify silo values.

defaultRetentionInDays:

Retention time in days, default: 0 (do not transmit retention time)

For documents with a scheduled retention time, this has priority over any times specified here.
connectionTimeoutInMillis:

Timeout (in milliseconds) for the connection

Default: 5000
readTimeoutInMillis:

Timeout (in milliseconds) for reading files

Default: 1800000

Plug-in for enaio® cloud-archive

A plug-in is required for enaio® cloud-archive. The enaio-cloud-archive.zip plug-in is part of the installation data located in the \Backend\Service-Manager-Update\Plugins directory.

Plug-ins need to be activated via the application-storage.yml file located in the enaio® service-manager \config\ directory, and the plug-in directory needs to be specified.

storage:
  plugins:
    enabled: true
    directory: "c:\enaio\data\plugins"

The plug-in needs to then be copied to the specified plug-in directory of enaio® service-manager; in the example here C:\enaio\data\plugins.

The enaio-cloud-archive.zip plug-in is not included in enaio_services_versionfix.exe and needs to be updated manually by copying it to the plug-in directory if required.

Then the 'archive' service needs to be restarted. enaio-cloud-archive.zip is extracted to a subfolder with the same name. The plug-in will only be updated if the subfolder with the extracted plug-in is deleted first.

No further configurations are required to integrate the plug-in.

The data for the configuration – URL, tenant, user name, password – can be obtained from OPTIMAL SYSTEMS, including the information for changing the user name and password.

Encryption of Configuration Values

The configuration values of the application-storage.yml file in the \config\ directory of enaio® service-manager can be encrypted:

  • Open the command prompt as the administrator and change to the \service-manager\tools\encryption\ directory.

  • Run the following command: encode.bat "value" -W.

    The encrypted value is displayed in round brackets with 'ENC' before it: ENC(encryptedvalue).

  • Copy the encrypted value with the leading 'ENC' and with the round brackets and enter it into the configuration file.

  • Save the configuration and restart the service, if necessary.

If the value to be encrypted contains quotation marks or ends with a backslash, these characters must be preceded by the backslash.
Example: encode.bat "passwordwith\"quotation\"marks" -W