GUIDANCE SOFTWARE | ADMINISTRATION GUIDE | ENCASE EDISCOVERY
EnCase® eDiscovery
VERSION 5.2
Copyright © 2007-2013 Guidance Software, Inc. All rights reserved.
EnCase®, EnScript®, FastBloc®, Guidance Software® and EnCE® are registered trademarks or trademarks owned by Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other marks and brands may be claimed as the property of their respective owners. Products and corporate names appearing in this work may or may not be registered trademarks or copyrights of their respective companies, and are used only for identification or explanation into the owners' benefit, without intent to infringe. Any use and duplication of this work is subject to the terms of the license agreement between you and Guidance Software, Inc. Except as stated in the license agreement or as otherwise permitted under Sections 107 or 108 of the 1976 United States Copyright Act, no part of this work may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise. Product manuals and
documentation are specific to the software versions for which they are written. For previous or outdated versions of this work, please contact Guidance Software, Inc. at http://www.guidancesoftware.com. Information contained in this work is furnished for
Contents
Preface
5
About this Book ... 5
For Further Information ... 5
EnCase eDiscovery Administration Overview
7
EnCase eDiscovery ... 8The Desktop Client ... 9
The Web Server ... 9
The Examiner Service ... 9
The Database Server... 10
The SAFE ... 10
Preparing EnCase eDiscovery System Components
11
Overview ... 12Getting Started ... 12
Tracking Important Information ... 13
Preparing the Single Machine System ... 15
Verifying Required Software and Configurations - Single Machine Configuration ... 17
Allocating Ports - Single Machine Configuration ... 19
Setting up Permissions - Single Machine Configuration ... 19
Preparing the Web Server Component - Single Machine System ... 22
Preparing the Database Component - Single Machine System ... 22
Collecting Email and Document Archives - Single Machine System ... 23
Preparing System Components on Multiple Machines ... 23
Preparing the Database Server ... 23
Preparing the EnCase SAFE... 27
Preparing the Web Server ... 28
Preparing the Desktop Client ... 31
Preparing the Examiner Service Machine(s) ... 34
Preparing the Web Client ... 39
Installing and Configuring IIS (Internet Information Server) ... 39
Installing MS DTC (Microsoft Distributed Transaction Coordinator) ... 41
Configuring PowerShell ... 42
Setting up Licensing ... 42
Activating an Electronic License ... 43
Installing a Digital Certificate for SSL Connections... 45
Pay Per Use Considerations ... 45
Installing EnCase eDiscovery
47
Overview ... 48Installing the Databases ... 48
Installing the Database Utility Tool ... 49
Creating a Global Database and Schema ... 50
Creating Case Databases ... 53
Upgrading Existing Databases ... 56
Running Diagnostics ... 59
Backing up the SQL Service Master Key ... 60
Installing the Web Server ... 61
Installing the Web Components ... 62
Configuring the Web Application ... 66
Setting up the Administrator Role... 67
Configuring Database and Server Settings ... 69
Generating a Connection String with the Utility Script ... 71
Installing the Data Service ... 72
Setting up Windows Authentication ... 75
Configuring the Data Service to Run with HTTPS ... 76
Installing the Desktop Client ... 76
Starting the Desktop Client ... 77
Connecting to the Global Database ... 77
Installing the Examiner Service ... 78
Configuring EnCase eDiscovery
83
Overview ... 84Configuring SMTP Connections ... 84
Importing the Microsoft Exchange Certificate ... 85
Setting up a Mail Profile for HTTP Connections ... 88
Setting up Web API Features ... 90
Changing the Hostname of the Web Application ... 90
Working with Encrypted Data ... 90
Creating Encryption Keys ... 90
Opening an Encrypted File ... 92
Troubleshooting
141
Overview ... 142Troubleshooting EnServer ... 142
Troubleshooting the Data Service... 144
Troubleshooting the Desktop Client ... 144
Troubleshooting the Examiner Service ... 144
Viewing System Information and Errors ... 144
Examiner Service Error Messages ... 144
Unable to See Licensed Applications in Web ... 148
Not Authorized User Message ... 148
Connecting to Microsoft Office 365 Servers ... 149
Finding the Build Number of an EnPack... 149
Reverting to a Virtual Machine (VM) Snapshot ... 149
Managing User Accounts
95
Overview ... 96Role-Based Security ... 96
Creating a New Role ... 98
Assigning Permissions to a Role ... 98
Assigning Permissions to a Case ... 99
Associating an Active Directory Group or User with a Role ... 100
Modifying the Name of an Existing Role ... 101
Deleting a Role ... 101
Disabling a Role ... 101
Tracking User Sessions ... 102
Monitoring Tasks... 102
Connecting to Email and Document Repositories
103
Overview ... 104Connecting to Amazon S3 Repositories ... 104
Connecting to EMC Documentum Repositories ... 104
Connecting to Lotus Domino Servers ... 105
Configuring Permissions for Lotus Domino ... 105
Configuring EnCase eDiscovery for Lotus Collections ... 107
Connecting to Microsoft Exchange Servers ... 108
Configuring Permissions for Microsoft Exchange 2003 ... 108
Configuring Permissions for Microsoft Exchange 2007 and 2010 ... 112
Configuring Microsoft Exchange Online ... 114
Configuring EnCase eDiscovery for Exchange Collections ... 117
Connecting to Microsoft SharePoint and SharePoint Online Repositories ... 117
Configuring Permissions for SharePoint and SharePoint Online Web Access ... 119
Configuring Permissions for In-House SharePoint Database Access ... 120
Connecting to OpenText Livelink Repositories ... 121
Connecting to Symantec Enterprise Vault Repositories ... 121
Maintenance and Disaster Recovery
123
Overview ... 124Storing Critical Configuration Information ... 124
Retrieving the Global Database ID ... 124
Backing Up Databases ... 127
Performing Manual Backups ... 127
Setting Up Automated Backups... 128
Restoring or Moving Databases ... 129
Restoring Databases Manually ... 129
Changing a Database Owner Manually ... 131
Changing Global Database Settings ... 133
Restoring Master Keys ... 134
Modifying the Case Connection Strings for a New SQL Instance ... 137
Connecting to a Restored Database ... 140
Recommended Maintenance Procedures... 140
Support
151
Technical Support ... 151Live Chat ... 151
Technical Support Request Form ... 151
Email ... 151
Telephone ... 152
EnCase eDiscovery Review Technical Support ... 152
Support Portal ... 152
User, Product, and Foreign Language Forums ... 153 Posting to a Forum ... 154 Searching ... 154 Bug Tracker... 154 Knowledge Base ... 154 MyAccount ... 155
Index
157
About this Book
This administration guide is for system administrators and database administrators tasked with installing and configuring EnCase eDiscovery.
This guide focuses on the installation and configuration of the product components. Once they are installed, and ready for use, refer to the EnCase eDiscovery User's Guide for information on how to use EnCase eDiscovery. Refer to the EnCase eDiscovery Release Notes for a summary of new release features, fixed items, and known limitations of the products.
For Further Information
This manual does not include Microsoft Windows, third-party database setup, or troubleshooting information. It does not include details on using EnCase eDiscovery, which can be found in the EnCase eDiscovery User's Guide. For information on third-party products used with EnCase eDiscovery, refer to the documentation for those products (for example, MSDN or Microsoft SQL Server Books Online). For information on using Secure Authentication for EnCase (SAFE), which describes the details of enabling licensing permissions for EnCase products, refer to the EnCase SAFE Administration Guide.
In This Chapter
EnCase eDiscovery
CHAPTER 1
EnCase eDiscovery
EnCase eDiscovery
EnCase eDiscovery uses multiple components to collect, process, analyze, and deliver information. These components can be installed and configured on one or several separate computers.
The diagram below shows a multiple machine setup. In this configuration, the Web Components machine has a variety of components installed: the Web application, the Web server, and the data service.
The EnCase eDiscovery desktop client provides a Windows-based user interface. The EnCase eDiscovery Web components machine provides the backbone for the Web
interface that enables accessibility from any browser, inside or outside the firewall. In the configuration illustrated above, this machine is where the Web server, the Web application, and the data service are installed.
The examiner service schedules and processes all EnCase eDiscovery tasks, and connects to targets either directly or through a SAFE.
The database server holds the global and case databases, and stores common settings, case settings, and jobs.
Installing and configuring the components must be done on properly configured machines, and in a specific order.
This administration guide details what configuration and specifications are required for single system setups as well as various component machines. It also provides details for how to install each
The Desktop Client
The EnCase eDiscovery desktop client enables users to set up cases, assign sources, associate custodians and targets, create search criteria, and generate case-specific reports.
From within the desktop client, jobs are created, scheduled, and automatically picked up and processed by the examiner service machines. These jobs may include uncompressing and indexing collected data, running keyword searches, and connecting directly to mail servers, document servers, and workstations for data collection.
See Preparing the Desktop Client on page 31 for component requirements. See Installing the Desktop Client on page 76 for installation instructions.
The Web Server
The Web server runs the Web sites and services that enable access from any browser, inside or outside the firewall.
The Web application uses the Web server to provide an interface for various tasks, including the creation and monitoring of legal holds, first pass assessments, analysis and review of collected data, status notification, and the management of job activities. Through the Web interface, administrators schedule collections, processing, delivery, and analysis jobs, create and manage criteria, set up examiner profiles, and generate reports.
See Preparing the Web Applications Server see "Preparing the Web Server" on page 28 for component requirements.
Three components need to be installed on the Web server to fully configure it: The Web server (see Installing the Web Server on page 61)
The Web application (see Installing the Web Components on page 62) The data service (see Installing the Data Service on page 72)
The Examiner Service
The examiner service performs the data collection and processing activities, discovery, preview, and data acquisition from target computers. Examiners are configured to connect to the global SQL database, which stores connections to the individual SQL case databases.
The examiner service is a Windows service that can be installed on multiple machines and managed remotely. Because it is a service, no user intervention is needed to restart the system in case of an interruption. Database profiles can be configured to instruct individual examiner service machines to process all available jobs or only desired jobs.
See Preparing the Examiner Service Machine(s) for component requirements. See Installing the Examiner Service on page 78 for installation instructions.
The Database Server
The database server stores the databases that contain the data collected from many targets across the network.
The global database is the repository for source locations and custodian targets.
Individual case databases maintain collection and processing job parameters, as well as all job results pertaining to a case. These databases are accessed directly through the desktop client or through a Web browser.
See Preparing the Database Server on page 23 for component requirements. See Installing the Databases on page 48 for installation instructions.
The SAFE
The SAFE (Secure Authentication For EnCase) server is used to administer access rights, provide for secure data transmission, and broker communications between the network and the EnCase Enterprise user.
Using a SAFE is needed for collecting information over the network. Please refer to the SAFE Administration Guide for all details relating to SAFE setup and management.
In This Chapter
Overview
Getting Started
Tracking Important Information
Preparing the Single Machine System
Preparing System Components on Multiple Machines
Installing and Configuring IIS (Internet Information Server)
Installing MS DTC (Microsoft Distributed Transaction Coordinator)
Configuring PowerShell
Setting up Licensing
Installing a Digital Certificate for SSL Connections
Pay Per Use Considerations
CHAPTER 2
Preparing EnCase
eDiscovery System
Components
Overview
This chapter details the hardware, software, and system requirements needed to install and configure the product components.
Recommended and preferred resource values and configurations are noted where applicable. Prior to installing the product software on any component machine, Guidance Software strongly suggests you adhere to the following guidelines:
Disable any indexing engines (such as the one native to Vista and Windows 7) before installing and configuring any component machine.
Guidance Software recommends that all component computers apply an alternate IT policy of system patches and upgrades, to eliminate the possibility of unwanted reboots and
disconnections during installation and configuration.
For both installation and operation, Guidance Software recommends that you have
administrator rights on your local computer. If your company policy does not allow you to have administrator rights, then you minimally need read/write permissions for the installation folders.
To manage time zone differences among different computers, set the database server, the EnCase SAFE, and all Examiner computer system clocks to UTC (GMT with no daylight savings time).
Getting Started
Before you begin setting up your system, you must determine whether you are going to be configuring a single machine system, or a multiple machine system.
Setting up a single machine system
A single machine system may be fully sufficient for smaller networks. The process for setting up a single machine system follows these steps:
1. Check the computer and ensure that all hardware and software requirements are met, and that permissions are set correctly for each component (see Preparing the Single Machine System on page 15).
2. In exactly this order, install the following components:
• Install the database utility (Installing the Database Utility Tool on page 49)
• Using the database utility, create a global database (Creating a Global Database and
Schema on page 49)
• Using the database utility, create one or more cases (Creating Case Databases on page 53) • Install the Web server component (Installing the Web Server on page 61)
• Install the Web application component (Installing the Web Components on page 62)
• Configure the Web application (Configuring the Web Application on page 65) • Set up the Administrator role (Setting up the Administrator Role on page 67)
• Configure the Database and Server (Configuring Database and Server Settings on page 69)
• Install the data service component (Installing the Data Service on page 72) • Install the desktop client (Installing the Desktop Client on page 76)
Setting up a multiple machine environment
While other configurations are possible, this guide assumes a system configured with a separate machine for the desktop client, one or more machines for the examiner service, a single Web server machine for the Web server, Web application and data service components, a machine for the database, and multiple Web client machines.
To set up a typical multiple machine environment:
1. Check the following machines and ensure that all hardware and software requirements are met, and that permissions are set correctly for each component.
• Web server (Preparing the Web Applications Server see "Preparing the Web Server" on
page 28)
• Database server (Preparing the Database Server on page 23)
• Examiner service machine(s) (Preparing the Examiner Service Machine(s) on page 34)
• Desktop client (Preparing the Desktop Client on page 31) • Web client machines (Preparing the Web Client on page 38)
2. In exactly this order, install the following components on the following machines:
• On the Web server:
− Install the Web server component (Installing the Web Server on page 61)
− Install the Web application component (Installing the Web Components on page 62) − Configure the Web application (Configuring the Web Application on page 65) − Set up the Administrator Role (Setting up the Administrator Role on page 67) − Configure the Database and Server (Configuring Database and Server Settings on
page 69)
− Install the data service component (Installing the Data Service on page 72)
• On the database server, install the database utility (Installing the Database Utility Tool on page 49)
− Using the database utility, create a global database (Creating a Global Database
and Schema on page 49)
− Using the database utility, create one or more cases (Creating Case Databases on page 53)
• On the desktop client machine, install the desktop client (Installing the Desktop Client on
page 76)
• On the examiner service machine(s), install the examiner service components (Installing
the Examiner Service on page 78)
Tracking Important Information
Use the following table to keep track of information you will need during and after the installation process:
Description Value
Server name Domain name
Active Directory service account name/password
Description Value Background service user
(domain\username) Global database name SQL Server master key NAS path
SAFE path Computer name
Single machine configuration: Desktop client:
Web components machine: Database server:
Examiner service machine(s): Operating system version Single machine configuration: Desktop client:
Web components machine: Database server:
Examiner service machine(s): SQL Server version
System type (32- or 64 bit) Available space (> 1 GB required)
Component Port
Web application 80 (default)
Data service 8080 (default)
Web API 8081 (default)
ESB Listener 8700 (default)
SSL enabling 443 (default)
Component Port SMTP receive connector on the mail server
(using SSL) 465 (default)
SAFE 4445 (default)
SQL server 1443 (default)
Microsoft DTC 3372 (default)
Web server 8888 (default)
Preparing the Single Machine System
To successfully install all components to a single machine, that machine must meet or exceed the requirements and configurations for all the separate component machines described below.
Configuration - Single Machine
Class Server class hardware (64-bit)
Operating Systems Windows Server 2003 SP1 64-bit Enterprise
Windows Server 2003 SP1 R2 64-bit Enterprise Windows Server 2008 R2 64-bit Enterprise
Browser Microsoft Internet Explorer, versions 8.x or 9.x
Mozilla Firefox, versions 4.x and 5.x
Processor (CPU) Intel Quad-Core (for example, Intel Core 2 Quad)
AMD Opteron
For machines doing heavy OCR processing, Guidance Software recommends a minimum of two or more hyperthreaded multi-core processors. Four or more cores per processor are preferable.
Memory (RAM) 16 GB or greater ( 48 GB preferred)
One additional GB of RAM per thread is recommended to process OCR. For most users, this translates to an extra 5 GB of RAM per running examiner service.
Configuration - Single Machine
Hard Drive Capacity 500 GB or more with > 2.5 GB available on the drive where the operating system is installed. An additional 3 GB of free space is needed for the examiner service, whether it is installed on the C: drive or any secondary drive or partition.
The amount of disk storage required after installation depends upon the size of the original source data to be processed and the processing options selected. As a general guideline, allow enough storage for 10 times the original data size.
If you use the desktop machine for output file storage, you need to allocate sufficient space. For five jobs running concurrently, the minimum amount of storage for temporary files is approximately 25 GB; however, Guidance Software recommends allocating 50 GB of output file storage.
Hard Drive Speed 7,200 RPM (10,000 RPM or faster preferred)
Number of Hard Drives Recommended
For best performance, three hard drives are recommended: an application drive, a temp drive, and a separate drive for LEF files
Network Configuration Gigabit Ethernet (GbE)
The Web Server must be part of an Active Directory domain.
VMware The system can be run using VMware and Boot Camp as follows:
WMware Workstation 6.5
WMware Workstation 7.0
VMware Server 1.1 (GSX)
VMware vSphere 4.0 ESXi
Boot Camp v2.0
Boot Camp v3.0
Restrictions Intel Itanium processors are not supported.
A dedicated, unshared USB port must be present unless the Examiner license is acquired using the Network Authentication Server (NAS).
Although most temp files are stored in a temporary folder by job, a few are stored in the user's global temp folder. Confirm that this Temp folder (typically C:\Users\[UserID]\Local\Temp is not located in the user's directory.
Ports 80, 8888, and 443 (for SSL), must be available on this machine.
Make sure Fast User Switching is set to off. The setting for this is usually found in the local group policy editor (type
gpedit.msc in a command prompt, navigate to Local Computer Policy > Computer Configuration >
Administrative Templates > System > Logon and set Hide entry points for Fast User Switching to Enabled.)
If you are using Windows Vista or Windows 7, and if the machine has the Windows Search service enabled, you must switch it off. You can turn it off completely, or disable it for the installation temporary directory (go to Control Panel > Administrative Tools, and double click Services to locate the Windows Search service).
Configuration - Single Machine
Recommendations Performance is optimized for 64-bit hardware.
Use fault-tolerant drives and or fault-tolerant power supplies to reduce the possibility of outages or data loss.
Mirrored operating system and application installation on the primary drive and partition.
RAID-5 or better drives for storage of LEFs.
Set the screen resolution to 1024 x 768 or higher for optimal viewing.
Pay-Per-Use See Pay Per Use Considerations on page 45.
Verifying Required Software and Configurations - Single Machine
Configuration
Use this checklist to verify that you have the minimum required software requirements installed. Additional software and configuration may be required depending on your needs.
1. Check your operating system (Computer > Properties)
• Windows Server 2003 SP1 64-bit Enterprise
• Windows Server 2003 SP1 R2 64-bit Enterprise • Windows Server 2008 R2 64-bit Enterprise 2. Check your version of SQL Server
• Microsoft SQL Server 2008 • Microsoft SQL Server 2008 R2
• Microsoft SQL Server 2005 SP4
3. Verify that the following SQL Server packages are installed:
• Database Engine Services
• Reporting Services
• Management Tools (Complete)
4. Verify that PowerShell is configured correctly (see Configuring PowerShell on page 41) 5. Verify that the following are installed:
• Microsoft Office 2003, 2007 SP2, or 2010 including a full version of Outlook (required).
• Microsoft Excel 2003, 2007 SP2, or 2010 (required for Case Screening Reports) • PowerShell 2.0 or above (required to run the Database Utility tool)
• SQL CMD (required to run the Database Utility tool)
• Windows Installer 4.5
• Windows Imaging Component (WIC) must be installed to support Microsoft .NET 4, which is automatically installed if not present on the system.
− The WIC is available on all supported operating systems except Windows Server 2003. If you are installing the data service, examiner service, or Web components on Windows Server 2003, you must first install WIC. Please refer to Installing the .NET Framework at
http://msdn.microsoft.com/en-us/library/vstudio/5a4x27ek(v=vs.100).aspx.
• IIS (see Installing and Configuring IIS (Internet Information Server))
• MS DTC (see Installing MS DTC (Microsoft Distributed Transaction Coordinator))
− A firewall exception may be required.
6. Verify you have correct permissions configured (see Setting up Permissions - Single Machine Configuration)
Connectors software
You may also require some or all of the following software to support collection from third party document repositories:
IBM Lotus Notes Client v7, v8, and v8.5 (if collecting or processing Domino server or NSF emails).
For processing Documentum Repositories, the Documentum client v5.x, v6.6 must be installed (if using the Documentum connector).
Microsoft C++ runtime (CRT) if using OpenText Livelink (see the OpenText documentation for the specific version of the runtime required).
The Enterprise Vault API runtime application must be installed on any computer running the desktop client or the examiner service, using Enterprise Vault as a source. You can find this on the Symantec installation media. Double click the .msi file to install the application and accept all of the defaults. The examiner service machine must also point to the correct DNS Server when trying to connect to the Enterprise Vault server.
For processing OpenText Livelink Repositories, a download is needed for Open Text if the Microsoft C++ runtime (CRT) is not present on the system. If you attempt to create an Open Text definition without the CRT, Open Text does not display as an option in the Create New Source dialog box.
For processing Symantec Enterprise Vault Repositories:
• The examiner service machine and the Enterprise Vault servers must be on the same
domain.
• Connection is made using port 80 on the Enterprise Vault server; proxies are not
supported.
• The Enterprise Vault API runtime application must be installed on any computer running the desktop client or the examiner service, using Enterprise Vault as a source. You can find this on the Symantec installation media. Double click the .msi file to install the application and accept all of the defaults.
• If collecting an Exchange email or journal archive on the Vault server, Outlook must be installed on the examiner service machine, and be configured for an Exchange account.
• If collecting a Lotus Domino email or journal archive using a Vault 8 or 9 server, the Lotus
Notes client must be installed on the examiner service computer. To collect from SharePoint Online:
• All components of Microsoft .NET v3.5.1 SP1 (installed automatically on 32-bit machines) must be installed. For 64-bit machines use "Add Features" (for MS Server 2008 R2) or "Turn Features On or Off" (for Windows 7) to install.
• Collection from SharePoint Online is supported on Windows Server 2008 R2 only.
• The Windows Process Activation feature should be installed automatically. If prompted,
agree to the installation.
• Additional applications are required. See Connecting to SharePoint and SharePoint Online
Allocating Ports - Single Machine Configuration
The default port numbers used by the system are:
Component Port Web application 80 Data service 8080 Web API 8081 EnServer 8888 SSL enabling 443
SMTP receive connector on the
mail server 25
SMTP receive connector on the
mail server (using SSL) 465
SAFE 4445
SQL server 1443
Microsoft DTC 3372
Pay Per Use
Usage information is transported via SSL, which uses port 443 as the default. Thus, incoming and outgoing communication must be allowed for that port. If an organization uses a proxy server, then that server must be able to pass SSL client certificates.
Setting up Permissions - Single Machine Configuration
If it does not exist already, your Windows administrator must create a new domain user account with specific permissions for the EnServer service.
To import Active Directory custodians, the user must have Read permissions for Active Directory. The Active Directory user account must be able to:
Read/write to the user's own installation directory Read/write case folders
Read directories
Connectors permissions are covered in the specific connectors topics below. To change a user's permission:
1. Open Active Directory Administrative Overview. 2. Open Users.
3. Right click the selected user and use the options to add to another group or modify permissions.
Connecting to the database server
If the machine connects to SQL Server using Windows Authentication, then the user logged into the machine must:
Be trusted for delegation (the user's Active Directory administrator can enable delegation). Have read access to the Internal Output folder.
Additionally, the user through which the examiner service machine connects to the database must have Administer Bulk Operations permission.
Web server permissions
The computer must be part of an Active Directory domain. The EnServer service user account must:
Be part of an Active Directory domain.
Have permission to read data from and write data to all of the directories specified on the config page (localhost/config). This includes Web files, Temp, User Home, and DB Temp. Have read/write permissions to the C:\inetpub\EnCase Application\Web
Components\ECC Background Service\BackgroundService.exe.Config file. Have read/write permissions to the Web application's C:\inetpub\EnCase
Application\Web Components\ECC Background Service\web.config file.
Have the same database access permissions as the Examiner user (see Preparing the Examiner
Service Machine(s) on page 34).
Have permission to view Group Membership on Active Directory domains
The Domain User Account must have read permissions for the internal output folder and the job output folder of every collection and processing job. Each case has one internal output folder; however, the job output folder is different for each job.
Examiner service user permissions
The following are typical permissions required for successful collections:
Users must have local admin privileges to computers where the software will be installed. For UNC collections of network shares, the examiner service doing collections must have Read
permissions to the root storage directory for any user shares that will be collected for eDiscovery.
If servlet deployment will be inter-domain, inter-domain trusts must be available for access to the SAFE and examiner service machines.
If network shares are to be collected, parent folders must allow read access. For example, when collecting from \\server\share\folder, \\server\share must allow the examiner read access.
For processing a live Exchange server, the examiner service must have an Administrator account and a mailbox on the Exchange server that has been logged into at least once. The examiner service must have at least Receive As and Read Only Admin privileges to the Exchange server.
Shared folder and NTFS permissions required to collect from network shares are:
• Share permission: Read
• NTFS Permissions:
− Read and execute: Allow − List folder contents: Allow − Read: Allow
• Permissions shown in the permission entry table should be:
− Traverse folder/execute file: Allow − List folder/read data: Allow − Read attributes: Allow
− Read extended attributes: Allow − Read permission: Allow
For Lotus Domino server versions 8.5, 8.0 and 7.0:
• Read public documents • Write public documents • Replicate or copy documents
For Lotus Notes local NSF versions 8.5, 8.0, and 7.0:
• Guidance Software does not support switching between Multiple User and Single User
modes if you reinstall the Notes client on the examiner service computer(s). Because of how Lotus handles the .INI file, EnCase eDiscovery may not be able to connect to the Domino server after switching installation modes.
• EnCase eDiscovery collects the address books from the server. Set up users to back up
their personal address books on the server, if you want EnCase eDiscovery to collect them.
• To assure that collection results remain consistent, do not run an older version of the Lotus Notes client against a newer version of the Domino server or NSF archive file, as collection results can be inconsistent.
For processing Open Text Livelink, the examiner service must have proper credentials on the OpenText server.
For processing Documentum, the user account must have access to the document repository (be added to the repository database) to collect document files. Normal user privileges are adequate.
For processing SharePoint Repositories, the examiner service must have Administrator permissions on the SharePoint Repository.
To process Symantec Enterprise Vault and run a collection job against a Vault archive, the user must have Read permissions on that specific archive. Permissions on the Vault store or the Vault server are not sufficient.
Database server permissions
User access to the SQL databases must be established.
Users must have Active Directory domain user privileges as well as either:
• Authentication rights to the instance of the SQL database (if Windows authentication is
used), or
• Access to the SQL Server authentication credentials (if SQL Server authentication is used). The administrator creating the SQL databases must have at least the dbcreator server role. All database users must have at least the db_owner role. This is important to note if someone
other than the database creator is using the database.
The SQL Server service account must have read/write access to the default data, log, and backup directory locations.
Preparing the Web Server Component - Single Machine System
For the Web application to run:
IIS with ASP.NET 4.0 and Windows Authentication roles must be enabled The MS DTC component service must be enabled (see Installing MS DTC (Microsoft
Distributed Transaction Coordinator))
If .NET4 is already installed, navigate to IIS > ISAPI and CGI restrictions and confirm that ASP.NET 4.0 is allowed.
Before installing and configuring the Web server, deactivate any services or applications that use port 80. Port 80 is commonly used by Web services such as Microsoft Internet Information Services (IIS) or Apache. If you intend to use SSL certificates with the Web server, you also need to make sure there are no conflicts with port 443.
Although the Web server cannot share ports with these third party servers, it can run side-by-side with them as long as there is no port conflict. After you configure the Web server to remove any such conflicts, you can restart these servers.
Note: You can also override the port setting, and run the service on a non-privileged port (a port higher than 1024).
Be aware of your company's email delivery rules and policies. To prevent spam, your email server may be set to limit the number of email messages sent in an hour. If such settings are in place, your hold notifications will not be delivered. If you are sending legal hold notifications, make sure your mail server is set up to send your hold notifications successfully.
Preparing the Database Component - Single Machine System
If you are using SQL Server 2005, you must configure it for TCP/IP (SQL Server 2005 is not configured for TCP/IP on initial installation).
Make sure SQL Server is installed with the collation setting default of SQL_Latin1_General_CP1_CI_AS or Latin1_General_CI_AS.
• Both server and database must have the same collation settings for database tables to be
created.
• If this default setting is changed, databases cannot be created.
The databases must be configured to be case insensitive. This is usually the default setting.
Configure the server firewall to allow inbound and outbound data connections through TCP ports 80 and 1433.
• If the firewall ports are incorrectly configured, testing the connection to the global
database fails.
• In Windows Server 2003 and Windows Server 2008:
− Navigate to Control Panel > Windows Firewall > Advanced Settings > Inbound Rules.
− Click New Rule and follow the prompts to create inbound rules for TCP ports 80 and 1433.
− Select Control Panel > System and Security > Windows Firewall > Create New Rule > Inbound Rules > Action to Allow the Connection.
− Select Control Panel > System and Security > Windows Firewall > Inbound Rules > Name to name the rule.
Make sure the following options are installed in your SQL database: database engine services, reporting services, management tools - basic (see Preparing the SQL Server on page 25).
Collecting Email and Document Archives - Single Machine System
To search electronic mail, the machine must have the same mail client software (Microsoft Outlook or Lotus Notes) installed. The version of the mail client must match that of the mail server to be searched. See Connecting to Email and Document Repositories on page 103.
To search Documentum and Symantec Enterprise Vault document servers, the machine must have the respective client or runtime installed.
OpenText Livelink and SharePoint do not require any additional client-side installation.
SharePoint Online is supported on Windows 7, Vista SP2 or higher, Windows Server 2008 SP2, and Windows Server 2008 R2 operating systems. It is not supported on Windows XP, Windows 2003, Windows Server 2003 R2, or Windows Server 2008 operating systems.
Preparing System Components on Multiple Machines
If you are using multiple machines in your setup, the following configurations and permissions are required for each machine.
For further information, you may also want to refer to the system requirements listed under Preparing
the Single Machine System on page 15.
Preparing the Database Server
The database server houses the global and case databases. The desktop client, the web server, and the examiner service machines must all be able to communicate with the database server.
For optimal performance, Guidance Software recommends that the database server be installed on a separate computer from the other product components.
Configuration—Database Server
Class Server
Operating System Windows 2003 (64-bit)
Windows 2003 R2 (64-bit)
Windows 2008 (64-bit)
Windows 2008 R2 (64-bit)
Windows 2003 Server R2 (64-bit)
Windows 2008 Server R2 (64-bit)
Processor (CPU) Intel® Dual-Core (e.g., Intel® Core 2 Duo®)
AMD Phenom™
Memory (RAM) 8 GB or more
Hard Drive Capacity 250 GB or more with > 1 GB available
Hard Drive Speed 7,200 RPM or more
Configuration—Database Server
Software Microsoft SQL Server 2008
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2005 SP4
PowerShell 2.0 or above is required to run the Database Utility tool. SQL CMD must be installed to run the Database Utility tool.
Windows Imaging Component (WIC) must be installed to support
Microsoft .NET 4, which is automatically installed if not present on the system. The WIC is available on all supported operating systems except Windows Server 2003. If you are installing the data service, examiner service, or Web components on Windows Server 2003, you must first install WIC. Please refer to Installing the .NET Framework at
http://msdn.microsoft.com/en-us/library/vstudio/5a4x27ek(v=vs.100).aspx.
Hardware Guidance Software recommends using a separate, dedicated computer for the
database server.
SQL Packages Database Engine Services
Reporting Services
Management Tools (Complete)
Restrictions The system administrator or database administrator must ensure
appropriate database access for users, and make sure passwords are saved or stored accordingly so that users can connect.
System time on the database server and on the examiner service machine(s) must be synchronized. Times are converted to GMT. Jobs will not execute properly if the times are not synchronized.
Pre-installation checklist
Before you begin:
If you are using SQL Server 2005, you must configure it for TCP/IP (it is not configured for TCP/IP on initial installation).
Make sure the SQL server is installed with the collation setting default of SQL_Latin1_General_CP1_CI_AS or Latin1_General_CI_AS.
• Both server and database must have the same collation settings for database tables to be created.
• If this default setting is changed, databases cannot be created. User access to the SQL databases must be established.
Users must have Active Directory domain user privileges as well as either:
• Authentication rights to the instance of the SQL database (if Windows authentication is
used), or
• Access to the SQL Server authentication credentials (if SQL Server authentication is used). The administrator creating the SQL databases must have at least the dbcreator server role. All database users must have at least the db_owner role. This is important to note if someone
other than the database creator is using the database.
The SQL Server service account must have read/write access to the default data, log, and backup directory locations.
Configure the server firewall to allow inbound and outbound data connections through TCP ports 80 and 1433.
• If the firewall ports are incorrectly configured, testing the connection to the global
database fails.
• In Windows Server 2003 and Windows Server 2008:
− Use Control Panel >System and Security > Windows Firewall > Inbound Rules > Protocol and Ports settings to create inbound rules for TCP ports 80 and 1433. − Select Control Panel > System and Security > Windows Firewall > Inbound Rules
> Action to Allow the Connection.
− Select Control Panel > System and Security > Windows Firewall > Inbound Rules > Name to name the rule.
Post-Installation Requirement
It is important that the SQL Service Master Key be backed up and stored in a secure location before utilizing the SQL Instance.
To accomplish this, please work with your SQL database administrator or run the following commands in MS SQL Management Studio.
BACKUP SERVICE MASTER KEY TO FILE = 'E:\ECC_Data\servicemaster.key' ENCRYPTION BY PASSWORD = '[Password]'
GO
Note: replace [Password] with a value (in single quotes) that meets your company's password
complexity requirements.
Store the small key file and password in a secure location. Guidance Software recommends storing secure information and other configuration information together to ease the process of database troubleshooting.
Note: Transparent Data Encryption is used to encrypt the case database connection strings. For more information on this
feature of MS SQL, see http://msdn.microsoft.com/en-us/library/bb934049.aspx
Preparing the SQL Server
Make sure the following options are selected in your installed SQL database: Database engine services
Reporting services
Management Tools - Basic
Whether you are using Windows Authentication or Mixed Mode, make sure the account has Active Directory access.
To configure the SQL server:
1. Create a domain user account to use as a service account for SQL (i.e. ACME\sql.svcacct). This account can have Deny log on locally enabled in Active Directory if required.
2. Set the SQL Server Agent to Automatic Startup.
3. Click the Use the same account for all SQL Server services button and enter the SQL service account credentials for the account you just created.
4. In the Collation tab, make sure the SQL server is installed with the collation setting default of SQL_Latin1_General_CP1_CI_AS or Latin1_General_CI_AS.
• Both server and database must have the same collation settings for database tables to be created.
• If this default setting is changed, databases cannot be created. 5. Click Next. The Database Engine Configuration dialog displays.
• Windows authentication mode creates a sa account for SQL Server Authentication and
disables it, forcing the use of only the Windows Authentication. Windows authentication confirms the user's identity through Windows, and is much more secure than SQL Server Authentication. Guidance Software recommends using Windows Authentication mode.
• Mixed Mode (recommended) enables you to use Windows Authentication and SQL server
authentication. If you choose this option, you must provide and then confirm a strong password for the system administrator (sa) account.
• A password for the system administrator (sa) account is recommended, but not required.
6. Click Next.
7. Select Install the native mode default configuration.
8. The installation takes 30-45 minutes. Once complete, log into the SQL Server Management Studio.
Preparing the EnCase SAFE
The EnCase SAFE component is used to store the licensing and public keys for the product. Check the current Release Notes for the version number of the EnCase SAFE that is compatible with your version.
Configuration—EnCase SAFE
Class Desktop or server class hardware (64-bit)
Operating System Windows 7
Windows 2003 Server - SP2 (64-bit) Windows 2003 Server R2 - SP2 (64-bit)
Windows 2008 (64-bit)
Windows 2008 R2 (64-bit)
Windows XP Professional - SP2 (64-bit)
Processor (CPU) Intel® Dual-Core (e.g., Intel® Core 2 Duo®)
AMD Phenom™
Memory (RAM) 2 GB or more
Hard Drive Capacity 40 GB - Storage required is minimal
Configuration—EnCase SAFE Network
Configuration
Gigabit Ethernet (GbE)
VMware You can run a primary SAFE in a VM environment in EnCase versions prior to
Version 7.05 Examiner/Version 7d SAFE, providing the physical license key is plugged into a physical USB port on the machine hosting the virtual machine, and the physical USB port is passed through to the virtual machine exclusively. The electronic licensing available in Version 7.05 Examiner/Version 7d SAFE and later eliminates the need for a physical license key in both physical machines or in machines running in VMs.
You can also operate a secondary SAFE machine using Network Authentication Server (NAS).
Support is provided for running the examiner and secondary SAFE on VMware and Boot Camp as follows:
VMware Workstation 6.5
VMware Workstation 7.0
VMware Server 1.1 (GSX)
VMware vSphere 4.0 ESXi
Boot Camp v2.0
Boot Camp v3.0
Preinstallation checklist
Before you begin, make sure:
The SAFE computer is available over the network through Remote Desktop Connection with /admin and /console access by the installers.
You have local admin rights to the SAFE computer.
The security key drivers have been loaded on the SAFE computer and the SAFE security key is inserted into a USB port on the computer.
Note: The SAFE computer must have a dedicated USB port.
Host-based firewall is off or set to allow TCP connections to the SAFE process. The default value for the TCP port is 4445.
Preparing the Web Server
The Web server is required for all components to function.
Before you begin
Confirm that the Web Server machine is part of a domain and that the user account is a member of that domain.
Make sure the domain account has sufficient Read/Write permissions for accessing SQL. Confirm that ASP.NET and Windows Authentication Roles are installed by right clicking on
My Computer > Manage > Roles and verifying that ASP.NET and Windows Authentication are listed.
If .NET4 is already installed, navigate to IIS > ISAPI and CGI restrictions and confirm that ASP.NET 4.0 is allowed.
Configuration—Web Server
Class Server class hardware (64-bit)
Operating Systems Windows Server 2003 SP1 64-bit Enterprise
Windows Server 2003 SP1 R2 64-bit Enterprise Windows Server 2008 SP1 64-bit Enterprise Windows Server 2008 R2 64-bit Enterprise
Processor (CPU) Intel Quad-Core (for example, Intel Core 2 Quad)
AMD Opteron
Memory (RAM) 8 GB or greater ( >16 GB preferred)
Hard Drive Capacity 250 GB or greater with > 1 GB available
Hard Drive Speed 7,200 RPM (10,000 RPM or faster preferred)
Network Configuration Gigabit Ethernet (GbE)
The Web Server must be part of an Active Directory domain.
Restrictions Intel Itanium processors are not supported.
A dedicated, unshared USB port must be present unless the Examiner license is acquired using the Network Authentication Server (NAS).
Recommendations The Web server performance is optimized for 64-bit hardware.
Use fault-tolerant drives and or fault-tolerant power supplies to reduce the possibility of outages or data loss.
Optimize Web server performance by storing index files locally. For optimal performance, store the merged, index file on the
Web server.
Additional Software Microsoft Excel 2003, 2007 SP2, or 2010 (required for Case
Screening Reports) Windows Installer 4.5
IIS (see Installing and Configuring IIS (Internet Information Server))
MS DTC (see Installing MS DTC (Microsoft Distributed Transaction Coordinator))
Windows Imaging Component (WIC) must be installed to
support Microsoft .NET 4, which is automatically installed if not present on the system. The WIC is available on all supported operating systems except Windows Server 2003. If you are installing the data service, examiner service, or Web components on Windows Server 2003, you must first install WIC. Please refer to Installing the .NET Framework at
http://msdn.microsoft.com/en-us/library/vstudio/5a4x27ek(v=vs.100).aspx.
Network Ports
TCP Port 4445 is available for connectivity throughout the enterprise network. Port 8888 must be available; if SSL will be used, port 443 must be available.
Permissions
If it does not exist already, your Windows administrator must create a new domain user account with specific permissions for the EnServer service. The EnServer service is Guidance Software's proprietary Web server and is used to running certain functionality. The EnServer requires separate configuration from the Web application.
The EnServer service user account must: Be part of an Active Directory domain.
Have permission to read data from and write data to all of the directories specified on the config page (localhost/config). This includes Web files, Temp, User Home, and DB Temp. Have read/write permissions to the C:\inetpub\EnCase Application\Web
Components\ECC Background Service\BackgroundService.exe.Config file. Have read/write permissions to the Web application's C:\inetpub\EnCase
Application\Web Components\ECC Background Service\web.config file.
Have the same database access permissions as the Examiner user (see Preparing the Examiner
Service Machine(s) on page 34).
Have permission to view Group Membership on Active Directory domains
The Domain User Account must have read permissions for the internal output folder and the job output folder of every collection and processing job. Each case has one internal output folder; however, the job output folder is different for each job.
Be aware of your company's email delivery rules and policies. To prevent spam, your email sever may be set to limit the number of email messages sent in an hour. If such settings are in place, your hold notifications will not be delivered. Make sure your mail server is set up to send your hold notifications successfully.
Prior to installation
To run the Web server, the computer on which it is installed must be added to an Active Directory domain.
The Web server's temp directories should point to the following path: ..\Program Files\EnCase Applications\Temp
The domain user that the service is running under must have Full Control permissions in the following directories:
..\Program Files\EnCase Applications\Temp ..\Program Files\EnCase Applications\Storage For the Web server to run:
Confirm that ASP.NET and Windows Authentication Roles are installed by right clicking on My Computer > Manage > Roles and verifying that ASP.NET and Windows Authentication are listed as installed under Role Services.
The MS DTC component service must be enabled (see Installing MS DTC (Microsoft Distributed Transaction Coordinator)).
MS DTC must be configured to enable both inbound and outbound connections. A firewall exception may be required.
Before installing and configuring the Web server, deactivate any services or applications that use port 80. Port 80 is commonly used by Web services such as Microsoft Internet Information Services (IIS) or Apache. If you intend to use SSL certificates with the Web server, you also need to make sure there are no conflicts with port 443.
Although the Web server cannot share ports with these third party servers, it can run side-by-side with them as long as there is no port conflict. After you configure the Web server to remove any such conflicts, you can restart these servers.
Note: You can also override the port setting, and run the service on a non-privileged port (a port higher than 1024).
Preparing the Desktop Client
The desktop client component is the Windows-based interface that enables the user to define cases, set up jobs, and define values for sources, custodians, and targets.
Configuration— Desktop Client
Class Desktop or server class hardware (64-bit)
Operating Systems Windows XP Professional SP3 64-bit, 32-bit
Windows 7 SP1 64-bit, 32-bit
Windows Server 2003 SP1 64-bit, 32-bit Standard, Enterprise
Windows Server 2003 R2 64-bit, 32-bit Standard, Enterprise
Windows Server 2008 SP1 64-bit, 32-bit Standard, Enterprise
Windows Server 2008 R2 64-bit Standard, Enterprise
Processor (CPU) Intel Quad-Core (for example, Intel Core 2 Quad)
AMD Opteron
Memory (RAM) 8 GB or greater ( >16 GB preferred)
Hard Drive Capacity 250 GB or greater with > 1 GB available
The amount of disk storage required is dependent upon the size of the original source data to be processed and which processing options are selected. A general guideline is to allow for 10 times the original data size.
If you use the desktop machine for output file storage, you need to allocate sufficient space. For five jobs running concurrently, the minimum amount of storage for temporary files is approximately 25 GB; however, Guidance Software recommends allocating 50 GB of output file storage.
Hard Drive Speed 7,200 RPM (10,000 RPM or faster preferred)
Number of Hard Drives Recommended Three (Application, Temp, and LEF files should reside on
separate physical drives)
Configuration— Desktop Client
Restrictions Collection from SharePoint Online is supported on
Windows 7, Windows Vista SP2 or higher, and Windows Server 2008 R2 only.
System time on the database server and on the Examiner computer(s) must be synchronized. Times are converted to GMT. Jobs will not execute properly if the times are not synchronized. Intel Itanium processors are not supported. A dedicated, unshared USB port must be present,
unless the Examiner license is acquired using the Network Authentication Server (NAS).
When using Outlook 2010, always use the 32-bit version, even if running on a 64-bit operating system.
The following files must reside in the same folder as the standalone Criteria Wizard
(CriteriaWizard.exe): WPFToolkit.dll, DocumentFormat.OpenXml.dll; Settings.xml
Recommendations Guidance Software recommends using
Fault tolerant drives and/or power supply to reduce outages or data loss.
Mirrored operating system and application installation on the primary drive and partition. RAID-5 or better drives for storage of LEFs. Set the screen resolution to 1024 x 768 or higher for optimal viewing.
Configuration— Desktop Client
Additional Software IBM Lotus Notes Client v7, v8, and v8.5 (if
collecting or processing Domino server or NSF emails).
Documentum client v5.x, v6.6 (if using the Documentum connector).
Microsoft Office 2003, 2007 SP2, or 2010 including a full version of Outlook (required).
Microsoft C++ runtime (CRT) if using OpenText Livelink (see the OpenText documentation for the specific version of the runtime required).
The Enterprise Vault API runtime application must be installed on any computer running the desktop client or the examiner service, using Enterprise Vault as a source. You can find this on the Symantec installation media. Double click the .msi file to install the application and accept all of the defaults. To run the criteria wizard either as a standalone
application or from within the product, you must have Microsoft .NET 3.5 SP1 installed; this framework is automatically installed. To collect from SharePoint Online:
All components of Microsoft .NET v3.5.1 SP1 (installed automatically on 32-bit machines) must be installed. For 64-bit machines use "Add Features" (for MS Server 2008 R2) or "Turn Features On or Off" (for Windows 7) to install.
The Windows Process Activation feature should be installed automatically. If prompted, agree to the installation.
Additional applications are required. See Connecting to SharePoint and SharePoint Online Repositories, section below.
Pay-Per-Use EnCase eDiscovery Pay-Per-Use has the same
system requirements as listed above, but at least one examiner service machine needs to have an internet connection relaying usage information to and receive a usage token from Guidance Software. Usage information is transported via SSL, which
uses port 443 as the default. Thus, incoming and outgoing communication must be allowed for that port. If an organization uses a proxy server, then that server must be able to pass SSL client certificates.
Prior to installation
Although most temp files are stored in a temporary folder by job, a few are stored in the user's global temp folder. Confirm that this Temp folder (typically C:\Users\[UserID]\Local\Temp is not located in the user's directory.
Preparing the Examiner Service Machine(s)
The examiner services machine performs all data collection and processing activities. The Examiner service must be able to communicate both with the sources where data will be searched and with all databases.
Multiple examiner service machines may be installed and configured to connect to the same data service and databases.
Guidance Software strongly recommends that all examiner service machines be configured with the same operating system, software, and settings.
Before you begin installation, make sure:
The computer running an examiner service machine is available over the network through Remote Desktop Connection with /admin and /console access.
You have local admin rights to the examiner service machine.
If you are not using a NAS license for the computer(s) running an examiner service machine, and do not have physical access to the computer(s) on-site, ensure that the security key drivers are loaded on each examiner service machine, and that the examiner service dongle is inserted into one of each computer’s USB ports.
The host-based firewall is set to allow TCP port 4445 for connections. The data service is functioning and ready.
• Additionally, if Windows authentication is enabled, ensure that the examiner service
account being used is authorized to access the data service. This enables the data service to start immediately after the setup is completed.
Configuration—Examiner Service Machine
Class Desktop or Server class hardware (64-bit)
Operating Systems Windows XP Professional SP3 64-bit
Windows 7 SP1 64-bit
Windows Server 2003 SP1 64-bit Standard, Enterprise Windows Server 2003 R2 64-bit Standard, Enterprise Windows Server 2008 SP1 64-bit Standard, Enterprise Windows Server 2008 R2 64-bit Standard, Enterprise
Processor (CPU) Intel® Quad-Core (e.g., Intel® Xeon®)
For machines doing heavy OCR processing, Guidance Software recommends a minimum of two or more hyperthreaded multi-core processors. Four or more cores per processor are preferable.
Memory (RAM) 16 GB or more (48 GB recommended)
1 additional GB of RAM per thread is recommended to process OCR. For most users, this translates to an extra 5 GB of RAM per running examiner service.
Hard Drive Capacity 500 GB or more with > 2.5 GB available on the drive where the operating system
is installed. An additional 3 GB of free space is needed for the examiner service, whether it is installed on the C: drive or any secondary drive or partition. The amount of disk storage required after installation depends upon the size of the original source data to be processed and the processing options selected. As a general guideline, allow enough storage for 10 times the original data size.
Configuration—Examiner Service Machine
Hard Drive Speed 7,200 RPM (10,000 RPM or faster preferred)
Number of Hard Drives Recommended
For best performance, three hard drives are recommended: an application drive, a temp drive, and a separate drive for LEF files
Network Configuration Gigabit Ethernet (GbE)
Restrictions Intel® Itanium processors not supported
A dedicated, unshared USB port must be present, unless the Examiner license is acquired using Network Authentication Server (NAS) Port 80, or 443 for SSL, must be available on this machine
VMware The examiner service can be run using VMWare and Boot Camp as follows:
WMware Workstation 6.5
WMware Workstation 7.0
VMware Server 1.1 (GSX)
VMware vSphere 4.0 ESXi
Boot Camp v2.0
Configuration—Examiner Service Machine
Additional Software IBM Lotus Notes Client v7 v8, v8.5 (if collecting or processing Domino
server or NSF emails).
Microsoft Office 2003, 2007 SP2, or 2010 including a full version of Outlook and Excel (required)
Microsoft SQL Server 2008 or Microsoft SQL Server 2005 administration software.
Windows Imaging Component (WIC) must be installed to support
Microsoft .NET 4, which is automatically installed if not present on the system. The WIC is available on all supported operating systems except Windows Server 2003. If you are installing the data service, examiner service, or Web components on Windows Server 2003, you must first install WIC. Please refer to Installing the .NET Framework at
http://msdn.microsoft.com/en-us/library/vstudio/5a4x27ek(v=vs.100).aspx.
For processing OpenText Livelink Repositories, a download is needed for Open Text if the Microsoft C++ runtime (CRT) is not present on the system. If you attempt to create an Open Text definition without the CRT, Open Text does not display as an option in the Create New Source dialog box.
For processing Documentum Repositories, the Documentum client must be installed.
For processing Symantec Enterprise Vault Repositories:
The examiner service machine and the Enterprise Vault servers must be on the same domain.
The examiner service machine must also point to the correct DNS Server when trying to connect to the Enterprise Vault server. Connection is made using port 80; proxies are not supported. The Enterprise Vault API runtime application must be installed on any
computer running the desktop client or the examiner service, using Enterprise Vault as a source. You can find this on the Symantec installation media. Double click the .msi file to install the application and accept all of the defaults.
If collecting an Exchange email or journal archive on the Vault server, Outlook must be installed on the examiner service machine, and be configured for an Exchange account.
If collecting a Lotus Domino email or journal archive using a Vault 8 or 9 server, the Lotus Notes client must be installed on the examiner service computer.
To collect from SharePoint Online:
All components of Microsoft .NET v3.5.1 SP1 (installed automatically on 32-bit machines) must be installed. For 64-bit machines use "Add Features" (for MS Server 2008 R2) or "Turn Features On or Off" (for Windows 7) to install.
Collection from SharePoint Online is supported on Windows 7, Windows Vista SP2 or higher, and Windows Server 2008 R2 only. The Windows Process Activation feature should be installed
automatically. If prompted, agree to the installation.
Additional applications are required. See Connecting to SharePoint and SharePoint Online Repositories.