FILE ARCHIVAL USING SYMANTEC ENTERPRISE VAULT WITH EMC ISILON

Best Practices Guide FILE ARCHIVAL USING SYMANTEC ENTERPRISE VAULT WITH EMC ISILON Abstract This white paper outlines best practices for deploying EMC Isilon OneFS scale-out storage with Symantec Enterprise Vault. EMC Isilon OneFS seamlessly integrates with Enterprise Vault to provide a flexible and scalable archive solution that supports both WORM and non-worm storage options. January 2014

Copyright 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided as is. EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. EMC 2, EMC, the EMC logo, Centera, Isilon, OneFS, and SmartLock are registered trademarks or trademarks of EMC Corporation in the United States and other countries. All other trademarks used herein are the property of their respective owners. Part Number H12396.1 File Archival Using Symantec Enterprise Vault with EMC Isilon 2

Table of Contents Executive summary... 4 Audience... 4 Terminology... 4 Solution components... 4 Architecture overview... 5 Best practices... 6 Networking... 6 Basic... 6 Advanced... 9 Performance... 10 Basic... 10 Advanced... 11 Retention policy and WORM... 11 Basic... 11 Configuration... 11 Configuration overview... 11 Isilon Storage platform configuration... 12 Basic... 12 Advanced... 13 Symantec Enterprise Vault configuration... 15 Basic... 15 Advanced... 23 Troubleshooting... 30 Verify SmartLock directory settings... 30 Identify SmartLock directories... 30 Display SmartLock directory WORM information... 31 Investigating failed services... 31 Enterprise Vault Storage service will not start... 31 Enterprise Vault Service account permissions... 32 Files not being converted to shortcuts with data on the Isilon cluster acting as a file server... 32 About EMC... 33 File Archival Using Symantec Enterprise Vault with EMC Isilon 3

Executive summary EMC Isilon OneFS scale-out storage seamlessly integrates with Symantec Enterprise Vault TM to provide a flexible and scalable archive solution that supports both write once, read many (WORM) and non-worm storage options. This document describes the best practices and solution-specific configuration steps for deployment of this solution. Best practices are presented for both basic and advanced deployments. Basic best practices should be used for quick, easy, and straightforward deployments and use the minimum settings to get started. The advanced best practices identify opportunities to configure the system for performance, scalability, or highly secure environments that require a more optimized deployment model. Advanced best practices require a high level of knowledge, support, and time to plan the deployment of all the components in advance. Throughout this document, product version specific information is indicated in parentheses to indicate which components or versions the best practice is applicable or relevant to. Audience This document is intended for administrators who will deploy and configure EMC Isilon OneFS with Symantec Enterprise Vault. The assumed level of technical knowledge is high for the devices and technologies described in this document. Terminology The abbreviations used in this document are summarized in Table 1. Abbreviation DB DFS EV MSSQL VSA WORM Description Database Microsoft Distributed File System Symantec Enterprise Vault Microsoft SQL Server Vault Service Account write once, read many Table 1. Abbreviations Solution components The following solution components are described in this document: Symantec Enterprise Vault V9.0 (9.0.5 and later) and EMC Isilon OneFS v7.0 Symantec Enterprise Vault V10.0 (10.0.4 and later) and EMC Isilon OneFS v7.0 The Enterprise Vault Compatibility List can be found at www.symantec.com/docs/tech38537. File Archival Using Symantec Enterprise Vault with EMC Isilon 4

Architecture overview An overview of the logical and physical architecture for a Symantec Enterprise Vault and EMC Isilon OneFS scale-out storage deployment is provided in Figures 1 and 2. Figure 1. Logical architecture overview File Archival Using Symantec Enterprise Vault with EMC Isilon 5

Figure 2. Physical architecture overview Best practices Networking Basic Firewall The following list of TCP ports must be open between the Enterprise Vault server and its endpoints: Enterprise Vault to Domain Controller - 445 Enterprise Vault to SQL - 1433 Client to Enterprise Vault - 80, 443 and 135 Enterprise Vault to Vault Store - 135 Enterprise Vault to File Servers - 135 Permissions The Enterprise Vault server Vault Service Account (or VSA) requires adequate permissions to read and write to file servers and the vault store. File Archival Using Symantec Enterprise Vault with EMC Isilon 6

The following information is from Symantec: The single most important account in Enterprise Vault is the Vault Service Account (VSA). This account is primarily responsible for running the multiple services and tasks on the Enterprise Vault server, but it also has several other responsibilities and requirements. Enterprise Vault s archiving tasks operate as this account when evaluating archivable items, copying them into the archive, and replacing the items with shortcuts or placeholders in their original location; therefore, broadly speaking, the VSA requires full (read/write) access to all sources from which items are to be archived (these sources are known as Targets ). Target Archived Windows file server share target Minimum VSA permissions Pre-Enterprise Vault 10.0.3: Local Administrator Enterprise Vault 10.0.3 and later: Local Print Operators Group Target volume/vault Store Full Control Table 2. VSA requirements on Windows file servers File Archival Using Symantec Enterprise Vault with EMC Isilon 7

VSA requirements on Enterprise Vault servers The VSA must belong to the Local Administrators group on all Enterprise Vault servers (even if they run only a subset of the services, such as dedicated storage or indexing servers). VSA users should be granted the following rights on the Enterprise Vault server: Log on as a service Act as part of the operating system Debug programs Replace a process-level token Log on as a batch job The Enterprise Vault installation process automatically grants these rights during installation; however, ensure that these have been maintained in the event that some modifications have been made to the server or an Active Directory Group Policy is configured to limit these rights. VSA requirement in Active Directory The VSA must be a dedicated Active Directory account with password expiration disabled. Do not reuse one of the built-in Windows accounts (Administrator, Guest, and so on) for the VSA. Ensure that this account has sufficient privileges on the Isilon targets intended to be the file servers and Vault Stores. Complete information about this requirement is available at www.symantec.com/business/support/index?page=content&id=tech76700. Bandwidth As a rule of thumb, the more bandwidth available between services, the greater the potential for performance. Other factors account for overall performance; however, bandwidth can be an important component. For a single Enterprise Vault server connected to a cluster of Isilon nodes, a Gigabit Ethernet connection is sufficient for most deployments. Under most conditions, an Isilon cluster dedicated for archiving will not require highbandwidth connections from all nodes in the cluster. This is because the archive processing is heavily CPU limited versus network bandwidth limited to achieve highperformance archiving throughput. The following are recommendations for a cost-effective network connection from an Isilon cluster for archiving: Connect at least two different nodes in the cluster to two different Ethernet switches to avoid a single point of failure. Note that the remaining nodes in the cluster do not require a connection to the network to process archiving data because the Isilon cluster itself provides complete utilization via the InfiniBand connection. This means that all nodes in the cluster are utilized for archiving, but only two are connected to the network and receive data from Enterprise Vault. This architecture minimizes costs by connecting the smallest number of nodes to the network. File Archival Using Symantec Enterprise Vault with EMC Isilon 8

In order to achieve node-to-network redundancy, Microsoft Distributed File System (DFS) can be used to fail over Enterprise Vault access to the Isilon cluster. Latency In this solution, the Enterprise Vault server reads files marked archived from file servers and then writes those files to the Isilon cluster. Once written, the files on the file server are replaced by shortcuts. These shortcuts point to a running web server on the Enterprise Vault server, which in turn reads the files from the Isilon cluster and serves these files to connected clients. Application performance is directly tied to the latency between the Enterprise Vault server and the Isilon cluster. It is recommended that no more than a 25 ms latency exist between the Enterprise Vault server and the Isilon cluster. Performance could be seriously limited if this latency is greater than 50 ms. Advanced Firewall Server Destination ports Comments Microsoft Exchange Server 135 for RPC; 80 and 443 for OWA Enterprise Vault Domino Gateway 8080 TCP for HTTP, 443 TCP for HTTPS, 1352 TCP for Notes RPC Domino mail server 1352 TCP for Notes RPC Lotus Notes RPC discovery (DCOM); the returned port numbers to use will be above 1024 TCP Domino Web Access (DWA), Lotus Notes NTFS file server 139 TCP, 445 TCP CIFS and Microsoft DS Enterprise Vault web server 80 TCP for HTTP, 443 TCP for HTTPS SQL Server 1433 TCP Microsoft SQL EMC Centera 3218 Enterprise Vault server Table 3. Advanced firewall 135 TCP, 2101, 2103, 2105 RPC for MSMQ, 1801 UDP, 3527 UDP and TCP; 5114 (Enterprise Vault 10.0 and later) Client access and web search RPC discovery is port 135 (DCOM); the returned port numbers to use will be above 1024 TCP; ports 2101, 2103, and 2105 are incremented by 11 if the initial choice is in use when Message Queuing initializes; port 5114 is the official Enterprise Vault services port For a complete list of firewall ports, see www.symantec.com/business/support/index?page=content&id=howto75003. File Archival Using Symantec Enterprise Vault with EMC Isilon 9

Bandwidth 10 GbE connections should be considered for deployments where there are more than two archiving servers within the Enterprise Vault deployment. For smaller deployments, 1 GbE connections to the network are adequate to handle the archive bandwidth from a single archiving server. This recommendation applies only to Isilon clusters that are dedicated to the archive function. Performance Basic Enterprise Vault server configuration (Enterprise Vault V9.0 and V10.0) The minimum recommended configuration for this solution is a Gigabit Ethernet Quad Core Intel Xeon processor based server with 8 GB RAM for Enterprise Vault with one Gigabit Ethernet interface connected to a 4-node Isilon cluster. Operating system EMC Isilon recommends the Windows 2008 R2 (64 bit) operating system. The advantage of a 64-Bit operating system is the operating system s ability to address greater amounts of RAM. This is especially advantageous if many concurrent searches are expected. Also, Windows 2008 supports Server Message Block (SMB) v2. Symantec notes the following: Windows 2008 introduces version 2 of the Server Message Block (SMB) protocol. The practical effect is that files are copied faster between Windows 2008 servers. The transfer speed is not generally an issue when ingesting data, but retrievals may be faster. This will be especially apparent during bulk retrievals where transfer rates may be up to 50% faster between Windows 2008 servers. Processor In general, the more powerful the processor, the greater the Enterprise Vault archiving and retrieval rates. Quad-core processors are recommended for Enterprise Vault because the software makes good use of multicore processors. Enterprise Vault compresses data before committing to archive, raising the importance of the processor in overall system performance. During intense Enterprise Vault performance testing it was found that Enterprise Vault was capable of saturating a 2.0 GHz Quad Core Intel E5504 Xeon processor to 100 percent utilization. With Enterprise Vault, there is no benefit to enabling hyper-threading. Symantec makes the following basic recommendations: Quad Core Intel Xeon Class Processor and 64-/32-bit operating. Memory Symantec recommends 4 GB of memory for Enterprise Vault application. The /3 GB OS boot flag must not be used because this can result in the system running out of system page table entries. Deploying Enterprise Vault V10.0 on VMware File Archival Using Symantec Enterprise Vault with EMC Isilon 10

Enterprise Vault V10.0 may be deployed on a virtual machine. The following virtual machine resources are recommended: vcpu: 8 cores Memory: 16 GB Network The network is used by Enterprise Vault to: Read files for archive Write compressed archived files to vault targets Retrieve and serve accessed archive files Read/write to an index storage medium Access SQL databases and network services As mentioned in the processor section, data is compressed before it is committed to an archive, which reduces the amount of bandwidth required. Storage To optimize the performance of Enterprise Vault, it is recommended that users store Enterprise Vault indexes on separate disks from the software s installation and the disks containing data to be archived. For example, if Enterprise Vault is installed on the C:\ drive and data to be archived (Enterprise Vault volume) is stored on the E:\ drive, the recommendation is that the Enterprise Vault indexes be stored on a separate drive, for example, the F:\ drive. Advanced More information can be found in the Enterprise Vault Performance Guide at www.symantec.com/business/support/index?page=content&id=doc2817. Retention policy and WORM Basic Enterprise Vault is the master for determining retention policy of archived objects. In this case, the Isilon OneFS default retention setting should be set to match the Enterprise Vault retention policy. The retention policy should be configured according to corporate policy. Configuration Configuration overview Figure 5 provides an overview of the configuration steps for a Symantec Enterprise Vault and Isilon OneFS deployment. The sections that follow provide guidance on best practices or required settings for each step, where applicable. File Archival Using Symantec Enterprise Vault with EMC Isilon 11

Figure 3. Symantec Enterprise Vault and Isilon OneFS configuration workflow Isilon Storage platform configuration Basic Create SmartLock directory Partition naming In a typical management scenario, it is common to have the Enterprise Vault application data managed by a different IT group than the storage systems, such as the Isilon cluster. In addition, the IT group responsible for Enterprise Vault management may not have access to the Isilon cluster s root user and CLI to configure WORM features or verify the settings. To ensure a simplified workflow between groups that manage different aspects of the system, the recommended best practice, when creating WORM- or non-worm enabled archive partitions on the Isilon cluster, is to create a naming convention for UNC paths (for example, \\name\worm File Archival Using Symantec Enterprise Vault with EMC Isilon 12

and \\name\non-worm). In this way, the storage type for partitions created in Enterprise Vault can simply be based on the UNC name. Create SmartLock (WORM) directory OneFS can operate in either the default EMC Isilon SmartLock mode, or it can be upgraded during the initial cluster configuration process to SmartLock Compliance mode for SEC 17a-4 compliance. The operation mode controls not only how SmartLock directories function, but also how the cluster can be accessed by users. To upgrade a cluster to SmartLock Compliance mode after the initial cluster configuration process, contact Isilon Technical Support. Note that SmartLock Compliance mode is not compatible with Isilon for vcenter, or the vstorage for Storage Awareness (VASA) or vstorage APIs for Array Integration (VAAI) network-attached storage (NAS) plugins for Isilon. For example, the following command can be executed from the Isilon OneFS CLI to create a SmartLock Enterprise directory (default) with the name FSAVSWORMR1 under the following path /ifs/data/ev9/worm1 with an infinite default retention period: isilon-1-1# isi worm mkdir --path /ifs/data/ev9/worm1/fsavswormr1 -- default inf Advanced Create SmartLock directory Configuration settings When creating a SmartLock (WORM) directory, additional configuration settings may be specified. For settings that are not mentioned in the text that follows, there is no specific recommendation for deployment with Enterprise Vault V9.0 and V10.0. Directory type (optional) can be either a SmartLock Enterprise directory (default) or a SmartLock Compliance directory. Only a Compliance mode cluster can create Compliance directories. Compliance mode enables you to protect your data in compliance with the regulations defined by U.S. Securities and Exchange Commission rule 17a-4. It is important to note the following: OneFS can operate in either the default SmartLock mode, or it can be upgraded during the initial cluster configuration process to SmartLock Compliance mode to meet SEC 17a-4 compliance. To upgrade a cluster to SmartLock Compliance mode after the initial cluster configuration process, contact Isilon Technical Support. For Compliance mode, a compliance administrator account is required to log in to the cluster. The compliance administrator account must be created during the initial cluster configuration process. For Compliance mode, time-dependent operations such as file retention rely on a SmartLock compliance clock. The SmartLock compliance clock must be set before a SmartLock compliance directory is created. The compliance clock time cannot be modified once it has been set initially, so ensure that the system clock on the cluster nodes is correct and that the Network Time Protocol (NTP) is set up to synchronize the system clock to an external source. File Archival Using Symantec Enterprise Vault with EMC Isilon 13

SmartLock Compliance mode is not compatible with Isilon for vcenter, or the VASA or VAAI NAS plug-ins for Isilon. For full details on Compliance mode, please refer to the Isilon OneFS Administration Guide. Autocommit Period (not applicable) is used when files written to storage by an application/software are not committed to WORM state automatically. With Enterprise Vault, commit to WORM operation is performed automatically, so this autocommit setting is not needed. If used, after a file has been in a SmartLock directory without being modified for the specific autocommit time period, the file is automatically committed to a WORM state the next time that file is accessed by a user. The retention period of a file begins when the autocommit time period expires, if the retention period is configured via the minimum, maximum, or default retention period on a SmartLock directory and a relative time period is configured (for example, years, months, weeks, or days). In such a case, if changes are made to the autocommit time period and the file is not committed to a WORM state, because a user has not accessed the file yet, then the file s retention period will ultimately change with a new start date. Therefore, it is recommended that SmartLock configuration settings not be modified after files are added to the SmartLock directory. The autocommit time period can be configured by specifying a number of months, weeks, days, hours, or minutes, or by not indicating any timeframe (disable autocommit) on the SmartLock directory. Privileged delete (optional) feature provides the Isilon root user with the ability to delete WORM committed files. If set to on (allowed), the default setting is off (not allowed); this option is not available on SmartLock Compliance directories. Symantec Enterprise Vault does not configure this feature. If your organizational policy requires you to prevent WORM committed files from being deleted from a SmartLock Enterprise directory, even manually by the root user, this option should be set to disable, which is a permanent setting. Default Retention Period (optional) configured on an Isilon SmartLock directory is applied to a file when it is committed in WORM state without specifying a retention period. In the case where Enterprise Vault is committing files to an Isilon SmartLock directory, the default retention period will only be applicable if Enterprise Vault has not been configured with any retention policy. When a retention policy is configured in Enterprise Vault, any or no value can be assigned to the Isilon default retention period. The default retention period option can be configured by specifying a number of years, months, weeks, or days, or not indicating any timeframe (expires immediately), or by selecting an infinite (retain forever), minimum (use minimum retention setting), or maximum (use maximum retention setting) setting on the SmartLock directory. Note: To set default retention period to infinity, use --default inf. Minimum/Maximum Retention Period (optional) configured on an Isilon SmartLock directory will override a defined retention period to help ensure that files are not stored for too short or long a period of a time. A minimum retention period will act as the default retention period, if a default retention period is not configured on a SmartLock directory. As long as the retention period that is configured in Enterprise Vault is within this range (not shorter than the minimum and also not longer than the maximum), the Enterprise Vault retention period will be applied. If the Minimum/Maximum Retention Period is not configured on a SmartLock directory, File Archival Using Symantec Enterprise Vault with EMC Isilon 14

any retention period can be configured in Enterprise Vault. The Minimum Retention Period option can be configured by specifying a number of years, months, weeks, or days, or not indicating any timeframe (expires immediately), or by selecting infinite (retain forever) on the SmartLock directory. The Maximum Retention Period option can be configured by specifying a number of years, months, weeks, or days, or not indicating any timeframe (unbounded maximum the same as infinite), or by selecting infinite (retain forever) setting on the SmartLock directory. For example, the following command provides an example for all options in the case of an Enterprise directory. Any combination of these options may be used to meet your organization s needs. isilon-1-1# isi worm mkdir --path /ifs/data/ev9/worm1/fsavswormr1 -- autocommit 30n --default 2w min 1w max 3w --privdel on For example, the following command provides an example for all options in the case of a Compliance directory. Any combination of these options may be used to meet your organization s needs. isilon-1-1# isi worm mkdir --path /ifs/data/ev9/worm1/fsavswormr1 -- Compliance -- autocommit 30n --default 2w min 1w max 3w Symantec Enterprise Vault configuration Basic Retention Category and Policy (Enterprise Vault V9.0 and V10.0) Symantec Enterprise Vault Retention Policy can be set under the Policies/Retention Categories menu. File Archival Using Symantec Enterprise Vault with EMC Isilon 15

Figure 4. Enterprise Vault Retention Categories menu Create New Vault Store Group (Enterprise Vault V9.0 and V10.0) You can create a Vault Store Group according to the Symantec Enterprise Vault documentation. Create new Vault Store Enterprise Vault Safety Copy (Enterprise Vault V9.0 and V10.0) Symantec Enterprise Vault maintains a safety copy of archived files. When to delete the safety copy is dictated by the Vault Store. The available options for WORM and non-worm are as follows: Never, After backup, After backup (immediate for journaling), and Immediately after archiving. If you have selected the After backup or After backup (immediate for journaling) option when creating a new Vault Store, the method to determine whether a backup has occurred will depend on whether the directory being used is a standard directory or a SmartLock one. This process is described in more detail in the Vault Store Partition Properties section. Figure 5. Enterprise Vault new Vault Store remove safety copies after backup process File Archival Using Symantec Enterprise Vault with EMC Isilon 16

Figure 6. Enterprise Vault new Vault Store remove safety copies after backup (immediate for journaling) process Vault Store Partition Properties Isilon cluster using a standard directory When using a standard directory, instead of a SmartLock directory, the Vault Store Partition Backup Properties may be set to either the Use the archive attribute or Check for a trigger file option. The option selected may depend on capabilities of the backup system that is being used. File Archival Using Symantec Enterprise Vault with EMC Isilon 17

Figure 7. Vault Store Partition Properties with a standard directory Isilon cluster using a SmartLock directory When using a SmartLock directory with the Vault Store safety copy removal set to After backup or After backup (immediate for journaling), the Vault Store Partition Backup Properties must be set to the Check for a trigger file option because modification cannot be made to the archive attribute of a file committed to a WORM state. In this case, the backup system must be able to populate the root of the Vault Store Partition Properties with a special file on completion of each backup. For more details, see www.symantec.com/docs/tech35610. Enterprise Vault uses the presence of this file as an indicator that the backup has been successfully completed and that it can remove the safety copies that correspond with the secured saveset files created before the special file s creation date. Enterprise Vault checks Vault Store Partitions for a trigger file when the storage service starts and when the backup mode is cleared, typically with a backup application. Optionally, you can enable the Scan partition every option to force additional scans at the defined interval, in minute increments. File Archival Using Symantec Enterprise Vault with EMC Isilon 18

Figure 8. Vault Store Partition Properties with a SmartLock directory Create new Vault Store partition New partition storage type (Enterprise Vault V9.0) For Enterprise Vault 9.0.5 and later, select EMC Isilon OneFS Scale Out Storage for the Storage Type. File Archival Using Symantec Enterprise Vault with EMC Isilon 19

Figure 9. New partition storage type for Enterprise Vault 9.0.5 and later New partition storage type (Enterprise Vault V10.0) For Enterprise Vault 10.0.4 and later, select EMC Isilon OneFS Scale Out Storage for the Storage Type. Enterprise Vault 10.0.2 and 10.0.3 provide non-worm Isilon support only. File Archival Using Symantec Enterprise Vault with EMC Isilon 20

Figure 10. New partition storage type for Enterprise Vault 10.0.4 and later New partition storage settings for an Isilon cluster with a standard directory The location for the new Vault Store partition UNC path can be entered as an IP address or host name to the standard directory that was created in previous steps. When using a standard directory, ensure that the Device stores data in WORM mode option is not selected in the Enterprise Vault New Partition wizard storage settings section. File Archival Using Symantec Enterprise Vault with EMC Isilon 21

Figure 11. New partition storage settings for EMC Isilon OneFS scale-out storage without SmartLock New partition storage settings for an Isilon cluster with a SmartLock directory The location for the new Vault Store partition UNC path can be entered as an IP address or host name to the SmartLock directory that was created in previous steps. When using a SmartLock directory, ensure that the Device stores data in WORM mode option is selected in the Enterprise Vault New Partition wizard storage settings section. File Archival Using Symantec Enterprise Vault with EMC Isilon 22

Figure 12. New partition location for EMC Isilon OneFS scale-out storage with SmartLock Advanced Enterprise Vault database storage allocation As part of the implementation planning sufficient storage space for the Enterprise Vault SQL databases must be allocated. Without proper storage sizing, the SQL server that holds the Enterprise Vault databases might run out of space, which will impact the Enterprise Vault services. For example, this may cause Enterprise Vault Admin, Directory, Storage, Indexing, Shopping, and Task Controller Services to enter a stopped state. As an example, each Vault Store has an initial storage allocation of 180 MB (100 MB for data and 80 MB for the transaction log device). As archived data is added to the Vault Store, it will require more space. A basic sizing guideline for each Vault Store database is 250 bytes for each item archived plus 5 GB for static data, transaction logs, and temporary data fluctuations. File Archival Using Symantec Enterprise Vault with EMC Isilon 23

Figure 13. Enterprise Vault Database Properties Other than databases for Vault Stores, you also need to take other Enterprise Vault databases, such as Directory, Fingerprint (for each Vault Store Group), Monitoring, Reporting, and Audit databases, into your storage space consideration. For the Directory database, the initial storage requirement is 10 MB for the data device and 25 MB for the transaction log device for a total initial disk space requirement of 35 MB. To allow for temporary growth and the transaction logs, the recommendation is that you make 5 GB available for the Directory database. For the Fingerprint database, the initial storage requirement is 212 MB. The storage is allocated as follows: 100 MB for the primary filegroup 1 MB for each of the 32 nonprimary filegroups 80 MB for the transaction log device For further information about the storage requirements for each database, refer to the following Symantec user documents: File Archival Using Symantec Enterprise Vault with EMC Isilon 24

Symantec Enterprise Vault 9.0.4 and later - Installing and Configuring Guide : http://www.symantec.com/business/support/index?page=content&id=doc564 3 Symantec Enterprise Vault 10.0.4 - Installing and Configuring Guide : http://www.symantec.com/business/support/index?page=content&id=doc659 0 When the storage that holds the Enterprise Vault SQL databases is full, you will see the error messages in the Enterprise Vault server s event log as shown in Figure 14. Figure 14. Enterprise Vault server event log error message for insufficient database storage File Archival Using Symantec Enterprise Vault with EMC Isilon 25

When this error persists for some time, Enterprise Vault services will eventually stop, as indicated by the Enterprise Vault shutdown error message shown in Figure 15. Figure 15. Enterprise Vault Event Properties for a service shutdown Enterprise Vault provides flexibility in configuring the location for database data and transaction logs. Database best practices should be employed when setting up the Enterprise Vault databases. For example: The location of the database should not be on the OS disk. The database data file should be stored on a different disk from the database transaction log. Regular database backup should be performed to maintain the size of the transaction log. During creation of a new Vault Group, you can specify the storage location for the Enterprise Vault Fingerprint database. The Fingerprint database holds information about each Enterprise Vault Single Instance Storage (SIS) part that is stored in the group's Vault Stores. This data grows when there are shared items in archived items. To ensure acceptable archiving and retrieval performance, allocate the nonprimary filegroups of this Fingerprint database into 32 different locations. With this scalability, you can expand the storage space as well as the performance. File Archival Using Symantec Enterprise Vault with EMC Isilon 26

Figure 16. Enterprise Vault new Vault Store Group File Archival Using Symantec Enterprise Vault with EMC Isilon 27

Likewise, when creating a new Vault Store, you can specify the storage location for the Vault Store database. Figure 17. Enterprise new Vault Store You can distribute and manage storage locations for databases based on Vault Store Group and Vault Store. For example, you can dedicate a storage volume for the Vault Store Group and Vault Store databases for a department in an organization and allocate separate storage volumes for other department archives. Create target volume and folder When you create a target volume, the Retention Category is associated with the Volume from the Volume Policy Properties in the Retention Category tab. File Archival Using Symantec Enterprise Vault with EMC Isilon 28

Figure 18. Volume Policy Properties The Retention Policy must also be configured against the Volume Folder on the Volume Properties window by selecting the Select Policy button. File Archival Using Symantec Enterprise Vault with EMC Isilon 29

Figure 19. Volume Properties select policy Troubleshooting Verify SmartLock directory settings Identify SmartLock directories The following command can be used to verify whether a directory is a SmartLock directory: isilon-1-1# isi worm list Root Path Type -----------------------------------------------+---------- /ifs/data/ev9/worm/fsavsworm1 SmartLock /ifs/data/ev9/worm/fsavsworm2 SmartLock File Archival Using Symantec Enterprise Vault with EMC Isilon 30

Display SmartLock directory WORM information The following command can be used to display WORM information for a SmartLock directory: isilon-1-1# isi worm info --path /ifs/data/ev905/worm/fsavs2 --verbose SmartLock Info for: /ifs/data/ev905/worm/fsavs2 SmartLock Root Directory ------------------------ SmartLock Root Directory 65578 --- Root Path: /ifs/data/ev905/worm/fsavs2 Type: SmartLock Default Retention Offset: Forever Minimum Retention Offset: None Maximum Retention Offset: None Autocommit Offset: None Override Retention/Litigation Hold Date: None Privileged Delete: On Investigating failed services Enterprise Vault Storage service will not start Symptom: Enterprise Vault Storage service will not remain running. The service can be started but stops very shortly thereafter. Debug: Check the Enterprise Vault event log for additional information. If the event log indicates starts and stops have occurred without providing much detail, the dtrace.exe tool can be used for further debugging. High-level steps are provided in the text that follows. Further information on the dtrace tool can be found at www.symantec.com/business/support/index?page=content&id=howto54652. 1. Log in to the Enterprise Vault server as Administrator. 2. Open a command prompt. 3. Execute the dtrace tool from the Enterprise Vault installation directory (the default is C:\Program Files\Enterprise Vault): cd C:\Program Files\Enterprise Vault dtrace.exe 4. From the DT> prompt type view, to see a list of processes for which you can enable verbose logging: DT> view The Enterprise Vault Storage Service is referenced as the StorageManagement service in the dtrace list. 5. Set the logging detail level to verbose to enable capture of all logged messages: DT> set StorageManagement verbose File Archival Using Symantec Enterprise Vault with EMC Isilon 31

6. Logging can be redirected to a file or console. Use the log command with a file name to send logging detail to a file. The following example would create a C:\debuglogs.txt file: DT> log debuglogs.txt 7. Use the mon command to log on to console: DT> mon 8. Once logging is enabled, try to start the service again. When the service stops, analyze the dtrace log output to determine what the issue might be. Search for entries that have errors. These would typically be found toward the end of the log file. 9. Once debugging is completed, use CTRL-C to exit from console monitoring and enter the log command to disable logging: DT> log Enterprise Vault Service account permissions Files not being converted to shortcuts with data on the Isilon cluster acting as a file server The Enterprise Vault VSA (or, if modified, the account that the Enterprise Vault services are running under) can be given Full Control permission in the ACL on folders in which files are failing to be converted to shortcuts. If assigning full control resolves the issue, follow these permissions requirements: VSA requirements on an FSA target For a Windows file server: For releases before Enterprise Vault 10.0.3, the VSA must be a local administrator on each target Windows file server, and must have Full Control permission on each share that is configured as a target volume. For releases of Enterprise Vault 10.0.3 and higher, the VSA can run instead as a member of the local Print Operators group on the file server, with reduced set of permissions and privileges. This change enables archiving from domain controllers and other file servers where local Administrator rights are not permitted for a service account. Refer to the following Symantec document to ensure the correct permissions are assigned to the VSA: www.symantec.com/business/support/index?page=content&id=tech76700. File Archival Using Symantec Enterprise Vault with EMC Isilon 32

About EMC EMC Corporation is a global leader in enabling businesses and service providers to transform their operations and deliver IT as a service. Fundamental to this transformation is cloud computing. Through innovative products and services, EMC accelerates the journey to cloud computing, helping IT departments to store, manage, protect, and analyze their most valuable asset information in a more agile, trusted, and cost-efficient way. Additional information about EMC can be found at www.emc.com. File Archival Using Symantec Enterprise Vault with EMC Isilon 33