Server Data Stores
DDC supports these server type data stores:
Sharepoint Server - Sharepoint Server is a web based collaborative platform integrating natively with Microsoft Office that is provided to organizations seeking greater control over Sharepoint's behavior or design.
Exchange Server
Adding Server Data Store
Use the Add Data Store wizard to add a new Server data store. This involves the following steps:
1. Select Store Type
In the Select Store Type screen of the wizard select Server in the Select Data Store Category.
In the Select Server Type drop-down list select the server data store type:
Sharepoint Server (it is pre-selected).
Exchange Server
Click Next to go on to the Configure Connection screen.
2. Configure Connection
In the Configure Connection screen of the wizard, provide the following configuration details for your data store:
SHAREPOINT SERVER
Hostname - the Sharepoint Server hostname.
Port - the port on which the server is accessed. The default port is 80.
User - a SQL user that is configured in Sharepoint and has access to the sites that you want to scan.
Password - the password used for the SQL user.
API Passwords - if multiple credentials are required to access the different Site Collections or Sites, you can use the Browse File button to upload a text file containing granular access credentials. The contents of such a text file must follow these rules:
Each line of the text file defines a credential set for a URL path.
Each line must be formatted as <url_path>|<username>|<password> where
<url_path> is the URL path to a Site Collection or Site.
<username> is the user name that has access to the URL path.
<password> is the password for the corresponding user.
Note
Use credentials that have the minimum required privileges to access all the web applications and site collections on the Sharepoint Server, to scan all resources for a Sharepoint Server target. For example, to scan all the Sharepoint site collections in "Sharepoint DBS", use a credential set that has access to "Web Application 1" and "Web Application 2".
EXCHANGE SERVER
Exchange Domain - the domain to scan mailboxes that reside on that domain. This is usually the domain component of the email address, or the Windows Domain.
Note
Using the domain IP instead of the domain name does not work.
User - your service account user name.
Tip
The account used to scan Microsoft Exchange mailboxes must:
Have a mailbox on the target Microsoft Exchange server.
Be a service account assigned the ApplicationImpersonation management role.
Password - your service account password.
The Agent Selection section allows you to specify the minimum and maximum number of proxy agents when adding a datastore. Employing a group of agents instead of a single agent to run the scan should improve the scan execution time.
In the Select Number of Agents menu set the number of agents for the datastore:
Minimum: Set the minimun number of agents to use to scan the datastore. At least that number of proxy agents must be able to connect to the datastore.
Maximum: Set the maximum number agents to use to scan the datastore.
Warning
• As there is no limit on the number of minimum and maximum agents that you can set, you should exercise caution so that you do not impact the system performance by using too many resouces for a single scan.
• You will not be able to add a datastore if the minimum number of agents cannot be assigned.
• A scan will fail if the assigned agent is unavailable after adding the datastore.
• The minimum number of agents must be less than or equal to the maximum number of agents.In the Add Label: field, add an agent label, by entering a label or removing and existing label. Agent labels represent the agent capabilities.
Click Next to go to the General Info screen.
3. General Info
In the General Info screen of the wizard, specify the name, description, branch location, and sensitivity level for your data store. See "Configuring a Data Store - General Information" for details.
Configure the General Info part per the information in General Info.
Click Next to go to the Add Tags & Access Control screen.
4. Add Tags & Access Control
In the Add Tags & Access Control screen of the wizard, grant access rights to your data store and add metadata. See "Configuring a Data Store – Tags and Access Control" for details.
Configure the Tags & Access Control par per the information in Tags & Access Control.
Click Save. The newly created data store appears on the Data Stores page. By default, data stores are displayed in alphabetic order by name. Depending on the number of entries per page, you might need to navigate to other pages to view the newly created data store.
At any time during the configuration you can click Back to go to any of the previous wizard screens to update the configuration.
The newly created data store appears on the Data Stores page. By default, data stores are displayed in alphabetic order by name. Depending on the number of entries per page, you might need to navigate to other pages to view the newly created data store.
Recommended Least Privilege User Approach:
Note
To reduce the risk of data loss or privileged account abuse, the Target credentials provided for the intended Target should only be granted read-only access to the exact resources and data that require scanning. Never grant full user access privileges or unrestricted data access to any application if it is not required.
Click Save to create the data store. At any time during the configuration you can click Back to go to any of the previous wizard screens to update the configuration.
The newly created data store appears on the Data Stores page. By default, data stores are displayed in alphabetic order by name. Depending on the number of entries per page, you might need to navigate to other pages to view the newly created data store.
