Configuration
The first step in using Superna Data Security Essentials involves laying out a strategy for managing users' file and directory operations.
Before this step, it is essential to examine the underlying policy-based rules engine: Superna Smart Policy Manager™.
Superna Smart Policy Manager™ monitors users' file and directory operations, offering a customized solution tailored to an organization's specific needs. Whether management is structured by geography, administrative unit, or machine class, this tool adapts to suit various management modes.
Many companies prefer a mixed approach, such as combining geography, department, and machine type. Superna Smart Policy Manager™ provides the necessary flexibility to simplify the usage of Superna Data Security Essentials.
Once the management structure is established, Superna Smart Policy Manager™ replicates policies across the enterprise. Machines within the network access these policies through their containers, inheriting policies from all levels of the organizational hierarchy. This eliminates the need to configure and manage machines individually.
When configuring the installed software, start with the top-level container under the root organization (e.g., My Site). This is the Global Network configuration, automatically created during installation.
Superna Data Security Essentials Configuration
Adding a Filer to the Superna Data Security Essentials Policy Hierarchy
After installing the NetApp version of Data Security Essentials, the NetApp Filer must be added to the hierarchy for management.
-
Open Superna Data Security Essentials Admin by navigating to:
Start > All Programs > Superna Data Security Essentials > Data Security Essentials Admin -
Right-click My Site and select:
New > Filer -
A prompt will appear to enter a name. The name entered must match the name of the NetApp Filer (7-mode) or CIFS Server (c-mode).
-
After adding the device to the collection of servers recognized by Superna Data Security Essentials, right-click the newly added device and select: New > Data Security Application.
-
Right-click the device and select:
New > Data Security - Policy Engine Application
-
Now that the NetApp Filer has been added to the hierarchy, the Windows server managing the filer needs to be configured.
-
In the Superna Smart Policy Manager hierarchy view (the left pane), click the plus sign (+) adjacent to the name of the Windows-based server that will manage the NetApp Filer.
-
Right-click Data Security under that entry and select Properties to open the Data Security Configuration screen.
-
Click the NAS Connector tab.
-
Click the Add button.
-
Select whether to add a 7-mode or c-mode device.
-
For a 7-mode device, enter the name of the Filer/vFiler and click OK.
-
For a c-mode device, enter the following:
- CIFS Server Name: This is the NetBios name of the filer, which is not necessarily the svm name.
- Cluster IP Address: The ip address of the cluster where the cifs servers are defined.
- Credentials to access the cluster: local cluster account or domain account.
- Web settings: The web server API port and https/http settings.
- FPolicy details:
- Preferred Address: If the windows server has more than one ip address, one can be chosen or default to all addresses.
- Port: The port used to communicate with FPolicy. If a firewall exists between the windows server and the NetApp filer, it is best to specify a port so that a more granular rule can be created on the filer to allow the communications. If Dynamic Port is selected, an open port in the range 32000 to 65535 is assigned by the windows operating system to use.
- Sequence Number: This specifies the ordering of notifications from the filer when multiple servers are registered with FPolicy. The Data Security App defaults to 10.
-
Click OK in the Superna Data Security Essentials Configuration screen.
-
Right-click Data Security - Policy Engine and select Properties to open the Data Security - Policy Engine Configuration screen.
-
Click the NAS Connector tab.
-
Click the Add button.
-
Select whether to add a 7-mode or c-mode device.
-
For a 7-mode device, enter the name of the Filer/vFiler and click OK.
-
For a c-mode device, enter the following:
- CIFS Server Name: This is the NetBios name of the filer, which is not necessarily the svm name.
- Cluster IP Address: The ip address of the cluster where the cifs servers are defined.
- Credentials to access the cluster: local cluster account or domain account.
- Web settings: The web server API port and https/http settings.
- FPolicy details:
- Preferred Address: If the windows server has more than one ip address, one can be chosen or default to all addresses.
- Port – The port used to communicate with FPolicy. If a firewall exists between the windows server and the NetApp filer, it is best to specify a port so that a more granular rule can be created on the filer to allow the communications. If Dynamic Port is selected, an open port in the range 32000 to 65535 is assigned by the windows operating system.
- Sequence Number – This specifies the ordering of notifications from the filer when multiple servers are registered with FPolicy. The Data Security Policy Engine App defaults to 1.
-
The system is now ready to create Data Security and Data Security - Policy Engine policies.
Setting Superna Data Security Essentials Properties
For all the screens displayed in this user manual, Superna Data Security Essentials for NetApp is used. Please note that screenshots may differ depending on the Data Security Essentials edition being installed.
Security
The Superna Data Security Essentials Properties tab enables the setup of several application properties, including the application security level. To adjust the Superna Data Security Essentials application security level, follow these steps:
- In the left tree view, expand the MySite node.
- Right-click Data Security under MySite and navigate to the Windows server node. Select Properties from the menu.
- Click the Security tab. Clear the Inherit Security box and check the Enable Security checkbox. Click Add to select the users or groups for which security options will apply.
info
In the Non-Owner Permissions section of the dialog box, choose the desired settings for the types of policies and properties.
Database Configuration
The Superna Data Security Essentials Properties tab enables the setup of several application properties, including the application database. The application database configuration should be adjusted before creating any file audit policies, as all events monitored through the Data Security Essentials policies are saved to the configured database.
To configure the database, follow these steps:
-
Right-click Data Security under the main application container (My Organization, in this example).
-
Right-click Superna Data Security Essentials under the Organization Node and select Properties from the menu.
-
On the Database Configuration tab, clear the Inherit Database Configuration box, enter the correct information in each of the text boxes as appropriate for the database, and click OK.
info"My Organization" is the main application container, so the database configuration specified here is inherited by any other server created within the tree. This saves the administrators from having to enter the database configuration manually.
-
To specify different database configurations, right-click Data Security under the NetApp Filer that has been added.
-
To back up or delete old files to maintain the size of the database, click the Maintenance button.
infoThe DB Maintenance option works on two levels, the server level and the policy level.
On the Database Maintenance Settings dialog, under the Age Limit section, use the Remove records older than field to set the number of days/weeks/months/years that Data Security Essentials should keep records in the primary database. After this period, Data Security Essentials will attempt to back them up.
Based on the Required Action field, Data Security Essentials can delete old records from the database, export old records to a comma-separated file, export aging records to an XML file, export aging records to a database specified on the SQL server instance, or use Mobility VFM to back up old records.
Data Security Essentials Reports retrieve old records for reporting purposes. The system can be configured to use a Mobility VFM server by setting two fields:
- Temp Share: A temporary share on the primary server that VFM uses as a source for file backups. The service account for Data Security Essentials must have Read, Write, and Delete permissions on this share. For more information about VFM Primary Servers, please refer to the Superna VFM Administration Web Site - User Manual.
- Web Service: A URL to the VFM Web Service.
Email Configuration
The Superna Data Security Essentials Properties tab enables the setup of several application properties, including application emails. To adjust the Superna Data Security Essentials application email feature, follow these steps:
-
Right-click Data Security under the main application container.
-
Click Properties on the pop-up menu.
-
Click the Email Configuration tab. Clear the Inherit Email Configuration box. Check the Enable Email Notifications option. Enter the correct information in each of the text boxes as appropriate for the email settings, and click OK.
infoClick the Test Mail Settings button to test the connection to the specified SMTP Server. Specify the email ID where the test email should be sent. If the email is sent successfully, the status field will display Test mail sent. Otherwise, it will display Test mail not sent.
Extension Collections
Data Security Essentials allows the creation of a collection of extensions. This enables multiple extensions to be grouped together for easier management. Extension collections can be added to the Criteria page of a file control policy instead of adding individual extensions. If a new extension is needed, it can be added to the collection, and every policy configured with the collection will be updated. Collections can also be a collection of collections.
Default Collections
Data Security Essentials includes several pre-configured default collections for easier management of file types. These default collections are:
- Common Audio Files
- Common Graphic Files
- Common Video Files
- Executable Files
Additionally, there is a special collection called Common Multimedia Files, which groups together the Audio, Graphic, and Video default collections into one unified collection.
Ransomware Collection
Data Security Essentials introduced a new Ransomware Files collection, which is a list of known ransomware extensions. This list is maintained by Superna and published on its website. The Data Security Essentials software will maintain updates to this collection automatically. Extensions can be added or removed from this list, and the software will honor those changes and will not re-add extensions that were removed.
If the Data Security Essentials software is unable to access the internet, the list of ransomware extensions can be downloaded from here, saved as rwxextnsimport.json, and placed in the Data Security Policy Engine folder. The software will import the new definitions.
To View, Create, Modify, or Delete collections:
- Right-click the Data Security - Policy Engine application under the main application container.
- Click Properties on the popup menu.
- Click the Extension Collections tab.
- Click Add to create a new collection or select the existing collection and select Edit or Delete. Selecting an item in the list will display the items that are part of the collection in the lower part of the property page.
- Click OK/Apply to save any created, modified, or deleted collections. Click Cancel to abort any changes.
Share Notifications
Data Security Essentials can notify users of changes to shares that have been created, modified, or deleted. These alerts are sent via email. The notification recipients can be an individual user, several users, or even an email distribution list. To configure Share Notifications:
- Right-click Data Security under the main application container.
- Click Properties on the popup menu.
- Click the Share Notifications tab. Clear the Inherit Share Notification Configuration box and select the appropriate options.
- Click the Add button to add a new recipient.
- Select an existing user and select Edit or Remove.
- Click OK/Apply to save the changes. Click Cancel to abort the changes.
Misc Options
The Superna Data Security Essentials Properties tab enables the setup of several application properties, including application miscellaneous options. To adjust the Superna Data Security Essentials application miscellaneous options, follow these steps:
- Right-click Data Security under the main application container.
- Click Properties on the pop-up menu.
- Click the Misc Options tab. Clear the Inherit Directory Connector Properties box and select the appropriate directory connector option.