From time to time people ask questions about how to make Enterprise Vault data ‘more secure’. This is usually around the under-the-covers activities like when a client retrieves an archived item, and it’s transmitted back to the client can that be secured?
Sometimes people ask about how to make the server itself more secure and the data files on disk – but I’ll save that discussion for another day!
The answer is yes, lets discuss how.
Default transmission is HTTP
And as you can see in Enterprise Vault 10.0.4 (and other flavours of EV too) you get a security warning, which when clicked, gives you a simple pop-up which says:
“Non-HTTPS traffic is not encrypted on the network. Do not use this option unless you are using a secure network”.
The second thing to notice is that this is a site wide setting.
So, life is good if we are using a secure network. I know that there are philisophical discussions to be had about whether ANY network can be termed secure, but now lets just say that if all traffic is inside the corporate file it’s secure.
But what about people who use Outlook Web Access?
This is a problem if Enterprise Vault is configured with Outlook Web Access extensions. Uses can access Outlook Web Access from ‘anywhere’. Therefore when they retrieve an archived item, or perform a search and so on, the transmission, by default, is not going to be secure.
We need to change to HTTPS. For this there are two considerations:
In a green field deployment, or in other words a fresh deployment of Enterprise Vault, HTTPS can be enabled and configured from Day 1… before ANYTHNG is archived. This is of course the ideal situation.
The brown field deployment, or in other words an existing deployment of Enterprise Vault can also be changed to use HTTPS. No problem there; except of course that all the existing shortcuts will then be broken. So if you do go down this route, you will need to take a look at the options of recreating Enterprise Vault shortcuts, which I’ve written about before in this blog post. (http://thingsilearnedtoday.net/2013/12/17/how-to-recreate-enterprise-vault-shortcuts/). It might not be necessary to perform those steps though, for example if archived items do not have shortcuts created at all (good for customers who push Virtual Vault usage)
It’s also worth remembering that you don’t just make this change in Enterprise Vault, if you look at the online help you have to obtain and install a valid certificate on the default web site in IIS.
Do you use HTTP or HTTPS in your Enterprise Vault deployment? Let me know in the comments.