Professional Documents
Culture Documents
• Architecture
• File.Surf Server Admin
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044133
EOP ECRMS
Server Configuration
System Configuration 12/03/2004
Unisys
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044134
EOP ECRMS
Software Configuration
FileSurf (Server - 8 CPU)
: ..
: .
...................................................................... :
KVSSQL (Server - 4CPU)
GEORGE W. BUSH PRESIDENTIAL RECORD
System Configuration
12/03/2204
SAN Allocation and Mapping
OAP00044135
System Configuration
EOP ECRMS
Software Configuration (cont)
12/03/2004
Unisys
10 KVS (Server - 4 CPU)
SAN Allocation and Mapping
: '":
· .
· .
· .
· .
· .
· .
· .
· .
· .
· .
. .
Drive E
. .
.......................................................................
Prerequisite Services
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044136
EOP ECRMS
SAN 1 NAS Configuration
12/03/2004
System Configuration
Unisys
ECRMS Centera Storage
: ;
· .
· .
· .
· .
· .
.........................................................
ECRMS Symmetric SAN
..........................................................
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044137
EOP ECRMS
Unisys
Hardware Configuration
System Configuration 12/03/2004
Windows Server 2003
Window Server 2003
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044138
ECRMS Capture Flow
Exchange Journal or
PST File
1
.......... , ,_._-,.- ....._
J~ '\.
~?~J
Full Text Indexes
(Message Components)
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044139
FileSurf Server Admin
• Services (Exchange & PST)
• Logs
r
GEORGE w. BUSH PRESIDENTIAL RECORD
OAP00044140
Enterprise Vault Server Admin
• Vault Stores
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044141
ECRMS Security Meeting April 22, 2005
Terminology
ECRMS - Electronic Communications Records Management System
Category - An individual branch or node in the hierarchy of the ECRMS file plan
Record - Term chosen for an email object and its associated metadata in ECRMS
User - a profiled participant in the ECRMS database associated to a network login id
Groups - groups of Users used for security assignments
Privileges - What FUNCTIONS a User can perform
Access Security - What RECORDS a User can access
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044142
Access Security
Specific Access Security to Records is optional.
Access security is optionally applied to Records within ECRMS. If it is decided that all Records within ECRMS will be governed by a comprehensive "all or nothing" access policy to the Records, then it is recommended that internal Security control in ECRMS be disabled to simplify system administration and monitoring.
Category Level Security is currently selected.
Security is applied to individual Categories and is uniformly imposed on all Records filed within a Category. Access to Records within a secured Category is limited to the named users of the security group assigned.
Supplemental Markings.
Optional security mechanism to provide tags that can be specifically applied to individual Records that will provide an additional security layer. It can be used with or without CateqoryLevel Security. This is not an inheritable form of security.
Classification Security.
This feature is not activated within ECRMS.
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044143
~ J: e 10-
co 10- (1)
.-
J:
c co
-
Q.
(1)
- .-
LL
en :E Q!:
o w
ctl ~
Q)
.... I
-c s:
.--- g I-- B
ctl
'5 o
(5 =
:I: U
~
,.,..- "5
co
0..
~ o 0.. c::: 0
,__ I-- co 0 I-- I--
-c ::E z en en w
LL. 0 0 0 0 :J o
I I I I I J
en c Q)
co -
::E a:: .... :2
c::: r- Q) - ~
-
o ~ en en II) c
W u:: en :J :J 0.. ctl Q) Q) Q)
:J I-- I-- i:: E E :; II) en
I-- 0 0 .0 E ~::J c:::
0 0.. 0 Q) 0 II) 0 W
~ ...J ~ o <{:I: 0..
0.. > LL. en
r-- "5 I--
CO
en
~ :J
.__ 5 I-- 0..
0.. 0.. 6
> U
en co
:J 0 o <t: <t: 0
.__ I-- r0-
o :I: en ui u:: 0..
0.. ~ Z o 0.. 0
I I I 1 J GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044144
Privileges
Privilege Types ..
Each User is assigned a Privilege Type which controls the functions available to them when operating within ECRMS. For example, the ability to modify a Records profile, the ability to delete a Record, the ability to Open or download a Record, the ability to View a Record, etc.
Override Security.
A Privilege Type can be assigned "override security". This is uniformly applied to all Users assigned this Privilege Type. A User is assigned to one and only one Privilege Type. If a User is assigned a Privilege Type which has override security," then this User will have full access to all Records within ECRMS.
Currently Defined Privilege Types:
Master (SuperUser) (override) ECRMS Administrator (override) Records Manager (override) Records User
General User
No Access
Each Privilege Type is definable to a very granular degree as to the functions that can be performed within ECRMS.
New Privilege Types can be created if necessary.
Sample Privileges form shown below follow.
GEORGE W. BUSH PRESIDENTIAL RECORD
OAP00044145