EMDI indexes can be created on remote machines similarly to creating EDM indexes. This article describes the use of the RemoteEMDIIndexer tool which allows to perform this task. Its use and principle of working is very similar to using RemoteEDMIndexer. This article is based on DLP 16.0.1 installed on a Windows Server.
DLP 15.8 or later
1. First of all deploy a Remote Indexer on a dedicated server.
Installation manual for Windows:
Installing a remote indexer on Windows (broadcom.com)
Installation manual for Linux:
Installing a remote indexer on Linux (broadcom.com)
2. Create an EMDI profile template, or use an existing profile. While the goal of the article is to create a Remote EMDI index however it is beneficial to create an initial index directly on the Enforce Server. During the indexing process data in the data source file is validated against the selected Data Identifiers (regex patterns associated) for the required columns. If indexing fails on the Enforce server then it will also fail on the Remote Indexer. Proceed further only if you can successfully create an index on the Enforce server what confirms that the data source is compatible with the configured profile. Going directly to using the Remote EMDI Indexer, without creating such EMDI index on the Enforce, may lead to false conclusions that Remote EMDI Indexer is not working as expected while the data does not match the profile to begin with. In such situation the data and selected Data Identifier/s need to be reviewed.
To create an EMDI profile/index directly on the Enforce what will allow to validate the data (recommended):
Configuring Exact Match Data Identifier profiles (broadcom.com)
To create an empty EMDI profile template to index it remotely without creating an index on the Enforce server first:
3. Download the EMDI profile from the Enforce Console and transfer it to the Remote Indexer server. The download profile button is available next to the EMDI profile. The file will be named after the profile, so in this example "Example Remote EMDI.emdi"
4. Copy the downloaded .emdi profile file to the Remote Indexer host.
5. Open Command Prompt on the Remote Indexer server as an administrator.
6. Change the active directory to the location of Remote Indexer installation, by default C:\Program Files\Symantec\DataLossPrevention\Indexers\16.0.10000\Protect\bin for DLP 16.0.1 (RU1)
7. Run the RemoteEMDIIndexer.exe tool with the necessary parameters which are:
-data - which should point to the location of the data source file
-profile - which should point to the .EMDI file downloaded from the Enforce Console
-result - which should point to a directory where the resulting index files should be created - the directory must be created prior to running the command
For example:
RemoteEMDIIndexer.exe -data=c:\temp\sample-data.csv -profile="c:\temp\remote EMDI Index\Example Remote EMDI.emdi" -result="c:\temp\remote EMDI Index\result"
If everything went well the command will report "Successfully created index" as visible on the screenshot above.
8. Copy the rdx and pdx files from the result directory to the Enforce Server. Those should be placed in the following directory by default. The path may differ based on your installation configuration.
C:\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\16.0.10000\index
9. Go back to the EMDI profile in the Enforce Console and open it by clicking on its name. Use the "Load Externally Generated Index" option and select the "Submit Indexing Job on Save"
10. Click Save
11. Add an EMDI check to the Data Identifiers selected during the EMDI profile creation.
This can be done on policy level or on Data Identifier level. The article below describes the process on policy level but the same steps can be used for the Data Identifier level. The only difference is that instead of going into Manage -> Policies -> Policy List and adjusting a policy you need to go to Manage -> Policies -> Data Identifiers. Then click on the Data Identifier of interest and follow the same manual from point 5 up to point 11.
Adding an EMDI check to a built-in or custom data identifier condition in a policy (broadcom.com)
12. The remotely generated EMDI index is now ready to be used in your policices.