How to create an EMDI index using the Remote EMDI Indexer
search cancel

How to create an EMDI index using the Remote EMDI Indexer

book

Article ID: 276112

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

EMDI indexes can be created on remote machines similarly to creating EDM indexes. This article describes the use of the RemoteEMDIIndexer tool which allows to perform this task. Its use and principle of working is very similar to using RemoteEDMIndexer. This article is based on DLP 16.0.1 installed on a Windows Server.

Environment

DLP 15.8 or later

Resolution

1. First of all deploy a Remote Indexer on a dedicated server. 

Installation manual for Windows:

Installing a remote indexer on Windows (broadcom.com)

Installation manual for Linux:

Installing a remote indexer on Linux (broadcom.com)

 

2. Create an EMDI profile template, or use an existing profile. While the goal of the article is to create a Remote EMDI index however it is beneficial to create an initial index directly on the Enforce Server. During the indexing process data in the data source file is validated against the selected Data Identifiers (regex patterns associated) for the required columns. If indexing fails on the Enforce server then it will also fail on the Remote Indexer. Proceed further only if you can successfully create an index on the Enforce server what confirms that the data source is compatible with the configured profile. Going directly to using the Remote EMDI Indexer, without creating such EMDI index on the Enforce, may lead to false conclusions that Remote EMDI Indexer is not working as expected while the data does not match the profile to begin with. In such situation the data and selected Data Identifier/s need to be reviewed.

To create an EMDI profile/index directly on the Enforce what will allow to validate the data (recommended):

Configuring Exact Match Data Identifier profiles (broadcom.com)

 

To create an empty EMDI profile template to index it remotely without creating an index on the Enforce server first:

  • In the Enforce Console navigate to Manage -> Data Profiles -> Exact Data and click "Add Exact Match Data Identifier Profile"

  • Fill the required fields such as the Name, select whether the source file contains column names in the first row, error threshold, column separator and file encoding. Use the "Use This File Name" option, provide the number of columns in the data source file and enter the name of the index file to create with the *.emdi extension.

  • Click Next
  • Assign the columns as per your data source file requirements. Columns selected as Required will need to be bound to a Data Identifier. Pre-built or custom Data Identifiers can be used. The data in the selected columns must match selected Data Identifier otherwise indexing will fail. Optional columns point to data that needs to exist along with at least one of the Required columns to create a match. Ignored columns will be ignored. Do not select neither of the 2 options in the Indexing sections.

  • Click Finish.

 

3. Download the EMDI profile from the Enforce Console and transfer it to the Remote Indexer server. The download profile button is available next to the EMDI profile. The file will be named after the profile, so in this example "Example Remote EMDI.emdi"

 

4. Copy the downloaded .emdi profile file to the Remote Indexer host.

5. Open Command Prompt on the Remote Indexer server as an administrator.

6. Change the active directory to the location of Remote Indexer installation, by default C:\Program Files\Symantec\DataLossPrevention\Indexers\16.0.10000\Protect\bin for DLP 16.0.1 (RU1)

7. Run the RemoteEMDIIndexer.exe tool with the necessary parameters which are:

-data - which should point to the location of the data source file

-profile - which should point to the .EMDI file downloaded from the Enforce Console

-result - which should point to a directory where the resulting index files should be created -  the directory must be created prior to running the command

For example:

RemoteEMDIIndexer.exe -data=c:\temp\sample-data.csv -profile="c:\temp\remote EMDI Index\Example Remote EMDI.emdi" -result="c:\temp\remote EMDI Index\result"

If everything went well the command will report "Successfully created index" as visible on the screenshot above.

8. Copy the rdx and pdx files from the result directory to the Enforce Server. Those should be placed in the following directory by default. The path may differ based on your installation configuration.

C:\ProgramData\Symantec\DataLossPrevention\ServerPlatformCommon\16.0.10000\index

9. Go back to the EMDI profile in the Enforce Console and open it by clicking on its name. Use the "Load Externally Generated Index" option and select the "Submit Indexing Job on Save"

10. Click Save

11. Add an EMDI check to the Data Identifiers selected during the EMDI profile creation. 

This can be done on policy level or on Data Identifier level. The article below describes the process on policy level but the same steps can be used for the Data Identifier level. The only difference is that instead of going into Manage -> Policies -> Policy List and adjusting a policy you need to go to Manage -> Policies -> Data Identifiers. Then click on the Data Identifier of interest and follow the same manual from point 5 up to point 11.

Adding an EMDI check to a built-in or custom data identifier condition in a policy (broadcom.com)

12. The remotely generated EMDI index is now ready to be used in your policices.