Considerations when deciding on when to enable External Incident Storage.
Reasons to use External Incident Storage:
- Allows you to store incident attachments such as email messages or documents on a file system rather than inside the database.
- Saves a great deal of space in your database, which results in faster and easier database actions such as backup and restore.
- Can be stored locally on the server, or can be stored on a remote computer
Reasons to use Internal Database Storage:
- Once the data has been stored outside of the database it cannot be brought back into the database.
- If you use a remote storage location to store your External Incident Data and you lose connection to that drive, it will be unable to use/load that data.
For instructions to enable External Incident Storage please use the link below.
- Enforce (and the database) are in near constant contact with external storage. You need 100% Availability on any external storage (High Availability).
- It will require as much storage space as it is currently using for existing database storage (plus all new incident data).
- DO NOT place your external storage under the "/Symantec/DataLossPrevention/" folder (aka "/SymantecDLP/", or if you installed in a custom location, do not place it inside the installation location).
- DO NOT place your external storage under the "Archives" directory.
- Ensure that both the Enforce Server and your External Storage server are in the same Domain.
- Create a "protect" user with the same password as your Enforce Server "protect" user to use with your external storage directory.
- If you are using a MS Windows system for external storage, share the directory with Read/Write permissions with the external storage "protect" user.
- If you are using a Linux system for external storage, change the owner of the external storage directory to the external storage "protect" user.