Latest From The Blog

Latest articles from the TrueSwift  Blog

Enterprise Vault 14.2 – more than a patch release

 

Our technical overview explains the key features and benefits. Enterprise Vault (EV) 14.2 has some interesting new features beyond changes and improvements to EV. 

Veritas are focusing on EV.Cloud and the updates initially arriving in EV.Cloud will later be adopted and added to EV.

This stance is, according to Veritas, because there is a customer push to the Cloud and that is where most customers want the new features. This doesn’t mean that EV on premise is dead, and Veritas believe there will be a requirement for on-premise archiving well into the future. As you will read below, there are still some significant updates to the on-premise EV.

  • Elasticsearch

The indexing in EV has been updated to use Elasticsearch. This is now a common index engine for EV and EV.Cloud, allowing federation of searches from the Advanced eDiscovery application (discussed below).

The good news is that EV14.2 is able to run in a hybrid mode with the existing archive running with the old indices, and newly archived content taking advantage of the new engine. This means the time and effort to convert to the new index is not an immediate priority for an upgrade, but can be planned for a later date. As you read on, you will see that an upgrade to Elasticsearch will be of benefit so a task worth tackling sooner rather than later.

Veritas have performed a number of tests with the new index engine and it has shown some massive improvements on performance and reliability. Using 0.5 million items on a fairly typically specified EV server - 16 core CPU, 32GB RAM - the following improvements have been found with Elasticsearch:

  • Compliance Accelerator (CA) & Discovery Accelerator (DA) searches are 30% faster
  • Indexing of archived items is 55% faster
  • Rebuilding an index is 5 times faster
  • Index footprint required has a 26% storage saving
  • Memory requirements on the server has a 32% improvement
  • End user searches are 67% faster

Backing up EV has often been a challenge in making sure that the data is in a read only state for an extended period of time, whilst a conventional backup is performed. Elasticsearch supports snapshot-based backups of the Indices without any of the downtime or putting EV into Backup Mode.

There are some new PowerShell cmdlets to control EV and the new index, including Verify, Sync, Upgrade and Rebuild. The cmdlets can also be used for snapshot-based backup management of the Elasticsearch indices. There is an updated EV Index monitoring app to better visualise the state of the indices.

  • Enterprise Vault Dashboard v2

Enterprise Vault Dashboard v2 introduces a schedule search feature to monitor the health of the indices. This is achieved by building search schedules at set times or setting up recurring searches that run automatically. You then run the searches against EV archives to the desired frequency. This facility will help you run an extensive search during an off-peak period to identify the unhealthy state of indices.

  • Index Microsoft Teams Chat and Channel data

An optional configuration available now in EV14.2 is to collect Microsoft Teams Chat and Channel data. Within DA, this Teams content is not just text data from an index, but presented in its native form for efficient review.

Teams data by default is removed from the Microsoft platform after 90 days, so having the option to index the Teams data will prevent loss of this data should it need to be discovered at a later date.

  • Advanced eDiscovery & Advanced Supervision

Advanced eDiscovery is the web version of DA that is able to search EV.Cloud or on premise EV indices from the same interface. Using the single product and now with the addition of the Teams content, reviewers have a 1 step tool to search against EV, EV.Cloud, Teams, and OneDrive content. With the Merge1 integration 120+ different content sources can be collected and managed in Advanced eDiscovery.

As a reviewer, you can select which type of data you want to be looking at so not getting cluttered with email content if you are only interested in Teams chat. Although Teams content is viewed in the native friendly user view, when exporting, the content is in JSON file format in order to preserve the native content for the courts.

With Intelligent Voice a reviewer in Advanced eDiscovery is able to search and view voice and video file content.

Advanced Supervision has been upgraded to version 3.4 and is the web version of CA. In this new version there is enhanced auditing, the option to export items for offline review, enhancements to the Review pane and enhancements to previewing the search results

Advanced Supervision and CA can both utilise Intelligent Review. This is a supervised simplified Automated Intelligence AI training process. Reviewers will mark items as Relevant or Irrelevant and this trains the system. Using Machine Learning items are then automatically assigned Relevant or Irrelevant tags, but this time under the Unreviewed Status section so a reviewer knows these have been tagged by Intelligent Review.

Intelligent Review reduces false positives and allows for concentration on the more relevant data for the reviewer. This is because humans lose concentration and make mistakes as items will be ‘reviewed’ without properly reading. This is especially true when there are large volumes to review.

There are now PowerBI reports available for Tags and Hotwords, and Hotwords and classification tags are now highlighted in the reviewer console as well as standard search hits.

  • Veritas Information Classifier (VIC)

VIC version 3.0.0 is included in EV14.2. This updated version provides assignment of classification tags to all new and existing archived content. VIC 3.0 also has Sentiment Analysis support, New policies, Policy engine enhancements and Security fixes.

VIC is a rules based classifier based on keyword searches, proximity searches, regular expressions, voice analysis, sentiment analysis, or language detection. There are 200 default policies. Some policy examples that can be selected include: International Regulations which include UK Drivers license, US Federal Information Security Management Act (FISMA); Personally Identifiable Information (PII) which includes Estonia Personal Data Policy, UK Personal Data Policy; Health Regulations; Financial Regulations; Corporate Compliance; Special Category Data; Language Detection – 33 languages in total, 12 new.

VIC also comes with 987 Default Patterns such as Ethnicity patterns; Biometric data per country; and Full names per country.

These policies and patterns can be selected rather than having to build your own rules, speeding up the deployment and classification process. You can mix and match these default policies with your own content rules. For example you might define a new rule: 

  • All of the following must be met
    • Content matches the pattern – “Credit/Debit Card Number
    • Content contains any of the following text
      • Not agree
      • Not approve
      • Not authoriz*
    • Tag with ‘Internal - Credit Card details’

With VIC there is a Test section where files or test text can be run through the engine to check the rules work as expected. As well as checking the tagging, optionally Sentiment Analysis can be performed which will provide a score.

Written by : trueswift

Trueswift Logo
© 2010, TrueSwift Ltd.
Follow us
TrueSwift Offices