Symantec Enterprise Vault

Content Management Connector

for EMC Documentum Retention
Policy Services
Installation, Configuration, and
Administration
1.0

Symantec Enterprise Vault Integration to

Documentum Installation, Configuration, and
Administration
Copyright 2006 Symantec Corporation. All rights reserved.
Symantec Enterprise Vault Integration to Documentum
Symantec, the Symantec logo, and Enterprise Vault are trademarks or registered trademarks
of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document may
be reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
THIS DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE
LEGALLY INVALID, SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR
CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE, OR
USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS
DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
and commercial computer software documentation as defined in FAR Sections 12.212 and
DFARS Section 227.7202.
Symantec Corporation
20330 Stevens Creek Blvd.
Cupertino, CA 95014
www.symantec.com

Third-party legal notices

Third-party software may be recommended, distributed, embedded, or bundled with
this Symantec product. Such third-party software is licensed separately by its
copyright holder. All third-party copyrights associated with this product are listed
in the accompanying release notes.
Documentum, Documentum Content Server, and Documentum Retention Policy
Services are registered trademarks of EMC Corporation.

Technical support
For technical assistance, visit http://www.symantec.com/enterprise/support
and select phone or email support. Use the Knowledge Base search feature to access
resources such as TechNotes, product alerts, software downloads, hardware
compatibility lists, and our customer email notification service.

Preface........................................................................................................................... 7
Formats available.................................................................................................. 7
Accessing the Support Web site ....................................................................... 7
Introduction................................................................................................................. 11
Logical components ........................................................................................ 11
Physical components....................................................................................... 12
Section I. Installation .................................................................................................. 14
Before installing 1................................................................................................ 15
Enterprise Vault requirements ............................................................................ 15
Documentum requirements................................................................................. 15
Microsoft Exchange requirements ...................................................................... 16
Installing the Documentum extensions 2............................................................. 17
Store plug-in installation..................................................................................... 17
Creating the plug-in and store......................................................................... 18
Setting up authentication for AuthHttpPlugin ................................................ 22
DocApp installation ............................................................................................ 23
WDK overlay installation ................................................................................... 23
Documentum web services installation .............................................................. 24
Post-installation tasks.......................................................................................... 25
Installing Enterprise Vault extensions 3 .............................................................. 27
The Vault extension wizard ................................................................................ 27
Silent install .................................................................................................... 31
Installing Microsoft Exchange extensions 4 ........................................................ 33
File installation ................................................................................................... 33
Creating the COM+ application.......................................................................... 34
Installing the Exchange event sink into COM+.................................................. 37
Section II. Configuration ............................................................................................ 40
Configuring the Documentum extensions 5 ........................................................ 41
AppConfig.xml ................................................................................................... 41
Required configuration ................................................................................... 41
Optional configuration .................................................................................... 42
Configuring the Enterprise Vault extensions 6.................................................... 44
Modifying configuration settings........................................................................ 44

Specifying the folder synchronization email message........................................ 45

Toggling logging from the Message Sync Filter ................................................ 45
Configuring the Microsoft Exchange extensions 7.............................................. 47
Common configuration tasks 8 ............................................................................ 48
Updating the Vault service account credentials.................................................. 48
Updating the Documentum integration admin credentials ................................. 49
Changing the active Documentum application server ........................................ 49
Changing the active Enterprise Vault server ...................................................... 49
Changing the managed message retention category ........................................... 49
Section III. Administration ......................................................................................... 51
User administration 9........................................................................................... 52
User mapping ...................................................................................................... 52
Folder administration 10 ...................................................................................... 53
Creating retained message folders in Documentum ........................................... 53
Synchronizing retained message folders to Exchange........................................ 54
Folder security settings ....................................................................................... 58
Folder permissions and selective folder synchronization ............................... 58
Folder permissions and user access to retained messages .............................. 59

Preface
This book discusses the procedures required to install, configure, and administer the
Symantec Enterprise Vault Content Management Connector for EMC
Documentum Retention Policy Services. The first two sections of this book,
Installation and Configuration, are targeted towards system administrators. These
sections assume an administrative knowledge of Enterprise Vault, Microsoft
Exchange Server, and EMC Documentum. The third section of this book,
Administration, is targeted towards Documentum administrative users and assumes
working knowledge of Documentum Content Server, Documentum Administrator,
and Documentum Retention Policy Services.

Formats available
This book is available as an Adobe Acrobat (PDF) file on the Enterprise Vault
CD-ROM.
If you have yet to install the free Adobe Reader, you can download it from the
Adobe Web site at http://www.adobe.com.

Getting help
Symantec offers you a variety of support options:
Accessing the Support Web site
Subscribing to Symantec Email Notification Service
Accessing Symantec telephone and fax support

Accessing the Support Web site

The Symantec Support Web site enables you to:
Contact the Symantec Support staff and post questions to them.
Download the latest patches, upgrades, and utilities.
View the Enterprise Vault Frequently Asked Questions (FAQ) page.
Search the Knowledge Base for answers to technical support questions.
Subscribe to automatic email notice of product updates.
Find out about Enterprise Vault training.
Read current Enterprise Vault white papers, tech notes, and selected
documentation.
The address of the Support Web site is:

http://www.symantec.com/techsupp/enterprise/

Subscribing to Symantec Email Notification Service

Subscribe to the Symantec Email Notification Service to be informed of software
alerts, newly published documentation, Beta programs, and other services.
Go to http://www.symantec.com/techsupp/enterprise/, select a product, and
then click Email Notifications on the right side of the page. Your customer
profile ensures you receive the latest Symantec technical information
pertaining to your specific interests.

Accessing Symantec telephone and fax support

Telephone support for Enterprise Vault is only available with a valid support
contract. To contact Symantec for technical support, dial the appropriate phone
number listed on the Support Guide included in the product box and have your
product license information ready for quick navigation to the proper support
group.
The Symantec telephone support directory is available at the Support site. Go to
http://www.symantec.com/techsupp/enterprise/ and enter your product.

Related documentation
The following guides, along with the online help, comprise the Enterprise Vault
documentation set:
Table 1-1 Enterprise Vault documentation set
Guide title
Release Notes

File name
ReadMeFirst.htm on the CD-ROM and in
the Enterprise Vault installation folder

Introduction and Planning

Introduction_and_Planning.pdf
Introduction_and_Planning.chm

Installing and Configuring

Installing_and_Configuring.pdf
Installing_and_Configuring.chm

Administrator's Guide

Administrators_Guide.pdf
Administrators_Guide.chm

Registry Values

Enterprise Vault Help

Registry_Values.chm

EV_Help.chm

Administration Console Help

Admin_Console_Help.chm

Utilities

Utilities.pdf
Utilities.chm

In addition to this Enterprise Vault documentation, the following EMC Documentum

documentation may be helpful:
Table 1-2 EMC Documentum documentation set
Guide title

File name

Content Server Installation Guide

Content_Server_53_SP3_Installation_Guide.p
df

Content Server Administrators Guide

Application Builder User Guide

Retention Policy Services Release Notes

Retention Policy Services User Guide

Content_Server_53_admin.pdf

Application_Builder_53_SP1_user.pdf

RPS_5.3_SP3_Release_Notes.pdf

RPS_53_SP3_User_Guide.pdf

10
Web Development Kit and Applications
Install Guide

WDK_Applications_53_SP3_installation.pdf

Related resources
There is an Enterprise Vault Web page at:
http://www.symantec.com/enterprisevault
There is an EMC Documentum Web page at:
http://software.emc.com/solutions/business_need/content_management/index.htm

11

Introduction
The Enterprise Vault integration to Documentum enables Documentum users to
perform in-place retention management of Exchange Server email messages stored
in Enterprise Vault Essentially, Documentum-based retention policies are applied
to content that lives solely in Enterprise Vault:

As with standalone Enterprise Vault, the primary user interface for the integrated
system is Microsoft Outlook. Once messages are in the integrated system, users of
native Documentum and Enterprise Vault clients can browse and search for
messages managed by the system.
The integration simulates external management of retention policies by creating
objects in Documentum that reference archived messages in Enterprise Vault.
These Documentum objects are then controlled by standard Documentum Retention
Policy Services policies, which age objects through configured retention lifecycles
and ultimately delete objects as they reach expiration. When a retained message is
deleted within Documentum, the integration ensures that the corresponding
archived message is removed from Enterprise Vault.
An important feature of the integration is that it selectively chooses which
messages to synchronize to Documentum. It selects only those messages that reside
in retained message folders within each users Microsoft Exchange mailbox.
Retained message folders are created by the integration when an administrator
performs folder administration. Folder administration is the process of creating a
folder hierarchy in Documentum to manage Enterprise Vault messages and
synchronizing that hierarchy to users Exchange mailboxes. For more information
about folder administration, please see Chapter 10, Folder Administration.
This integration currently only supports Exchange Server user mailbox archiving.

Logical components
The Enterprise Vault integration to Documentum comprises three logical
components that are each responsible for a key activity in the system. These
components are:
1. Folder Synchronization This component is used by administrators to
synchronize retained message folders from Documentum to Microsoft

12

Exchange. Retained message are those folders that contain message

objects that reference archived messages in Enterprise Vault.
2. Message Synchronization This component is responsible for creating
message objects in Documentum each time a message is archived from a
managed folder and each time an Enterprise Vault shortcut is filed into a
managed folder. A managed folder is a folder within a users mailbox that
was initially created by the integration during folder synchronization.
Each managed folder maps back to a specific retained message folder in
Documentum.
3. Retained Message Disposition This component notifies Enterprise Vault
that a message should be expired when the corresponding object in
Documentum reaches the terminal retention phase
These logical components communicate with multiple physical components of the
integrated system. These communication paths are summarized by the following
diagram:

Physical components
Because some logical components need to interact with multiple physical systems,
there are more physical components than logical components. These physical
components are deployed across four physical systems:

Documentum Content Server

o DocApp This component encapsulates the schema, bootstrap
data, and business logic that needs to be installed into
Documentum.
o Store Plug-in DLL This component enables Documentum to
stream content from Enterprise Vault.

Documentum Application Server

o WDK Overlay This component includes customizations and
extensions to the standard Documentum Retention Policy Services
(RPS) web application.

13

Web Services This component includes the web services that

allow Enterprise Vault to communicate with Documentum.

Enterprise Vault
o ECM API Web Services This component makes the Enterprise
Vault Enterprise Conent Management API available to
Documentum by wrapping it with web services.
o Folder Administration Web Services This component publishes
services that allow Documentum to create managed folders within
users mailboxes.
o Custom Filter The custom filter examines messages being
archived by Enterprise Vault and initiates processing in
Documentum when messages are archived from managed folders.

Microsoft Exchange
o Event Listener This component notifies Documentum when an
already-archived message has been moved into a managed folder.
The following diagram summarizes where the physical components are deployed:

14

Section I. Installation
This section contains the following chapters:

Chapter 1, Before installing

Chapter 2, Installing the Documentum extensions

Chapter 3, Installing the Enterprise Vault extensions

Chapter 4. Installing the Microsoft Exchange extensions

15

Before installing

Read this chapter to find out about the prerequisites needed before you can install
the Documentum integration:

Enterprise Vault requirements

Documentum requirements

Microsoft Exchange requirements

Enterprise Vault requirements

The Enterprise Vault components of the Enterprise Vault integration to
Documentum must be installed on a system hosting Enterprise Vault 7.0. This
Enterprise Vault installation ,must be configured for Exchange Server archiving.
Please refer to the Enterprise Vault document Installing and Configuring Guide for
instructions on setting up Enterprise Vault for Exchange Server archiving.

Documentum requirements
The documentum environment must be properly set up and configured and must
include at least the following components:

Documentum Content Server 5.3 sp3, Windows platforms only

Documentum Retention Policy Services 5.3 sp3

Documentum Administrator 5.3 sp3

Documentum Application Installer 5.3 sp3

Documentum Web Services Framework 5.3 sp3

These components may be installed on a single machine or across multiple systems
in accordance with Documentum installation guidelines. For information about
setting up these Documentum components, please refer to the EMC documentation
about these products.
Note: Documentum Application Installer has a dependency on the Microsoft
ActiveX Control Pad control, which is often missing from Documentum installations.
Follow these steps to determine if your machine has the control installed:
1. Open an Explorer window and navigate to %WINDIR%\System32,
where %WINDIR% is your Windows installation directory.
2. Look for the file named mscomctl.ocx in this folder.
3. If the file exists, the control is installed.
If the control is not present on the machine, it can be downloaded directly from
Microsoft from

16

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaxctrl/html/c
pad.asp.

Microsoft Exchange requirements

The Microsoft Exchange Server must be Microsoft Exchange 2003 with service pack
2 or later.

17

Installing the Documentum extensions

Read this chapter to find out:

How to use the EvdmSecurityUtil.exe utility to create authentication tokens

How to install the Documentum extensions.

Creating the Integration Administrator account

Before installing the Documentum extensions, it is important to create a
Documentum account that the extension services will use. This Integration
Administrator account will be used by the integration to access, create, modify, and
delete objects in Documentum.
Follow these steps to create this user account:
1. Login to Documentum Administrator as a user with permissions to create
other users (e.g., an administrative or superuser account).
2. Navigate to Administration User Management Users in the left-hand
navigation control.
3. Create a new user by selecting File New User from the menubar.
4. Select Superuser when prompted for the users privileges.
5. Fill out the other fields as appropriate, and click OK to create the user.
After creating the user, you must also add it to the dm_retention_manager role.
Follow these steps to add your Integration Administrator to this role:
1. Login to Documentum Administrator as a user with permissions to edit
groups (e.g., an administrative or superuser account).
2. Navigate to Administration User Management Roles in the left-hand
navigation control.
3. Click on the role named dm_retention_manager.
4. Select File Add Member(s) from the menubar.
5. Select the user you created in the previous step.
Your Integration Administrator is now properly setup.

Store plug-in installation

The store plug-in enables Documentum Content Server to stream content directly
from Enterprise Vault. Installing the plug-in consists of two steps: 1) Creating the
plug-in and store objects within Documentum using Documentum Administrator, 2)
Creating an authentication token and storing it in the Windows registry.

18

Creating the plug-in and store

Follow these steps to create the required plug-in and store objects within
Documentum:
1. Log in to Documentum Administrator using an account with Superuser
privileges.
2. Navigate to Administration Storage in the navigation tree.
3. In the right-hand pane, select the menu item File New Plug-in.

4.
5.
6.

Name the plug-in AuthHttpPlugin and select DLL (Windows) as the plug-in
type.
Click OK to create the plug-in object.
In the right-hand pane, find the plug-in object you just created. If your
plug-in is not visible on the page, you may need to navigate to another set
of objects using the Page controls at the top of the pane. You may also
search for your plug-in using the Starts with filter at the top of the pane.

19

7.

Select the plug-in object by clicking its checkbox.

8.

From the File menu, select Import Content.

9.

Click Browse and navigate to

\DocumentumIntegration\Documentum\Plugin from the Enterprise Vault

20

install CD. Select the file named EvdmHttpReader.dll.

10. Click OK. The Documentum content transfer applet will initialize to upload
the file to the Documentum Content Server. If you are prompted to accept
a certificate from Documentum, select Yes.
11. Once the DLL has been uploaded, you can confirm that the upload was
successful by verifying the size of the objects content is larger than 1 KB.

12. Unselect the plug-in by clicking its checkbox. This is necessary to enable
the correct menu items for the next step.

21

13. In the right-hand pane, select the menu item File New External URL
Store.

14. Name the external URL store AuthHttpStore, select the option to execute
the plug-in On Server, and next to the Windows label, select the name of the
plug-in you just created (AuthHttpPlugin).

15. Click OK to create the store object.

22

Setting up authentication for AuthHttpPlugin

Note: The authentication key generation utility requires that the Microsoft .NET
v1.1 framework be installed on the computer upon which the utility is run. If the
Documentum machine does not have the .NET framework installed, you may run the
utility (steps 1-3 below) on a different machine to generate the authentication token.
Simply copy this text string onto the Documentum system to complete the setup
process (steps 4-7 below).
Follow these steps to register the authentication token for the plug-in:
1. Log on to the system hosting Documentum using an account that can
modify system registry settings.
2. Open a command prompt.
3. Change the working directory to \DocumentumIntegration\Tools on the
Enterprise Vault CD.
4. Execute the EvdmSecurityUtil.exe utility using the following command line:
EvdmSecurityUtil.exe --reader --user=<domain\username>
--pass=<password>
where domain is the domain of the vault service account, username is the
vault service account name, and password is the password for the vault
service account. You will need to capture the output from this utility. You
can do this either by copying directly from your shell window, or by
directing the output of this utility to a file that you can later open in a text
editor:
EvdmSecurityUtil.exe --reader --user=domain\vaultadmin --pass=foo >
c:\auth.out
5.

Copy the file register-plugin.reg from

\DocumentumIntegration\Documentum\Plugin on the Enterprise Vault CD
to a local directory on your install machine. This can be a temporary
directory.
6. Open the file in a text editor.
7. Replace the text ENTER_AUTHORIZATION_TOKEN_HERE with the string
created by EvdmSecurityUtil.exe in step 3.
8. Save the file.
9. Open a Windows Explorer window and navigate to the copy of
register-plugin.reg you edited.
10. Double click on the file, and select Yes when you are prompted to add the
information from the file to the registry.
These steps create the key
HKEY_LOCAL_MACHINE
\SOFTWARE

23

\KVS
\EnterpriseVault
\EVDM Adapter

if it does not already exist, and add a single string value, AuthorizationToken, to the
key.
If more than one Documentum Content Server is being used (for example, in a
federated deployment), this registry entry will need to be added to each Content
Server system.

DocApp installation
The DocApp contains the default schemas and data, and contains the business logic
and services (TBOs and SBOs) that the integration requires. To install the DocApp,
follow these steps:
1. Log on to the system hosting Documentum using an account that can
modify system registry settings.
2.

Navigate to DocumentumIntegration\Documentum\DocApp on the

Enterprise Vault CD.
3. Extract the contents of SymantecEnterpriseVault.zip into a directory on the
Documentum Content Server machine.
4. Install the DocApp using Documentum Application Installer.
Please refer to the Documentum documentation on Documentum Application
Installer if you need assistance running this program.

WDK overlay installation

The WDK overlay contains extensions and customization to the default
Documentum Retention Policy Services web application. The WDK overlay enables
Documentum Retention Policy Services to create and manage managed folders.
To install the WDK overlay, follow these steps:
1. Log on to the system hosting Documentum using an account that can write
to the RPS web application directory (e.g., C:\tomcat5\webapps\rpsa).
2. Navigate to DocumentumIntegration\Documentum\WDK on the Enterprise
Vault CD.
3. Extract the contents of the zip archive wdk-distributionsp3.zip into the
RPS web application directory. For example, if RPS is installed in
C:\tomcat5\webapps\rpsa, you would extract the contents of the archive
into this directory.
4. Restart the application server hosting RPS.

24

You can verify the successful installation of the WDK overlay by logging into RPS
and selecting the Cabinets node in the navigation hierarchy. You should see a
cabinet named Enterprise Vault Folders and a new menu named Enterprise Vault.

Documentum web services installation

The Documentum web services expose service methods to Enterprise Vault and
Microsoft Exchange so that those applications can notify Documentum when a new
managed email message object must be created.
To install the Documentum web services, follow these steps:
1. Log on to the system hosting Documentum using an account that can write
to the Documentum Web Services web application directory (e.g.,
C:\tomcat5\webapps\ws).
2. Login to Documentum Administrator or Documentum Retention Policy
Services as a superuser.
3. In the navigation tree, navigate to Cabinets System Applications
SymantecEnterpriseVault.

25

4.

Select ws.war by checking its checkbox.

5.
6.
7.

From the menu bar in the right-hand pane, select File Export.
Choose a location on the system and export the file.
Navigate to the exported file and check the file name. If the file name is
ws.war.war, rename it to ws.war.
8. Deploy this file to the Documentum application server. For most
application servers, you can simply copy this file to the root of the web
applications directory. Some application servers may require a restart.
You can verify successful installation of the web services by:
1. Open a new browser window.
2. Navigate to the ws application on the Documentum application server
(e.g., http://dctm_appserver:8080/ws).
3. Click the View link.
4. Verify that MessageSynchronizationService is listed and verify that
you can access its WSDL by clicking on the link.

Post-installation tasks
After installing the Documentum components, you still need to configure the
application by editing the AppConfig.xml file checked into the docbase. Please see

26

Chapter 5 Configuring the Documentum extensions for instruction on how to

configure the Documentum components.

27

Installing Enterprise Vault extensions

Read this chapter to find out:

How to install the Enterprise Vault extensions.

Before installing the Enterprise Vault extensions, do the following:

Using the Enterprise Vault Administration Console, create a new retention

category that will be applied to messages being managed by Documentum.
Set the retention period for 1 day, and select the checkbox to lock the
retention category. Remember the name you give this category, as you will
need the name to configure the extensions.

Stop the Mailbox Archiving Task on the target machine. This can be done
through the Vault Administration Console.

The Vault extension wizard

The Enterprise Vault extensions comprise two web services and an Enterprise Vault
custom filter. All three components can be installed and configured using the
provided Windows installer.
Follow these steps to install the Enterprise Vault extensions:
1. Navigate to \DocumentumIntegration\Vault on the Enterprise Vault CD.

28

2.

Double-click the file named EvdmVaultExtensions.msi. If you are prompted

with a dialog asking whether you want to run this file, select Open. You
should see the first screen of the installation wizard:

3.

Click Next. You will be presented with the license agreement. Read the
agreement, accept it, and click Next again.
You will be presented with a screen prompting for settings about your
Exchange Server. Fill in these fields as follows:

4.

Exchange Server Name The name of the Microsoft Exchange

server the integration should use to administer user mailboxes.

Exchange Server Domain The domain of the Exchange server.

Vault Mailbox The mailbox created for use by the Exchange

Server archiving tasks. This mailbox must have permissions to
open all other users mailboxes.

29

5.

Click Next after entering values in all the fields.

You will be presented with a screen prompting for settings about your
Enterprise vault installation. Fill in these fields as follows:

Encoded Authorization String This is the token used to

authenticate communication between Documentum and
Enterprise Vault. The token can be generated using the
EvdmSecurityUtil.exe tool found in the
\DocumentumIntegration\Tools folder on the Enterprise Vault CD.
To generate the token, run the tool from a command prompt using
the --server and --pass parameters. You can provide any password
you like at this point. Be sure to remember the password, as you
will need this password to later configure the Documentum
extensions (see Chapter 5.

Vault Retention Category This is the name of the retention

category you set up for the integration prior to running the
wizard.

Vault Fully Qualified Domain Name The full name of the

Enterprise Vault machine. For example, vault1.demodomain.com.

Vault Service Account Name The name of the Vault service

account. It is used to populate the identity of the IIS application
pool created to host the integration web services.

Vault Service Account Password The password for the Vault

service account.

30

6.

Click Next after entering values for all the fields.

You will be presented with a screen prompting for settings about your
Documentum installation. Fill in these fields as follows:

Documentum Credentials Service URL This is the URL to the

Documentum Credentials web service. This is typically
http://<appserver:port>/ws/services/DocbaseCredentials for a
standard Documentum installation.

Documentum Message Service URL This is the URL to the Message

Synchronization web service on the Documentum server. With a
standard installation of the EVDM Documentum extensions, this
URL is typically
http://<appserver:port>/ws/services/MessageSynchronizationServi
ce.

Documentum Docbase Name The name of the docbase into which

the Documentum extensions were installed.

Documentum Administrator Name The name of the integration

administrator created before installing the Documentum
extensions.

Documentum Administrator Password The password for the

integration administrator.

31

Click Next after entering values for all the fields.

You will be presented with a screen notifying you that the wizard has
collected all of its input and is ready to install the extensions. Click Next to
proceed.
8. Once the installation is finished, use the Vault Administration Console to
re-start the Mailbox Archiving Task.
You can verify that the Enterprise Vault extensions have been installed correctly by
performing the following tasks:
1. Open a browser to
http://vault_machine/EvAdminService/ContentManagementService.asmx.
You should receive an IIS web service description page.
2. Open a browser to
http://vault_machine/ExchangeAdminService/FolderService.asmx. You
should receive an IIS web service description page.
3. Verify that the log file EvdmMessageSyncProxy.log exists in the root
directory of the drive upon which Enterprise Vault is installed.
4. Examine the Enterprise Vault log using the system Event Viewer. Verify
that there are no errors related to the EvdmMessageSyncFilter.
7.

Silent install
You can launch the Vault extensions installer in a silent mode using the following
command line:
msiexec /i EvdmVaultExtensions.msi /q PROP1=prop 1 value PROPN=prop n
value

32

where PROP1PROPN are the property names and values that you need to provide
to the installer. These properties correspond to each of the fields you would
otherwise complete when installing with the user interface. These properties are:

IIS_USER_NAME The domain and user name (in domain\username

format) of the Vault service account.

IIS_USER_PASS The password for the Vault service account.

AUTH_STRING This is the encoded authentication string for

authenticating between Enterprise Vault and Documentum. See step 5
above for instruction on generating this string.

RETENTION_CATEGORY This is the name of the retention category you

set up for the integration prior to running the wizard.

EXCHANGE_SERVER The name of the Exchange server machine used for

administering user mailboxes.

EXCHANGE_DOMAIN The domain of the Exchange server.

EXCHANGE_ADMIN_MAILBOX The mailbox created for use by the

Exchange Server archiving tasks. This mailbox must have permissions to
open all other users mailboxes.

VAULT_FQDN The fully qualified domain name of the Enterprise Vault

server.

DCTM_WS_CREDENTIALS_URL The URL to the Documentum

credentials web service.

DCTM_WS_MESSAGE_SYNC_URL The URL to the message

synchronization service hosted on the Documentum application server.

DCTM_DOCBASE The name of the Documentum docbase in which the

extensions are installed.

DCTM_ADMIN_USER The name of the integration administrator created

before installing the Documentum extensions.

DCTM_ADMIN_PASS The password for the integration administrator.

Please note that all of these properties must be specified on the command line for a
successful installation.

33

Installing Microsoft Exchange extensions

Read this chapter to find out:

How to install the Microsoft Exchange extensions.

Installing the Microsoft Exchange extensions consists of three activities:
1. Installing files on the Exchange server.
2. Creating a new COM+ application.
3. Installing an Exchange event sink in the new COM+ application.
This chapter will walk you through these steps.

File installation
The first step in installing the Microsoft Exchange extensions is to copy the
Exchange extensions files onto the Exchange server and register them as
appropriate in the Windows and .NET registries.
Follow these steps to install the files onto the Exchange server:
1. Log on to the system hosting Microsoft Exchange using an account with
full Administrator privileges.
2. Navigate to \DocumentumIntegration\Exchange on the Enterprise Vault CD.
3. Copy the EVDM folder to the %WINDIR%\System32 directory,
where %WINDIR% is your Windows installation directory.
4. Open a command prompt, and navigate to
the %WINDIR%\System32\EVDM directory.
5. Edit the file eventHook.config, setting the properties as follows:

EVDM_MESSAGE_SYNC_SOURCE Do not change from the default.

This should always be set to exchange.

EXCHANGE_DOMAIN_NAME The domain of the Exchange server.

DCTM_DOCBASE_CREDENTIALS_SERVICE_URL The URL to the

Documentum credentials service hosted on the Documentum
application server.

DCTM_MESSAGE_SYNC_SERVICE_URL The URL to the message

synchronization service hosted on the Documentum application
server.

DCTM_DOCBASE_NAME The name of the Documentum docbase in

which the extensions are installed.

DCTM_DOCBASE_USERNAME The name of the integration

administrator created before installing the Documentum extensions.

34

DCTM_DOCBASE_PASSWORD The password for the integration

administrator.
Ensure there is a <watch-message-class> element for each MAPI message
class the event sink should listen to. For example:
<watch-message-class name="IPM.Note.EnterpriseVault.Shortcut" />
<watch-message-class name="IPM.Post.EnterpriseVault.Shortcut" />
6. Run the install.bat batch script to register the DLLs.
You can verify the correct registration of these files by monitoring the output of the
batch script. You should observe a dialog box notifying you of the successful
registration of NVDMArchiveWatcher.dll, and you should see the messages
Assembly successfully added to cache and Types registered successfully output to
your command window.

Creating the COM+ application

The COM+ application acts as a container for the Exchange event sink that enables
Exchange to communicate with the event handler logic.
Follow these steps to create the COM+ application:
1. Log on to the system hosting Microsoft Exchange using an account with
full Administrator privileges.
2. From the Windows Start menu, select Programs Administrative Tools
Component Services. This will launch the Component Services
Administration Console.
3. In the left-hand tree control, navigate to Component Services Computers
My Computer.

35

4.

Right click on the folder named COM+ Applications and select New
Application.

5.

The COM+ Application Install Wizard will open. Click Next, and then select
Create an empty application.

36

6.

Enter a name for the application (EvdmMessageHandler is a good choice),

ensure Server application is selected, and click Next.

7.

For application identity, select This user and enter the credentials for the
Vault service account. Click Next.

8.

You will now see the Add Application Roles screen. You do not need to add
any additional application roles, so just click Next.
You will now see the Add Users to Roles screen. You do not need to add any
users to any roles, but you should verify that the Vault service account has

9.

37

been given the CreatorOwner role. Click Next to continue.

10. Click Finish to complete the wizard.

You can verify that the COM+ application was successfully created by navigating to
the new application in the tree control.

Installing the Exchange event sink into COM+

Now that you have created the container COM+ application, you need to install the
Exchange event sink.
Follow these steps to install the event sink:

38

1.
2.

3.

In the Component Services Administration Console, navigate to the COM+

application you created.
Right click on the Components folder and select New Component. This
will launch the COM+ Component Install Wizard.

Select Install new components.

39

4.

Select Add and then browse to the directory where you installed the files
(%WINDIR%\System32\EVDM). Select NVDMArchiveWatcher.dll.

5. Click Next and then click Finish to complete the wizard.

The Microsoft Exchange extensions are now installed.

40

Section II. Configuration

This section contains the following chapters:

Chapter 5, Configuring the Documentum extensions

Chapter 6, Configuring the Enterprise Vault extensions

Chapter 7, Configuring the Microsoft Exchange extensions

Chapter 8, Common configuration tasks

41

Configuring the Documentum extensions

Read this chapter to find out:

How to configure the Documentum extensions.

AppConfig.xml
The Documentum extensions retrieve configuration data from a document checked
into the docbase in which the extensions are installed. By default, the DocApp
installs AppConfig.xml into Cabinets System Applications
SymantecEnterpriseVault AppConfig.xml. Modifying the configuration consists of
the following four steps:
1. Login to Documentum Administrator as a user that has access to write
inside the System cabinet.
2. Check out AppConfig.xml.
3. Edit the file in a text editor or XML editor.
4. Check AppConfig.xml back in.
5. Restart the application server(s) hosting RPS and the Documentum web
services.

Required configuration
After installing the Documentum extensions, some required configuration must be
performed before the system is operational. The following elements in
AppConfig.xml need to be updated with the appropriate values:
<retentionAdmin name=adminName />

This element identifies the integration administration user to Documentum.

The value for the name attribute must be the name of the integration
administrator created prior to installation of the Documentum extensions (see
Chapter 2).
<vaultCredentials authToken=encryptedToken />

This element stores the encrypted authentication token Documentum uses to

authenticate with the Enterprise Vault web services. The value for authToken is
generated using the EvdmSecurityUtil utility. (Note: Do not use the token
created during Documentum setup in Chapter 2. You must create a new token
using the steps below.)
1. Navigate to the \DocumentumIntegration\Tools folder on the
Enterprise Vault CD.
2. Run EvdmSecurityUtil with the following command line:
EvdmSecurityUtil.exe --client --pass=<password>

42

3.

where <password> is the same password used to set up the Vault

extensions (Chapter 3).
Copy the encrypted credential string into AppConfig.xml.

<folderService name=synchronizeFolders
wsdlUrl=url_to_folder_service_wsdl />

This element contains the connection information that enables Documentum to

connect to the Folder Administration Web Services on the Enterprise Vault
machine. The value for wsdlUrl should be a full URL to the service WSDL (e.g.,
http://enterpriseVault/ExchangeAdminService/FolderService.asmx?wsdl.).
Please note that URL is different than the URLs setup during configuration of
the Enterprise Vault extensions.
The wsdlUrl attribute must be updated to point to the WSDL for FolderService.
The name attribute should not be changed.
<evApiService name=evApi
wsdlUrl=url_to_folder_ev_api_wsdl />

This element contains the connection information that enables Documentum to

connect to the ContentManagementService web service on the Enterprise Vault
machine. The value for wsdlUrl should be a full URL to the service WSDL (e.g.,
http://enterpriseVault/EvAdminService/ContentManagementService.asmx.asmx
?wsdl.). Please note that URL is different than the URLs setup during
configuration of the Enterprise Vault extensions.
The wsdlUrl attribute must be updated to point to the WSDL for
ContentManagementService. The name attribute should not be changed.
<dateFormat>java_date_format_string</dateFormat>

This element configures the Java date format used to interpret dates coming
into the system from Outlook clients. It is important that the format string
specified here matches the format used by the Outlook clients. Otherwise, dates
may be interpreted incorrectly. Some examples of common date format strings
include:
MM/dd/yyyy HH:mm:ss (US)
dd/MM/yyyy HH:mm:ss (EU/UK)
yyyy/MM/dd HH:mm:ss (Japan)
For more information about date format strings, please see the Java API
documentation regarding the java.text.DateFormat class.

Optional configuration
In addition to the required configuration items, there are also three optional
configuration elements:
<rootFolder name=/dctm_path_to_root />

43

This element specifies the path to the root of the managed message hierarchy in
Documentum. If you modify this value, you must ensure that the path points to
a valid location and that the Documentum type of the target object is either an
EV Message Folder (sym_ev_message_folder) or an EV Message Cabinet
(sym_ev_message_cabinet). The default value for this parameter is
/Enterprise Vault Folders.
<outlookRoot name=/outlook_managed_folder_root />

This element specifies the path to the root of the managed message hierarchy
within Outlook. This path is relative to the root of each users mailbox (i.e., the
parent of Inbox). When folders are synchronized from Documentum to
Microsoft Exchange, the Documentum folder specified in the <rootFolder>
element maps to the Outlook/Exchange folder specified in <outlookRoot>. The
default value for this parameter is /Retained Messages.

44

Configuring the Enterprise Vault extensions

Read this chapter to find out:

How to change the configuration settings specified at install time.

How to specify an email message to be sent to users during folder

synchronization.

Toggling logging from Message Synchronization Filter.

Modifying configuration settings

You can modify most of the configuration settings collected during installation by
directly editing the configuration files. These configuration files reside in three
places:
1. %EVDIR%\Documentum\EvAdminService\Web.config
2. %EVDIR%\Documentum\ExchangeAdminService\Web.config
3. %EVDIR%\Documentum\MessageSyncFilter\evdm-message-sync-config.xml
These configuration files contain documentation inside them to guide you in making
modifications. For more information on performing common configuration tasks,
please see Chapter 8 Common configuration tasks.
The only configuration activity that cannot be modified by editing one of these
configuration files is updating the credentials for the Vault service account in IIS. If
you need to update the Vault Service account credentials, follow these steps:
1. Open up IIS Manager by clicking on the Windows Start menu and
navigating to Programs Administrative Tools Internet Information
Services (IIS) Manager.
2. Expand the Application Pools folder in the tree control.
3. Right-click on the application pool named EvdmAppPool and select
Properties from the context menu.

45

4.

Select the Identity tab and enter the updated credential information.

5.

Click OK to close the dialog.

Specifying the folder synchronization email

message
The system can send an email message out to users each time their mailboxes are
synchronized with the retained folder hierarchy in Documentum. By sending out
the message each time folder synchronization occurs, the system can alert users
when new managed folders are available.
By default, the system sends out the message located at
%EVDIR%\Documentum\ExchangeAdminService\EnableMailboxForDocumentumRetention.ms
g. You may edit this message to suit your needs, or you may specify a different

message to send upon folder synchronization.

To specify a different message, you only need to set the INTRO_EMAIL_PATH
property in %EVDIR%\Documentum\ExchangeAdminService\Web.config to point to
the message you would like sent out.

Toggling logging from the Message Sync Filter

By default, the message synchronization filter logs its activity to a file named
EvdmMessageSyncProxy.log in the root directory of the drive upon which Enterprise
Vault is installed. You can toggle this logging on and off by following these steps:
1. Open %EVDIR%\Documentum\MessageSyncFilter\evdm-message-sync-conf
ig.xml in a text editor or XML editor.
2. Find the property named TRACE_ENABLED.

46

3.
4.
5.

Set the value of the property to true if you want to enable tracing and
false if you want to disable tracing.
Save the file and exit the editor.
Using Enterprise Vault Administration Console, restart all Mailbox
Archiving tasks.

47

Configuring the Microsoft Exchange extensions

All configuration for the Microsoft Exchange extensions can be performed by

editing the file %\System32\EVDM\eventHook.config.
Please see Chapter 4, Installing the Microsoft Exchange extensions for details on
editing this file.

48

Common configuration tasks

Read this chapter to find out how to perform common configuration tasks such as:

Update the credentials for the Vault service account

Update the credentials for the Documentum integration administrator

account

Changing which Documentum server is active in the integration

Changing which Enterprise Vault server is active in the integration

Changing the retention category assigned to managed messages in

Enterprise Vault
This chapter makes multiple references to various configuration files. For later
reference, here is the complete list of the configuration files with their locations:

EvAdminService: Vault machine.

%EVDIR%\Documentum\EvAdminService\Web.config

ExchangeAdminService: Vault machine.

%EVDIR%\Documentum\ExchangeAdminService\Web.config

MessageSyncFilter: Vault machine.

%EVDIR%\Documentum\MessageSyncFilter\evdm-message-sync-config.xml

ExchangeEventSink: Exchange machine.

%WINDIR%\System32\EVDM\eventHook.config

AppConfig: Documentum machine.

/System/Applications/SymantecEnterpriseVault/AppConfig.xml

Updating the Vault service account credentials

You will need to update the integration configuration if you change the Vault service
account credentials or if you want to use a different Vault service account.
These are the items in the integrated system that you need to modify to update the
Vault service account credentials:
1. You will need to update the authentication token for the Documentum
plug-in. Please see the section Setting up authentication for
AuthHttpPlugin in Chapter 2 for instructions detailing how to set the
authentication token.
2. You will need to update the identity credentials for the EvdmAppPool
application pool in IIS on the Enterprise Vault machine. Please see the
section Modifying configuration settings in Chapter 6 for instructions on
modifying these application pool settings.

49

Updating the Documentum integration admin

credentials
You will need to update the integration configuration if you change the
Documentum integration administrator credentials or if you want to use a different
account.
These are the items in the integrated system that you will need to modify to update
the Documentum integration administrator:
1.

2.

3.

You will need to update the Documentum credentials in the

MessageSyncFilters configuration. You will need to update
DCTM_DOCBASE_USERNAME and/or DCTM_DOCBASE_PASSWORD.
You will need to update the Documentum credentials in the Exchange event
sink configuration. Please see the section File installation in Chapter 4
for instructions on updating this configuration.
If you change the name of the integration administrator, you will also need
to update the <retentionAdmin> element in the AppConfig.xml
configuration file in the docbase (see Chapter 5).

Changing the active Documentum application

server
To change which Documentum application server is responding to web services
requests, you will need to update the web services URLs in the MessageSyncFilter
and ExchangeEventSink configurations.

Changing the active Enterprise Vault server

To change which Enterprise Vault server is responding to web services requests, you
will need to update the web services URLs in AppConfig.xml.
Note: It is not possible to change which Enterprise Vault server responds to content
streaming requests from Documentum.

Changing the managed message retention category

If you change the name of the retention category configured in the system or if you
want to use a different retention category, you will need to update the references to
the retention category name in the MessageSyncFilter and ExchangeAdminService
configurations.

50

Tuning the Message Synchronization Filter

The rate at which the Message Synchronization Filter sends requests to
Documentum can be tuned by modifying parameters in the Message
Synchronization Filter configuration file
(%EVDIR%\Documentum\MessageSyncFilter\evdm-message-sync-config.xml).
Adjusting these parameters is recommended in order to get the best possible
performance out of the integrated system. The two parameters that impact filter
performance are:
<property name="SYNC_QUEUE_MAX_MESSAGES_PER_TRANSACTION">100</property>

This parameter controls how many messages are synchronized to Documentum per
transaction. Increasing this value may improve performance.
<property name="SYNC_QUEUE_TIMER_INTERVAL">30000</property>

This parameter controls the interval between message synchronization transactions

initiated by the queue timer thread. Decreasing this value may improve
performance.

Performance Caveats
If the Message Synchronization Filter is tuned to send messages to the Documentum
server at too high a rate (i.e., the SYNC_QUEUE_MAX_MESSAGES_PER_TRANSACTION is
too high and/or the SYNC_QUEUE_TIMER_INTERVAL is too low), the Documentum
server may be unable to keep up with the transaction load. If this happens, some
messages may not successfully synchronize to Documentum. This can be checked
by examining the Documentum logs (typically found in %Documentum%\logs) for
errors. If errors are found, the filter should be throttled back by reducing the value
for SYNC_QUEUE_MAX_MESSAGES_PER_TRANSACTION and/or increasing the value for
SYNC_QUEUE_TIMER_INTERVAL.
A good measure to take note of is the average CPU load on the Documentum server
during heavy message synchronization. A good target for achieving optimum
performance and reliability is 75% to 80% CPU utilization.

51

Section III. Administration

This section contains the following chapters:

Chapter 9, User administration

Chapter 10, Folder administration

52

User administration

Read this chapter to find out how to associate Documentum users with Enterprise
Vault and Microsoft Exchange users.

User mapping
The integration uses the user_os_name and user_os_domain attributes of dm_user
to map Documentum users to Microsoft Exchange users.
No special steps are required when performing user administration within either
system to associate these user entities with one-another.

53

Folder administration

10

Read this chapter to find out how to:

Create retained message folders in Documentum

Synchronize retained message folders to users Exchange mailboxes

Creating retained message folders in Documentum

When the integration is first installed, there are no retained message folders in the
system. In order to enable Documentum retention policies to apply to Vault-based
messages, a hierarchy of retained message folders must be created. This hierarchy
must reside under the path specified in the <rootFolder> element of AppConfig.xml.
This path defaults to /Enterprise Vault Folders.
To create a retained message folder, follow these steps:
1. Log into RPS using an account that has permissions to create folders under
the retained message root.
2. Navigate to a location under the retained message root.

3.

On the File menu in the right-hand pane, select File New Folder.

54

4.

On the first screen of the New Folder wizard enter a name, and select
Retained Message Folder (sym_ev_message_folder) as the folder type.

5.

You may now click on another tab to set properties on the folder or modify
the permissions for the folder, or you may now click Finish to create the
folder with default properties and access permissions. Please see the
section below about folder security for information about how folder
permissions affect the behavior of retained message folders.
After creating the folder, you may associate one or more retention policies
with it. Please refer to the Documentum documentation for creating and
applying retention policies.

6.

Synchronizing retained message folders to

Exchange
Once you have created retained message folders, you can synchronize the retained
message folder hierarchy with users mailboxes in Microsoft Exchange.
The hierarchy is always synchronized in its entirety. This ensures that there are no
discrepancies caused in users mailboxes due to incorrect selection of folders to
synchronize.
Note that this does not necessarily mean that every folder in the hierarchy is
created in each users mailbox. Rather, folders are selectively created in users
mailboxes according to the permissions set on the each folder in Documentum. For

55

more information about how permissions affect folder synchronization, see the
section below about security and folders.
To synchronize folders, follow these steps:
1. Navigate to the retained message root in the right-hand pane and select the
root folder. This will enable the Synchronize Folders action on the
Enterprise Vault menu.

2.

You will now be presented with the Folder Synchronization screen. This
gives you the opportunity to select specific users to synchronize or

56

synchronize folders for all users.

3.

If you click the link select individual users, you will be redirected to a
user-picker dialog to select the users whose mailboxes you want to
synchronize with the retained message folder hierarchy.

57

4.

5.

Upon selecting users and clicking OK, you will be returned to the Folder
Synchronization screen. This time note that the names of the users you
selected in the user picker are displayed on the bottom section of the screen.

At this point you may click the user selection link again to change your user
selection, you may click OK to synchronize folders with the selected users,
or you can re-check the Synchronize folders for all users checkbox and then
click OK to synchronize folders for all users in the system.
After clicking OK, you will be presented with a summary of your
synchronization request. If there were any errors during synchronization,

58

they will be displayed at this time.

6. Click OK to dismiss the dialog. Synchronization is complete.

Once synchronization is complete, each user whose mailbox was synchronized
could log into Outlook and begin filing messages into the managed folders.
These messages ultimately get synchronized back into Documentum so that
retention policies can be applied to them.

Folder security settings

In addition to providing standard Documentum access controls, security settings in
retained message folders serve two other purposes:
1. They drive which folders are synchronized to each users mailbox.
2. They define the permissions settings for the message objects that get
created inside each folder.

Folder permissions and selective folder synchronization

The general rule for Documentum folder permissions and the synchronization
service is:

If a user can browse to a folder in Documentum, that user will be able to

access the synchronized folder from Outlook.

59

This means that Documentum administrators can easily define how folders are
synchronized simply by manipulating standard Documentum permissions.
As with other Documentum applications, it is recommended to use groups over
individual users whenever possible when specifying permissions. This keeps the
ACL count low and helps improve performance.
Note: This folder synchronization policy does not mean that every retained message
folder a user can access in Documentum gets synchronized to the users mailbox. In
Documentum, it is possible for a user to be able to access a given folder but not be
able to access the folders parent. In this system, the user needs to be able to
directly browse from the root of the retained message hierarchy down to a folder in
order for the folder to be synchronized. Enabling synchronization for sub-folders
for which the user may have access would create orphaned folders and would
complicate the user experience in Outlook.

Folder permissions and user access to retained messages

Folder permissions also dictate access for retained messages contained within
retained message folders. Typically, the only users that can access a retained
message are the message owner (the recipient of the message), and the integration
administrator. Therefore, when browsing through the retained message hierarchy,
a user sees only his/her messages.
An administrator can provide users with access to all messages in a given folder by
granting write access on the folder to those users. This enables an administrator to
create semi-public folders of retained messages within Documentum.
There are two important details about this behavior:
1. The access grants only pertain to messages directly contained within the
folder. (They do not recurse to sub-folders.)
2. When folder permissions are modified, the permissions of all of the
messages directly contained in the folder are also updated. Note that this
has the effect of overwriting any individual permission modification that
may have occurred on a given message.