Solved: thanks after doing some - Page 2

roaryT · ‎02-08-2011

Hi,

Can anyone confirm if performance is enhanced by using archive points for all subfolders of a large (say 100 GB +) data share when selecting from the add new folder wizard - a new folder within a volume? The performance is measured over the alternative which is to create a large share as its own volume and setting the archive point at the root of that volume. I guess the questions is - Are multiple archive points better than 1, or can the same performance be acheived by spittig a large volume down into smaller shares each havign their own archive volumes withouth using folders?

Hope this makes sense! :)

roaryT · ‎02-11-2011

Is it therefore regarded as best practice to archive explicit permissions and have the SynchronizeFSASharePermissions key set at 0 to therefore synch NTFS perms and thus not alowing users access to explicit files they shouldn't have access to? Also, I am assuming the key is created in the FSA\Placeholder Service key on the file server if windows and on the EV server if archiving from NetApp Filers? If the default is now to synch NTFS perms of the folder not share then there is a case for not archiving explicit perms still as if you did that file would be accessable by those with access to the folder?

gmackinn · ‎02-14-2011

The key is on the EV server, it will apply to all file servers being archived by that EV server as it defines all the synch tasks.

HKLM\Software\Wow6432Node\KVS\EnterpriseVault\SynchroniseFSASharePermissions, drop the Wow6432Node for 32 bit. Best practice is to synch with NTFS permissions if you secure your data with NTFS permissions (does anyone not) and to not archive files with explicit permissions.

roaryT · ‎02-14-2011

Hi,

From your experiences is it prefered to set the key to 0 so that NTFS perms are synched instead of Share perms? I have not seen any issues with leaving it on the default setting and would assume that if set to 0 the syncs would take consdierably longer?

Also, if users dont have visibility of FSA archives through WebApps such as AE then I dont really see this being an issue as the only way they can recall is via the placeholder?

I'm glad we've cleared up the multiple archive points being a factor in permissions :)

gmackinn · ‎02-14-2011

Roary, contact me on my work e-mail and I'll pass my number on, It is probably easier to discuss this over the phone. While it is true that if you do not give your users archive explorer they would generally not have access to the archives however if they also have Exchange e-mail archiving in the same EV site and they choose to search from the archive explorer that laniunches from Outlook it will list all the archives that they have rights to in the drop down list of what to search. We had this scenario when we discovered that a number of users home drives had been wrongly set with everyone permission, not an issue when tehy did not know and were not trying to map to each others home drives but it immidiately became a problem when they were able to search and retrieve files form other users home drive archives.

roaryT · ‎02-14-2011

thanks after doing some testing I found that with the key set to 1 (default) I gave users access to the share and denied them access to the folder through NTFS permissions and after a synch can confirm that the NTFS permissions took effect. They cannot access the archived data that they cannot access in windows. I did not have to change the reg key. Can someone from Symantec confirm if this is correct behaviour because if it is the key is misleading.

Thanks,

VOX

File System Archiving performance best practices (EV9)