Enterprise Recon 2.0.28

Network Storage Locations

ER2 supports the following network storage locations:

Network Storage Scans

Network storage scans can be performed on mounted network share Targets via a Proxy Agent when the Node Agent is installed on a host other than the Target host.

When the Proxy Agent receives instructions from the Master Server to scan a network storage location, the Proxy Agent copies the latest version of the scanning engine to the Proxy host. The Proxy Agent then establishes a secure connection to the Target host and copies data from the Target host to the Proxy host.

The scanning engine is then executed locally on the Proxy host. It scans the data copied from the network storage Target host and sends aggregated results to the Proxy Agent, which in turn relays the results to the Master Server. Data from the Target host is not stored or transmitted to the Master Server. Only a small amount of contextual data for found matches is sent back to the Master Server for reporting purposes.

Once the scan completes, the Proxy Agent deletes the data from the Proxy host and closes the connection.

er2-network-storage-scans.png

Windows Share

Requirements

To scan a Windows share Target:

  1. Use a Windows Proxy Agent.
  2. Ensure that the Target is accessible from the Proxy Agent host.
  3. The Target credential set must have the minimum required permissions to access the Target locations to be scanned.

Add Target

  1. From the New Search page, Add Targets.
  2. In the Select Target Type window, enter the host name of the Windows share server in the Enter New Target Hostname field.
    For example, if your Windows share path is \\remote-share-server-name\remote-share-name, enter the Target Hostname as remote-share-server-name:
    er2-network-storage-hostname.png
  3. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  4. In the Select Types dialog box, click on Network Storage.
  5. Under Network Storage Location Type, select Windows Share.
  6. Fill in the following fields:
    er2-network-storage-windows-share.png

    Field Description
    Path Enter the file path to scan.
    For example: <folder_name\file_name.txt>
    Credential Label Enter a descriptive label for the credential set.
    Username Enter your user name.
    See Windows Target Credentials for further information.
    Password Enter your password.
    Agent to act as proxy host Select a Windows Proxy Agent that matches the Target operating system (32-bit or 64-bit).
  7. Click Test, and then + Add Customized to finish adding the Target location.

Windows Target Credentials

For scanning of Windows local storage using a Windows proxy agent, use the appropriate user name format when setting up the target Windows hosts credentials:

Username Description
<domain\username> Windows target host resides in the same Active Directory domain as the Windows proxy agent.
<target_hostname\username> Windows target host does not reside in the same Active Directory domain as the Windows proxy agent.

Unix File Share (NFS)

Requirements

Select the Unix File Share Target type when scanning a Network File System (NFS) share.

To scan a Unix file share Target:

  • Use a Unix or Unix-like Proxy Agent.
  • The Target credential set must have the minimum required permissions to access the Target locations to be scanned.
  • The Target must be mounted on the Proxy Agent host.
  • The Path field must be set to the mount path on the Proxy host when adding a Unix file share Target.

To mount an NFS share server, on the Proxy host, run as root:

# Requires nfs-common. Install with `apt-get install nfs-common` mount <nfs-server-hostname|nfs-server-ipaddress>:</target/directory/share-name>

Add Target

  1. From the New Search page, Add Targets.
  2. In the Select Target Type window, enter the host name of the Unix file share server in the Enter New Target Hostname field. This is usually an NFS file server.
    For example, if your Unix file share path is //remote-share-server-name/remote-share-name, enter the Target Hostname as remote-share-server-name:
    er2-network-storage-hostname.png
  3. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  4. In the Select Types dialog box, click on Network Storage.
  5. Under Network Storage Location Type, select UNIX File Share.
  6. Fill in the following fields:
    er2-network-storage-unix-share.png

    Field Description
    Path Enter the file path to scan. This is the mount path on the Proxy host for the Unix file share Target.
    For example: <folder_name/file_name.txt>
    Agent to act as proxy host Select a Linux Proxy Agent. File share must be mounted on the selected Linux Proxy Agent host.
  7. Click + Add Customised to finish adding the Target location.

Remote Access via SSH

Requirements

To scan a Target using remote access via SSH:

  1. The Target host must have an SSH server running on TCP port 22.
  2. The Proxy Agent host must have an SSH client installed.

Add Target

  1. From the New Search page, Add Targets.
  2. In the Select Target Type window, enter the host name of the remote share server in the Enter New Target Hostname field. The remote share server must have an SSH server running.
    er2-network-storage-hostname.png
  3. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  4. In the Select Types dialog box, click on Network Storage.
  5. Under Network Storage Location Type, select Remote access via SSH.
  6. Fill in the following fields:
    er2-network-storage-ssh.png

    Field Description
    Path Enter the file path to scan.
    For example: <folder_name/file_name.txt>
    Credential Label Enter a descriptive label for the credential set.
    Username Enter your remote host user name.
    Password Enter your remote host user password.
    Agent to act as proxy host Select a Linux Proxy Agent.
  7. Click Test, and then + Add Customized to finish adding the Target location.

Hadoop Clusters

Requirements

To scan a Hadoop cluster, you must have:

  1. A Target NameNode running Hadoop 2.7.3 or similar.
  2. A Proxy host running a compatible Agent. Currently, this is the Linux 3 Agent with database runtime components for Debian-based 64-bit Linux systems.

To install the Linux 3 Agent with database runtime components:

  1. On the designated Proxy host, go to the Web Console and navigate to DOWNLOADS > NODE AGENT DOWNLOADS.
  2. In the list of Node Agents available for download, select the Linux 3 64bit (DEB)* Agent.

  3. Follow the Node Agent installation instructions for Debian Agents on Linux Node Agent.

Licensing

Hadoop Targets are licensed by data allowance. See Licensing for more information.

Add Target

  1. From the New Search page, Add Targets.
  2. In the Select Target Type window, enter the host name of the NameNode of the Hadoop cluster in the Enter New Target Hostname field.
    For example, if your HDFS share path is hdfs://remote-share-server-name/remote-share-name, the host name of the NameNode is remote-share-server-name. Enter the Target Hostname as remote-share-server-name:
    er2-network-storage-hostname.png
  3. Click Test. If ER2 can connect to the Target, the button changes to a Commit button.
  4. In the Select Types dialog box, click on Network Storage.
  5. Under Network Storage Location Type, select Hadoop.
  6. Fill in the following fields:
    er2-network-storage-hadoop.png

    Field Description
    Path

    Enter the file path to scan. For example, <folder_name/file_name.txt>

    If the NameNode is accessed on a custom port (default: 8020), enter the port before the HDFS file path. For example, to scan a Hadoop cluster with NameNode accessed on port 58020, enter :58020/folder_name/file_name.txt.

    Agent to act as proxy host Linux 3 Agent with database runtime components.
  7. Click + Add Customised to finish adding the Target location.