Ensure your domain and Exchange environment configuration meet the prerequisites for installation by reviewing ArchiveOne for Exchange - Prerequisites.
Review the Configuration and Sizing to determine your storage requirements for the archived data.
Permissions Required for Installation
The installing user requires the following rights:
- User is a member of the machine Administrators group on the server where ArchiveOne is to be installed
- User can update local security groups on the Exchange servers (the user has this right if the user is a member of the Administrators group on the system running Exchange)
User can create users and security groups in Active Directory (AD)
User can set permissions on Exchange objects in AD
If you are installing ArchiveOne into a different domain than that of the Exchange server, you must have all the necessary privileges and a two-way trust between the domains to complete the installation. If your rights are limited or you have only a one-way trust between the domains, contact Barracuda Networks Technical Support.
Security group membership is not required to retrieve archived data to which you have permissions. The ArchiveOneUsers security group controls which users are allowed to use the ArchiveOne Admin console. This is a global or universal group, and must be in the domain of the account running the installation. During installation you can customize the name of this security group and the organizational unit (OU) in which it resides. Add the appropriate users to this security group so members can access the ArchiveOne Admin console.
The ArchiveOne Service Account is used by the ArchiveOne services and ArchiveOne Admin console to connect to the Exchange environment. There must be an ArchiveOne Service Account, created either by the installer or manually, and this account must have a mailbox. If the account has been pre-created, enter and confirm the password for this account during installation. If you use the installer to create the account, it is created with the specified password and the password is set to never expire.
Service Account and Group Permissions
The ArchiveOne service account is granted the following permissions during installation:
- Member of the local Administrators group on the machine where the ArchiveOne Services are installed
- Member of the local Administrators group on the machine on the Exchange server(s)
- Logon as a Service right on the machine where the ArchiveOne Services are installed
- Receive-As, Administer information store, View information store status rights on the Exchange Organization.
The installation process also grants the Receive-As, Administer information store, and View information store rights to the ArchiveOne Users group.
Choose a Search and Retrieval Website Location
The Search and Retrieval Website is an IIS-based application that enables users to retrieve their archived items. It can be installed on the Archive server itself, on another server, or a group of load-balanced servers.
If you have an externally accessible Outlook Web Access (OWA) installation and you require OWA users to be able to retrieve archived items, it is recommended you install the Search and Retrieval Website on the front-end server(s) hosting OWA. This ensures that external users can access the Search and Retrieval Website as these OWA servers will already be publicly available. Even if you do not use a public address for the Search and Retrieval websites, Barracuda recommends that you configure a DNS alias rather than using the server's hostname. If you migrate the Search and Retrieval websites to a new server in the future, you do not need to update the Search and Retrieval Website URL; you only need to update the DNS alias.
During ArchiveOne system configuration, you are required to define the server name for the Search and Retrieval Website. This is used to construct a URL in the form f both internal and external users will be accessing your Search and Retrieval Website, use the external server name of the front-end OWA server for the Search and Retrieval Website URL. You must ensure that your internal users can still access that server using its external name.. This URL forms the basis of the retrieval URL which is written in the message link and used for retrieval. Only one URL can be specified. Therefore, i
For instance, a company has an external OWA presence on:
This is hosted by a front-end OWA server whose internal name is myserver. The Search and Retrieval Website is configured to use the name:
internal company DNS is configured to use mail.mycompany.com as an alias for myserver.
If you access the Search and Retrieval Website internally using an external name (specifically, a fully qualified domain name), you may need to add this site to your Local Intranet Zone sites list in Internet Explorer to avoid an authentication request. This can be done centrally using Group Policy.
The Search and Retrieval Website is also used by Quick Link Client, Laptop Client, and the PST Processor. You should ensure that any machine that is to run these clients has the necessary configuration to gain access to the Search and Retrieval Website without prompting. For instance, if your Search and Retrieval Website is accessed through HTTPS, the machine running the PST Processor must have the necessary certificates installed and trusted so that users are not prompted for authentication or for certificate acceptance.
Once a user's mail is archived, they can retrieve their archived data via message links and search their archive successfully without any configuration changes to their client machine. However, there are two optional client components that can improve functionality for users:
- The Quick Link Client makes retrieval from the archive more Outlook-integrated. When the user views a message link in the Outlook preview pane, the start of the message displays with retrieval instructions. If they have the Quick Link client installed, when they double-click to view the message, the archived message is retrieved and displayed in Outlook. Without Quick Link installed, the user clicks on the retrieval URL and the message is retrieved via a web browser. For Outlook users it is therefore recommended to install the Quick Link Client.
- The Laptop Client component maintains a copy of a user's archive on their laptop so that it is accessible offline. If a user has Laptop Client installed on their system and connects to a mailbox prepared for offline use, when they are online, Laptop Client silently copies their archive to the system's local hard drive, and while they are offline any attempt to retrieve from the archive retrieves from the local archive copy. The Laptop Client installation includes Quick Link so it is not necessary to install both clients.
ArchiveOne uses the following ports for communication:
- TCP port 80 (HTTP)
- TCP port 135 (RPC)
- TCP port 389 (LDAP)
- TCP port 443 (HTTPS)
- TCP ports in the range 1024 to 65535 (DCOM)
- TCP ports in the range 1024 to 5000 (SQL client)
- TCP port 1433 (SQL server)
Typically these ports are already open on a corporate firewall. Barracuda holds no responsibility for opening additional firewall ports. If in doubt, consult your local firewall administrator for further advice who can review the local firewall logs to see if any traffic over specific firewall ports is blocked and act accordingly.
A PDF IFilter is used to extract the words from PDF file attachments during archiving so that keyword searching can be run against the contents of the attachment, in addition to the body of the email message itself. Windows 2012 R2 includes a built-in PDF Ifilter, however, earlier Windows Server versions do not include this. Therefore Adobe Reader (which includes a PDF IFilter) can be installed on the Archive server to provide this:
|Adobe Reader version||7.0.9||9.5.0||9.5.1||10.0.1||10.1.3||10.1.4||11.0.0||11.0.17|
|Windows 2008 R2||N||Y||Y||Y||Y||Y||Y||Y|
|Windows 2012 R2||N||Y||Y||Y||Y||Y||Y||Y|
You should consider any version of Adobe Reader not listed to have not passed testing and is therefore unsupported. Once installed, the ArchiveOne System Health test checks that the installed version of Adobe Reader is supported and the PDF files can be successfully filtered and indexed.
ArchiveOne is distributed as a single executable which installs all required prerequisites in regards to .NET Framework and IIS features. If required, it can also be used to install a SQL Express 2008 R2 SP1 instance on the Archive server if another SQL instance is not provided. Due to the database size restrictions of SQL Express, this may be unsuitable for larger scale implementations and a SQL Server Standard or Enterprise instance should be provided.