It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Attention

Starting May 1st, 2018, we will no longer offer the ArchiveOne family of products. This includes all editions of ArchiveOne, ArchiveOne for Files, Max Compression, and Access Security Manager. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support until your contract expires, or until May 1st, 2019, whichever occurs first. The license for ArchiveOne is perpetual; therefore the software may continue to be used independently without any updates or support indefinitely.

Step 1 - Prepare for Installation

  • Last updated on

If you already have ArchiveOne installed and you are upgrading, you should refer to How to upgrade to ArchiveOne version 7.3.

Environment Prerequisites

Ensure your domain and Exchange environment configuration meet the prerequisites for installation by reviewing ArchiveOne for Exchange - Prerequisites.

Repository Sizing

Review the Configuration and Sizing to determine your storage requirements for the archived data.

Permissions Required for Installation

The installing user requires the following rights:

  • User is a member of the machine Administrators group on the server where ArchiveOne is to be installed
  • User can update local security groups on the Exchange servers (the user has this right if the user is a member of the Administrators group on the system running Exchange)
  • User can create users and security groups in Active Directory (AD)

  • User can set permissions on Exchange objects in AD

Note that with a default security configuration, a member of the Domain Admins group for all domains has the above rights.

If you are installing ArchiveOne into a different domain than that of the Exchange server, you must have all the necessary privileges and a two-way trust between the domains to complete the installation. If your rights are limited or you have only a one-way trust between the domains, contact Barracuda Networks Technical Support.

Security Groups

Security group membership is not required to retrieve archived data to which you have permissions. The ArchiveOneUsers security group controls which users are allowed to use the ArchiveOne Admin console. This is a global or universal group, and must be in the domain of the account running the installation. During installation you can customize the name of this security group and the organizational unit (OU) in which it resides. Add the appropriate users to this security group so members can access the ArchiveOne Admin console.

Service Account

The ArchiveOne Service Account is used by the ArchiveOne services and ArchiveOne Admin console to connect to the Exchange environment. There must be an ArchiveOne Service Account, created either by the installer or manually, and this account must have a mailbox. If the account has been pre-created, enter and confirm the password for this account during installation. If you use the installer to create the account, it is created with the specified password and the password is set to never expire.

Service Account and Group Permissions

The ArchiveOne service account is granted the following permissions during installation:

  • Member of the local Administrators group on the machine where the ArchiveOne Services are installed
  • Member of the local Administrators group on the machine on the Exchange server(s)
  • Logon as a Service right on the machine where the ArchiveOne Services are installed
  • Receive-As, Administer information store, View information store status rights on the Exchange Organization.

The installation process also grants the Receive-As, Administer information store, and View information store rights to the ArchiveOne Users group.

Choose a Search and Retrieval Website Location

The Search and Retrieval Website is an IIS-based application that enables users to retrieve their archived items. It can be installed on the Archive server itself, on another server, or a group of load-balanced servers.

If you have an externally accessible Outlook Web Access (OWA) installation and you require OWA users to be able to retrieve archived items, it is recommended you install the Search and Retrieval Website on the front-end server(s) hosting OWA. This ensures that external users can access the Search and Retrieval Website as these OWA servers will already be publicly available. Even if you do not use a public address for the Search and Retrieval websites, Barracuda Networks recommends that you configure a DNS alias rather than using the server's hostname. If you migrate the Search and Retrieval websites to a new server in the future, you do not need to update the Search and Retrieval Website URL; you only need to update the DNS alias.

During ArchiveOne system configuration, you are required to define the server name for the Search and Retrieval Website. This is used to construct a URL in the form http(s)://<servername>/AOneSearch. This URL forms the basis of the retrieval URL which is written in the message link and used for retrieval. Only one URL can be specified. Therefore, if both internal and external users will be accessing your Search and Retrieval Website, use the external server name of the front-end OWA server for the Search and Retrieval Website URL. You must ensure that your internal users can still access that server using its external name.

Example

For instance, a company has an external OWA presence on: https://mail.mycompany.com/exchange

This is hosted by a front-end OWA server whose internal name is myserver. The Search and Retrieval Website is configured to use the name: https://mail.mycompany.com/AOneSearch

The internal company DNS is configured to use mail.mycompany.com as an alias for myserver.

If you access the Search and Retrieval Website internally using an external name (specifically, a fully qualified domain name), you may need to add this site to your Local Intranet Zone sites list in Internet Explorer to avoid an authentication request. This can be done centrally using Group Policy.

The Search and Retrieval Website is also used by Quick Link Client, Laptop Client, and the PST Processor. You should ensure that any machine that is to run these clients has the necessary configuration to gain access to the Search and Retrieval Website without prompting. For instance, if your Search and Retrieval Website is accessed through HTTPS, the machine running the PST Processor must have the necessary certificates installed and trusted so that users are not prompted for authentication or for certificate acceptance.

Client Components

Once a user's mail is archived, they can retrieve their archived data via message links and search their archive successfully without any configuration changes to their client machine. However, there are two optional client components that can improve functionality for users:

  • The Quick Link Client makes retrieval from the archive more Outlook-integrated. When the user views a message link in the Outlook preview pane, the start of the message displays with retrieval instructions. If they have the Quick Link client installed, when they double-click to view the message, the archived message is retrieved and displayed in Outlook. Without Quick Link installed, the user clicks on the retrieval URL and the message is retrieved via a web browser. For Outlook users it is therefore recommended to install the Quick Link Client.
  • The Laptop Client component maintains a copy of a user's archive on their laptop so that it is accessible offline. If a user has Laptop Client installed on their system and connects to a mailbox prepared for offline use, when they are online, Laptop Client silently copies their archive to the system's local hard drive, and while they are offline any attempt to retrieve from the archive retrieves from the local archive copy. The Laptop Client installation includes Quick Link so it is not necessary to install both clients.

For example, you may decide to distribute the Quick Link Client to all desktop systems and the Laptop Client to all laptop systems. For more details, see Quick Link Client and Laptop Client.

Firewall Configuration

ArchiveOne uses the following ports for communication:

  • TCP port 80 (HTTP)
  • TCP port 135 (RPC)
  • TCP port 389 (LDAP)
  • TCP port 443 (HTTPS)
  • TCP ports in the range 1024 to 65535 (DCOM)
  • TCP ports in the range 1024 to 5000 (SQL client)
  • TCP port 1433 (SQL server)

Typically these ports are already open on a corporate firewall. Barracuda holds no responsibility for opening additional firewall ports. If in doubt, consult your local firewall administrator for further advice who can review the local firewall logs to see if any traffic over specific firewall ports is blocked and act accordingly.

PDF IFilter

A PDF IFilter is used to extract the words from PDF file attachments during archiving so that keyword searching can be run against the contents of the attachment, in addition to the body of the email message itself. Windows 2012 R2 includes a built-in PDF Ifilter, however, earlier Windows Server versions do not include this. Therefore Adobe Reader (which includes a PDF IFilter) can be installed on the Archive server to provide this:

Adobe Reader version7.0.99.5.09.5.110.0.110.1.310.1.411.0.011.0.17
Windows 2008NYYYYYYY
Windows 2008 R2NYYYYYYY
Windows 2012NYYYYYYY
Windows 2012 R2NYYYYYYY

You should consider any version of Adobe Reader not listed to have not passed testing and is therefore unsupported. Once installed, the ArchiveOne System Health test checks that the installed version of Adobe Reader is supported and the PDF files can be successfully filtered and indexed.

Installation Executable

ArchiveOne is distributed as a single executable which installs all required prerequisites in regards to .NET Framework and IIS features. If required, it can also be used to install a SQL Express 2008 R2 SP1 instance on the Archive server if another SQL instance is not provided. Due to the database size restrictions of SQL Express, this may be unsuitable for larger scale implementations and a SQL Server Standard or Enterprise instance should be provided.

 

Proceed to Step 2 - Verify System and Component Requirements