370 likes | 761 Vues
Required Slide. SESSION CODE: WSV204. File Servers: Using the File Classification Infrastructure to Solve Common Problems . Matthias Wollnik Senior Program Manager Microsoft Corporation. My file shares are a mess, what can I do?. Manage Data Based On Business Value. Step 1.
E N D
Required Slide SESSION CODE: WSV204 File Servers: Using the File Classification Infrastructure to Solve Common Problems Matthias Wollnik Senior Program Manager Microsoft Corporation
Manage Data Based On Business Value • Step 1 Classify Data • Apply policy according to classification • Step 2
Classify and Apply Policy • Define organization properties to be assigned to files • Use automatic classification to assign properties to files • Apply scheduled file management tasks based on classification
Building storage optimization Share Share High End Server Cheap Server File Old File Old File DEMO
File Classification Infrastructure & RMS Identify and protect sensitive documents on file servers Compliment manual RMS protection with automated server side IT policies for complete ownership of security infrastructure and prevention of inadvertent data leakage 2 3 4 5 1 c Mgmt Task: RMS Protect FCI Classify Full Time Employee can access “marketing.docx” c File Classification Infrastructure (FCI) classifies file as “sensitive” based on content including “Confidential” and “Internal only” Automated File Management Task invokes RMS protection to restrict access to “Full Time Employees” only User creates a file “marketing.docx”on Windows server 2008 R2 file server A malicious user getting access to the file through un intentional leak is not able to access file content Businesses can automatically RMS protect 1000’s of confidential files on their file servers
Step 1: Identifying files that belong to a user that no longer works at the company How do we identify users that have left? Active Directory
Step 2: Setup a mechanism to get rid of files File Management Tasks can do this!
Step 3: Ensure the right files are removed File Management Tasks can select files based on Classification properties
Step 4: Create a Classification Property Define a Classification Property: “Inactive” of type Yes/No
Step 5: Assign Classification Property to files if their owners are not in AD Create a classifier that for each file: • Queries owner of file in AD • Sets Inactive property to “True” if owner is not found or disabled
Isn’t building a classifier difficult? • Samples in the SDK work once compiled and include install scripts • One SDK sample is a classifier that runs a PowerShell script • AD queries in PowerShell are simple
One caveat FCI only reclassifies files when • The file was modified since the last classification • The classification rules have changed • A classification module used by a rule indicates it has been updated Changes in AD do not trigger any of these conditions
Solution to caveat • It is simple to modify the PowerShell classifier sample to claim it has been updated once a month • The get_LastModified method should always return the 1st of the current month • Result: Once a month, files would be reclassified as to whether the owner was invalid or not
Quarantine Inappropriate Data • Quarantine and Expiration differ only in the destination • A PowerShell or C# classification plugin can easily be written to identify file types based on format • Can also be used to quarantine “Top Secret” files on a public server
SharePoint or File Server? • SharePoint • File Servers • Collaboration • User Shares • Workflow • File Storage for Server Apps • Document Management • Win32 App Compatibility • Record Management • Globally Distributed • Shares and Publications • Rich Media Management • Search • Existing File Repositories
My file shares are in order, now what? • For some of my documents I need more advanced data management capabilities • Collaboration and social context • Check in/out and version control • Workflow • Multi stage policies • Holds • How do I migrate these documents to SharePoint?
Coexistence across repositories • Continuing to drive innovation • SharePoint • File Servers • SharePoint 2010 delivers a wealth of content management capabilities • Windows Server 2008 R2 delivers an enterprise ready scale with rich File Classification Infrastructure • Cross repository integration where it makes sense for customers
Automated, business driven approach to migrating File Server content to SharePoint • File management tasks to automatically migrate specific content from File Servers to SharePoint Sites • Use of the Official File Interface web service to submit content to SharePoint • File replaced with a Permalink so that users can reach their files wherever they are in SharePoint
Regular expression complexity ([a-zA-Z0-9_\-\.]+)@([a-zA-Z0-9_\-]+\.)+com Too slow! Could take minutes to evaluate Complex…
Regular expression complexity (?i)([a-z0-9_\-\.]{1,30})@([a-z0-9_\-]{1,30}\.){1,10}com Limited length Much faster Still complex Everything has emails in it….
Regular expression complexity (?i)([a-z0-9_\-\.]{1,30})@(?!([a-z0-9_\-]{1,30}?\.){0,30}?contoso\.com)([a-z0-9_\-]{1,30}\.){1,10}com Much better Even more complex…
Creating the property schema, classification rules, and search terms is work that needs to be done by the customer and budgeted for.
File Classification Infrastructure • Inbox capability to expire data based on its value • Integration with SharePoint • Enables solutions to a variety of common data management problems • Set classification properties API for external applications Get classification properties API for external applications Discover Data Extract Classification Properties Classify Data Store Classification Properties Apply Policy Based on Classification File Classification Extensibility Points
Required Slide Speakers, please list the Breakout Sessions, Interactive Sessions, Labs and Demo Stations that are related to your session. Related Content • Breakout Sessions • WSV204 File Servers: Using the File Classification Infrastructure to Solve Common Problems • WSV323 Past, Present, and Future of Windows-Based NAS: A Growing Market for Highly Available Solutions • Hands On Labs • WSV20-HOL Getting Insight and Managing Data Using the File Classification Infrastructure • Windows Server 2008 R2 File Services & Storage Product Demo Station
Required Slide Resources Learning • Sessions On-Demand & Community • Microsoft Certification & Training Resources www.microsoft.com/teched www.microsoft.com/learning • Resources for IT Professionals • Resources for Developers • http://microsoft.com/technet • http://microsoft.com/msdn
Required Slide Complete an evaluation on CommNet and enter to win!
Sign up for Tech·Ed 2011 and save $500 starting June 8 – June 31st http://northamerica.msteched.com/registration You can also register at the North America 2011 kiosk located at registrationJoin us in Atlanta next year
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.