Platform Overview
Introduction
Gimmal solutions help our clients control one of their most valuable business assets, information. The Gimmal Discover product provides a suite of tools including Data Governance, eDiscovery, and Classification that can be applied to a wide range of both unstructured and structured data.
This document provides an overview of the Discover architecture and describes the capabilities provided by each module in the Gimmal Discover suite.
Architecture
Discover is an on-demand platform comprised of both a hosted service and software components installed locally at each client site. This model offers organizations a highly secure way to manage data in place without the need to store it in the cloud. The diagram below depicts a typical Discover configuration:
The hosted portion of Discover is comprised of the management dashboard – a series of SSL- protected web modules that allow administrators to configure the service, formulate policies, analyze content or perform eDiscovery searches. This dashboard may be accessed from a secure login page using any standard web browser. Each user login is associated with a role in determining what Discover privileges they have within the dashboard modules.
Components
Connectors
Client sites are linked to the management dashboard through software components called Connectors. The Discover Connector component polls the management dashboard periodically checking for new requests and forwarding information provided by Agents back to the Discover hosted environment. Connectors install as a Microsoft Windows service and use Microsoft’s Windows Communication Foundation (WFC) framework. WCF is Microsoft’s unified programming model for building service-oriented applications. It enables developers to build secure, reliable, transacted solutions that integrate across platforms and interoperate with existing environments. Discover Connectors use HTTPS to communicate with the hosted web services. HTTPS offers data encryption while in transit, and is convenient since most organizations already have firewall rules in place to allow port 443 traffic.
In terms of deployment, the Connector setup application can be downloaded from the Discover dashboard by clicking on the Administration module and then selecting the Download Center link in the left navigation pane. Connectors are typically installed on any network endpoint that requires content management (files, email, etc.). In many cases, for example, in managing an email server, a single Connector installed on an application server (physical or virtual) is all that is required. Organizations that wish to manage individual user machines (i.e., documents on a local hard drive) install a Connector on each device that requires management, this is usually done using a software patch management tool such as Microsoft SCCM to distribute and execute a silent installer package. Once installed, each registered Connector will display in the management console under the Administration/Configuration area.
.png?inst-v=d5ab524f-e070-4760-aa85-959892910f0d)
Discover Connector List
Agents
Discover Agents are client-side software components installed on devices where Connectors are already registered. Agents are designed to process a particular type of unstructured data. The list of available Discover Agents includes:
MAPI Agent provides policy processing capabilities for Microsoft Exchange mailboxes, archives, and PST files
EWS Agent provides policy processing capabilities for Microsoft Exchange mailboxes or archives hosted in the Microsoft 365 cloud and for on-premises versions of Exchange 2016
File Agent provides policy processing for the file-based content resident on any computer managed by a Windows operating system (i.e., local drives or network file shares)
SharePoint Agent provides policy processing for both local and hosted versions of SharePoint 2013 or 2016
OneDrive Agent supports access to content in the Microsoft OneDrive for business cloud
Google Workspace Agent allows access to Gmail and GDrive repositories in Google Workspace
OLEDB Agent supports access to a variety of SQL based structured data including SQL Server, MySQL, and PostgreSQL
Box Agent supports content stored in the Box cloud storage platform
MSGraph Agent supports content stored in Microsoft Teams
When the Connector setup utility is run it prompts the administrator to select which content sources Discover will manage. Based on these selections the Connector will automatically download, install and configure the appropriate Agents. Additional Agents may also be added to an existing Connector from the Discover dashboard. As new versions are released both the Connector and its Agents will automatically update.
Agents install as Microsoft Windows service using either a designated domain login account or (on workstations) the built-in Windows Local System account. Service account credentials remain on the local machine where the agent is installed, the hosted portion of Discover never stores any service account login information, which further protects the client’s environment.
Within the Administration/Configuration area of the Discover dashboard, there is a link for Data Sources. Data Sources are categories of unstructured content that Discover has discovered (i.e. mailboxes, PST files, network shares, etc.). After Connectors and Agents are installed, administrators may initiate searches for a particular type of content (i.e. find all mailboxes) and assign those searches to be performed by a Connector. Content targets returned by a search (such as a mailbox, PST, and/or file path) are referred to as “data targets.” From the dashboard, administrators may link managed targets with their owners (or custodians) for policy management, reporting, or eDiscovery purposes.
Discover Data Target Hierarchy
Discover Modules
Discover is licensed by module and each module is designed to address a specific business need. This section provides an overview of the four modules currently available, Data Governance, Classification, eDiscovery & Analytics.
Data Governance Module
Discover policies may be used to either enforce actions (for example defensibly delete information) or generate reports. Policies are made up of:
A workflow - which determines what business rules will be applied to the content
Targets – either people, devices, or groups (Discover offers several grouping mechanisms)
An optional schedule - Policies may be run on-demand or they may be configured to run repeatedly according to a schedule
From an operational perspective, when a policy is started (either manually or via schedule) it results in a request being queued for each Connector. The Connector periodically polls Discover to determine if there is a database request pending for one of the Agents that it manages; it is important to note that the Connector is responsible for initiating all communications with the cloud. Initiating communications from the Connector minimizes the need for custom firewall settings and helps alleviate concerns over possible tampering with a communication session.
When a Connector check-in occurs and there is a policy waiting for one of its Agents, the policy manifest is downloaded for local execution. The agent then attaches to the designated managed target (e.g. mailbox), applies the business logic outlined in the policy workflow, and forwards appropriate results (reports, log files, etc.) back to the Connector, which in turn transfers that information back to the hosted environment. After all of the Agents assigned to a policy have either reported in or exceeded a timeout period, the policy is marked as complete and the log files are transferred from the Connectors to the Discover dashboard, providing a complete audit trail.
Workflows
Discover policies utilize workflows to map out the sequence of steps that will take place when a policy is executed. Workflows are developed using either the simplified web editor or a desktop application called the Workflow Editor which is available from the Discover download center. This editor provides a flowchart-like interface for designing complex workflows. The diagram below shows the web view of a workflow that is designed to create an inventory report of files exceeding 5 MB in size.
Workflow Architecture
The Workflow Editor communicates with the Discover dashboard, allowing authorized users to save workflows to the hosted site or download workflows created in the web editor for additional edits. Once a workflow has been saved to the dashboard, it becomes available to be used for a policy.
Policies
A policy provides the implementation package for each Discover workflow. When creating a policy, clients provide instructions on how the workflow should be executed (for example run in live or test mode), what data targets the workflow should process (i.e. workstations, mailboxes, file shares, etc.) and whether the policy should be triggered automatically on a scheduled basis.
Classification Module
The Discover Classification module provides a way to categorize any data target by applying a label (or tag) to the meta-data of the item. Once these labels have been applied, they travel with the file, email, etc. and may be used as criteria for selecting an item to process in the Data Governance module (i.e. apply a 5 year retention period to any confidential item) or to select specific categories of content to be included in an eDiscovery search (for example skip every file classified as private).
.png?inst-v=d5ab524f-e070-4760-aa85-959892910f0d)
Classification Module
eDiscovery Module
eDiscovery allows IT and legal teams to efficiently collaborate while performing searches for litigation, freedom of information requests, or privacy. These search results may then be reviewed for relevancy and the responsive results collected. Apart from collection, eDiscovery features are powered by the same Discover Agents used for policies or reporting making the module easy to implement. If your team plans to generate a final set of data for import into a legal review tool simply deploy the collection agent – this component is designed to make a forensically sound copy of tagged search results to a secure location within your network. To aid in the review process Discover also features a user role for eDiscovery reviewers – this role is pre-built to provide just the access rights needed to review search results and is an ideal way of collaborating with a third party partner such as outside counsel.
.png?inst-v=d5ab524f-e070-4760-aa85-959892910f0d)
eDiscovery Module
Analytics
Discover Analytics provide important insights into your content. Analyze unstructured data by age, size, or type to determine how much redundant, outdated or trivial information may be latent in your content repositories. Discover analytics may be viewed in easy-to-understand charts or presented in a trend analysis form to track performance over time. In addition to the pre-built analytics included in this module, custom ad-hoc reports may be generated through a Discover workflow and viewed or shared from the reporting & analytics module
.png?inst-v=d5ab524f-e070-4760-aa85-959892910f0d)
Analytics Report
Synopsis
Discover provides a highly secure and extremely flexible platform for managing unstructured data. Since Discover is offered on-demand it requires less client infrastructure (servers, databases, etc.) leading to a very rapid implementation cycle. This same architecture makes it ideally suited to organizations that must enforce policies across a widely dispersed workforce. Most importantly, clients have the assurance of knowing that both their policies and eDiscovery searches are being applied within their networks and no business-critical information is being stored in the cloud. For more information, please contact your Gimmal sales representative or visit the Discover page at Gimmal.com.