Architecture Overview
Total Page:16
File Type:pdf, Size:1020Kb
ARCHITECTURE OVERVIEW WHISTLER BY FAIRWORDS 1 | Page 2 | Page TABLE OF CONTENTS Architecture Overview ................................................................................... 4 Data storage ................................................................................................................................................. 4 Cloud ......................................................................................................................................................... 4 Installation Summary ................................................................................................................................... 4 Email and Instant Messanger ................................................................................................................... 4 Email Setup ................................................................................................... 5 On – Premise Exchange 2010 ....................................................................................................................... 5 Outlook ......................................................................................................................................................... 6 Instant Message Setup ................................................................................... 8 AIM ............................................................................................................................................................... 8 On – Premise LYNC (Skype For Business) 2013 .......................................................................................... 10 Traditional Skype (Version 6 and higher) ................................................................................................... 11 ICE Instant messaging (IceChat) ................................................................................................................. 13 3 | Page ARCHITECTURE OVERVIEW DATA STORAGE CLOUD All data is securely archived in the cloud: • Data stored in secured archives, best-in-class, long-term storage • Advanced Encryption Standard (AES) 256-bit symmetric keys and supports secure transfer of your data over Secure Sockets Layer (SSL) • Up to 40TB of data at once, SEC Rule 17a-4(f) and CFTC Reg 1.31(b)-(c) complaint • WORM • Recording of all parties accessing the data • Access to audit logs anytime • Asset (data) security • Super-owner notified in an event of data being accessed INSTALLATION SUMMARY EMAIL AND INSTANT MESSANGER Details on the installation process and how data are fetched for Exchange 2010, AOL Instant Messenger, and Lync 2013, are described below. Configuration happens usually in under an hour, and then, depending on the amount of data, complete data transfer takes place over the subsequent couple of days. However, no IT team is needed to for that process, which runs in the background, and data transfer does not interrupt day to day operations. After configuration and transfer are complete, every inbound and outbound written message will be monitored and archived in real-time. 4 | Page EMAIL SETUP ON – PREMISE EXCHANGE 2010 ARCHITECTURE 1. Whistler needs "Exchange Journaling" to be enabled in order to forward all inbound and outbound emails through our automatic surveillance system. To do this, we use a secure TLS connection with Username and password authentication to forward all email domains in the Exchange Store. 2. The session is initiated by sending the server a message to establish the connections security. The server then selects a digital certificate containing a public key. 3. Whistler responds with an encrypted message containing its public key and other information including a random number that only the server can decrypt. 4. Whistler and the server then generate key material for encryption and decryption and the secure session is initiated and the data can be exchanged. 5. Whistler opens the Envelope, analyzes the header and routes the email to the appropriate Archive, with full support for BCC, SMTP Mail FROM and distribution list email. 6. The Whistler system can unify multiple domains, domain aliases, instant messaging (IM) and import legacy email with no message size limitations. 7. Whistler supports unlimited domains and Customers. Once Exchange Journaling is configured, email for any new domain added to the Exchange Store will be automatically forwarded to the Whistler Archive. 5 | Page OUTLOOK ARCHITECTURE 1. Login to FairWords which will then require information from Office 365. FairWords redirects you to the Azure AD authentication endpoint. 2. You authenticate and give consent. FairWords will be preset to only request the services you actually require, and specify the least level of permissions in each service that still enable required functions to be performed. Permission levels are additive; there is no need to request multiple permission levels for a given API, as the more expansive permission level already includes the more restricted permission. For example, for the Mail API, the Send email as a user permission already includes the Read and write access to users' email permission. 3. FairWords is configured with restricted access rights. Azure AD issues an authorization codes which are used to request access codes for specific resources. 6 | Page 4. After FairWords has the authorization code, the application can request access and refresh tokens. FairWords passes the authorization code the Azure AD token issuance endpoint. Azure AD returns access and refreshes tokens. 5. FairWords can then use the access and refresh tokens to access the Office 365 API endpoints and return data. FairWords can then present these tokens, on behalf of the user, to the Office 365 API service(s). 7 | Page INSTANT MESSAGE SETUP AIM ARCHITECTURE 1. AIM gives users the option to change the server address it connects to during sign in. Here, Whistler will change it to our hostname and port. Please note the following below: a. To stop the AIM client from possibly bypassing Whistler IM Gateway, the block port will be assigned to all inbound/outbound traffic other than the Whistler IM Gateway b. Hosts files or DNS ‘A’ records can no longer be used to configure AIM, because AIM clients 6.x and higher use encryption that requires a strict SSL certificate check at connection, and as a result, redirection causes the SSL connection to not pass because it is not what is identified in the SSL certificate. 2. To begin configuration, we will remove existing AIM entries from users’ Hosts files. After that we will: a. Launch AOL Instant Messenger. b. Go to the Options menu, and then select Settings. c. Click on the Connection tab. 3. In the “Server” section, Whistler will enter our Host aimhost.fairwords.co and Port, 5190 4. Click Save. 5. After we have configured the AIM client, we then have to disable the Auto-Update and Auto-Upgrade feature in AIM. This allows us to ensure users won’t use unsupported versions of AIM without our knowledge, and guarantees the IM client’s settings are not overwritten. 8 | Page 6. To disable the Auto-Update and Auto-Upgrade in AIM: a. Launch AOL Instant Messenger. b. Go to the Options menu, and then select Settings. c. Click on the Sign In/ Sign Out tab. d. Make sure the Automatically download and install upgrade when AIM starts option under “AIM Upgrades” is not selected. 7. Click Save. 9 | Page ON – PREMISE LYNC (SKYPE FOR BUSINESS) 2013 Whistler can capture and securely IM’s between two or more parties via Lync (Skype for Business) messaging to help companies adhere to compliance regulations, and serve e-discovery and audit inquiries. Since Lync / Skype for business provides a mechanism for logging conversations (via Microsoft Archiving server Database), Whistler can provide software to be installed locally which directly extracts these conversations, converts them to an intermediary markup language, and delivers them to Whistler repository. The repository maintains messages in their original format, along with detailed summaries (including usernames, number of messages, number of participants, etc.), and then time-date stamped, serialized, indexed, and preserved on tamperproof storage with write-verification. Some firms have groups of employees whose messages require special archiving procedures due to security, compliance, or retention concerns. For example, a firm may use a dedicated archive to store the messages of its traders separately from other employees. Whistler integrates with your Active Directory to provide granular control over which users’ messages are archived and in which repository they are preserved. ARCHITECTURE 1. Whistler for Lync/Skype for Business service is installed on the client’s server. 2. As users create IM conversations, Microsoft Archiving Server’s LCSLog database logs these messages. 3. Whistler then extracts all messages contained in Microsoft Archiving Server database, turns them into an email, and forwards them to Whistler Archiving via IMAP or SMTP. 10 | Page TRADITIONAL SKYPE (VERSION 6 AND HIGHER) ARCHITECTURE Some companies have settled upon “traditional” skype, i.e. not skype for business. Traditional Skype can also be configured to be compliant via Whistler’s customized connectors, without the need to transition users to Lync / Skype for Business. To enable traditional Skype for compliance: 1. Back up old logs to an archive file. a. The last 30 days of your conversation history are stored in the cloud, so you can access it when you’re signed in to Skype on any device. b.