SmartCipher connection

If you will be protecting files using Voltage SmartCipher, you must complete additional tasks to enable this processing.

To protect document types other than what SmartCipher supports by default, see the SmartCipher documentation.

SmartCipher Requirements

Connecting to SmartCipher for file protection requires the following be in place prior to using file protection in File Analysis Suite.

  • The SmartCipher Crawler must be installed on all File Analysis Suite processing agent host machines in a cluster assigned to use SmartCipher.

  • The SmartCipher Rest API must be installed and available to all File Analysis Suite processing agent host machines in a cluster assigned to use SmartCipher.

    The SmartCipher Rest API must be configured with the following:

    • TLS

      IMPORTANT: File Analysis Suite will refuse to communicate unless the target is secured using HTTPS.

    • The certificate presented by the Rest API must be fully trustable by the File Analysis Suite processing agent host machines.

    • The Smart Cipher Rest API must be configured to use basic authentication. Basic authentication is not necessarily automatically configured during the SmartCipher Rest API installation. Full details are available in the SmartCipher documentation and summarized below for convenience.

      1. Ensure the Windows feature, Web Server (IIS) > Security > Basic Authentication, is installed.

      2. Ensure Basic Authentication is enabled for the Rest API web service (default cxAPI) and all other authentication methods are disabled.

        Locate and select the Rest API service and then open Authentication to verify.

      3. Validate the Windows permissions are set appropriately on the web application’s Physical path (default, C:\Program Files\Micro Focus\SmartCipher REST API Service) as desired.

        When configuring File Analysis Suite to interact with SmartCipher, a user must be provided. This may be a user local (<machineNetBIOS>\<username>) to the server hosting the Rest API instance or may be a domain user from a domain to which the server hosting the Rest API belongs (<domainShortName>\<username>). Ensure this user is granted at least the following permissions to this directory and it’s children.

        • Read & execute

        • List folder contents

        • Read

      4. Start and stop IIS.

    • To maintain encryption integrity, SSL must be enforced on the Smart Cipher Rest API Web Application.

      1. Open Internet Information Services Manager and then location and select the Rest API web service (default, cxAPI).

      2. Open SSL Settings.

      3. Ensure the Require SSL check box is selected.

Update the logon account for FAS services

On each processing agent host machine in a cluster assigned to use SmartCipher, the log on account for the FAS services must be in the host's Administration group and can logon as a service.

Complete this task after the agent is installed on the host machine and the necessary SmartCipher requirements are in place.

  1. On a machine hosting the processing agent in a cluster assigned to use SmartCipher, stop all the Micro Focus FAS services.

  2. For all FAS services, change the Log On account for all the services to a local or domain account that is in the Administrators group and has Logon as a service permission.

    If utilizing a web proxy, log into the agent host machine as the specified user and configure the system proxy information as appropriate. You can do so using Internet Explorer network connection settings, Chrome network connection settings, or “Internet Options” in the control panel.

  3. Run AccessHandler.exe and provide the requested information.

  4. Start the Micro Focus FAS-Agent Api service

  5. Start all other Micro Focus FAS services.

  6. Repeat for each agent host machine in a cluster assigned to use SmartCipher.