Think about this scenario: a department neet to protect an account and password table, but, it cannot be provided to the DLP administrator to create the EDM index as it's sensitive to other department.
Remote EDM Indexing enables the owner of the data, rather than the DLP administrator, to index the data on a remote machine.
Here are the graphical steps to implement Remote EDM Indexing.
We just assume that the data needed to be protected is an account/password table, just like this:
Image may be NSFW.
Clik here to view.
1. Firstly, install Remote EDM Indexer on the machine of the data owner. The Remote EDM Indexer is installed from the same installation program as the other Symantec DLP components. Run the ProtectInstaller64_14.6.exe:
Image may be NSFW.
Clik here to view.
2. Choose to install the 'Indexer' only and no other components:
Image may be NSFW.
Clik here to view.
3. The Remote EDM Indexer is named RemoteEDMIndexer.exe under the SymantecDLP\Protect\bin:
Image may be NSFW.
Clik here to view.
4. From DLP Enforce console, select 'Manage' - 'Data Profiles' - 'Exact Data':
Image may be NSFW.
Clik here to view.
5. Click 'Add Exact Data Profile':
Image may be NSFW.
Clik here to view.
6. Enter a name of the profile, in the 'Data Source' field, select 'Use This File Name', and enter the name of the index file to create with the *.edm extension; input the number of columns; select 'Column Separator Char' and 'File Encoding' accordingly:
Image may be NSFW.
Clik here to view.
7. Do not select any Indexing option, click 'Finish' to complete the profile creation process:
Image may be NSFW.
Clik here to view.
8. Download the EDM profile by click 'download profile' link:
Image may be NSFW.
Clik here to view.
9. Save the EDM profile as a file with *.edm extension:
Image may be NSFW.
Clik here to view.
10. Assume there are three folders, the 'account-password-source' for the source file to be protected, the 'account-password-index' for the EDM profile file that downloaded in step 9, the 'account-password-index-result' for the Remote EDM Profile result:
Image may be NSFW.
Clik here to view.
11. Copy the source file to be protected into 'account-password-source' folder:
Image may be NSFW.
Clik here to view.
12. Copy the EDM Profile file that downloaded in step 9 in the 'account-password-index' folder:
Image may be NSFW.
Clik here to view.
13. Run Windows cmd, change the directory to the Remote EDM Indexer installed, run this command to generate the remote index files:
RemoteEDMIndexer.exe -data=C:\account-password-source\account-password.txt -profile=C:\account-password-index\account-password.edm -result=C:\account-password-index-result
confirm the command run successfully:
Image may be NSFW.
Clik here to view.
14. After the indexing process completes, the Remote EDM Indexer generates several files in the specified result directory. There files are named after the data file that was indexed, with one file have the .pdx extension and another file with .rdx extension. The system generates 12 .rdx files:
Image may be NSFW.
Clik here to view.
15. Copy all the index files with .pdx and .rdx extensions to the index directory on the Enforce Server which is located at \SymantecDLP\Protect\Index:
Image may be NSFW.
Clik here to view.
16. From DLP Enforce console, select 'Manage' - 'Data Profiles' - 'Exact Data', click the name of the Exact Data Profile used with the Remote EDM Indexer, select 'Load Externally Generated Index' of the 'Data Source' field, click to select 'Submit Indexing Job on Save' of the 'Indexing' field, then click 'Save' button:
Image may be NSFW.
Clik here to view.
17. Finally, you can select to add this EDM rule to a detection policy:
Image may be NSFW.
Clik here to view.