Best practices and other information. Please add to and modify this list as appropriate
Server configuration
- SQL Server hardware configurations for Identity Finder's Console Server
- Communication with clients
- All communication between the clients and the service is encrypted regardless of whether https is used. ID Finder tech support says: "For the /Console access HTTPS is fine, however there could potentially be issues with the /Services application (/Services is what the client uses to send data to the console). The issue is that if the HTTPS certificates are not fully trusted on the client, then it will not allow communication with the server. HTTPS is not necessary on the /Services application because the Identity Finder Client will encrypt all data with AES encryption before sending it to the server. Our recommended configuration is to have HTTPS enabled for /Console but not for /Services. If you are unable to use this type of configuration let us know and we can try and help you get HTTPS working for /Services."
- If server is unavailable, clients store report information until server can be contacted
- Clients update their policy settings from the server every 5 minutes (300 seconds) by default. This can be changed via the policy/registry setting Console\pollingInterval). The server never inititates a connection to the client - the client always initiates, which makes client firewall management much easier.
Client configuration
- Draft MSI configuration and server policy configuration for CALS
- Command line switches
- What files does Identity Finder scan?
- File extension exclusions
- ILR's v.3.x Client registry settings
- ILR's v.3.x client autorun scripts
Issues and concerns
- Clients cannot scrub Office docs older than version 2007
- Does not scan Filemaker files reliably (especially post FM V.6)
- Crashing with the Mac client