Data Vault Reference

The Data Vault is a software component that installs as a Windows service on a network computer/server. The purpose of the Data Vault is to provide a central repository for all recorded events from all Spector Client (Client) computers.

Spector CNE can be configured so that the Data Vault is not used. In this configuration, each Client computer stores the recorded events locally on its hard drive, only to be deleted according to the Client configuration. In this scenario, the data files containing the recorded events would be accessed remotely over the network using a file share.

Note: If the Client is configured without a Data Vault, there is no provision for security, backup, or off-line access to the recorded events of the individual computers. It is not recommended unless you are working in a small network or you only have need to review the most recent activity of the computers and you are not interested in archiving or off-line access.

The Data Vault must be installed on all network computer, which all Clients will be able to communicate with at any time. Servers are rarely turned off or removed from the network. For this reason, a server is an excellent candidate on which to install the Data Vault. In addition, servers typically have access to a large amount of storage space that will be needed for archiving all the recorded events from the Client computers. Communication between each computer and the Data Vault is accomplished through an IP Port. IP Port 16769 is configured by default.

If the Client computer loses communication with the Data Vault, in such case as a network problem or the computer is a laptop temporarily removed from the network, then all events will continue to be recorded on the computer. When communication with the Data Vault is restored, all recorded events will be stored to the Data Vault and deleted from the computer.

The Data Vault service runs continuously, receiving recorded events from each monitored computer and storing those events in a Windows folder.

The Data Vault storage folder contains a subfolder for each computer from which it received recorded events
The subfolder has the same computer name as the monitored computer
The recorded events for each computer are stored as files within the subfolder corresponding to the computer name of the monitored computer

The data files are in a proprietary compressed and encrypted format. They cannot be read without the Spector Viewer
There will be a single data file for each computer that contains all of the recorded Keystroke, Web site, Program, Email, Peer to Peer, and Chat/IM events for a specific day
There may be multiple data files for each computer containing the Snapshot events for a given day
The date and timestamp on the files can be used to facilitate the archiving of the data files from the Data Vault folders. The date and timestamp of the data files in the Data Vault refer to when the events were communicated to the Data Vault, and do not refer to when they were recorded on the computer
You can configure the Data Vault to automatically delete aged data files or keep them indefinitely. Configuring the Data Vault so that it does not delete data files allows for an external backup and archive procedure to control when data files are removed from the Data Vault

Data Vault security is controlled through the Windows file permissions of the Data Vault folders. By default, the CNE administrator has full access to the Data Vault folders in order to store the recorded events received from the computers. Additional permissions to the Data Vault folders would need to be added for non-CNE administrators to view the recorded events

Additional security can be enabled by configuring the Data Vault to have a Data File Password. If a Data File Password is configured, this password is used by the Data Vault to encrypt the recorded events. Entry of the password is required each time the recorded events for a computer are accessed. The Data File Password is stored as part of each data file.

Remember the current password. Should the current password change, remember the password for the old archived data files. If recorded events are stored with a configured Data File Password, they cannot be retrieved without entering the correct password.

Multiple Data Vaults

In larger Spector CNE installations, it may become necessary to scale the CNE installation to use multiple instances of the Data Vault on additional servers. This will only be necessary if the Data Vault service receiving the recorded events from the monitored computers is unable to handle the volume of traffic being archived. This should only become an issue when you start configuring hundreds of computers. If the computer hosting the Data Vault is unable to support the volume of recorded events received from the computers, an additional Data Vault server can be configured to receive the recorded events.

In this configuration, computers with installed Clients will need to be configured for storage to the computer name of the additional installed Data Vault service.

Verify Service is Running

To verify that the Data Vault service is running, you should see the icon in the System Tray of the computer/server on which the Data Vault is installed. Selecting this icon will verify the configuration settings and provide access to the log file for this service.

Figure 1: Data Vault Dialog

Data Vault Configuration

The Data Vault is configured after installation through the Control Center.

Right click on the Control Center in the left pane
Select Properties
Select the Data Vault configuration tab

Figure 2: Data Vault Configuration

View Client Recordings

These options are not actually Data Vault settings, but are options that control where the Control Center loads event data files from a computer selected in the Monitor Computers view. The default is to load the data file from the corresponding file in the Data Vault.

If From Data Vault is selected, the Viewer will load the data files from a corresponding subfolder in the Data Vault configured in the Control Center. Example: \\DataVaultComputer\C$\spectordata\ClientComputer.
If From Spector Client Computer is selected, the Viewer will use the Administrator C$ share in order to load the data files from the data file folder on the computer. Example: Files are loaded from \\ClientComputer\C$\windows\system32\netext

Data Vault

The Computer Name displayed is the network computer on which the Data Vault is currently installed, that this installation of the Control Center is configured to manage. Select the Uninstall button to remove the Data Vault service.

Note: If the Data Vault service is uninstalled, any Client computers still configured for that Data Vault installation will be unable to store events in the Data Vault. The events will continue to be stored on the local computer. The Client configuration will need to be changed to reflect a new Data Vault installation.

The Listen IP Port displays the IP port number used for communicating with the computers. The default is 16769 and should not be changed unless you have encountered a conflict with other software on your network. If the IP port is changed, all Client configurations must also be modified to reflect this IP change.

Figure 3: Set Path Dialog

The Base Path setting displays the Windows folder path used by the Data Vault to store events from monitored computers. There will be a sub-folder below this path to store the recorded events for each monitored computer. Select the Manual button to change the base path for the Data Vault.

The Local Path setting is the fully qualified URL necessary to access the Server Path on the Data Vault from the Control Center. The Local Path is typically an administrator share if the Data Vault resides on a different computer than the Control Center. The Local Path is used by the Viewer to load the Client events for review.

The Server Path setting is the Windows folder path that will be used by the Data Vault for storing Client events. This must be a path accessible to the Data Vault from the computer the Data Vault is installed on.

The Save Files For setting allows you to specify how many days that Client data files should remain in the Data Vault before being deleted. If you are managing the backup and archival of the Client data files by an external process, this setting should be changed to indefinitely.

The Start Svr and Stop Svr buttons allow the Data Vault Windows service to be started and stopped. This is the same process as using the Windows service manager to stop and start the service. The Data Vault service is called Spector CNE Data Server.

The Set File Password button will configure a password that will be used by the Data Vault to encrypt all recorded events received from the monitored computers. When the data files are loaded, the Viewer will require this password in order to decrypt the events and allow them to be viewed.

Warning: You will not be able to view recorded events from a data file that has been password-protected without entering the correct password.

The View Svr Log button will display the Data Vault log file. This information may be requested by Spector Soft technical support representatives for diagnostic purposes.

SQL Settings

These settings are for future use and are not currently supported.