Tech Specs

Retain ships with embedded Tomcat, which requires you to install and use the embedded Tomcat. Instal­lation on an existing Retain system running a standard Tomcat installation will remove the current Tom­cat connection and install the embedded Tomcat featured with Retain. Installation instructions are found in the install section.

Before installing Retain, decide where everything should be installed. Once the support and core components are installed, the features and capabilities of Retain are the same no matter what platform it is installed on. You may spread out Retain’s compo­nents on different servers or run them all on one. VMWare ESX and ESXi is supported, but requirements are still in full effect and must be observed.

Retain may be configured in separate ways which heavily impact the requirements of the Retain server, indexing engine, database server, and locations dictate resource needs. Ultimately, the number of active users in the system determine the resource needs of the system.

• Dual-Core 3 GHz or better Processor
• Server requires 12 GB RAM free
• Apache 2.2.x or IIS
• Supported SQL Database
• Java Development Kit (JDK) 1.8 64-bit
  • Storage Space: As much storage space as messaging system requires
  • NOTE: The Retain system requires a minimum of 10 GB of free disk space or it will enter maintenance mode. Retain will send warning messages when there is less than 20 GB free space for the storage, index, and system. Messaging systems will have storage space requirements far exceeding the minimum and Administrators should look to the ‘Estimating Storage Requirements’ for minimum storage space estimation instructions.
• RAM: Memory needs will vary depending on the load and use of the Retain system, however, Java will automatically tune for the memory which is available on the server. Tuning depends on what is selected for installation. The installation will detect the amount of ram and automatically assign memory values as shown:
  • Less than 16 GB system memory:
    • 8 GB: Server and Worker
    • 6 GB: Server only
  • Less than 20 GB system memory:
    • 12 GB: Server and Worker
    • 10 GB: Server only
  • More than 20 GB system memory:
    • 16 GB: Server and Worker
    • 14 GB: Server only

In all cases where only the Worker is installed, the memory is tuned to 3 GB.

Retain Server, Retain Worker, Database, and Index engine housed on same machine and archiving less than 500 active mailboxes. The Retain Message Router should be installed on dedicated server in the DMZ.

• 12 GB RAM

Retain Server, Retain Worker, and Indexing engine on one server, separate Database server:

Disk space is dependent on the amount of email being archived and length of retention time. It is recom­mended to estimate two years of storage and adding additional space as needed. Storage speed is a determining factor for performance. SAN and local storage preferred. NAS is not supported.

NOTE: The Retain system requires more than space. Due to the storage of many small files, especially on systems archiving mobile message data, sufficient iNodes are also an issue. SLES 11 changed the way the EXT3 file system defaults, and unless modifications are made, the EXT3 file system on SLES 11 will become insufficient for large storage systems. For information on the limitations and how to fix it, see How to setup an EXT3 partition with more iNodes. If a substitute file system is desired, the XFS file system is flexible enough to mitigate the risk.

Retain utilizes many ports to facilitate communication between the different components and for com­munication with the different archived systems. By default, Retain will use the ports listed below for the services listed below.

The Retain Server is the key component in the Retain system. Other Retain processes communicate with the Server through port 48080 by default. The Server is always listening on that port regardless of how other components might be configured to communicate with it (i.e., SSL port 443).

• 48080 (TCP) Requires incoming access if any Retain processes are running on a server external to the server hosting the Retain Server
• The Server Requires outgoing access if the Reporting and Monitoring Server component has been installed on a server external the server hosting the Retain Server. See also the Reporting and Mon­itoring component in this article
• 48009 (TCP) The AJP (Apache JServ Protocol) port is used by for communication between the web server and Tomcat. Since both should reside on the same server, there are no external port access requirements. 80 / 443 (TCP–HTTP / HTTPS) Requires incoming access to reach the Server web interface
• 25 (TCP) Requires outgoing access so that the Retain Server can send email notifications on server errors, job statuses, and job errors. Outgoing access to Database Management System (DBMS) port. This depends on the database system you are using. See the “Database Manage­ment Systems” section of this page

Other ports will also need to be opened on the server hosting the Retain Server depending on the mod­ules being used.

The Retain Worker is the component that pulls the data from the messaging source, whether that be an email system, social media application, or mobile device.

• 48080 (TCP) Requires outgoing access if on a server external to the Retain Server.
• 80 or 443 (TCP HTTP or HTTPS) Requires incoming access to reach the Worker web interface

Other ports will also need to be opened on the server hosting the Retain Worker depending on the mod­ules being used; and, in some cases, on servers hosting the messaging system Retain will be archiving.

The Message Router is for customers of the Retain for Mobile module. The Message Router connects with mobile devices to handle SMS message log forwarding, BBMP device configuration. It typically would sit inside a DMZ.

• 443 (TCP) Requires both incoming from and outgoing access to the Internet as well as incoming from and outgoing access to the Retain Server
• 111/2049 (UDP / TCP) for NFS Client services. (Only required if not using REST) Requires outgoing access if the Worker is not on the Message Router server so that it can place the logs on the Worker's server. Samba can be used, but NFS seems to be more reliable

Other ports may need to be considered for NFS to work properly.

It is up to the customer to do this research to get NFS services to work properly.

New to Retain v3.4, this process provides archive job and server reporting and monitoring services. It is not installed by default unless specifically selected during the installation process.

• 48080 (TCP) Requires both incoming and outgoing access if on a server external to the Retain Server.
• 80 / 443 (TCP) Requires Incoming access to reach the R&M Server's web interface
• 25 (TCP) If running on a server external to the Retain Server, then it requires outgoing access

The Retain Stubbing Server is the component that provides stubbing services to the Retain Server. It is rarely used or installed by customers. See the Administration and Users Guide for a listing of its advan­tages and disadvantages.

• 48080 (TCP) Requires outgoing access if on a server external to the Retain Server
• 80 / 443 (TCP) Requires incoming access to reach the Stubbing Server web interface

The following are the default ports these database management systems use, but they are configurable within those systems. Requires incoming access for the database server and outgoing access on the Retain Server.

• 443 (TCP) Requires outgoing access. Retain uses SSL to connect with Office 365 to authenticate users logging in to Retain
• 80/443 (TCP) Requires outgoing access to the Retain for Social Media proxy server appliance. Retain will make an http connection and request the "bundles". See also the Retain for Social Media (RSM) Proxy Server component in this article

7191 (TCP) Requires outgoing access so that the Retain Server can download the Address Book. This is the default SOAP port the GroupWise POAs use, but this is configurable and is dependent upon the POA agent setting in GroupWise.

• GroupWise 8.01 or above (8.01, 2012, 2014, 2014R2, 18)
• SOAP port must be enabled on all POAs to be scanned for messages
• SSL is supported, but significantly impacts performance

• 80 / 443 (TCP HTTP/HTTPS) on the Worker server. Requires outgoing access. The autodiscover process will attempt https to the CAS server(s) for connecting to Exchange mailboxes. If that fails, it will use port 80 as a last resort. If Exchange/autodiscover/EWS are set up properly, only port 443 should be necessary
• 3268 or 3269 (TCP). Requires outgoing access. It uses one of these ports for LDAP lookups to the global catalog host, which is the primary database server for Active Directory.
• Port 3268 for plaintext and 3269 for SSL (recommended)
• 53 (UPD). Requires outgoing access. It's the port used by DNS. Retain will do DNS lookups during its autodiscover process
• Exchange Server 2013
• Exchange Server 2016

• 443 (TCP) Requires outgoing access for the Server (address book sync) and the Worker (it attempts to use the Gmail API for archiving; if that fails, it reverts to IMAP, thus the need for port 993 as described below)
• 993 (TCP). Requires outgoing access for the Worker(s) only. Under certain circumstances, the Worker may switch to using IMAP over SSL when requesting email from Gmail