ECC overview
1. Component overview
  1. ECC Server
  1. ECC Administration Console
  1. ECC Client
1. Deployment overview
  1. 1. Preparation
  1. 2. Installation
  1. 3. Configuration
  1. 4. Test
  1. Deployments beyond the local office

ECC overview

Enterprise Collection Center (ECC) consists of several components running on multiple computers. These components work in concert to configure, schedule, perform and monitor collection jobs and other collection-related tasks.

Component overview

Nuix Enterprise Collection Center consists of three components: Server, Administrative Console and Client. These components each perform different functions, described, below. Specific hardware and software requirements for each component are presented later.

ECC Server

The ECC Server coordinates activity among computers running ECC Client and ECC Administration Console. In addition, the ECC Server performs auxiliary functions, including the generation of recurring collection jobs, and sending email notifications (requires access to a separate SMTP server).

Only one ECC Server is typically needed at a given location. Each ECC Server supports simultaneous connections with up to 50,000 ECC computers; however, a limit of 5000 endpoints per ECC Server is recommended to ensure performance. All communications between the ECC Server and the other ECC components are secured via AES-256 encryption.

The Server does not store collected files. It only stores collection-related details and ECC system information in a database. Disk space requirements are moderate. Larger installations with more than a thousand ECC Client computers should use a relatively powerful server; contact Nuix for server sizing guidelines.

The ECC Server has self-monitoring capabilities: it notices status changes and sends email notifications when collection jobs complete. Email notifications can also be sent whenever a collection job fails, or whenever various ECC events occur.

ECC Administration Console

ECC Admin Console provides the user interface for ECC. It enables Collection Administrators to set up cases and collections, and to schedule, manage and monitor them. Admin Console is also used to configure targets, custodians, groups and file selection criteria. ECC settings, including ECC Client activation (key pairing), ECC Client communication options, email notifications and server connection profiles are also configured via ECC Admin Console. In addition, each endpoint running ECC Client can be reached from the Admin Console, via the Filesystem Browser and Remote Terminal features.

ECC Admin Console can be launched from any Windows, Linux or Mac computer with a modern web browser that can reach the ECC Server. ECC Admin Console does not need to be running when a scheduled collection begins.

ECC Client

ECC Client is installed as a service on each computer that will run ECC jobs, such as file collection or disk imaging jobs. Files may be collected from Targets residing on a local volume, a network share or a SharePoint site. Collected data is saved to destination paths, such as a local folder, a share on a file server, or an Amazon S3 bucket. Collected data can also be relocated to another ECC Client computer. ECC Client also enables Filesystem Browser and Remote Terminal access from Admin Console.

The Collection Administrator may need to consult with the Systems Administrator to determine the computers that will receive an installation of ECC Client. For details refer to the topic Selecting Computers to Run ECC Client.

Deployment overview

This diagram shows the basic steps for installing and configuring the various Collection Center components:

Deployment overview diagram

Installations of Enterprise Collection Center for larger companies typically require one or two days to fully install, configure and prepare for collecting. The time can vary depending on the size of the installation and the availability of computers to serve the various ECC roles (Server, Client, Destination, etc.). By comparison, small installations can be completed in a matter of hours, while demonstration installations can be up-and-running in less than an hour.

A typical deployment in a larger production environment generally occurs in four phases:

1. Preparation

Determine whether separate collection Destinations (network shares on designated servers or NAS drives) are required for each network segment or VLAN. This will mitigate the impact of network traffic generated by collection activity.

Evaluate the distribution of custodian computers across the network. And check if they are spread across multiple network segments.

Check if there are custodian computers residing in branch offices or home offices accessible only via VPN tunnels. These may require local ECC destinations.

Establish destination shares on designated servers or NAS drives, or destination buckets on Amazon S3.

Ensure adequate disk space exists on each destination.

* Purchase and deploy additional hardware for collection storage, if necessary.

Extract list of computers from Active Directory, filter for custodian computers, and add custodian computers to a new Active Directory security group.

Grant the new ECC security group access rights to the destination shares.

* Purchase and deploy a computer to run ECC Server, if a dedicated computer is not available.

Prepare a computer for ECC Server including latest updates.

* Prepare a list of file locations that need to be collected across the organization, including:

The name of the custodian responsible for the files at this file location.

The computer where the files reside, as well as the volume, share or folder name.

The filename extensions to be collected, and any file attribute restrictions (e.g. date ranges).

The access rights required to access these files.

The network segment (e.g. the VLAN or subnet) and physical location of the computer where the files reside. This is for planning collections across larger networks.

Warning: * Starred items, above, may take significant time and delay the deployment.

2. Installation

As described above.

Note: The presence of ECC Client can be hidden from a casual user; for details see topic Obfuscated ECC Client Installations.

3. Configuration

As described above.

4. Test

In ECC Administration Console, run the New Collection Wizard to add a new Case, and to define a Collection that will survey or collect from selected Targets using specified Criteria. Schedule the collection to run immediately or in the near future.

Review the results of the test collection.

Verify that Job Stage Change email notifications were received.

Deployments beyond the local office

Several options are available for collecting data from beyond your organization's local network using Nuix Enterprise Collection Center. The advantages and disadvantages of each approach are discussed below.

Using VPN connections

VPN connection diagram

Collections within the organization's local area network are performed via Nuix ECC.

Collections from locations beyond the LAN are also performed via ECC. This requires the ECC Client program to be installed and running on each remote computer. This also requires a secure connection from each remote computer to the organization's primary network (where the ECC Server is located). These secure connections are typically made via VPN connections or leased lines.

Practical use cases:	Small to medium-sized file collections from remote locations, such as branch offices and employee home offices.
Advantages:	Quick and easy to setup. Requires only ECC and a VPN Collected data is saved to a destination at the primary office
Disadvantages:	Internet connection speed at either end is typically a significant bottleneck, requiring extended time periods to transfer larger data collections. Each endpoint being collected must remain online during the collection run to ensure data can be saved to the specified destination at the primary office.
Implementation details	VPN or leased line connection required at each ECC Client computer being collected from, as well as at the network where the ECC Server and collection destination are located.

Using Nuix Portable Collector

Diagram showing Portable Collector collecting from branch offices. Data is sent back and forth via delivery carrier.

Collections within the organization's local area network are performed via Nuix ECC.

Collections from locations beyond the LAN are performed using portable collection devices. These devices are external hard disks loaded with the Nuix Portable Collector program* and a pre-configured collection JobFile. These devices are shipped to the remote locations, where they are plugged in to remote computers -- typically via USB. Once connected the collection is launched by the local end-user. Collected data, reports and logs are stored on the portable collection device. When done, the device is disconnected, packed and shipped back to the organization's main office.

* a license for Nuix Portable Collector is included with each Nuix ECC license.

Practical use cases:	Larger file and disk image collections from remote locations, such as branch offices and employee home offices.
Advantages:	The amount of collected data is limited only by the size of the external hard disk. Does not require an internet connection. Depending on the size of the data collected and the available internet connection speeds, this method can be faster than collecting across a VPN.
Disadvantages:	Requires time and expense to prepare the portable collection devices, pack them and ship them to and from each remote location. Requires staff at remote locations to be involved in connecting the external hard disks and launching the collection process.
Implementation details	To prepare portable collection devices, Nuix Collector Suite must be installed on a Windows computer – typically in the organization's primary location. From this computer, file and disk image collection devices can be prepared for Windows, Linux and macOS computers (or all three on one external drive). External hard drives with high-speed connections, such as USB 3 or eSATA, are recommended. External hard drives with integrated cooling fans may be more reliable than drives lacking integrated cooling. Proper packing of external hard drives is essential to protect the data in transit. Original packaging from the product manufacturer may be ideal.

Cloud deployment

Network diagram showing ECC deployed in the Cloud, and saving data to the Cloud, from ECC clients behinds the corporate firewall.

The simple cloud deployment system utilizes an ECC Server and an ECC Client computer running on the internet and made publicly accessible. These two computers could reside on the DMZ side of an organization's network, or could be hosted in a private data center, or in Amazon Web Services, Microsoft Azure, or other cloud hosting platform. The ECC Client is marked as a "staging computer", enabling it to serve as the destination for collections from other ECC Client computers. The computers being collected from are located on public or private networks with internet access. These computers must have ECC Client installed. Data collected from these computers is saved on the ECC Client computer on the internet.

Security is ensured by the built-in encryption which ECC components use to communicate with each other, and also by implementation details discussed below.

Practical use cases:	Small to medium-sized file collections from remote locations, such as branch offices, employee home offices and offices of affiliated entities.
Advantages:	Easy to setup Requires only ECC Does not require a VPN. Can be used to collect from outside (affiliated) entities, such as clients or suppliers.
Disadvantages:	Requires public IP addresses for the ECC Server and the ECC Client computer serving as a collection destination. Internet connection speed at either end is typically a significant bottleneck, requiring extended time periods to transfer larger data collections. Each endpoint being collected must remain online during the collection run to ensure data can be saved to the specified destination on the internet. Collected data is saved on the internet. Measures must be taken to ensure the ECC Client and ECC Server computers located on the internet are properly secured.
Implementation details	If the ECC Server and ECC Client computer (the one serving as a staging/destination computer) are deployed to Amazon Web Services, a load balancer and Route53 public DNS records are recommended to ensure the public IP addresses for these two machines remain fixed. The ECC Server should be configured so that ECC Clients and ECC Admin Consoles must manually "pair" with the Server. This gives administrators the opportunity to restrict and approve which computers can connect to the ECC Server. The High-level API on the ECC Server should be disabled for security reasons. If integration between ECC and other Nuix products is required, the High Level API on the ECC Server can be enabled; however, HTTP must be disabled, and HTTPS must be enabled on the ECC Server (ideally using a valid SSL certificate issued from a trusted Certificate Authority).

Cloud deployment with additional security

Deployment diagram showing ECC Server and Clients behind the firewall, while a stand-alone WAMP router is deployed in the Cloud for extra security.

This option is similar to the previous Cloud Deployment option – except it is more secure, because only the Web Application Messaging Protocol (WAMP) router is exposed on the internet. The ECC Server is located on a private LAN behind a firewall and connects "out" to the router. The computers which are being collected from – or which are serving as collection destinations – run ECC Client. These ECC Client computers can be behind a firewall or not; however, collected data cannot traverse the internet under this option.

Nuix recommends using a DNS record for the WAMP router's public IP address to ensure SSL certificates for https can be properly configured, and to avoid having to reconfigure all the clients if an IP address changes. On AWS, this means using an ElasticIP address and/or having a load balancer to automate the AWS Route53 DNS configuration (this is a simple and routine way of configuring permanent public IP addresses on AWS, with little or no added cost).

Practical use cases:	Small to medium-sized file collections from remote locations, such as branch offices, employee home offices and offices of affiliated entities. Where security requirements forbid any collected data being placed on a public-facing computer.
Advantages:	Easy to setup Requires only ECC and the freely available crossbar.io WAMP router Does not require a VPN. Can be used to collect from outside (affiliated) entities, such as clients or suppliers. Collection speeds are not limited by internet connection speeds.
Disadvantages:	Setup is more complex than other deployment options. Requires public IP address for the WAMP router computer on the internet. Collected data must be placed on a computer residing on the same LAN as the ECC Client computers being collected from. May require additional measures to transmit data to a central office for consolidation and further processing. Each endpoint being collected must remain online during the collection run to ensure data can be saved to the specified destination on the internet.
Implementation details	Requires installing a WAMP messaging router – typically the freely available crossbar.io WAMP router. The computer running this router requires a static public IP address. This computer may also require an SSL certificate, firewall protections, and other measures to keep it secure.