I am often asked how it is possible to seal en mass lots of files against an Oracle IRM server. There are many ways to do this via our APIs and prebuilt tools.
Sealing a folder with the Windows Explorer integration
The simplest method by far is by simply right clicking on a folder in Windows and selecting "Seal To..." Installing the Oracle IRM Desktop gives the user the ability to seal an entire folder structure of content directly from Windows Explorer. All you need are rights to seal in a context (be given a Contributor role) and have the Oracle IRM Desktop installed.Limitations of this method are being able to insert any form of logic in the process. Performance wise it should be just as quick via this method as any other. I tried this on my little laptop, I have a documents folder of about 600mb in size and made a copy. This folder contains all sorts of content, some already sealed and some in a format Oracle IRM doesn't support. I timed how long it took to seal 445 supported files by a right click and seal, it completed in about 45 seconds. Not a bad result on a little laptop hard disk (320GB, 5300RPM).
smBatch.exe
For slightly more control you can use the command line driven utility that is available in the Oracle IRM Developers SDK. This tool uses the C++ interface and the source code for it is included as part of the SDK. It takes a set of parameters as follows. This allows for a really easy way to include sealing as part of an existing batch process that can call out to the shell passing in the details of the content to be sealed.
smBatch (DSE v5.5.9.95), Copyright (c) 1996, 2007, Oracle. All rights reserved.
use: smBatch
-licserv <license server URL>
-publisher <publisher ID>
-aemail <administrator email>
-apwd <administrator password>
-contentset <content set name>
-category <category>
[-sealedfileschema <major.minor.revision>]
[-dryrun <Run the program without sealing the files. For debug purpose>
[-batch <Batch file for multiple sealing of i/o files, mime and item code>
[-metadata <full path to metatdata file>]
[-mime <sealed MIME type>]
[-version <version code>]
[-item <item code>]
[-time <publication time in format 25 Aug 2000 16:30:00 EST>]
[-cipherlen <number>]
[-plainlen <number>]
[-period <number>]
[-streaming <on|off Disable chunking if switched to off; default is on.]
[-semail <source email>]
[-spwd <source password>]
[-pxuser <proxy username>]
[-pxpwd <proxy password>]
[-pxhost <proxy host url>]
[-pxport <proxy port number>]
[-impersonate <login name of user to impersonate>]
[-simpersonate <login name of source user to impersonate>]
<infile> [<outfile>]
e.g. smBatch -lic seal://licence.www.oracle.com:80 -pub mypub-001
-aem myname@mydomain.com -apw topsecret -cont cs_1 -cat cat_1
-pxhost 10.2.3.54 -pxport 77 -stream off -pxuser mickey.mouse -pxpwd disney
-t "25 Aug 2000 16:30:00 EST" example.pdf
Calling the Dynamic Sealing Engine (DSE) API
For the ultimate in control you can use the DSE API which is available in Java, C++ and COM. An example of this use in a Javascript function is;
function fnSealFileActiveX (strLicenseURL, strPublisher, strAdminAccount, strAdminPassword, strContentSet, strCategory, strItemCode, strFilePathname, strSealedFilePathname)
{
try {
var objSealer = new ActiveXObject ("SealedMedia.DynamicSealingEngine");
objSealer.SetLicenceServerURL (strLicenseURL,30);
objSealer.ItemCode = strItemCode;
objSealer.username = strAdminAccount;
objSealer.password = strAdminPassword;
objSealer.publisherID = strPublisher;
objSealer.contentSet = strContentSet;
objSealer.category = strCategory;
objSealer.SealFile (strFilePathname, strSealedFilePathname);
}
catch (e) {
throw e.description + " " + e.number;
}
return true
}
Using Web Services to seal files
Finally there is the option to be totally platform and language independant by using the Web Services interfaces on the Oracle IRM server. There is an excellent tutorial of how to get this up and running over on OTN. Using Oracle IRM Web Services with Eclipse WTP 1.5.4. However this is not going to be the best bet for performance as you will be sending all the content over the network to the IRM server, which will seal it and then pass the entire, encrypted file back to the calling client over the network.So in summary, plenty of options to fine ways of sealing existing repositories of files using Oracle IRM.
Comments (4)
Thanks for the summary - but is there an easy way (not using the web services) to "reseal" (unseal and then seal in another context on another server) many documents?
Posted by Georg | March 5, 2009 12:17 AM
Posted on March 5, 2009 00:17
There is indeed an easy way to reseal or reclassify content without using the programmatic methods described by Simon. In the same way that the IRM Desktop provides a Seal To... option in the Windows Explorer menus, it also provides a Reseal To... option. This option may be applied to multiple documents and even to a cascade of folders.
Of course, the users' rights control the extent to which they may use this option. A user needs to have the right to reseal information from its current classification into the target classification. This is another advantage of the classification-based approach that Oracle IRM takes - you can control, for example, whether Board documents may be reclassified as Company Internal documents, and if so by whom.
Note that this task typically does NOT involving unsealing the documents - that would create a sizable security risk.
Posted by Martin A | March 28, 2009 1:55 AM
Posted on March 28, 2009 01:55
May be you know how to delete unsealed files after sealling using smBatch.
I've tried to find some information in Internet, but I don't successed.
Posted by Sofya | October 27, 2009 12:30 PM
Posted on October 27, 2009 12:30
Sofya, I would recommend looking into using our HotFolders code, this allows you to mass seal content and it automatically deletes content. You can get access to the project here...
http://blogs.oracle.com/irm/2009/09/oracle_irm_hot_folders_now_in.html
Posted by Simon Thorpe
|
October 27, 2009 3:33 PM
Posted on October 27, 2009 15:33