Tuesday Jun 14, 2011

IRM Hotfolder update - seal docs automatically

wrapper linkAnother update of the IRM Hotfolder tool was announced a few days ago - 3.2.0.

The main enhancement this time is to preserve timestamps, ownership and file system permissions during the automated sealing process. Earlier versions would create sealed files with timestamps reflecting the time of sealing, and ownership attributed to the wrapper utility, etc. This version lets you preserve the properties of the file prior to sealing. 

The documentation has also been updated to clarify the permissions needed to use the utility.

For those who aren't familiar with the IRM Hotfolder, it is a simple utility that uses IRM APIs to seal and unseal files automatically by monitoring file system folders, WebDAV folders, SharePoint folders, application output folders, and so on.

Friday Jul 16, 2010

New version of IRM Hot Folders, 2.2.0

Activity galore at the moment, a new release of IRM 11g in the past month, the IRM Wrapper utility was born and released and now an update to the very useful HotFolders application. A feature request from a few days ago has already been written into the handy tool, allowing an integration of the IRM Wrapper and HotFolders. Essentially HotFolders monitors a folder for new files and then automatically seals them to a predefined Oracle IRM classification. However it only worked for the formats that are supported by Oracle IRM.

The IRM Wrapper however addressed the use case where people wanted to just use the Oracle IRM service to encrypt and securely deliver/store ANY file. Whilst this doesn't come with any of the superb persistent document and email security controls that ensures constant protection of IRM supported files even in use. It does mean that you can leverage the same scalable classification system in IRM to protect the transfer and storage of sensitive files. This is a nice and simple encrypted delivery mechanism, much like PGP, but with a more scalable and usable classification system behind it.

So the latest version of HotFolders, 2.2, now has the ability to wrap files in IRM encryption. This means you can now monitor a folder, and ANY file that is placed in it will be protected with Oracle IRM. Supported formats will gain persistent protection, whilst non-supported formats get wrapped with encryption. Keep an eye out on the blog, we will soon have an update to the IRM Wrapper utility as well...

As a reminder, here is the list of the functionality available in this utility.

  • NEW! "Wrap" files in previously non-sealable formats using core IRM encryption/classifications
  • Easy to configure
  • Automatically scan and seal multiple file system folders, and sub-folders
  • Warn, delete or quarantine when unable to seal
  • Support for multiple IRM Servers
  • Cross-platform (Java and IRM web services)
  • Support for any network-accessible file system
  • Easily scheduled using cron or Windows scheduler
  • Configurable file and console based logging, with log rotation
  • Fully internationalised (but only EN resource bundles supplied)
  • Pass files over-the-wire or by relative path (far faster)
  • Easy to configure, built-in scheduling
  • Huge performance improvements via in-memory caching of file modification timestamps
  • Automatically scan and seal SharePoint folders
  • Automatically scan and seal WebDAV folders
  • Automatically scan and seal web folders, content management and collaborative repositories
  • Easily develop Java plugins to perform post-sealing actions
  • Shovel - a file relocation plugin (return sealed files from quarantine to original locations!)
  • Full source code available on samplecode.oracle.com in a CollabNet TeamForge repository that includes a Subversion version control repository - so feel free to join the project and contribute your own source code (bug fixes, features, plugins, localisations, etc.).
  • Support for Oracle IRM 11g and Oracle IRM 10g servers.
  • Support for secure HTTPS connections between Oracle IRM Hot Folders and Oracle IRM 11g servers.
  • Checklist to guide you through the simple steps required to get Oracle IRM Hot Folders up and running.
  • Support for grid deployment (Oracle IRM core and sealing servers running on different hosts)
  • Optional prompting for credentials (so no need to store in configuration file)


Friday Jul 09, 2010

Oracle IRM Hot Folders correctly using SSL

In an Oracle IRM workshop in Europe this week one of the talented Sun security architects, Rene Klomp, who is now part of our security group found a few issues when working with the Oracle IRM Hot Folders application. As I am learning, most of the Sun staff are excellent communicators and Rene has blogged an article on how to ensure successful configuration of Oracle IRM HotFolders to communicate with the server using the secure SSL protocol. He also made a nice little YouTube video on the solution working and securing a test file.

Wednesday Nov 25, 2009

Moving secured documents between Oracle IRM Hot Folders

A customer recently asked how do they handle the following;

A document which is in IRM protected folder A is now moved to IRM protected folder B. In such a case what will happen to the classification tied to the document? Will the earlier classification remain with the document or the document will now inherit the new classification which is B.

The customer is looking at using our Hot Folders functionality which monitors folders for new files and automatically seals them to the correct classification. The problem is, what happens if a user moves a sealed document from one Hot Folder to another?

Oracle IRM Hot Folders can be configured to associate different classifications with the A and B folders and then take one of several alternative actions if it encounters a file sealed to the A context in the B folder:


  • It can warn (to the log) and do nothing. This is the default.
  • It can quarantine the file to another folder.
  • It can reseal the file to the B context.


In the last option the user account under which IRM Hot Folders is operating must have the appropriate rights in the source (A) and destination (B) contexts. Also - IRM Hot Folders (and the underlying IRM web services) only support resealing between contexts defined on the same IRM Server.

So it's the customer's choice as to what to do, no need to write any code, just configure the software.


Tuesday Oct 27, 2009

New version of Oracle IRM HotFolders released

Oracle has built an excellent website for people to share sample code and personal projects with the Oracle community. Over the coming months we are going to be sharing a lot of code we have been using for many years to help customers build rich IRM solutions.

The first project to hit this website is our HotFolders capability which monitors folders for new content and automatically seals documents to a preconfigured classification. Martin Lambert (Oracle IRM creator and HotFolders author) has just uploaded the latest version, 1.7, of this sample project.

Access the project here, https://oracle-irm-hotfolders-java.samplecode.oracle.com/, note that you will need to register a free Oracle Technology Network account. 1.7 brings some new features;


  • Post-sealing action plugins - v1.7 introduces a simple plugin architecture for extending the functionality of Oracle IRM Hot Folders. This allows Java developers to easily implement post-sealing actions for files sealed to the correct classification in designated folders (either automatically sealed by Oracle IRM Hot Folders or sealed to the correct classification before being added to the folder).
  • 'Shovel' file-moving plugin - The Shovel plugin moves correctly sealed files to a new location derived from its current location by regular expression matching. A use case is where a Data Loss Prevention (DLP) solution quarantines sensitive files to a quarantine folder where it is sealed by Oracle IRM Hot Folders and then returned by the Shovel plugin to its original location. The source code for Shovel is provided to assist developers in creating their own plugins.


Keep an eye on the blog, we plan to be releasing a whole raft of new sample projects and sample code over the coming months.


Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide


« July 2016