About the File Share Connector

Overview

• The BA Insight File Share Connector makes it possible to surface content from a file share using the SMB v2 and v3 protocols and secured via Active Directory A directory service for Windows domain networks. A hierarchical structure that stores information about objects on the network. Used to manage permissions and control access to critical network resources. users and groups into a single consolidated search index Contains data from your source system. Your search application instance (Elasticsearch, SharePoint Online, etc.) contains the search indexes. One search index per content source., along with content from other repositories. 

• For more information about the File Share connector's features and abilities, see https://www.bainsight.com/connectors/file-share-connector-sharepoint-azure-elasticsearch/.

Platforms Supported

• Amazon Kendra

• Amazon OpenSearch Service

• Azure Cognitive Search

• Elasticsearch

• SharePoint Online

• SharePoint On-Premise

• Solr

Supported File Shares

• Microsoft SMB file share

• Nasuni file share

  If you are using a Nasuni file share, ensure you satisfy the Nasuni specific instructions on the prerequisites and configuration topics.

Connector Server Requirements/Performance

Note the following details about the impact of your server BA Insight File Share connector.

The BA Insight File Share connector enables you to adjust the maximum number of concurrent requests processed by the connector in parallel. The maximum concurrent requests setting is located under the connector's General Settings configuration tab.

Impact of the connector activity on the file share(s):

• If the connector configuration is set to 8 threads (default), 8 parallel requests occur at a time, given a connector server with 8 available cores.

• After each request is served, a request for another item is made on the same thread and it goes on.

• How long each request takes depends on multiple factors:

  • Environment
  • Network bandwidth
  • Traffic
  • etc.

• If each request takes 1 second, the system "views" 8 documents/second.

• If this puts more load on the file shares and causes congestion for other systems, you can slow down requests from the connector by setting the number of threads to 4, 2, or 1. You can also go higher if there is room.

Preserving the permissions and security of File Share files.

The File Share connector reads the permissions that are set on the file share and its files during indexing. You can configure Connectivity Hub to use one of the following methods to honor Nasuni permissions at search time, based on the target A Target is a "pointer" to a specific instance of a search application, such as Elasticsearch. - (A Search application instance has one or more indexes) directory that is configured.

• The Active directory instance used by the File Share connector is also the Target Directory set up in Connectivity Hub.

• The Active directory instance used by the File Share connector is NOT the Target Directory set up in Connectivity Hub.

The Active directory instance used by the File Share connector is also the Target Directory set up in Connectivity Hub

In this case, the target directory in Connectivity Hub matches the directory used to secure the file share and the security will work with no additional configuration required. For example:

• If the file share instance is secured using an On-Premise Active Directory domain, the Connectivity Hub target directory must be the same domain.

  • Example: Microsoft Azure File Share: The BA Insight FileShare connector can index an Azure File Share as long as the Azure File Share and Connectivity Hub are connected to the same Azure Active Directory An identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments. Domain Services (AAD An identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments. DS) instance. For more information about AAD DS, see the Microsoft documentation.

• If the file share instance is secured using Azure Active Directory domain services, the Connectivity Hub target directory must be "Active Directory" and point to your Microsoft Azure Active Directory exposed as a domain service (Azure AD An identity and access management solution from Microsoft that helps organizations secure and manage identities for hybrid and multicloud environments. DS).

  • Example: Microsoft Azure AD A directory service for Windows domain networks. A hierarchical structure that stores information about objects on the network. Used to manage permissions and control access to critical network resources. Domain Service in ConnectivityHub: If your file share is secured though Azure Active Directory Domain Services, Connectivity Hub must be configured to use the Azure AD Domain Service as a target directory for users/groups translation. For more information, see Target Directory Configuration in the connectivity Hub documentation.

Custom security can also be set within Connectivity Hub based on business rules if matching the original security is not required. For more information, See Secure your content in the Connectivity Hub documentation.

The Active directory instance used by the file share connector is NOT the Target Directory set up in Connectivity Hub

In this case, security trimming on indexed files can only be performed if the SIDs from the Active Directory domain that is used by the file share can be used to look up users and groups in the target directory. For example, if the on-premise active directory is synchronized with the Azure Active Directory (Entra) instance.

If this condition is met, you can use a custom ACL script on the content source Content Sources do the following: Receive data from the Source System via the Connection, Filter the data it receives, Provide the results to the Target, Define the specific search index that contains the content you wish to index (and later search). to replace the existing permissions with the ids of the users and groups from the targetDirectory object.

1. Look up the corresponding user or group in the target directory using the TargetDirectory.GetUserByAttribute and TargetDirectory.GetGroupByAttribute methods.

2. Use the AddTargetUser or AddTargetGroup methods to add the corresponding users and groups from the target directory into the ACL.

3. Remove all source users and groups from the ACL at the same time.

For more information, see Security scripts and functions in the Connectivity Hub documentation. Refer to the following examples to see how different configurations and scenarios will impact how permissions and security are collected:

Example: Elastic Target and Smart Hub with Azure Active Directory

If the file share is based on a local Active Directory, but SmartHub is configured to use Azure Active directory synchronized with the local Active Directory, the ACL script is able to convert permissions at crawl time. Thus, Smart Hub can check permissions against Azure Active Directory.

Example: Microsoft Search Target with Azure Active Directory

If the file share is based on a local Active Directory, but MS Search is configured to use Azure Active directory, then the ACL script converts permissions at crawl time and permissions stored in MS Search index will contain Azure Active Directory users and groups. This way the built-in security trimming of MS Search works automatically.

Limitations

Note the following limitations for the File Share connector:

• Non-synchronized directory: If the active directory domain used by the file share is not synchronized with the Azure Active Directory configured in Connectivity Hub, and you must maintain the Azure Active Directory target directory in Connectivity Hub for other connectors (such as Exchange Online, SharePoint Online or Teams) then you should do the following:

  1. Deploy two instances of Connectivity Hub, hosted on separate servers:

     • Instance 1: Configure this instance with Active Directory (AD) and use it to crawl with the file share connector.

     • Instance 2: Configure this instance with an Azure Active Directory target directory and use it to crawl other BA Insight connectors that use Azure Active Directory for security trimming.

  2. Configure your SmartHub environment to use ASM stages for the relevant backends and the corresponding Connectivity Hub instance.

     If the BA Insight connector Target Directory is misconfigured, the users/groups securing the items will not resolve. Records are visible only to the content owner.

• Security changes on folders are not picked up during an incremental crawl Scanning and capturing only new data from all of your content sources. This data did not exist when the last crawl was run.. You must run a full crawl when the security changes on folders.

• The File Share connector cannot be used in PowerTools.