Box volume configuration notes
Learn about the prerequisites and special considerations for Box volumes. Box volumes can be added only from IBM® StoredIQ® Administrator Administrator.
To complete the prerequisite configuration steps on the IBM
StoredIQ application stack, you must be logged in as siqadmin user.
- Every application stack requires a dedicated Client ID. Each Client ID has its own Redirect URL that points to the IBM StoredIQ application stack. To create the application, log in to developers.box.com. Click to get client_id, client_secret, and redirect_uri
- In the Box application, set redirect_uri to https://x.x.x.x/proxy/enamel/1.0/oauthtokengenerator/box, where x.x.x.x is the hostname/IP address of the application stack with which the user logs in.
- In the Box application, select the following Scopes options:
- Read and write all files and folders
- Manage an enterprise
- Manage an enterprise's managed users
- Manage an enterprise's groups
- Manage an enterprise's properties
- Manage an enterprise's retention policies
- Before Box volumes are added, the Client ID, Client Secret, and Redirect URI must be stored in an application stack oauth.conf file. You can edit this file by using the edit_etc_siq_oauth_conf command. After the oauth.config file is modified, restart the uwsgi service by running this command: systemctl restart appstack-uswgi.service
- Each Client ID must have the As-User capability that is enabled to allow harvests and data discovery.Note: Customers must contact their Box support representative to enable this permission. They also need their Client ID.
- The application stack must be configured for SSL access, and it must have access to the Box authentication endpoint on api.box.com. If the application stack was deployed without SSL enabled, run certcfg and follow the instructions on the Certificate Configuration screen.
- A data server that manages a Box volume must have access to api.box.com.
- The Application Settings for the Box Enterprise Account must not disable unpublished applications from accessing the account. Clear the Unpublished Applications checkbox when you configure Application Settings.
When you copy to Box, by default the owner of a source content is mapped to the Box user only if the corresponding user is administered by the Box administration account. This way the contents can be copied to the mapped user account in Box. Additionally, the folder hierarchy of the source volume can be reproduced, but it is rooted in the home folder of the user.
When the user configures a copy action with Box as the target set from IBM StoredIQ Administrator, the user can optionally enter a destination directory. The user also can harvest the copied files by selecting or deselecting Do not auto-harvest destination volume after copy.
- Mapping
- Map permissions from source to destination maps access permissions from the source to Box folder collaborators. Mapping preserves owners from source to destination volume.
- Preserve version chains on destination
- Creates version chains in Box during the copy action.
If an infoset that is copied to Box contains an archive file along with members, then IBM StoredIQ copies only the archive file. The members of the archive file are skipped and audited in Policy Audits.
- File name
- Same as source.
- Description
- Same as source.
- Owner
- Same as source based on mapping heuristics that apply only to CIFS and SharePoint. Box administrator's user name in all other cases.
For CIFS, if single sign-on (SSO) that is based on Active Directory is configured and the IBM StoredIQ data server can locate the Active Directory Domain Controller by using DNS, IBM StoredIQ uses the E-mail attribute from the Active Directory user profile of the owner of a source data object and tries to match it with the email address of a user in Box. If the owner of a data object does not have an email address in Active Directory Server, or if owners of data objects that are not defined in Active Directory Server cannot be mapped, owner mapping fails.
If the IBM StoredIQ data server cannot locate the Active Directory Domain Controller, IBM StoredIQ uses the owner name itself and tries to map it to a Box User ID. Owner names in CIFS are typically in the form of domain\username, whereas email addresses in Box are in the form of localpart@domainname. In this particular case, IBM StoredIQ maps only username to localpart of an email address in Box in a case insensitive manner.
For SharePoint, the mail address property of the source content owner must be matched with the Box User ID, where Box User ID must be managed by the Box administrator account and Box User ID is the mail address of the user. If the mail address is not available, the display name of the source content owner must be matched exactly with the display name of the Box user. If IBM StoredIQ cannot find a display name for the SharePoint user, then the username part of a SharePoint login name is mapped to the localpart of an email address in Box. For example, username in domain\username is mapped to localpart in localpart@domainname.
No user mapping takes place if the conditions that are described are not met. Then, all content is copied to the administrator account of Box.
- Size
- Same as source.
- Created
- Same as source.
- Modified
- Same as source.
- Box Notes and Bookmarks are skipped during a Copy From Box. Skipped information is recorded in Policy Audits.
- If multiple versions exist, all versions are copied to the target. If the target data source does not support versioning, then the copied files have version numbers that are appended to the file names.
- Box metadata, except for Created At and Modified At, is not copied when files are copied from Box.
- Source file owner name is not mapped in the destination volume. Instead, all of the copied files have an owner_name: user name of the target volume.
IBM StoredIQ supports copying to Box from CIFS, NFS, and SharePoint source volumes. However, only copying documents and files to Box is supported. Copying social or collaboration content types such as Wiki pages, blog posts are not supported. IBM StoredIQ also supports Discovery Exports from Box. Box Notes and Bookmarks are exported as MHTML files. An export for a Box Note carries the textual content of the Box Note. An export of the Box Bookmark has no textual content but only metadata.
Each StoredIQ data server contains a CSV mapping file, which includes a set of CIFS and SharePoint standard properties that are mapped to the custom Box properties. The mapping file is on the data server at /deepfs/data/mapping_file/box_mapping.csv. The mapping file can be edited as required but for the changes to take effect, services need to be restarted on the StoredIQ data server.
StoredIQ can index a list of collaborators who work with a document in Box. If an ancestor folder of a document is shared for collaboration, then each collaborator is indexed by StoredIQ with information about the User ID, email address, name, and role of the user. Incremental harvests in StoredIQ currently do not pick up changes to collaborators for a document. A full harvest might be required to get the index up-to-date concerning collaborators for documents.
Box notes cannot be viewed through the Data Object Viewer in IBM StoredIQ Data Workbench.
When an external user who is not native to the organization collaborates a folder with users who are managed by the administrator, the folder is not indexed if the Box volume was added with the credentials of the administrator. This kind of collaborated folder can be harvested only if the Box volume is added with the credentials of the managed users who were invited to collaborate on the folder by the external user.
When files or folders are deleted in Box, they are moved to the Trash folder in Box. Currently, contents in Trash are not indexed by StoredIQ.