Previous Topic: Integration with Voltage SecureMailNext Topic: Requirements

Platform Deployment GuideIntegration with Voltage SecureMailOverview

Overview

You can configure CA DataMinder to detect, analyze, and apply policy to emails encrypted by Voltage SecureMail.

How does the integration work? CA DataMinder intercepts Voltage-encrypted emails passing through an email server and passes copies of these emails to a CA DataMinder policy engine. The policy engine establishes a secure connection to the Voltage SecureMail server, which provides the policy engine with an unencrypted version of the email. The policy engine can then apply policy triggers to the email as normal. When policy processing is complete, the policy engine calls back to the email server agent. The callback instructs the email server agent to either block the encrypted email or allow it to continue.

Note: The original encrypted email remains on the email server until policy processing is complete.

The key components are shown below. For simplicity, this diagram shows the Exchange server agent passing encrypted emails to a single policy engine.

Architecture diagram showing integration with Voltage SecureMail

Example deployment architecture: Exchange server agent integration with Voltage SecureMail

A employee (1) sends a secure email from their mobile device. The device is running the SecureMail app. The app connects to the Voltage SecureMail server (6) to authenticate the sender and encrypt the email.

The encrypted email passes through the Exchange server (2). It is intercepted by the Exchange server agent (2a) and forwarded to the PE hub (2b). The PE hub distributes a copy of the email to a policy engine (3).

The policy engine establishes a secure connection to the Voltage SecureMail server (6), which sends back an unencrypted version of the email.

The policy engine applies Outgoing Email triggers to the email and calls back to the Exchange server agent with the results of the policy processing (for example, 'block the email'). The resulting email event is replicated to the CMS (4).

If policy processing allows the email to continue, the original encrypted email is forwarded to the recipient (5). To decrypt the email, the recipient authenticates themself to the Voltage SecureMail server (6).

A reviewer (7) can search for email events in the iConsole. Unencrypted versions of emails encrypted by SecureMail are available to reviewers and are flagged as 'Secure' in the iConsole.