Large File Send Standalone Connect

Document created by user.oxriBaJeN4 Employee on Sep 23, 2015Last modified by user.Yo2IBgvWqr on Apr 24, 2019
Version 2Show Document
  • View in full screen mode

Overview

 

Thank you for purchasing Large File Send and welcome to the first step towards improving the email experience of your organization. Large File Send Standalone will allow your users to send and receive files of up to 2Gb straight from their email applications.

 

Note: The ability to receive and applicable file sizes will depend on the level purchased.

 

Connecting to Mimecast is a relatively simple process, and is described below.

 

What Happens Now?

 

Once the commercial contracts are completed, our Connect Team will be in contact to begin your Mimecast implementation.  We break the implementation down into several Connect steps to keep it as simple as possible.  Each of these processes is detailed later in this article, but for now, it is important to understand the key milestones of enabling Large File Send.

 

Firstly, we collect some information which will be used to create your Mimecast account.  This includes details on email domain names and setting up a few extra pieces of local functionality that  will enable Large File Send for your users.

 

Understanding the Mimecast Infrastructure

 

Mimecast services are deployed and run from the cloud, utilizing a grid computing model that is capable of delivering an effective utility service to all our customers through a single, multi-tenant service.The Mimecast service is comprised of many individual devices, located across a network of highly resilient data centers.

Our SaaS delivery model means that implementation requirements are kept to the minimum in the  following three simple steps.

 

LFS_Overview.png

 

What is the Connect Process?

 

The Connect process is a series of steps that are required to implement Mimecast for your environment.  These steps will ensure that your Mimecast account is configured with the company specifics required to process Large File Send and to use any of the additional Mimecast services.

 

Note: Mimecast support team members will not have access to make changes to your infrastructure.  Guidelines and documentation is provided at each step in the process to assist you to make the required configuration changes.  If additional assistance is required, your Account Manager will also be able to provide you with a list of Mimecast Partners.

 

How do I Connect to Mimecast?

 

The Connect process for Large File Send Standalone customers is made of three (3) steps, which are detailed below.

 

Step 1: Request for information

 

The Request For Information (RFI) form is used to collect information about the customer environment before the implementation of Mimecast.  This form is the first step in the Connect process, and is issued to new customers when they sign up with Mimecast.  Once the RFI has been completed and submitted, the Connect team will create the customer Mimecast Account.

 

Note: This step is reliant on the organization's Technical Point of Contact (TPOC), who must return the information to Mimecast as soon as possible in order to proceed with the Connect.  

 

The RFI is used to collect information that the Connect team requires in order to prepare the new Mimecast account.  This includes information regarding domain names, and Administrator permissions that must be issued.  Customers will need to complete this form in order to implement Mimecast for their organization.

 

The RFI is issued in the first of 3 steps in the Connect process.  The form consists of 2 sections and is described in detail below

 

  • Email Domains
  • Address Validation

 

Domain Information

 

Mimecast uses the Domain information for the customer environment to verify that files that are sent are from a legitimate source.  All the Domain names that the customer controls and are configured to route through Mimecast should be listed, e.g. mimecast.com, mimecast.co.uk, mimecast.co.za, mimecast.za.net.

 

LFS_Standalone_Email_Domains.png

 

Recipient Validation Method

 

When files are received by Mimecast from addresses that are not present in the Internal Domains, a number of Security Checks are performed.  One of these checks includes the validation of the destination email address for the internal user's mailbox.  Several options for recipient validation are described below.

 

LFS_Standalone_Address_Validation.png

 

Validation Method
Description
Directory Synchronization

This preferred method of validation relies on the configuration of a Directory Connection.  Using LDAP/LDAPS, Mimecast synchronizes with the network controller automatically, and inbound email recipient addresses are compared to this list.  If the recipient is not present on the Directory, the email is Rejected.

 

Note: Active Directory synchronization is not supported in Office 365 and Google App environments.  All other Directories are supported, provided they use LDAP protocols.

Manual User List UploadUser email addresses are controlled in Mimecast manually or via spreadsheet import.  This option is useful for customers that do not manage a network controller, or want to manage email mailboxes in Mimecast that are not present on the network controller.

 

 

Note: It is possible to configure a different Verification method for each individual Domain name.

 

Step 2: Mimecast Account Creation and Getting Started with Large File Send

 

Once the Request For Information (RFI) has been completed, the Connect team creates the Mimecast account for the organization.  The account parameters are defined in accordance to the products and services that have been purchased by the organization, which can be reviewed within Account Settings once the account has been created. For more information on the available services, contact your Mimecast representative.

 

Connect_Mimecast_Account.png

 

Mimecast support engineers will define the Account for the organization based on the information received in the RFI.  Once the account has been created, the support team will issue the details to the organization's Technical Point of Contact (TPOC).  The support team will also implement the settings as specified in the RFI for the following areas:

 

  • Account Settings and contact information
  • Any other required Policies (on request)
  • Internal Domain names and Recipient Validation

 

Desktop apps and Large File Send

 

Large File Send enables users to send or receive large files directly through Mimecast when composing emails in Outlook, enabled by the Mimecast for Outlook add in or for Mac users on the Mimecast for Mac App.

 

During the download process you will be asked to provide a valid email address. Please be sure to use an address that has been designated by your organization as a Mimecast Technical contact.

 

For more information regarding configuration and usage of the applications, click on the related links below:

 

Large File Send

Mimecast for Outlook

Mimecast for Mac

 

Step 3: Recipient Validation and Confirmation

 

Once the organization's account has been configured, the next task to be completed is to synchronize a list of internal email users to Mimecast - either by email flow (as users send emails through Mimecast), import via spreadsheet, or synchronization with the network Directory (recommended).

 

Connect_Journal_AD_Sync.png

 

Recipient Validation is used when an inbound file is processed by the Mimecast Security Systems.  Although several options are available for each Internal Domain, it is recommended that LDAP validation is used (assuming Directory synchronization is to be implemented).  In this instance, for any email destined to an email mailbox that is not present within the customer network controller or email server, the inbound message is immediately rejected in protocol.  Mimecast will also be able to authenticate user and Administrator logon using the same validation method. 

 

Note: AD Groups can be used to manage user permissions for Mimecast services.

 

Review the relevant section below for your organization.

 

On-premise mail servers and Hosted Exchange (HEX)

 

In order to enable Directory Synchronization , the following steps must be followed:

 

  • The LDAP port needs to be opened on your firewall to the Mimecast Data Center IP Ranges.  By default, this will be port 389 for LDAP and port 636 for LDAPS
  • You will also need to ensure that the correct routing has been setup from the firewall through to the selected Domain Controller
  • A user account needs to be created within the directory which Mimecast will use for authentication purposes to enable the extraction of all valid email addresses, group structures, as well as any attributes that have been setup within Mimecast to be synchronized.  This account does not require any special permissions or a local mailbox, only logon and read rights.  The account’s password should be set so that it does not require to be changed at logon and does not expire
  • Review and complete the configuration steps outlined in the Directory Connections article for each required connector.

 

Note: Ensure that the Domain Controller has a publicly routable IP address configured, which Mimecast can access from the Internet. If LDAPS is used, ensure that the certificate is registered to the Fully Qualified Domain Name (FQDN) of the server. This is a Microsoft requirement, and means that LDAPS will not work unless the cert name is based on the FQDN of the server.

 

Office 365  

 

Office 365 does not support Active Directory integration.  User management is controlled manually through the Internal Domains or using a spreadsheet Import.

 

Note: For environments that use a separate Domain Controller, AD sync can be configured.  For more information on configuring Directory Sync, view the related article.

 

Confirmation of Connect

 

You have completed all the steps of setting up Large File Send on your account and you are now connected to Mimecast.

 

Mimecast Account Security

 

The security of your Mimecast account is paramount to us and as such we are only able to make changes to the configuration of your account if the request comes from an existing account administrator.

 

Mimecast Support cannot reset administrator passwords, nor can they create new administrator accounts without following a strict verification and security procedure.  Existing administrators on your account are able to reset passwords and create new administrator accounts.  For details on password reset procedures please contact Mimecast support.

 

Mimecast Training

 

As a new Mimecast customer you might also be interested in attending a training course so as to gain a thorough working knowledge of the Mimecast Service.  To learn more about this and other Mimecast courses, please contact training@mimecast.com.

Attachments

    Outcomes