Check Point offers a migration path for customers of the Liquid Machines Document Control product (which has reached End of Support) to Check Point Capsule Docs.
This article describes the process of converting files from Liquid Machines policy to Capsule Docs protection settings.
The migration is done in two steps:
- Setting up Capsule Docs environment (please refer to the E80.61 Endpoint Security Administration Guide for more details).
- Converting protected files from Liquid Machines policy to Capsule Docs protection settings
The conversion leverages the Capsule Docs Bulk protection Services. It works on each file in specified directories. It removes the Liquid Machines policy from the file and protects it with the Capsule Docs settings that you configured for that directory.
Capsule Docs migration process supports these Liquid Machines server configurations:
- Microsoft RMS Server
- Liquid Machines Document Control Server
- Liquid Machines Document Control Server + Microsoft RMS Server
Identify the Liquid Machines components installed on your computer before you start the conversion process. Get to know the Check Point Capsule Docs equivalent components and features.
|Liquid Machines Policy Server
||On-Premises and Cloud deployments
|Liquid Machines Key Service or Microsoft RMS Key Service
|Liquid Machines Client
||Endpoint Security Client or Capsule Docs Plug-in
|Liquid Machines Viewer
Capsule Docs Viewer (also available for Mac, iOS and Android)
|Liquid Machines Client Command-line Tools
Capsule Docs Development Tools:
- SDK for C/C++/.Net/Java
- Protection Services Web API
- Command-line Utility
|Liquid Machines Content Protection API (CPAPI)
|Liquid Machines File Share Gateway
||Capsule Docs Bulk Protection Service
|Liquid Machines SharePoint Gateway
Capsule Docs SharePoint Service (roadmap)
Capsule Docs On Premises deployment includes:
- Endpoint Security Management Server
- Endpoint Security Secondary Management Server (Optional - for High Availability)
- Endpoint Security Policy Server (Optional - for Load Sharing)
Key Changes in Capsule Docs
The Capsule Docs policy offers capabilities similar to those offered by the Liquid Machines policy along with some new capabilities. Below you may find Capsule Docs protection model main concepts that need to be considered when moving from Liquid Machines Document Control to Capsule Docs.
For additional information on Capsule docs, please refer to Capsule Docs documentation (see sk105123).
|Document protection and permission roles
||Policies are role-based, containing one or more roles. Roles define those authorized users or groups that have access to information and their specific set of permissions, or usage rights
Document protection is determined by a combination of:
*Author elevated permissions apply to all configured classifications
- The applied classification which defines a set of permissions, granted for authorized users
- Access List - authorized users/groups and their corresponding role:
- Classification-based for internal users
- Classification-based for users outside of the organization
||Supported only when Microsoft RMS Security Service is used
||End users can add new users to the system through file's access list, if allowed by policy
|Client menu groups
||End users do not see data about other users
||End users can see AD entities or custom groups through the client menu based on policy configuration. End users can also add these entities to the access list if allowed by document classification.
|Offline work *
||The user role specifies the time limit
||Client Access Settings action of the Capsule Docs policy specifies the time limit
* Time limit to access a protected document without connecting to the Security Management Server
Capsule Docs introduces new key capabilities such as:
- Share documents with users outside of the organization
- User Education via UserCheck
- Single Sign-On with Active Directory
- Document Markings
- and more...
Conversion Best Practices
Before you start the conversion from Liquid Machines to Capsule Docs, we recommend that you get this information and make these decisions.
- Understand your Liquid Machines environment:
Users who have the Liquid Machines Client or Viewer installed.
Directories of the protected documents. Before you start consider backing up the directories to convert.
File types currently protected.
Customized procedures, applications, or scripts that use the Liquid Machines Command-line Tools or CPAPI.
Make sure you have credentials of an administrator that has permissions to remove Liquid Machines protection policy from any file that needs to be converted to Capsule Docs protection settings, and that these credentials can be used to login to the file server. This user also needs full access to any directory and/or files that needs to be accessed, as part of the conversion process.
- Get the Liquid Machines policy removal tool from Check Point Support. It would be used during the conversation process.
- It is recommended to complete the conversion of all protected files within a reasonable amount of time. Files that were converted cannot be accessed by Liquid Machines clients, and files that were not converted yet cannt be accessed by Capsule Docs clients.
- Additional space of about 80KB per file is required on the target computer.
Executing the Conversion
The conversion uses the Capsule Docs Bulk Protection Service to convert files from Liquid Machines to Capsule Docs.
In order to use this service to perform conversation, the "migrate" action needs to be used in its configuration.
For more details, please refer to Capsule Docs Bulk Protection Services E80.6x Administration Guide.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.