RelativityOne technical overview

Welcome to RelativityOne. Before you can set up your Relativity instance for case workflow, you will want to configure your organization's infrastructure and network access, and implement necessary security, in addition to reviewing the following system-level tools RelativityOne provides .

If you're an IT or network admin that is charged with preparing your organization for RelativityOne, review the following system-level technical overview.

This page contains the following information:

RelativityOne workstation configuration

Across your organization you should assess workstations to ensure that they meet Relativity minimum system requirements and have all required software installed.

RelativityOne network access

The following diagram depicts the RelativityOne network in a RelativityOne instance with regards to the UDP and TCP ports that must be allowed by your business firewall.

(click to enlarge)

Refer to the following sections for further description of the considerations for network access:

Port considerations

Ensure your port settings are configured correctly for the following:

Firewall whitelisting considerations

You will need to whitelist the following:

GlobalProtect VPN

Your VPN enables a secure connection between your computer and resources on your Relativity instance's network. The following resources are available when you connect to the GlobalProtect VPN client:

For more information, see GlobalProtect VPN client.

Utility server

The Utility Server is a virtual machine that can optionally be connected to your RelativityOne instance. It contains additional support tools to help you work with data in your RelativityOne staging area before editing and loading it into your RelativityOne instance.

You can access your uploaded files to edit in the staging area before you add them to your RelativityOne workspaces or save them to a RelativityOne file storage location. You can also access and verify any production sets before you download them locally. You access your Utility server through a remote desktop connection, using an issued set of credentials and a custom IP address.

Note: It's not recommended to store files on your Utility Server. If your Utility Server becomes inaccessible, you will lose the files you stored.

See Utility Server for more information.

RelativityOne system downtime windows

The advantage to RelativityOne is that we maintain and upgrade your software to ensure that your business operations in RelativityOne run smoothly and that you always have access to the latest features and defect fixes. Regular downtime windows are required to do this (typically during non-business hours).

Please refer to RelativityOne maintenance downtime windows for more information on this schedule.

Security

At Relativity, no topic is more important than security. With preventative defense, automated processes, and transparent operations, we keep our customers’ most sensitive data protected.

Security white paper

RelativityOne runs on Microsoft Azure and is built on Microsoft’s foundational investment in security technology, operational processes, and expertise. Relativity Security utilizes logs, telemetry, and configuration data generated from the Relativity Application, underlying infrastructure, and Azure to monitor and secure the environment. No customer data or any Personal Identification Information (PII) leave the environment for this purpose.

Refer to the Security white paper for comprehensive information regarding the security built into RelativityOne.

Client domains

Note: Implementing client domains requires an additional license from Relativity ODA LLC. Each client domain license is unique, and client domains can have different terms encoded on their license keys. The license for a client domain is unrelated to any other license for Relativity (e.g., number of seats). Client domain licenses are not transferable from one client to another. Contact Relativity Support to learn more about activating client domains.

Note: Client domains functionality cannot be activated for Client objects that have existing workspaces associated with them.

The client domains feature enables Relativity to deliver more powerful managed service offerings for enterprise customers in a single RelativityOne instance by providing an easier way to securely isolate users, workspaces, groups, and matters by client.

Using client domains, system admins can empower a user group that is not part of the System Administrator group (client domain admins) to perform common administrative tasks within their own client domain while limiting their visibility into the Relativity environment as a whole. The client domain admins can customize the permission settings to various objects according to their preferences within their own domain, but cannot access any permissions outside of that. This resource isolation functionality grants your enterprise clients more administrative control over their own portions of the environment while preventing back-end visibility and unauthorized changes to your RelativityOne instance as a whole.

Note: Client Domains are targeted for the above use case only and it is important to consider all the limitations outlined in RelativityOne technical overview.

See Client domains.

Customer lockbox

The customer lockbox feature in RelativityOne prevents Relativity support or operations teams from seeing customer data even when granted administrative privileges necessary to provide responsive, high-touch support. When this feature is enabled (default), the customer lockbox prevents any system administrator (Relativity teams included) from seeing workspace data unless explicitly granted access.

Consider the following:

  • Lockbox is enabled by default.
  • System administrators must also belong to a group within a workspace to access that workspace or to administer security within that workspace.
  • With this feature enabled, members of Relativity's Customer Support team will not be able to access customer workspaces. If troubleshooting an issue requires workspace access, the customer will be prompted to add the Relativity Support technician to a workspace group in order to troubleshoot issues within that workspace.
  • You will see Relativity Support team users on the security permissions page (along with their specific permissions) unless you lock us out.

Note: Since Relativity will not change customer data, you will have access to report scripts via the Relativity Script Library as a measure of data security protection. We urge you to periodically run the Lockbox Report script and remove any groups we have access to as needed. You also can view an audit history of the instance setting that enables and disables Customer Lockbox feature via the Lockbox Bypass Report script.

Note: Customer Lockbox is not a full lock-out feature. System administrators can grant themselves access to these workspaces but this action is audited.

See Customer lockbox.

User authentication

RelativityOne uses several industry-standard technologies, enabling versatile authentication options. It supports local (such as password related) or external (such as smart cards, or external identification providers) authentication methods. You can add and enable each type individually, as well as assigning at least one, and in some instances multiple methods, for each user.

See Authentication.

RelativityOne system access privileges

Relativity initially issues the credentials for the items below. However, after credentials are sent, you will directly manage the following access credentials:

  • VPN - password is active for 90 days. When it expires and you must reset it as the customer; you will need your original password in order to complete the password reset (or you will need to contact Support for a new temporary password).
  • Direct SQL - does not expire
  • Utility Server - does not expire

Note: When someone leaves your organization who has been issued one of these access credentials, you should open a Support ticket to have that person's user access removed. We recommend that you track who in your organization has access to these credentials, and make submitting a Support ticket part of the employee exit process.

Setting up a hybrid environment (Relativity Server and RelativityOne)

With the introduction of RelativityOne, hybrid environments (combining cloud and on-premises instances) are becoming a common deployment scenario. The Relativity hybrid model provides a compelling alternative to on-premises hosting of cases.

Hybrid environment business scenarios:

  • Your organization decided to start migrating older cases to RelativityOne
  • Your firm’s IT department then no longer has to provision more hardware for new cases
  • Simply migrate old cases to RelativityOne to free up infrastructure in your local data center

Relativity hybrid model allows you to start new cases in the RelativityOne instance with benefits such as:

  • Avoiding the hassle of provisioning hardware to support those cases
  • Viewing/accessing cases in a different instance via the Workspace Portal
  • Single sign on across instances when using Workspace Portal (when using OpenID Connect protocol):

Despite the benefits of this hybrid model, RelativityOne is a separate instance with a separate user store and separate credentials. You must manage user credentials across two different systems - a task that can be time consuming and prone to errors.

Refer to the following topics for more information:

Personalization

Consider the following regarding personalization in RelativityOne:

  • Custom logo - Customers can request a custom logo that will display on the login screen and optionally in the upper right corner of the instance next to the "Hi, User!" drop down from their Relativity implementation specialist or customer success manager. The logo submitted should be a maximum height of 50 pixels; width may vary dependent on the style of the logo
  • Custom URL - Relativity does not provide unique URLs for customers. Your RelativityOne URL will always be formatted as: http://<organization name>.relativity.one.

If you have questions on personalization, contact Support.

Regional date settings

Relativity now supports the modification of the default regional date format setting for customer Relativity instances (e.g., setting the regional date format to DD/MM/YYYY for an instance in Australia vs. the current default US date format MM/DD/YYYY). When completing your RelativityOne onboarding questionnaire, discuss considerations for changing regional date setting in your instance with your Relativity Implementation Specialist. If you are already a customer and want to make this change, please contact your CSM.

Once this change is made by Relativity for your instance, the following will be true:

  • Email regional date considerations:
    • Emails processed prior to a regional date format change will have a different date format in the header text than those processed after the change. For email chains with different date formats in the email (e.g., emails sent from other regions) the extracted text does not change and it’s retained simply as extracted text.
    • Email threading dates will still be impacted if the Use Email header fields setting is set to No.
  • Imaging / Save as PDF regional date considerations:
    • Images created before a regional date format change will have a different date format than images after the change.
    • DATE fields used for branding images (with designations) will always be in US date format.
    • When imaging a document, if you select “replace field codes” (which replaces auto-filled dates), and you choose a DATE field in Relativity, it will always replace the date in US format.
    • When branding during a Save As PDF action, if you select a DATE field, it will always be in US date format.

Note: Consideration should be given when importing workspaces from instances with different regional date setting as there may be inconsistent date formats with Processing or when using Save as PDF / Imaging features. Additionally, pre-Foxglove RelativityOne release, deduplication output will be inconsistent if different regional date formats were used. The hashing algorithm changed in the Foxglove RelativityOne release to ensure deduplication is not impacted when a workspace with non-US date format is restored, however manual corrective steps (including executing a script) will be required before additional data can be processed into the workspace. Please reach out to Support for information on these manual steps.

Custom application development in RelativityOne

RelativityOne platform API

The RelativityOne platform provides a rich set of APIs that enable you to enhance the functionality of the Relativity system by creating customized applications that meet the specific e-discovery needs of your business.

Refer to RelativityOne developer considerations on the RelativityOne Platform site for more information.

Direct SQL access

Note: Direct SQL access is not included automatically with your RelativityOne subscription, and must be requested by contacting your customer success manager or implementation specialist.

In addition to querying and manipulating data through Relativity's suite of API's, administrators and developers can extend the power of the Platform even further by directly querying the SQL database. This is an important aspect of the Platform that you may be accustomed to using in your Relativity Server deployment, and something you can also take advantage of in RelativityOne. You can run Relativity Scripts in your RelativityOne instance, and you can also run SQL scripts in SQL Server Management Studio (SSMS) directly against your Relativity databases.

You will be provided with one TenantAdmin account that you can use to create additional accounts with the limited permissions that you specify.

See Direct SQL access.

Early access test environments

Sandbox

RelativityOne Sandbox refers to reusable RelativityOne environments that allow you to test SQL scripts, event handlers, API based applications, custom pages, and custom agents for both the current and Early Access (EA) release of Relativity.

Note: Sandbox is a service that you must subscribe to. Please contact your Account Manager for more details. (Sandboxes are free with 10TB and up subscriptions. Subscriptions less than 10 TB can opt to purchase Sandboxes.)

See Sandbox.

Preview

Preview refers to a free RelativityOne instance that gives you early access one month ahead of your RelativityOne upgrade. This enables you to identify feature changes that impact your workflows and adjust accordingly. The Relativity Preview feature, lets you try out the new version of Relativity prior to release in an environment that has the same Security and feature functionality of a RelativityOne instance.

Relativity Preview offers you the the following benefits:

  • The ability to preview workflow changes in the UI prior to a production release.
  • Seamless integration with RelativityOne production instance via User Sync and Federated Instances.
  • Preview is pre-loaded with dummy data that effectively demonstrates new Relativity features.

See Preview.

System logging in RelativityOne

RelativityOne does not provide external access to logs except in Sandbox test environments; if a log is needed, we encourage you to contact Support in order to troubleshoot these sorts of issues.

RelativityOne activity dashboard

You can use the RelativityOne Activity Dashboard to obtain a high-level view of the health of your instances and users.

    Notes:
  • Before you can use the RelativityOne Activity Dashboard, you must install Workspace Portal in every RelativityOne instance where you want to bring in data from. For more information, see Workspace Portal.
  • The RelativityOne Activity Dashboard will not display data from Relativity Server instances.

See RelativityOne activity dashboard.

RelativityOne SMTP services (e-mail)

Customers have access to an SMTP server that will send password reset / invitation emails, and other system notifications such as job notifications. These settings are not configurable in RelativityOne and the email will come from a generic relativity.one address.