Introducing Symantec™ Email Security and Availability for

This Symantec Yellow Book is intended to help organizations deploy a combination of Symantec
products to ensure the security and availability of email in the Microsoft Exchange environment.
It explains how Symantec’s Email Security and Availability solution can reduce the risk and potential
needs, and optimize the accessibility and resiliency of the email infrastructure. It includes a brief
technical overview of Symantec’s Email Security and Availability solution and describes the combination of Symantec products that are considered essential to optimize email management in a
Microsoft Exchange environment. Specifically, the products for which tips and recommendations
are given are Symantec Mail Security for Exchange, Symantec Brightmail AntiSpam and the Symantec
Mail Security 8200 series of appliances, VERITAS Enterprise Vault, VERITAS Storage Foundation for
Windows (including HA), and Symantec Backup Exec.
This Symantec Yellow Book is focused on addressing the needs of Windows platform–oriented
organizations with 1,000–2,500 employees.
About Symantec Yellow Books™
Symantec Yellow Books deliver skills and technical know-how to technical professionals in our customer
and partner communities and to the technical marketplace in general. Their intention is to show how
to solve real-world business and technical problems using Symantec solutions; to enhance the efficiency
of IT staffs and consultants regarding product installation and configuration; and to provide technical
know-how on product implementation and integration issues.
Copyright © 2006 Symantec Corporation. All rights reserved.
01/06 10529225
An Introduction to Symantec Email Security and Availability for Microsoft Exchange
downtime posed by security threats and spam, help meet email policy and regulatory compliance
Symantec Yellow Books™
An Introduction to Symantec Email Security
and Availability for Microsoft Exchange
An Introduction to
Symantec Email Security
and Availability for
Microsoft Exchange
A Comprehensive Approach to
Effectively Managing Email Environments
Overview of email security, availability, and
resilience concept
Best practices for implementing Symantec
email security and availability solutions
Technical information regarding multiple
product deployment, configuration sequences,
and achieving synergies
For more information, go online:
www.symantec.com
10529225
Symantec Yellow Books Cover Layout 01.12.06
Symantec Email Security and Availability for Microsoft
Exchange
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.
Documentation version 1.0, Volume 1
Legal Notice
Copyright © 2005 Symantec Corporation.
All rights reserved.
Federal acquisitions: Commercial Software - Government Users Subject to Standard License
Terms and Conditions.
Symantec, the Symantec logo, Symantec Yellow Book, and all other Symantec or VERITAS
trademarks, service marks, slogans, logos, etc. referred to or displayed in the document that
appear on the Symantec Trademark List are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.
Microsoft, Windows, Active Directory, Excel, JScript, Outlook, PowerPoint, SharePoint, and
Windows server are trademarks or registered trademarks of Microsoft Corporation.
Other brands and product names mentioned in this book may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
The products described in this document are distributed under licenses restricting their
use, copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING PERFORMANCE,
OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS
DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA
http://www.symantec.com
Acknowledgments
Symantec wants to thank the following people for their contribution to the Symantec Yellow
Book™:
■ Rich Alford
■ Jeffrey Armorer
■ Christina Baribault
■ Mike Bilsborough
■ Par Botes
■ Bill Chitty
■ Mark Davis
■ Scott Girvin
■ John Glen
■ Matt Hamilton, DLT Solutions, Inc.
■ Simon Jelley
■ Etsuko Kagawa
■ Walt Kasha
■ Kevin Knight
■ Jason Mero
■ Chris Miller
■ Julie Murakami
■ David Scott
■ Jeannette Starr
■ Matthew Steele
■ John Stone
■ Logan Sutterfield
■ Martin Tuip
■ Jason Ware
■ Dennis Wild
■ Werner Zurcher
Contents
Chapter 1
Introduction
About this book ........................................................................... 11
About email security and availability ............................................... 12
About the Symantec Email Security and Availability for Microsoft
Exchange solution .................................................................. 13
Chapter 2
The challenge of fortifying email systems
New challenges ............................................................................
Increasing pressure on corporate IT .................................................
Threat innovation ..................................................................
Barrage of spam .....................................................................
Increasing email size ..............................................................
Lack of central management of email archives .............................
Need for high availability .........................................................
Compliance demands .............................................................
Retention of email for use as legal evidence .................................
Liability due to misuse ............................................................
Higher email management costs ...............................................
Symantec response to the challenges ..............................................
Chapter 3
15
16
17
18
19
19
20
21
22
23
24
24
The Symantec™ Email Security and Availability for
Microsoft® Exchange solution
Challenges and opportunities .........................................................
Achieving email security and availability ..........................................
Layered approach to email management ...........................................
First step: Securing email .........................................................
Second step: Archiving email ....................................................
Third step: Building a resilient foundation ..................................
Introducing the Symantec Email Security and Availability for
Microsoft Exchange solution ....................................................
How the solution works to increase email security ..............................
Reducing email volume ...........................................................
Securing the Perimeter ............................................................
Protecting the groupware environment .......................................
25
26
27
29
33
34
36
36
37
37
38
6
Contents
How the solution works to archive email and increase content
accessibility ..........................................................................
How the solution works to build a resilient foundation ........................
Building a resilient system .......................................................
Integrating products ...............................................................
Ancillary Symantec products and services ........................................
Email security products ...........................................................
Email archiving products .........................................................
About Symantec Professional Services .......................................
Solution key points summary .........................................................
Chapter 4
Email Security and Availability infrastructure
overview
Infrastructure configuration for the Symantec Email Security and
Availability for Microsoft Exchange solution ................................
Summary checklists for the end-to-end solution ................................
Pre-deployment checklist .........................................................
Deployment checklist ..............................................................
Requirements for the Email Security and Availability solution ..............
Email security hardware and software requirements .....................
Email archiving hardware and software requirements ...................
Resilient foundation hardware and software requirements .............
Chapter 5
39
40
41
44
45
46
47
48
50
53
57
57
60
62
62
65
66
Stopping unwanted email
The challenge of stopping unwanted email ........................................
A defense-in-depth strategy ...........................................................
Network boundary tier ............................................................
Gateway tier ..........................................................................
Mail server tier ......................................................................
Desktop tier ..........................................................................
Symantec’s Global Intelligence Network .....................................
Configuration overview .................................................................
Best practices for protecting Exchange servers at the mail server
tier ................................................................................
Best practices for protecting the network perimeter at the
gateway server tier ...........................................................
73
73
75
75
76
78
78
80
81
86
Contents
Chapter 6
Effectively archiving and retrieving messages and
reducing information store size
Microsoft Exchange as an information warehouse .............................. 92
How Symantec addresses archiving, retrieval, and storage in the
Exchange environment ........................................................... 92
Structured data ...................................................................... 93
Seamless retrieval of archived email .......................................... 93
Control of PST archives ........................................................... 94
Reduction in the size of Exchange information stores .................... 94
Enterprise Vault basics .................................................................. 95
Best practices for planning Enterprise Vault deployments ................... 97
Documenting the existing Exchange environment ........................ 98
Documenting the new Exchange Enterprise Vault
environment ................................................................... 98
Documenting the Enterprise Vault deployment plan ..................... 99
Best practices for sizing Enterprise Vault environments ..................... 100
Vault Store recommendations ................................................. 102
Vault Store partition setting recommendations .......................... 102
About the Admin Service ....................................................... 103
Selecting the level of indexing ................................................. 103
Best practices for preparing the Enterprise Vault environment ............ 104
Installing prerequisite software .............................................. 104
Creating an Enterprise Vault service account ............................. 105
Creating an SQL login account ................................................ 105
Preparing the Enterprise Vault server ....................................... 106
Best practices for installing Enterprise Vault ................................... 109
Best practices for configuring Enterprise Vault ................................ 110
Enterprise Vault Configuration Wizard tasks .............................. 110
Enterprise Vault Administration Console configuration tasks ........ 111
Best practices for backing up and recovering Enterprise Vault ............ 118
SQL Server database backup recommendations .......................... 119
Recovery after an Enterprise Vault failure ................................. 119
Common Enterprise Vault challenges and solutions .......................... 120
Enterprise Vault usage ................................................................ 121
Chapter 7
Enhancing Microsoft® Exchange Server availability
Microsoft Exchange Server availability problem overview ...................
Risks to email availability ......................................................
The demands of an Exchange service ........................................
How Symantec ensures Exchange availability ............................
Modular approach ................................................................
Best practices for VERITAS Storage Foundation for Windows ..............
125
126
126
127
127
129
7
8
Contents
Challenges to managing Exchange storage .................................
How Storage Foundation meets Exchange store challenges ...........
Storage Foundation implementation and usage
recommendations ...........................................................
Best practices for VERITAS Storage Foundation High Availability for
Windows .............................................................................
Challenges to clustering the Exchange environment ....................
How Storage Foundation HA for Windows meets Exchange
clustering challenges .......................................................
Storage Foundation HA for Windows basics ...............................
Storage Foundation HA for Windows installation
recommendations ..........................................................
Best practices for configuring storage resources for Storage
Foundation HA for Windows .............................................
Deploying a clustered Microsoft Exchange solution .....................
Installing and configuring Symantec Mail Security for Microsoft
Exchange on VERITAS Cluster Server systems .....................
Best practices for Symantec Backup Exec ........................................
Challenges to backing up the Exchange environment ..................
How Symantec Backup Exec meets Exchange backup and recovery
challenges .....................................................................
Backup Exec installation recommendations ...............................
Best practices for backup and recovery in Exchange
environments ................................................................
Best practices for Enterprise Vault backup ................................
Chapter 8
129
129
130
135
136
136
137
139
144
147
149
151
151
151
154
155
159
Regulatory compliance and legal discovery for email
message management
About regulatory compliance ........................................................
Compliance and discovery requirements vary ............................
Email life cycle management ........................................................
Considerations for data reduction ..................................................
Spam and archiving ..............................................................
Considerations for threat reduction ................................................
Considerations for record retention ................................................
Decide how policies will be applied across the organization ..........
Consider other factors that affect archiving policy ......................
Considerations for discovery .........................................................
Optimize search and locate capabilities .....................................
Establish efficiency ...............................................................
Understand the role of backup ................................................
167
168
168
169
170
171
171
172
172
173
173
174
174
Contents
Chapter 9
Best practices for VERITAS Enterprise Vault™ legal
discovery and compliance options
About Enterprise Vault Discovery Accelerator ..................................
About Enterprise Vault Compliance Accelerator ...............................
Comparison matrix .....................................................................
About Enterprise Vault Compliance Accelerator installation ...............
Best practices for installing and configuring Enterprise Vault
Discovery Accelerator ............................................................
Prepare to install Enterprise Vault ...........................................
SQL Server requirements for Enterprise Vault Discovery
Accelerator ....................................................................
Install Enterprise Vault Discovery Accelerator ............................
Configure Enterprise Vault Discovery Accelerator .......................
Best practices for installing and configuring Enterprise Vault
Compliance Accelerator .........................................................
Prepare to install Enterprise Vault Compliance Accelerator ...........
Requirements for the optional Journaling Connector ...................
SQL Server requirements for Enterprise Vault Compliance
Accelerator ....................................................................
Install Enterprise Vault Compliance Accelerator .........................
Configure Enterprise Vault Compliance Accelerator ....................
Best practices for customizing Enterprise Vault Discovery
Accelerator ..........................................................................
Creating roles, cases, and targets .............................................
Creating searches .................................................................
Best practices for customizing Enterprise Vault Compliance
Accelerator ..........................................................................
Best practices for upgrading Enterprise Vault Compliance
Accelerator ..........................................................................
Upgrading Enterprise Vault Compliance Accelerator ...................
Best practices for Enterprise Vault Compliance Accelerator backup
and recovery ........................................................................
Troubleshooting recommendations for Enterprise Vault Discovery
Accelerator ..........................................................................
Troubleshooting recommendations for Enterprise Vault Compliance
Accelerator ..........................................................................
Chapter 10
178
178
179
181
182
182
184
184
185
187
187
189
189
190
191
193
194
196
198
202
203
204
205
208
Minimizing time and risk in Exchange migrations
Overview of Exchange migration issues ..........................................
The benefit of Symantec in managing Exchange migrations ...............
Using Enterprise Vault in the migration process ...............................
Migrating without moving mailbox content ...............................
211
213
214
215
9
10
Contents
Minimizing mailbox content to be moved ..................................
Protecting the investment in Exchange 2003 ..............................
Application after migration ....................................................
Recommendations for migration ...................................................
PST file migration .................................................................
Glossary
Index
216
217
219
220
221
Chapter
1
Introduction
This chapter includes the following topics:
■
About this book
■
About email security and availability
■
About the Symantec Email Security and Availability for Microsoft Exchange
solution
About this book
This Symantec Yellow Book™, Introducing Symantec™ Email Security and
Availability for Microsoft® Exchange, examines the critical issues facing
organizations in the email environment. The information presented in this book
is intended for Microsoft Windows®-oriented organizations that use email as a
primary tool for communications, with a messaging infrastructure built around
Microsoft Exchange.
This book addresses the needs of organizations with 1,000–2,500 employees, who
depend on email for business communications. It contains analysis, best practices,
recommendations for use, and detailed technical guidelines. This book may also
be of interest to organizations with multiple email systems in different business
units, or organizations with a heterogeneous computing platform installed (for
example, a mix of Linux®, Windows®, and Solaris™/HP-UX™/AIX®); however, the
information may not fully address the specific requirements of such organizations.
The information presented in this Symantec Yellow book addresses the challenges
associated with email management as interdependent processes, to show how
business-critical problems can be simultaneously resolved through a
comprehensive solution. It identifies the challenges predicted by trends in the
email environment, and helps IT professionals gauge the costs and investment
of resources required to meet email management objectives.
12
Introduction
About email security and availability
This book is intended for IT personnel responsible for designing or implementing
email-oriented solutions, Symantec business partners helping customers deploy
these solutions, and Symantec personnel supporting either group.
Read Introducing Symantec Email Security and Availability for Microsoft Exchange
to learn more about the following:
■
Challenges in the email environment that organizations face today
■
Email security, availability, and resilience concepts
■
How the Symantec Email Security and Availability for Microsoft Exchange
solution can meet the needs of organizations
■
Technical information about the products that make up the solution
■
How the solution leverages synergies between products
■
Best practices for implementing the solution, developed and proven by
Symantec engineers
■
Important caveats and workarounds for implementing the solution
■
Technical information related to implementing the solution, including:
■
Multi-product installation and configuration sequences
■
Hardware and software requirements
About email security and availability
Exponentially increasing volumes of email, greater reliance on email as a primary
business application, and escalating costs associated with management of the
email infrastructure all drive the emerging imperative for a comprehensive email
management solution. IT professionals are striving to respond to the need for
longer retention periods for email data, and for high availability and accessibility
of email data. Email systems should be secure to reduce the risks posed by diverse
threats.
When IT organizations plan migration to new email servers or consolidation of
messaging servers, an opportunity exists to strengthen the email infrastructure
to meet the new challenges. As email systems mature, an approach to maintaining
security and availability that encompasses the whole messaging system (hardware,
software, and network infrastructure) becomes a priority. By contrast, a reactive
or piecemeal approach to email management, which relies on combining point
products, burdens IT with responsibility for resolving interoperability and
maintenance issues, and creates other challenges. In the long run, such an
approach will likely prove ineffective, costly, and further complicated by the need
to interact with multiple vendors.
Introduction
About the Symantec Email Security and Availability for Microsoft Exchange solution
This Symantec Yellow Book presents the value proposition offered by a solution
implementation that integrates products from a single vendor. Both the intrinsic
advantages of an integrated solutions approach and the specific functional benefits
of the Symantec solution are covered. The general advantages are briefly described
in this introduction. Symantec product synergies and individual product strengths
derive from the combined design expertise and the accumulated experience of
Symantec and VERITAS™. These are outlined in the following chapters.
About the Symantec Email Security and Availability
for Microsoft Exchange solution
As industry leaders in their respective fields, the merger of Symantec and VERITAS
has created a strong presence in the broader arena of email security, availability,
and resilience. The two companies’ combined expertise is delivered in this solution,
Symantec Email Security and Availability for Microsoft Exchange. The Symantec
solution enables IT organizations to graduate from an approach that relies on the
integration of point products to a comprehensive solution.
There is an unmet and fast-growing market need for a integrated solution for
email management. This growing need is precipitated by rapid change in the email
environment. Symantec and VERITAS are uniquely positioned to deliver a strong
solution composed of best-in-class products. Complementary areas of expertise
offer protection of organizations’ email systems, backup and recovery, and
information storage and retrieval.
Symantec™ Mail Security products reduce the amount of email junk that passes
into an organization and through the Exchange server. Backed by Symantec’s
Global Intelligence Network and Security Response organization, Mail Security
for Exchange products work to protect the email network from threats. Mail
Security for Exchange products filter and then direct email to a VERITAS
Enterprise Vault™ email archive according to defined policies. Enterprise Vault
stores email away from the Exchange server. VERITAS Enterprise Vault™
Compliance Accelerator and VERITAS Enterprise Vault™ Discovery Accelerator
work to make information accessible once moved to Enterprise Vault. These
options have capabilities that assure the integrity of archived data, while making
data accessible. Symantec Backup Exec™ works in the background to maintain
continuous availability of the whole system, and to ensure a rapid recovery,
whatever the cause of failure.
A comprehensive solution to email security and availability has advantages,
including:
■
Mitigation of risks related to complex or unproven integrations and avoidance
of unforeseen issues that can easily follow the integration of unrelated products
13
14
Introduction
About the Symantec Email Security and Availability for Microsoft Exchange solution
■
Better focus of IT resources to realize greater efficiencies
■
Interaction with a single responsible vendor, which simplifies support,
maintenance, and communications in general
■
Uniformity and consistency of experience across the products, which facilitates
administration and user experience
■
Consolidation of IT knowledge around the single solution, which enables IT
expertise to develop rapidly
■
Professional services, such as consulting, support, and training can be
negotiated and delivered via a single channel
The Symantec Email Security and Availability for Microsoft Exchange solution
includes:
■
Symantec Mail Security 8260 appliance
■
Symantec BrightMail AntiSpam
■
Symantec Mail Security for Microsoft Exchange
■
VERITAS Enterprise Vault
■
VERITAS Storage Foundation™ for Windows
■
Symantec Backup Exec
An organization’s specific requirements may indicate the need for additional
products and options. These are discussed briefly in the following chapters. A
Symantec sales or reseller partner can provide more detailed information about
related products and services.
Chapter
2
The challenge of fortifying
email systems
This chapter includes the following topics:
■
New challenges
■
Increasing pressure on corporate IT
■
Symantec response to the challenges
New challenges
Over the last twenty years the widespread adoption of personal computers, popular
use of the Internet, and the establishment of corporate intranets has revolutionized
business communication. The use of electronic mail, perhaps more than any other
business communication tool, has allowed this revolution to occur. Email has
become an indispensable organizational and interpersonal communications tool.
According to a 2005 study by IT analyst firm Enterprise Strategy Group, the need
to retain email is now the primary driver of electronic records management
initiatives. In addition, email has also become the most frequently-requested type
of business record by courts and regulators: 77 percent of organizations involved
in an electronic data discovery request say they have been asked to produce e-mail
messages as part of a legal or regulatory proceeding. (Source: ESG Research Report
“Digital Archiving,” December 2005)
The Internet and email have rapidly evolved and become powerful business
enablers, but not without a concomitant evolution of risks. Email is one of two
open communication doorways, which organizations cannot afford to close,
regardless of the attendant problems and added challenges. The Web, the other
open door, also serves as a route for email traffic, especially for popular Web-based
mail services. The simplicity and universality of email has made it a vehicle for
16
The challenge of fortifying email systems
Increasing pressure on corporate IT
the delivery of diverse threats at low cost and with anonymity. Many organizations’
productivity falls dramatically when email stops functioning.
Since email is now a mission-critical application, it is integral to the success of
any organization, in spite of the risks and added burdens associated with its use.
The ease with which fast and cost-effective communication can occur guarantees
the further entrenchment of email in the business environment. At the same time,
email systems expose organizations to security risks that can impact profitability
and even jeopardize viability. The very same characteristics that make email
valuable also help create the current set of challenges facing corporate IT.
Increasing pressure on corporate IT
The centrality of and dependency on email has placed pressure on corporate IT
to maintain availability of email systems. Downtime can directly impact business
revenues.
In the past, email servers were primarily message transfer agents (MTAs), and
stored little information. Now email servers function as information warehouses.
Email now supports the majority of a company’s business transactions and internal
operations. Consequently, as evidenced in legal proceedings, email is often used
to demonstrate compliance with industry regulations, as evidence in legal cases,
and for identifying violations of companies’ internal policies. Email is increasingly
subject to the costly and time-consuming process of legal discovery.
Today, companies are required to preserve email for longer periods, and to ensure
that the email cannot be tampered with during the mandated retention periods.
This mandate has increased the cost of storage required to retain email messages
and added complexity to email data life cycle management.
Factors impacting email management the over the last few decades include:
■
Increasing size of business person-to-person email volume sent annually
worldwide. Volumes increased 59 percent from 2003 to 2004 (Source: IDC,
Worldwide Email Usage 2005-2009 Forecast, IDC #34504, December 2005)
■
Ever-increasing volume of spam entering corporate networks, comprising 64
percent of incoming email (Source: Brightmail Logistics and Operations Center
monthly Spam Statistics Report)
■
Surge in phishing attacks
■
Annual rise in the number of mass-mailer threats
■
Advent of spyware that self-installs, records keystrokes, scans files, spies on
email, and monitors Internet activity
The challenge of fortifying email systems
Increasing pressure on corporate IT
■
Recognition in the United States, Europe, and other markets that email is a
legal business record that must be preserved
■
Emerging regulations governing retention, auditing, and monitoring of email
communications
■
Misuse of corporate information assets affecting company brand, customer
trust, and legal liability
■
Litigation increasingly requires discovery of email
■
Growth in message storage requirements, with 65 percent of organizations
considering growth in messaging storage to be a serious problem, one that is
slightly more problematic than the problem of spam itself (Osterman Research,
Messaging Security Market Trends, 2005-2008, May 2005)
Threat innovation
Almost all organizations have experienced the successful penetration of the
corporate network by email-borne threats.
In the last decade, email-borne threats have evolved from simple, accidental
infection via attachments containing a macro virus, to a plethora of complex
threats that can deliver a malicious payload to vulnerable users.
Viruses and mass-mailer worms, such as SQL Slammer, Blaster, and Nimda, have
plagued email ever since 1997 with the advent of Melissa, and have grown in
frequency every subsequent year. Not only are they disruptive, their payload can
compromise systems, affect security settings, steal information, set up “bots” for
future exploits, delete data, and infect other networked systems.
Mass-mailers in particular have continued to innovate, moving from exploiting
vulnerabilities in the email client to running their own SMTP servers to broadcast
email inconspicuously. Emails generated automatically by these worms contribute
to the volumes of unwanted, disruptive content found in message stores.
Phishing attacks are among the fastest growing threats that use messaging
systems. Phishing represents the insidious and threatening side of spam, as
perpetrators attempt to solicit and steal passwords, social security numbers, and
identities of unsuspecting targets. The surge in phishing attacks in recent years
has placed added burden on IT staff.
The email system itself can be attacked through system vulnerabilities and infect
computers and servers in the network. From there, attackers can target the
addresses of internal users, and also partners, customers, and suppliers.
Many malicious codes are blended threats that employ multiple methods of
self-propagation, however, the vast majority enter through the mail gateway. (It
is estimated that 80 percent of viruses enter organizations through the email
17
18
The challenge of fortifying email systems
Increasing pressure on corporate IT
gateway and 20 percent or so enter in other ways, for example, through web file
downloads.)
Not all of the security risks to the network originate from the Internet. Other
trajectories include Web-based email from free consumer services, and forms of
removable media, such as USB flash drives, CDs, and DVDs. Early-stage threats
often penetrate gateway defenses before they are discovered and virus definitions
become available.
All these factors highlight the importance of taking a comprehensive and in-depth
approach to email security. To provide adequate defense, a solution needs to
deploy security measures at multiple layers within the network.
Barrage of spam
The increase in the number of email messages sent and received globally is in
part due to the proliferation of spam. A barrage of unsolicited mail now enters
corporate networks. Gartner has estimated that spam accounts for 60 percent to
75 percent of e-mail volume at enterprises, and was still trending upward. (Source:
Gartner Research Report “Enterprise Spam-Filtering Market Going Strong Into
2004,” April 2004)
Symantec™ defines spam as unsolicited commercial or bulk email with the
following characteristics:
■
Email is random, untargeted, and sent by automated methods
■
Senders have no prior relationship with the recipient
Spam is a cheap and effective way for small online retailers and businesses to
market to millions of people who use email. From a marketing perspective, the
spam business is actually a major Internet success story. Once a minor nuisance
that made up a small subset of all Internet email, spam has evolved into a scourge
that makes up the majority of legitimate email sent around the world.
Spam impacts organizations by lowering productivity of employees. If every
employee spends a number of minutes each day reviewing and deleting email that
is spam, across the entire organization and over many days, the total time required
to process spam adds up.
Today, spam constitutes a major hazard whose net impact on the efficiency and
costs of sustaining email systems is huge. Debate exists over whether spam itself
is a security threat, but the reality is that adware and spyware threats are usually
delivered via spam, and hackers use spam as their preferred delivery mechanism.
So it follows that the organization that can reduce the volume of incoming spam
will also achieve a reduction in threats.
The challenge of fortifying email systems
Increasing pressure on corporate IT
As a consequence of the spam-related growth in email volume, organizations are
now forced to purchase additional software and hardware for their email
infrastructure simply to maintain normal email business communication.
Increasing email size
As the number of email messages increases, so too does the size of the average
email. Email attachments may be rich in graphics and multimedia. When
attachments are proliferated on a one-to-many basis, the sum volume of a single
message increases.
According to IDC, the size of worldwide person-to-person business email volume
increased by 59 percent from 2003 to 2004. IDC forecasts that the number of
person-to-person emails sent daily will reach 36.3 billion worldwide in 2006.
(Source: IDC, Worldwide Email Usage 2005-2009 Forecast, IDC #34504, December
2005)
Moreover, Radicati research reports that the average corporate email user
processes about 10 MB of data per day. This figure is predicted to rise to 15.8 MB
per user, per day by 2008. This projection, if realized, will place a strain on
corporate messaging servers, which cannot function properly if simultaneously
storing large volumes of data for long periods of time. (Source: E-Mail Archiving
Market, 2004–2008 12 Copyright © March 2004 The Radicati Group, Inc.)
Clearly, the costs associated with storage of email are rising in proportion to the
demands for storage capacity.
Lack of central management of email archives
Organizations are now required to retain an ever-greater proportion of email to
demonstrate compliance with external regulations, adhere to internal policies,
or prepare for possible legal discovery requests. However, email systems are not
designed to store the amount of data that gets stored on the typical messaging
system, and the risks and disadvantages of doing so become increasingly apparent.
As the storage management problem grows daily, so does its impact on
administrators. Email continues to arrive, and the volume grows dramatically
from year to year. The impact of this growth includes rising costs for storage and
backup, and reduced availability and performance of the email system. Messaging
servers typically slow down when they reach near-capacity. IT staff find themselves
faced with increasingly longer backup windows to back up the large amount of
email data.
To alleviate the problem, most IT organizations impose email quotas, restricting
their users to a fixed amount of email storage. Less than 10 years ago, limits of
10 to 50 MB per user were common. Now quotas are typically 25 to 200 MB. Legal
19
20
The challenge of fortifying email systems
Increasing pressure on corporate IT
firms set mailbox size limits at up to 2 GB. Users must constantly ensure their
email storage is below the quota. Complying with email quotas can affect user
productivity, typically result in large numbers of support calls, and is one of the
biggest burdens of email management.
Often, companies enforce email quota policies by automating the deletion of all
messages of a specified age. In response, users often set up individual folders on
their desktops to store old messages for safekeeping. In Microsoft Exchange, these
messages are stored as PST files. Most organizations do not include PST files in
regular Exchange backups. The alternative—storing PST files on the network file
servers—requires the same storage and backup resources, and results in the same
availability and performance problems that are experienced on email servers.
PST files are easily corrupted, which leaves the information stored in this format
susceptible to loss. Storing information in PST files removes it from the control
and oversight of IT staff and makes it inaccessible to the organization.
Administrators can remedy storage issues by saving email data to tape, CD, or
alternative offline media. However, these alternatives shift the problem rather
than resolving it, and result in reduced accessibility.
In general, organizations are more aware that they can no longer effectively
manage non-centralized archives of information. Corporations now want the
benefits of email quotas (storage management) without the associated problems.
To this end, IT requires a solution that allows administrators to economize on the
usage of primary storage and leverage more cost effective secondary storage,
without burdening end-users and IT staff, or risking critical information.
Need for high availability
As businesses expand globally and support operations in different time zones,
continuous availability of email systems has become an essential IT service. IT
organizations must be able to react to unexpected outages automatically and keep
communication systems up and running in any foreseeable situation. To achieve
this level of service, IT must now invest more resources to maintain and upgrade
the components of the email system that contribute to service delivery, including
server operating systems, network components, and storage systems. Downtime
to perform the necessary hardware maintenance, install upgrades, apply security
patches, make configuration changes, and perform disk defragmentation becomes
difficult to schedule.
To build an infrastructure that supports high availability for email, administrators
must identify and respond to the range of problems that can potentially disrupt
email access, from performance degradation or outright failure to email-borne
attacks. IT organizations must create policies, establish procedures, and invest
in their infrastructure to meet their availability requirements.
The challenge of fortifying email systems
Increasing pressure on corporate IT
Specifically, IT must protect data and systems from the following:
■
Database corruption and denial of service attacks
■
Performance degradation due to high mail volumes
■
Server hardware failure, storage network or device failure, and site failure
Compliance demands
As compliance with new regulations is an enforced necessity, demonstrating
compliance becomes an important objective. As email provides a detailed record
of an organization’s transactions, communications, and business operations,
information stored in email is not exempt from the standards applying to
information in general. New regulations require that email messages are saved
for years, long after they are sent, and are available for review.
Some examples:
■
The Sarbanes-Oxley Act (SOx) requires all public companies to save every
record that informs its audit process, emails included, for seven years.
■
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
defines privacy rules that dictate what information health-care companies
can and cannot include in emails. Organizations are required to monitor the
contents of all inbound and outbound emails, and ensure that no data that
could compromise the organization’s integrity enters or exits through email
communication.
■
The National Association of Securities Dealers (NASD) regulations 3010 and
3110 in the United States require supervision of communications between
regulated employees within member organizations, and with customers.
■
The Securities and Exchange Commission (SEC) Rule 17(a)–4(f) in the United
States requires financial service institutions to retain emails that contain
customer account details, securities trading transactions, and trading
confirmations on non-erasable media for two years.
■
The SEC requires investment companies to retrospectively sample emails sent
by their agents to ensure that communications do not contain false claims or
misleading statements, or customer information, such as social security and
credit card numbers and other personal details.
■
Companies with human resources policies relating to harassment or explicit
communications are attempting to monitor employee communication to
demonstrate compliance with internal policies.
Compliance with governmentally mandated policies affect industries differently,
but in general, the need to comply with government and corporate policies affects
21
22
The challenge of fortifying email systems
Increasing pressure on corporate IT
all organizations. Email serves a vital role in demonstrating compliance. Whether
driven by formal regulations, a desire to be prepared for discovery, or a need to
enforce corporate policies, companies are increasingly sensitive to the risk
associated with email, and with electronic communication in general.
Consequently, corporate IT departments are tasked with implementing practices
that meet increasingly rigorous standards for email management.
Retention of email for use as legal evidence
Litigation increasingly requires the submission of email data as evidence, leading
to the recognition in the United States, Europe, and other markets that email
constitutes a legal business record that must be preserved.
The emergence of email as legal evidence is pressing companies to demonstrate
that their data is not only secure from tampering, but also that specific information
is quickly retrievable to support the legal discovery process. Simple record
retention alone is insufficient to meet the standards for accessibility. Companies
are finding that they must be able to make available on demand email content
that meets specific criteria. For example, the legal discovery process may require
emails from or to a specific individual that meet key words and date range criteria.
Email servers were not designed to provide the storage or accessibility required
by the legal discovery process.
Cost of legal discovery
In the United States, as well as increasingly in other markets, email is considered
to be a business record that must be produced in a legal discovery request.
Consequently, IT managers, as well as legal counsel and compliance officers must
have ready access to email messages from all parts of the organization.
The traditional way to restore required messages from backup tapes is a
cost-prohibitive and time-consuming process. Manual tape restoration costs
$2,000 to $5,000 per tape, resulting in total charges in typical litigation cases
exceeding $200,000 per case. In total, it can cost organizations millions of dollars
per month to have lawyers or legal representatives scour email records during
the discovery phase of any legal process.
For companies in highly litigious industries such as consumer products, the risk
of incurring such costs is unsupportable. Increasingly, such companies are
implementing measures proactively to moderate risks.
Fines and sanctions
Many companies that are subject to potential litigation now realize that email is
a legally discoverable record and that, if forced into a lawsuit, companies are often
The challenge of fortifying email systems
Increasing pressure on corporate IT
required to produce email for the courts. It is simply not acceptable to tell a judge
that email was deleted.
Companies today with no information retention policies, and with backup tapes
as the only source of historical email data, may not only face huge discovery costs,
but also penalties for failure to produce records. If information discovery is not
completed in a timely fashion, fines or other sanctions against companies can be
imposed.
Companies are now implementing internal policies proactively that prepare them
to respond to the next regulation or legal interpretation, rather than risk large
penalties.
Liability due to misuse
Email content that violates corporate policy, such as sexually or racially offensive
statements, inappropriate language, or copyrighted or sensitive material can be
a corporate liability. According to Osterman Research, more than 80 percent of
corporations are concerned about content inspection and logging/forensics to
maintain security and compliance.
Email makes it easy for disgruntled employees to cause damage by sending
sensitive material via email to large distribution lists. Email misuse includes
sending non-business attachments such as MP3 files and executable files.
Leakage of confidential information can negatively impact the company brand
perception and customer trust. Violations may result in loss of corporate
reputation, loss of intellectual property, fines, or jail time.
Email allows company information assets, whether copyrighted, proprietary, or
confidential company, customer, or user information, to be easily
transferred—accidentally or intentionally—to unauthorized persons, both inside
and outside the organization. For example, if an employee sends a customer’s
credit card number, Social Security Number, or medical history through email in
clear text, an organization could be in violation of the Gramm-Leach Bailey rulings,
California’s SB1386, or HIPAA.
Organizations are finding that scanning inbound messages only is not enough.
Organizations must also scan outbound messages to prevent employees from
sending out corporate intellectual property, including sensitive or confidential
information. (2005 Osterman Research, Inc Messaging Security Market Trends,
2005-2008)
In addition to monitoring both inbound and outbound email, companies
increasingly need to conduct detailed reporting, logging, alerting, and other
preventive measures to meet security goals. Consequently, organizations need a
23
24
The challenge of fortifying email systems
Symantec response to the challenges
solution that works to ensure that email content is monitored and handled
appropriately to minimize the risk of compliance violations and other legal liability.
Higher email management costs
Email usage and scope is exploding. The volume of business email is predicted to
grow 25 to 30 percent a year through 2009, excluding spam, which currently
accounts for around three-fourths of all inbound email. This growth reflects an
important shift in the way that email is employed.
The volume of emails coming into corporate networks now often exceeds the
capacity of organizations’ email gateway systems, MTAs, email storage servers,
and groupware servers. As email volume increases, email infrastructures also
grows. As new challenges appear, companies tend to solve the issues independently
of each other. This approach adds complexity to email systems, which causes the
administration and operational cost as a whole to rise.
Symantec response to the challenges
The entrenchment and rapid growth of email in organizations today brings
proportionate challenges. With the addition of the VERITAS product lines, the
new Symantec can give IT organizations the complementary capabilities they
need to meet an array of business challenges in one broad-based, proven solution.
Corporations have the opportunity to plan for an infrastructure that supports
future business growth when they migrate to newer versions of messaging servers,
or when they consider consolidation of servers. Approaching the demands placed
upon the email infrastructure as a single, multifaceted challenge versus a series
of isolated challenges points the way toward a comprehensive solution.
The following chapters describe the Symantec Email Security and Availability for
Microsoft Exchange solution. The Symantec products included in this solution
work together to maintain information integrity, securing while at the same time
ensuring fast and uninterrupted access. By addressing the challenges holistically,
the combined products deliver a solution that can perform the difficult task of
ensuring that the twin objectives of security and availability are met without
compromise.
Chapter
3
The Symantec™ Email
Security and Availability for
Microsoft® Exchange
solution
This chapter includes the following topics:
■
Challenges and opportunities
■
Achieving email security and availability
■
Layered approach to email management
■
Introducing the Symantec Email Security and Availability for Microsoft
Exchange solution
■
How the solution works to increase email security
■
How the solution works to archive email and increase content accessibility
■
How the solution works to build a resilient foundation
■
Ancillary Symantec products and services
■
Solution key points summary
Challenges and opportunities
As the dependency of businesses on email as a mission-critical application
increases, the checklist of requirements for managing email grows proportionately
26
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Achieving email security and availability
longer and more complex. Not only must IT professionals address security issues
such as blocking viruses, they must consider spam avoidance, email retention
requirements, and ensure that email systems and information are highly available
(usually 24x7). To satisfy this expanding checklist of requirements, IT
organizations are looking for ways to develop their email infrastructure, and
balance the costs against the risks.
When IT organizations plan migration to new email servers or consolidation of
messaging servers, a natural opportunity presents to make improvements to their
infrastructure. The ideal approach is one that addresses the separate but
interdependent aspects of the whole system concurrently. By leveraging the points
of overlap between components of the email infrastructure, initiatives can provide
mutually reinforcing protections and capabilities. In the ideal implementation
scenario, each component leverages the capabilities of the others, and adds value
to the other components in the system.
By treating email systemically, organizations gain the efficiencies and strengths
that derive from deploying an integrated solution versus an assortment of point
products. The ideal solution is one that encompasses all the following: protection
from security threats, reduction of email volume, and reduction of storage and
server costs; one that meets retention and accessibility requirements, assures the
integrity of stored email, and maintains efficient and reliable operations.
Achieving email security and availability
IT professionals require a solution that reconciles the need for both security and
availability of email systems and information. The term system here refers to the
underlying email architecture or messaging system itself—from the physical
infrastructure (servers, storage, and network) to the application software (mail
systems, message stores, and more). The term information refers to the content
that is transferred through and stored in the messaging systems.
Security and availability are dependent variables; high security is often achieved
at the expense of availability, and vice versa. Ensuring email security and
availability necessarily includes protecting systems and information from external
abuse and attack, and simultaneously ensuring that systems and information are
highly available.
Specifically, for email systems to be secure, the following must be true:
■
Email systems are protected against intentional or inadvertent attack and
disruption.
■
Email users are protected against threats and disruptions from the Internet,
such as spam and viruses.
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Layered approach to email management
■
Data that is sent to or arriving from customers, suppliers, and partners is free
of malicious or inappropriate content.
■
The network is protected against exposure to virus and worm infections that
circulate through email and can affect end-user systems and internal servers.
■
Company data is protected against intentional or inadvertent transfer to
unauthorized persons.
■
Company data does not infringe on privacy restrictions (social security
numbers, medical records, etc.).
To make sure that email systems are continuously available, the following must
also be true:
■
Disruptions to the email infrastructure are minimized by protecting against
performance degradation or outright failure.
■
End-user systems are not compromised and taken offline by email-borne
attacks.
■
Legitimate email is available and accessible, amid the volumes of spam and
other unwanted content.
■
Email can be preserved for long periods, according to external regulations or
internal company policies.
■
Users are provided with seamless access to information in email—whether in
email systems or in long-term archives.
■
Users and legal personnel are able to easily and securely search through
historical email and attachments.
■
Organizations are able to supervise employee communications for compliance
with internal and external policies.
■
Organizations can ensure that their own systems do not become a vehicle for
the distribution of malicious or junk email to customers and partners.
Layered approach to email management
The layered approach focuses on server products, and does not include a discussion
of desktop protection options. This approach layers different types of protection
at defined levels of the email architecture, and starts with securing email. Ensuring
email security and availability begins with controlling the flow of email information
from start to finish.
In functional terms, this involves removing unwanted content from the messaging
system at the following key points in time.
■
The point of entry of incoming email
27
28
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Layered approach to email management
■
The point of departure of outgoing email
■
The distribution points of internal email
Organizations benefit from a layered approach to email management. By
addressing the separate but interdependent aspects of the email infrastructure,
initiatives can be layered to provide mutually reinforcing protections, each layer
adding to the overall strength of the others, and the efficacy of the whole solution.
When adopting a layered approach, the first step is to focus on those issues that
are most effectively addressed at the earliest point of entry onto the network, and
then follow the email life cycle through receipt on the client computer to archiving
and storage.
Optional products give added email security, availability, and protection
capabilities for organizations that have 1,000 to 2,000 employees, or organizations
with heightened requirements in one of these domains. It is assumed that not all
customers intend to cluster their email servers, but the impact on deployment of
clustering for high availability is significant, so clustering is covered in all the
deployment practices discussions.
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Layered approach to email management
Figure 3-1 depicts the functions that together form a best practice for email
security and availability for Microsoft® Exchange.
Figure 3-1
Layered approach
First step: Securing email
In the layered model, the outer layer represents protection of the email
environment. Establishing email security is a critical aspect of the whole solution
because email is the source of the majority of security threats.
A good policy is to layer security at multiple network locations, potentially
addressing threats at three key points:
■
The network boundary, where the most stringent measures can be taken
■
At all internal attack points, such as PCs and other user end points and
application and infrastructure servers
■
At network locations that exist between the boundary and internal attack
points
29
30
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Layered approach to email management
One of the advantages of eliminating unwanted email close to the source is the
conservation of precious bandwidth, processing power, and storage space. The
benefit can be felt throughout the network, from the SMTP gateway scanners to
the message stores, and further down to the message archive layer.
Mail server protection should be able to inspect content in real time. Inspections
should take place as email is committed to the message store, when it is accessed
from the store, and on a scheduled or on-demand basis to conduct sweeps of
message store content based on updated virus definitions or specific content rules.
In the case of many viral threats, during the initial outbreak stage, emails enter
the message store before new infections are detected by the updated definitions.
Once definitions are updated, it is important to run periodic scans of the message
store to eliminate malicious content and to protect users from exposure.
Reliable volume reduction
Reducing spam and other unsolicited email is important in achieving email system
security as spam is the delivery vehicle for the majority of threats. An organization
that can reduce the spam proportion of total email volume also achieves a
proportionate reduction in the overall security risk represented by malicious
threats. Also important to security is keeping email system performance optimal
despite the overall increase in email volume, and especially the constant barrage
of spam.
The challenge lies in accurately distinguishing legitimate messages from junk
email. Applications that are used to filter email and prevent the unwanted email
from entering the network or internal email systems must be reliable and must
not disrupt the flow of valid email.
Perimeter protection
Various methods can be employed to identify and prevent unwanted email from
reaching email users and downstream servers, such as (expensive) message stores
and data archives.
The two primary email-borne perimeter threats are viruses and spam:
Viruses
The most common virus content comes from mass-mailer worms.
These are programs that exploit email address lists on compromised
systems and automatically generate emails to replicate and distribute
their payload to other unsuspecting users and systems. Mass-mailer
worm emails have no intrinsic business value, so they can be deleted
automatically without the risk of data loss. Often referred to as
“Mass-mailer Cleanup” or “Worm Purge,” automatic elimination of
such content is an important capability in antivirus solutions.
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Layered approach to email management
Spam
Spam can be removed from mail streams through the use of programs
that isolate or quarantine spam. Spam quarantines are typically housed
on a server that is separate from the email infrastructure, and are
used to move unwanted spam from active message stores (and user
mailboxes) to less expensive media that are easier to scale and
maintain. Quarantines are required because antispam systems are
not 100-percent accurate. Businesses cannot risk the loss of legitimate
email, so users need a place to review spam-tagged messages.
The reliability of the chosen antispam system can make a significant difference
to the quantity of data that is quarantined. The standard measure of antispam
reliability relates detection rate to false positives (valid messages incorrectly
identified as spam) to find accuracy. Detection and accuracy rates are dependent
variables; one of the challenges for antispam technology is that high spam catch
rates are often achieved at the expense of accuracy, and vice versa.
The best antispam solutions ensure the accurate elimination of spam email
messages while in transit. This minimizes the burden on the spam quarantine
and the user-reviewer. When evaluating antispam options, it is important to look
for a solution that is more than a collection of manual tools. The ideal solution is
an integrated, frequently updated response mechanism with highly accurate spam
definitions, and techniques that are based on the latest spamming methods.
About perimeter protection solution delivery formats
A key consideration in perimeter protection is choice of solution delivery format.
Availability of resources and expertise varies from company to company, so the
choice of format becomes a matter of preference and convenience. Perimeter
protection can be implemented in the following delivery formats:
■
Software-based solutions that require installation of application software on
user hardware and operating system.
■
Appliance-based solutions where application software comes pre-installed on
a vendor-maintained operating system and hardware.
■
Hosted solutions, where the software and systems are located off-site by a
hosted provider, and Internet email streams are redirected through this
environment to be scanned.
31
32
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Layered approach to email management
The following are key criteria for selection of a solution:
Software
■
Deployment flexibility through support for multiple operating
systems, including Windows®, Solaris™, and Linux®: This allows
companies to deploy and maintain flexibility, and does not require
specific operating system expertise in all geographic locations.
■ Highly integrated solution combining antispam, virus protection,
and content filtering technologies: For emergency updates or
upgrades, the fewer the number of independent components, the
easier it is to ensure compatibility and availability.
■ A single responsible vendor for both the security technology and
response components. This limits finger-pointing between vendors
of the various integrated products.
Appliance
■
Hosted solutions
■
Hardening of the operating system for security: Non-essential
operating system services are disabled, if not removed entirely, to
limit exposure to system vulnerabilities.
■ A global support contract with 24-hour hardware replacement is
available.
■ Automated updates for applications and operating system are
available.
Proxy-based scanning, not store-and-forward mail relay, means
the hosting provider should never take ownership of the message,
with the exception of spam quarantining. This is accomplished by
acting as a proxy between sending server and receiving server,
holding the connection open long enough to complete inspection
of the message, then closing out the transaction.
Hosted solutions are not considered here because companies with more than 1,000
employees are often better served by implementing their own email security
infrastructure.
Internal email security
In addition to building solid perimeter protection, it is necessary to inspect internal
email traffic. Scanning for viruses is necessary to detect those that enter through
personal Web-based email, removable media, and remote laptop users whose virus
definitions are not current. It is also a good practice to perform post-attack virus
cleanup of message stores using the latest antivirus definitions.
Outgoing email should be monitored for viruses and for confidential, inappropriate,
and oversized content, to prevent this data from being sent through the internal
mail system. Outbound email can be effectively scanned at the mail server or
gateway layer.
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Layered approach to email management
Second step: Archiving email
It is increasingly apparent that email systems were never designed to store the
amount of data that goes through the typical messaging system today. Email
administrators directly experience the problems relating to storage management
for email. Email continues to arrive and the volume grows dramatically from year
to year.
The impact to the email environment includes:
■
High cost of the email environment from increased storage and backup costs.
■
Lower availability and performance of the email environment, because
messaging servers typically slow when they reach near capacity, and long
backup windows are required to back up the large amount of email data.
To solve these problems, most IT organizations impose email quotas, restricting
their users to a limited amount of email storage (typically 25 MB to 200 MB).
However, this tends to shift the problem rather than resolving it. Users must
constantly ensure that their email storage is below the quota and store their excess
messages in separate files, for example, PST files on Microsoft Exchange.
In many cases, PST files are kept on the network file servers and so continue to
use storage and backup resources. These files are highly susceptible to corruption
and perpetuate the same availability and performance problems seen on email
servers. PST files on desktops or laptops are often not backed up, so company
data is subject to loss or theft.
Typically, email quotas affect user productivity, result in large numbers of support
calls, and are one of the burdens of email management.
A better solution is to provide the benefit of email quotas without the problems
by minimizing the size of primary storage and leveraging cost-effective secondary
storage without burdening the user or losing critical data. Message archiving
solutions allow organizations to provide users with a large mailbox while
controlling storage usage on the primary messaging servers.
Archiving systems let administrators do the following:
■
Automatically migrate email messages and attachments to a secondary, less
expensive storage location, based on business policies.
■
Automatically expire or delete messages, or migrate to a third tier of storage,
based on business policies.
■
Compress the information and implement single-instance storage, to reduce
the volume of information while leveraging disk or tape storage for archived
data.
■
Provide instant search and retrieval of content by users.
33
34
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Layered approach to email management
■
Allow users to seamlessly access messages and attachments from the archive.
■
Index the messages and attachments so that users can search through the
archives of their email over time.
■
Reduce total cost of ownership of frontline email environments.
■
Achieve compliance with legal and corporate retention requirements.
■
Perform faster platform migrations.
■
Achieve server consolidation and storage optimization.
Message archiving is not limited to storage management. Many companies view
archiving as a best practice—a way to preserve critical company information.
If forced into a lawsuit, companies are often required to produce email as evidence.
The old method of producing email (by restoring data from tapes) can be
cost-prohibitive and time-consuming. For companies in highly litigious industries,
such as consumer products, such methods are no longer viable. Increasingly,
companies want to be prepared for the next regulation or legal interpretation,
instead of scrambling to react.
Email is also both the source and the destination of a company’s communications
records. Companies are motivated to retain email for their own internal purposes;
for example, so they can monitor it for inappropriate usage or company policy
violations.
A good message archiving solution offers the following to facilitate discovery and
prevent misuse:
■
Automatic archiving of journaled email so that the email is guaranteed to be
captured
■
Indexing of the information as it is archived to facilitate future discovery
■
Secure search capabilities across the organization, allowing authorized
personnel to perform company-wide information requests
■
Specialized tools to assist in the search and review processes of legal discovery
■
Sampling and workflow around regulated supervision of employee email
Third step: Building a resilient foundation
Equal in importance to assuring the security and availability of email information
is building the email infrastructure on a resilient foundation. As organizations
must keep functioning during a disaster, well-defined plans and mechanisms to
recover systems, applications, and stored information are vital. Automated
monitoring for failures and response to failure based on well-defined policies is
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Layered approach to email management
preferable to trying to recover from outages once failures or problems have
occurred.
IT organizations must be able to maintain and upgrade IT infrastructure
components that contribute to service delivery, including mail server operating
systems, network components, and storage systems, without causing additional
email service unavailability. The best way to ensure protection of systems and
data is by installing a proven backup and recovery solution. Enterprise-level
backup solutions can deliver high-performance data protection that scales to
protect the largest environments. Downtime is costly for businesses, so it is
important that organizations can take advantage of both tape-based backup and
backup to less expensive disk storage, which can utilize snapshot-based protection.
Also, depending on an organization’s application recovery objectives, it is useful
to consider accelerated system recovery solutions. Such solutions automate the
server recovery process, making it unnecessary to manually reinstall operating
systems or backup software. With simple commands, complete server and
application restores can be accomplished rapidly. Symantec Backup Exec™
Intelligent Disaster Recovery (IDR) and Symantec LiveState™ Recovery (LSR) are
examples of products that integrate with Microsoft Exchange Server.
Given the challenges of email storage management, storage virtualization is an
important component in highly scalable storage environments. As storage space
runs out, rather than relying on traditional, time consuming, and expensive
methods of scaling such as adding additional servers or adding expensive disk
arrays to servers, storage networks and storage virtualization create easily
extensible data storage environments, which can be leveraged by sharing across
all messaging servers within a data center.
By integrating the right storage virtualization solution, administrators are able
to perform many regular storage-maintenance tasks online, such as RAID
reconfiguration, defragmentation, file system resizing, and volume resizing.
Storage virtualization manages the transmission of data to multiple storage
devices for failure protection. Storage virtualization can automatically migrate
data from failing disks to healthy disks to reduce the risk of unplanned downtime.
Storage virtualization and clustering software together enable the highest levels
of availability and scalability by allowing the addition of systems and storage, and
by identifying and utilizing existing unused resources. This maximizes the
contributions of all the server and storage components of the email environment.
35
36
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Introducing the Symantec Email Security and Availability for Microsoft Exchange solution
Introducing the Symantec Email Security and
Availability for Microsoft Exchange solution
By combining the range of availability and data protection products from VERITAS
with email security products from Symantec, Symantec can offer a comprehensive
email solution.
The Symantec Email Security and Availability for Microsoft Exchange solution
reduces costs and simplifies management of the email environment and life cycle.
The solution is designed to reduce the volume of spam email, reduce the risk of
virus infection, automatically manage the life cycle of older emails through
archiving, and keep enterprise email infrastructure resilient against failure.
Figure 3-2 illustrates the approach of this solution, which layers different types
of protection at levels of the email architecture. This solution focuses on server
products, and does not encompass desktop protection options.
Figure 3-2
Components of the Email Security and Availability solution
How the solution works to increase email security
The first layer of the Email Security and Availability solution provides email
security by reducing incoming email volume, securing the perimeter, and
protecting the groupware environment.
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
How the solution works to increase email security
Reducing email volume
The first line of defense against unwanted email content is deployed outside the
messaging infrastructure, before the data can impact internal servers, including
the SMTP mail gateways. In the Email Security and Availability solution, that first
line of defense is the Symantec™ Mail Security 8160 appliance.
The 8160 appliance employs a unique approach to spam prevention by evaluating
sender reputation and using traffic shaping on the inbound SMTP stream.
Given that 60–70 percent of incoming email is spam, traffic shaping can translate
to a 50-percent reduction in overall email volume, without risking the of loss of
valid email. As a result, there’s a corresponding reduction in messages that need
to be processed by downstream email scanners and gateways, stored in
volume-sensitive message stores, reviewed in a spam quarantine, and finally
archived.
These significant volume reductions can further translate into savings in the
overall number and size of servers required to scale to the problem, including
gateway scanning devices and mail servers. In practical terms, reducing spam
from 70 percent of traffic to less than 20 percent improves overall performance
and scalability of existing systems, and eases the burden on back-end systems
and users.
Securing the Perimeter
As the second line of defense after the Symantec Mail Security 8160 appliance,
Symantec’s appliance- and software-based perimeter solution spans the key
delivery formats and operating systems. Symantec’s antispam technologies and
response leverage the global Brightmail™ Logistics and Operations Centers (BLOC)
response infrastructure, and the Symantec™ Probe Network, which identifies
known spam sources on the Internet. Symantec’s NAVEX™ antivirus technologies
ensure consistent virus protection and updating across all supported platforms,
using various detection technologies, including heuristics—also supported by the
global Symantec™ Security Response operations centers.
Symantec’s perimeter solutions include:
■
Mass-mailer cleanup capability to remove entire messages and prevent
unnecessary virus notifications based on the presence of a mass-mailer worm.
■
Ability to block based on customizable rules.
■
Ability to process spam based on antispam engine verdict, for example, deleting
spam messages but quarantining suspected spam messages for further review.
37
38
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
How the solution works to increase email security
■
Symantec’s Web-based Spam Quarantine, which removes spam messages from
the messaging environment, but makes them available for further processing
and review.
Symantec’s perimeter protection provides the following benefits:
■
Fewer non-business emails are archived.
■
Fewer messages require review.
■
Fewer unwanted messages enter the downstream mail environment.
■
Harmful Internet content cannot reach end-user desktops, spread infection,
and disrupt the network.
The perimeter protection layer is one of the most critical layers in enhancing
network security.
Protecting the groupware environment
Where Symantec’s perimeter protection plays a key role in minimizing the negative
impact of Internet email traffic, Symantec Mail Security for Microsoft® Exchange
ensures that internal message traffic is also free of malicious or inappropriate
content. The solution is tightly integrated into its own mail environment using
vendor-supported Application Programing Interfaces (APIs), ensuring maximum
capability and minimum conflicts with the underlying messaging architecture.
Similar to the perimeter protection solutions, Symantec Mail Security for Exchange
leverages the same core antivirus technology, updates, and response. For smaller
organizations, and larger organizations that have standardized from mail server
to gateway by using an Exchange infrastructure, the same antispam technologies
and response as used in perimeter protection solutions are available, providing
the flexibility in deployment required by diverse organizations.
In addition to core scanning services, Symantec Mail Security for Microsoft
Exchange offers similar content inspection capabilities, such as subject line and
message body filtering, attachment stripping, and restrictions on message size.
Finally, Symantec Mail Security for Microsoft Exchange further contributes to
data reduction by eliminating unwanted content and early-stage mass-mailer
worm messages, and is capable of real-time detection of email policy violations
and misuse.
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
How the solution works to archive email and increase content accessibility
How the solution works to archive email and increase
content accessibility
The email archiving layer of the Symantec Email Security and Availability for
Microsoft Exchange solution works by archiving secure email and making email
content accessible and available.
VERITAS Enterprise Vault™ is responsible for archiving, indexing, searching, and
retrieving information. Archiving is performed automatically and seamlessly.
Enterprise Vault automatically moves mail, file system, instant messaging, and
other content from operational storage locations to a cost-effective online vault,
without impacting end-user access to the data. Users can access archived
information directly from their email client or Web browser and can access it
while offline, using the optional Offline Vault option.
IT can automatically discover, collect, migrate, and eliminate PST files by moving
the content to the vault. Enterprise Vault can also archive Exchange Journals and
Public Folders, in addition to Microsoft Exchange mailboxes. Archived data is
automatically compressed, duplicate copies are removed, and data is retained
based upon business policies. Data can be migrated over time to tertiary storage,
including tape repositories managed by Symantec Backup Exec. Users, compliance
departments, legal professionals, and corporate risk management functions can
securely and easily search through messages, files, and attachments.
Optionally, Enterprise Vault helps manage the process of legal discovery review
through the use of the Enterprise Vault Discovery Accelerator. Compliance officers
can supervise employee communications by using the Enterprise Vault Compliance
Accelerator.
Message archiving using Enterprise Vault provides benefits in three core areas:
■
Increased email availability
Enterprise Vault reduces the amount of data stored in primary messaging
servers and file servers, reducing corruption and performance problems that
are observed when these servers reach capacity thresholds. By archiving data
for long-term retention and providing search capabilities, end-user access to
data is maintained.
■
Reduced email cost
Enterprise Vault reduces costs throughout the email environment. By archiving
older or less frequently accessed data to less expensive storage, Enterprise
Vault reduces primary storage costs in the environment. Perhaps more
importantly, backup costs are reduced because archived data no longer requires
frequent backups. IT reduces support and migration costs through elimination
39
40
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
How the solution works to build a resilient foundation
of email quotas and PST files, and reducing the amount of data to be moved
during upgrades and server consolidation.
■
Controlled email risk
Enterprise Vault facilitates email retention, following defined business rules
to meet legal discovery and regulatory requirements.
How the solution works to build a resilient foundation
The third layer of the Symantec Email Security and Availability for Microsoft
Exchange solution ensures email system availability.
Symantec offers a hierarchy of products to match the varying information
availability needs of organizations. The Symantec Email Foundation product
families, Symantec Backup Execand VERITAS Storage Foundation™, form the
lower tiers of the Symantec availability hierarchy.
Backup Exec and Storage Foundation enable near-instantaneous recovery from
storage device failures and recovery in minutes to hours for application logic or
other types of data corruptions. For organizations that require more protection,
faster recovery, or higher availability of application services when site or other
kinds of failures occur, Symantec offers other advanced products.
The clustering capabilities that VERITAS Storage Foundation™ High Availability
for Windows® provides may exceed the needs of many Exchange users. Also, a
number of Exchange users use Microsoft Cluster Server (MSCS), a component of
the Advanced Windows Server package. This option is not as powerful as Storage
Foundation HA for Windows clustering, but it serves the needs of many
organizations.
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
How the solution works to build a resilient foundation
Figure 3-3 shows a hierarchy of availability requirements and the features of the
Symantec solution that support each tier or set of requirements.
Figure 3-3
Availability hierarchy
Building a resilient system
The need to recover data is critical in any email environment, whether due to a
system outage or other unplanned event. A greater proportion of an organization’s
important data now resides in the email infrastructure. Backup Exec can be used
for backup and recovery of the information in an Exchange environment.
Rapid growth in storage requirements is typical of most Exchange
implementations. Using VERITAS Storage Foundation products for Windows,
organizations can create a highly available, resilient storage environment.
Backup and recovery
On Microsoft Exchange servers, Backup Exec simplifies database backup and
recovery without taking the Exchange server offline or disrupting local or remote
systems. A multi-level backup and recovery approach ensures continued
availability of Exchange services and data during backups. Central administration,
automation options, and support for all popular storage devices create the
flexibility that administrators need to maximize performance.
Backup Exec provides:
■
Complete, non-disruptive protection of Exchange database and mailbox
components, including incremental mailbox backup.
■
Backup method flexibility for scheduled, unattended backups.
■
Rapid, granular recovery of databases and mailboxes, including support for
performing individual message restores.
41
42
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
How the solution works to build a resilient foundation
■
Advanced features, including single-instance store (SIS), global exclusion, and
storage group multiplexing. Volume Shadow Copy Services (VSS) integration
and off-host backups are available when combined with Backup Exec.
As the recognized leader for Windows systems backup and recovery, Symantec
Backup Exec is designed to help provide complete data protection for Windows
environments. Intuitive interfaces enable organizations to manage all aspects of
backup and recovery, and to maintain consistent backup policies that are deployed
across Windows servers and clients.
Backup Exec includes the following:
End-to-end data protection
Data protection for all Windows environments, from desktop
or remote office to centralized datacenter.
Nearly unlimited scalability
Centralized management and control, high-performance
technology, and a flexible multi-tier architecture enable
Backup Exec software to adapt to the needs of
Windows-oriented IT environments.
Management and reporting
Web-based management and reporting for enterprise users,
including real-time monitoring, historical reporting, and
centralized administration.
Automatic disaster recovery Streamlined server recovery provided by the Backup Exec
IDR option.
Security
Password protection for backup data. For more information,
see http://seer.support.veritas.com/docs/236709.htm.
Storage Networking
Support for a range of disk, tape library, tape drive, and
Storage Area Network (SAN) interconnect technologies from
a number of vendors. Dynamic sharing of individual disk
or tape drives over SCSI or a SAN. Support for iSCSI and
Fibre Channel SAN.
Off-host backup addresses the major pain point of backup windows. Backup Exec
can virtually eliminate the backup window with the Advanced Disk-based Backup
Option (ADBO). ADBO allows users to break off a mirrored copy of the Exchange
Server, mount the data on the backup server, and then at the end of the backup
job, automatically re-sync the mirror with the Exchange application.
For more information, see the following article:
http://eval.veritas.com/mktginfo/products/White_Papers/Data_Protection/
BE_SFW_Quick_Recovery_Off-Host_Backup_Bundle.pdf.
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
How the solution works to build a resilient foundation
Backup Exec is the recommended backup technology for this solution, which
focuses on companies with 1,000 to 2,500 employees. Larger organizations may
want to consider using VERITAS NetBackup™.
Storage Virtualization
VERITAS Storage Foundation for Windows products extend the native data
management capabilities of Windows® 2000 and Windows Server 2003. The
resulting logical disk/volume capabilities provide the basis for a scalable storage
environment for Microsoft Exchange.
Storage Foundation product options such as VERITAS™ Cluster Server and
VERITAS™ Volume Replicator enable 99.99-percent availability of the Exchange
infrastructure. Storage Foundation products take a modular approach to resolving
the range of potential threats to email availability.
Storage Foundation can create a resilient storage environment by:
■
Creating storage that automatically expands to meet growing data needs (such
as a storage volume for a transaction log).
■
Designing storage configurations that use mirroring or mirroring/striping
combinations to protect from the loss of a single disk.
■
Identifying and addressing storage hotspots that slow overall application
performance.
■
Creating point-in-time images for rapid recovery from logical errors or data
corruption.
To protect the Exchange infrastructure from site-wide disasters, Storage
Foundation products, along with iSCSI, wide-area Fibre Channel SANs, or WANs
with host-to-host replication, can be used to help create a disaster recovery site.
Companies can control the costs of supporting disaster recovery by using
lower-cost or lower-capacity storage at the off-site recovery location, and by using
a single data center as an off-site recovery location for multiple other data center
locations. The secondary disaster recovery site need not mirror the primary site,
and can be used for other purposes simultaneously.
It is difficult to protect Exchange data from all sources of logical errors. Data
corruption and user or operator errors are risks that are nearly impossible to
eliminate. The best defense is to undo the effect of errors quickly, with minimal
data loss. Storage Foundation offers point-in-time snapshots of Exchange databases
and transaction log files using the FlashSnap™ option. A FlashSnap snapshot is
an independently addressable volume that mirrors the production volumes. The
FlashSnap option creates point-in-time images of the data that can be used as a
source for quick recovery images of data. VERITAS Storage Foundation for
Windows is the preferred software snapshot provider enabling off-host backup.
43
44
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
How the solution works to build a resilient foundation
The combination of Backup Exec and Storage Foundation offers organizations
that depend on Microsoft Exchange a single solution for building a resilient email
foundation that can be recovered in a few minutes from most types of data
processing errors and storage failures.
Clustering
Organizations can protect Exchange environments from a range of component
failures by implementing local and campus clustering for availability. VERITAS
Storage Foundation High Availability for Windows integrates VERITAS Cluster
Server (VCS) technology, which provides scalable failover clustering with workload
management capabilities. In a VCS cluster, multiple servers are linked with shared
storage and private Ethernet heartbeats. Each system in the cluster can access
the storage of any other system.
By using Storage Foundation with the Global Cluster and Volume Replicator
options, data can be replicated between two separated sites, and application
services can be switched between them with a single mouse click.
Storage Foundation HA for Windows (VERITAS Cluster Server) allows
organizations to do the following:
■
Maximize uptime of messaging data and applications
■
Reduce planned or unplanned downtime
■
Enable high-availability for local, metropolitan, or global clustering from
within a single product
■
Test disaster recovery solutions without impacting production applications
■
Optimize and plan cluster configuration and policies through portable modeling
and simulation
This solution does not address the installation and configuration of Symantec
Email Security and Availability products for Exchange customers who use
Microsoft Cluster Server (MSCS) to create highly available Exchange servers.
Generally, the deployment steps are the same, whether MSCS or Storage
Foundation HA for Windows is used. However, this solution is not yet tested with
MSCS. For more information, contact Symantec sales, Consulting Services, or a
Symantec partner.
Integrating products
The Symantec Email Security and Availability for Microsoft Exchange solution
integrates Enterprise Vault, to provide long-term and scalable storage for
unstructured information, and Backup Exec, to provide backup and recovery.
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Ancillary Symantec products and services
Backup Exec can be utilized as a data backup management tool to send data to
tape as usual, but Backup Exec can also be used to create on-disk backups, on-disk
snapshots, and backups that are staged on disk and then migrated to tape.
Enterprise Vault functions as second or third tier storage behind server systems
such as Microsoft Exchange or SharePoint® or file servers. Items are moved to
the Vault by archive agents according to defined policies, which offer a variety of
solutions depending on the information source. Solutions include mailbox space
management, regulatory-driven retention, PST import, and intellectual property
retention. Also, through a range of APIs and other interface mechanisms,
Enterprise Vault can support various applications that extract information from
other sources, provide intelligent filtering of archive streams, and access archived
content.
Enterprise Vault can be integrated with Symantec Mail Security appliances and
software. If a company is legally required to keep a copy of all the email it receives,
a Web Quarantine server that is fed spam and other junk email messages by
Symantec Mail Security can coordinate the delivery of junk email to journal by
Enterprise Vault. Such legal requirements exist principally in the United States
for some financial services organizations.
The Symantec Mail Security 8260 appliance or Symantec Mail Security software
can be used to forward all SMTP email communications to Enterprise Vault servers
for journaling. This is useful for customers not using Exchange who wish to retain
email from email product servers, such as UNIX® Sendmail™ servers, that do not
have or maintain their own email data warehouses.
In early 2006, Enterprise Vault will be able to take advantage of VERITAS Storage
Foundation High Availability for Windows (VERITAS Cluster Server) clustering
services to create highly available archiving and search/retrieval services. It is
also expected in early 2006 that Symantec Mail Security for Exchange will support
the forwarding of filtered content such as emails that violate corporate policies
to Enterprise Vault servers for journaling.
Storage Foundation can be used with the FlashSnap option to create one or more
copies of data, either virtual copies that contain only differences with the current
live copy, or real copies, potentially at remote locations, for example, using iSCSI
or a wide-area Fibre Channel Storage Area Network (SAN).
Ancillary Symantec products and services
Several Symantec products and services are considered optional to the Symantec
Email Security and Availability for Microsoft Exchange solution, and offer
capabilities to organizations with advanced requirements.
45
46
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Ancillary Symantec products and services
Email security products
Symantec’s range of security products can be organized into a hierarchy, from
the commonly used technologies to the most sophisticated, which reflects a similar
hierarchy of business needs. Organizations select their IT security products and
services by first meeting fundamental needs and working their way up the
hierarchy of business needs, according to specific needs, and their budget
constraints.
Whether they continuously connect to the Internet or not, organizations should
implement the most common and basic PC-oriented security. Organizations should
employ gateway security, at a minimum, firewalls with Virtual Private Network
(VPN) capabilities for Internet-based logins, to keep outsiders from easily being
able to penetrate their IT networks.
Depending on their size, their dependence on the Internet and intranets, their
reliance on online systems, regulatory concerns, and other factors, organizations
should deploy products, services, and procedures that provide an appropriate
level of security.
DeepSight™ Alert Service should be deployed for 1,000-2,000-employee companies
with a high need for email security. DeepSight Alert Service is one of Symantec’s
Managed Security services, and serves to alert organizations to impending threats
spreading on the Internet. It also informs customers of security measures that
they should take to fortify systems, when they receive warnings.
Figure 3-4 depicts the hierarchy of security requirements, from the most
fundamental to the most specialized, and the corresponding levels of investment.
Figure 3-4
Security hierarchy
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Ancillary Symantec products and services
Email archiving products
Symantec’s email archiving options are aligned with a hierarchy of organizational
needs. For email, centralized email archiving using Enterprise Vault is considered
an important best practice that is recommended for all organizations with more
than 1,000 employees. It is a core component of the Symantec Email Security and
Availability for Microsoft Exchange solution.
In addition, however, some organizations are deploying additional archiving-based
options that provide intelligent archive searches for legal discovery, as well as
sampling for corporate or regulatory policy compliance. For organizations that
want capabilities beyond centralized email archiving, the following Enterprise
Vault options are recommended:
VERITAS Enterprise Vault™
Discovery Accelerator 5
Legal discovery is typically a costly process for
organizations. Paying a legal firm to review documents for
evidence can run up costs to millions of dollars per month.
Enterprise Vault Discovery Accelerator makes possible
complex searches of archives for the purposes of legal
discovery, and facilitates the review of retrieved files to
decide relevance to a case. Enterprise Vault Discovery
Accelerator establishes a content index that can be used to
find relevant emails, based on a number of criteria. Specific
items can be selected for export, and are made available in
a format that is appropriate for use as legal evidence. The
savings in legal fees can be many times the cost of the
software, hardware, and storage costs.
VERITAS Enterprise Vault™
Compliance Accelerator 5.1
Enterprise Vault Compliance Accelerator uses email
journaling to ensure that all emails that might be of future
interest are logged in the archive. Enterprise Vault
Compliance Accelerator enables organizations to monitor
employees’ electronic messages (including email and instant
messages) to ensure compliance with corporate policies and
business principles, and to meet supervision requirements,
where they are mandated.
Email monitoring can be accomplished in the following
ways:
By random sampling of employee emails, where emails
are captured and reviewed daily
■ By searching all messages and comparing the email text
with a predefined lexicon of terms and phrases that may
indicate non-compliance
■
47
48
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Ancillary Symantec products and services
Figure 3-5 shows how compliance and discovery capabilities fit into an information
archiving hierarchy. In the figure, storage optimization refers to the capability
to offload data from primary storage devices, which use more expensive disk
storage, to secondary storage devices, such a lower-cost SATA disk drives. This
also reduces backup and recovery times, because file systems are not filled with
aged information. Fully optimized information life cycle management (ILM)
manages data according to policies that govern all aspects of information storage,
including storage locations, storage devices, migration across devices, archiving,
compression, encryption, and finally, deletion.
Figure 3-5
Archiving hierarchy
About Symantec Professional Services
Symantec Professional Services enables organizations to implement best-practices
security measures across the enterprise through comprehensive security
assessments and holistic planning and design. Professional Services develops
strategies for managing and reducing risks to help organizations protect
business-critical assets.
The needs of every organization are unique, but with many common themes. The
Email Security and Availability solution can be tailored to best meet the particular
needs of an organization, once the analysis has been done to design the solution
implementation. A good design includes not only the hardware, software, and
network components, but also corporate policy definition and translation,
implementation and deployment phasing, PST migration planning, growth
planning, and operational best practices.
Symantec Training, Customer Support, and Consulting Services stand ready to
help every Email Security and Availability solution customer make the most of
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Ancillary Symantec products and services
their product purchases. Symantec services can ensure that customers make the
right decisions on how, when, and where to deploy these products.
Symantec Consulting Services
Symantec Consulting Services provides organizations with best-practice security
measures through comprehensive assessments, planning, and design consultation.
The result is enhanced protection of critical business assets.
Symantec recommends that customers who plan to deploy Enterprise Vault engage
Symantec Consulting Services prior to product implementation to ensure that
customer needs are met with the deployment. Enterprise Vault enables many
varying policies for and implementations of information archiving and retrieval.
Defining the right policies and the right hardware and software implementation
is a non-trivial exercise around which Symantec Consulting Services has significant
experience.
Symantec Advisory Services
Symantec Advisory Services offers security consulting services designed for
proactive security risk management. The Symantec approach addresses the
enterprise security life cycle from strategy development to incident readiness,
with a continuous focus on minimizing risks, stabilizing security costs, and
reducing complexity. Symantec Advisory Services consultants combine technical
expertise with a business focus to create comprehensive security solutions. The
delivery process emphasizes knowledge transfer, ensuring that every aspect of a
project’s findings can be successfully implemented and managed.
Symantec Solutions Enablement Services
Symantec Solutions Enablement Services provides organizations with security
product design and implementation, and security knowledge transfer services for
Symantec enterprise security products. Symantec security experts assess security
technology needs, design the best systems and architectures, and implement the
appropriate products at the client, server, and gateway tiers. Security knowledge
transfer services offers detailed security knowledge transfers and on-site training,
and can also provide custom services to help monitor and manage the
implementation.
Symantec Secure Application Services
In today’s business world, success depends on the ability to capture, analyze, and
share information. But the software applications that businesses rely on for
mission-critical operations are increasingly exposed to security risks. Symantec
Secure Application Services helps organizations identify and mitigate the risks
49
50
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Solution key points summary
that threaten applications and the integrity of a company’s valuable information
assets. Symantec consultants follow a programmatic approach, instilling security
best practices across an application’s entire life cycle.
Solution key points summary
Symantec Email Security and Availability for Microsoft Exchange is a
comprehensive email system solution that helps organizations ensure the security,
availability, and resilience of email systems and information, while reducing the
total cost of maintenance of the email infrastructure. The solution takes a
multi-layered approach to email security, incorporating antivirus, antispam,
archiving, backup and recovery, and storage management capabilities.
Implementing the Email Security and Availability solution minimizes deployment
issues because the solution is tested and proven, sold and supported by a single
vendor.
The following products can be included in the Symantec Email Security and
Availability for Microsoft Exchange solution:
■
Symantec Mail Security 8160 appliance
■
Symantec Mail Security 8260 appliance
■
Symantec BrightMail AntiSpam
■
Symantec Mail Security for Microsoft Exchange
■
VERITAS Enterprise Vault (including consulting services)
■
VERITAS Enterprise Vault Discovery Accelerator
■
VERITAS Enterprise Vault Compliance Accelerator
■
VERITAS Storage Foundation for Windows
■
VERITAS Storage Foundation High Availability for Windows (VERITAS Cluster
Server)
■
Symantec Backup Exec
The Email Security and Availability solution lowers the overall costs of ownership
by significantly reducing the burden at all layers of the email infrastructure,
including storage costs and the operational costs associated with attempting to
scale infrastructure and maximize performance.
The Symantec Email Security and Availability for Microsoft Exchange solution
offers:
■
Multi-layered email security that works at the network and groupware tiers
to prevent unwanted email from entering the organization
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Solution key points summary
■
Antivirus and antispam technologies that protect against spam, phishing
attacks, and viruses
■
Integrated content compliance enforcement tools that ensure that unauthorized
or inappropriate content does not leave the organization via email
■
Archiving and storage management solution that reduces email storage
requirements and administration overhead while ensuring the availability of
information, and facilitates Microsoft Exchange server migration
51
52
The Symantec™ Email Security and Availability for Microsoft® Exchange solution
Solution key points summary
Chapter
4
Email Security and
Availability infrastructure
overview
This chapter includes the following topics:
■
Infrastructure configuration for the Symantec Email Security and Availability
for Microsoft Exchange solution
■
Summary checklists for the end-to-end solution
■
Requirements for the Email Security and Availability solution
Infrastructure configuration for the Symantec Email
Security and Availability for Microsoft Exchange
solution
The reference architecture of the Symantec™ Email Security and Availability for
Microsoft® Exchange solution is configured with a double firewall. Mail that comes
through the outer firewall must go through a DMZ of Symantec security products
at the gateway, before it can continue to the inner firewall. This is the email
security tier of the solution.
Inside the double firewall, the email archiving tier of the solution protects
Microsoft Exchange servers and provides an efficient, searchable email repository
to reduce storage needs and provide search and retrieval.
Finally, the resilient foundation tier provides comprehensive disk storage
management and data backup and restoration capabilities.
54
Email Security and Availability infrastructure overview
Infrastructure configuration for the Symantec Email Security and Availability for Microsoft Exchange solution
Table 4-1 lists the Symantec products included in each tier of the solution.
Table 4-1
Symantec products in the Email Security and Availability solution
Product
Version
Solution Tier
Symantec™ Mail Security 8160 appliance (optional)
N/A
Email security: Network
boundary
N/A
Email security: Gateway
6.0
Email security: Gateway
4.6
Email security: Server
6.0
Email archiving: Server
5.1
Email archiving: Server
Provides dedicated traffic-shaping features for organizations with 2,000 or
more users. Not a core product for this solution, but it may be applicable to a
few organizations that fit the solution profile.
Symantec™ Mail Security 8260 appliance
Provides email security at the SMTP gateway, integrating best-of-breed
antispam, antivirus, and content filtering technologies to help organizations
reduce spam volume and eliminate threats.
Symantec BrightMail™ AntiSpam 6.0 (installed on server)
Provides email security at the SMTP gateway, using technology that stops more
than 97 percent of spam, while producing less than one false positive for every
million emails analyzed (a 99.9999 percent accuracy rate).
Symantec™ Mail Security for Microsoft Exchange
Protects Exchange mail servers from viruses, messages that overload the system,
inappropriate message content, spam, and denial-of-service attacks. Enables
organizations to create multiple sets of criteria to identify threats and violations,
and to specify what actions to take in response to detected threats and
violations.
VERITAS Enterprise Vault™ with Journaling
Provides policy-based archiving of business-critical information held within
Microsoft Exchange and other business environments, which enables
organizations to more easily manage storage growth and thereby reduce
hardware and management costs. Email or other data is archived and indexed
so that it is still easily available when needed.
The Journaling option enables Enterprise Vault to work seamlessly with
Exchange journaling.
VERITAS Enterprise Vault™ Compliance Accelerator 5.1 (optional)
Enables organizations to implement a corporate strategy for regulatory or
policy compliance. Email can be monitored or collected based on criteria
established by an organization, such as words and phrases used, date ranges,
size, author, or recipient.
Email Security and Availability infrastructure overview
Infrastructure configuration for the Symantec Email Security and Availability for Microsoft Exchange solution
Table 4-1
Symantec products in the Email Security and Availability solution
(continued)
Product
Version
Solution Tier
VERITAS Enterprise Vault™ Discovery Accelerator 5 (optional)
5.0
Email archiving: Server
4.3
Resilient foundation:
Server
4.3
Resilient foundation:
Server
Provides robust search and export tools that enable designated administrators
or reviewers to conduct online searches of archived data in response to an
external legal request or an internal company inquiry.
VERITAS Storage Foundation™ for Windows 4.3 with VERITAS FlashSnap™
option.
Provides comprehensive, centralized storage volume management of all disk
storage resources within and across domains. Enables GUI-based management
of local and remote storage attached to a system while the system remains
online, including RAID configuration and performance optimization.
The FlashSnap option enables the creation of independently addressable
point-in-time snapshots that are copies of mirrors of the volumes on a server.
VERITAS Storage Foundation™ High Availability 4.3 for Windows®
Provides the same functionality as VERITAS Storage Foundation for Windows
and supports setup and management of clustering.
Symantec Backup Exec™ 10d with SQL Agent (for Enterprise Vault backup) and 10d
Exchange Agent
Provides high-performance data management by using a client/server model
to provide fast, reliable backup and restore capabilities for servers and
workstations throughout a network.
Resilient foundation:
Server
55
56
Email Security and Availability infrastructure overview
Infrastructure configuration for the Symantec Email Security and Availability for Microsoft Exchange solution
Figure 4-1 illustrates the network topology of the solution.
Figure 4-1
Topology of the Symantec Email Security and Availability for
Microsoft Exchange solution
At the network boundary, the optional Symantec Mail Security 8160 appliance is
shown. It is used to provide dedicated traffic-shaping, and is typically applicable
to organizations with 2,000 or more users.
Email Security and Availability infrastructure overview
Summary checklists for the end-to-end solution
At the gateway, a pair of Symantec Mail Security 8260 appliances and a pair of
Symantec BrightMail AntiSpam servers are shown. In a typical deployment, an
organization would choose to use either the 8260 appliances or the BrightMail
AntiSpam servers. By deploying two appliances or servers, one can be dedicated
to inbound mail, while the other handles inbound and outbound mail.
VERITAS Storage Foundation for Windows is installed on all the servers in the
solution. The FlashSnap option is licensed on the Exchange server and the Backup
Exec server to provide off-host backup of these data-intensive servers in the form
of an updatable snapshot.
Summary checklists for the end-to-end solution
Deploying the Email Security and Availability solution is a complex project. For
an overview of the effort involved in implementing the solution from end to end,
review the following checklists:
■
See “Pre-deployment checklist” on page 57.
■
See “Deployment checklist” on page 60.
Note: These checklists assume that Microsoft Exchange is already installed in the
environment.
Pre-deployment checklist
This high-level checklist includes the prerequisites that must be met and the tasks
that must be completed during the deployment planning phase, before the products
in the Email Security and Availability solution are installed and configured.
To create an installation plan that best matches the needs of the organization,
complete all pre-deployment tasks in the checklist.
Decide which products in the solution to use.
See Table 4-1 on page 54.
Decide which product to use for AntiSpam and content filtering at the gateway:
■
Symantec Mail Security 8260 appliance
■
Symantec BrightMail AntiSpam on a standalone server
Decide whether to cluster the Exchange servers.
57
58
Email Security and Availability infrastructure overview
Summary checklists for the end-to-end solution
Decide which Backup Exec media server deployment strategy to use:
Centrally Administered Server option (CASO)
Can be used with SAN Storage Option (SSO)
■ Standalone media server option
■
■
SAN-configured media server
Can be used with CASO to provide centralized catalogs (which are required
for this option) and the ability to backup data over the SAN instead of the
LAN
For more information, see the Backup Exec 10.d for Windows Servers
Administrator’s Guide.
Ensure that the necessary Backup Exec license is available for each Backup Exec
option that will be implemented.
Required licenses for the solution:
Backup Exec Agent for Microsoft Exchange
Required for Exchange servers.
■ Backup Exec Agent for Microsoft SQL Server
Required for SQL Servers.
■ Backup Exec Remote Agent for Windows Servers
Remote agent licenses must be purchased for every protected server.
■
Additional licensing options:
Backup Exec Advanced Disk-based Backup Option (ADBO)
Required for off-host backup.
■ Backup Exec Advanced Open File Option (AOFO)
Ensure files on local or remote servers are protected while in use by handling
open files at the volume level.
■ Depending on the hardware used to store backup data, additional licenses ,
either standalone or robotic tape library configurations. for each additional
tape drives
■
Email Security and Availability infrastructure overview
Summary checklists for the end-to-end solution
Gather the information necessary to plan the deployment of Enterprise Vault:
Determine email usage and archiving tasks.
Consider the retention policy, attachment policy, end-user search capability,
PST policies, and auditing requirements.
■ Gather current Exchange environment statistics to estimate the conversion
of email messages from Exchange to Enterprise Vault vaulted messages.
Determine the average email message size, average number emails received
per day, and the average mailbox size.
For more information, search the knowledge base for Exchange on the
Microsoft Web site.
■ Decide how quickly unstructured email data must be converted into indexed
information.
■ Determine the number and type of Enterprise Vault servers that will be
needed, based on the estimated email usage and archiving tasks, current
Exchange environment statistics, and timetable for indexing.
■
Plan for the three conversion phases:
Archiving
Converting specific email from the Exchange information store to Enterprise
Vault.
■ Indexing
Making unstructured email structured and making email accessible.
■ Steady state
Migrating new email on a daily basis according to the organization’s email
archiving policy.
■
Note: Document the Enterprise Vault deployment plan. Deploying Enterprise
Vault usually starts with a minimum three-day engagement with Symantec
services. Symantec Professional Services can help an organization develop a
deployment plan.
Prepare the Exchange environment for Enterprise Vault deployment.
See “Best practices for preparing the Enterprise Vault environment” on page 104.
Have all required licenses for all products, and all licensable product features
and options, that are recommended for the solution.
Ensure that all preinstallation and system requirements are met.
See “Requirements for the Email Security and Availability solution” on page 62.
59
60
Email Security and Availability infrastructure overview
Summary checklists for the end-to-end solution
Deployment checklist
This checklist describes the main tasks that must be performed to implement the
solution. It assumes that all items in the pre-deployment checklist have already
been completed. The tasks should be performed in the order listed.
Note: Before deploying any product, review the product documentation to learn
all the information necessary to successfully install and configure it.
Deploy Symantec Mail Security for Microsoft Exchange:
Install Symantec Mail Security for Exchange on every Exchange server in
the environment.
■ Configure the Symantec Mail Security console to manage the Exchange
servers.
■
If Storage Foundation for Windows will part of the deployment plan, install it
now on all servers.
Note: If the Exchange servers will be clustered, install Storage Foundation for
Windows High Availability on the Exchange servers to enable clustering.
If Storage Foundation for Windows High Availability is being installed to cluster
Exchange servers, configure the virtual Exchange Server.
See the Symantec Storage Foundation for Windows High Availability Solutions
4.3 Installation and Upgrade Guide or the Microsoft Exchange documentation
for more information.
If Enterprise Vault is part of the deployment plan, choose to install Storage
Foundation for Windows High Availability on the Microsoft SQL Servers.
If Storage Foundation for Windows High Availability is being used to cluster
SQL Servers, configure the virtual SQL Server.
See the Storage Foundation for Windows High Availability Solutions 4.3
Installation and Upgrade Guide for more information.
Deploy Backup Exec:
■
Install and configure the Backup Exec server.
■
Install the Backup Exec remote agents on all servers that are part of the
solution
Email Security and Availability infrastructure overview
Summary checklists for the end-to-end solution
If the Symantec Mail Security 8260 appliance for AntiSpam and content filtering
at the gateway is part of the deployment plan, do the following:
■
Install the 8260 appliance.
Update “resident software/installed software.” This is not done automatically.
A live internet connection is required to update the software on the appliance.
■ Configure the 8260 appliance.
■
If the Symantec Brightmail AntiSpam server software for AntiSpam and content
filtering at the gateway is part of the deployment plan, do the following:
■
Install the Brightmail software on a supported Windows server.
■
Configure the Brightmail software.
Optionally, add the Symantec Mail Security 8160 appliance outside the firewall.
Note: The 8160 appliance is not a core component of the solution. It provides
dedicated traffic-shaping features, which are useful for organizations of 2,000
or more users.
Install and configure Enterprise Vault in the Exchange environment.
See “ Best practices for installing Enterprise Vault” on page 109.
Optionally, deploy Enterprise Vault Compliance Accelerator on a standalone
server.
See “Best practices for installing and configuring Enterprise Vault Compliance
Accelerator” on page 187.
Optionally, deploy Enterprise Vault Discovery Accelerator on a standalone
server.
See “Best practices for installing and configuring Enterprise Vault Discovery
Accelerator” on page 182.
Install the Backup Exec remote agents on any remaining servers in the solution.
61
62
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Requirements for the Email Security and Availability
solution
This section provides an overview of the hardware and software requirements
for each Symantec product that is included in the reference architecture for the
Symantec Email Security and Availability solution.
The requirements information is organized by solution tier, as follows:
■
Email security
See “Email security hardware and software requirements” on page 62.
■
Email archiving
See “Email archiving hardware and software requirements” on page 65.
■
Resilient foundation
See “Resilient foundation hardware and software requirements” on page 66.
This information is not intended as a substitute for the detailed prerequisites and
requirements that are documented in the deployment, planning, installation, or
implementation guide for each product. Before actually deploying any product in
the solution, see the appropriate guide for that product.
For a high-level overview of the deployment process, see “Summary checklists
for the end-to-end solution” on page 57.
Email security hardware and software requirements
The email security components of the Email Security and Availability solution
include the following products:
■
Symantec Mail Security 8260 appliance
See “Symantec Mail Security 8260 appliance requirements” on page 63.
■
Symantec Brightmail AntiSpam 6.0
See “Symantec Brightmail AntiSpam 6.0 requirements” on page 63.
■
Symantec Mail Security 4.6 for Microsoft Exchange
See “Symantec Mail Security 4.6 for Microsoft Exchange requirements”
on page 64.
The 8260 appliance can be used, or Brightmail AntiSpam can be installed on a
server. Choose the option that best meets the organization’s needs.
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Symantec Mail Security 8260 appliance requirements
The Symantec Mail Security 8260 appliance has the following requirements:
Web browser
The appliance is managed via a secure Web connection using
one of the following browsers:
■
Microsoft® Internet Explorer 6.0
■
Netscape® 7.2
■
Firefox® 1.0
Users
The appliance supports 1,000 to 10,000 users
LDAP
Required for LDAP-based group policies or alias expansion.
MTA
The Message Transfer Agent (MTA) that is included with
the appliance relays mail to existing email servers. It does
not provide final mail delivery functions or client access to
mail via POP.
For more information, see the Symantec Mail Security 8200 Series Planning Guide.
Symantec Brightmail AntiSpam 6.0 requirements
Table 4-2 lists the minimum requirements for Symantec Brightmail AntiSpam
6.0.
Table 4-2
Symantec Brightmail AntiSpam requirements
Requirement
Description
Operating system
Windows 2000 Server or Advanced Server with SP2
Windows Server 2003, Standard Edition or Enterprise
Edition
Processor
Intel® Pentium® III or higher, or compatible
Memory
512 MB of RAM, minimum; 1 GB or more, recommended
Disk space for installation
250 MG, minimum; 1 GB or more, recommended
Storage space
Normal filtering operations do not generally require much
disk space. The optional extended logging and statistics
features and the Web-based Quarantine feature require
additional storage to be allocated.
For more detailed information about requirements for various deployment options,
see the Symantec Brightmail AntiSpam Deployment Planning Guide.
63
64
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Symantec Mail Security 4.6 for Microsoft Exchange
requirements
Symantec Mail Security for Microsoft Exchange can be added to existing Exchange
servers or be part of a new Exchange deployment.
For detailed information about all of the suggested and required steps to follow
to successfully deploy this software, see the Symantec Mail Security for Microsoft
Exchange Implementation Guide.
Table 4-3 lists the basic Symantec Mail Security for Microsoft Exchange server
requirements.
Table 4-3
Symantec Mail Security for Microsoft Exchange server requirements
Requirement
Description
Operating system
■
Windows 2000 Server or Advanced Server with SP4
■
Windows Server 2003, Standard Edition or Enterprise
Edition, with SP1
■
Exchange 2000 Server (SP3) or Enterprise Server
■
Exchange Server 2003 or Enterprise Server
Exchange platform
Processor
Intel Server class 32-bit
Memory
1 GB of RAM
Disk space
190 MB for local installation; 260 MB for remote installation
Web browser
Microsoft Internet Explorer 6.0
Table 4-4 lists the requirements for the Symantec Mail Security console, a
Web-based management application that can be installed on the Symantec Mail
Security server or on another workstation for remote management.
Table 4-4
Symantec Mail Security console requirements
Requirement
Description
Operating system
■
Windows 2000 Server or Advanced Server with SP4
Windows Server 2003, Standard Edition or Enterprise
Edition, with SP1
■ Windows XP
■
Disk space
140 MB for Mail Security Console installation
Web browser
Microsoft Internet Explorer 6.0
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Table 4-4
Symantec Mail Security console requirements (continued)
Requirement
Description
Other software
Microsoft Management Console (MMC) 1.2
Email archiving hardware and software requirements
Enterprise Vault 6.0 provides email archiving for the solution.
Each of the following components should be installed on a separate, standalone
server:
■
Enterprise Vault with Journaling
Journaling is a licensable option that supports Microsoft Exchange journaling,
to ensure that email messages are kept as long as needed to meet regulatory
or legal retention requirements.
■
Enterprise Vault Compliance Accelerator (optional)
Compliance Accelerator is a licensable option that ensures compliance with
regulatory bodies by providing supervisory review of email. It is an optional
component in the solution, based on the needs of the organization.
■
Enterprise Vault Discovery Accelerator (optional)
Discovery Accelerator is a licensable option that provides a fast, efficient,
customizable email search process that is tailored for legal discovery. It is an
optional component in the solution, based on the needs of the organization.
■
Microsoft SQL Server 2000
Enterprise Vault requires access to Microsoft SQL Server for data storage,
which means that SQL Server must be installed and licensed on a computer
that Enterprise Vault has access to. For SQL Server requirements, see the SQL
Server documentation.
Table 4-5 lists the requirements for Enterprise Vault.
Table 4-5
Enterprise Vault requirements
Requirement
Description
Operating system
■
Processor
Dual CPU, 900 MHz or greater
Memory
4 GB of RAM, minimum
Windows 2000 Server, Advanced Server, or Datacenter
Server; Service Pack 4 required
■ Windows 2003 Server, Standard Edition, Enterprise
Edition, or Datacenter; Service Pack 1 optional
65
66
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Table 4-5
Enterprise Vault requirements (continued)
Requirement
Description
System disk
Mirrored system disk and separate local data disk
recommended
Storage
RAID, NAS, or SAN protective storage device recommended
For more information, see Installing and Configuring Enterprise Vault 6.0.
Resilient foundation hardware and software requirements
The resilient foundation components of the Symantec Email Security and
Availability solution include the following products:
■
Storage Foundation for Windows 4.3 with FlashSnap option
See “Storage Foundation for Windows 4.3 requirements” on page 66.
■
Storage Foundation for Windows High Availability
See “Storage Foundation for Windows 4.3 High Availability requirements”
on page 69.
■
Backup Exec 10d
See “Backup Exec requirements” on page 70.
Choose to deploy Storage Foundation for Windows or choose Storage Foundation
for Windows High Availability to cluster.
Storage Foundation for Windows 4.3 requirements
Storage Foundation for Windows should be installed on all servers in the solution.
The FlashSnap option should be licensed for the Exchange and Backup Exec
servers.
Note: For any installation where multiple products are installed on the same
server, ensure that the server meets the requirements of all products to be installed
on that computer.
Table 4-6 lists the hardware and software requirements for Storage Foundation
for Windows.
Table 4-6
Storage Foundation for Windows requirements
Requirement
Description
Operating system
See Table 4-7 on page 67.
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Table 4-6
Storage Foundation for Windows requirements (continued)
Requirement
Description
Processor
300 MHz Pentium II, minimum; 550 MHz Pentium III or
higher, recommended.
Memory
512 MB of RAM per system, minimum; 1 GB, recommended.
Disk space
See Table 4-8 on page 68.
Storage devices
Storage Foundation for Windows supports any device in the
Microsoft Windows Server Catalog, unless DMP Array
Support Libraries (ASLs) or clustering are being used.
If DMP ASLs or clustering are being used, see the product
documentation for more information about compatible
storage devices.
Storage access
SCSI, Fibre Channel, iSCSI host bus adapters (HBAs), or
iSCSI Initiator-supported NICs to access shared storage.
Firewall and Anti-spyware
Spyware monitoring and removal software must be disabled
before installing Storage Foundation for Windows. The
firewall must also be disabled to enable discovery of the
local client.
Storage Foundation for Windows includes server and client components. Storage
Foundation for Windows servers and clients can be installed on the operating
systems listed in Table 4-7.
Table 4-7
Storage Foundation for Windows server and client operating system
requirements
Operating system
Server
Windows 2000 Server, Advanced Server, or Datacenter Server Yes
Client
Yes
Service Pack 4 required
Windows Server 2003 (32-bit): Standard Edition, Enterprise
Edition, or Datacenter Edition
Yes
Yes
Yes
No
Service Pack 1 recommended, but not required
Windows Server 2003 (32-bit) Web Edition
Service Pack 1 recommended, but not required
67
68
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Table 4-7
Storage Foundation for Windows server and client operating system
requirements (continued)
Operating system
Server
Client
Windows Server 2003 for 64-bit Itanium® (IA64): Enterprise
Edition or Datacenter Edition
Yes
Yes
Windows Server 2003 for Intel® Xeon® (EM64T) or AMD
Opteron™: Standard x64 Edition, Enterprise x64 Edition, or
Datacenter x64 Edition
Yes
Yes
Windows XP Professional
No
Yes
No
Yes
Service Pack 1 required
Service Pack 1 required; Service Pack 2 supported
Windows 2000 Professional
Table 4-8 estimates disk space requirements for the initial installation of Storage
Foundation for Windows. Installation on a non-system drive requires space on
both the system drive and the non-system drive.
Table 4-8
Storage Foundation for Windows disk space requirements
Storage Foundation for
Windows components
System drive
Non-system drive
Server components (all options)
600 MB
System space: 475 MB
Non-system space: 150 MB
Client components
475 MB
System space: 425 MB
Non-system space: 75 MB
Server (all options) and client
components
675 MB
Language pack
300 MB
System space: 500 MB
Non-system space: 200 MB
System space: 200 MB
Non-system space: 125 MB
For additional information about Storage Foundation for Windows requirements,
see the Storage Foundation and High Availability Solutions 4.3 Installation and
Upgrade Guide.
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Storage Foundation for Windows 4.3 High Availability
requirements
Storage Foundation for Windows 4.3 High Availability includes server and client
components. Storage Foundation for Windows High Availability servers and
clients can be installed on the operating systems listed in Table 4-9.
Table 4-9
Storage Foundation for Windows High Availability operating system
requirements
Operating system
Server
Windows 2000 Server, Advanced Server, or Datacenter Server Yes
Client
Yes
Service Pack 4 required
Windows Server 2003 (32-bit): Standard Edition, Enterprise
Edition, or Datacenter Edition
Yes
Yes
File Share
only
No
Yes
Yes
Windows Server 2003 for Intel Xeon (EM64T) or AMD Opteron: Yes
Standard x64 Edition, Enterprise x64 Edition, or Datacenter
x64 Edition
Yes
Service Pack 1 recommended, but not required
Windows Server 2003 (32-bit) Web Edition
Service Pack 1 recommended, but not required
Windows Server 2003 for 64-bit Itanium (IA64): Enterprise
Edition or Datacenter Edition
Service Pack 1 required
Table 4-10 estimates disk space requirements for the initial installation of Storage
Foundation for Windows High Availability. Installation on a non-system drive
requires space on both the system drive and the non-system drive.
Table 4-10
Storage Foundation for Windows High Availability disk space
requirements
Storage Foundation for
Windows High Availability
components
System drive
Non-system drive
Server components (all options)
950 MB
System space: 575 MB
Non-system space: 375 MB
Client components
565 MB
System space: 445 MB
Non-system space: 125 MB
69
70
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Table 4-10
Storage Foundation for Windows High Availability disk space
requirements (continued)
Storage Foundation for
Windows High Availability
components
System drive
Non-system drive
Server (all options) and client
components
1050 MB
System space: 650 MB
Language pack
300 MB
Non-system space: 450 MB
System space: 200 MB
Non-system space: 125 MB
For additional information about Storage Foundation for Windows High
Availability requirements, see the Storage Foundation and High Availability
Solutions 4.3 Installation and Upgrade Guide.
Backup Exec requirements
Table 4-11 lists the hardware and software requirements for Backup Exec 10d
with SQL Agent (for Enterprise Vault backup) and Exchange Agent.
Table 4-11
Backup Exec requirements
Requirement
Description
Operating system
■
Microsoft Windows 2000 Server™ family
■
Microsoft Windows 2003 Server family
■
Microsoft Windows XP (Service Pack 1 or later)
■
Microsoft Windows Storage Server 2003
■
Microsoft Small Business Server 2003 Standard and
Premium
Internet browser
Microsoft Internet Explorer 6.0 or later.
Processor
Intel Pentium, Xeon, or compatible.
Memory
256 MB RAM, minimum; 512 MB RAM or more,
recommended.
RAM requirements vary depending on operations performed,
the options installed, and the specific machine
configuration.
Virtual memory
20 MB more that the Windows recommended size for total
paging file size (the total for all disk volumes) is
recommended.
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Table 4-11
Backup Exec requirements (continued)
Requirement
Description
Disk space
350 MB, minimum, for typical installation.
550 MB, minimum, for all options.
Disk space requirements vary depending on the operations
performed, the options installed, and the specific system
configuration.
Backup Exec database and catalogs require additional space,
up to 2 GB or more.
Storage hardware
Minimum of 1 storage media drive and/or single-drive
robotic library with the appropriate controller card.
Agent licenses
Required agent licenses include the following:
■
Backup Exec Agent for Microsoft Exchange
■
Backup Exec Agent for Microsoft SQL
■
Backup Exec Remote Agent
Remote agent licenses must be purchased for every
protected server
For more information about Backup Exec requirements, see the Backup Exec 10d
for Windows Servers Administrator’s Guide.
71
72
Email Security and Availability infrastructure overview
Requirements for the Email Security and Availability solution
Chapter
5
Stopping unwanted email
This chapter includes the following topics:
■
The challenge of stopping unwanted email
■
A defense-in-depth strategy
■
Configuration overview
The challenge of stopping unwanted email
The challenges around email infrastructure have rapidly evolved as email has
become one of the mission critical applications. At the same time, spam and viruses
present new and constantly changing threats which amplify the risk to email
security and availability. To meet the challenge, IT must pro-actively protect email
infrastructure with a highly accurate antispam solution combined with antivirus
technologies.
The proactive removal of spam in combination with Symantec™ antivirus email
protection improves end user productivity and security. Stopping malicious spam
email that delivers phishing schemes, viruses, and restricted content before it
reaches the network improves email security, and reduces the likelihood that it
will be successfully be used to launch malicious content. The automatic removal
of spam in combination with Symantec Backup Exec™ also leads to shorter backup
and data recovery time. Only the spam-free and virus-free emails will be backed
up, resulting in reduced backup volume and improved security.
A defense-in-depth strategy
To ensure security and availability of email, Symantec recommends that
organizations implement a multi-tiered solution. Each tier in the solution reduces
the potential downstream risk posed by security threats and spam.
74
Stopping unwanted email
A defense-in-depth strategy
A multi-tiered solution defines three primary tiers of protection for client desktops.
Figure 5-1 shows each tier and the Symantec products that are available for
securing that tier.
Figure 5-1
Multi-tiered approach to email threat protection
The task of securing email systems and keeping them available begins by
controlling and managing the flow of email information from start to finish. In
functional terms, this means removing spam, viruses, and unwanted or unneeded
content from the messaging infrastructure at the right points in time.
No single product is capable of defending an organization against all email-related
threats. In addition, no single tier of protection can offer 100 percent coverage,
especially against new and emerging threats. Applying the same defense at
multiple tiers strengthens the overall defense strategy by allowing threats to be
removed at multiple locations in the infrastructure as they are detected. The best
multi-layered defenses complement each other by using multiple methodologies
to complicate any attempts to attack. The multi-tiered approach reduces both
security risks and email volume while ensuring that messages are legitimate and
clean before they pass to the next tier.
Stopping unwanted email
A defense-in-depth strategy
Network boundary tier
Companies who need to significantly reduce spam before it enters their networks
may want to deploy a spam defender at their network boundary. A spam defender
works to hold traffic volume constant even as spam volume continually increases
from the external Internet. This type of defense is called traffic shaping. One of
the limitations of the SMTP protocol is that it has no built-in way to authenticate
senders of email. Traffic shaping samples and analyzes SMTP packets in real time,
and makes a determination about a sender’s reputation based cumulative history
and reputation of the mail path itself. Once reputation is established, incoming
traffic can be shaped based on the reputation.
Typically, traffic shaping is a consideration only for companies of 2,000 or more
employees, which handle significant email volume. Symantec offers the Symantec™
Mail Security 8160 appliance for organizations who require traffic shaping at
their network boundaries. It is an optional product for the Symantec Email Security
and Availability solution.
For more information on the Symantec Mail Security 8160 appliance, see the
Symantec Mail Security 8100 Series Deployment Guide.
Gateway tier
Defending mail servers and mailboxes is no longer enough to ensure the security
and availability of email. Spammers and other attackers will simply innovate or
increase volume and overwhelm a company’s internal server defenses. Preventing
the theft of an organization’s valuable resources must begin at the perimeter, or
gateway, of a network, and then layer inward in multiple lines of defense.
The gateway tier is the layer of routers, bridges, and switches handling all of the
network’s packet traffic, including email traffic.
Table 5-1 explains the challenges that IT organizations face in protecting the
perimeter of their companies’ networks, and how the multiple technologies
provided with Symantec™ Mail Security 8260 appliance and Symantec BrightMail™
AntiSpam answer these challenges.
Table 5-1
Challenge
Gateway tier security challenges and solutions
Solution
Keeping spam and other unwanted BrightMail AntiSpam technology leverages over 20
email from reaching mail servers spam prevention techniques. The embedded Symantec
antivirus technology features real-time scanning.
Virus protection capabilities include the mass-mailer
cleanup, which automatically removes the emails
associated with mass-mailing worms.
75
76
Stopping unwanted email
A defense-in-depth strategy
Table 5-1
Gateway tier security challenges and solutions (continued)
Challenge
Solution
Reducing email infrastructure costs Email firewall technologies, which include a powerful
combination of Directory Harvest Attack Prevention
and Sender Reputation, restrict connections from
spam-sending servers.
Controlling outbound spam and
viruses
Content compliance features allow administrators to
gain control over both inbound and outbound email
content. In addition to controlling spam and viruses,
this allows manage sensitive email content and
enforce content rules to conform to corporate and
regulatory policies.
One of the biggest challenges of antispam systems is that many provide higher
detection rates at the expense of accuracy. The standard metrics for antispam
reliability are detection (also referred to as the spam catch rate) and accuracy rate
against legitimate messages that are incorrectly identified as spam (also referred
to as false positives).
The continually changing landscape of threats , including spam, viruses, phishing,
and spyware requires a solution that automatically keeps up with the latest
antispam and antivirus policies and rules. Symantec Mail Security 8260 and
Symantec Brightmail AntiSpam provide highly accurate antispam technology
that includes an integrated, frequently and automatically updated response
mechanism.
Mail server tier
The mail server tier is the home of an organization’s email servers, handling both
inbound and outbound mail. Inspecting internal email traffic passing to and from
Microsoft® Exchange email servers is paramount to keeping business operations
running smoothly. Symantec™ Mail Security for Microsoft Exchange protects
Exchange mail servers from viruses, messages that overload the system,
inappropriate message content, spam, and denial-of-service attacks.
Table 5-2 explains the common challenges that IT departments face in inspecting
internal traffic, and how Mail Security for Exchange answers these challenges.
Stopping unwanted email
A defense-in-depth strategy
Table 5-2
Mail server tier security challenges and solutions
Challenge
Solution
Scanning for viruses that enter the Viruses can enter the network through personal,
network by bypassing the network web-based email or removable media such as USB
boundary and gateway tiers
drives. Mail Security for Exchange can scan mail
downstream of the gateway servers to ensure that
new threats are exposed and handled.
Ensuring redundancy in email
inspection
Although inbound email is a common delivery
mechanism for viruses, it is possible for these types
of threats to find there way into email systems from
other sources. While running defenses at the gateway
provides coverage of inbound email, not all threats
can be detected and thus removed at that tier.
Addressing this requires virus detection and cleanup
at the mail server tier.
Preventing authorized content
from being sent to unauthorized
users
Companies take pains to secure internal Web sites
from unauthorized individual or departmental access.
However, information from a secured Web site can
be downloaded to a desktop system and easily
forwarded to virtually any individual in the company.
This possibility exposes data to not only the
unauthorized users inside the company, but outside
its walls as well. Mail Security for Exchange
incorporates rules-based content filtering to prevent
unwanted content from entering—and confidential
information from leaving—the network.
Enforcing email usage policies
Companies enforce email policies to prevent
inappropriate language in email, unwanted or
oversized attachment content such as MP3 music
files, AVI and other video file types, and file types
commonly used for delivery of viruses, such as
executables. Symantec Mail Security for Exchange
enforces these policies at the mail server tier to
prevent internally introduced and inappropriate email
from propagating inside and outside the company.
Symantec Mail Security for Exchange gives administrators the ability to inspect
content in real-time, as email is being committed to the Exchange information
store and while it is being accessed from the store. Administrators are also able
to conduct sweeps of information store content on a scheduled or on-demand
basis using updated virus definitions or specific content rules that are designed
to identify suspicious or inappropriate content.
77
78
Stopping unwanted email
A defense-in-depth strategy
Desktop tier
At the innermost tier of the network, desktop users interact with their Exchange
inboxes. At this tier, security threats and viruses are often launched by users who
remain unaware of malicious activity. Consequently, having protection at the
desktop is a critical component of a tiered defense strategy. Symantec antivirus,
antispam, and content filtering solutions stop the successful launch of threats
delivered through email at the desktop tier.
It is important to note that while desktop protection solutions are highly
customizable and individually effective, they cannot offer organization-wide
protection because their purpose is to protect individual desktop mailboxes only.
Complete enterprise protection is only possible with a multi-tiered solution
implemented at the mail server, gateway, and network boundary tiers.
Symantec’s Global Intelligence Network
A flexible, archiving framework enables the discovery of content stored within
email, file system, and collaborative environments, while helping to reduce storage
costs and simplify management. Built-in search and discovery capabilities are
complemented by client applications designed for to meet corporate governance,
risk management, and legal protection requirements. Spam and virus detection
technologies, as well as traffic-shaping technology, can be deployed at multiple
layers in the network. High resiliency technologies ensure uninterrupted access
to mission-critical data. On-line storage management tools with optimized I/O
performance reduce planned and unplanned downtime, while clustering and
replication technologies further reduce application downtime.
For organizations that require fast recovery of Exchange server services in the
face of site disasters, Symantec offers metropolitan-area data mirroring and
wide-area data replication, optionally coupled with remote site standby system
management (wide-area clustering).
Supporting Symantec’s products and services, is the Symantec Global Intelligence
Network security research organization. This organization aggregates, analyzes,
and delivers security notifications on security threats worldwide. It gathers
malicious code data from over 150 million antivirus desktops, 20,000 Intrusion
Detection (IDS) software clients, and firewall sensors in over 180 different
countries, and more than 43,000 managed security devices. Symantec’s global
Security Response centers monitor the Probe Network and analyze the latest
spamming tactics across the globe. The Probe Network is an extensive array of
over 2 million decoy email addresses.
Combined with Symantec’s vulnerability database of over 10,500 entries, this
infrastructure provides Symantec’s Security Response analysts with a source of
data with which to identify emerging trends in attacks and malicious code activity.
Stopping unwanted email
A defense-in-depth strategy
Symantec Security Response centers are located in North America, Asia, Australia,
China, and Europe. Centers are manned by researchers who represent a cross
section of highly regarded security experts, and provides 24x7 coverage for
important security events.
The Symantec Mail Security product line leverages Symantec Security Response’s
security content updates to help organizations prepare for and respond to any
security threats. Backed by the Symantec’s Global Intelligence Network and
Security Response, information and recommended actions on the latest security
threats can be obtained via Symantec’s globally distributed network of
LiveUpdate™ systems. LiveUpdate extends to all geographic locations and time
zones.
Figure 5-2
Global Intelligence Network and Security Response
79
80
Stopping unwanted email
Configuration overview
Configuration overview
For organizations between 1,000 and 2,000 email users, Symantec recommends
implementing email protection at the gateway, mail server, and desktop tiers. In
high-volume email environments additional protection at the Network boundary
tier should be implemented as well. The following lists which email security and
availability solutions are applicable at the each network tier:
Mail server tier
Symantec Mail Security for Microsoft Exchange
Gateway tier
One of the following gateway protection products:
Network boundary tier
■
Symantec Mail Security 8260 appliance
■
Symantec BrightMail AntiSpam software
(Optional) Symantec Mail Security 8160 appliance
Figure 5-3 shows the recommended server configurations for each network tier
in a 1,000 to several thousand employee company.
Figure 5-3
Server architecture for the Symantec email security solution
In this architecture, two Symantec Mail Security 8260 appliances are recommended
at the network perimeter. As an alternative to the 8260 appliance, administrators
can install Symantec BrightMail AntiSpam on two gateway servers. The
Stopping unwanted email
Configuration overview
functionality of these products is equivalent in this architecture. It is also
recommended to install the 8260 appliances or BrightMail AntiSpam servers
between two firewalls in a sub-network that separates the internal and external
networks. This sub-network is commonly known as a demilitarized zone (DMZ)
or perimeter network.
The Microsoft Exchange mail servers are the company’s groupware, or downstream
servers. They reside inside the company firewall, protected by the gateway
appliances or servers.
See “Best practices for protecting the network perimeter at the gateway server
tier” on page 86.
Optionally, for companies who want to reduce traffic volume at the SMTP layer
before it enters the company network, the Symantec Mail Security 8160 appliance
is available. The 8160 appliance sits at the network boundary, inside the DMZ,
and in front of the gateway appliances or servers.
Best practices for protecting Exchange servers at the mail server tier
The Symantec solution for protecting Microsoft Exchange servers in organizations
with 1,000 to several thousand employees is Symantec Mail Security 4.6 for
Microsoft Exchange (Mail Security for Exchange). The Mail Security for Exchange
product provides an integrated security solution that protects against viruses,
spam, and security risks, and enforces company policies. Mail Security for
Exchange allows Administrators to create and save multiple sets of criteria to
identify threats and violations. And when a threat or violation is detected, Mail
Security for Exchange can automatically issue notifications and alerts as well as
take pre-defined administrative actions.
Typical configuration
In a typical configuration, the Symantec Mail Security for Microsoft Exchange is
installed on each Exchange server and scans all inbound and outbound email.
Mail Security for Exchange scans all email content including message header,
body, and attachments. Mail Security for Exchange scans all email sent to both
public folders and private mail boxes. As an integrated email security solution,
Mail Security for Exchange provides email message scanning and security
conformity at the server level. This integrated capability ensures that email in
Exchange is free from security risks, spam, and viruses.
Preinstallation and deployment
Before installing Symantec Mail Security for Exchange, all preinstallation and
system requirements must be met.
81
82
Stopping unwanted email
Configuration overview
See “Symantec Mail Security 4.6 for Microsoft Exchange requirements” on page 64.
The Symantec Mail Security for Microsoft Exchange Implementation Guide provides
both suggested and necessary procedures for deploying Symantec Mail Security
for Exchange. It is recommended that Administrators become familiar with this
guide before installing software.
Table 5-3 shows the sequence of a typical Symantec Mail Security for Exchange
deployment for a company with less than 3,000 employees.
Table 5-3
Typical deployment sequence for Symantec Mail Security for Microsoft Exchange
Deployment task
Description
Task 1: Install Mail Security for
Exchange
Symantec Mail Security for Exchange can be installed as a console to remotely
manage multiple servers on an individual basis or as a group. A console
installation is typically installed on a client computer (Windows® XP or Windows
2000) and used to manage product settings remotely. Groups can be created of
servers with similar functions for easier management.
Task2: Install Symantec Mail
Security for Microsoft Exchange
2003 Cluster Nodes
Symantec Mail Security for Exchange is fully cluster aware when installed in
a Windows cluster environment and also supports VERITAS™ clustering. Mail
Security for Exchange should be installed on Exchange Cluster nodes while
they are in a passive state to ensure that working Exchange Virtual Servers are
not affected negatively by the installation processes.
Each node in the Microsoft Exchange Server 2003 cluster must have Symantec
Mail Security for Exchange binaries installed in the same location on the
applications disk drive. In addition, the administrator installs the latest updates
and definitions for Mail Security for Exchange as installation is completed.
Task 3: Install Symantec AntiVirus Symantec recommends that Symantec Antivirus with LiveUpdate be installed
Corporate Client on Exchange
on each Exchange cluster node. LiveUpdate will ensure that anti-virus
Cluster Nodes
definitions and Mail Security for Exchange updates are downloaded and installed
automatically as soon as they are available.
To successfully install and bring online a working Microsoft Exchange 2003
Virtual Server with Mail Security for Exchange and Symantec Antivirus,
exclusions should be added to Symantec Antivirus for the working directories
used by Symantec Mail Security for Exchange, and for certain Exchange
directories. For more information, see Symantec Knowledge Base Document
ID: 2004052416452048 at the following URL:
http://www.symantec.com/techsupp/
Stopping unwanted email
Configuration overview
Table 5-3
Typical deployment sequence for Symantec Mail Security for
Microsoft Exchange (continued)
Deployment task
Description
Task 4: Install (or renew) license
files to remote servers
To activate a content license, a license file must be installed on each server
that is running Mail Security for Exchange. This ensures that each server can
receive the latest virus definitions updates.
The license file can be installed from the console for a remote server group, or
for a remote single server. It can also be installed on each individual server
directly.
Task 5: Install Spam Folder Agent
for Exchange
The Spam Folder Agent lets companies additionally route spam messages to a
spam folder in each recipient’s mailbox. The Spam Folder Agent should be
installed on Exchange servers where mailboxes physically reside. The Agent
creates a spam folder in each user’s mailbox automatically. When spam
messages are tagged for Spam folder agent delivery, the messages are delivered
to the Spam folder. Tagging may be accomplished by Symantec Mail Security
8260 appliances.
Companies can use Spam folders as a means of archiving Suspected Spam that
is delivered directly to end-users for review. To ensure that such messages are
not left in Exchange mailboxes for more than a few days, administrators can
apply a folder level mailbox archiving policy in Enterprise Vault to the Spam
folder for each user that archives all messages after a short time (for example,
5 days). This can be separate to, and override any other default mailbox
archiving policy for the users.
Symantec Mail Security for Exchange settings
Symantec offers configuration recommendations for Mail Security for Exchange.
The following are not intended to replace product documentation; rather, offer
suggestions that address common questions about settings.
Table 5-4 shows the recommended configuration settings for Symantec Mail
Security for Exchange.
Table 5-4
Recommended settings
Setting
Recommendation
General Settings (applies to all
auto-scans)
Enable Heart Beat System: Tracks whether the Mail
Security for Exchange is running. If the product stops
running, an e-mail/alert can notify an administrator.
Attachment Blocking: A list based on company
internal policy should be set in the content directory
83
84
Stopping unwanted email
Configuration overview
Table 5-4
Recommended settings (continued)
Setting
Recommendation
LiveUpdate/Rapid Recovery
Run LiveUpdate every 4 hours
Match List
Use to protect Exchange from a known threat (virus).
Match list is used to match email associated with a
specific virus. Retain all default samples.
Report Settings
Threshold on Storage: Store all data for 12 months
Filtering sub policies
Use when a known virus threat does not have
up-to-date virus definitions
Scan Jobs: Auto Protect
SMTP message scanning: Enable on when there is no
SMTP scanning solution
Enable Exchange background scanning: For use in
smaller companies when relatively little Exchange
data exists to scan for viruses. Because each individual
message is scanned, this option is not recommended
for organizations with large amounts of data to scan
Scan Jobs: Scheduled Scans
Schedule Full Scan: Select when a virus has infected
the database
Scheduled Scan: Select when appropriate to business
operations
Multiserver console
The Symantec Mail Security for Exchange console can be configured to manage
one or more Exchange servers.
If a company is using multiple Microsoft Exchange servers and wants to manage
mail security from the Mail Security for Exchange console (multiserver console),
administrators should have an implementation plan for this that includes the
following information:
■
The server names and total number of Exchange servers on which Mail Security
for Exchange will be installed.
■
The number of servers on which future installations of Mail Security for
Exchange will be installed.
To manage Mail Security for Exchange using the multiserver console, all Mail
Security for Exchange servers must be in the same domain as the console.
Administrators should use the multiserver console whenever more than one server
has the same settings.
Stopping unwanted email
Configuration overview
Virus definition recommendations
An Exchange server should be protected with both a file system antivirus scanner
(for example, Symantec Antivirus Corporate Edition) and antivirus protection for
the Exchange message store (Mail Security for Exchange). If both Symantec Mail
Security for Exchange and Symantec™ Antivirus Corporate Edition are installed
on the same server, they can share a single set of definitions. This allows the
administrator to update once instead of separately managing definitions for both
products.
Symantec Mail Security for Exchange has two types of definitions:
■
Rapid Release certified definitions
Rapid Release certified definitions are updated hourly, and are best suited for
a front-end or bridgehead server that does not have a message store as they
are the fastest response to emerging threats.
■
LiveUpdate certified definitions
LiveUpdate certified definitions are more suitable for the message store as
they are more thoroughly tested and updated less frequently. Since rescanning
the message store is time consuming, it is better to scan with the certified
definitions on a less frequent basis.
If LiveUpdate certified definitions are used on an Exchange server with a message
store, then the On Virus Update Force Rescan option should be enabled. This
ensures that all messages have been scanned with the latest virus definitions
prior to end-user access.
File Filtering Rules
Mail Security for Exchange comes with a File Filtering Rule, which detects common
virus carrier file types and blocks them automatically, even when they are
contained in a zip file. The associated match list contains examples of the most
common virus carriers. Because these files are not generally needed for regular
business communication, it is relatively safe to block them by default. Enabling
this rule will protects the Exchange server from new threats even before virus
definition updates are available by blocking based on the file extension.
Zip file recommendations
Zip and other container files have been used to carry threats in many recent
outbreaks. How a company handles zip files is really dependent on their threshold
for risk. Some companies block all container files, while others require a more
granular approach. Mail Security for Exchange provides the following features
to provide granularity:
85
86
Stopping unwanted email
Configuration overview
■
Handles password protected zips with an exception rule (Encrypted File Rule)
to allow different dispositions to be selected. This allows zip files unless they
are password protected. Password protected zips can be quarantined or deleted.
■
Blocks certain attachment types, even when they are found in a zip file. This
allows the administrator to specifically block dangerous attachment types,
even if they are in a zip file. Less dangerous and more business-critical
documents, for example, Microsoft Office documents, can be allowed in a zip
file, while the more frequent carriers of threats (for example, *.exe, *.bat, and
*.scr files) can be blocked.
Custom policy guidelines
Administrators can apply custom policies to help with a number of challenges.
For example, custom policies are useful when only a limited number of notifications
must be issued. If manual scanning of the information store occurs at night and
messages in the store have already been checked with an Auto-Protect scan,
administrators can issue a minimal number of notifications and alerts.
Administrators can create as many custom policies as needed for a site.
Organizations may want to use custom policies in any of following are situations:
■
A message with a particular attachment name is associated with a known
problem. A custom policy whose only rule is to locate the attachment is linked
with a manual scan and run immediately.
■
To save overhead, the Auto-Protect scan logs encrypted archives as they come
into the Exchange store from the Internet but does not take any other action.
A separate custom policy that searches for these encrypted messages and
deletes them is run off-hours.
■
A custom policy that filters mail for company executives is run on a scheduled
basis.
Best practices for protecting the network perimeter at the gateway
server tier
For SMTP gateway perimeter protection, Symantec offers three ways to implement
email security solutions: software-based, appliance-based, and hosted service.
Organizations with less than several thousand nodes typically choose either a
software-based or appliance-based solution. Larger enterprises might also consider
the hosted service solution, in which the software and systems are located
off-premise at a hosted provider and internet email streams are redirected to the
provider for scanning.
Stopping unwanted email
Configuration overview
Choice of solution formats
For companies with 1,000 to several thousand nodes, Symantec offers the following
appliance-based and software-based solutions to protect the network perimeter:
■
Symantec Mail Security 8260 appliance
■
Symantec BrightMail AntiSpam
The availability of resources and expertise varies from company to company.
Therefore, choice of solution format will be based on environmental factors or
preference. Both products offer the same technology; only the delivery format
differs.
Table 5-5 lists the advantages unique to each format.
Table 5-5
Software-based and appliance-based solutions
Format
Description
Advantages
Software
Application software must be installed Complete control over entire environment, including
on customer-provided hardware and
choice of hardware and operating system.
operating system
Provides highly-integrated antispam, virus protection,
and content filtering technologies. For emergency
updates or upgrades, the fewer the number of
components, the easier it is to ensure compatibility
and uptime.
A single vendor is responsible for both the security
technology and response components. This eliminates
finger-pointing between vendors.
Appliance
Application software comes
pre-installed on a vendor-maintained
operating system and hardware
No operating system or compatible hardware to acquire
and maintain.
No software to install.
Application and operating system updates can be
automated.
Initial security hardening and subsequent patching
provided by vendor.
A global support contract with hardware replacement
is available.
Symantec Mail Security 8260 appliance deployment
For companies who choose the appliance option, the Symantec Mail Security 8260
appliance leverages over 20 spam prevention techniques, including Symantec
BrightMail AntiSpam, Directory Harvest Attack Prevention, and Sender Reputation
87
88
Stopping unwanted email
Configuration overview
technology. All of these technologies reduce email infrastructure costs by
significantly reducing the received amounts of accepted spam. Additionally,
content compliance features let administrators gain control over inbound and
outbound email content so they can enforce internal or regulatory email content
policies, before an issue even arises.
IT staff can configure each 8260 appliance appliances to operate in any of the
following roles described in Table 5-6.
Table 5-6
8260 appliance roles
Role
Description
Scanner
Performs email filtering. One or more Scanner
appliances can be set up.
Control Center
Manages the appliance system. Each 8260 appliance
installation has one Control Center. The Control
Center can manage multiple Scanner appliances.
Control Center and Scanner
Performs both functions. A dual-role appliance is
suitable for smaller installations. The Control Center
appliance also hosts Quarantine, a component that
stores spam messages and provides end-users access
to their spam messages. Administrators can also
configure Quarantine for administrator-only access.
Use of Quarantine is optional.
For companies with 1000 to several thousand employees, Symantec recommends
that both 8260 appliances be configured as inbound relays as follows:
■
One appliance runs a Scanner to scan inbound email, but also runs the Control
Center and Quarantine Server
■
The second appliance runs only the Scanner to process both inbound and
outbound mail
Inbound traffic configuration
Traffic enters the network through the company’s outer firewall. With both
appliances operating as inbound relays (Scanners), inbound message traffic can
be routed to them via a DNS round robin server or a load balancer.
Note: The DNS round robin server is a less expensive option a hardware load
balancer. Hardware load balancers are more robust and responsive than DNS
servers and provide a higher degree of flexibility. However, the DNS server option
is often sufficient for organizations under 3,000 nodes.
Stopping unwanted email
Configuration overview
Table 5-7 shows how email traffic is handled on the 8260 appliances.
Table 5-7
Traffic routing on the 8260 appliance
Traffic
Routing method
Clean messages
Clean messages are delivered to the Exchange mail
servers via a Smart Host configuration
Infected messages
Messages that require quarantine are stored on the
Control Center/Quarantine server
Primary MX records
Assigned to both 8260 appliances
Symantec recommends that the outer firewall be configured as a transparent
SMTP proxy. The transparent SMTP proxy configuration is necessary because it
lets the 8260 appliance receive information on source IP addresses. As the 8260
appliance filters IP addresses, it also learns to tune itself to the local environment
and thus filter more effectively.
Firewalls such as the Symantec Gateway Security 5400 and 5600 series provide
transparent SMTP proxy features. For firewalls without this feature, Symantec
recommends that administrators configure their routers to pass all port 25 traffic
directly to the Symantec Mail Security 8260 appliance, thus bypassing the firewall
for SMTP traffic.
Both content and IP-based filtering are handled by Symantec Mail Security 8260
appliances. To configure IP-based filtering, administrators should enable the
Email Firewall feature on the 8260 appliance. The Email Firewall feature provides
IP-based filtering to reduce traffic at the TCP/IP layer and reduce the volume of
data that requires processing by the application. Filtering at this layer is an
effective complement to content filters.
However, to set up a full TCP/IP filtering layer, administrators must install the
Symantec Mail Security 8160 appliance. The 8160 appliance provides full
traffic-shaping of incoming network traffic.
Outbound traffic
Outbound email is routed through the second 8260 appliance, which handles both
inbound and outbound traffic. Administrators can reconfigure user email clients
or configure the Exchange servers to route all outbound traffic through the
outbound 8260 appliance.
Depending on company policy requirements, administrators can then implement
custom content filters that are specific to outbound email compliance policies.
They then can tag, report on, or spool email for later analysis and archiving using
VERITAS Enterprise Vault™.
89
90
Stopping unwanted email
Configuration overview
Symantec BrightMail AntiSpam deployment
For companies who choose the appliance option, Symantec BrightMail AntiSpam
provides accurate, effective, and easy-to-manage protection against spam, email
fraud, email-borne viruses, and other unwanted email at the network gateway. It
actively identifies and manages spam and virus attacks before they inconvenience
users or overwhelm or damage company networks.
As with the 8260 appliances, Symantec recommends that companies with between
1000 and several thousand employees install BrightMail AntiSpam software on
two Windows servers inside the DMZ. Administrators should configure both
BrightMail AntiSpam servers as inbound servers. Only one of the servers should
be configured as an outbound server.
Chapter
6
Effectively archiving and
retrieving messages and
reducing information store
size
This chapter includes the following topics:
■
Microsoft Exchange as an information warehouse
■
How Symantec addresses archiving, retrieval, and storage in the Exchange
environment
■
Enterprise Vault basics
■
Best practices for planning Enterprise Vault deployments
■
Best practices for sizing Enterprise Vault environments
■
Best practices for preparing the Enterprise Vault environment
■
Best practices for installing Enterprise Vault
■
Best practices for configuring Enterprise Vault
■
Best practices for backing up and recovering Enterprise Vault
■
Common Enterprise Vault challenges and solutions
■
Enterprise Vault usage
92
Effectively archiving and retrieving messages and reducing information store size
Microsoft Exchange as an information warehouse
Microsoft Exchange as an information warehouse
Increasingly, organizations are using their email storage, based on their Microsoft®
Exchange servers, as information warehouses. And because Exchange dates and
time stamps every message it processes, organizations also use Exchange to
document the progress of business projects and workflow.
The value of the knowledge that is contained in email repositories makes it evident
why email has increased in both size and importance to the modern business
enterprise. This new reliance on email has also increased the frustration of email
users as they try to manage, file, and retrieve all of the intellectual property that
is stored in their mail archives. It has also magnified storage issues for IT
departments.
To use Exchange as an information warehouse, IT organizations must manage
increasing data stores and more quickly retrieve relevant information on request.
These tasks are challenging enough, but add to them Exchange’s inherent
unsuitability as a business information repository, and the resource burden on
IT mounts even more. Although companies may be aware of the value of the
information that is contained in Exchange information stores, the unstructured
nature of the Exchange data continues to keep valuable information assets out of
reach of users and organizations.
How Symantec addresses archiving, retrieval, and
storage in the Exchange environment
In the same way that email security tools act as the first lines of defense in keeping
unwanted email out of the messaging system environment, email archiving works
on the back end to move saved email messages out of the environment, while at
the same time maintaining the availability of the data, should it be needed.
The Symantec Email Security and Availability for Microsoft Exchange solution
uses VERITAS Enterprise Vault to archive Microsoft Exchange email. Enterprise
Vault acts as an information warehouse for corporate data, which then can be
mined as a knowledge resource using the built-in index and search technology.
The Enterprise Vault repository is designed to do the following:
■
Flexibly store archived content.
■
Reduce storage by compression and single-instancing.
■
Index content for rapid and targeted retrieval.
■
Secure future accessibility by rendering an HTML copy of all archived content.
■
Utilize user-authentication security controls.
Effectively archiving and retrieving messages and reducing information store size
How Symantec addresses archiving, retrieval, and storage in the Exchange environment
■
Define and implement retention and expiration policies.
Enterprise Vault can also ease migrations and consolidations by reducing the size
of existing data stores.
See “The benefit of Symantec in managing Exchange migrations ” on page 213.
Structured data
Enterprise Vault structured data provides the following capabilities:
Categorization support
Enterprise Vault supports the archiving of categorization
information that is appended to email information.
Categorization is a key driver in the management of email
records and allows organizations to perform tasks such as
recalling all email messages marked as personal, or retaining
all records that are marked as business for a longer period.
Archiving for compliance
and discovery
Enterprise Vault works seamlessly with Exchange
5.5/2000/2003 Journaling in order to satisfy the corporate
legal or regulatory retention requirements. Enterprise Vault
can be configured to retain a copy of all email messages that
are sent and received, ensuring that they are kept for the
appropriate period of time that is required to meet
regulatory or legal retention requirements.
Note: Organizations that are required to produce discovery of content in response
to litigation and regulatory supervision can deploy VERITAS Enterprise Vault
Compliance Accelerator and VERITAS Enterprise Vault Discovery Accelerator.
See “About Enterprise Vault Discovery Accelerator” on page 178.
Seamless retrieval of archived email
The following Enterprise Vault capabilities provide seamless retrieval of archived
mail:
Online archive access
Enterprise Vault indexes email, attachments, and more than
255 file types. With an indexed online archive, users can
search available content using different keywords and
search terms, including Microsoft Outlook® message
categories. For example, a firm can quickly recall all email
messages and attachments across an organization that relate
to a particular category or search term.
93
94
Effectively archiving and retrieving messages and reducing information store size
How Symantec addresses archiving, retrieval, and storage in the Exchange environment
Lifetime management of
email
Enterprise Vault automatically manages the full email life
cycle. It protects corporate intellectual property by retaining
access and enabling rapid discovery of content that is based
on corporate-defined policies. These policies can be defined
and applied to an organizational unit (OU) or an individual
user.
Public folder archiving
Individual folders or folder hierarchies may be archived and
replaced by shortcuts and folder access controls are
synchronized with Enterprise Vault access to control search
scope.
Offline vault laptop access
Offline Vault provides laptop access to archived email even
when not connected to the corporate network. Requiring
low bandwidth, Enterprise Vault can be configured to
provide users with a local Vault stored on their PC hard
drive. At the same time, the user’s email is still archived to
the corporate archive, so it is not vulnerable to loss or
damage.
Control of PST archives
Enterprise Vault allows organizations to migrate all existing PST file data into
the archive repository. Restoring user search and accessibility to this data enables
an organization effectively to achieve PST eradication.
Key features include the following:
■
Server-based pull migration or client-side push migration, or a combination
of the two.
■
Identification of the ownership of PST files.
■
Central view of PST files in existence on the entire network and current
migration status of these files.
Reduction in the size of Exchange information stores
Archiving can be an important tool to maintain the availability of email
infrastructure by controlling the amount of data in the primary messaging systems.
The single best practice to keep an Exchange environment running at its highest
performance is to keep the Exchange data stores as small as possible.
Keeping data stores small makes it easier to migrate to newer releases of Exchange,
improves performance, and significantly reduces the backup window. Smaller
data stores also make it easier to restore an Exchange environment in a disaster
recovery scenario.
Effectively archiving and retrieving messages and reducing information store size
Enterprise Vault basics
Service Level Agreements (SLAs) for backup can be improved by archiving. The
majority of data is moved out of the Exchange stores, allowing SLAs to be planned
and achieved. In addition, end users can service their own requests for old and
lost information without consuming help desk or administration resources.
Enterprise Vault improves performance and lowers costs in the following ways:
Optimizes storage
Reduces Exchange message store size by 50 percent or more.
Supports any Windows® NTFS-conforming storage solution,
including magnetic or optical disks, Storage Area Network
(SAN), or Network Attached Storage (NAS). Single-instance
storage of identical items is maintained.
Reduces cost of message
retrieval, recovery, and
administration
Saves time and money that are spent retrieving and
recovering old or lost email. Provides immediate recovery
of key individual mailboxes.
Reducing Exchange or file server storage requirements generally means that more
users can be housed or supported on each server, thus allowing server
consolidation.
Enterprise Vault basics
Enterprise Vault provides a flexible archiving framework to enable the discovery
of content that is held within email, file system, and collaborative environments,
while helping to reduce storage costs and simplifying management. Enterprise
Vault manages content by automated, policy-controlled archiving to online stores.
It provides active retention and seamless retrieval of information.
The built-in search and discovery capabilities of Enterprise Vault are
complemented by specialized client applications for corporate governance, risk
management, and legal protection.
Enterprise Vault is a powerful and complex product. Before it can be deployed,
an IT department should become familiar with its capabilities.
Enterprise Vault installs the following services:
Directory Service
All configuration information for Enterprise Vault is stored
within a SQL Server database with a default name of
EnterpriseVaultDirectory. The Directory Service is used to access
this database and all information that it contains.
95
96
Effectively archiving and retrieving messages and reducing information store size
Enterprise Vault basics
Archiving Service
Each enabled Exchange Server will have one Archiving Service
that is assigned to it. The Archiving Service is used to scan
mailboxes on each Exchange Server. It detects any items that are
ready to be archived based on the policy that has been established
for end users. For example, a policy could be defined to never
archive an item that is younger than 90 days old.
Once the Archiving Service has discovered any items that comply
with the policy for archiving, the Archive Service passes the items
to the Storage Service.
The Archiving Service uses six Microsoft Message Queues (MSMQ)
per service. Each queue has different functions that can be
monitored to verify progress.
Storage Service
The Storage Service takes care of managing the storage of items
in Enterprise Vault. When the Storage Service is asked to store
an item in the Vault Store, it creates a compressed version of the
item that is archived from Exchange on the NTFS storage volume
and then stores metadata about the archived item in the SQL
database.
The Storage Service uses three Microsoft Message Queues
(MSMQ) per Storage Service. Each queue has different functions
that can be monitored to verify progress.
Indexing Service
Enterprise Vault indexes all the items that it archives. Search
capabilities depend on the level of Indexing (Brief, Medium, and
Full) that have been established for each Vault Store. Each
Indexing Service can store its Indexes in multiple locations.
Indexes are created using the AltaVista® search format. Once the
Index grows to a predetermined size, it will automatically create
a new Index to allow for better search performance behavior.
Retrieval Service
The Retrieval Service makes a request from users to the Storage
Service to restore items back to their mailboxes. There is one
Retrieval Service for each Exchange Server.
The Retrieval Service uses three Microsoft Message Queues
(MSMQ) per Retrieval Service. Each queue has different functions
that can be monitored to verify progress.
Shopping Service
Each Shopping Service will store the shopping basket information
that is collected when users invoke the Web Access application.
Each time a user creates a search using the Web application, the
Shopping Service stores information on the volume for that user
in order to manage each shopping basket.
Effectively archiving and retrieving messages and reducing information store size
Best practices for planning Enterprise Vault deployments
Enterprise Vault has the following components:
Vault Stores
A Vault Store consists of an SQL database and an NTFS
volume that are created to house the Vault Store. When an
item is archived, a copy of the item is converted to an HTML
or text format file. The original and the copy are stored
together in the Vault Store as a single compressed file.
Metadata, which identifies who has access to the archived
item and where the item is stored in the Vault Store, is
written to the database.
Vault Store partitions
Enterprise Vault uses storage partitions to collect the files
for all archives. A partition can be open, to allow Enterprise
Vault to write archived data to it, or closed, to prevent the
partition from being used to archive.
Each time a partition reaches a 95 percent full capacity level,
Enterprise Vault automatically creates a new partition and
closes the partition that is too full.
Indexes
In order to search and locate archived items, Enterprise
Vault creates an Index of all the items that it archives. Brief,
Medium, or Full Indexing can be enabled.
Web Access Application
Enterprise Vault has a Web application that is used to
perform certain search functions using a GUI interface. The
URL for the Web Access application is
http://<ServerName>/EnterpriseVault.
To use the advanced search options of the Web application,
append “?advanced” to the URL:
http://<ServerName>/EnterpriseVault/search.asp. This
accesses a set of Active Server Pages that provide a search
interface to the Vault Stores. The ASP is registered with IIS
on the server as a virtual directory.
Best practices for planning Enterprise Vault
deployments
Enterprise Vault can be customized with policies that fit dozens of unique
environments. In general, expect a level of effort similar to implementing an
initial Exchange environment. It is recommended to complete Symantec Enterprise
Vault training before implementation or to have Symantec consulting services
on-site during the process.
97
98
Effectively archiving and retrieving messages and reducing information store size
Best practices for planning Enterprise Vault deployments
The status of the current Exchange environment as well as the deployment plan
should be documented.
Documenting the existing Exchange environment
To help document the status of the existing Exchange environment, answer the
following questions:
■
What is the size of the Exchange data stores?
■
What is the average daily volume of email?
■
What is the average size of email?
■
What is the average size of email attachments?
■
What is the average size of individual email mailboxes?
■
What is the total number of email accounts?
■
What are the current email storage requirements?
Documenting the new Exchange Enterprise Vault environment
To help document the target Exchange Enterprise Vault environment, answer the
following questions:
Email retention policy:
■
Will Exchange Journaling be used?
■
How long will email be kept?
■
What are the business goals of the retention policy?
When will email be removed from Exchange and moved
into Enterprise Vault stores?
■ When will email be removed from Enterprise Vault?
■
■
Is there a department-level (HR, Legal) retention policy?
Will email be automatically deleted after a specified
period of time?
■ Will all email be retained indefinitely?
■
Personal Archives (PST)
policy:
■
Can users keep their own archives?
■
Are all archives going to be centralized?
Where are archives going to be stored? (online, near-line,
off-line)
■ What storage volumes will contain the vault?
■
■
Are policies set per-department or per-user?
Effectively archiving and retrieving messages and reducing information store size
Best practices for planning Enterprise Vault deployments
Attachment policy:
■
Are they blocked entirely?
■
Is there a size limit?
■
Is there a limit on type? (such as .exe or .bat files)
Email archiving policy goals: ■ To keep Exchange data stores small?
End user search capability:
Auditing needs:
■
To discover any email regardless of age?
■
To provide quick access to old email?
■
Provide enhanced search capabilities for users?
■
Give users the ability to search all of their archives?
■
Impose constraints? Only for 90 days?
■
Will legal discovery or compliance checking be required?
Documenting the Enterprise Vault deployment plan
To help document the Enterprise Vault deployment plan, answer the following
questions and keep the following points in mind:
Migration strategy
■
Migration typically takes place over days or weeks.
The speed of migration depends on the level of indexing
and the amount of server resources that are dedicated
to the migration process.
■ Aged email migration is more resource intensive than
the steady state maintenance of Enterprise Vault with
new email.
■ Develop a written implementation plan.
■
Indexing service
Indexing converts attachments to HTML or plain text
and stores it in a vault store.
■ Vaults are indexed with AltaVista technology.
■
■
Future growth
Three levels of indexing are available: Brief, Medium,
and Full.
Full indexing is required for Enterprise Vault Compliance
Accelerator and Enterprise Vault Discovery Accelerator.
What is the projected size of the data store after
migration?
■ Growth over the next five years?
■
■
Does the company anticipate near-term merger or
acquisition activity?
99
100
Effectively archiving and retrieving messages and reducing information store size
Best practices for sizing Enterprise Vault environments
EV migration sequence
End-user training plan
■
Department by department?
■
Key users?
■
Use test runs to develop accurate conversion estimates.
■
Determine hardware needs.
■
Know the indexing policy that will be implemented.
■
Communicate the policy to the end-user community.
Get trained and use consulting services before
implementation.
■ Set user expectations regarding the appearance and
retrieval of archived or Vaulted email.
■
Best practices for sizing Enterprise Vault
environments
It is vital for an organization to contact a Symantec Enterprise Vault Consulting
Services Center before deploying Enterprise Vault to get appropriate estimates
in scalability, Vault Store growth, speed of searches, data retention requirements,
and other factors.
Estimates are determined by the number and location of Exchange servers, the
size of items that are archived, the frequency of archiving, the retention policies,
the number of users, and how often searches need to be run, as well as other
variables.
Symantec Consulting Services can be contacted at the following Web sites:
■
CSC-East@symantec.com
■
CSC-Central@symantec.com
■
CSC-West@symantec.com
■
CSC-Gov@symantec.com
Consulting Services has published some estimates on size of Vault Stores and
indexes and the amount of information that is stored within Enterprise Vault over
a period of five years.
Based on the information that is provided by Consulting Services, it has been
possible to produce estimates for a deployment by reviewing the following factors:
■
Total volume of email that will be archived from users’ mailboxes in one year.
■
Total disk space that will be consumed by the Vault Store files, Vault Store
databases, and Indexes after all user mailboxes have been initially migrated
and archived for one year.
Effectively archiving and retrieving messages and reducing information store size
Best practices for sizing Enterprise Vault environments
Table 6-1 provides an example of how these sizing factors are estimated.
These figures are based on the following assumptions:
Table 6-1
■
The organization has 1,528 email users.
■
All user mailboxes will be archived by Enterprise Vault.
■
All messages over 90 days old will be archived from all user mailboxes.
■
Each user will archive 12 messages per day.
■
There are 250 working days in each year.
■
The average message size is 77 KB.
■
Each mail message is sent to five internal users.
■
Growth of email volume is 15-40 percent annually.
■
Growth of average message size is 30 percent annually.
Example sizing estimate for deployment planning
Sizing factor
Year 1
Year 2
Year 3
Year 4
Year 5
Number of users
1,528
1,528
1,528
1,528
1,528
Number of messages archived per day per
user
12
14
17
20
23
Average message size in KB
77
101
132
172
224
Total number of messages that are archived 5,928,090
11,276,090
17,770,090
25,410,090
34,196,090
Size of Vault Store NTFS in GB
78
159
273
431
650
Size of Vault Store Database in GB
1.19
2
4
5
7
Size of Indexes in GB
14
95
223
420
716
Size of information that is stored in
Enterprise Vault in GB
92.89
255.63
499.55
856.79
1,372.71
101
102
Effectively archiving and retrieving messages and reducing information store size
Best practices for sizing Enterprise Vault environments
Figure 6-1 shows the projected growth of information over five years.
Figure 6-1
Example of projected growth in information storage requirements
Vault Store recommendations
It is recommended that a new Vault Store be created for each Mailbox archive,
File System archive, Public Folder archive, and Journal mailbox archive.
Organizations that use Storage Foundation HA for Windows with Dynamic Disk
Groups can enable Capacity Monitoring for any volume and receive email
notification when an established threshold is reached. This enables administrators
to take action before a critical condition is reached.
Vault Store partition setting recommendations
Enterprise Vault uses storage partitions to collect the files for all archives.
Administrators should determine whether to set individual partitions as open, to
allow Enterprise Vault to write archived data, or closed, to keep items from using
that partition when archiving occurs.
Enterprise Vault can be set to save the archived files that reside on vault partitions
as DVS files (Digital Vault Savesets) or as CAB Container files. CAB files can be
backed up more quickly since larger files are faster to back up than multiple,
smaller files.
Administrators are not required to view the DVS file from inside the Outlook
client. Each DVS file can be opened directly from inside the partition if needed.
Since email messages can be viewed in the open DVS file, administrators must
maintain a form of security on this directory to ensure that end users do not have
access into it.
Enterprise Vault can be set to save the collection files at a set size. The default
size is 200 MB. Collection should not be enabled until all mailboxes have been
Effectively archiving and retrieving messages and reducing information store size
Best practices for sizing Enterprise Vault environments
enabled for archiving and the backlog of email from each mailbox has been
archived. However, collection should be started immediately on the Journal Vault
Store.
The CAB collection process occurs once a day, at the time that is configured for
it. There must be at least 15 DVS files before a CAB file will be generated. Each
CAB file can contain a maximum of 25,000 DVS files.
About the Admin Service
The Admin Service monitors space for all local hard drives on the system on which
it is installed and running. As a precautionary measure, the Admin Service will
shut down to maintain data integrity across the Exchange Server and Vault Store
when available disk space starts to run low.
When any disk that is being monitored reaches 95 percent of maximum capacity,
a warning message is delivered to enable administrators to correct the problem.
If it is not corrected, Enterprise Vault shuts down the Admin Service to prevent
any more data from being accepted into its queue.
If the organization is utilizing VERITAS Storage Foundation for Windows with
Dynamic Disk Groups, Capacity Monitoring can be enabled for any volume to send
an email notification automatically when an established capacity threshold is
reached. This allows an administrator to take action before a critical condition is
reached.
Selecting the level of indexing
Administrators can set one of the following three levels of indexing for archived
items:
■
Brief
Enables searching of common Outlook fields and metadata searching. Author,
Subject Recipient, Created Date, Expiry Date, File Extension, Retention
Category, and Original Location attributes are all searchable.
■
Medium
Enables all the same searching that Brief Indexing offers, as well allowing
single word searches of any item that is archived, including attachments.
■
Full
Enables all the same searching that Brief and Medium Indexing offers, as well
as allowing the ability to perform full-text, phrase-level searches on any items
that are archived.
103
104
Effectively archiving and retrieving messages and reducing information store size
Best practices for preparing the Enterprise Vault environment
Note: Full Indexing is required for Enterprise Vault Compliance Accelerator and
Enterprise Vault Discovery Accelerator searching.
The three levels of indexing have the following impact on storage size:
Brief Indexing
Every item that is archived increases the index file by 3
percent of the actual size of the item archived.
Note: Smaller indexes are less prone to corruption.
Medium Indexing
Every item that is archived increases the index file by 8–12
percent of the actual size of the item archived.
Full Indexing
Every item that is archived increases the index file by 12–20
percent of the actual size of the item archived.
It is highly recommended to store Index files (flat files) on SAN or DAS storage
devices due to heavy I/O usage. To improve performance, Index files should be
stored on separate volumes from the Vault Partition being used for the Vault
Store files and databases.
Note: Once an index is created, its location cannot be easily changed. Adequate
space must be allocated to house the index to enable the index to grow over time.
Best practices for preparing the Enterprise Vault
environment
Before Enterprise Vault can be installed in a Microsoft Windows® Server 2003
environment, the following preparation tasks must be completed:
■
Installing prerequisite software
■
Creating an Enterprise Vault service account
■
Creating an SQL login account
■
Preparing the Enterprise Vault server
Installing prerequisite software
The following software must be installed in a Windows Server 2003 environment:
■
Microsoft Windows Server 2003 with the latest Service Packs and patches.
■
Windows 2003 ASP.NET and Active Server Pages components.
Effectively archiving and retrieving messages and reducing information store size
Best practices for preparing the Enterprise Vault environment
If the Enterprise Vault Business Accelerator components (Compliance
Accelerator and Discovery Accelerator) will be installed, an Authenticated
Users account with Full Control privileges must be added to the Windows
TEMP folder and ASP.NET folder.
■
Microsoft Internet Explorer with the latest Service Packs.
■
VERITAS Storage Foundation for Windows.
■
Valid Enterprise Vault license key.
■
Case-insensitive installation of Microsoft SQL Server 2000 with Service Pack
3a.
Case-sensitive installations are not supported.
■
Microsoft Exchange Server 2003 with Service Pack 1.
See “Email archiving hardware and software requirements” on page 65.
Creating an Enterprise Vault service account
A Windows service account must be created on the server on which Enterprise
Vault will be installed. An example of a Windows service account name for
Enterprise Vault might be EVAdmin.
The account must meet the following conditions:
■
Be a domain-based Windows security account belonging to the local
Administrators group on each computer that runs Enterprise Vault services.
■
Be a member of the Exchange Administrators group for the Exchange store
that will be archived.
■
Be given Full Control privileges to each Exchange server to be archived using
Enterprise Vault.
■
Be a Domain administrator account.
■
Be given local rights to the computer on which Enterprise Vault will be installed.
In addition, the account must have Database Creator permissions and roles to
the Master database in MS-SQL.
Creating an SQL login account
To create an SQL login account, complete the following tasks in SQL Enterprise
Manager:
■
On the General tab, verify that Windows Authentication is set, Grant Access
is enabled, and the domain is listed.
■
On the Server Roles tab, enable the Database Creators role.
105
106
Effectively archiving and retrieving messages and reducing information store size
Best practices for preparing the Enterprise Vault environment
■
On the Database Access tab, in the Permit column for the Master database,
place a checkmark.
■
On the Database Access tab, under Roles, assign the user db_owner permissions.
Preparing the Enterprise Vault server
Before Enterprise Vault is installed, the server must be prepared for the installation
as follows:
■
Install and configure a custom Microsoft Outlook® with Collaboration Data
Objects installed.
■
Replace the Microsoft Outlook MAPISVC file.
■
Add and configure the following Windows components:
■
Message Queuing with Active Directory® Integration disabled.
■
Application Server Console enabled.
■
Active Server Pages enabled.
■
Active Server Pages scripts that are enabled to run.
■
Install Microsoft Exchange System Manager 2003 with System Management
Tools.
■
Create a Vault Site Alias on the DNS server.
For complete instructions for preparing the Enterprise Vault server, see Installing
and Configuring Enterprise Vault Guide.
Installing and configuring Microsoft Outlook
Enterprise Vault requires an installation of Microsoft Outlook that has the
Collaboration Data Objects option enabled.
To install and configure Microsoft Outlook
1
Log on to the Enterprise Vault server with the Enterprise Vault service
account.
2
Begin installing Microsoft Outlook.
3
During installation, enable Choose Advanced customization of applications
to access the Outlook component options for installation.
4
In the panel containing the Outlook custom component options, expand the
Outlook tree options and select Collaboration Data Objects.
Effectively archiving and retrieving messages and reducing information store size
Best practices for preparing the Enterprise Vault environment
Replace the Microsoft Outlook MAPISVC file
After Microsoft Outlook is installed, the MAPISVC file must be replaced.
To replace the Microsoft Outlook MAPISVC file
1
Log on to the Enterprise Vault server with the Enterprise Vault service
account.
2
In Windows, using the Search Files or Folders option, search for the
MAPISVC.INF file.
The search should yield two MAPISVC.INF files.
3
Select the larger of the two files and press Ctrl+C to make a copy of it.
4
Right-click the smaller of the two files and select Open Containing Folder.
5
After the folder opens, overwrite the smaller file with the larger file that was
just copied.
Adding and configuring Windows components
Add and configure the components in Table 6-2. Log on to the Enterprise Vault
server with the Enterprise Vault service account.
Table 6-2
Windows components to add and configure
Windows component
How to add and configure the component
Message Queuing with Active In the Windows Control Panel, in Add or Remove programs:
Directory Integration
■ In the Add or Remove Windows Components program,
disabled
click Application Server and then click Details.
■ Uncheck Active Directory Integration.
Unless Active Directory Integration is disabled, its
installation will result in a sizeable performance loss.
Note: Microsoft Message Queuing alone is I/O intensive, so
it should always be moved from the default installation drive
of C:\.
Application Server Console
In the Windows Control Panel, in Add or Remove programs:
In the Add or Remove Windows Components program,
click Application Server and then click Details.
■ Click Application Server Console.
■
107
108
Effectively archiving and retrieving messages and reducing information store size
Best practices for preparing the Enterprise Vault environment
Table 6-2
Windows components to add and configure (continued)
Windows component
How to add and configure the component
Active Server Pages
In the Windows Control Panel, in Add or Remove programs:
In the Add or Remove Windows Components program,
click Application Server and then click Details.
■ Click IIS and then click Details.
■
Active Server Pages scripts
enabled to run
■
Click World Wide Web Service and then click Details.
■
Click Active Server Pages.
On the Windows desktop:
■
Click My Computer > Manage.
In the Computer Management dialog box, in the directory
tree, expand Services and Applications > IIS Manager
> Web Service Extensions.
■ In the Web Service Extensions pane, verify that Active
Server Pages is set to Allowed.
■
Installing Exchange System Manager 2003 with System
Management tools
Install Microsoft Exchange System Manager 2003 with System Management tools:
■
Verify that the server meets the minimum system requirements for Exchange
System Manager 2003.
See Microsoft.com for more information.
■
Log on to the Enterprise Vault server with the Enterprise Vault service account.
■
Begin an installation of Microsoft Exchange System Manager.
■
Select a custom installation.
■
Disable Messaging and Collaboration Services.
■
Enable System Management Tools.
Creating an Enterprise Vault Site Alias on the DNS server
Enterprise Vault can be installed without a Site Alias, but the best way to use
Enterprise Vault is by assigning all Enterprise Vault servers an alias. With aliases,
if the Enterprise Vault server name changes or is moved to different domain, or
if clustering is used, an administrator can point a new server, domain, or cluster
to the DNS alias.
For example, vaultserver.domain.com can point to an alias of Enterprise Vault.
Effectively archiving and retrieving messages and reducing information store size
Best practices for installing Enterprise Vault
To create an Enterprise Vault Site Alias on the DNS server
1
Log on to the Enterprise Vault server with the Enterprise Vault service
account.
2
On the DNS server, in Administrator Tools\DNS, expand the DNS server, and
then expand Forward Lookup Zone.
3
Select the domain in which Enterprise Vault is to reside.
4
Right-click the domain, and then select New Alias.
5
Under Alias, type the name of the Enterprise Vault alias.
6
Under FQDN for Target Host, type the fully qualified name (FQN) of the
Enterprise Vault server.
Creating an Outlook profile on the Enterprise Vault server
After Outlook is installed, an Outlook profile must be created on the Enterprise
Vault server.
To create an Outlook profile on the Enterprise Vault server
1
On the Exchange server, in Windows, open Active Directory Users and
Computers > New User.
A new user wizard launches.
2
In the wizard, verify that the Create an Exchange mailbox option is enabled.
3
Point to the First Organization/First Administrator Group/Your_Server.
4
Point to the First Storage Group/Mailbox Store (the server).
5
In Outlook, while still logged in with the Enterprise Vault service account,
open the mailbox that was just specified.
Opening the mailbox registers the MAPI connection, which enables
administrators to analyze Exchange stores.
Best practices for installing Enterprise Vault
When Enterprise Vault is installed by using the Enterprise Vault Installation
Wizard, the following tasks should be performed:
■
Select only to install Enterprise Vault Services and Administration Console.
Avoid installing additional options at this time.
■
After installation completes, leave the Run the configuration option enabled,
and then click Finish to exit the wizard.
109
110
Effectively archiving and retrieving messages and reducing information store size
Best practices for configuring Enterprise Vault
Best practices for configuring Enterprise Vault
The Enterprise Vault Configuration Wizard guides administrators through the
creation of a Vault directory and database, and a Vault site. The wizard also helps
administrators add Vault service properties on the new server. After completing
these directory setup tasks, the Administration Console can be used to further
configure Enterprise Vault.
Enterprise Vault Configuration Wizard tasks
Table 6-3 shows the basic steps involved in using the Enterprise Vault
Configuration Wizard to create a Vault directory and database, Vault site, add
Vault services, and add and configure Vault service properties.
Table 6-3
Directory setup tasks using the Configuration Wizard
Task
Wizard options to configure
Creating a new Enterprise
Vault directory database
Configure the following wizard options:
■
Do you want to create a new Vault Directory on this computer: Yes
Vault service account: Type the Enterprise Vault service account that has already
been created. The account service name should use the format
DomainName\VaultAdminAccount.
The following permissions are automatically granted: Logon as service, Act as
part of operating system, Debug program rights.
■ SQL Server location: Type the location that was previously installed to host the
databases. The location should use the format ServerName\InstanceName.
■
Note: An existing SQL Server computer or the server that is dedicated to Enterprise
Vault can be used. Folders must be created below the root level of the volume to
create the database. For example, F:\Folder. This database grows at the rate of
250 bytes per archived item.
■
Creating a new Enterprise
Vault site
Where MDF and LDF database files are hosted: Type the location on the SQL Server
computer where MDF and LDF database files are hosted.
Configure the following wizard options:
Vault site name: Type the name of the new Enterprise Vault site.
The name of the site cannot be changed after it has been created.
■ Vault Site Alias: Type the site alias that was created on the DNS server.
■
Effectively archiving and retrieving messages and reducing information store size
Best practices for configuring Enterprise Vault
Table 6-3
Directory setup tasks using the Configuration Wizard (continued)
Task
Wizard options to configure
Adding Enterprise Vault
service properties
Configure the following wizard options:
After the Enterprise Vault services are created, right-click Index Service, and
then select Properties.
■ On the Index Locations tab, add the location to which Index Services should store
the index.
■
Note: The default location for the index files is the C:\ drive. As indexes can grow
large, it is recommended that another location be used. If another location is used,
remember to delete the existing entry. Indexes cannot be stored on a read-only
disk and should not be moved after creation.
Complete the wizard. If wanted, view the properties of the other Enterprise Vault
services and make changes.
■ Start all Enterprise Vault Services.
■
Enterprise Vault Administration Console configuration tasks
After the Enterprise Vault Configuration Wizard has been completed, the
Enterprise Vault Administration Console can be launched. When the Console asks
for the Directory Service Computer to connect to, type the Enterprise Vault server
name. The MMC can be saved to avoid being prompted for the name at Console
startup.
In the Enterprise Vault Administration Console, complete the following
configuration tasks in the order presented:
■
Creating a Vault Store
■
Creating the Archive service
■
Distributing Microsoft Exchange forms
■
Installing Microsoft Exchange forms
■
Enabling archiving for a mailbox
■
Creating policies
■
Setting retention categories
■
Viewing site properties
■
Archiving journaled messages
■
Archiving public folders
■
Setting up user desktops
111
112
Effectively archiving and retrieving messages and reducing information store size
Best practices for configuring Enterprise Vault
■
Generating reports
Creating a Vault Store
Now that the Vault directory has been configured using the Enterprise Vault
Configuration Wizard, use the Administration Console to create and configure a
Vault Store.
Note: The Vault Store must be configured as open or closed. Only one Vault store
can be open at a time.
To create a Vault store
1
Open the Enterprise Vault Administration Console.
2
Expand the tree view until the Vault Store directory is visible.
3
Right-click the directory and select New\Vault Store.
4
When prompted, point to the Enterprise Vault Alias.
5
Type a name of the Vault Store.
6
Type the SQL Server location that was previously installed to host the
databases. Use the format ServerName\InstanceName.
To see all directories, the administrator must authenticate to the SQL Server
computer.
7
Name the partition and determine whether the new Vault Store should be
open.
If it is the first Vault store, create the partition as Open.
8
Complete the remainder of the wizard, accepting default settings or
configuring wanted settings.
9
When prompted, click Share archived items to enable single-instance storage.
Single-instance storage optimizes the use of storage space. For example, with
this option enabled, a large Microsoft PowerPoint® slide deck that is sent to
multiple email addresses on the same Vault store is archived only once.
At time of install, it is also recommended to set the File Collection Software
option to None. As the data collection grows larger, this setting can be changed
to Enterprise Vault, which is in Vault Stores\Vault Store Name\Properties.
Effectively archiving and retrieving messages and reducing information store size
Best practices for configuring Enterprise Vault
Creating the Archive service
After the Vault store is created, create the Archive service.
To create the Archive service
1
In the Enterprise Vault Administration Console, expand the tree view until
the Vault store directory is visible.
2
Right-click the directory and select New\Domain.
3
In the New/Vault Store wizard, when prompted, type the Enterprise Vault
alias name.
4
Type the name of the domain that contains the Exchange Server to be
archived.
Note: It is recommended not to enable the Use specific Global Catalog server
option.
5
Expand the tree view until the newly added domain is visible.
6
Right-click the Exchange Server and select New\Exchange Server.
7
Type the name of the Exchange Server on which items should be archived.
8
Leave the Exchange Mailbox Task option enabled and verify that the Vault
server that is listed is the correct one.
Note: If any of the Business Accelerator components will be installed, the
Indexing must be set to Full.
Distributing Microsoft Exchange forms
The Microsoft Exchange Forms should be placed in the Microsoft Exchange
Organization Forms Library. Provide all Enterprise Vault users access to the Forms
Library. If necessary, create a folder in the Forms Library, for example, VaultIcons.
For complete instructions, see the Installing and Configuring Enterprise Vault
Guide .
Installing Microsoft Exchange forms
Administrators can install the forms from Microsoft Outlook using a mailbox that
has Owner permissions for the folder in the Organization Forms Library. Do this
on the computer to which the Microsoft Exchange forms from the Enterprise
113
114
Effectively archiving and retrieving messages and reducing information store size
Best practices for configuring Enterprise Vault
Vault kit have been installed. Users can access the new forms when they install
the Enterprise Vault User Extensions.
To install Microsoft Exchange forms
1
Open Microsoft Outlook.
2
In the Tools menu, click Options > Advanced Options > Custom Forms >
Manage Forms.
3
Locate the Forms Library and set the filter to show Form Message (*.fdm).
4
Install the Enterprise Vault Archive Item, Delete Pending Item, Pending Item
and Restore Pending Item forms to the Vault folder (not Personal Forms).
For complete instructions, see Installing and Configuring Enterprise Vault Guide.
Enabling archiving for a mailbox
A Mailbox Archiving Task must be created which allows mailboxes to be archived
using the Vault store. Then, mailboxes must be synchronized and wanted mailboxes
must be enabled for archiving. After a Mailbox Archiving Task is created, individual
mailboxes can be assigned to that task.
To enable archiving for a mailbox
1
If necessary, create a Vault store and partition.
2
Do the following to add an Exchange Organization:
■
Expand VaultSite > Archiving Targets > Exchange > Domain >
Organization Unit.
■
Right-click Organization Unit and select New > Organization Unit.
3
Expand the tree view until Enterprise Vault Servers > Your_Vault_Server
> Tasks is visible.
4
Right-click Tasks and select New\Exchange Mailbox Task.
5
Point to the Exchange Server and name the Task.
6
Point to the Mailbox account that has sufficient Exchange Server permissions
to create a mailbox.
7
If mailboxes are to be enabled automatically, select the Automatically enable
mailboxes option.
When mailboxes are enabled automatically, they are put into certain default
policy groups and some flexibility is potentially lost. To determine whether
it is appropriate to enable this option for their organizations, administrators
should review the Enterprise Vault documentation.
Effectively archiving and retrieving messages and reducing information store size
Best practices for configuring Enterprise Vault
8
After the Task is created, open the properties and Synchronize all wanted
Mailboxes except for the System Mailbox.
9
To enable a mailbox, on the toolbar, click Enable Mailboxes for Archiving
and complete the wizard.
It is not necessary to use the Synchronize option when enabling or disabling
mailboxes because Enterprise Vault automatically performs a full
synchronization of those mailboxes. However, to enable a newly created
mailbox for archiving, do run the Synchronize option. New mailboxes do not
appear in the list of new mailboxes to add for archiving until a Synchronize
has occurred. To view or change archived Mailbox options, open the Properties
dialog box in the Mailbox Archiving Task.
Creating policies
Enterprise Vault includes a default Mailbox, Journal, and Public Folder Policy.
New policies can be created and the existing policies can be edited. A Lock option
can be enabled to prevent users from changing their personal settings.
Note: Review the Policy Properties\Archiving Rules tab. Consider setting the policy
to archive setting, Start with items larger than. The bigger the item is, the earlier
it will be archived, which reduces the size of mailboxes.
See Installing and Configuring Enterprise Vault Guide for complete instructions.
Alternatively, search on Quota-based archiving in the Enterprise Vault online
Help documentation.
Setting retention categories
Enterprise Vault includes predefined retention categories. New retention categories
can be created and the existing retention categories can be edited.
It is recommended that a retention category be assigned to items at the time they
are archived. This makes it easier for Enterprise Vault to retrieve items because
it is possible to search by category.
See Installing and Configuring Enterprise Vault Guide for complete instructions.
Note: Once an item is archived, its retention category cannot be changed. Only
the name of the retention category and the retention period can be changed. For
a workaround, an administrator must restore the item, change the retention
category, and then archive it again.
115
116
Effectively archiving and retrieving messages and reducing information store size
Best practices for configuring Enterprise Vault
Viewing site properties
Vault site properties can be viewed by clicking the Review Site Properties toolbar
icon.
Before reviewing site properties, see Installing and Configuring Enterprise Vault
Guide for information about each setting.
Archiving journaled messages
Before an Enterprise Vault Journaling Task can be configured, configure the
Exchange Server to direct all mail to one or more designated journal mailboxes.
To do this, enable the option: Archive all messages sent or received by mailboxes
on this store. After enabling Exchange to Journal, a Journal Task can be created
in Enterprise Vault.
All journaled mailboxes should be stored in a different Vault Store from the
primary mailbox or public folder that is being archived.
To protect against archiving email-propagated viruses, a delay can be set in the
archive policy on the Inbox in the Journal Mailbox. The delay will not prevent an
email that contains a virus from arriving in the journal mailbox, but it will give
administrators time to delete it before it is stored by Enterprise Vault. Keep in
mind, however, that introducing a delay in archiving means that a user could
delete an email message before it is archived. To keep a complete archive trail for
auditing purposes, no delay should be set.
After journaling is set up, review the types of emails that are being vaulted. Decide
whether to remove read receipts or system messages from the list.
See Installing and Configuring Enterprise Vault Guide for more information.
Alternatively, see the Enterprise Vault Settings for a Journal Mailbox topic in the
Enterprise Vault online Help.
Archiving public folders
Before Enterprise Vault can begin archiving public folders, create an Exchange
Public Folder Task for the Exchange server. When a public folder root path is
specified, all folders in that path will be archived by default.
See Installing and Configuring Enterprise Vault Guide for more information.
Alternatively, see the Public folder archiving, best practice topic in the Enterprise
Vault online Help.
Effectively archiving and retrieving messages and reducing information store size
Best practices for configuring Enterprise Vault
Setting up user desktops
Enterprise Vault provides three ways to grant users access to items in the archive
vault. Administrators can deploy Vault User Extensions for Outlook, enable
Enterprise Vault Shortcuts, or use the Enterprise Vault Web access application.
With User Extensions, an Administrator can restrict or enable what a user is
allowed to do with the installation of Enterprise Vault User Extensions for Outlook.
Users can archive emails, perform searches on multiple archives, view, restore,
delete items, and set access permissions on archive folders. See Installing and
Configuring Enterprise Vault Guide for complete instructions.
With Vault shortcuts, users do not need User Extensions installed on their
desktops. The shortcuts give users browser access to archives, enabling them to
view, search, restore and delete items, but not to manually archive items. See
Installing and Configuring Enterprise Vault Guide.
With the Enterprise Vault Web access application, users can search, view, restore,
and delete items in their archives using their browsers. With this option, users
cannot manually archive items. See Installing and Configuring Enterprise Vault
Guide for complete instructions. Alternatively, see the Web Access application
topic in the Enterprise Vault online Help.
If users are allowed to delete from the vault, auditing must also be enabled.
Auditing logs information so that deleted items can be retrieved from backups if
necessary. To disable the delete option, modify the desktopsettings.txt file.
Offline Vault provides users with the ability to view and retrieve items from their
Archives when they are disconnected from the Exchange Server. Office Vault is
enabled automatically for any user that uses an Outlook .ost file. When a user is
working offline, all requests to retrieve items are re-routed to the offline vault.
Generating reports
Reports that are created by Exchange Mailbox and Exchange Public Folder Tasks
display the number and total size of items that are scheduled for archiving. In
addition, reports display the number of expired shortcuts that can be deleted.
Reports can be generated when enabling, disabling, or creating new mailbox
archives to see how much space would be saved by enabling more mailboxes for
archiving. When running a task in Report mode, nothing is archived at the time
of the report run.
To generate a report
1
In the Enterprise Vault Administration Console, open the Task Properties.
2
On the General tab, enable the Report option.
117
118
Effectively archiving and retrieving messages and reducing information store size
Best practices for backing up and recovering Enterprise Vault
Reports are saved in the Enterprise Vault installation folder. The default location
is:
C:\Program Files\Enterprise Vault\Reports
Best practices for backing up and recovering
Enterprise Vault
Enterprise Vault is a distributed application that installs software components
across multiple servers. To ensure a restore-ready backup of Enterprise Vault,
administrators must back up the original deployment install directories and file
sets, as well as other critical components that Enterprise Vault relies on, such as
MSMQ, IIS, SQL and Exchange.
Regardless of the backup software used, an administrator must ensure that the
these components are backed up properly.
See “Best practices for Symantec Backup Exec” on page 151.
The following Enterprise Vault components must be backed up:
■
Directory Service SQL database
■
Directory Service computer
Full system and file backup, including registry
■
Index Service file locations
View Properties for each Service to locate install directories
■
Shopping Service files
View Properties for each Service to locate install directories
■
Vault Store SQL databases
■
Vault Store files
Use Admin Console to locate each Storage Service and the Vault Store files
■
Enterprise Vault Servers
Full system and file backup, including registry
It is recommended that no data is added to Enterprise Vault during backups.
It is recommended to shut down all Enterprise Vault services during backup runs,
although it is not required. The Admin, Directory, Retrieval, Storage, Indexing
and Shopping services can be left running during backups, but administrators
should strongly consider shutting down the Archiving, Public Folder and Journaling
services.
The Vault Administrator toolbar utility enables a user to open shortcuts to view
archived items even if Enterprise Vault is not running. Users of this tool must
Effectively archiving and retrieving messages and reducing information store size
Best practices for backing up and recovering Enterprise Vault
have at least read access to the vault store, the .dvs files, have Outlook installed
and the Enterprise Vault User Extensions installed. This tool must be installed
prior to a failure, so it is recommended to configure this before any recovery is
needed.
See the Display Shortcuts topic in the online Help documentation.
SQL Server database backup recommendations
As with any SQL database, it is important to have a daily backup plan in place,
and to monitor the amount of space allocated to the databases.
Administrators should review corporate policies and procedures as well as the
SQL Server best practices documentation to determine the point-in-time versus
point-of-failure restore levels that would be acceptable during a restore, to plan
how frequently to run backups of any database and all transaction logs:
■
Back up all Vault Store databases daily after the main run of the Archiving
Service
■
Back up the Directory database at least weekly
■
Back up the Directory database transaction logs at least daily
■
Back up all system databases, especially Master and MSDB, after any change
For more information, search the Microsoft Web site for information on best
practices for SQL Server backup.
Recovery after an Enterprise Vault failure
Enterprise Vault Administration Console has a Vault Administrator toolbar utility
that enables administrators to open shortcuts to view archived items. Archived
items can be viewed even if Enterprise Vault is not running. This tool must be
installed prior to a failure, so be sure to configure the tool before any recovery is
needed.
Users of this tool must have the following:
■
At least read access to the vault store and DVS files
■
Microsoft Outlook installed
■
Enterprise Vault User Extensions installed
For more information on opening shortcuts using the tool, see the Display
Shortcuts topic in the Enterprise Vault online Help.
119
120
Effectively archiving and retrieving messages and reducing information store size
Common Enterprise Vault challenges and solutions
Common Enterprise Vault challenges and solutions
Table 6-4 presents some of the challenges faced by users, and the solutions to
those challenges.
Table 6-4
Solutions to common Enterprise Vault challenges
Challenge
Solution
End-users can keep large volumes of email and
attachments stored in their Outlook clients, which can
reduce Exchange Server performance and add to the
administrative overhead tasks that are required to
manage storage.
Enterprise Vault will automatically move older items
from the Exchange Server to the Enterprise Vault archive
by utilizing age-based archiving policies or specific
size-quota-based archiving policies which can be set to
deploy at customizable times.
Administrators can give end-users the ability to archive
manually by deploying client-side utilities, or lock down
the ability to change any policy on the user side. This
frees up valuable time and IT resources.
End-users may delete an important piece of mail or data,
either inadvertently or purposely, to gain needed space
on their local drives. This requires IT staff to restore the
data, which can be costly and time consuming—especially
so if archives are stored off-site.
If end-users have their data archived by Enterprise Vault
and client-side tools are deployed, users can restore
directly from their Vault Store without having to involve
IT resources.
End-users can keep their mailbox stored in local PST files
instead of utilizing the corporate storage, which leads to
excessive mail storage requirements and data
management overhead. IT Managers lose the ability to
retain vital emails that are required by law or corporate
policy to be maintained.
Existing data stored in local PST files can be migrated
and archived to Enterprise Vault. End-users can retain
access to their data by deploying client-side tools.
Administrators can restrict the deployment of PST files
to maintain a central storage of corporate data.
Exchange Servers can require a longer backup window
than what is available. In this case, a backup will fail
unless the window is extended to accommodate the longer
backup job.
Enterprise Vault’s mailbox archiving can reduce the
Information Store size once archiving is enabled, which
will shrink the necessary backup window and thus allow
the backup job to run successfully.
All mail is required to be maintained in a location where Enterprise Vault’s Journal archiving functionality, in
it can be readily accessible to a restore request from any conjunction with the Exchange Server Journaling option,
legal entity or for auditing requests.
can collect and archive all email sent or received by all
users on each enabled Exchange Server. Sites can
maintain a copy as long as required by law or internal
best practices.
Effectively archiving and retrieving messages and reducing information store size
Enterprise Vault usage
Enterprise Vault usage
Table 6-5 lists some tips for using Enterprise Vault.
Table 6-5
Enterprise Vault usage
Tip
Description
Set Enterprise Vault to restrict
any new mailboxes from being
archived automatically.
From the Tools menu, select Enable Mailboxes and walk through the wizard.
When prompted to “Automatically enable mailboxes”, it is recommended that
you do not enable this option, as it can remove some flexibility in the
administration of Enterprise Vault.
Control whether a new Admin
Service instance monitors disks,
and which disks it monitors.
The Admin Service monitors all local disks by default, whether they are used
by Enterprise Vault or not. If a disk that is not used by Enterprise Vault becomes
too full, the Admin Service could shut down Enterprise Vault even though
Enterprise Vault has enough free space. In this case, the Admin Service can be
stopped, if necessary, and set to restart without monitoring that disk.
To stop monitoring disks, open up Services and Pause or Stop the Enterprise
Vault Admin Service.
Note: Do not stop the Admin Service unnecessarily. Enterprise Vault requires
the Admin Service to be present at all times. If the Admin Service is stopped, all
the other Enterprise Vault services on the same computer shut down too.
Modify the behavior of future instances of the Admin Service by starting the
Admin Service with startup parameters that control monitoring:
To specify a list of disks to monitor (and to omit other disks), use the
/DISKS=<list> parameter, where <list> is the list of disks that will be
monitored. Do not include any spaces or tabs in the list value. The colon (:)
in the disk name is optional.
For example, to monitor only disks C:, E:, and F:, type /DISKS=C:E:F:
■ To restore the default behavior (to monitor all disks), type /DISKS
■
To turn off monitoring for the next instance of the Admin Service, type
/NOMONITOR
■ To turn on monitoring for the next instance of the Admin Service, type
/MONITOR
■ To make a parameter apply every time the Admin Service starts, add the
/SAVE parameter. For example:
/DISKS=C:E:F: /SAVE
/NOMONITOR /SAVE
■
Check how many Vault Tasks are
running.
If performance or memory issues arise when using Enterprise Vault, check to
see how many Vault Tasks are running. Performance tests have revealed that
the maximum number of tasks that should be run on a single Enterprise Vault
Server is 40.
121
122
Effectively archiving and retrieving messages and reducing information store size
Enterprise Vault usage
Enterprise Vault usage (continued)
Table 6-5
Tip
Description
Force Shortcut Deletion to happen This could be useful for PST migrations in which older shortcuts need to be
immediately rather than waiting removed from mailboxes. For more information, review Site Properties on the
for scheduled deletion.
Vault Store.
Alternatively, see the Shortcut deletion topic in the Enterprise Vault online
Help.
Force archiving to only process a
specific mailbox.
If a mailbox is not archiving, the archiving function can be forced to process
only a specific mailbox, even if other mailboxes are enabled for archiving. To
archive a specific mailbox, go to Site Properties > Schedule > Run Now, and then
set Number of Mailboxes to Select Mailboxes.
Configure Enterprise Vault to
archive only items younger than
a set date.
Archiving only items younger than a set date could be useful for archiving from
full monthly backups in a Discovery scenario.
Archive deleted items.
Administrators can configure Enterprise Vault to archive the Deleted Items
folder.
Configure the Enterprise Vault
Policy Manager scripting tool to
apply a policy to the Deleted Items
folder.
Administrators can configure the Policy Manager tool to apply a policy to the
Deleted Items folder. A policy of “0 days” can be created with a Janitor retention
category such that these items are deleted from Enterprise Vault in x number
of days.
Policy Manager allows administrators to apply settings to individual mailboxes
more specifically than when the EV Administration Console is used.
For more information, see the Enterprise Vault Administrators Guide.
Configure Enterprise Vault to run By modifying SQL properties, administrators can force the update of the number
slower or faster as needed.
of threads in the Archive service to reduce the impact on an Exchange server if
there is a need to do daytime archiving. Then the threads for off-peak periods
can be increased.
Ignore some errors.
The following errors can be ignored:
■
8 byte boundary error from MSMQ Performance object
■
MSMQ has no privilege to create audit log
■
DCOM errors in system log after reboot
Troubleshoot connectivity issues. If Exchange connectivity issues occur, locate the file fixmapi.exe on the
Enterprise Vault server. Launch the executable file and then reboot the server.
Verify mailbox access.
Always verify mailbox access by logging on to the Enterprise Vault mailbox on
the Exchange server.
Effectively archiving and retrieving messages and reducing information store size
Enterprise Vault usage
Enterprise Vault usage (continued)
Table 6-5
Tip
Description
Monitor virtual memory and disk Enterprise Vault monitors virtual memory and disk space on all disks. Initial
space on all disks.
archive runs can fail if there is not enough virtual memory or disk space.
Increase the performance of
quota-based archiving.
In the registry, the number of items to be processed per user / per pass of the
archiving service should be increased to 1,000 from its default value of 50.
Location: HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\Agents
Key: MaxNoOfMsgsPerPass
Type: DWORD
Value: 1000
Note: Many factors should be considered before changing this setting, which
could cause archiving to run more slowly than expected. Contact Symantec
Technical Support for more information.
Allow archiving from the Deleted By default, messages within the Deleted Items folder will not be archived. To
Items folder.
enable archiving from Deleted Items, set the following registry key value to true
(1) from its default value of false (0).
Location: HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\Agents\
Key: ArchiveDeletedItems
Type: DWORD
Value: 1
The Archiving Service must be restarted for the new value to take effect.
Extend the indexing
write-to-disk-cache index.
When archiving for long periods of time, it is recommended to extend the
indexing write-to-disk-cache index by adding a registry key on the Journaling
Enterprise Vault Server. The Value is the number of minutes to wait before
writing.
Location: HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\
Key: IndexWriteTimerWaitPeriod
Type: STRING
Value: 30
123
124
Effectively archiving and retrieving messages and reducing information store size
Enterprise Vault usage
Table 6-5
Enterprise Vault usage (continued)
Tip
Description
Extend the number of words the
indexing service will hold in
memory before compacting the
index.
When archiving for long periods of time, it is recommended to extend the number
of words the indexing service will hold in memory before compacting the index
by adding a registry key on the Journaling Enterprise Vault Server. The Value
is the number of words to wait before compacting. The default value is 500,000.
Location: HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\
Key: IndexNumWordsToWrite
Type: STRING
Value: 2,000,000
Chapter
7
Enhancing Microsoft®
Exchange Server availability
This chapter includes the following topics:
■
Microsoft Exchange Server availability problem overview
■
Best practices for VERITAS Storage Foundation for Windows
■
Best practices for VERITAS Storage Foundation High Availability for Windows
■
Best practices for Symantec Backup Exec
Microsoft Exchange Server availability problem
overview
Because the potential sources of disruption to email and Microsoft Exchange
servers are so numerous, ensuring 24x7 availability of an Exchange email
environment can be a daunting challenge.
This chapter focuses on the Symantec availability solution inside the network
perimeter. To further increase availability and ensure no single point of failure,
Symantec recommends that organizations install two Symantec™ Mail Security
8260 appliances or servers with Symantec BrightMail™ AntiSpam at the network
perimeter.
More information on network perimeter protection is available in Chapter 5, The
challenge of stopping unwanted email.
126
Enhancing Microsoft® Exchange Server availability
Microsoft Exchange Server availability problem overview
Risks to email availability
As a mission-critical IT service, Exchange email is subject to a number of risks.
Table 7-1 categorizes the major risks that threaten the continuous availability of
Exchange email.
Table 7-1
Risks to email availability
Risk
Description
Major disasters
Severe weather or earthquakes can disrupt entire geographic
regions for a prolonged period of time.
Localized disasters
A power failure or fire can affect a local data center.
External data threats
Spam, viruses and worms that have the potential to bring
down the server itself either by attacking the operating
system or Exchange itself or by flooding the capacity of
Exchange server.
Hardware component
failures
A storage subsystem, network router, or server’s power
supply could fail.
Logical data threats
User errors, index corruption or application problems can
result in data loss.
Exchange environment
changes
The Exchange application environment depends on many
different components, which require constant maintenance
and change. Typical recurring changes include: firmware
updates, OS patches, capacity upgrades, preventative
maintenance on storage hardware, and driver updates. These
updates, while necessary to maintaining the Exchange
environment, can introduce instability and downtime for
maintenance.
The demands of an Exchange service
Every IT organization knows that Exchange is a resource-intensive application
that requires some of the best server hardware available and occupies the most
expensive real estate in the storage network. IT also knows that their Exchange
data stores are growing daily.
To meet ever increasing demands, IT organizations must ensure a resilient
foundation for the Exchange environment that can provide the following
functionality:
■
Storage management: Storage management systems allow IT to grow and
shape Exchange storage while keeping it available.
Enhancing Microsoft® Exchange Server availability
Microsoft Exchange Server availability problem overview
■
High availability clustering: Recent clustering technology allows Exchange
service to continue running even after complete failure of an Exchange server.
■
Backup protection: Solid backup protection lets IT recover and restore data,
even from a disaster.
Ensuring the availability of an Exchange service begins with providing all of this
functionality. In addition, administrators must be able to constantly monitor
these functions so that they can be alerted to potential problems. IT organizations
must continually assess whether their Exchange environment can deliver. If not,
organizations are risking Exchange downtime and sacrificing availability.
How Symantec ensures Exchange availability
The Symantec Email Security and Availability solution ensures high availability
for Microsoft Exchange with the following combination of products:
■
VERITAS Storage Foundation™ for Windows®
Provides the ability to monitor, manage, and grow Exchange storage with a
unified interface and without downtime. Storage Foundation extends and
enhances Windows with the industry’s leading volume management
technology. Administrators can configure, share and manage storage for
optimal performance and availability, creating a scalable foundation for storage
growth.
■
VERITAS Storage Foundation™ High Availability for Windows®
Adds VERITAS™ Cluster Server to Storage Foundation, which allows
administrators to cluster critical applications and resources, and further
eliminates planned and unplanned downtime. Application-specific agents,
including an agent for Exchange, monitor and manage the critical components
of the Exchange environment to ensure maximum application availability.
■
Symantec Backup Exec™
Provides Exchange server with complete backup protection, ensuring that IT
organizations can implement a complete disaster recovery plan.
Modular approach
The Symantec Email Security and Availability solution takes a modular approach
to ensuring email availability. Organizations can implement the different
components in a phased approach depending on their specific needs.
By implementing the Symantec availability solutions, IT organizations can ensure
the constant availability of their Exchange services and protect their company’s
investment in the Exchange infrastructure. The availability products that comprise
the Symantec solution are Microsoft-certified and well integrated in the Windows
127
128
Enhancing Microsoft® Exchange Server availability
Microsoft Exchange Server availability problem overview
environment. Symantec and Microsoft have worked together to improve storage
manageability on the Windows platform. VERITAS Storage Foundation builds on
the dynamic volume capabilities now native to the Windows platform.
Table 7-2 describes the necessary features for implementing high availability in
an Exchange environment.
Table 7-2
Symantec availability solution features
Symantec availability
solution
Email availability features
Storage Foundation
Capacity monitoring that allows threshold alerts to be set
over all Exchange storage. In the event of a triggered alert,
notification can be sent to the administrator or storage can
be increased automatically as set by policy.
Design storage configurations that use mirroring or
mirroring/striping combinations to protect from the failure
of a disk or array LUN.
Point-in-time image creation of storage groups for quick
recovery from logical errors or data corruption.
Storage Foundation HA for
Windows (using VERITAS
Cluster Server)
Hot-failover and load balancing of the Exchanger server on
up to 32 cluster nodes to provide high availability and
performance scalability of the Exchange environment.
Ability to perform maintenance and testing by proactively
moving application services to alternate servers in the
cluster.
Ability to meet service level agreements (SLAs) by
automatically monitoring application delivery and failing
over to alternate resources, according to business policies.
Backup Exec
Special dedicated backup agents that integrate with the
Exchange server ensuring smooth operation of back-up
process with Exchange service.
Single console interface to monitor backups regardless of
how many backup servers are involved.
Off-host backup capability that natively integrates with
Storage Foundation, providing extra backup protection and
improved backup performance.
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation for Windows
Best practices for VERITAS Storage Foundation for
Windows
The following topics provide best practices and recommendations for the
deployment and use of Storage Foundation in a Microsoft Exchange environment.
To implement Symantec availability products in an Exchange environment, IT
organizations should follow the instructions in the Symantec product
administration guides for VERITAS Storage Foundation for Windows, VERITAS
Storage Foundation High Availability for Windows, and Symantec Backup Exec.
When used in addition to the product guides, the Symantec Yellow Book will help
Symantec customers enhance the availability of their Exchange environment by
providing recommendations that will make the implementation of these products
in such an environment most successful.
Challenges to managing Exchange storage
One of the more important considerations relating to the availability, security,
and performance of an Exchange environment is defining and maintaining an
efficient storage layout. How storage is laid out significantly and immediately
affects the Windows and Exchange environment. Storage decision planning can
be very complex. Optimally, administrators in the Exchange environment should
have the best tools to give them the most flexibility and ease of use at their
disposal.
Storage Foundation provides such functions as follows:
■
Host-based storage virtualization: Storage Foundationis the industry leader
for storage virtualization solutions. Storage Foundation provides the ability
to dynamically allocate and transparently move data across all types of disks,
including RAID arrays, SANs, storage networks, to file systems, databases,
and so forth. Storage Foundation also provides host-based RAID (mirroring,
striping, mirrored stripes, RAID-5, and so on).
■
VERITAS FlashSnap™ option: Provides a snapshot mechanism that can
accelerate Exchange recovery through the use of point-in-time snapshots.
Flashsnap can also enhance backup performance through
alternate-host-accessible snapshots that are integrated with Backup Exec.
How Storage Foundation meets Exchange store challenges
Table 7-3 describes in more detail some of the features of Storage Foundation
that enable it to provide resilient storage for Exchange environments.
129
130
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation for Windows
Table 7-3
Storage Foundation Exchange store problems
Problem
Solution
Exchange servers get full
Capacity monitoring: This feature monitors storage activity
and provides alerts when storage levels reach pre-defined
thresholds. Actions and Thresholds are fully user-definable
Exchange server needs more Dynamic Volume growth: Storage Foundation can increase
storage
the size of Exchange data stores manually or automatically
without impacting the Exchange server
Managing complex RAID
Enhanced RAID management: Storage Foundation can
configurations from multiple manage any block-level storage devices including FC, iSCSI,
vendors
and DAS, all with a consistent unified user interface.
Managing Exchange storage Storage flexibility: Storage Foundation enables control of
across different hardware
storage costs by providing maximum flexibility in storage
vendors
choice. There is a single, consistent management interface
to heterogeneous storage hardware such as Hitachi® and
EMC®. Storage Foundation allows the use of inexpensive
storage in a RAID configuration.
Tape restores do not provide FlashSnap snapshots: Provide point-in-time recovery from
a rapid recovery from an
hard disk storage that is much faster than tape restores.
Exchange outage
FlashSnap snapshots are fully integrated with Windows
Server 2003 Volume Shadow Copy Service (VSS). FlashSnap
provides built-in VSS Provider and VSS Requester support
to allow creation of Microsoft supported and approved
snapshots.
Backup window for Exchange Reduced backup window: This feature reduces the server
is long due to processor load load to Exchange by providing off-host backups. Off-Host
backups can be performed from a secondary server location,
thereby decreasing the processor load on the Exchange
server.
Storage Foundation implementation and usage recommendations
There are many tasks to consider when implementing Storage Foundation in an
Exchange environment. Symantec recommends that administrators use the
following sequence of tasks for an Storage Foundation implementation:
■
Become familiar with the Storage Foundation documentation and system
requirements for Microsoft Exchange.
■
Plan Exchange storage layout.
Layout examples are provided.
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation for Windows
131
See “Suggested Exchange storage layout with Storage Foundation” on page 134.
■
Deploy Storage Foundation in the Microsoft Exchange environment
Storage Foundation documentation and prerequisites
The VERITAS Storage Foundation for Windows Administrator Guide contains
information on storage technologies and how to make best use of them. It is also
an excellent resource for information on general storage management features
on capacity monitoring and Auto Grow. The VERITAS Storage Foundation and
High Availability Solutions 4.3 Solution for Microsoft Exchange provides the user
with best practices surrounding snapshot solutions for Quick Recovery.
The following are tasks that require attention before the installation of Storage
Foundation:
■
Ensure that hardware, software, and system requirements are met.
■
Ensure that networking and firewall requirements are met.
■
Make available the license keys for the Storage Foundation options to be
implemented.
■
Perform a system reboot after installation of Storage Foundation.
These tasks are covered in the VERITAS Storage Foundation for Windows
Installation and Upgrade Guide.
Plan Exchange storage layout
Dynamic volumes and RAID play an integral part in providing reliability and
performance in the Exchange environment. There are different benefits for each
RAID type in relation to different Exchange objects. For more information on the
different RAID types, see the VERITAS Storage Foundation for Windows
Administration Guide.
Administrators should also research the best practices regarding Exchange storage
layout. In addition to Microsoft documentation on the subject, the Symantec
solution guide, VERITAS Storage Foundations and High Availability Solutions 4.3
Solutions Guide for Microsoft Exchange, is an excellent starting point for mapping
out Exchange storage. The guide is available from Symantec.
RAID volumes can be optimized in a variety of environments. For Exchange
environments with Storage Foundation, Symantec recommends the following
practices:
■
Increase read performance and failure tolerance with host-based mirroring
■
Plan disk group usage
132
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation for Windows
■
View the suggested configuration of disk groups and volumes for an Exchange
server for help in planning Exchange storage layout.
See “Suggested Exchange storage layout with Storage Foundation” on page 134.
Increase read performance and failure tolerance with host-based mirroring
Administrators can use host-based mirroring of virtual disks to increase overall
system read performance and failure tolerance. In a mirrored configuration, read
requests are handled in a round-robin fashion. The round-robin algorithm
distributes read requests across all members, or plexes, of a mirrored volume.
Mirroring can increase read performance significantly.
Host-based mirrored volumes provide protection against hardware failures such
as I/O bus, host bus adapter, power and cooling, RAID controller, and disk.
Administrators can protect against disk failures by configuring the hardware
RAID subsystem-based virtual disks as members of a host-based mirrored volume.
Plan disk group usage
Table 7-4 describes two recommendations for groups.
Table 7-4
Disk group usage methods
Method
Description
Use multiple disk groups
Storage Foundation defines labeled disk groups. Disk groups
provide a way of organizing physical disks in a system into
logical entities which simplifies storage management for
systems with large numbers of disks. Disk groups are useful
for managing storage in clusters, as well as convenient for
organizing and managing disk storage resources on an
application basis.
Allocate disk groups in
clusters
In a clustered environment, the Storage Foundation disk
group is the unit in which storage fails over from one
computer to another. Only entire disk groups fail over.
Consequently, volumes that hold data for applications that
are required to fail over, should belong to disk groups that
hold data for that application only. The disk groups should
be part of the application’s resource group, so that failover
can occur. This has implications for disk group and volume
allocation. In a cluster, each application that fails over
independently of other applications should have its data
stored on volumes in disk groups that are exclusive to that
application. This allows an application’s storage to fail over
with the application without having an adverse effect on
other applications or their associated storage.
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation for Windows
Use VERITAS FlashSnap option
The Storage FoundationFlashSnap option enables storage administrators to create
multiple point-in-time copies or snapshots of dynamic volumes. The process can
be done with minimal impact on applications and users. The snapshot is a
broken-off mirror of the original volume and functions as an independent volume.
It can be retained on the same host or moved to another host. It can be merged
back with the original volume until another snapshot is implemented.
On-host snapshots can be used for quick recovery of an application, such as a
Microsoft Exchange. Off-host snapshots allow users to perform resource-intensive
processes, such as application testing, decision support, data mining, and backups,
without affecting production servers and data.
Lay out the Exchange storage groups
By using the following recommendations, administrators can leverage the
configuration functionality of Storage Foundation:
■
Database stores and transaction logs for each storage group must be stored
on disks contained within a single dynamic disk group.
■
Each database should be in a separate volume, but the volumes may share the
same dynamic disks.
■
Mailbox stores and public stores must be stored on separate volumes in order
to be able to recover each independently.
■
Database stores and transaction logs must be in separate volumes in order to
perform a roll-forward recovery to the point of failure.
■
Database stores and transaction logs should be on separate disks so that disk
failure does not affect both the database stores and transaction logs.
■
Transaction logs should always be configured in a redundant layout. The
preferred software layout is RAID 0+1 (mirrored stripes) volumes as this
provides better read and write performance than RAID 1 (mirrored) alone. The
transaction log will generate the most I/O and thus should use the highest
performance disks available.
■
Use the preferred layouts for the database stores, which are hardware RAID
5, software RAID 1 (mirrored with logging enabled), or software RAID 0+1
(mirrored striped).
FlashSnap option is not supported for software RAID 5 volumes.
■
No more than six volumes should be associated with a storage group. One
volume should contain the transaction logs. Up to five other volumes may
contain databases.
133
134
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation for Windows
■
Move the components of the first storage group to new volumes off of the boot
drive. By default, the first storage group is mapped to the boot drive. The boot
drive cannot have a snapshot image taken of it.
■
Use Exchange System Manager to move production databases and logs off of
the boot drive onto newly created volumes that are created with Storage
Foundation.
■
Exchange transaction logs are used to roll forward a database to achieve a
point-of-failure recovery. The circular logging option should not be enabled.
If circular logging is enabled, a database cannot be rolled forward to achieve
a point-of-failure recovery.
■
Optionally create another shadow copy set after an incremental backup. Create
this shadow copy set on a separate set of disks rather than refreshing the
shadow copy set taken after the full backup. This practice ensures that the
shadow copy set of a clean database is not being overwritten with an image of
a potentially corrupted database.
Note: As a quick recovery practice, Symantec recommends that administrators
create or refresh a shadow copy set immediately after a full backup of FlashSnap
option, just after the database has been checked for corruption and the transaction
logs have been truncated. This ensures an image of a clean database.
Suggested Exchange storage layout with Storage Foundation
Table 7-5 shows a sample configuration and layout to create the appropriate disk
groups and volumes in an Exchange environment.
Table 7-5
Example configuration for Exchange server EXCH1
Exchange Exchange storage
server
group
Dynamic disk
group
Volume name
Drive letter
Volume content
EXCH1
EXCH1_SG1
EXCH1_SG1
EXCH1_SG1_TLogs
T: (or Mount
Point)
Volume for storing the
Microsoft Exchange
Server SG1 database log
file
EXCH1
EXCH1_SG1
EXCH1_SG1
EXCH1_SG1_DB1
S: (or Mount
Point)
Volume for storing the
Microsoft Exchange
Server SG1 database
EXCH1
EXCH1_SG1
EXCH1_SG1
EXCH1_SG1_Pub
P: (or Mount
Point)
Volume for storing the
Microsoft Exchange
Server public folders DB
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Table 7-5
Example configuration for Exchange server EXCH1 (continued)
Exchange Exchange storage
server
group
Dynamic disk
group
Volume name
Drive letter
Volume content
EXCH1
EXCH1_SG2
EXCH1_SG2
EXCH1_SG2_TLogs
J: (or Mount
Point)
Volume for storing a
Microsoft Exchange
Server SG2 DB log file
EXCH1
EXCH1_SG2
EXCH1_SG2
EXCH1_SG2_DB1
K: (or Mount
Point)
Volume for storing a
Microsoft Exchange
Server SG2 database
EXCH1
EXCH1_SG2
EXCH1_SG2
EXCH1_SG2_DB2
L: (or Mount
Point)
Volume for storing
another Microsoft
Exchange Server SG2
database
In the example, the dynamic disk group EXCH1_SG1 is a concatenation of the
names of the Exchange server, EXCH1, and the Storage Foundation dynamic disk
group, SG1. SG1 corresponds to the first Exchange storage group for the EXCH1
server (Storage Group 1). The configuration assumes that two Exchange storage
groups and two databases are used.
Deploy Storage Foundation in the Exchange environment
Storage Foundation is an integral part of the storage management infrastructure
in the Exchange environment. Symantec recommends installing Storage
Foundation on all Exchange mailbox servers in the Exchange environment before
installing any other product in the Symantec Email Security and Availability for
Microsoft Exchange solution.
Administrators should read the Storage Foundation product documentation and
review the recommendations in this book to prepare for a deployment of Storage
Foundation.
Best practices for VERITAS Storage Foundation High
Availability for Windows
In the enterprise environment, high availability can refer to any software or
hardware that provides fault tolerance, but the term has become associated more
specifically with clustering. Clustered systems offer advantages including fault
tolerance, high availability, scalability, simplified management, and support for
rolling upgrades.
135
136
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
The following sections describe concepts for VERITAS Storage Foundation High
Availability for Windows and its clustering component, VERITAS™ Cluster Server.
Also provided are best practices for the implementation of VERITAS Cluster Server
4.3 clustered solutions in an Exchange environment.
Challenges to clustering the Exchange environment
As a mission critical application, Exchange must be highly available to the
organizations. VERITAS Cluster Server, the clustering component for Storage
Foundation HA for Windows, can enable service availability up to and beyond
99.99%, which translates to less than 52 minutes of downtime per year. Clustering
provides redundancy with a hot failover mechanism to one of multiple server
nodes within the cluster. This failover is mostly transparent to users, which is
why it is a very desirable configuration.
How Storage Foundation HA for Windows meets Exchange clustering
challenges
By capitalizing on the key strengths of Cluster Server, Storage Foundation HA
for Windows can do the following:
■
Automatically monitor all Exchange components and respond appropriately
in the event of a problem, failing over to other resources if necessary.
■
Allow administrators to proactively switch Exchange functions to other
resources to perform routine maintenance or upgrades on components, such
as server upgrades or OS patch applications.
Moreover, Cluster Server technology offers unique advantages in the Exchange
environment. Table 7-6 describes Exchange clustering challenges and how
VERITAS Cluster Server meets the challenges.
Table 7-6
Exchange clustering challenges and Cluster Server solutions
Challenge
Solution
Creating high availability regardless of
hardware brand
With VERITAS Cluster Server, up to 32 nodes
can be clustered. Nodes can be configured
as load balancing or failover.
Controlling costs of cluster hardware
Exchange servers can share passive nodes
one at a time or as a group.
Troubleshooting Exchange problems without VERITAS Cluster Server can be removed
third-party programs interfering
temporarily from the Exchange environment
to allow for troubleshooting, and then
reinstated.
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Table 7-6
Exchange clustering challenges and Cluster Server solutions
(continued)
Challenge
Solution
Clustering other applications in addition to VERITAS Cluster Server can cluster most
Exchange
applications.
Clustering different brands and types of
server hardware
VERITAS Cluster Server can cluster
heterogeneous server hardware. Hardware
does not need to be identical.
Clustering an existing Exchange server
installation without reinstalling Exchange
VERITAS Cluster Server can cluster the
Exchange environment, even if Exchange is
already installed.
Providing granular administrative rights
VERITAS Cluster Server provides a detailed
level of rights management of the cluster.
Using external storage hardware from
different vendors
VERITAS Cluster Server can cluster
heterogeneous storage.
Storage Foundation HA for Windows basics
VERITAS Storage Foundation High Availability for Windows (including both
VERITAS Storage Foundation for Windows and VERITAS Cluster Server) provides
a framework for application management and availability. Storage Foundation
HA for Windows lets administrators monitor systems and application services,
and restart services on a different system when hardware or software fails.
About VERITAS Cluster Server clusters
A VERITAS Cluster Server cluster is composed of a set of systems that provide
scalability and high availability for specific applications. Cluster Server monitors
and controls the applications in a cluster, and can restart or move them in response
to a variety of hardware and software faults. A cluster consists of multiple systems
connected by a dedicated communications infrastructure. This infrastructure
enables cluster members to exchange information on the status of cluster
resources.
Each cluster has a unique cluster ID. Systems in a cluster are connected by
redundant cluster communication links. Clusters can have from 1 to 32 member
systems, or nodes. Applications can be configured to run on specific nodes within
the cluster. Nodes can be individual systems, or they can be created with domains
or partitions on enterprise-class systems. Individual cluster nodes each run their
own operating system and possess their own boot device. Each node must run the
same operating system within a single Cluster Server cluster.
137
138
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Most applications in a cluster require access to shared application data for systems
hosting the application. Nodes sharing storage access are eligible to run an
application. Nodes without common storage cannot fail over an application that
stores data to disk.
Resources
Resources are hardware or software entities, such as disk groups and file systems,
network interface cards (NICs), IP addresses, and applications. Controlling a
resource means bringing it online (starting), taking it offline (stopping), and
monitoring the resource.
Service groups
A service group is a logical grouping of resources and resource dependencies. It
is a management unit that controls resource sets.
For example, a database service group may be composed of resources that manage
logical network (IP) addresses, the database management software (DBMS), the
underlying file systems, the logical volumes, and a set of physical disks managed
by the volume manager (typically VERITAS Storage Foundation for Windows in
a Cluster Server cluster).
A single node may host any number of service groups, each providing a discrete
service to networked clients. Each service group is monitored and managed
independently. Independent management enables a group to be failed over
automatically, or manually idled for administration or maintenance, without
affecting other service groups. If the entire server crashes, all service groups on
that node must be failed over elsewhere.
VERITAS Cluster Server monitors each resource in a service group and, when a
failure is detected, restarts that service group. This could mean restarting it locally
or moving it to another node and then restarting it. The method is determined by
the type of failure. In the case of local restart, the entire service group may not
need to be restarted. Restarting a single resource within the group may be
sufficient to restore the application service.
Administrative operations are performed on resources, including starting,
stopping, restarting, and monitoring at the service group level. Service group
operations initiate administrative operations for all resources within the group.
For example, when a service group is brought online, all resources within the
group are also brought online. When a failover occurs in Cluster Server, resources
never fail over individually–the entire service group fails over. If there is more
than one group defined on a server, one group may fail over without affecting the
other groups on the server.
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Agents
Agents are VERITAS Cluster Server processes that manage resources of predefined
resource types according to commands received from the VERITAS Cluster Server
engine, HAD. A system has one agent per resource type, which monitors all
resources of that type; for example, a single IP agent manages all IP resources.
When the agent is started, it obtains the necessary configuration information
from VERITAS Cluster Server. It then periodically monitors the resources, and
updates Cluster Server with the resource status.
The agent provides the type-specific logic to control resources. The action required
to bring a resource online or take it offline differs significantly for each resource
type. VERITAS Cluster Server employs agents to handle this functional disparity
between different resource types. For example, bringing a disk group online
requires importing the disk group, but bringing a database online requires starting
the database manager process and issuing the appropriate startup commands.
Cluster Server agents are multithreaded, meaning a single Cluster Server agent
monitors multiple resources of the same resource type on one host. For example,
the IP agent monitors all IP resources. Cluster Server monitors resources when
they are online and offline to ensure they are not started on systems on which
they are not intended to run. For this reason, Cluster Server starts the agent for
any resource configured to run on a system when the cluster is started. If no
resources of a particular type are configured, the agent is not started. For example,
if there are no Exchange resources in the configuration, the Exchange agent is
not started on the system.
Storage Foundation HA for Windows installation recommendations
While there are many tasks to consider when implementing a Storage Foundation
HA for Windows in an Exchange environment, the following practices are essential
for a successful implementation:
■
Become familiar with the documentation and different cluster topologies
■
Meet hardware, network, and software requirements
■
Review installation preparation
For more information about these tasks, see the VERITAS Cluster Server
Installation Guide and the VERITAS Cluster Server Administration Guide. The
VERITAS Storage Foundations and High Availability Solutions 4.3 Solutions Guide
for Microsoft Exchange also provides essential background information on storage
and cluster configuration.
139
140
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Become familiar with the documentation and different cluster
topologies
Clustering is a mission-critical service that must be highly reliable, but is by its
nature technically complex. Storage Foundation HA for Windows and Cluster
Server provide the necessary reliability while shielding IT from much of the
underlying complexity. However, software of this type requires appropriate
planning before any implementation can begin.
Storage Foundation HA for Windows provides tools to make it as easy as possible
to perform necessary clustering tasks. IT shops that are considering the installation
of Cluster Server should become familiar with the product installation and
administration guides. Additionally, a good understanding of the differences and
advantages of the different cluster topologies (active/active versus active/passive)
is necessary to determine how best to implementCluster Server in a particular
Exchange environment.
This Symantec Yellow Book provides information on how to create an
Active/Passive cluster environment. It covers prerequisites for deploying the
clustered Exchange solution, including networking components and hardware
configurations, such as static IP address configuration and internal NIC
configuration.
Meet hardware, network, software, and configuration
prerequisites
Table 7-7 lists VERITAS Cluster Server hardware prerequisites in an Exchange
environment.
Table 7-7
VERITAS Cluster Server hardware prerequisites
Hardware component
Prerequisite
Three NICs
Symantec recommends three NICs per cluster member.
Two NICs are used exclusively for the private network.
The remaining NIC is used for the public network.
SCSI, Fibre Channel, iSCSI host
bus adapters (HBAs), or iSCSI
Initiator-supporting NICs
One of these components is required to access shared
storage from all systems in the cluster. All systems in
the cluster must have the same HBA model and be
configured at the same driver and firmware levels.
Shared disks
Shared disks are required to support applications that
migrate between nodes in the cluster. Verify that each
system can access the shared storage.
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Table 7-7
VERITAS Cluster Server hardware prerequisites (continued)
Hardware component
Prerequisite
Fibre Channel SAN (if used)
If the cluster is using a Fibre Channel SAN, ensure that
Fiber Switch zoning is done correctly so that cluster
nodes can access the correct, shared disks in the
network
Table 7-8 lists the VERITAS Cluster Server network prerequisites in an Exchange
environment.
Table 7-8
VERITAS Cluster Server network prerequisites
Network entity
Network prerequisite
Private NICs
Connect each private (cluster heartbeat) NIC through a
separate hub or switch to avoid single points of failure.
Windows firewall
Disable the Windows firewall on systems running
Windows Server 2003 SP1 and any other third-party
firewall applications on the local nodes.
IP addresses
Obtain the following static IP addresses:
One IP address for each physical server or node in
the cluster
■ One IP address for each cluster
■
■
One IP address for each virtual Exchange server and
any other clustered services
Name resolution
Configure name resolution for each node.
DNS services
Verify the availability of DNS Services. Active
Directory-integrated DNS or BIND 8.2 or higher are
supported.
Reverse lookup zones
Make sure a reverse lookup zone exists in the DNS. Refer
to the application documentation for instructions on
creating a reverse lookup zone.
Lookup zones for subnets
Make sure that the DNS server has lookup zones defined
correctly for all subnets within the network. Ensure that
forward lookup and reverse lookup entries are created
correctly. The zone type recommended is Active
Directory Integrated.
141
142
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Table 7-8
VERITAS Cluster Server network prerequisites (continued)
Network entity
Network prerequisite
DNS scavenging
DNS scavenging affects virtual servers configured in
Cluster Server because the LanMan agent uses DDNS
to map virtual names with IP addresses. Symantec
recommends that you turn off DNS scavenging for
resource records corresponding to virtual servers
configured as Lanman resources.
Note: Administrators can add the static IP address of
the Virtual server node if they choose not to turn off
scavenging.
Active Directory Services
Verify that Active Directory Services are available. Make
sure that an Exchange Forest prep and Domain prep is
performed and that the Exchange schema is propagated
based on the chosen topology.
The following software is required for VERITAS Cluster Server in an Exchange
environment:
■
Windows 2003 Enterprise Server with Service Pack 1
Microsoft support for Microsoft Exchange Server 2003 is limited to 32-bit
versions of the Windows 2003 operating system.
■
Remote control software, for example, Symantec PC Anywhere™
Remote control software helps manage remote servers.
■
Windows 2003 operating system installed on the same local drive on all nodes.
The VERITAS Cluster Server application agent for Microsoft Exchange requires
the operating system to be installed on the same local drive on all nodes. For
example, if Windows 2003 is installed on the C: drive of one node, installations
on all other nodes must be on their respective C: drives. Make sure that the
same drive letter is available on all nodes and has adequate space for the
installation.
Table 7-9 lists the VERITAS Cluster Server network configuration prerequisites
in an Exchange environment.
Table 7-9
VERITAS Cluster Server network configuration prerequisites
Network entity
Configuration prerequisite
Naming of public and private
NICs
A separate naming convention for public and private
NICs is recommended to avoid confusion.
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Table 7-9
VERITAS Cluster Server network configuration prerequisites
(continued)
Network entity
Configuration prerequisite
Disabling settings
Disable TCP/IP and Microsoft File Sharing. Also disable
the Client for Windows on the private heartbeat NICs.
Setting heartbeat NIC media type Each Heartbeat NIC should be set to 100MB Half Duplex.
value
On the Window Server 2003, on the NIC Properties page,
click Configure next to the adapter name. Then, on the
Advanced tab, select Media Type in the property listing.
In the Value drop-down list, select 100Mbps Half Duplex.
Setting the systems hardware
driver signing level
Set the systems hardware driver signing level to Ignore.
This ensures Storage Foundation will validate the
system during installation checks.
Configuring TCP/IP for clustering Every cluster server must have its Internet Protocol
(TCP/IP) properties configured to use the public NIC
with preferred and alternative DNS pointing to the same
main DNS server.
Review installation preparation
Symantec recommends that administrators prepare for installation with the
following best practices:
■
Ensure that the appropriate and identical OS level, Service Pack level, firmware,
and driver revisions are installed on all systems to be clustered. Check the
Symantec VERITAS Cluster Server Hardware Compatibility List (HCL) for
tested and supported versions.
For VERITAS Cluster Server HCLs, go the following URL:
http://support.veritas.com/menu_ddProduct_SFHFW_view_CL.htm
■
At the time of publication, this URL was current.
■
Ensure that the necessary remote control software to manage your remote
servers is available.
■
Have all the necessary IP addresses available before starting the installation.
Each system has an IP address, plus one for the Cluster Service, and one for
each instance of Microsoft Exchange.
■
Ensure all network cards are configured for Auto Negotiate, and that the speed
and duplex mode are forced from both the NIC and the Switch port to the
preferred speed and duplex mode. All cards on same network segment must
be configured identically.
143
144
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
■
Ensure that all systems are members of the appropriate Domain and are
configured to connect to the same DNS server.
■
Ensure that the DNS server is appropriately configured for forward/reverse
lookup.
■
Ensure that DNS entries for each virtual Exchange Server to be installed are
created before installation.
■
Verify that all systems on which Exchange Server will be installed have
Microsoft IIS installed. SMTP, NNTP, and WWW services must be installed on
all systems. If Exchange is installed on Windows 2003, make sure to install
the ASP.NET service as well.
■
Ensure that the appropriate administrator(s) have proper access rights to
install Exchange.
See “VERITAS Cluster Server Agent for Exchange permissions ” on page 147.
■
See theVERITAS Storage Foundations and High Availability Solutions 4.3
Solutions Guide for Microsoft Exchange for more information about cluster
installation.
Best practices for configuring storage resources for Storage Foundation
HA for Windows
Storage Foundation HA for Windows helps administrators configure Exchange
storage volume and disk groups. The following section describes some of the best
practices for a clustered Exchange storage configuration.
Volume layout recommendations
Volumes for database files, transaction log files, as well as MTA and Exchange
registry replication for VERITAS Cluster Server should be mirrored to separate
hard drives (physical disks) or arrays. For transaction logs, Symantec recommends
RAID 1+0 (mirrored stripes) volumes for performance reasons.
The VERITAS Cluster Server application agent for Microsoft Exchange requires
at least four volumes to be created per virtual Exchange server. One each is created
for the first Exchange database, registry replication information, transaction logs
(for the first storage group), and MTA data. These volumes must be accessible
from all cluster nodes.
Disk group layout recommendations
When creating Storage Foundation disk groups that will contain disks used by
clustered services, the option to create a cluster disk group must be selected.
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
All volumes and cluster disk groups should be configured using Storage Foundation
from the same node.
Each Exchange storage group should have its own cluster disk group. If there are
four storage groups per Exchange virtual server (EVS), then there should be four
cluster disk groups.
Storage configuration example
Table 7-10 shows one example of a configuration and layout to create the
appropriate disk groups and volumes to maintain a high availability environment.
In the table, the name of the Microsoft Exchange virtual server is EXCHVS1. The
name of the VERITAS Cluster Server service group is EVS1. This example includes
Registry replication (RegRep) volumes in one of the clustering disk groups.
Table 7-10
Example of disk groups and volumes for an Exchange virtual server
VERITAS Cluster Exchange
Server service
virtual
group
server
Exchange
storage group
Cluster disk
group
Volume
name
Drive
letter
Volume content
EVS1
EXCHVS1
not applicable
EVS1_RegMTA
EVS1_RegRep R:
Volume that
contains the list
of registry keys
that must be
replicated among
the cluster
systems
EVS1
EXCHVS1
not applicable
EVS1_RegMTA
EVS1_MTA
N:
Volume for
storing Microsoft
Exchange Server
MTA database for
the Exchange
Server
EVS1
EXCHVS1
EVS1_SG1
EVS1_SG1
EVS1_SG1_
TLogs
T: (or
Mount
Point)
Volume for
storing the
Microsoft
Exchange Server
SG1 database log
file
145
146
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Table 7-10
Example of disk groups and volumes for an Exchange virtual server
(continued)
VERITAS Cluster Exchange
Server service
virtual
group
server
Exchange
storage group
Cluster disk
group
Volume
name
Drive
letter
Volume content
EVS1
EXCHVS1
EVS1_SG1
EVS1_SG1
EVS1_SG1_DB1 S: (or
Mount
Point)
Volume for
storing the
Microsoft
Exchange Server
SG1 database
EVS1
EXCHVS1
EVS1_SG1
EVS1_SG1
EVS1_SG1_
Pub
P: (or
Mount
Point)
Volume for
storing the
Microsoft
Exchange Server
public folders DB
EVS1
EXCHVS1
EVS1_SG2
EVS1_SG2
EVS1_SG2_
TLogs
J: (or
Mount
Point)
Volume for
storing a
Microsoft
Exchange Server
SG2 DB log file
EVS1
EXCHVS1
EVS1_SG2
EVS1_SG2
EVS1_SG2_DB1 K: (or
Mount
Point)
Volume for
storing a
Microsoft
Exchange Server
SG2 database
EVS1
EXCHVS1
EVS1_SG2
EVS1_SG2
EVS1_SG2_
DB2
Volume for
storing another
Microsoft
Exchange Server
SG2 database
L: (or
Mount
Point)
Note: Additional storage groups (such as EVS1 _SG2_DG) only contain data and
log volumes. The RegRep and MTA volumes are included only in the first storage
group.
In the example, the cluster disk group EVS1_SG1 derives its name from the
Exchange virtual server EVS1. SG1 refers to the Storage Foundation disk group
that corresponds to the Exchange storage group (first storage group or storage
group 1). The example configuration assumes that two Exchange Storage groups
and two databases are being used.
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
After the storage configuration for the Exchange cluster portion of the installation
is implemented, verify the following:
■
The disk group is imported on the first node of the cluster.
■
The volume containing the information for registry replication
(EVS1_SG1_Regrep in the table.) is mounted.
Deploying a clustered Microsoft Exchange solution
During deployment of a clustered Exchange solution, make sure that the user for
the preparation, installation, and post-installation phases of Exchange
implementation remains the same.
In addition, make sure that the cluster ID is unique if one or more cluster exists
on the same subnet.
VERITAS Cluster Server Agent for Exchange permissions
Verify that the administrator responsible for installing VERITAS Cluster Server
in an Exchange environment has the following permissions set up:
■
The administrator must be a domain user.
■
The administrator must be an Exchange Full Administrator.
■
The administrator must be a member of the Exchange Domain Servers group
■
The administrator must be a member of the Local Administrators group for
all nodes where he or she is installing are installing VERITAS Cluster Server
Agent for Exchange.
■
The administrator must have write permissions for objects corresponding to
installation nodes in the Active Directory.
■
If a computer object corresponding to the Exchange virtual server exists in
the Active Directory, the administrator must have delete permissions on the
object.
■
The administrator must be an Enterprise Administrator, Schema Administrator,
Domain Administrator, and Local Machine Administrator to run ForestPrep.
In addition, the administrator must be a Domain Administrator and Local
Machine Administrator to run DomainPrep.
Finally, make sure the HAD Helper domain user account has Add workstations
to domain privileges enabled in the Active Directory. To verify this, click Start >
Administrative Tools > Local Security Policy on the domain controller to launch
the security policy display. Click Local Policies > User Rights Management and
make sure the user account has this privilege.
147
148
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Microsoft Exchange and VERITAS Cluster Server Exchange
Agent installation recommendations
The Storage Foundation and High Availability Solutions 4.3 for Microsoft Exchange
Solutions Guide contains checklists of installation prerequisites in the following
sections:
■
Installing Exchange on the first node
■
Installing Exchange on additional nodes
The prerequisites cover new installations of Microsoft Exchange. Make sure that
all items in the checklist are completed on all Exchange nodes before installing
the VERITAS Cluster Server Exchange Agent on the nodes.
Installing Microsoft Exchange on the first node
In addition to the installation prerequisites provided in the Storage Foundation
and High Availability Solutions 4.3 for Microsoft Exchange Solutions Guide, the
following installation recommendations can help administrators successfully
install Exchange on the first node:
■
Administrators who are installing Exchange 2003, but do not want to install
Exchange Server Service Pack 1 as part of the installation process, can obtain
SP1 installation steps from the VERITAS Storage Foundation for Windows
documentation.
■
After a virtual name has been assigned to the Exchange server, it cannot be
changed unless Exchange is uninstalled from the VERITAS Cluster Server
environment and reinstalled using the Exchange Setup Wizard for VERITAS
Cluster Server.
■
To ensure proper failover in the cluster before moving a database to shared
storage, perform the following tasks:
■
Open VERITAS Storage Foundation for Windows and import the cluster
Disk Group on the local node.
■
Mount the volumes for the Exchange database, MTA data, and transaction
logs.
■
Assign a drive letter to the volumes.
Installing Microsoft Exchange on additional nodes
In addition to the installation prerequisites provided in the Storage Foundation
and High Availability Solutions 4.3 for Microsoft Exchange Solutions Guide, the
following installation recommendations can help administrators successfully
install Exchange on additional nodes:
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
■
When installing Microsoft Exchange Server 2003 on additional nodes,
administrators must use the disaster recovery switch on the second node.
■
Administrators who are installing Exchange 2003 on additional nodes, but do
not want to install Exchange Server Service Pack 1 as part of the installation
process, can obtain SP1 installation steps from the VERITAS Storage
Foundation for Windows documentation.
Post-deployment recommendations
After installing Microsoft Exchange, Symantec recommends the following
post-deployment practices:
■
Change the admin password for the VERITAS Cluster Server console.
■
Do not use the virtual name or virtual IP address when connecting and
administering a cluster node through Storage Foundation HA for Windows.
Connecting to a computer from the VEA GUI using a virtual name or the virtual
IP address causes the VEA GUI to display the computer name of the cluster
node that currently owns the virtual name and IP resources. Therefore, use
the actual computer name or the IP address of the cluster node instead.
■
When running VERITAS Cluster Server in Exchange environments, always
store the anti-virus/anti-spam definitions update log on the shared disk device.
This ensures that any node running Exchange has up-to-date virus and spam
signatures.
Installing and configuring Symantec Mail Security for Microsoft
Exchange on VERITAS Cluster Server systems
The following list describes most of the tasks for installing Symantec Mail Security
for Microsoft Exchange on a system in a VERITAS Cluster Server-managed cluster:
■
When installing Mail Security for Exchange, ensure that the Mail Security for
Exchange binaries are installed in the same drive letter and directory location
on each node in the cluster that will run Exchange services.
■
After installing Mail Security for Exchange on each cluster node, the Mail
Security for Exchange service Startup Type value should be set to Automatic
using the Windows Services Manager.
■
After installing Mail Security for Exchange, freeze the Exchange Service Group
in the VERITAS Cluster Server and add a process agent resource to control
the Mail Security for Exchange service. Repeat for each Exchange Group, if
there are multiple Exchange virtual servers).
To do this, create a process resource for each Mail Security for Exchange service
in the Exchange Service Group.
149
150
Enhancing Microsoft® Exchange Server availability
Best practices for VERITAS Storage Foundation High Availability for Windows
Generic Services should not be used due to concurrency issues. If desired, an
additional resource can be created to control the spam filtering process,
otherwise, the service should be disabled.
■
Use the VERITAS Cluster Server vcsgensvc.vbs script to control the services
for the online, offline, and monitor attributes. The absolute path to the script
must be included in the attribute value. It must also be prefixed by the word
cscript.exe. An example is:
cscript “c:\program files\VERITAS\Cluster Server\bin\samples\process\
vcsgensvc.vbs” online SMSME
■
Use the service name (SMSME) to control the service. Place it as the argument
after the online, offline, or monitor directive. The virtual name attribute, as
listed in the LanMan resource, follows the SMSME argument for only the
monitor attribute value (cscript “c:\program files\VERITAS\Cluster Server\
bin\samples\process\vcsgensvc.vbs” monitor SMSME <virtualname>).
■
In the VERITAS Cluster Server Management console, connect dependencies
for the SMSME resource where the Information Store resource is a parent to
the SMSME resource and the SMSME resource is parent to the System
Attendant resource. The Information Store Resource should also continue to
depend on the System Attendant.
■
Place antivirus signatures and quarantine queues on a shared cluster disk and
modify paths and replicated registry keys as necessary. This reduces virus
exposure induced by failover to systems with older virus signatures.
Alternatively, rather than placing on shared storage and replicating registry
information, a post-offline trigger can be configured to restart the Mail Security
for Exchange services to ensure that updates to virus signatures can be
maintained on passive Exchange nodes.
■
If Symantec AntiVirus™ and Symantec Mail Security for Microsoft Exchange
are both present on the clustered Exchange nodes, all directories for VERITAS
Cluster Server should be excluded from virus scanning. In addition, all
Exchange directories (local and shared storage) should be excluded. For more
information on configuration in an Exchange environment, see the Symantec
AntiVirus and Symantec Mail Security for Microsoft Exchange documentation.
Note: For more information on configuring Mail Security for Exchange, including
information about unique and modified registry key path information and how
to keep virus definitions up to date for non-active nodes, please contact Symantec
Professional Services or review the latest knowledge base article at
http://library.veritas.com/docs/281043.
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Best practices for Symantec Backup Exec
The cornerstone of any availability solution is its backup and recovery plan.
Choosing a reliable backup product should be of foremost concern to every IT
organization because backup may be the last line of defense against data loss.
This section describes best practices for using Symantec Backup Exec. It also
includes best practices for using Backup Exec with VERITAS Enterprise Vault.
Challenges to backing up the Exchange environment
IT organizations are faced with the demand of ensuring continual business
communications. The loss of a single message may generate hours of unnecessary
and frustrating labor for system administrators. Email loss can lower productivity,
even slowing the progress the entire organization.
Microsoft Exchange server data protection challenges include the following:
■
Backing up the Windows operating system and system state
■
Backing up Exchange server application directory
■
Backing up the Exchange databases
■
Backing up Enterprise Vault
A secure backup plan is a critical component in a complete availability solution
for Microsoft Exchange.
How Symantec Backup Exec meets Exchange backup and recovery
challenges
Symantec Backup Exec and Backup Exec Agent for Microsoft Exchange Server
meet the criteria for fast, flexible, and reliable Exchange Server data protection.
In fact, Backup Exec has supported Microsoft Exchange since its introduction in
1996 (and supported Windows Server operating systems since their introduction
in 1992). Backup Exec provides established experience and proven reliability in
the Exchange server market.
Backup Exec is an easy-to-use product. It integrates tightly with Windows operating
systems and provides native agents for Microsoft Exchange backup. Native backup
agents for Microsoft® SQL Server are also available.
151
152
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Table 7-11 lists the Exchange backup challenges that Backup Exec addresses.
Table 7-11
Exchange backup challenges and Backup Exec solutions
Exchange backup challenge
Backup Exec solution
Administering multiple backup jobs
Backup Exec has the ability to manage all backup
jobs from a single console.
Administering multiple backup servers Backup Exec provides centralized management
of all media servers (tape or disk) with the
Centralized Administration Server option.
Ensuring optimal Backup performance Backup Exec can load balance backup jobs.
Restoring Exchange databases quickly Backup Exec Restore can automatically dismount
and accurately
the Exchange database. This feature ensures that
a valid database is brought on line quickly when
traditional or snapshot backups are performed.
Ensuring the integrity of snapshots
Backup Exec has integrated Snapshot protection
with consistency checks. This feature leverages
Microsoft virtual snapshot (VSS) technology to
provide on-host or off-host backup from
consistent snapshot image.
Leveraging Exchange Recovery Storage Backup Exec can perform mailbox or message
Groups
level restores from a full, incremental or
differential traditional backup without requiring
the installation of a separate Exchange 2003
server.
Providing flexible levels of backup
Backup Exec can protect Exchange data at the
individual storage group, database, or mailbox
level, and with full, incremental, copy, or
differential backups.
Backing up all Exchange components
Backup Exec supports the protection of multiple
databases on a single Exchange 2000 or Exchange
2003 server.
Performing hot Exchange backups
Backup Exec can transparently integrate an
online, or hot, Exchange Server 5.5, Exchange
2000, and Exchange 2003 server backups within
regularly scheduled network backup routines.
Relocating Exchange databases
Backup Exec can relocate any database to another
server or storage group with the move database
(MDB) relocation feature.
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Table 7-11
Exchange backup challenges and Backup Exec solutions (continued)
Exchange backup challenge
Backup Exec solution
Reducing the size of Exchange data
stores
Backup Exec can store single instances of
attachments to eliminate backing up redundant
copies of files that are sent to large numbers of
users. This reduces the time required to perform
mailbox backups and reduces the amount of media
required to protect the Exchange environment.
Staging data for backup
Backup Exec has an Automated Data Staging
feature that can quickly back up and recover
Exchange Server databases or transaction logs by
staging backups to disk or RAID system prior to
a nightly full or differential to tape.
Supporting clustered Exchange servers Backup Exec supports cluster fail-over in a
VERITAS Cluster Server environment, providing
improved fault tolerance.
Supporting SANs
Backup Exec has a LAN-Free Exchange Server
backup feature that supports storage area
networks (SAN), with the SAN Shared Storage
Option. This increases backup and recovery
performance over a fiber channel or iSCSI
network.
Ensuring reliable backups
Backup Exec uses the native Exchange Server
Backup APIs and Messaging APIs for reliable
Exchange protection.
Providing off-host backups
Backup Exec supports off-host backups in
conjunction with the Advanced Disk-based Backup
Option (ADBO) to eliminate the backup window.
This support frees the Exchange server to serve
its users 24x7x365 and perform backups at any
point in time. For more information on ADBO, go
to:
http://eval.veritas.com/mktginfo/products/
White_Papers/Data_Protection/BE_SFW_Quick_
Recovery_Off-Host_Backup_Bundle.pdf
153
154
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Backup Exec installation recommendations
While there are many tasks to consider when implementing a backup and recovery
solution in an Exchange environment, the following practices and considerations
are essential for a successful backup and recovery plan:
■
Obtain licenses for Backup Exec components
■
Become familiar with Backup Exec documentation
■
Version considerations for Backup Exec
Obtain licenses for Backup Exec components
Licenses for the required options of Backup Exec must be purchased and specified
during the Backup Exec installation. To protect the complete solution described
in this Symantec Yellow Book, licenses are required for the following Backup Exec
components:
■
Backup Exec Agent for Microsoft Exchange
■
Backup Exec Agent for Microsoft SQL Server (for backing up Enterprise Vault).
■
Backup Exec Remote Agent for Windows Servers
Optionally, if an enterprise wants to use the Advanced Disk-Based Backup Option
(ADBO) for off-host backups of Exchange and SQL, a separate license must also
be purchased and specified during installation.
A license for one tape drive is included with each license of Backup Exec for
Windows Servers. A separate license is also required if more than one tape drive
is to be used for backup. For each additional tape drive, whether stand alone, in
an autoloader or in a robotic tape library, a Library Expansion Option (LEO) license
is required.
Information on Backup Exec licensing is contained in the Symantec Backup Exec™
for Windows Servers Quick Installation Guide.
Become familiar with Backup Exec documentation
Symantec Backup Exec provides comprehensive documentation to make it as easy
as possible to create and implement a backup and recovery plan with Exchange
environments. IT shops considering the installation of Backup Exec should become
thoroughly familiar with following guides:
■
Symantec Backup Exec™ for Windows Servers Administrator’s Guide
■
Symantec Backup Exec™ for Windows Servers Quick Installation Guide
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Version considerations for Backup Exec
The Email Security and Availability solution as outlined in this Yellow Book was
tested using the latest version of Backup Exec (10d). The features described in
this section are available in Backup Exec starting with version 10.0. Symantec
recommends using the latest version available as a matter of best practice.
If an earlier version of Backup Exec is currently in use in the Exchange
environment, an upgrade to the current version (10d) is recommended.
After the Backup Exec software and necessary licenses are purchased, see the
Symantec Backup Exec™ for Windows Servers Quick Installation Guide for
information on upgrade instructions.
Best practices for backup and recovery in Exchange environments
Symantec recommends some best practices for configuring and using Backup
Exec with Exchange 2003. For more information on backing up, restoring, and
disaster recovery of Exchange, and configuring users, media sets, and backup
devices, see the Symantec Backup Exec™ for Windows Servers Administrator’s
Guide.
Backup preconfiguration tasks
To use Backup Exec in Exchange environments, at least one Backup Exec Media
Server is required. The Media Server must have backup storage (disk or tape
devices) connected to the network.
Before using Backup Exec in an Exchange environment, make sure to do the
following:
■
Provide network and rights access to Backup Exec servers
■
Disable Write Caches on Fibre Channel, SCSI or iSCSI controllers
■
Disable circular logging
Provide network and data access to Backup Exec clients from Backup Exec
servers
The Backup Exec Media Server must have access to all of the systems it will protect.
In addition, the Backup User Account must have proper permissions to carry out
a backup or restore operation.
Disable Write Caches on Fibre Channel, SCSI or iSCSI controllers
Windows does not use buffers, so when Exchange (or other applications) receives
a write complete notice from Windows, the write-to-disk has been already been
completed. If Write Cache is enabled, Windows responds as though a write-to-disk
155
156
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
has been completed, and will provide this information to Exchange (or other
applications) incorrectly. The result could be data corruption if there is a system
failure before the operation is actually written to disk.
Disable circular logging
Circular logging minimizes the risk for filling the hard disk with transaction log
files. However, if a solid backup strategy is in place, transaction log files are purged
during the backup, thus freeing disk space. If circular logging is enabled,
transaction log histories are overwritten, and incremental and differential backups
of storage groups and databases are disabled. This means that recovery is only
possible up to the point of the last full or copy backup.
Types of backups in an Exchange environment
The optimal type of Exchange backup to use varies depending on the size of the
Exchange environment, the number of transactions processed each day, and the
recovery time target desired.
Table 7-12 describes the different types of Backup Exec backups, their Exchange
recovery advantages and disadvantages, and their effects on Exchange data
structures.
Table 7-12
Backup Exec backup types
Backup type
Impact on Exchange data storage
Full
Full backups are the best way to backup the entire information
store, the directory database, and the transaction logs. Many
shops run full backups on a weekly basis, because they prefer
to run incremental backups throughout the week to keep backup
run time to a minimum. The trade-off with this technique occurs
at recovery time when recovery must begin with restoring from
the full backup and then restoring each subsequent incremental
backup in turn. After full backups, administrators can choose
whether or not to purge the transaction logs.
Incremental
Incremental backups are used to provide more frequent recovery
point options throughout the day and to manage log file growth.
In an incremental backup the transaction logs are backed up
that have been created since the last full or incremental backup.
When the logs are backed up, the log files are purged.
Differential
Differential backups back up only the transaction log files. There
is no log file purge.
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Table 7-12
Backup Exec backup types (continued)
Backup type
Impact on Exchange data storage
Brick level
Brick-level backups back up each mailbox separately and back
up the folders and messages. Brick-level backups allows
administrators to restore a single mailbox or single folder. Some
organizations use brick-level backups only for designated
mailboxes. These recoveries are also very I/O intensive. They
can take much longer to recover than standard file recovery
operations.
Best practices for ensuring good backups
To ensure good backups, Symantec recommends the following practices:
■
Perform trial restores.
■
Test the backup and recovery dependencies.
Is Exchange System Manager working properly?
Do the domain controllers maintain contact with the Exchange server during
a backup?
■
Backup the necessary items and make copies of those items that will aid in the
event of a disaster recovery. Document everything, including any custom
configurations to the OWA logon page with forms-based authentication. Also
have a copy of the certificates used for HTTPS and SSL along with the private
keys. A best practice for these items is to copy them to a separate server for
Disaster Recovery.
■
Understand the pros and cons of backing up the System State.
Backing up the System State is recommended as part of a complete disaster
recovery solution. This includes the OS, the boot files, the Registry and the
COM+ class registration database.
■
If the Exchange environment is running a domain controller, then the Active
Directory database and the SYSVOL directory should also be backed up. If
running in a cluster, administrators must have the quorum resource recovery
log and the cluster service resource registry checkpoints.
If installed, the Certificate Services database should be backed up.
■
For ease of disaster recovery, create a replica of the EFORMS Registry folder
in a public folder store or in a different routing group.
157
158
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
The importance of online backups
Online backups perform operations one database file at a time. As each database
file is transferred to the backup media, Exchange performs a cyclic redundancy
check. If there are problems with the data, the backup stops and the event is
logged. Administrators do not have the capability of doing this type of check with
a regular offline backup.
It is not a good practice to delete transaction logs manually. Administrators who
are only doing offline backups will not be able to automatically purge the
transaction logs.
However, it is good practice to run a daily maintenance schedule with the
Information Store Service. Once archived, this will remove deleted messages,
deleted mailboxes and perform online defragmentation. Defrag will not run if the
backup process is running on any database in the storage group. Schedule backups
and IS maintenance to run at different times.
Optimizing backup and recovery performance
Symantec recommends that administrators use the following practices with
Microsoft Exchange to ensure the most efficient backup and recovery performance:
■
Locate transaction log files on separate physical disks from the database.
Separating transaction log files from the database is the single most important
configuration detail affecting the performance of Exchange servers. This
configuration detail also has recovery implications, because transaction logs
provide an additional recovery resource (enabling up-to-date email recovery).
■
Archive (or expunge) HTTP, SMTP, IMAP protocol logging directories. Exchange
itself will not automatically wrap these log files. If not archived, these logs can
grow large quickly.
■
Periodically check the BadMail directory of any significant SMTP servers in
the Exchange environment. The directory is located at \Program Files\
Exchsrvr\Mailroot\vsi1\Badmail. Because of the manner in which SMTP
messages are logged, customers might see hundreds of these files a week, if
there are failed SMTP relay attempts. Such files can almost always be safely
deleted.
■
Check mailbox usage as part of an overall backup and recovery strategy. One
method is to use Exchange System Manager to simply export mailbox usage
information to a text file. Over time administrators can use this data to get a
quick trend analysis and look for any unusual patterns that might impact
performance, hence backup time. Administrators will also get a second look
at mailboxes that have exceeded their storage capacity or are getting near that
point.
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Best practices for using Backup Exec with clustered Exchange
servers
Backups should include the System State of all nodes in the cluster.
Off-host backup usage recommendations
Performing a full system backup of a server is a CPU intensive activity that can
severely limit the availability of Exchange email. Using Shadow Copy Sets for
off-host backup provides the ability to offload this processor intensive activity
from the Exchange server to secondary staging server. The staging server is then
used for a full backup process. Creating a Shadow Copy will put far less strain on
the Exchange server than a full backup will.
Before backup up using Shadow Copy Sets, make sure the following conditions
are met:
■
The Advanced Disk-Based Backup option is selected during Backup Exec
installation.
■
The staging server is equal in capacity to the Exchange server.
■
The Backup Exec Agent is installed on Exchange server.
Remember that a shared storage environment is optimal.
Best practices for Enterprise Vault backup
When companies implement VERITAS Enterprise Vault and want to use Backup
Exec for Enterprise Vault backup and recovery operations, the following additional
practices are essential for a successful backup and recovery plan:
■
Observe the best practices to back up critical Enterprise Vault components
identified in the table below.
■
Determine the backup window for Enterprise Vault.
■
Ensure that Enterprise Vault services are in the correct service state during
backup.
■
If necessary, return registry keys to read-write mode after backup event
completes.
Enterprise Vault critical components
Enterprise Vault has several critical components that must be backed up to ensure
complete restore capability.
159
160
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Table 7-13 identifies some of the best practices associated with these components.
Table 7-13
Enterprise Vault components that are critical to backup operations
Component
Best practice
SQL databases:
Back up all databases with the name
EV<store name>.
EVEnterpriseVaultDirectory
Stores structural information about the
Enterprise Vault system architecture.
■ Vault store
Stores the individual databases for each
store that Enterprise Vault users create.
■
Schedule an SQL backup just before the main
backup job. After the SQL backup is
complete, point the main backup process to
the destination directory of the SQL backup,
thereby allowing backup of the backup.
Both types of databases use the naming
convention EV<store name>.
Indexes
By default, the AltaVista® indexing engine
stores its index files in Program Files\
Enterprise Vault\Indexing.
Shopping baskets
When users perform a search of the Vault,
they have the option to group items from
their search results logically in what the
application calls a “shopping basket”.
Because the Program Files\Enterprise Vault\
Indexing location can be customized, always
use the Enterprise Vault Administration
Console to obtain the actual location.
Like the Indexing location, the Shopping
Basket location can also be customized.
Therefore, always use the Enterprise Vault
Administration Console to obtain the current
location of these shopping baskets.
Note: Some organizations elect not to back
The Enterprise Vault application saves these
up shopping baskets because they do not
baskets as individual files that are stored by
contain any email messages. They only
default in Program Files\Enterprise Vault\
contain pointers to message IDs.
Shopping.
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Table 7-13
Enterprise Vault components that are critical to backup operations
(continued)
Component
Best practice
Vault stores
Always back up the entire vault store folder
structure so that all email messages can be
Archived email messages are stored as
restored properly with the vault store
individual files in an elaborate directory
databases pointing to the appropriate
structure starting with the name of the vault
locations.
store. For example, a typical directory
structure might be:
To obtain the file location of a vault store,
use the Vault Administration Console.
\Enterprise Vault Stores\<vault store
name>\<year>\<month>\<date>\<GMT hour Some organizations with multiple vault
>\<file>
stores may have vault stores spread across
different drives and media types. Stores are
not always grouped under a single directory
structure on one drive.
Always back up each vault store’s full
directory structure daily.
License key
The license key is saved as a text file in the
Program Files\Enterprise Vault\directory.
Because the license key does not change over
time, only one backup copy is necessary. This
file does not need to be backed up daily.
The file naming convention of the license
key is Keys_<servername>.txt.
Backing up Microsoft SQL Server
Backup Exec incorporates online, non–disruptive SQL database protection as part
of everyday backup routines, which increases the chance of data recovery and
minimizes data loss without inhibiting daily database activity. Using database,
differential, and log backups provides a good balance between backup windows
and minimizes the amount of time that will be spent recovering a database if the
need arises.
To decide which backup methods to use for the best data protection, consider the
following for typical environments:
Small environment
Consider running a daily full database backup every evening
and daily transaction log backups.
Mid-sized environments
Consider running a weekly full database backup and daily
transaction log backups along with daily differential backups
except on the day when the full backup is run.
161
162
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Large environments
Consider running daily differential database backups, weekly
full database backups, and transaction log backups as
necessary. Many shops run full backups on a weekly basis,
preferring to run differential backups throughout the week
to keep backup run time to a minimum.
Extremely large environments may need to run filegroup
backups in order to split the full backup over several days.
Log backups are required to be able to recover a system from
a filegroup backup.
The trade-off with running fewer full backups with more differential backups
occurs at recovery time. In such cases, the last full database backup must be
restored along with the last differential database backup and all subsequent log
backups. Which method gives the best outcome will be determined by factors such
as the size of the environment, the number of transactions processed each day,
and the expectations of users when a recovery is required. It is also considered a
best practice to separate SQL backup jobs from other backup jobs.
Backup, restore and recovery strategies are discussed in more detail in the
Symantec Backup Exec™ for Windows Servers Administrator’s Guide.
The following are required for the SQL Agent:
■
Backup Exec must have access rights to read both of the following SQL registry
keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server
HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer
■
If Backup Exec does not have access to these registry keys, a restore to the
default directory may not work, and the Automate master database restore
option on the Restore Job Properties for SQL dialog box will not work.
■
To ensure that Backup Exec has access rights, verify that the logon account
used has Administrator rights to the Windows server that the SQL instance is
installed on.
■
The media server must have access to the SQL installation.
■
The credentials stored in the Backup Exec logon account used for backing up
and restoring SQL must have been granted the System Administrator role on
the SQL instance.
■
To back up SQL, use a Backup Exec logon account that stores the credentials
of a Windows user account. The Windows user account must have been granted
the System Administrator role on the SQL instance.
■
If SQL Server Authentication is being used, add a Backup Exec logon account
that stores the credentials of the SQL user account. In the backup selections
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
list, apply the Backup Exec logon account for the Windows user account to the
Windows server that SQL is installed on, and then apply the logon account for
the SQL user account to the SQL instance.
More detailed information regarding backing up, restoring and disaster recovery
of SQL can be found in the Symantec Backup Exec™ for Windows Servers
Administrator’s Guide.
Determining the backup window for Enterprise Vault
Determine the backup window; that is, the best time for backing up Enterprise
Vault data and the Enterprise Vault SQL data. These components have pre– and
post–backup operation procedures that must be executed. These times are used
when setting up the schedule for the backup jobs.
Changing Enterprise Vault service states for backup
During a backup, a user or process must not add new data to the Vault because
integrity will be lost between the databases, indexes, and Vault stores. A backup
(and thus restore) should represent a single snapshot, to which the server can
revert. Therefore, to preserve data integrity, most organizations shut down their
Archiving, Retrieval, Journaling, Public Folder, Shopping, Storage, and Indexing
services during the allocated time for backups. Then restart them when the backup
is complete.
However, some organizations may still want to leave the services running during
a backup. Such organizations have the option to shut down only the key
components of the storage and indexing services that affect backup integrity. The
Admin, Directory, Storage, Indexing, and Shopping services can be left running.
Users will be able to access archived messages from both Outlook and the search
application.
New data should not be added during a backup. Therefore, administrators should
leave Archiving, Public Folder, and Journaling services off during the backup
period.
To accomplish this, a user must create Registry keys to control specific components
of the storage and indexing services that affect backup integrity. After these keys
are created, the user must change specific keys so that those services change to
read-only mode before a backup event occurs.
Restoring registry keys to read-write mode
If administrators have created Registry keys to disable Archiving, Public Folder,
and Journaling services during, backup, they must return the keys to read-write
163
164
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
mode after the backup event has completed successfully for Enterprise Vault to
return to normal operation.
Registry key creation and modification tasks can be done with automated scripts
and can be scheduled to run by the Windows scheduler. This scheduling, together
with scheduling backups and having a backup window that allows backup operation
before the scheduled read-write revert script runs will allow successful backups
of the Vault data.
Backup Exec allows the running of scripts both pre and post backup. (If this
functionality were to work, it would greatly simplify the pre and post backup
process).
These scripts are described in the Enterprise Vault Live Backup Guide, and are
available from support services.
Enterprise Vault backup sequence
Table 7-14 shows a high-level sequence of tasks that summarize the process for
backing up Enterprise Vault with Backup Exec.
Table 7-14
Enterprise Vault backup sequence forBackup Exec
Sequence
Task
Step 1
Schedule the Enterprise Vault pre-backup task to run at the start of
the backup window.
Step 2
Create a backup policy to backup Enterprise Vault, SQL, and Exchange
during the backup window allowing 15 minutes for the Enterprise
Vault Pre-backup task to run.
Step 3
Create a selection list within Backup Exec to back up the Vault stores,
indexes, shopping and license key information as described in the
Enterprise Vault documentation.
Step 4
Create a selection list within Backup Exec to back up the SQL databases
for Enterprise Vaultand the SQL master database.
Step 5
Create a policy to back up the Enterprise Vault data, create a template
that has scheduling information that will start the backup 15 minutes
after the pre-backup script has run.
Step 6
Ensure the Reset Archive Bit operation is selected in Backup Exec
(default).
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Table 7-14
Enterprise Vault backup sequence forBackup Exec (continued)
Sequence
Task
Step 7
Create one of the following backup policies:
Policy to backup the Enterprise Vault-related SQL data that
schedules to start the backup after the previous backup has had
time to complete
■ Policy to backup the Enterprise Vault-related SQL data that backs
up to another resource and can be done in parallel
■
Step 8
Schedule the Enterprise Vault post-backup task to run at the end of
the backup window.
165
166
Enhancing Microsoft® Exchange Server availability
Best practices for Symantec Backup Exec
Chapter
8
Regulatory compliance and
legal discovery for email
message management
This chapter includes the following topics:
■
About regulatory compliance
■
Email life cycle management
■
Considerations for data reduction
■
Considerations for threat reduction
■
Considerations for record retention
■
Considerations for discovery
About regulatory compliance
In the past two decades, email has evolved from a simple, quick method of personal
communication to a de facto record archive for business transactions and
operations. Emails also serve as detailed transaction records for businesses,
making email critically valuable as evidence in a court of law, proof that companies
are following compliance regulations, and a source for identifying violations of
internal company policies.
Consequently, modern business organizations are storing and diligently guarding
legacy email records for years to comply with external rules and internal corporate
governance guidelines. This relatively new regulatory practice has increased the
cost of storage required to retain legacy email records, as well as adding complexity
to email management.
168
Regulatory compliance and legal discovery for email message management
Email life cycle management
Whether driven by formal regulations, the need to be prepared for discovery, or
the ability to enforce corporate policies, the necessity for companies to establish
email controls has become paramount. Regulatory compliance is among the lead
drivers for organizations to implement IT controls and processes for email
management. In particular, companies need to effectively store, protect, and
search legacy email records. Whenever an email message is sent by business
personnel, or received at a business organization’s email gateway, is must be
effectively controlled, monitored, protected, and managed.
Compliance and discovery requirements vary
The direct, implied, or derived impact of regulatory compliance mandates varies
greatly between regulations, industries, and individual companies. As a result,
the implementations of the Symantec™ Email Security and Availability for
Microsoft® Exchange solution that are recommended for compliance purposes in
this Yellow Book may not apply to all organizations.
Moreover, IT organizations must deal with a wide array of non-email electronic
records. Discussion of regulatory compliance as it relates to these other types of
electronic records, as well as the impact of specific regulations, is outside the
scope of this document.
Email life cycle management
Today, business organizations recognize the mission-critical importance of email,
and messaging systems such as Microsoft Exchange in managing their email
traffic. As management of regulatory compliance and legal discovery requirements
becomes one of the top priorities for organizations, it has brought new
considerations and requirements for email.
From the time an email message is either sent by an individual in the organization
or received at the email gateway, it must be managed through each phase of its
life cycle until the time it is eventually deleted and permanently destroyed in
accordance with the relevant business policy or regulation.
Regulatory compliance mandates and legal discovery requirements not only
necessitate that required record emails be saved, but also require the ability to
search and provide requested information in timely manner. Faced with this,
simply saving of all email messages and subsequent searching of the historical
archive as required is not an ideal solution.
The following elements should be considered when developing an email retention
and retrieval implementation aimed at compliance:
Regulatory compliance and legal discovery for email message management
Considerations for data reduction
Data reduction
Email data reduction involves the automated, proactive
removal of spam. Today, spam consumes the majority of
email volume on the Internet. Reducing spam volume in a
business enterprise, even before it reaches the
organization’s network and email servers, will greatly reduce
the presence of non-business related information in email
archives.
Threat reduction
Email threat reduction involves stopping phishing attacks,
viruses, worms, and restricted content before these threats
reach the organization’s network and email servers.
Record Retention
Email retention is the automatic capture and secure storage
of email and attachments sent or received by business
personnel. An organization’s email retention policy must
also establish subsequent expiration and deletion of retained
email, based on the organization’s established regulatory
policies. Determining what email is retained, and for how
long, is a vital consideration.
Discovery
Organizations must comply with possible legal obligations,
should a court of law demand access to specified email
records. Email discovery is the process of searching and
classifying archived email content to meet these
requirements.
Backup
Email backup is typically a required, regularly scheduled
process. Backups entail copying and archiving email content
and attachments to offline media, and storing email archives
at secure locations, both onsite and off. Determining what
part backup plays in the overall compliance strategy has
important implications for both regulatory compliance and
legal discovery.
Considerations for data reduction
Managing spam and non-business email is a challenge to business organizations.
Although tougher government legislation and enforcement of anti-spam laws is
ongoing, spam still exists. While it may not yet be possible to completely eliminate
spam, solutions such as Symantec Email Security and Availability for Microsoft
Exchange enable firms to significantly reduce the effects spam can have on
business email traffic and server throughput.
Companies must take definitive steps to maintain normal email business
communications despite growing spam email volumes. But they must also be
aware of how spam may impact regulatory compliance.
169
170
Regulatory compliance and legal discovery for email message management
Considerations for data reduction
Risk issues related to spam have multiple dimensions. Left ignored, spam could
create these risk concerns for your business:
■
Spam can negatively affect the ability of business personnel to be responsive,
or comply with requests for historical email.
When a significant amount of spam is present, email discovery becomes more
difficult. Whether stored email is located in an inbox, a PST, or an archive, the
presence of spam can mean additional time and cost during discovery.
■
The content of spam messages is a serious concern, as spam is frequently used
as a launching vehicle for viruses, worms, and other malicious content.
These threats use various and ever-changing forms of deception, such as
phishing and other social engineering schemes, to compel the revelation of
confidential information. Depending on the success of the attack, and the type
of information obtained, spam can put company machines and information
at risk. In the worst case, spam can allow hackers to obtain unauthorized access
to company systems and confidential information.
■
Spam content is commonly malicious, inappropriate, or not conducive to
business.
Mailboxes on corporate email servers, or messages in archives with
inappropriate or possibly illegal content, are potential liabilities for companies.
■
Company computers that have been compromised by malicious software can
be used by spammers to save on hardware and bandwidth costs by anonymously
using the company’s equipment.
Inside an organization, these so-called zombie computers can generate spam
email without the knowledge or approval of business management.
Spam and archiving
Since regulations do not provide clear guidance on how to handle spam, it is
possible that simply deleting messages which are identified as spam may not be
advisable. It may be appropriate for some businesses to archive spam email as a
matter of caution. In this case the spam would still be filtered before it reaches
the recipient’s Inbox, but it would be archived instead of deleted.
Through the integration of Symantec™ Mail Security 8160 appliance and VERITAS
Enterprise Vault™, the Symantec Email Security and Availability for Microsoft
Exchange solution allows for spam to be automatically re-directed to an archive.
Regulatory compliance and legal discovery for email message management
Considerations for threat reduction
Considerations for threat reduction
As email communication grows in importance as a business-critical service, there
has been a corresponding evolution of threats related to email. In fact, the primary
delivery vehicle for malicious attacks into modern business organizations is email.
The benefits of taking steps to proactively filter and provide email that is free of
viruses, worms, and other malicious code are apparent to most organizations.
However, the connection between these threats and regulatory compliance is not
necessarily as obvious.
The intent of malicious code is becoming much more commonly linked to executing
various forms of deception and fraud targeted at individuals and organizations.
In addition, the methods used to perpetuate malicious content in email are
continually evolving and using more sophisticated exploits.
An email archive that is clean of viruses and other types of malicious code is
beneficial not only to reduce the possibility that malicious code could be
inadvertently executed by recipients, but also to prevent the consequential
inadvertent release of company or individual confidential information.
Considerations for record retention
Deciding what business email must be archived is subjective. An organization
needs to consider not only regulatory requirements, but also the practicality of
implementing the policy.
Determining what constitutes record and non-record email, and what needs to be
preserved, should be established along with the regulatory compliance and legal
discovery requirements. Typically, executive management, legal organization,
and outside legal counsel jointly determine what constitutes record and non-record
email. In deciding what must be retained and preserved, each business, through
examination of the current regulations, must interpret how these regulations
apply to their enterprise and industry.
It is clearly beyond the scope of IT managers alone to determine what constitutes
record and non-record emails. The role of the IT organization in providing
compliance with regulatory requirements needs to be considered as part of an
enterprise-wide compliance and risk-management program.
However, the duties of IT are still critical to the success of any regulatory
compliance program. In the United States, it has been established that courts
recognize and expect that IT management play a vital role in email-preservation
efforts. In some cases, IT professionals may be called upon to testify in court about
their email-preservation efforts and policies, and to demonstrate due diligence
in their processes.
171
172
Regulatory compliance and legal discovery for email message management
Considerations for record retention
When developing a compliance program, it is highly recommended that an
organization include legal expertise both from inside and outside the organization.
Decide how policies will be applied across the organization
Once policies are established for the business, a strategy for implementation must
be developed. It is recommended to identify how current regulations apply, and
which policies, schedules, and procedures are required for specific business units
and individuals within the company. Alternatively, IT can implement policies,
schedules, and procedures in a uniform manner across all the entire enterprise.
When it comes to compliance and email retention, individual departments can
have different internal records management requirements. By identifying key
business units and groups that generate or receive email that is subject to retention
requirements, specific policies can be put in place for that business unit, to meet
its specific needs.
As with business units, compliance requirements for certain individuals within
a business can vary. Key individuals with certain titles or scopes of authority may
require different email archiving requirements.
When scrutinizing individuals, it is worthwhile to consider the importance of
implementing legal holds on an individual’s email, without having to rely on those
individuals’ follow-up actions to comply. From both a legal and IT perspective,
being able to implement an automatic-hold mechanism is a more effective method
than the alternative, which is instructing individuals who may have relevant
information to retain all emails that may even potentially pertain to an issue.
IT personnel can also opt to take a uniform approach for all email users, applying
the same policies and procedures across the entire company. All sent and received
email is archived without consideration for origin or destination. This approach
may not be either feasible or optimal for some businesses.
Applying the same policies an procedures across the entire company may have
the following drawbacks:
■
Some email could be retained for periods longer than required.
■
Some email could be retained which is not required.
■
It could affect the ability to recover all email that is potentially relevant to a
request for discovery in a timely, cost-effective manner.
Consider other factors that affect archiving policy
Retention of relevant data for long periods of time requires sufficient system,
storage, and networking resources. Any decision that a business makes about
Regulatory compliance and legal discovery for email message management
Considerations for discovery
what, where, and how to archive email will play a direct role in determining
hardware requirements.
It is important to consider potential discovery requirements to which the business
may be subject. A substantial email archive could make discovery more challenging.
Despite a user’s best efforts at narrowing search results, the need to analyze
potentially non-relevant emails that still match search criteria could affect the
time, cost, and accuracy of the discovery effort.
Email retention schedules and procedures should be tailored to the particular
industry and business. An intensive assessment of these considerations should
be made before deciding upon how to implement an email retention system for a
business.
Considerations for discovery
Companies must be prepared to produce records for legal discovery, upon demand.
There are several considerations related to IT’s role in this email discovery process:
Completeness
Ensuring that search results are accurate, and flagging all relevant
emails.
Time
Responding to discovery requests in the time allotted.
Cost
Reducing logistical and cost issues when responding to discovery
requests.
Measuring the specific risk trade-offs and determining a suitable balance of each
of the factors is specific to your particular industry, business, and situation.
Optimize search and locate capabilities
The completeness of the results of a discovery search is critical. This includes the
accuracy of the search results in flagging all content that is even potentially
relevant to the specific discovery request, subpoena, or litigation.
It has been established that organizations are required to turn over all relevant
information they have custody of, regardless of its location. Often, however, the
email requested is not contained only in active emails in a user’s inbox, but in
archived emails or even in backups. Discovery of relevant email content can also
involve multiple search locations, including personal desktop machines, laptops,
email servers, spam servers, backup servers, archive servers, and offline disk or
tape. Without a coordinated and automated approach to email management,
discovery can be a challenging task.
173
174
Regulatory compliance and legal discovery for email message management
Considerations for discovery
Responding to discovery requests in a fixed amount of time is a common
requirement. While the amount of time spent identifying and producing requested
emails depends largely on what is specifically being requested, your turnaround
time can also be impacted in other ways.
Preventing non-business information from populating an archive is an important
goal. The fewer personal emails cluttering the storage space, the better. Achieving
that goal will enable an organization to improve search times and the average
number of search hits. The ultimate yield is a much higher percentage of relevant
information with every discovery search that is performed.
The accessibility of email stored in your organization archive is also an important
consideration. Inaccessible email archived on offline media, or stored on individual
machines in PST files, is significantly more difficult to search for and locate than
email stored in an automated online archive.
Establish efficiency
It is important to reduce the cost of responding to discovery requests. An email
retention plan should exist to manage discovery requests in a minimally disruptive
way to the business, including the individuals, business units, or groups involved
in the discovery.
Being able to minimize the number of individuals that need to be actively involved
in responding to the discovery is beneficial. By having an email retention policy
and automatic enforcement mechanisms in place, the burden is shifted from
individuals to take additional steps to recover and protect and potentially relevant
emails.
Being able to minimize the number of locations, including systems and physical
locations, is also critical. Itemizing, locating, and examining systems for potentially
relevant emails or recovering data from offline media can be costly. Having a
comprehensive email retention system in place may substantially reduce the
number of locations in which a copy of a potentially relevant email may exist.
Through use of email archiving, the process required to search for and recover
potentially relevant emails may be simplified, and may potentially avoid the need
for outsourcing to a data-recovery firm.
Understand the role of backup
The need to provide regular backup and restore services for Exchange servers is
a well-established requirement for most IT organizations. However, the
relationship between backup and regulatory compliance is not necessarily
straightforward.
Regulatory compliance and legal discovery for email message management
Considerations for discovery
Although backups provide a periodic snapshot of the email records that reside on
an organization’s Exchange servers, reliance on backup alone may be inadequate,
or even create additional areas of exposure:
■
Backups are periodic.
A backup with only provide potential access to email existing on the server at
the time the backup was created.
■
Backups contain unfiltered data.
Backups contain everything in the inbox, not just what may be required by
company policy for compliance.
■
Backups are difficult to search.
Inefficient and time-consuming searches usually result from discovery in
backed-up email archives, often requiring lengthy restore operations to stage
the email back to an Exchange server before the actual search can be performed.
■
Backups are kept offline.
Email backups must be restored to an online Exchange server to be efficiently
accessed. This process can be iterative, when multiple backups must be
reconstructed to create a timeline of related emails.
■
Backup media have physical profiles that must be tracked and managed.
■
Backups typically do not expire uniformly.
Most likely, using backup tapes as a generic cover for regulatory compliance will
be insufficient for most organizations faced with regulatory requirements.
Discovery searches by companies with no information-retention policies in place,
who are forced to rely on backups as their historical archive, will take more time,
incur more costs, and involve greater risks.
175
176
Regulatory compliance and legal discovery for email message management
Considerations for discovery
Chapter
9
Best practices for VERITAS
Enterprise Vault™ legal
discovery and compliance
options
This chapter includes the following topics:
■
About Enterprise Vault Discovery Accelerator
■
About Enterprise Vault Compliance Accelerator
■
Comparison matrix
■
About Enterprise Vault Compliance Accelerator installation
■
Best practices for installing and configuring Enterprise Vault Discovery
Accelerator
■
Best practices for installing and configuring Enterprise Vault Compliance
Accelerator
■
Best practices for customizing Enterprise Vault Discovery Accelerator
■
Best practices for customizing Enterprise Vault Compliance Accelerator
■
Best practices for upgrading Enterprise Vault Compliance Accelerator
■
Best practices for Enterprise Vault Compliance Accelerator backup and recovery
■
Troubleshooting recommendations for Enterprise Vault Discovery Accelerator
■
Troubleshooting recommendations for Enterprise Vault Compliance Accelerator
178
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
About Enterprise Vault Discovery Accelerator
About Enterprise Vault Discovery Accelerator
VERITAS Enterprise Vault™ Discovery Accelerator is a case management system
designed to facilitate and audit internal work flows for legal teams running
searches and marking records.
Enterprise Vault Discovery Accelerator’s robust search and export tool allows an
assigned administrator or reviewer the ability to conduct online searches of their
existing archived data in response to an external legal request or an internal
company inquiry. Enterprise Vault Discovery Accelerator can search user mailbox
archives, journal mailbox archives, file system archives, Microsoft SharePoint®
archives and public folder archives. If an item of interest is found in the Enterprise
Vault Discovery Accelerator search, administrators can permanently attach
comments or marks to any item discovered, rank items according to their relevance
to the search request and export the items or reports as PST files or XML files for
later use in pending or threatened litigation.
Enterprise Vault Discovery Accelerator does not alter the original contents of the
email or document, but appends to the data in order to preserve the integrity of
the searched items. Once an item is tagged with comments by a Reviewer,
comments can not be removed from the mail or document. This maintains a fully
auditable trail. Enterprise Vault Discovery Accelerator is ideal for ad-hoc searches
that are needed when an issue arises that is questionable to the internal corporate
polices that are established. Most searches created for discovery are created on
an as-needed basis. Enterprise Vault Discovery Accelerator can produce
information in formats that the courts or third-party counsels can consume for
legal discovery situations.
About Enterprise Vault Compliance Accelerator
VERITAS Enterprise Vault™ Compliance Accelerator enables organizations to
implement a corporate strategy for regulatory compliance.
Enterprise Vault Compliance Accelerator allows administrators to create searches
that align with an organization’s compliance strategy, such as collecting a
percentage of all generated email and monitoring for improper language or
business conduct. After formal retention policies are established, compliance
requirements can be quickly and accurately fulfilled using Enterprise Vault
Compliance Accelerator.
Enterprise Vault Compliance Accelerator can be configured to search archives
for defined words and phrases, to search by date ranges and message size, type
of email, or the direction (inbound/outbound) of the email. Administrators can
also search for the email author, domain name, recipient, and attachments.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Comparison matrix
Searches can be created and scheduled to run automatically or they can run
manually.
Comparison matrix
Table 9-1 lists the features and functionality supported by Enterprise Vault
Compliance Accelerator and Enterprise Vault Discovery Accelerator respectively.
Table 9-1
Matrix comparing Compliance Accelerator and Discovery Accelerator
Functionality
Compliance
Accelerator
Discovery
Accelerator
Web-based interface
Yes
Yes
Store data within SQL Database
Yes
Yes
Search Enterprise Vault index
Yes
Yes
Create scheduled searches
Yes
No
Perform ad hoc searches
Yes
Yes
Employee and group synchronization from Active Directory
Yes
No
Search by file extension (.exe, .mp3, .htm, and so on)
Yes
No
Search by number of attachments
Yes
No
Search by size of attachment
Yes
No
Search by minimum number of items discovered
Yes
No
Search by date range
Yes
Yes
Search by absolute limit (set upper limit on number of items to discover)
Yes
No
Search by message size
Yes
No
Search by message type (IM, Bloomberg®, and so on)
Yes
Can be configured
Search by retention category
Yes
No
Search using existing templates
Yes
Yes
Search by external domain
Yes
No
Search by message direction (recipient or sender; incoming or outgoing)
Yes
Can be configured
Search and monitor emails between business units or departments
Yes
No
179
180
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Comparison matrix
Table 9-1
Matrix comparing Compliance Accelerator and Discovery Accelerator
(continued)
Functionality
Compliance
Accelerator
Discovery
Accelerator
Application searches
Yes
No
Key word and hot word searches
Yes
Yes
Assign Bates numbers for legal inquiries
No
Yes
Comply with legal discovery requests
Yes
Yes
Random sampling of user data (by percentage)
Yes
No
Department index tagging
Yes (requires
Journaling
Connector)
No
Reporting
Yes
No
Report and view assignments (marked, status, reviewer)
No
Yes
Assign reviewer and supervisor levels and permissions
Yes
Yes
Customize review marking (comments)
Yes
Yes
Automatically accept search results
Yes
Yes
Audit history and workflow of searched and discovered items
Yes
Yes
Export search results to PST file
Yes
Yes
Export data to PST file
Yes
Yes
Export configuration data to XML file
Yes
No
Export search results to MSG file
Yes
Yes
Export search results to HTML file
Yes
Yes
Import configuration data
Yes
Yes
Crete exception employees (special grouping and searching restrictions or Yes
monitoring, such as executive or sensitive team data)
No
Designed for use with human resources departments (internal policy and
procedure tracking and enforcement)
Yes
No
Designed for use with legal departments and workflow audits of legal cases No
(cuts cost of scrubbing and reviewing data)
Yes
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
About Enterprise Vault Compliance Accelerator installation
Table 9-1
Matrix comparing Compliance Accelerator and Discovery Accelerator
(continued)
Functionality
Compliance
Accelerator
Discovery
Accelerator
Designed to assist with regulatory control
Yes
No
Designed to assist with monitoring and surveillance
Yes
No
Designed to assist with government compliance (federal, state, and local)
Yes
No
Designed to assist with financial compliance (NASD and SEC)
Yes
No
Designed to assist with health care compliance (HIPAA; privacy regulations Yes
and public records requests)
No
Designed to assist energy companies with government compliance (scandal Yes
discovery and regulations)
Yes
Designed to assist with higher education (research and discovery)
Yes
Yes
Designed to assist with Sawbones-Oxley Act (internal controls and
reporting)
Yes
No
Designed to assist Microsoft Exchange administrators with data discovery Yes
No
About Enterprise Vault Compliance Accelerator
installation
Enterprise Vault Compliance Accelerator, Journaling Connector, and SQL Server
should not be installed on the same computer as the main Enterprise Vault
installation, particularly in a production environment. Because of the additional
demands placed on system resources, the ability to conduct quick searches and
archiving is reduced.
By installing Enterprise Vault Compliance Accelerator to its own computer, the
intensive searching that takes place will have a minimal effect on the Enterprise
Vault system. However, Enterprise Vault Compliance Accelerator can be installed
on the Enterprise Vault server for demonstration or testing purposes.
The Enterprise Vault Compliance Accelerator and Enterprise Vault software must
be installed on the same computer to allow access to the messages in the Enterprise
Vault archives. However, it is not necessary to configure the Enterprise Vault
services on the computer running Enterprise Vault Compliance Accelerator.
181
182
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Discovery Accelerator
Note: Running Enterprise Vault Compliance Accelerator and Enterprise Vault
Discovery Accelerator on the same computer is not supported. Only Enterprise
Vault Compliance Accelerator 5.1 Service Pack 3 (SP3) or later is supported with
Enterprise Vault 6.0.
Best practices for installing and configuring
Enterprise Vault Discovery Accelerator
Enterprise Vault must be installed on the same computer as Enterprise Vault
Discovery Accelerator. If the existing Enterprise Vault server is not used as the
install-point computer, and Enterprise Vault Discovery Accelerator is installed
on a standalone system to take advantage of the performance benefits, Enterprise
Vault can be installed without completing all of the configuration steps. In this
type of configuration, Symantec™ recommends setting the Enterprise Vault Admin
Service Startup Type to Disabled if Enterprise Vault is not configured on that
standalone server.
Note: Enterprise Vault Discovery Accelerator can be installed to the Enterprise
Vault server, however this will downgrade computer performance and it is not
recommended.
Enterprise Vault Discovery Accelerator must be configured and installed using
the Vault Service account. The computer on which Enterprise Vault Discovery
Accelerator is installed must be in the same domain as the Enterprise Vault Server
or in a trusted domain. The same version of Enterprise Vault must be installed to
the Enterprise Vault Discovery Accelerator computers. The operating system and
patches should match on the computers running the Enterprise Vault and
Enterprise Vault Discovery Accelerator.
Prepare to install Enterprise Vault
Make sure that the following prerequisites have been met before installing
Enterprise Vault Discovery Accelerator:
■
The Vault stores to be searched must have Indexing set to Full.
■
Enterprise Vault 6.0 is used with Enterprise Vault Discovery Accelerator 5.0
SP3 or later. Enterprise Vault supports only Enterprise Vault Discovery
Accelerator 5.0 SP3 or later.
■
Microsoft Internet Explorer 6.0 or later is installed, as well as the Internet
Explorer WebControls from the Redistributable folder in the install kit.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Discovery Accelerator
Symantec recommends disabling pop-up blockers, or the administrator should
know how to enable them when using Enterprise Vault Compliance Accelerator
reviewing pages.
■
Microsoft .NET Framework v1.1 with Service Pack 1 is installed. The Microsoft
.NET Framework can be found in the Redistributables folder of the Enterprise
Vault Discovery Accelerator install kit. Microsoft .NET SP1 should be installed
to address known memory leaks and security issues.
■
Automatic updates of Microsoft .NET should be disabled. All updates should
be reviewed before installing.
Any Microsoft .NET patches should be installed one at a time in a test
environment before installing in a production environment.
■
Microsoft Internet Information Services (IIS) is installed to the Enterprise
Vault Discovery Accelerator system and the IIS worker process has write access
to the Enterprise Vault Discovery Accelerator installation folder.
■
Microsoft Active Server Pages (ASPs) are installed and the Web Service
Extension option is set to allow Active Server Pages scripts to run.
■
The Vault Account in which the IIS worker process is running has Full Control
access to the Windows® Temp folder and Allow inheritable permissions from
parent to propagate to this object enabled.
■
The Authenticated Users group has Full Control access to the Windows Temp
and TMP folder and Allow inheritable permissions from parent to propagate
to this object enabled. If the ASP.NET service logs on under a different account
than Authenticated Users, the different account should be given Full Access
rights as well.
■
If Microsoft SQL Server is not installed to the Enterprise Vault Discovery
Accelerator computer, SQL Client Tools are installed. The Enterprise Vault
Discovery Accelerator database requires 600 MB minimum on the SQL Server
computer.
■
The Microsoft MIME type, JScript® (JSE), is enabled in the IIS properties.
■
The Default Web Site in IIS Manager can be browsed to and opened from
Computer Management and IIS Manager.
If the Under Construction page cannot be opened, IIS is not configured properly
and the Enterprise Vault Discovery Accelerator Web application will not
function. For IIS troubleshooting information, see the following URL:
http://www.microsoft.com/WindowsServer2003/IIS/default.mspx
■
The Enterprise Vault Discovery Accelerator server has a minimum of 2 GB of
memory. If the Enterprise Vault Discovery Accelerator computer is not a
standalone computer, it must have a minimum of 4 GB, with at least 2 GB
allocated for Enterprise Vault Discovery Accelerator use.
183
184
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Discovery Accelerator
Note: Running Enterprise Vault Compliance Accelerator and Enterprise Vault
Discovery Accelerator on the same computer is not supported. Only Enterprise
Vault Compliance Accelerator 5.1 SP3 or later is supported with Enterprise Vault
6.0.
See the Enterprise Vault Discovery Accelerator Installing and Configuring guide
for more information.
SQL Server requirements for Enterprise Vault Discovery Accelerator
Because the amount of resources that searching requires, the Enterprise Vault
Discovery Accelerator database should be installed on a standalone computer.
Enterprise Vault Discovery Accelerator SQL Server database requires 600 MB
minimum of disk space to be created.
For other requirements:
See “SQL Server requirements for Enterprise Vault Compliance Accelerator”
on page 189.
Install Enterprise Vault Discovery Accelerator
Enterprise Vault must be installed before installing Enterprise Vault Discovery
Accelerator. Before installing Enterprise Vault Discovery Accelerator, ensure that
all prerequisites to install Enterprise Vault Discovery Accelerator have been met.
To install Enterprise Vault Discovery Accelerator
1
Start the Administrator Console, and then point to the Enterprise Vault server
to be used for Enterprise Vault Discovery Accelerator.
2
Launch the installation wizard, and when prompted for the Enterprise Vault
Discovery Accelerator Service login, provide the Domain\UserName for the
Vault Service account.
3
After the installation is complete, verify that the Enterprise Vault Discovery
Accelerator license key is stored in C:\Program Files\KVS\Discovery
Accelerator.
An Enterprise Vault license key is not required for Enterprise Vault Discovery
Accelerator to run.
4
Verify that the IIS Admin Service and WWW Publishing Service have started.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Discovery Accelerator
5
Start the Enterprise Vault Discovery Accelerator Service.
6
After installation completes, ensure that services are registered by waiting
approximately 30 seconds before starting the Enterprise Vault Discovery
Accelerator Service.
Note: Installations of Enterprise Vault Discovery Accelerator and Enterprise Vault
Compliance Accelerator are not supported on the same computer.
Configure Enterprise Vault Discovery Accelerator
The Vault Service account must be used to configure Enterprise Vault Discovery
Accelerator to manage the Enterprise Vault server. Configuring Enterprise Vault
Discovery Accelerator consists of the following tasks:
■
Launching the Enterprise Vault Discovery Accelerator Web application
■
Completing the configuration
To launch the Enterprise Vault Discovery Accelerator Web application
1
Launch the Web browser and browse to the Enterprise Vault Discovery
Accelerator home page, http://<Discovery Accelerator server name>/
EVDiscovery/.
To eliminate the need to authenticate every time a connection is made, use
the localhost connection method (http://localhost/EVDiscovery/) instead of
using theEnterprise Vault Discovery Accelerator server name.
2
When prompted for login information, provide the Vault Service account
information that was used during the installation process.
3
Click the Configure link to begin the configuration process.
To complete the configuration
1
Provide a valid SQL Server computer name and the Instance name, if
applicable (ServerName\InstanceName).
2
If desired, specify a new name for the database. The default name for the
database to be created is EVAccelerator.
Specify a unique database name if Enterprise Vault Compliance Accelerator
is also installed, if a previous version of Enterprise Vault Discovery Accelerator
is installed, or if there are multiple installations of Enterprise Vault Discovery
Accelerator on different computers.
185
186
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Discovery Accelerator
3
Point to an existing volume on the SQL Server computer where the MDF
database files will be hosted.
A local or mapped drive can be used, but not a UNC path. Whatever volume
is used should reside on the SQL Server computer, and not on the Enterprise
Vault Discovery Accelerator computer.
4
Point to an existing volume on the SQL Server computer where the LDF
database files will be hosted.
A local or mapped drive can be used, but not a UNC path. Whatever volume
is used should reside on the SQL computer, not the Enterprise Vault Discovery
Accelerator computer.
5
Verify or provide the DNS alias or server name of the Enterprise Vault
Directory Service computer.
6
After the configuration has been completed, when prompted to restart the
Enterprise Vault Discovery Accelerator Service, wait approximately 30 seconds
before starting the Enterprise Vault Discovery Accelerator Service to ensure
that all services are registered.
Note: To install the database files to a hidden share, the databases must first be
installed to a non-hidden share. The Enterprise Vault Discovery Accelerator
installer does not allow a database to be created in a hidden share (for example
D:\SQL$). However, Enterprise Vault Discovery Accelerator does function correctly
when using hidden shares. Use SQL Server to move the databases to a hidden
share after they are created.
Enterprise Vault Discovery Accelerator browser interface
recommendations
Symantec recommends the following practices when using the Enterprise Vault
Discovery Accelerator browser interface:
■
Use the links provided in the application to navigate from page to page instead
of using the Internet Explorer browser buttons or shortcut keys.
The bottom of each Enterprise Vault Discovery Accelerator page has a Close
button to close the page and return to the previous page. Use the links provided
instead of the browser toolbar Back button or the Backspace key.
■
To refresh the current Enterprise Vault Discovery Accelerator page, right-click
the page, and then select Refresh from the context menu. Clicking Refresh in
the browser toolbar opens the Enterprise Vault Discovery Accelerator home
page.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Compliance Accelerator
■
Run the browser in full screen mode by using the function key F11 to toggle
between views.
Best practices for installing and configuring
Enterprise Vault Compliance Accelerator
Enterprise Vault must be installed on the same computer as Enterprise Vault
Compliance Accelerator. If the existing Enterprise Vault server is not used as the
install-point computer, and Enterprise Vault Compliance Accelerator is installed
on a standalone computer to take advantage of the performance benefits,
Enterprise Vault can be installed without completing all of the configuration steps.
If Enterprise Vault will not be configured on the server, set the Enterprise Vault
Admin Service Startup Type to Disabled.
Note: Enterprise Vault Compliance Accelerator can be installed to the Enterprise
Vault production server. However, this will degrade the performance on the server.
Therefore, Symantec recommends against installing Enterprise Vault Compliance
Accelerator can be installed to the Enterprise Vault production server.
Enterprise Vault Compliance Accelerator must be installed and configured using
the Vault Service account. The computer used for installation must be in the same
domain as the Enterprise Vault server or in a trusted domain. The same version
of Enterprise Vault must also be installed on the Enterprise Vault Compliance
Accelerator computer.
Instead of using Enterprise Vault Compliance Accelerator to search the Vault
stores directly, Symantec recommends that administrators create a new Vault
store to contain all Journaling. The new Vault store can then be searched with
Enterprise Vault Compliance Accelerator.
Prepare to install Enterprise Vault Compliance Accelerator
Make sure that the following prerequisites have been met before installing
Enterprise Vault Compliance Accelerator:
■
Microsoft Internet Explorer 6.0 or later is installed, as well as the Internet
Explorer WebControls from the Redistributable folder in the install kit.
Microsoft Active Server Pages (ASPs) are installed and the Web Service
Extension option is set to allow Active Server Pages scripts to run.
■
Microsoft IIS is installed on the Enterprise Vault Compliance Accelerator
computer, and the IIS Worker Process has write access to the Enterprise Vault
Compliance Accelerator installation folder.
187
188
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Compliance Accelerator
■
Symantec recommends disabling pop-up blockers, or the administrator should
know how to enable them when using Enterprise Vault Compliance Accelerator
reviewing pages.
■
If Microsoft SQL Server is not installed to the Enterprise Vault Compliance
Accelerator computer, SQL Client Tools are installed instead.
The Enterprise Vault Compliance Accelerator database requires 600 MB
minimum of disk space on the SQL Server computer.
■
Microsoft .NET Framework version 1.1 with Service Pack 1 (SP1) is installed.
The Microsoft .NET Framework is shipped with VERITAS Enterprise Vault
Discovery Accelerator and can be found in the Redistributable folder in the
install kit. In addition, Microsoft .NET SP1 should be installed to address known
memory leaks and security issues.
■
Automatic updates of Microsoft .NET should be disabled. All updates should
be reviewed before installing.
Any Microsoft .NET patches should be installed one at a time in a test
environment before installing in a production environment.
■
A PDF reader or spreadsheet viewer is installed for printing and viewing
Enterprise Vault Compliance Accelerator reports.
The Microsoft Excel® Viewer can be downloaded from Microsoft.
■
The Microsoft MIME type, JScript (JSE), is enabled in the IIS properties.
■
The Authenticated Users group has Full Control access to the Windows Temp
and TMP folder and Allow inheritable permissions from parent to propagate
to this object enabled. If the ASP.NET service logs on under a different account
than Authenticated Users, the different account should be given Full Access
rights as well.
■
If Enterprise Vault Compliance Accelerator is on a different server than
Enterprise Vault, the correct version of MAPISVC.INF is installed on the
Enterprise Vault Compliance Accelerator server. To verify the version, open
Help in the Enterprise Vault Administrator Console and search on
MAPISVC.INF.
■
An Enterprise Vault Compliance Accelerator license key is obtained for any
computer on which the Enterprise Vault Compliance Accelerator Service is to
run. The service can not not start until the license key is installed.
■
The Enterprise Vault Compliance Accelerator server has at least 2 GB of
memory. If the Enterprise Vault Compliance Accelerator computer is not a
standalone, it must have a 4 GB minimum of memory, with at least 2 GB
allocated for Enterprise Vault Compliance Accelerator usage.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Compliance Accelerator
Requirements for the optional Journaling Connector
Installing the optional Journaling Connector allows organizations to increase
performance and search capabilities. The Journaling Connector lets administrators
randomly sample a department’s or individual’s messages.
The Journaling Connector component must be installed on the same computer as
the Enterprise Vault Journaling Service. By default, the Journaling Connector does
not add report type messages (such as delivery receipts, read receipts, out of office
auto replies, auto replies from Microsoft Outlook® rules, or quota warnings) to
the review set.
Before installing the Journaling Connector, observe the following requirements:
■
Use Custom Install option for Enterprise Vault Compliance Accelerator to
install the Journaling Connector to the Enterprise Vault server.
■
Install the Journaling Connector component on the same computers as the
Enterprise Vault Journaling Task.
■
Make sure to use the Journaling Connector is if Exception employees will be
created.
■
Install Microsoft .NET Framework v1.1 on any computer on which the
Journaling Connector is to run.
■
Set indexing to Full on the Enterprise Vault archives.
■
Note that computers with only the Journaling Connector component do not
need an Enterprise Vault Compliance Accelerator license key installed.
SQL Server requirements for Enterprise Vault Compliance Accelerator
Symantec strongly recommends that the Enterprise Vault Compliance Accelerator
database reside on a standalone computer. This is because of the amount of
resources used during searches.
The SQL Server database that Enterprise Vault Compliance Accelerator uses
requires 600 MB of disk space minimum to be created.
Other requirements for the SQL database are as follows:
■
Enterprise Vault Compliance Accelerator is supported for use with SQL Server
2000 SP3a. It is expected to support the use of SQL Server 2005 in 2006.
■
If Enterprise Vault Compliance Accelerator is not installed on the same
computer as the SQL Server, the SQL Client Tools must be installed on the
Enterprise Vault Compliance Accelerator computer.
■
The SQL Server should have at least 2 GB of memory. If the Enterprise Vault
Compliance Accelerator computer is not standalone, it must have a minimum
189
190
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Compliance Accelerator
of 4 GB of memory, with at least 2 GB allocated for Enterprise Vault Compliance
Accelerator.
■
The Vault Service account must be a System Administrator on the SQL server.
In addition, the SQLAgent service must be running. If the Enterprise Vault
Compliance Accelerator database is created on a different computer than the
Enterprise Vault databases, the administrator must create a SQL login for the
Enterprise Vault Service account that is identical to the one used on the
Enterprise Vault database server.
■
The volume that will be used for the Enterprise Vault Compliance Accelerator
database must be created before Enterprise Vault Discovery Accelerator is
installed. When prompted to select the volume in which to create the database,
point to the SQL computer volume, not to the Enterprise Vault Compliance
Accelerator volume.
Install Enterprise Vault Compliance Accelerator
Verify that all requirements to install have been met. Enterprise Vault must be
installed before installing Enterprise Vault Compliance Accelerator.
Enterprise Vault must be installed before installing Enterprise Vault Compliance
Accelerator. Before installing Enterprise Vault Compliance Accelerator, ensure
that all prerequisites to install it have been met.
To install Enterprise Vault Compliance Accelerator
1
Start the Administrator Console and then point to the Enterprise Vault server
to be used for Enterprise Vault Compliance Accelerator.
2
Log on to the Vault Service account and run the Enterprise Vault Compliance
Accelerator\Setup.exe installer.
Follow the prompts in the installation wizard.
3
If the Journaling Connector is to be installed at the same time, provide the
name (ServerName\SQLInstanceName) of the SQL Server computer that is
hosting the database for the Enterprise Vault Directory. This information is
only required for the Journaling Connector installation.
4
When the Set Service Login dialog box prompts for details of the account
under which the Enterprise Vault Compliance Accelerator Service is to run,
enter the name of the Vault Service account as domain\username.
5
When the installation completes, verify that the correct license is in the KVS
directory, and then start the Enterprise Vault Compliance Accelerator Service.
See “Upgrading Enterprise Vault Compliance Accelerator” on page 203.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Compliance Accelerator
Configure Enterprise Vault Compliance Accelerator
In a Web application, the Vault Service account must be used to configure
Enterprise Vault Compliance Accelerator to set up and manage the Enterprise
Vault server. Configuring Enterprise Vault Compliance Accelerator consists of
the following tasks:
■
Before launching the Enterprise Vault Compliance Accelerator Web Application
in a browser, add server names and paths to the Trusted Sites in the browser.
■
Configure Enterprise Vault Compliance Accelerator
To add server names and paths to Trusted Sites
◆
Add the following server name and application paths to the browser’s Trusted
Sites:
■
http://LocalHost/EVBACompliance
■
http://<computer name>/EVBACompliance
To configure Enterprise Vault Compliance Accelerator
1
When a prompt appears for login information, provide the Vault Service
account information that was used during the installation.
2
Click the Configure link to begin the configuration process.
3
Complete the Database and Enterprise Vault Details by providing the following
information:
■
Server Name
Provide a valid SQL server name (ServerName\InstanceName).
■
Database Name
The default name for the database will be created as EVAccelerator.
Choose a unique database name if Enterprise Vault Discovery Accelerator
is also installed, a previous version of Enterprise Vault Compliance
Accelerator is installed, or if there are multiple installations of Enterprise
Vault Compliance Accelerator on different computers.
■
Data file folder
Point to an existing volume on the SQL Server computer to host the MDF
database files.
■
Log file folder
Point to an existing volume on the SQL Server computer to host the LDF
database files.
191
192
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for installing and configuring Enterprise Vault Compliance Accelerator
■
4
Verify or provide the DNS alias or server name of the Enterprise Vault
Directory Service computer.
When prompted to restart the Enterprise Vault Compliance Accelerator
Service, wait approximately 30 seconds to ensure that all services have
registered.
Note: To install the database files to a hidden share, the databases must first be
installed in a non-hidden share. The Enterprise Vault Compliance Accelerator
installer does not allow a database to be created in a hidden share (for example
D:\SQL$). However, Enterprise Vault Compliance Accelerator does function
correctly when using hidden shares. Use SQL Server to move the databases to a
hidden share after creation.
Enterprise Vault Compliance Accelerator browser interface
recommendations
When using the Enterprise Vault Compliance Accelerator browser interface, follow
these practices:
■
Use the links provided in the application to navigate from page to page instead
of using the Internet Explorer browser buttons or shortcut keys.
The bottom of each Enterprise Vault Compliance Accelerator page contains a
Close button for closing the page and returning to the previous page. Use only
the links provided instead of the browser toolbar Back button or the Backspace
key.
■
To refresh the current Enterprise Vault Compliance Accelerator page,
right-click the page and then select Refresh from the context menu. Using the
browser Refresh button or the application logo opens the Enterprise Vault
Compliance Accelerator home page.
■
Run the browser in full screen mode by selecting the function key F11 to toggle
between the views.
■
A red exclamation mark on an Enterprise Vault Compliance Accelerator page
indicates an error or warning. To view the message, hover the cursor over the
exclamation mark.
■
If a pop-up blocker application is running, an Internet Explorer popup icon
may appear in the browser footer. Modify the settings, if necessary.
■
If a question mark appears over the Department name, note that the
administrator has not assigned a Department Reviewer.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for customizing Enterprise Vault Discovery Accelerator
If upgrading from Enterprise Vault 5.x, Department Reviewer is a new
functionality and the administrator must add the role to the Departments task
after it has been created under the Roles tasks.
■
Use the tasks under the Application Administration column to add employees,
create departments and roles, and set up schedules for searches.
Note that Application Administration tasks are applied system-wide and are
not restricted to any particular department.
■
Use the tasks under the Department Administration column to create a
department or department group, grant users access to a particular department
group, assign employees to be monitored, and select the monitoring policy to
which monitored employees must comply.
Best practices for customizing Enterprise Vault
Discovery Accelerator
After Enterprise Vault Discovery Accelerator is installed and configured,
administrators can customize the Vault store for their particular environments
by doing the following:
■
Creating roles, cases, and targets.
■
Creating site specific Marks (comments) to search archived data.
Users only see the departments, features and tasks for which they have
permissions, as defined by the Roles options. The view a user has can be changed
by assigning either a different role to the user or by changing the permissions
included in a role.
Administrative users perform different functions, as follows:
■
Application administrators
Application administrators create roles, set up targets to be searched, and
establish the Marks to be added as comments for each case. To perform
case-specific tasks, users with application roles need to be given a case role
for each case they need to access.
■
Case administrators
Case administrators have the ability to perform case-specific tasks in the Case
Administration and Review Messages columns on the home page.
Note: There should be at least one power user who has all functionality in Case
Administration and Application Administration for troubleshooting purposes.
Symantec recommends that the Vault Service account hold both permissions.
193
194
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for customizing Enterprise Vault Discovery Accelerator
Creating roles, cases, and targets
The following tasks relating to creating roles, cases, and targets should be
performed by users with the appropriate administrative privileges:
■
Assign a role
After the Discovery database is created, the program returns to the Enterprise
Vault Discovery Accelerator home page. Application administrators can access
the Application Administration options page to create roles and cases. Roles
and cases must be created before any searches can be performed.
■
Create or edit Scheme Templates
The Case administrator can create or edit existing Scheme Templates. Scheme
Templates provide a set of Marks, or comments, that reviewers can apply to
any item discovered in a case. The templates are available to all cases. If a new
Scheme Template is created, the Reviewer Marks can be customized for a
particular organization, industry, or level of reviewer. Custom Scheme
Templates allow organizations to limit certain comments to certain reviewers,
based on level of authority. For example, a higher level of review comments
would be given to a member of the internal legal counsel team than to the
paralegal team.
To add any new Mark to a customized template, the Application administrator
must create the Marks using the Marks task option.
■
Select a Vault store
Enterprise Vault Discovery Accelerator automatically synchronizes with the
Enterprise Vault server and displays all available Vault stores that are on the
Enterprise Vault server. After a Vault store is selected, the administrator can
enable the user mailbox to be searched.
Only Case administrators can override the existing Vault stores used for a
particular search.
■
Create a target
Before beginning a search, administrators can establish which mailbox is the
target of the search, and designate targets or specific users for cases that will
be searched. Case Managers can create specific Target Groups by using the
Address Manager. Make sure to enter all the email addresses for a given user
to search, and separate each address with a carriage return.
A new Target Group can include all users from one or more departments, or
only certain specified users. For example, to create a Target Group that holds
the entire sales and marketing team, an administrator would first ensure that
all sales and marketing users are created as individual targets. Next, the
administrator would create a Target Group, and then add the mailboxes for
the sales and marketing team to the new Target Group.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for customizing Enterprise Vault Discovery Accelerator
After the targets are established, they are displayed under the Case
Administration column, but only if the login account being used has
permissions to view cases.
For more information about how to bulk-load, or import data into Enterprise
Vault Discovery Accelerator, see Enterprise Vault Discovery Accelerator
Installing and Configuring guide.
■
Create a case
A case is an organized search of large volumes of email in a selected Vault
store. Multiple cases can be created by a Case administrator for a given piece
of mail with different markups, comments, and so on. Each case is maintained
within the specific case history. Once a case is created, it can be closed, but it
cannot be deleted. This allows a fully auditable trail to be maintained.
Only one case owner can be assigned, but the case owner can be a group that
has multiple users.
An existing Bates number can be assigned to the case by using the Size Export
ID field for tracking and search purposes. The output results can be stored to
a network share using \\my_computer\case. Alternatively, the results can be
stored to a local drive.
■
Using target shortcuts when creating a case
■
When creating a new case, if the name of the target or Target Group to be
searched is known the administrator can bypass browsing the list of all targets,
and instead type a shortcut as follows:
■
■
For targets, use the format T:<TargetName>.
■
For target groups, use the format TG:<TargetGroupName>.
For example, to search through all mail for a group called Executives, type
TG:Executives.
■
To enter multiple targets, separate each line with a carriage return.
■
If desired, enter only part of an address or display name. for example, User1.
A partial entry can be shown with the name, User1. A wildcard can be used
to denote part of the this search term, for example, Use*.
If a wildcard is used, there must be at least three characters preceding it.
If the target in the address book is referenced, the display name must be
preceded by T:. Do not include wildcard characters.
Add user roles
After a case is created, a Case administrator can add a user from the Case
Administration column to define users and roles. After the user is added to
the case, the administrator can apply specific Marks for the user to the case.
195
196
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for customizing Enterprise Vault Discovery Accelerator
Creating searches
The following tasks relate to searches:
■
Create a search
Enterprise Vault archives copies of inbound and outbound messages and
documents them so that all copies can be searched. To create a search, from
the Case Administrator column, select any Case created earlier, then, under
Options, select Searches.
New searches can be created that contain key words or phrases, data sent
between individuals, or data sent between a certain date range. Finished
searches can not be deleted or re-executed. However, once a search is saved,
it can be used as a template for subsequent searches. If a search is in progress,
it can be stopped before it is complete to change the search criteria.
Note: Do not enable Auto Accept on any search that will not be permanently
saved. When this option is disabled, the administrator will have to manually
accept or reject the search results. After the administrator chooses to accept
a search, the search is permanently stored in the Enterprise Vault Discovery
Accelerator database.
Type the keyword or phrase to be searched in the Contents field. Separate each
line by a carriage return.
When creating a search, a display name can be used for the target. For example,
in addition to the full email address name of User1@YourDomain.com, a shorter
version, User1, can also be queried and discovered during a search. The
following search specification rules apply:
■
Selecting Any of in the drop-down box allows a search for messages to or
from any of the targets that are entered.
■
Selecting All of beside the To box means search messages on all of the
targets entered.
■
To search for messages with specific text in the subject line, enter the words
or phrases in the Subject box. Enter one word or phrase per line. The
wildcard character * can be used to denote one or more characters, but it
must be preceded by at least three characters.
■
Selecting Any of in the small drop-down box means search for messages
with any of the words or phrases in the subject line.
■
Selecting All of means search for messages with all of the words or phrases
in the subject line.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for customizing Enterprise Vault Discovery Accelerator
■
Selecting Any of in the small drop-down box means search for items with
any of the words or phrases in the content.
■
Selecting All of means search for items with all of the words or phrases in
the content.
■
There may be additional criteria boxes if the administrator has added
custom search attributes to the system.
■
Accept or reject search
The search provides the administrator with data to review , and then accept
or reject the search. Accepting the search allows the administrator to send it
to a reviewer and permanently store it in the Enterprise Vault Discovery
Accelerator database. Rejecting the search delete it, so that it does not get
stored in the Enterprise Vault Discovery Accelerator database.
■
Assign review marks
Once a search result renders data that is of interest, and the search has been
accepted, comments called Marks can be added to the searches to indicate the
process of the discovery. New custom, site-specific Marks can be created under
the Application Administration column. Marks signify comments to reviewers
or supervisors that a case is unreviewed, pending review, already questioned
by appropriate legal teams, reviewed by appropriate legal teams, and so on.
■
Review and apply comments to messages
Once a search has been accepted, reviewers can access the appropriate case
from the Review Message column of Enterprise Vault Discovery Accelerator.
Once in the case, the status of the work can be seen, and items can be selected
to work on, such as current status, last marked by or Item ID. When a reviewer
adds a comment to a Case\Email item, the comment attaches itself to the
original email, but it does not alter the email in any way, thus preserving the
integrity of the document. All comments applied to a case are permanent.
■
Export findings
After all items for a case have been reviewed and are ready to be sent to the
appropriate parties such as the legal team, human resources department, or
third-party reviewer, the Case administrator can create a New Run from the
Production task to format the findings in PST, MSG or HTML format. If
exporting to PST files, the file can be password-protected, and the maximum
size of the PST file specified. Exporting to a PST file can be a time consuming
process. However, saving the file to a directory on the local computer hastens
the process. Approximately 40,000 items per hour can be exported if the MSG
format is used. Approximately 15-16,000 items per hour can be exported if
the PST format is used.
197
198
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for customizing Enterprise Vault Compliance Accelerator
Best practices for customizing Enterprise Vault
Compliance Accelerator
After Enterprise Vault Compliance Accelerator has been installed and configured,
configuration data can be set up. Roles and role assignments, employees and
groups, permissions and departments must be created to begin to search any
archived data. Users can only see the departments, features, and tasks that they
have permission to access, as defined by the Roles options. User views can be
changed by assigning a different role to the user, or changing the permissions
included in a role.
The following tasks relating to creating roles, groups, and departments should
be performed by users with the appropriate privileges:
■
Create roles
The Enterprise Vault Compliance Accelerator administrator must create and
assign roles to the users of the application. Application permissions or
department permissions can be assigned to a specific role. To perform tasks
in a specific department, employees with application roles must also be assigned
the appropriate department role in that department. To perform tasks in more
than one department, they must be assigned the role in each department that
they need to access.
For more information on adding and modifying roles, see the Enterprise Vault
Compliance Accelerator Installing and Configuring guide.
■
Create employee groups
To create employee groups, a user must be an Application administrator. To
create searchable employee groups more efficiently, the Automatically
synchronize group members option should be enabled.
Once an employee has been selected for monitoring, the employee cannot be
deleted from Enterprise Vault Compliance Accelerator. If the monitored
employee leaves the company, select Suspend all monitoring on the Employee
properties page to disable all monitoring for the employee.
The following methods can be used to synchronize group members:
■
Active Directory search (LDAP filter)
Using the Active Directory search is the most time consuming because it
can only be run against user objects. Make sure to type the LDAP path
correctly. If the synchronization process has begun, exit the Enterprise
Vault Compliance Accelerator application to stop the synchronization
search and correct any mistakes. Use the ADSI Edit tool to verify the
ADsPath of a container. Do not modify any attributes of the Active Directory
objects when viewing the ADsPath Container with the ADSI tool.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for customizing Enterprise Vault Compliance Accelerator
For example: Search Filter
(&(objectCategory=person)(department=Marketing)) Search Root
LDAP://ou=users,dc=mydomain,dc=com
■
Active Directory Container (LDAP Search)
In the ADsPath field, provide the Distinguished Name of the Active
Directory container that holds the users to add to the group. All users in
the container will be added to the group. If the organization is organized
by cities and the created groups are named after cities, look for the object
whose with a city name, for example, Redmond.
ADsPath LDAP:// ou=users,dc=mydomain,dc=com
Windows Group import
This is generally the fastest way to create employee groups, provided that
the environment is configured to use groups.
Example: Group Name: MyDomain\GroupName
After an import option has been selected, click Synchronize Now.
Synchronization of the employees and groups occurs on a four hour schedule
or every time the service is restarted. Both are configurable in the
ComplianceService.exe.config file. Do not reconfigure synchronization to occur
during the window used to run the synchronization. (If synchronization takes
more than two hours, do not reconfigure Enterprise Vault Compliance
Accelerator to sync every hour.)
■
<add key+"Synchronization interval (hours)" value="4" />
Employee Management profiles for members are created automatically if they
do not exist at the time of Employee Group creation. If an existing group
member is no longer found on a subsequent synchronization run, the employee
profile will be removed from the list of members. Also, employees can be
manually added at the Employee task option.
In the Employee profile\Email Addresses field, verify that all variations of a
user’s mailbox addresses are provided. Use carriage returns to separate each
new address.
One example is as follows: The legal department makes a request to the human
resources department, informing them that User1@myDomain.com has been
sending emails with proprietary information to a competitive company. Human
resources wants to monitor email from User1 emails for a specified period by
using the Enterprise Vault Compliance Accelerator scheduled search. The
Enterprise Vault Compliance Accelerator searches are enabled to locate all
email addressees for User1 as well as any outbound emails to the
CompetitiveDomain.Com. All variations of the User1 email address should be
created as a searchable item in order to ensure discovery of violation of
company policy.
199
200
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for customizing Enterprise Vault Compliance Accelerator
User1@myDomain.com
User1AliasName@myDomain.com
User1NewMarriedName@myDomain.com
User1@myNewDomainName.com
■
Create departments
The administrator can search archives and monitor employees once department
groups and employee groups have been created. Department employees can
be monitored by using the Journaling Connector or by running searches that
meet specific criteria. While setting up a department, a monitoring policy can
be created for all monitored employees in a department. This is done by
enabling the policy to capture a percentage of Message Type and Review
Requirements options.
Each department must be given an owner. The owner must have a Windows
login, but does not need special Windows or Enterprise Vault Compliance
Accelerator system privileges. Symantec recommends setting the Vault Service
account as the owner of the department in case an administrator needs to
connect to the system to troubleshoot problems. The department owner has
the same permissions that the User Admin role is granted. By default, all
departments use the Vault store selected at configuration. However, the
administrator can customize the Vault selections. If searches are returning
empty when known data exists for a user, verify that the correct department
Vault store has been searched. If the Vault store must be changed, enable the
Customize for this Department option, and then choose the correct Vault store.
Change the location of the Output folder for exported items to a local computer
or a network share.
Note: If the organization has a legal requirement to monitor a certain
percentage of messages per employee, setting a limit for the Review
Requirement option of the Monitoring Policy may prevent the requirement
from being met.
■
Configure departments
After the Application administrator has created a department, the Department
administrators can configure the departments by adding specific employees
or employee groups as monitored employees. To do this, open the specific
department to be configured and click the Monitored Employees option. Add
monitored employees by name or by a configured Employee Group. Only
previously configured Employee Groups and Employees can be selected.
■
Configure searches
Searches can be scheduled and run by one or more departments. Searches can
be done at the application administration or department administration level.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for customizing Enterprise Vault Compliance Accelerator
If the Search option does not appear in the Department Application tasks,
verify that the owner has permission to run searches under the Roles tasks.
The sampling percentage for the configured Monitoring Policy will default to
the existing department properties. Search results that occurred in prior
searches can be captured by enabling Include Captured Messages.
■
Accept or reject search results
Leave the Automatically accept results option disabled unless all searches
should be saved automatically into Enterprise Vault Compliance Accelerator.
After a search is accepted or the search results screen is closed, Enterprise
Vault Compliance Accelerator stores the search for auditing purposes, and it
can no longer be removed. Any accepted search is stored in Enterprise Vault
Compliance Accelerator and can be used for future searches as a template.
The percentage of the item being searched is derived from the Department
properties page.
When auto accept is disabled, the administrator must reject a search to keep
it from being stored in the Enterprise Vault Compliance Accelerator database.
When the results of a finished search are rejected, the search is deleted.
■
Search departments
When creating department searches, the Any of value under Authors &
Recipients means that messages for any of the employees in the selected
department are searched. The All of value means that only messages that
include as recipients all the employees in the selected department are searched.
When searching by departments, increase the performance and accuracy by
using the Journal Connection option.
For more information on searching with department tags, see the Enterprise
Vault Compliance Accelerator Installing and Configuring guide.
A department in partitions can only search messages to and from other
departments if both departments reside within the same partitions.
■
Schedule searches
Use Enterprise Vault Compliance Accelerator to search Vault stores on a set
time\schedule. The SQLAgent must be enabled. Symantec recommends that
the Agent is set to automatically start.
■
Review searches
During the search process, “Search Details” can be expanded to see the
percentage searched, number of hits discovered for that particular searched
item, and so on. After the search is completed, the Reviewer column can be
checked from the Enterprise Vault Compliance Accelerator home page to
review any discovered data. From the review menu, administrators can modify
the review criteria, download the original message to a MSG format file, and
print the message, attachments, and comment history.
201
202
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for upgrading Enterprise Vault Compliance Accelerator
Any comments added to the search will be stored in the Enterprise Vault
Compliance Accelerator database and remain as part of the permanent vaulted
message. Enterprise Vault Compliance Accelerator comes with six default
review status, however the administrator can add different marks as needed.
■
Create search exceptions
There may be occasions when content from the executive team could contain
sensitive data. In this case, Enterprise Vault Compliance Accelerator can be
enabled to use exceptions when administrators are reviewing search results.
For example, using Exceptions, a Tier-1 reviewer may be limited from accessing
data generated by Executive Employee Groups or Senior Management
Departments. However, access to this sensitive data can be given to a Tier-3
reviewer who has the appropriate authority. Exception employees can be
created and managed using the Department Explorer view or Exceptions Task
links.
For more information on customizing Exceptions Task links, see the Enterprise
Vault Compliance Accelerator Installing and Configuring guide.
Best practices for upgrading Enterprise Vault
Compliance Accelerator
If there is an existing installation of Enterprise Vault Compliance Accelerator 5.0
and the administrator wants to change the installation to include the Journaling
Connector, or upgrade to a newer version, the installation must be modified
through the Add/Remove Programs option.
For more information on upgrading Enterprise Vault Compliance Accelerator,
see the Enterprise Vault Compliance Accelerator Installing and Configuring guide.
The Journaling Connector can be used to improve the performance and accuracy
of searches that are run against messages to or from all members of a specific
department.
Note: It is not possible to upgrade an Enterprise Vault Compliance Accelerator
1.5 installation to Enterprise Vault Compliance Accelerator 5.1.
Adding the Journaling Connector
1
Log on as the Vault Service account and verify the IIS worker process has
write access to the Enterprise Vault Compliance Accelerator installation
folder.
2
Stop the Enterprise Vault Compliance Accelerator Service.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for upgrading Enterprise Vault Compliance Accelerator
3
Open the Control Panel and double-click Add/Remove Programs.
4
Select KVS Enterprise Vault Compliance Accelerator and select
Change/Remove.
5
Select the Modify option and click Next.
6
In the component selection window ensure that both the Enterprise Vault
Compliance Accelerator and Journaling Connector check boxes are selected.
Note: There must be an Enterprise Vault Journaling Service installed for the
Journaling Connector option to be displayed.
7
Follow the prompts in the installation wizard. When prompted, enter the
name of the SQL Server computer that hosts the database for the Enterprise
Vault Directory. A license is required for the main Enterprise Vault
Compliance Accelerator components, but no additional license is required
for the Journaling Connector.
8
Open the Enterprise Vault Compliance Accelerator home page and click
Update.
Upgrading Enterprise Vault Compliance Accelerator
An upgrade can be performed from an existing installation of Enterprise Vault
Compliance Accelerator 5.0. If the Journaling Connector is installed, it must be
upgraded as well. Back up the existing SQL Enterprise Vault Compliance
Accelerator database and the configuration files in the installed directory before
beginning the update process.
To upgrade Enterprise Vault Compliance Accelerator
1
Log on as the Vault Service account and verify the IIS worker process has
Write access to the Enterprise Vault Compliance Accelerator installation
folder.
2
Stop the Enterprise Vault Compliance Accelerator Service.
3
Follow the prompts in the installation wizard for the new version.
4
In a Web browser, open the Enterprise Vault Compliance Accelerator home
page.
5
Click Update. After the update process, the existing Enterprise Vault
Compliance Accelerator database will be updated and an Update in progress
page is displayed. The browser window can be closed while the update is in
progress.
203
204
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Best practices for Enterprise Vault Compliance Accelerator backup and recovery
6
Choose a department reviewer role for the new Department Explorer feature.
Existing reviewer roles can be used for department reviewers by selecting
Use existing role.
Note: The Department Reviewer role cannot be renamed or deleted after the
upgrade. For more information on upgrading Enterprise Vault Compliance
Accelerator, see the Enterprise Vault Compliance Accelerator Installing and
Configuring Guide.
7
Start a new Enterprise Vault Compliance Accelerator browser session, and
click Update. If the update has not finished, the Update in progress page is
displayed. If it has finished, the message reports that the update has
completed.
8
After the update status has been delivered, refrain from clicking OK. First,
restart the Enterprise Vault Compliance Accelerator Service. After the service
is started, click OK to show all tasks that the login is permitted to access.
Best practices for Enterprise Vault Compliance
Accelerator backup and recovery
If a disaster recovery of Enterprise Vault Compliance Accelerator must be
performed, Enterprise Vault Compliance Accelerator must be reinstalled and then
pointed to an existing backup of the database.
To prepare for a Enterprise Vault Compliance Accelerator recovery, the
administrator should have backups of the following database and configuration
files:
■
Enterprise Vault Compliance Accelerator SQL database
■
Service.exe.config
■
Webapp.config
Copies of the service.exe.config and webapp.config files should be stored in a
different location than the installed files.
To recover Enterprise Vault Compliance Accelerator
1
Uninstall Enterprise Vault Compliance Accelerator, removing all files.
2
Re-install the product on the server.
3
Replace the newly installed service.exe.config with the saved copy.
4
Replace the installed webapp.config with the saved copy.
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Troubleshooting recommendations for Enterprise Vault Discovery Accelerator
5
Restart the Enterprise Vault Compliance Accelerator Service and verify a
connection to the correct database.
6
Wait 30 seconds before restarting the service.
Troubleshooting recommendations for Enterprise
Vault Discovery Accelerator
Table 9-2 describes suggestions for solving Enterprise Vault Discovery Accelerator
problems.
Note: Administrators should always back up .config files before modifying them
to protect against incorrect modifications or unexpected results. Enterprise Vault
and Enterprise Vault Discovery Accelerator require .config files to communicate
with each other. If an administrator modifies the file incorrectly, neither
application can function correctly.
Table 9-2
Troubleshooting Enterprise Vault Discovery Accelerator
Issue
Suggestion
Login.aspx should be the first entry in the ■ In the IIS Manager, expand Web Sites \ Default Web Site.
Web sites Documents content page.
■ Open the EVDiscovery properties window. On the Documents tab,
under the Enabled Default Content page, Login.aspx should be listed
first.
■ If Login.aspx is not listed first, move it to the top of the list.
Note: Ideally, if Login.aspx is the only content page listed, performance
will be improved.
Performance issues are occurring, or the
IIS server is hosting other applications.
Create an Application Pool for Enterprise Vault Discovery Accelerator:
Open IIS Manager and right-click Application Pools. Select New >
Application Pool and then modify it as needed.
■ Open the EVBACompliance Web Site and click Properties. On the
Virtual Directory tab, set the Application Pool to the new pool.
■
205
206
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Troubleshooting recommendations for Enterprise Vault Discovery Accelerator
Table 9-2
Issue
Troubleshooting Enterprise Vault Discovery Accelerator (continued)
Suggestion
The Enterprise Vault Discovery Accelerator ■ Go to Computer Management\Local Users and Groups\Groups\
Web Application page opens, but the
IIS_WPG and confirm that the worker process has been granted
Configure link does not appear.
Full Control permissions to the Vault Service account.
■ Verify the service is using the Vault Service account to log on, and
not the Local System account.
■ Add the http://<Computer Name>/EVDiscovery page to the Sites
option in browser’s Internet Options Security tab.
■ Verify that the account being used for log on has Full Control access
to the Windows TEMP folder, the Microsoft .NET Temporary
ASP.NET folder, and any Enterprise Vault directory.
■ Verify that only one version of .NET is installed. If multiple .NET
versions are installed, Enterprise Vault Discovery Accelerator must
be uninstalled, all versions of .NET must uninstalled, one version
of .NET must be reinstalled, and then Enterprise Vault Discovery
Accelerator must be reinstalled.
Vault stores cannot be seen.
If there are existing Vault stores with confirmed data, but no Vault
stores can be selected through the Enterprise Vault Discovery
Accelerator Web application, the problem could be with permissions
or communications.
The following are separate suggestions to help resolve this issue:
■
Add the fully qualified domain name (FQDN) to the
discoveryservice.exe.config file. Use only the Server name. If the
Server name is listed and there are still communication issues, try
adding the FDQN.
<add key="DirectoryMachine"
value="EV_Server.myDomain.com" />
■
If the DNS Alias name is in the discoveryservice.exe.config file,
remove the alias and only use the Server Name.
<add key="DirectoryMachine"
value="EV_AliasName" />
■
Verify the Vault stores are enabled in the app.config file. Locate
ShowVaults in the app.config file and verify it equals 1 to display
the stores.
<add key="ShowVaults" value="1" />
■
Enter the IP address of the vault server into app.config file. Be aware
that adding the IP address could be a limitation if DHCP is used and
the IP address changes.
<add key="DirectoryMachine"
value="11.111.11.11." />
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Troubleshooting recommendations for Enterprise Vault Discovery Accelerator
Table 9-2
Issue
Troubleshooting Enterprise Vault Discovery Accelerator (continued)
Suggestion
An administrator needs to review for debug Console.exe.config can be run instead of the service for the Enterprise
errors.
Vault Discovery Accelerator. Console output is typically used for
Debugging purposes only.
To enable console output, perform the following steps:
Go to C:\Program Files\KVS\Discovery Accelerator and copy the
DiscoveryService.exe.config file. Rename it to: console.exe.config
(if the file already exists, it is not necessary to recreate it).
■ Stop the Enterprise Vault Discovery Accelerator Service.
■
Open the new console.exe.config file and locate the <!-Diagnostics-->
section of the file. The first line under that section is called
key=”Debug Message”. Change the value from “0” to “1” to enable
the output to trace entries. Save and close the file.
■ From the command line, locate the console.exe file and run it to
pipe the output to a text file. (Console.exe.config >
consoleOutputs.txt.) Review this file for any error messages before
calling Technical Support.
■ To stop the console service, press Ctrl+K, and then restart the
Enterprise Vault Discovery Accelerator Services.
■
Note: Console operation is not recommended except as instructed by
Technical Services. The console.exe.config file should not be modified
unless instructed to do so by Technical Services.
All .NET installations load on top of each
other; they are not replaced with each
installation. If there is more than one
installation of the .NET Framework, error
messages may occur.
Open Add/Remove Programs, and verify that only one installation of
.NET Framework exists. If more than one exists, uninstall both versions
and reinstall the supported version. Enterprise Vault Discovery
Accelerator may need to be uninstalled, and then reinstalled after the
.NET issue has been resolved.
When attempting to view a searched item, This error is generally caused when users are attempting to view the
the error, “Cannot retrieve Item” is
HTML version of the searched items but are unable to due to IIS worker
displayed after a successful search and
process permission issues.
discovery.
Ensure that the IIS worker process has Full Control access to the
Windows Temp folder to resolve the error. Open the Windows
TEMP\TMP directories and the .NET Framework Temp directories to
verify that the Vault Service account and Authenticated Users have
been given Full Access privileges to those directories.
An export fails.
Select the Retry option instead of the ReExport option. ReExport will
attempt the entire export from the beginning. The Retry option only
attempts a new collection of the items which caused the failure.
207
208
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Troubleshooting recommendations for Enterprise Vault Compliance Accelerator
For more troubleshooting information, see the Enterprise Vault Discovery
Accelerator Installing and Configuring guide.
Troubleshooting recommendations for Enterprise
Vault Compliance Accelerator
Table 9-3 describes suggestions for solving Enterprise Vault Compliance
Accelerator problems.
Note: Administrators should always back up .config files before modifying them
to protect against incorrect modifications or unexpected results. Enterprise Vault
and Enterprise Vault Compliance Accelerator require .config files to communicate
with each other. If an administrator modifies the file incorrectly, neither
application can function correctly.
Table 9-3
Issue
Troubleshooting Enterprise Vault Compliance Accelerator
Suggestion
The message "Initializing, please wait"
■ Add the following URL to the browser’s Internet Options > Security
appears in the EVBACompliance home page.
> Sites:
The configuration page does not open.
http://<ComputerName>/EVBACompliance
■ Verify that the logon account has Full Control access to the Windows
TEMP folder, the Microsoft .NET Temporary ASP.NET folder, and
to any EVEnterprise Vault directory.
■ Verify that only one version of .NET is installed. If multiple .NET
versions are installed, Enterprise Vault Compliance Accelerator
must be uninstalled, all versions of .NET must be uninstalled, one
version of .NET must be reinstalled, and then Enterprise Vault
Compliance Accelerator must be reinstalled.
■ In Computer Management\Local Users and
Groups\Groups\IIS_WPG, confirm that the Worker Process has
been granted Full Control permissions to the Vault Service account.
■ Open up services.msc and verify that the Enterprise Vault
Compliance Accelerator Service is using the Vault Service account
to log on and not the Local System account.
■ Open up the ComplianceService.exe.config file and locate the
DirectoryMachine section; confirm that the Enterprise Vault
machine name is listed and the services are all running.
<add key="DirectoryMachine"
value="EV_MachineName"/>
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Troubleshooting recommendations for Enterprise Vault Compliance Accelerator
Table 9-3
Troubleshooting Enterprise Vault Compliance Accelerator
(continued)
Issue
Suggestion
The prompt for authentication always
appears, even though the Remember
password option has been enabled on the
EVBACompliance home page.
Add the LocalHost page to the browser’s Internet Options > Security
> Sites. Open the EVBACompliance home page using the LocalHost
name, as follows:
Performance issues are occurring, or the
IIS server is hosting other applications.
Create an Application Pool for Enterprise Vault Compliance Accelerator:
A search is unable to find any data. For
example, Enterprise Vault Compliance
Accelerator reports 0 hits.
Verify that the correct Vault store is being searched, or that a specific
Journal Vault contains the suspect data. In Department Properties,
ensure the Searchable Vault stores option has been correctly enabled.
The Journal Task does not stay running.
If the Task was started immediately after installing, it may not finish
loading. Uninstall the Journaling Connector and then reinstall it. After
installation, wait at least 30 seconds before starting the Journal Task.
http://localhost/evbacompliance/
Open IIS Manager and right-click Application Pools. Select New >
Application Pool and then modify it as needed.
■ Open the EVBACompliance Web Site and click Properties. On the
Virtual Directory tab, set the Application Pool to the new pool.
■
For more troubleshooting information, see the Enterprise Vault Compliance
Accelerator Installing and Configuring guide.
209
210
Best practices for VERITAS Enterprise Vault™ legal discovery and compliance options
Troubleshooting recommendations for Enterprise Vault Compliance Accelerator
Chapter
10
Minimizing time and risk in
Exchange migrations
This chapter includes the following topics:
■
Overview of Exchange migration issues
■
The benefit of Symantec in managing Exchange migrations
■
Using Enterprise Vault in the migration process
■
Recommendations for migration
Overview of Exchange migration issues
Many companies today are faced with the challenge of replacing a legacy mail
system, such as Lotus® Notes®, GroupWise®, or ccMail®, with Microsoft® Exchange.
Other companies need to upgrade from an older version of Exchange to Exchange
2003. Whatever the reason for migrating to Exchange 2003, the migration process
can require extensive time to complete and considerable cost in terms of
infrastructure and resources.
Reducing the risk associated with migrating a business-critical application is
paramount. For email migration, the major areas of risk that need to be considered
and managed include the following:
■
The migration of data
■
The value of that data to the business
■
The potential downtime of the core email business system should something
go wrong
A significant portion of the time, effort, and cost associated with a migration
project can be attributed to the amount of email that must be migrated. Focusing
212
Minimizing time and risk in Exchange migrations
Overview of Exchange migration issues
on reducing the physical volume of data to be migrated will reduce the overall
risk and minimize the co-existence time, which in itself is a major load on
administration and support resources.
When migrating from a legacy email system, the following elements must be
considered:
■
Mailbox profile
■
Mailbox content
■
Personal folder content
■
Public folder content
■
Address books, both personal and corporate
While the overall migration is typically managed through the use of standard
Microsoft Exchange or third-party migration tools, nearly all of these tools have
unwanted effects on storage. Migration scenarios usually involve running parallel
mailboxes in the legacy system and in Exchange 2003, which doubles the email
storage required for the duration of the migration.
Even after the completion of the migration, the amount of storage consumed is
likely to be significantly higher as a result of the loss of single-instance, or
rationalized, message storage, where shared messages and attachments are stored
only once per Exchange server. Single-instance storage uses the unique
MESSAGE-ID of each message, and the migration process must leave MESSAGE-IDs
intact and in context in order to maintain single-instance storage.
Migration tools themselves operate largely on a MAPI basis, with no provision
for the single-instance, which is usually provided through the Exchange Message
Transfer Agent (MTA). In effect, every migrated message ends up being unique,
and the new email environment consumes more email storage space, in some
cases two-to-three times more than the originating mail system. The impact on
storage space of the loss of single-instance storage depends in part on the size of
the organization. The larger the organization, the less likely it is that groups of
mail users who have common mail threads and attachments will all reside on the
same server.
This issue is well documented by Microsoft and experts in the field of migration,
as outlined in the following article:
http://www.windowsitpro.com/Articles/ArticleID/23819/23819.html
There is no way to avoid this problem when using Microsoft tools to migrate from
a non-Exchange system to Exchange. When migrating Exchange versions, the
only method of mitigation is to perform an in-place upgrade of the existing system.
This method requires system downtime, and all mailboxes must be converted at
Minimizing time and risk in Exchange migrations
The benefit of Symantec in managing Exchange migrations
once—a high-risk approach when compared to a phased approach. Should anything
go wrong, the whole process must be abandoned and the entire system reinstated.
Throughout the migration process, it is important to consider the needs of
end-users. Ideally, users should have uninterrupted access to the mail system,
complete access to their personal email knowledge base, and a single point of
access with no need to run parallel systems.
The bottom line for any migration or upgrade is to deliver the benefits of the new
technology without introducing undue risk and ongoing costs.
To provide a solid foundation for successful deployment of new technology, the
following core principles should be addressed:
■
Controlling storage
■
Reducing administration resources
■
Maintaining end-user transparency
The benefit of Symantec in managing Exchange
migrations
Whether an organization is migrating Exchange versions or migrating to Exchange
from a non-Exchange mail environment, Symantec™ can help minimize storage
costs and migration time and reduce project risk.
In a typical Exchange migration, moving mailbox content is the area where
Symantec brings the most benefit. In addition, Symantec reduces mail storage
needs on an ongoing basis after migration to the new Exchange environment.
By deploying Enterprise Vault, an organization can minimize the amount of email
to be moved before migration. Specifically, Enterprise Vault can be used to reduce
the size of the Exchange message store by 50 percent or more by moving older
items out into a separate Enterprise Vault repository. This repository is Exchange
version–independent and has its own single-instance and compression methods
for storage.
Once in Enterprise Vault, data does not need to be converted when the organization
moves to Exchange 2003. It remains accessible to the user in the same, seamless
way as before, and if required, it can still be restored to Exchange in the correct
native format.
Note: Enterprise Vault does not perform the actual Exchange Server migration.
Rather, it reduces the amount of data that must be moved when an Exchange
migration takes place.
213
214
Minimizing time and risk in Exchange migrations
Using Enterprise Vault in the migration process
Using Enterprise Vault in the migration process
The following approaches to Enterprise Vault–assisted migration can be
implemented:
Migrate without moving mailbox
content
This approach uses Enterprise Vault in both the source
environment and the target environment.
All content from the source environment is archived.
See “Migrating without moving mailbox content”
on page 215.
Minimize mailbox content to be
moved during migration
This approach uses Enterprise Vault in both the source
environment and the target environment.
From the source environment, only content that meets
specified criteria, such as age, is archived. Mailboxes
and public folders are migrated.
See “Minimizing mailbox content to be moved”
on page 216.
Migrate all mailbox content
This approach is applicable when Exchange migration
is already in progress or when content is being
migrated from a non-Exchange legacy mail system. It
uses Enterprise Vault in the target environment only.
Migrated content is consolidated in the target
environment.
See “Protecting the investment in Exchange 2003”
on page 217.
Reduce the size of email storage
after migration
This approach is applicable when Exchange migration
is already complete. Enterprise Vault is deployed in a
standalone Exchange environment with no further
migration requirements.
Size of the Exchange databases is reduced and
controlled.
See “Application after migration” on page 219.
The choice of approach is dependent on the status of an organization’s Exchange
migration and on the organization’s overall email storage needs and goals.
Minimizing time and risk in Exchange migrations
Using Enterprise Vault in the migration process
Migrating without moving mailbox content
When migrating Exchange, Enterprise Vault can be used to archive all existing
mailbox content without migrating it to the new environment. The migration
effort is reduced to migrating personal address books and mailbox profiles.
This approach realizes a significant reduction in time, effort, risk, and cost during
a migration project. Cost savings are achieved as end-users maintain ongoing
access to historical mail without the need to move that mail into the new Exchange
environment.
Figure 10-1 shows the migration approach in which email is archived rather than
migrated.
Figure 10-1
Migrate without moving mailbox content
This approach is implemented as follows:
■
All mailbox content and PSTs from the source environment are archived.
Mailbox profiles and address books are migrated to the target environment.
(1)
■
Archived mailbox and PST content is accessed from the target environment
by using Enterprise Vault’s Archive Explorer™. (2)
■
Public folders in the target environment are archived on a ongoing basis. (3)
215
216
Minimizing time and risk in Exchange migrations
Using Enterprise Vault in the migration process
Minimizing mailbox content to be moved
The most common way that Enterprise Vault is used in a migration is to minimize
the amount of mailbox content that is physically migrated across the two
environments. This approach represents a significant reduction in time, effort,
risk, and cost.
In this scenario Enterprise Vault is used before migration to aggressively archive
content from the mailbox into the Enterprise Vault repository. Either all content
or a percentage of content is archived from the source environment and replaced
with shortcut links in the mailboxes and public folders in the new Exchange
environment. The data migration effort is then focused on moving the residual
shortcuts and the percentage of content left behind.
A common approach is to archive content older than 30 days. Residual shortcuts
are left behind for all the archived content, or for a portion of it, for example,
anything up to a year old. These policies typically reduce the source mailbox and
public folder content by around 80 percent.
This action significantly reduces the data migration effort, while maintaining
seamless access from the target mailboxes to content archived from the source
environment.
Figure 10-2 depicts Enterprise Vault being deployed in both the source
environment and target environment to minimize the content migration effort.
Figure 10-2
Minimize mailbox content to be moved during migration
Minimizing time and risk in Exchange migrations
Using Enterprise Vault in the migration process
This approach is implemented as follows:
■
Archive a percentage of content from the source environment based on age
or mailbox quota. Archive all PST files from the source environment. (1)
■
Migrate mailbox profiles, residual content, archive shortcuts, and address
books to the target environment. (2)
■
Provide access to archived mailbox, public folder and PST content via
Enterprise Vault shortcuts created in mailboxes and via Enterprise Vault’s
Archive Explorer™. (3)
■
Deploy ongoing archiving in the target environment, with access to archived
content via both Archive Explorer and shortcuts in mailboxes. (4)
Protecting the investment in Exchange 2003
When a company has already begun an Exchange migration project or is migrating
content from legacy mail systems, it may not be possible or appropriate to
introduce a new technology into the legacy environment. In this case, Enterprise
Vault can be introduced solely into the Exchange 2003 environment to ensure
best-practice mailbox management from day one.
Although this approach does not reduce the amount of time taken to perform the
migration, it does minimize the risk associated with migration and the storage
costs associated with managing the migrated content.
Enterprise Vault can be used to minimize the impact of migrated data that is
taking up more physical storage than necessary because single-instancing has
been lost. Enterprise Vault can reduce the physical requirements for storage
through archiving as well as recreating lost single-instance storage. The process
is seamless to users, who have their original items replaced with shortcuts.
Exchange 2003 adopts a storage group model that allows mailboxes and content
to be organized more efficiently within an Exchange site. To optimize the migration
process and ensure that migrated mailboxes suffer the least fragmentation,
Symantec recommends having a transitory storage group into which mailboxes
in particular are migrated.
Enterprise Vault should then be configured to constantly and aggressively archive
from these mailboxes according to a defined business policy. The archiving services
would run every 15 minutes during the migration to archive content quickly into
the target environment as it arrives from the Exchange migration wizards, again
with shortcuts replacing the original items. After a mailbox has been migrated,
the resultant archived mailbox would then be transferred to the target storage
group, where it would be consolidated and any fragmentation eliminated.
217
218
Minimizing time and risk in Exchange migrations
Using Enterprise Vault in the migration process
The migration of PST files can be undertaken independently of the mailbox
migration, in this way, mitigating a significant risk to the project. Additionally,
the need to populate the new target mailboxes with residual shortcuts for the
migrated PST content can be avoided by using Enterprise Vault’s Web-based
Archive Explorer.
Figure 10-3 depicts a scenario in which the data migration is underway prior to
the introduction of Enterprise Vault. Consequently, Enterprise Vault is deployed
only in the target environment.
Figure 10-3
Migrate all mailbox content
This approach is implemented as follows:
■
Migrate mailbox profiles, mailbox and public folder content, and address books
from the originating Exchange system or legacy mail system to the transitory
storage group in the target Exchange environment, using the Microsoft
migration wizards or similar tools. (1)
■
Archive all PST files from the source environment to the archive deployed in
the current environment. SID history is required to map permissions.
Aggressively archive content from mailboxes and public folders in the
transitory storage group until archiving thresholds are reached. (2)
■
Move the archived mailboxes and public folders into the target storage group
for fragmentation elimination and storage consolidation. (3)
Minimizing time and risk in Exchange migrations
Using Enterprise Vault in the migration process
■
Provide access to archived mailbox and PST content via Enterprise Vault
shortcuts created in mailboxes and also via Enterprise Vault’s Archive Explorer.
(4)
■
Deploy ongoing archiving in the target environment, with access to archived
content via both Archive Explorer and shortcuts in mailboxes. (5)
Application after migration
Enterprise Vault can help in instances where an organization has already
completed the Exchange migration and, as a result, large private and public
databases are negatively affecting backup and recovery times.
In this case, the primary concern is to reduce the size of the Exchange databases
quickly and to cap them if necessary to control growth. The goal is to provide a
defined service level agreement (SLA) on Exchange, a predictable backup and
recovery strategy, and ongoing reductions in associated storage costs.
Mailbox quotas may be used to cap mailbox sizes, but this approach is highly
intrusive for the end-user and may result in corporate records being lost. The
introduction of an archiving policy that works together with a mailbox quota
provides the ability to control Exchange growth. This policy is non-intrusive to
the end user, preserving long-term access to important Exchange content.
Archiving policy, following this model, might constrain mailbox sizes by archiving
at 75 percent of a mailbox quota of 100 MB, thus effectively capping Exchange to
75 MB multiplied by the number of mailboxes, with an effective mailbox size
governed by the amount of storage allocated to a mailbox archive.
As with the other migration scenarios, migration of PST files can be treated as a
separate project, and can be undertaken independently of the archiving of
mailboxes to reduce the risk and cost of storage.
219
220
Minimizing time and risk in Exchange migrations
Recommendations for migration
Figure 10-4 shows a scenario where Enterprise Vault is effectively deployed into
a standalone Exchange implementation with no mailbox migration requirements.
Figure 10-4
Reduce the size of email storage after migration
This approach is implemented as follows:
■
Mailbox content has already been migrated to the target environment. (1)
■
Archive all PST files from the source environment to the archive deployed in
the current environment. SID history is required to map permissions. (2)
Initially, content from mailboxes and public folders in the target environment
should be archived aggressively until the quota archiving thresholds are
reached. Subsequently, ongoing archiving in the target environment should
be done on a nightly schedule, with access to archived content via both Archive
Explorer and shortcuts in mailboxes.
■
Provide access to archived mailbox and PST content via Enterprise Vault
shortcuts created in mailboxes and via Archive Explorer. (3)
Recommendations for migration
Successful and painless migration to Exchange 2003 depends on many factors,
and is never entirely risk-free. Using Enterprise Vault to assist in the management
of Exchange content can be a critical success factor by dramatically reducing the
Minimizing time and risk in Exchange migrations
Recommendations for migration
risks associated with storage and administration overhead and by providing
end-user transparency.
The approach to use for Enterprise Vault–assisted Exchange migration depends
on the following factors:
■
Perception of the risk inherent in the migration project
■
Current status of the migration project
■
Availability of storage to address migrated mail content
■
Availability of backup technology to address migrated mail content
■
Time available to perform the migration
■
Resources and software tools available to perform the migration
In a normal migration scenario, where Symantec becomes involved early in the
planning of a migration project, the benefits of Enterprise Vault are easily justified
in terms of project time, storage and resource cost savings, and a general reduction
in overall project risk. The later Symantec is engaged in a migration project, the
more Enterprise Vault’s benefits are focused on storage cost savings.
PST file migration
Regardless of the stage of a migration project, PST file migration always benefits
significantly from the use of Enterprise Vault. Symantec understands very well
the pain that PST files cause organizations. By using a proven Exchange modeling
and ROI process, Symantec can justify the use of its technology on the basis of
the risk, cost, and time savings resulting from the migration, repatriation, and
consolidation of PST file content into an archive that is seamlessly accessible by
Windows® users.
221
222
Minimizing time and risk in Exchange migrations
Recommendations for migration
Glossary
active/active
In VERITAS Cluster Server, active/active is a failover configuration where each
systems runs a service group. If either fails, the other one takes over and runs
both service groups. Also known as a symmetric configuration.
active/passive
In VERITAS Cluster Server, active/passive is a failover configuration consisting
of one service group on a primary system, and one dedicated backup system. Also
known as an asymmetric configuration.
Administration Console In Backup Exec, the Administration Console provides a user interface to Backup
Exec operations. The user interface can be run from the media server or a remote
computer.
adware
Programs that facilitate delivery of advertising content to the user through their
own window, or by utilizing another program’s interface. In some cases, these
programs may gather information from the user’s computer, including information
related to Internet browser usage or other computing habits, and relay this
information back to a remote computer.
antispam
A subcategory of a security policy that controls the receipt of unsolicited email,
often referred to as spam.
antivirus
A subcategory of a security policy that pertains to computer viruses.
Anti-Virus Cleaner
The Anti-Virus Cleaner receives messages from the Brightmail Server. The Cleaner
parses the message, decodes most attachments, and cleans them using the
Symantec AntiVirus engines and definitions. It then adds a header and message
text advising the recipient of its actions, and returns the message via SMTP to
the incoming mail stream.
application roles
In Enterprise Vault Compliance Accelerator, application roles enable users to
perform tasks in the Application Administration area on the home page, but not
in the Department Administration and Reviewer areas.
archive bit
In Backup Exec, a file attribute that is set whenever a file is modified. For full and
incremental backups that use archive bits, this bit is turned off after the backup
completes, indicating to the system that the file has been backed up. If the file is
changed again before the next incremental or full backup, the bit will be turned
on and Backup Exec will back up the file.
Archive Explorer
In Enterprise Vault, Archive Explorer provides users a searchable folder view of
their archives that is similar to the Microsoft Outlook folders view. The folder
224
Glossary
names and structure match the original mail folders from which their items were
archived.
Archiving Service
In Enterprise Vault, the Archiving Service archives items from the Exchange
Private Information Stores. At the times scheduled by the administrator, the
Archiving Service scans mailboxes for items that satisfy the archiving policy of
the site, mailbox, or folder in question.
audit log
A running history of all actions performed in the Backup Exec system. An entry
into the log is created each time an action that is configured to display in the audit
log occurs.
backup
A process where selected files on a computer drive are copied and stored on a
reliable form of media.
blended threat
Blended threats combine the characteristics of viruses, worms, Trojan Horses,
and malicious code with server and Internet vulnerabilities to initiate, transmit,
and spread an attack. By using multiple methods and techniques, blended threats
can rapidly spread and cause widespread damage.
Brightmail Agent
The Brightmail Agent resides on each Brightmail Scanner and communicates with
the Brightmail Control Center to support centralized configuration and
administration activities.
Brightmail Client
The Brightmail Client receives messages from the MTA and communicates with
the Brightmail Server to provide message filtering. The Brightmail Client resides
on a Brightmail Scanner.
Brightmail Control
The Brightmail Control Center is a Web-based cross-platform configuration and
administration center built in Java. Each Symantec Brightmail Anti-Spam
installation has one Brightmail Control Center, which also houses Brightmail
Quarantine and supporting software.
Center
Brightmail Server
The Brightmail Server filters messages and assigns verdicts to messages based
on the filtering results. The Brightmail Server resides on a computer hosting a
Brightmail Scanner.
capacity monitoring
In Storage Foundation for Windows, capacity monitoring refers to monitoring
dynamic volume capacities, so that when any volume reaches preset size
thresholds, an alert message is sent.
CASO
See central administration server.
catalog
In Backup Exec, a database for keeping track of the contents of media created
during a backup or archive operation. Information can only be restored from fully
cataloged media.
central administration
A Backup Exec media server with the Central Admin Server Option (CASO)
installed. In a CASO environment, the central administration server becomes the
centralized focal point of the Backup Exec enterprise. It is the media server where
server
Glossary
an administrator makes decisions on what data and servers are to be protected
in the environment. It is also the media server where the building blocks of job
creation take place—the creation of policies and the association of selection lists
to those policies.
clean
An action that consists of deleting virus infections that cannot be repaired, and
repairing repairable virus infections.
cluster
One or more computers linked together for the purpose of multiprocessing and
high availability.
concatenation
Storing data either on one disk (simple) or on disk space that spans more than
one disk (spanned).
Content Compliance
A set of features in Symantec Mail Security 8200 Series appliances that enable
administrators to enforce corporate email policies, reduce legal liability, and
ensure compliance with regulatory requirements. These features include
annotations, streamlined filter creation using multiple criteria and multiple
actions, flexible sender specification, dictionary filters, and attachment
management.
content filtering
A subcategory of a security policy that pertains to the semantic meaning of words
in text (such as email messages). It can also include URL filtering.
Control Center
A Web-based configuration and administration center for Symantec Mail Security
8200 Series appliances. Each site has one Control Center. The Control Center also
houses Quarantine and supporting software.
device
In Backup Exec, device can refer to a robotic library drive, a stand-alone drive, a
backup-to-disk folder, a backup-to-disk device, or a cascaded drive pool.
differential backup
In Backup Exec, the differential backup methods are used to back up files that
have changed since the last full or incremental backup. A differential backup can
be based on archive bit or time stamp information.
directory harvest attack A high-volume email campaign addressed to dictionary-generated recipient
addresses on a specific domain. Directory harvest attacks (DHAs) not only consume
resources on the targeted email server, they also provide the spammers with a
valuable list of valid email addresses (targets for future spam campaigns).
Directory Service
In Enterprise Vault, the Directory Service provides distributed access to a Vault
Directory Database. All other Enterprise Vault services need access to this
particular database.
disaster recovery
A solution that supports fail over to a cluster in a remote location in the event
that the local cluster becomes unavailable.
discovery
A process in which email servers and archives are searched within a business
enterprise to locate and reproduce specified email content pertaining to a legal
225
226
Glossary
proceeding. Discovery is normally requested by lawyers in a court of law, to verify
or disprove arguments for or against the plaintiff or defendant.
disk group
Storage Foundation for Windows organizes disks into disk groups. Disk groups
provide a way of organizing disks in a system and simplifying storage management
for systems with large numbers of disks. They also allow disks to be moved between
computers to easily transfer the storage between computers.
disk striping
Disk striping writes data across multiple disk drives instead of just one disk. Disk
striping involves partitioning each drive storage space into stripes that can vary
in size. These stripes are interleaved in a repeated sequential manner. The
combined storage space is composed of stripes from each drive.
DMP
DMP is a form of Dynamic Multipathing that is designed for a multipath disk
storage environment that provides Windows mini-port or SCSI port driver support.
DMZ (demilitarized
A network added between a protected network and an external network to provide
an additional layer of security. Sometimes called a perimeter network.
zone)
DNS (Domain Name
Server) proxy
DNS (Domain Name
System)
An intermediary between a workstation user and the Internet that allows the
enterprise to ensure security and administrative control.
A hierarchical system of host naming that groups TCP/IP hosts into categories.
For example, in the Internet naming scheme, names with .com extensions identify
hosts in commercial businesses.
DNS server
A repository of addressing information for specific Internet hosts. Name servers
use the Domain Name System (DNS) to map IP addresses to Internet hosts.
domain
1. A group of computers or devices that share a common directory database and
are administered as a unit. On the Internet, domains organize network addresses
into hierarchical subsets. For example, the .com domain identifies host systems
that are used for commercial business. 2. A group of computers sharing the
network portion of their host names, for example, raptor.com or microsoft.com.
Domains are registered within the Internet community. Registered domain entities
end with an extension such as .com, .edu, or .gov or a country code such as .jp
(Japan).
downstream
At a later point in the flow of email. A downstream email server is an email server
that receives messages at a later point in time than other servers. In a
multiple-server system, inbound mail travels a path from upstream mail servers
to downstream mail servers. Downstream can also refer to other types of
networking paths or technologies.
DVS
DVS is the file extension of the messages stored by Enterprise Vault. These
messages are also referred to as DVS files.
Dynamic Multipathing
In Storage Foundation for Windows, the Dynamic Multipathing option adds fault
tolerance to disk storage by making use of multiple paths between a computer
Glossary
and individual disks in an attached disk storage system. Disk transfers that would
have failed because of a path failure are automatically rerouted to an alternate
path. Dynamic Multipathing also improves performance by allowing load balancing
between the multiple paths. Two forms of Dynamic Multipathing are available,
DMP and MPIO.
dynamic volume
In Storage Foundation for Windows, dynamic volumes are volumes created on
dynamic disks in place of partitions. A dynamic volume consists of a portion or
portions of one or more physical disks and is organized in one of five volume
layout types: concatenated, mirrored, striped, RAID-5, and mirrored striped (RAID
0+1). The size of a dynamic volume can be increased if the volume is formatted
with NTFS and there is unallocated space on a dynamic disk within the dynamic
disk group onto which the volume can be extended.
Email Firewall
A set of features of Symantec Mail Security 8200 Series appliances that provide
perimeter defense, similar to a regular firewall, focused on email traffic. The Email
Firewall analyzes incoming SMTP connections and enables preemptive responses
and actions before messages progress further in the filtering process. The Email
Firewall provides attack preemption for spam, virus, and directory harvest attacks,
sender blocks based on IP address, domain, third party lists, or Symantec lists.
exploit
A program or technique that takes advantage of a vulnerability in software and
that can be used for breaking security, or otherwise attacking a host over the
network.
external threat
A threat that originates outside of an organization.
failover
An operation in which the failure of one appliance, program, or security gateway
causes another to pick up its workload automatically.
false positive
A piece of legitimate email that is mistaken for and classified as spam by an
antispam product.
fault tolerance
The characteristic of ensuring data integrity and system functionality when
hardware failures occur.
filter
A method for analyzing email messages, used to determine what action to take
on each message. A variety of types of filters can be used to process messages. A
filter can be provided by Symantec, created by a local administrator, created by
an end user, or provided by a third party.
firewall
A program that protects the resources of one network from users from other
networks. Typically, an enterprise with an intranet that allows its workers access
to the wider Internet will want a firewall to prevent outsiders from accessing its
own private data resources.
firewall rules
A security system that uses rules to block or allow connections and data
transmission between a computer and the Internet.
227
228
Glossary
FlashSnap
In Storage Foundation for Windows, the FlashSnap option is a multi-step process
that is used to create independently addressable snapshot volumes that are copies
or mirrors of the volumes on a server. These snapshot volumes can be easily
moved to another server for backup or other purposes, such as loading or updating
data warehouses or performing application testing with real production data while
business continues.
full backup
In Backup Exec, the full backup methods are used to back up all selected files. A
full backup can copy all files and reset the archive bit, or it can use incrementals
and differentials based on time stamp. If the full backup option to archive the
files is used, the original files are deleted after the backup finishes successfully,
if the necessary rights to the files are granted.
gateway
A network point that acts as an entrance to another network. A gateway can also
be any computer or service that passes packets from one network to another
network during their trip across the Internet.
group policies
Group policies are used to specify groups of users, identified by email addresses
or domain names, and to customize message filtering for each group.
header
1. First part of an email message, containing information such as the address of
the recipient, the address of the sender, message type, routing, and time sent. 2.
In Symantec Brightmail AntiSpam, the header test command, which is a Sieve
command supported by the custom filtering features.
heuristic
Filters that pro-actively target patterns common in spam and viruses.
host
1. In a network environment, a computer that provides data and services to other
computers. Services might include peripheral devices, such as printers, data
storage, email, or World Wide Web access. 2. In a remote control environment, a
computer to which remote users connect to access or exchange data.
incident
The actualization of a security risk. The event or result of a threat that exploits
a system vulnerability.
incremental backup
In Backup Exec, the incremental backup methods back up files that have changed
since the last full or incremental backup. An incremental backup can be based on
archive bit or time stamp information. If the incremental backup is performed
based on the archive bit, the archive bit is reset to indicate that the files have been
backed up
Indexing Service
In Enterprise Vault, the Indexing Service is responsible for creation and
management of the indexes, processing of searches, and return of search results.
Indexes allows users to search their archive and view the results.
internal threat
A threat that originates within an organization.
Journaling Service
In Enterprise Vault, the Journaling Service works together with Microsoft Exchange
journaling to enable all messages sent and received by Exchange to be copied into
Glossary
a single journal mailbox. The Enterprise Vault Journaling Service processes the
journal mailbox, collects items to be archived, and passes them on to the Storage
Service.
load balancing
1. Refers to the process of balancing the data load between disks so that I/O
demands are spread as evenly as possible across an I/O subsystems resources.
local device
A disk or tape drive connected to a server and only available to the server to which
it is attached.
macro virus
A program or code segment written in the internal macro language of an
application. Some macros replicate, while others infect documents.
mass-mailing worm
A worm that propagates itself to other systems via email, often by using the
address book of an email client program.
media server
The Microsoft Windows server where Backup Exec is installed and the Backup
Exec services are running.
media set
In Backup Exec, a group of media on which a backup job is targeted. The media
set controls the overwrite protection period and the append period.
MIME
Multipurpose Internet Mail Extension, a file-type definition standard that enables
different mail programs to understand and interpret non-textual file types (such
as .doc, .jpg, and .wav) in the same way.
mirrored striped volume RAID 0+1 volumes are mirrors of striped volumes. For example, a two-disk stripe
can be mirrored to two additional disks. This RAID type provides the advantages
of both speed (from striping) and fault tolerance (from mirroring). More mirrors
can be added to a mirrored striped volume, and this type of volume can be extended
onto additional dynamic disks within the dynamic disk group.
mirrored volume
(RAID-1)
A mirrored dynamic volume is a fault-tolerant volume that duplicates data on
two or more physical disks. A mirror provides redundancy by simultaneously
writing the same data onto two or more separate mirrors (or plexes) that reside
on different disks. If one of the disks fails, data continues to be written to and
read from the unaffected disk or disks. A mirrored volume is slower than a RAID-5
volume in read operations but faster in write operations.
monitored employee
In Enterprise Vault Compliance Accelerator, an employee whose correspondence
is monitored.
mount point
The directory under which a file system is accessible after being mounted.
MTA (Mail Transfer
A generic term for programs that send and receive mail between servers.
Agent)
name server
A computer running a program that converts domain names into appropriate IP
addresses and vice versa.
229
230
Glossary
node
The physical host or system on which applications and service groups reside.
When systems are linked by VERITAS Cluster Server, they becomes nodes in a
cluster.
off-host backup
Refers to a situation in which the processing of the backup of a server is moved
to another server. This allows the applications on the working server to be
maintained at a consistently higher performance level because the backup is
performed on another machine.
payload
This is the malicious activity that the virus performs. Not all viruses have payloads,
but there are some that perform destructive actions.
plex
A plex refers to an instance of the volume. Mirrored volumes have two or more
plexes. All other volumes have one plex. Plexes, columns, and subdisks are the
constituent parts of the volume.
policy
1. A set of message filtering instructions that Symantec Mail Security 8200 Series
appliances implement on a message or set of messages. 2. In Backup Exec, a method
for managing backup jobs and strategies. Policies contain templates, which provide
settings for jobs.
protected server
Any computer on a network that is being backed up by Backup Exec, including
Backup Exec media servers.
providers
In Storage Foundation for Windows, providers are similar to drivers. Each provider
manages a specific hardware or software storage component. For example, there
is a disk provider that manages all disks that the Windows operating system sees
as disks. The providers discover the existing physical and logical entities and store
that information in Storage Foundation for Windows’ distributed database.
Normally, providers operate in the background. The exception might be when
there is a provider error on startup.
PST file
Microsoft Exchange file format. PST files are used to store messages and other
Exchange data on a user’s local drive, instead of on the Exchange server. Also
known as a Personal Folders file.
public folder archiving
Enables Enterprise Vault to archive items from Microsoft Exchange public folders.
Quarantine
A database that stores email messages separately from the normal message flow,
and allows access to those messages. On Symantec Mail Security 8200 Series
appliances, Quarantine is located on the Control Center appliance, and provides
users with Web access to their spam messages. Users can browse, search, and
delete their spam messages and can also redeliver misidentified messages to their
inbox. An administrator account provides access to all quarantined messages.
Quarantine can also be configured for administrator-only access.
RAID
RAID (Redundant Array of Independent Disks) is a collection of specifications
that describe a system for ensuring the reliability and stability of data stored on
large disk subsystems.
Glossary
RAID 0+1 volume
See mirrored striped volume.
RAID-5 Logging
RAID-5 logging ensures prompt recovery of a RAID-5 volume after a system crash.
With RAID-5 logging, updates need to be made only to the data and parity portions
of the volume that were in transit during the system crash. Thus, the entire volume
does not have to be resynchronized. A log can be created when a volume is created,
or it can be added later.
RAID-5 volume
A RAID-5 volume is a fault-tolerant volume with data and parity striped
intermittently across three or more physical disks. Parity is a calculated value
that is used to reconstruct data after a failure. If a portion of a physical disk fails,
the data on the failed portion can be recreated from the remaining data and parity.
RAID-5 volumes can be created only on dynamic disks. RAID-5 volumes cannot
be mirrored.
region
Contiguous area of storage on a disk. These regions can also be referred to as
subdisks.
resource discovery
A Backup Exec operation that allows detection of new backup resources within a
Windows domain.
resource types
In VERITAS Cluster Server, each resource in a cluster is identified by a unique
name and classified according to its type. VERITAS Cluster Server includes a set
of predefined resource types for storage, networking, and application services.
Retrieval Service
In Enterprise Vault, a Retrieval Service is associated with a specific Microsoft
Exchange Server. The Retrieval Service retrieves items from archives and stores
them in that Microsoft Exchange Server.
review marks
In Enterprise Vault Discovery Accelerator, review marks are a set of marks that
can be applied to items in all cases. These marks are set out in the scheme template.
For each new case that is created, Discovery Accelerator makes a copy of these
marks, which can then be adapted for a specific case.
review set
In Enterprise Vault Compliance Accelerator, a collection of captured messages
that are relevant to a particular department.
reviewer
In Enterprise Vault Compliance Accelerator, a user who is responsible for reviewing
one or more departments.
robotic library
A high-capacity data storage system for storing, retrieving, reading, and writing
multiple magnetic tape cartridges. It contains storage racks for holding the
cartridges and a robotic mechanism for moving the cartridge to the drive or drives.
roles
In Enterprise Vault Compliance Accelerator, roles are used to group the
permissions needed to perform specific application or department tasks. Once
roles are created, they are assigned to specific employees. Employees who do not
have permission for a particular task do not see it in their view of the Compliance
Accelerator web interface.
231
232
Glossary
Scanner
A component in an appliance or set of appliances or software that filters mail.
Each site can have one or many Scanners.
security life cycle
A method of initiating and maintaining a security plan. It involves assessing the
risk to a business, planning ways to reduce the risk to a business, implementing
the plan, and monitoring the business to verify that the plan reduced the risk.
security response
The process of research, creation, delivery, and notification of responses to viral
and malicious code threats, as well as operating system, application, and network
infrastructure vulnerabilities.
security services
The security management, monitoring, and response services that let organizations
leverage the knowledge of Internet security experts to protect the value of their
networked assets and infrastructure.
shopping baskets
Part of the Enterprise Vault Shopping Service. When users search using the Web
Access application they are able to save these search results in containers called
shopping baskets. The Shopping Service is responsible for managing these
shopping baskets and instructs the Retrieval Service to retrieve the contents of
any shopping baskets when necessary.
Shopping Service
In Enterprise Vault, the Shopping Service works in conjunction with the Enterprise
Vault Web Access application. This service enables users to save search results
from different searches and to restore selected items.
signature
1. A state or pattern of activity that indicates a violation of policy, a vulnerable
state, or an activity that may relate to an intrusion. 2. Logic in a product that
detects a violation of policy, a vulnerable state, or an activity that may relate to
an intrusion. This can also be referred to as a signature definition, an expression,
a rule, a trigger, or signature logic. 3. Information about a signature including
attributes and descriptive text. This is more precisely referred to as signature
data.
snapshot
A consistent point-in-time view of a volume that is used as the reference point
for the backup operation. After a snapshot is created, the primary data can
continue being modified without affecting the backup operation.
spam
1. Unsolicited commercial bulk email. 2. An email message identified as spam by
a Symantec security product, using its filters.
spyware
Programs that have the ability to scan systems or monitor activity and relay
information to other computers. Among the information that may be actively or
passively gathered and disseminated by spyware are passwords, log-in details,
account numbers, personal information, individual files or other personal
documents. Spyware may also gather and distribute information related to the
user’s computer, applications running on the computer, Internet browser usage
or other computing habits.
Glossary
Storage Service
In Enterprise Vault, the Storage Service serves the following functions: vault store
and archive management, conversion and storage of various message classes and
documents, retrieval of archived items for viewing, copy and conversion of archived
items for restoration, and automatic and manual deletion of archived items.
striped volume (RAID-0) A volume that stores data in stripes on two or more physical disks. Data in a striped
volume is allocated alternately and evenly (in stripes) to the disks of the striped
volume. Striped volumes can be created only on dynamic disks. Striped volumes
by themselves are not fault tolerant; however, they can be mirrored to be made
fault tolerant. They also can be extended.
subnet mask
A local bit mask (set of flags) that specifies which bits of the IP address specify a
particular IP network or a host within a subnetwork. Used to "mask" a portion of
an IP address so that TCP/IP can determine whether any given IP address is on a
local or remote network. Each computer configured with TCP/IP must have a
subnet mask defined.
suspected spam
A category of messages separate from spam. Messages fall into the suspected
spam category based on their spam scores. Different actions can be specified for
spam and suspected spam.
Suspected Spammers
A list of IP addresses from which virtually all of the outgoing email is spam,
provided by Symantec based on data from the Probe Network.
list
Symantec Security
Response
Symantec Spam Folder
Agent for Exchange
Symantec Security Response is a team of dedicated intrusion experts, security
engineers, virus hunters, threat analysts, and global technical support teams that
work in tandem to provide extensive coverage for enterprise businesses and
consumers. Symantec Security Response also leverages sophisticated threat and
early warning systems to provide customers with comprehensive, global, 24x7
Internet security expertise to proactively guard against today’s blended Internet
threats and complex security risks.
An application designed to work on Microsoft Exchange Servers. Installed
separately, the Symantec Spam Folder Agent for Exchange creates a subfolder
and a server-side filter in each user’s mailbox. The filter gets applied to messages
that a Scanner identifies as spam, routing spam into each user’s spam folder,
relieving end users and administrators of the burden of using their mail clients
to create filters.
target
In Enterprise Vault Discovery Accelerator, targets are a way of listing all the
available email addresses for one person. This enables an administrator to enter
a person’s name once when searching, to include all of that person’s different
addresses. Target groups, which are named collections of targets, can also be set
up.
template
In Backup Exec, a required element of a policy that defines how and when a job
is processed. Templates specify the device, settings, and schedule options to be
used for the job. Each policy must contain at least one template.
233
234
Glossary
threat
A circumstance, event, or person with the potential to cause harm to a system in
the form of destruction, disclosure, modification of data, or denial of service.
threat assessment
The severity rating of the virus, worm, or Trojan horse. The threat assessment
includes the damage that this threat causes, how quickly it can spread to other
computers, and how widespread the infections are known to be.
threshold
The number of events that satisfy certain criteria. Administrators define threshold
rules to determine how notifications are to be delivered.
traffic shaping
An antispam technique that prioritizes sources with good traffic and throttles
sources that are sending spam, thus reducing the load downstream in the network.
vault directory
The vault directory holds configuration information for one or more Enterprise
Vault Sites. The vault directory consists of a vault database and a directory service.
vault partition
In Enterprise Vault, the vault partition is part of the vault store. A partition
contains either UNC paths to an NTFS volume or addresses to a tertiary storage
device. These are the physical locations where archived items are stored in
Enterprise Vault.
vault site
In Enterprise Vault, a vault site consists of one or more computers running one
or more Enterprise Vault Services and sharing the same configuration information.
vault site alias
In Enterprise Vault, this alias is a pointer to the Directory Service computer. Each
vault site must have a vault site alias, which is used by Enterprise Vault to refer
to the vault site by name.
vault store
In Enterprise Vault, a vault store consists one or more vault partitions which
consist of UNC paths to an NTFS volume or addresses to a tertiary storage device.
The vault store is managed by the Storage Service.
vault store database
In Enterprise Vault, this database holds all pointers to the actual items that are
stored in the partitions, as well as data pertaining to what accounts have access
to what items.
virus
A program or code that replicates; that is, infects another program, boot sector,
partition sector, or document that supports macros, by inserting itself or attaching
itself to that medium.
virus attack
A series of virus-infected emails from a specific domain.
virus definitions file
A file that provides information to antivirus software to find and repair risks.
vulnerability
A state in a computing system which either allows an attacker to execute
commands as another user, allows an attacker to access data that is contrary to
the specified access restrictions for that data, allows an attacker to pose as another
entity, or allows an attacker to conduct a denial of service.
worm
A special type of virus. A worm does not attach itself to other programs like a
traditional virus, but creates copies of itself, which create even more copies.
Index
A
D
Admin Service
overview 103
Administration Console
Enterprise Vault configuration tasks 111
Archive service
creating 113
archives
accessing in Enterprise Vault 117
creating Exchange Public Folder Task 116
developing policies for 171
enabling for Journaled messages 116
enabling for mailbox 114
archiving systems
as a best practice 33
DeepSight Alert Service 46
desktop tier
challenges of 78
Discovery Accelerator. See Enterprise Vault
Discovery Accelerator
discovery requests
preparing for 173
simplifying to reduce costs of 173
B
Backup Exec
backing up Enterprise Vault 159
best practices 151
configuring 151
licenses 151
requirements 70
scripts for backing up 163
upgrading 151
using for spam removal 73
C
Cluster Server
agents 139
and Mail Security for Exchange 149
Collaboration Data Objects
enabling in Microsoft Outlook 106
compliance
examples of 21
legal considerations 167
Compliance Accelerator. See Enterprise Vault
Compliance Accelerator
E
email
reducing volume of 37
regulatory compliance 167
risks to availability 126
email archiving
product hierarchy 47
email as legal evidence 22
email management
and email security 29
archiving 33, 171
business email life cycle 168
compliance factors 167
configuring protection environment 80
controlling flow of information 27
costs of 24
factors of 16
migrating
legacy systems 211
minimizing mailbox content 216
recommendations 220
without moving mailbox content 215
quota policies 19
security considerations 26
understanding backup regulations 174
unwanted mail 73
violation of policies 23
email security
defining 12
multi-tiered approach 80
reducing bandwidth 29
236
Index
email security (continued)
Symantec product hierarchy 46
Email Security and Availability
checklist
deployment 60
pre-deployment 57
components of 36
how it works 39
overview 11
perimeter protection 37
reducing email volume 37
requirements 62
Symantec products 53
topology 53
email threats 15, 17
mult-tiered approach to reducing 73
spam 73, 169
viruses 171
Enterprise Vault
Administration Console 111
backup and recovery 118
backup sequence 164
components of 97, 159
configuration best practices 110
Configuration Wizard options 110
configuring Windows components 107
email
archiving 92
retrieving 93
installation best practices 109
installed services 95
installing Exchange System Manager 2003 108
installing with Enterprise Vault Compliance
Accelerator 187
installing with Enterprise Vault Discovery
Accelerator 182
managing Exchange migrations 213
overview 95
planning for deployment 97
preparing for installation 104
preparing server for installation 106
reducing database size 219
requirements 65
scalability recommendations 100
scalable storage solution 44
selecting archive index levels 103
setting retention categories 115
Site Alias
creating on DNS server 108
Enterprise Vault (continued)
software prerequisites 104
SQL login account 105
usage tips 121
using with Backup Exec 159
Enterprise Vault Compliance Accelerator
Application Administration page 193
backup and recovery best practices 204
browser interface recommendations 192
configuration best practices 191
configuring for large installations 181
customization best practices 198
Department Administration page 193
installing best practices 187, 190
Journaling Connector requirements 189
overview 178
SQL Server requirements 189
troubleshooting 208
upgrading best practices 202
Enterprise Vault Discovery Accelerator
browser interface recommendations 186
customization best practices 193
installing best practices 182, 184
overview 178
post-installation best practices 185
SQL Server requirements 184
troubleshooting 205
Exchange. See Microsoft Exchange
Exchange Mailbox reports
generating 117
Exchange server. See Microsoft Exchange server
Exchange System Manager 2003
installing with System Management tools 108
F
FlashSnap 133
G
gateway tier
challenges of 75
groupware
environment protection 38
I
indexing levels
Enterprise Vault 103
installation
best practices 184, 190
Index
installation (continued)
Enterprise Vault
preparing for 104
Enterprise Vault best practices 109
internal email security 32
O
J
P
Journal Mailbox 116
Journaling Connector
adding or upgrading 202
requirements 189
perimeter
protecting 37
protection solutions 31
threats 30
policies
creating in Enterprise Vault 115
PST archive migration 94
M
Mail Security for Exchange
adding to Cluster Server 149
custom policies 86
file filtering rules 85
multiserver console 84
recommended settings 83
updating virus definitions 85
zip files 85
mail server tier
challenges of 76
Mailbox Archiving Task 114
MAPISVC file
replacing in Microsoft Outlook 107
mass-mailer worms 30
message archiving 33
Microsoft Exchange
and Symantec Email Security and Availability
solution 127
email risks 125
migration considerations 211
minimizing migration risks 217
reducing size of data stores 94
storage group recommendations 133
Microsoft Exchange forms
distributing 113
installing 113
Microsoft Exchange server
creating an Outlook profile on 109
protection best practices 81
using for email storage 92
Microsoft Outlook
configuring for use with Enterprise Vault 106
replacing MAPISVC file 107
Microsoft SQL Server. See SQL Server
Off-host backup
using 159
Offline Vault
using with archives 117
R
recovery solutions 34
retention categories
setting in Enterprise Vault 115
S
scalable failover clustering 44
service groups
VERITAS Cluster Server 138
Site Alias
using with Enterprise Vault 108
SMTP gateway perimeter protection 86
spam. See email threats
SQL
and Backup Exec 161
backing up server 161
creating login account for Enterprise Vault 105
database backup recommendations 119
SQL Server
requirements
Enterprise Vault Compliance
Accelerator 189
Enterprise Vault Discovery Accelerator 184
Storage Foundation
best practices 129
FlashSnap option 133
Storage Foundation HA for Windows 43
best practices 135
configuring storage resource 144
implementation planning 139
Symantec Availability Hierarchy 40
Symantec Backup Exec 41
237
238
Index
Symantec Email Security and Availability for
Microsoft Exchange. See Email Security and
Availability
how it works 36
Symantec Email Security and Availability for
Microsoft Exchange solution
components of 13
Symantec email security solution
server architecture 80
Symantec Enterprise Vault Consulting Services
Center
Web sites 100
Symantec Global Intelligence Network 78
Symantec Mail Security for Microsoft Exchange
server requirements 64
Symantec Professional Services 48
T
traffic shaping 75
troubleshooting recommendations
Enterprise Vault Compliance Accelerator 208
Enterprise Vault Discovery Accelerator 205
U
User Extensions
using with archives 117
V
Vault Administrator toolbar utility
using for recovery 119
Vault shortcut
using with archives 117
Vault Store
creating 112
creating Archive service on 113
enabling mailbox archiving 114
journaling mailboxes 116
recommendations
partition settings 102
VERITAS Cluster Server 44
overview 137
VERITAS Enterprise Vault. See Enterprise Vault
VERITAS Storage Foundation for Windows
requirements 66
VERITAS Storage Foundation High Availability for
Windows
best practices 144
requirements 69
viruses
as perimeter threats 30
minimizing threat of 171
W
worms
mass-mailer threats 30
This Symantec Yellow Book is intended to help organizations deploy a combination of Symantec
products to ensure the security and availability of email in the Microsoft Exchange environment.
It explains how Symantec’s Email Security and Availability solution can reduce the risk and potential
needs, and optimize the accessibility and resiliency of the email infrastructure. It includes a brief
technical overview of Symantec’s Email Security and Availability solution and describes the combination of Symantec products that are considered essential to optimize email management in a
Microsoft Exchange environment. Specifically, the products for which tips and recommendations
are given are Symantec Mail Security for Exchange, Symantec Brightmail AntiSpam and the Symantec
Mail Security 8200 series of appliances, VERITAS Enterprise Vault, VERITAS Storage Foundation for
Windows (including HA), and Symantec Backup Exec.
This Symantec Yellow Book is focused on addressing the needs of Windows platform–oriented
organizations with 1,000–2,500 employees.
About Symantec Yellow Books™
Symantec Yellow Books deliver skills and technical know-how to technical professionals in our customer
and partner communities and to the technical marketplace in general. Their intention is to show how
to solve real-world business and technical problems using Symantec solutions; to enhance the efficiency
of IT staffs and consultants regarding product installation and configuration; and to provide technical
know-how on product implementation and integration issues.
Copyright © 2006 Symantec Corporation. All rights reserved.
01/06 10529225
An Introduction to Symantec Email Security and Availability for Microsoft Exchange
downtime posed by security threats and spam, help meet email policy and regulatory compliance
Symantec Yellow Books™
An Introduction to Symantec Email Security
and Availability for Microsoft Exchange
An Introduction to
Symantec Email Security
and Availability for
Microsoft Exchange
A Comprehensive Approach to
Effectively Managing Email Environments
Overview of email security, availability, and
resilience concept
Best practices for implementing Symantec
email security and availability solutions
Technical information regarding multiple
product deployment, configuration sequences,
and achieving synergies
For more information, go online:
www.symantec.com
10529225
Symantec Yellow Books Cover Layout 01.12.06
Download PDF

advertising