Archiving101.com

An small update about the ‘lost’ Whitehouse emails.  I found this article well written .. but what mostly was shameful from an archiving vendors point was how this, obvious important data, was captured and retained:

“Instead, the White House has instituted a comically primitive system called “journaling,” in which (to quote from a recent Congressional report) “a White House staffer or contractor would collect from a ‘journal’ e-mail folder in the Microsoft Exchange system copies of e-mails sent and received by White House employees.” These would be manually named and saved as “.pst” files on White House servers.  ”

An elephant never forgets? George W. Bush’s lost e-mails

Read the entire article here

Still one of my favorite topics and seeing the discussions this triggers on the blog, also its high on other peoples lists.   While Googling for some information I ran across this prime piece of whitepaper. Quest’s Compliance Archiving with Microsoft Exchange Server.   Written by Michael Tweddle, who is the Technical Director for Intelligent Messaging Solutions at Quest Software this document initially looked interesting to read (I can recommend drinking this with a good whitepaper on a Saturday night).  

 Now .. it was all fine till I ran into the following:

“There are two key advantages of using journaling versus log shipping for e-mail compliance archiving: since log shipping is not designed for compliance, it does not capture any kind of recipient information in the To, CC, BCC fields, and distribution list expansion unless an organization manually retrieves this information. “

It looks like Mr Tweddle does not understand the way Transaction Logs work in Exchange … after all how else would you be able to reconstruct an Exchange Database using transaction logs from an older backup?   For this Mr Tweddle .. I have to unfortunately award you the famous Lost Envelope Award.

First of all .. I really applaud what Microsoft has been doing with Exchange 2007 .. it brought many features to customers that really have been valuable (I particularly love the logshipping and powershell stuff).   Another feature that was introduced was the transport rules  agent. 

 To quote Microsoft:

Many organizations today are required by law, regulatory requirements, or company policies to apply messaging policies that limit the interaction between recipients and senders, both inside and outside the organization (so called Ethical Walls). In addition to limiting interactions among individuals, departmental groups inside the organization, and entities outside the organization, some organizations are also subject to the following messaging policy requirements:

• Preventing inappropriate content from entering or leaving the organization
• Filtering confidential organization information
• Tracking or archiving messages that are sent to or received from specific individuals
• Redirecting inbound and outbound messages for inspection before delivery
• Applying disclaimers to messages as they pass through the organization

The Transport Rules agent that runs on a Hub Transport server helps you meet each of these requirements. Through the Active Directory directory service, Exchange Server 2007 can apply a consistent messaging policy configuration across the organization. Each Hub Transport server queries Active Directory to retrieve the organization’s current transport rule configuration and then applies that transport rule configuration to e-mail messages that the server encounters. This enables e-mail administrators to set policies across the organization and to implement them on the Hub Transport server as soon as replication occurs.

 I like it that Microsoft at least now puts out the following disclaimer:

Important:
Transport rules can’t prevent people from communicating in other ways, such as networked file shares, newsgroups, or e-mail services that don’t deliver messages to an Exchange 2007 organization.

Now … let me show you another very easy way to bypass an Exchange 2007 Ethical Wall even when there is a MAPI based archiving product being used and complete get away with it undetected (disclaimer .. not telling you to break any laws here).   When you enable journaling you will capture only emails and calendar invites.  Transport rules will prevent you from sending emails through the system so that is out of the question.  Since Journaling doesn’t capture manually created calendar entries in your mailbox all you simply have to do is give read access to your calendar to the other person. Create a calendar entry and simply write the text in there that you’d like to pass on.  Heck .. if you give create/modifying rights you can even have your own calendar chat.  Since most MAPI based archiving products run their ’storage management’ processes out of business hours since it takes a hit on the Exchange Servers, these calendar items chats, if they can actually be scavenged by the archiving product will go completely undetected if you delete the item before the archiving run.  It won’t show up in the audit logs or journal logs.  Again … an area for improvement I have to say.

Interesting … another vendor, MessageOne, (after Mimosa Systems and Exchange@PAM) moves away from Journaling to capture data from Exchange.

http://sev.prnewswire.com/computer-electronics/20071210/LAM009A10122007-1.html

New Capture Mechanism Allows for Targeted Archiving

When litigation occurs, companies must protect historical and ongoing email communications from destruction. Since these capabilities are not provided by Exchange, companies need an archive that enables lawyers to place and remove litigation holds on any user or group at any time.

While litigation typically affects just a small subset of users, most email archiving solutions use Exchange Journaling which requires the capture of every message for all users in a data store. With users spread across multiple servers and data stores, companies are forced to archive messages for everyone to meet litigation requirements for a small number of mailboxes. The result is complex and expensive deployments that can take years to fully complete.

To ease and expedite deployment, MessageOne has introduced the first capture mechanism that does not rely on Exchange Journaling. MessageOne’s on-demand EMS Email Archive integrates natively with Exchange to synchronize messages for any sub-set or combination of users, including those on different servers or storage groups. The quick start EMS Email Archive program allows companies to deploy archiving at once and begin e-Discovery for the most critical users.

“One of the biggest obstacles of archiving is the requirement for companies to complete mammoth, complex and expensive deployment projects,” said Bryan J. Rollins, vice president of product management at MessageOne. “Now, for the first time, enterprise customers can deploy rapidly to any user or group and start archiving immediately.”