EXC16 DCAR with Exchange

1
EXC16DCAR with Exchange

• Devin L. Ganger (3Sharp LLC) deving_at_3sharp.com
• (e)Mail Insecurity http//blogs.3sharp.com/blog/d
  eving/

2
Download the most up-to-date version of these
slides athttp//www.3sharp.com/files/deving/exc1
6-ganger-s07.ppt
3
Download the free ebook athttp//www.windowsitli
brary.com/Ebooks/emaildiscovery/Index.cfm

• Published by Windows IT Pro
• Sponsored by CA
• E-mail registration required

4
Managing the Email Systems Data

• Four key concepts for email management (DCAR)
• Discovery finding messages for litigation.
• Compliance meeting legal and regulatory
  requirements.
• Archival holding on to the messages you need.
• Retention winnowing out the messages you dont
  need.
• All four involve mechanisms, policies, and people
• All four overlap and are facets of the same
  subject

5
What do they need?

• Discovery
• Fast storage and retrieval
• Accurate and comprehensive indexing
• Control over offline mail stores (PSTs)
• Global scope entire messaging system
• Compliance
• Enforcement of required behavior
• Monitoring and auditing
• Goal-oriented guidance vs. specific guidance
• Global scope entire messaging system

6
What do they need? (continued)

• Archival
• Clear requirements from all sources
• Control over offline mail stores (PSTs)
• Long-term storage, indexing, and recovery
• Global scope entire messaging system
• Retention
• Clear requirements from all sources
• Pre-established criteria
• Control over offline mail stores (PSTs)
• Global scope entire messaging system

7
Putting it all together

• All four areas are affected by the same inputs
  SLAs, legal liability, etc.
• Design a unified DCAR solution
• Identify your business drivers
• Relate your drivers to the four components
• Identify affected people and processes
• Identify required features for hardware
  software
• Identify pending changes to messaging system

8
Where Does Journaling Fit?

• Journaling is not an end goal
• What information are you trying to journal?
• What do you want it for?
• What, then, is journaling?
• Transport mechanism into DCAR
• One of many available
• Journaling
• MAPI
• Log shipping
• Client scanning

9
Messaging Environment

• Running Exchange 5.5 (or earlier)?
• Upgrade!
• Bleak supportability story
• Youll need third-party software
• Many limitations which cant be easily worked
  around, even with third-party software
• Running Exchange 2000/2003?
• Start planning now for an upgrade path
• Keep the limitations firmly in mind
• Look at server/site consolidation
• Youll need third-party software
• Running Exchange 2007?
• Out-of-box support is better
• Youll still need third-party software

10
Know Your Organization!

• AD forests, domains, sites
• Admin and routing groups
• Routing/front-end/bridgehead servers
• Mailbox/public folder servers
• Public folder servers
• Clients
• Mail-enabled applications
• LAN/WAN bandwidth
• Backup and recovery
• Message hygiene
• Message transport security
• Encrypted messages

11
Four Fatal Design Flaws

• Pushing the p word
• Letting loose the winds of change
• Engaging in tunnel vision
• Expecting people to change

12
What can you do natively in Exchange?

• Message journaling
• Simple journaling
• Introduced in Exchange 5.5 SP1
• No BCC recipients
• No DL expansion
• No address rewriting
• Gone in Exchange 2007
• BCC journaling (Exchange 2000x)
• Add a registry entry
• Exchange 2003 RTM
• Exchange 2000 SP3 KB 810999
• Gone in Exchange 2007
• Envelope journaling
• Exchange 2003
• Exchange 2000 SP3 Post-SP3 Update Rollup
• Only option in Exchange 2007

13
Example Envelope journal message
from http//technet.microsoft.com/en-us/library/bb
124288.aspx
14
New Exchange 2007 capabilities

• Managed Folders
• Create, push, and manage folders in mailboxes
• User sorts mail into appropriate folders
• Still subject to quota restrictions
• Transport Rules
• Applied to all messages that pass into the
  organization
• Applied by all hub transports
• Holes in rulesets, but you can do a lot
• Message Classifications
• Allows messages to be assigned a classification
• Rules can act on those classifications
• Visible reminder to users!

15
Example Managed Folders
16
Example Transport Rules
17
Example Message Classifications
18
Other native Exchange capabilities

• Backup/restore APIs
• Streaming (de-emphasized in Exchange 2007)
• VSS
• Message and transport security
• SSL/TLS
• IPSec
• S/MIME
• Event sinks (replaced by Agent API in Exchange
  2007)
• Auditing
• Protocol logs
• Message tracking
• PowerShell reporting (not just for Exchange 2007
  see EXC18 for more details!)

19
What Exchange Cant Do

• PST management
• Policy-based archival
• Indexing and searching
• Consider your search interface Boolean or not?
• Natural language processing
• New capabilities in Exchange 2007
• Fine-grained access control and auditing
• Integrate with other applications
• Telephony (Exchange 2007 UM offers inbound
  voicemail and fax)
• Instant messaging
• Mail-enabled applications (databases)

20
Questions?