Enterprise Vault Administrator s Secrets

Enterprise Vault Administrator s Secrets Patti Rodgers Sr. Principal Business Critical Engineer 1

Agenda 1 Welcome! 2 Discovering Lesser-Known Features 3 Using Existing Features in New Ways 4 Increasing Manageability by Tapping Into Windows 5 Q & A 2

Introduction and Welcome 3

Business Critical Service Plans At a Glance Managed Back Up End to end management of backup technology and data Advanced Access Top of queue rapid reactive response Remote Product Specialist Direct access to a named technical guru Premier A Customized comprehensive mission critical service solution delivered by a dedicated support team Dedicated Residency Services Dedicated onsite technical expert Managed Enterprise Vault End to end management of Enterprise Vault technology and data 4 Enterprise Vault Administrators Secrets 4

Discovering Lesser-Known Features of Enterprise Vault 5

Customizing the Welcome Message by Mailbox Policy Scenario: A Welcome message can provide useful information introducing new end users to EV but would be more powerful if tailored to user-specific policies and functions User how to s based on functions they actually have Screenshots or tips that reflect the user s client view Customized internal FAQ pages Language options, local Helpdesk numbers Solution: Create a custom Welcome Message per Mailbox Policy Prepare the messages Use provided templates found in the \Install root\languages\en folder Edit with Outlook (not using Word as email editor) Save with relevant filename and.msg extension, stored in \Install Root Update the database Messages will be sent based on the Exchange Mailbox policy applied to the user at the time they are enabled 6

Customizing the Welcome Message by Mailbox Policy Using Outlook, customize the provided template to contain as much or as little information as the users need Save in.msg format to the root of the EV install directory, giving each message a unique file name 7

Customizing the Welcome Message by Mailbox Policy Use a SQL statement to define the relative file name of the Welcome Message, based on the Provisioning Group. However, this value is actually tied to the Exchange Mailbox Policy. Unique Mailbox policies per provisioning group may be required. Restart the Admin Service to apply immediately. 8

Customizing the Welcome Message by Mailbox Policy The end result is flexibility in assigning more precise, meaningful welcome messages, tailored to the user s actual EV client experience 9

FileReRegister.bat Scenario: Various COM Object errors; Troubleshooting calls for a full reinstall Solution: FileReRegister.bat Ships with EV9 and later; found in the installation root Re-registers all EV.dll s and executables 10

Generating PowerShell Backup Scripts Scenario: Writing pre/post backup scripts is timeconsuming and clumsy Solution: Automatically generate environment-specific cmdlets transform-backups.ps1 Technoted for EV10 but ships in later EV9 releases Fills in all environmental values such as Vault Store or Group name Copy the relevant syntax into text files and prepare the backup pre/post scripts as normal 11

Setting GCOverRide Scenario: Server-level Global Catalog binding may not fit all situations Cross-domain archiving Mixed Exchange targets, such as during an Exchange migration Challenges with logical Active Directory architecture Solution: Override the server default Global Catalog binding Updated in SQL Database For cross-domain lookups, update both the Domain and the Target Exchange server For single domain lookups, update only the Exchange server Restart the Task Controller service after applying changes Evaluate the need to back out the change (for example, when the Exchange migration is complete) 12

Using Existing EV Features and Functionality in New Ways 13

Reduce Storage through Custom Filtering/Selective Journaling Scenario: It gets expensive to store non-relevant mail, especially in Journal archives Solution: Apply special handling to specific messages to expire them earlier or not archive them at all Selective Journaling and Custom Filtering are closely related; Custom Filtering offers more flexible and sophisticated rules Selective Journaling only works for Journal Archiving; Custom Filtering works for Journal or Mailbox Archiving Action Store in alternate archive Delete or Drop Apply Custom Retention Archive Normally Criteria Sender Distribution List Member MAPI Property Direction (Inbound/Outbound) 14

Reduce Storage through Custom Filtering/Selective Journaling Configure any pre-requisites such as custom retention categories Configure and test archiving Create the Rules file Enable the Rule(s) via Registry Keys Restart the relevant Archiving Task(s) Rules, once in place, will apply to all tasks on the server holding the rules file Repeat the configuration for each additional server Validate the rule 15

Reduce Storage through Custom Filtering/Selective Journaling Example Filter Rules.xml can be used as a template Prepare the xml file and save to \Enterprise Vault\Custom Filter Rules folder Each rule may have multiple conditions Each file may have multiple rules The first matched rule is applied 16

Reduce Storage through Custom Filtering/Selective Journaling <?xml version="1.0"?> <RULE_SET xmlns="x-schema:ruleset schema.xdr"> <RULE NAME="HELPDESK_MAIL" ACTION="MOVE_DELETED_ITEMS"> <AUTHOR INCLUDES="ANY"> </RULE_SET> <EA>helpdesk@example.com</EA> </AUTHOR> </RULE> 17

Reduce Storage through Custom Filtering/Selective Journaling Tying Into Existing Anti-Spam Technologies X-Spam-Flag: YES X-SpamInfo: spam detected heuristically X-SpamReason: Yes, hits=50.0 required=7.0 tests=surbl: [cm0wmdaylm5lda==],url signature: cm0wmdaylm5lda== Some anti-spam software appends the subject line as well 18

Reduce Storage through Custom Filtering/Selective Journaling Enable via registry key Quickly disable by setting same key to 0, should troubleshooting be required Some third party products also write a filter-related registry key; take care with assigning the filter key values in the correct order 19

Reduce Storage through Custom Filtering/Selective Journaling Event Log and dtrace can confirm the filter is loaded OR alert the Admin to problems with the filter These filters can be applied to Journal, Mailbox and File System archiving Some criteria or action available will vary with the component If not adding custom index attributes, a warning at the filter startup is considered cosmetic 20

Reduce Storage through Custom Filtering/Selective Journaling No Filter With Filter Note that when certain versions of Exchange are being Journal Archived with a filter in place, messages may first go to Pending status. They will be filtered once the Journal Delay has elapsed! 21

Reduce Storage through Custom Filtering/Selective Journaling Potential Uses Decrease overall storage by culling non-discoverable, non-company-related mail from the archive before it is ever archived Drop certain mails from specific senders Helpdesk, Facilities, Maintenance Internal application status messages (Backups completed, fax images sent) External email blasts (online shopping, horoscopes, weather) Anywhere from 30-60% of external email is considered irrelevant Dark senders, company confidential External counsel Tie into perimeter anti-spam Subject line Suspect Spam or Spam identification MAPI Attributes or other identifiers Direct certain messages such as those from external counsel to a specific archive with customized security Apply longer retention to messages to/from executives, research teams or other key players 22

Reduce Storage through Custom Filtering/Selective Journaling Best Practices Start filters small and build up Observe performance as additional rules are added When configuring Delete/Drop filters, configure as Move to Wastebasket first, to observe the success or identify any issues. Then adjust the filter to actually perform the delete When used in conjunction with Compliance Accelerator Journal Connector, configure any Delete/Drop filters to execute first. This prevents CA from performing random sampling against items that will end up being dropped Ensure that Legal/Compliance/Forensics teams are in agreement on the rules 23

Creating and Deploying Purge Mail Folders Scenario: Users want an easier way to remove items from their archives in bulk Less frustration for the user than deleting in bulk via Archive Explorer Bypass Outlook locking or similar issues when users delete thousands of items Prevent excessive load on EV servers and SQL during production hours by shifting the actual record/storage deletes to the overnight hours Solution: Leverage Retention Folders ( deployed via EVPM) to make it easier for users to delete unwanted archived mails in bulk Requires Storage Expiry to be configured and running and a vehicle for the user to send the retention changes back to the server Shortcuts (in conjunction with Shortcut Location Updates turned on) Virtual Vault (with policies configured to allow re-org) 24

Creating and Deploying Purge Mail Folders High Level Setup Confirm current Retention Category and Expiry setup if Expiry is not already enabled in the Site Configure Shortcut Location Updates with Retention Updates if not already enabled. Do not roll out globally all at once! Create a new Retention Category with 1-Day Retention Create an EVPM Script to deploy a Purge Mail folder (or similar name) and apply the 1-Day Retention to this new folder Archive a single item from this folder to force it into Virtual Vault view and the database immediately If the user will be dragging shortcuts to the Outlook folder, consider running a split nightly schedule: An initial run of the Archiving task, which will perform normal archiving, as well as perform the location/retention updates A run of Storage Expiry, to purge items from the Archive A second run of the Archiving task, which will clear any shortcuts that were made orphan during the Expiry If the user will be using Virtual Vault to apply the new Retention periods, the changes will not be reflected until Vault Cache has been sync ed 25

Creating and Deploying Purge Mail Folders This demonstration starts with creating an email test message and archiving it to a standard 7-year retention category. A special 1-day retention category is set up but is not applied yet. Shortcuts will not be created for this demonstration; the item will be moved in Virtual Vault. All required policies are configured. 26

Creating and Deploying Purge Mail Folders Confirm the Retention by viewing in Archive Explorer Right click Display Options to add the Retention Category to the exposed details 27

Creating and Deploying Purge Mail Folders The identifier Legacy MbxDN is required to prepare the EVPM script To find this easily, query the ExchangeMailboxEntry table in the Directory database OR, obtain the user Archive ID from the archive s properties, and resolve using the Find Archives or Folders tool in the Admin Console The DN will be displayed in the list of archive details 28

Creating and Deploying Purge Mail Folders 29

Creating and Deploying Purge Mail Folders The name of the system mailbox associated with the target Exchange server must be specified when running EVPM. 30

Creating and Deploying Purge Mail Folders The new folder will appear in Outlook and, if exposed, its retention can be viewed from Folder Properties Before items can be purged from this folder, it must be registered in EV To register the folder, a single item must be archived (manually or via schedule) and the Vault Cache must be sync ed to display in Virtual Vault If deleted, the folder can be re-created by re-running the same script 31

Creating and Deploying Purge Mail Folders Item is no longer in the Inbox when viewed in Archive Explorer. Item has moved to the Purge Mail folder and the retention has changed. 32

Tapping Into Windows 33

Selective Database Index Maintenance Scenario: Frequent SQL maintenance is critical to Enterprise Vault performance, but difficult to schedule around archiving windows, backups and other activities Solution: Perform maintenance selectively Use a manually configured Maintenance Routine rather than a wizarddriven routine, for more flexible and granular configuration Focus only on indexes that matter Over 1000 page count, as below this threshold MS SQL Server will not use the index Set a minimum fragmentation threshold (i.e. 40%), don t spend time on healthy indexes Combine with a less frequent all indexes job Combine with additional steps in the routine such as sending Job Complete notifications or capturing SQL index health metrics 34

Selective Database Maintenance Manually configure the maintenance job to run T-SQL statements, an option not available in the Wizard Use more complex SQL syntax to target indexes by page count and fragmentation level 35

Power Database Queries Scenario: The Administrator needs relevant metrics about the environment, for planning, monitoring or operational purposes Solution: Query the EV databases SQL Databases hold the main brain of the entire EV site Enterprise Vault Directory: detailed information about the servers, services, data sources, policies, users (when applicable), and archives Vault Store Databases: what was archived, when, how big it was/is and where it currently resides (note: does not contain actual email or document data). One per Vault Store. Monitoring Database (if deployed): useful metrics such as service uptime, already being collected by Enterprise Vault Discovery/Compliance Accelerator: detailed information about cases/departments, searches, schedules and reviewer activity is stored in at least two databases per application SQL Query Analyzer, SQL Reporting Services, custom websites and custom applications provide access to the data Use Technote references and Symantec Connect forums as references SQL Select statements are read-only; do not make direct edits to the EV databases without Support guidance or Technotes, and be aware of the overhead introduced by very complex queries 36

Power Database Queries (Checking Task Status) SELECT CE.ComputerName "EV Server", T.Name "Task Name", CASE TM.Status WHEN 0 THEN 'Stopped WHEN 1 THEN 'Running WHEN 2 THEN 'Paused WHEN 3 THEN 'Disabled WHEN 4 THEN 'Loading WHEN 5 THEN 'Stopping WHEN 6 THEN 'Failed WHEN 7 THEN 'Refreshing WHEN 8 THEN 'Service Unavailable WHEN 9 THEN 'Error WHEN 10 THEN 'Completed WHEN 11 THEN 'Completed With Errors WHEN 12 THEN 'Queued WHEN 13 THEN 'Not In Schedule' END AS "Task Status", TM.EntryTime "Time Checked" FROM EnterpriseVaultMonitoring.dbo.TaskMonitoring TM, EnterpriseVaultDirectory.dbo.Task T, EnterpriseVaultDirectory.dbo.ComputerEntry CE WHERE TM.TaskID = T.TaskEntryID AND T.ComputerEntryId = CE.ComputerEntryId ORDER BY CE.ComputerName, T.Name 37

Power Database Queries (Building a Simple Website) Create a HTML form that calls an ASP.NET page The ASP.NET page queries the Archive table based on the input from the form 38

Power Database Queries (Building a Simple Website) User Details are pulled from the Enterprise Vault Directory database as well as the user s own Vault Store database. Other relevant metrics may include index status and EV quota. 39

Power Database Queries (Building a Simple Website) Basic.ASP source code and labels Labels within the code help the designer define where to display the data within the HTML 40

Power Database Queries Demonstration of syntax used to embed a SQL query, for example to add additional detail to the web page 41

Power Database Queries One-stop Service Desk tool with all relevant user details and metrics IT Administrator page to consolidate Compliance/Discovery Accelerator metrics usually only easily accessible to end users Storage aging and trending metrics Activity trends and history The result is a simple, easy tool to view the various details. 42

Using Scripts to Trawl Logs Scenario: It can be difficult and time-consuming to analyze the many reports and logs that Enterprise Vault creates MoveArchive, Provisioning, Shortcut Location Updates, end user logs Per user, per run, per instance Solution: Automate using scripts and known text strings Identify patterns of errors for proactive troubleshooting Which users Move Archive jobs are failing because they are over their Exchange quotas? How often are Vault Cache syncs failing because there are not enough slots? Are users being frequently moved to non-managed Exchange servers? Are there many Orphaned Shortcuts in my environment? Locate and distill relevant metrics How many items could not be migrated from this batch of PST s? How frequently are users changing Provisioning Groups? Are the archiving policies and windows configured for maximum efficiency? 43

Using Scripts to Trawl Logs Prepare a text parsing script (VB, C#, etc) seeking known text strings such as error codes or status messages Centralize the logs or reports Execute the script to identify those reports or logs bearing the known condition Optionally, remove logs/reports or reprocess with additional conditions The Administrator can now apply corrective action or consolidate the metrics 44

Using Scripts to Trawl Logs An administrator can quickly parse hundreds of Move Archive reports to identify those users whose jobs are stuck because their Exchange mailboxes are over Quota, preventing shortcut updates and additional processing. 45

Q&A and Closing 46

Partnership with BCS Proactive tuning of common Enterprise Vault components Deep knowledge of how Enterprise Vault interacts with the OS, Microsoft Exchange and Microsoft SQL Collaboration on the right time to migrate to new hardware for Enterprise vault servers Hardware migration and Upgrade Assistance services Guidance on how to implement new Enterprise Vault features General Trusted Advisor role Enterprise Vault Administrators Secrets 47

Poolside Ask the Information Availability Experts Happy Hour Session IA B16 Tuesday April 16, 5-6 pm Talent Pool Bring your questions and your sunglasses and stop by the pool to share a drink and some conversation with the experts to discuss business continuity, disaster recovery, high availability and more. Stop by and unwind, get some fresh air and grab a cool beverage with the experts. Business Continuity Business Critical Services Data Insight and Enterprise Vault Storage Foundation High Availability Intel Microsoft Red Hat Violin Ask the Information Availability Experts Happy Hour 48

Additional Resources Advanced Strategies for Monitoring Enterprise Vault (includes many sample scripts and queries) http://www.symantec.com/docs/howto74545 Custom Filtering Sample Rulesets http://www.symantec.com/docs/howto58121 Deploying Retention Folders with EVPM http://www.symantec.com/docs/tech74355 Symantec Connect Community http://www.symantec.com/connect/ Enterprise Vault Administrators Secrets 49

Thank you! Patti Rodgers Patti_rodgers@symantec.com 202-615-1948 SYMANTEC PROPRIETARY/CONFIDENTIAL INTERNAL USE ONLY Copyright 2013 Symantec Corporation. All rights reserved. 50

Power Database Queries (Tallying Item Counts By Retention) SELECT RCE.RetentionCategoryName "Retention Category", FROM EnterpriseVaultDirectory.dbo.RetentionCategoryEntry RCE, COUNT(DISTINCT(S.IdTransaction)) "No. Archived Items MyVaultStore.dbo.Saveset S WHERE S.RetentionCategoryIdentity = RCE.RetentionCategoryIdentity GROUP BY RCE.RetentionCategoryName ORDER BY RCE.RetentionCategoryName 51

Power Database Queries (Getting User Details) USE EnterpriseVaultDirectory SELECT A.ArchiveName "Archive Name", R.VaultEntryId "Archive ID", VSE.VaultStoreName "Vault Store", C1.ComputerName "Storage Server", ESE.ExchangeComputer "Exchange Server", C2.ComputerName "Task Server", IV.IndexedItems "Archived Items", IV.OldestItemDateUTC "Oldest Item Sent/Received", IV.YoungestItemDateUTC "Newest Item Sent/Received", IV.OldestArchivedDateUTC "Oldest Item Archived", IV.YoungestArchivedDateUTC "Newest Item Archived" FROM ExchangeMailboxEntry EME, Root R, Archive A, VaultStoreEntry VSE, StorageServiceEntry SSE, ComputerEntry C1, ComputerEntry C2, IndexVolume IV, Task T, ArchivingRetrievalTask ART, ExchangeMailboxStore EMS, ExchangeServerEntry ESE WHERE EME.DefaultVaultId = R.VaultEntryId AND R.RootIdentity = A.RootIdentity AND A.VaultStoreEntryId = VSE.VaultStoreEntryId AND VSE.StorageServiceEntryId = SSE.ServiceEntryId AND SSE.ComputerEntryId = C1.ComputerEntryId AND EME.MbxStoreIdentity = EMS.MbxStoreIdentity AND EMS.ExchangeServerIdentity = ESE.ExchangeServerIdentity AND ESE.ExchangeServerEntryId = ART.ExchangeServerEntryId AND ART.TaskEntryId = T.TaskEntryId AND T.ComputerEntryId = C2.ComputerEntryId AND R.RootIdentity = IV.RootIdentity ORDER BY A.ArchiveName 52

Power Database Queries Use SQL Jobs to automatically run queries and email results useful for gathering metrics and monitoring for specific conditions 53

Customizing the Message of the Day The default landing page at http://myevserver/enterprisevault Can be sent down as an Internet favorite or pushed to an Outlook custom folder Search button takes the user to the familiar search.asp page With a few easy steps, the Administrator can embed a global message. 54

Customizing the Message of the Day Access the Site Properties on any EV server Populate the System Message field Restart the Admin Service on each EV server to display immediately, or allow changed to be picked up during normal service background refreshes Only configured once per EV Site Can be changed as often as desired 55

Customizing the Message of the Day 56

Redirecting Replies to Welcome Messages Prevent any user replies from being black holed by changing the Reply To address on the message template Expose the option from Outlook Message Options, set, then save as.msg CC the Helpdesk on outgoing Welcome messages for real-time alerts of user enrollments 57