What s New in Exchange 2013 Archiving and ediscovery. By Paul Robichaux



Similar documents
ARCHIVING FOR EXCHANGE 2013

Waiting to Upgrade: Understanding Archiving and ediscovery Limitations in Exchange by Michael Noel and Rick Wilson

68% Meet compliance needs with Microsoft Exchange. of companies send sensitive data via .

Microsoft Exchange 2010 Archiving and the Value of Third-Party Solutions

Enhancing Microsoft Exchange & Office 365 Archiving, Retention, and Discovery with Netmail

ARCHIVING. Keep a complete history without breaking the bank.

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

Addressing Archiving and Discovery with Microsoft Exchange Server 2010

Veritas Enterprise Vault for Microsoft Exchange Server

MICROSOFT EXCHANGE 2013 WHAT EVERY LEGAL PROFESSIONAL SHOULD KNOW

Understanding Archiving and ediscovery in Exchange 2013

Symantec Enterprise Vault.cloud Overview

Approximately 260 PST files totaling 180GB will be included in the pilot. 2. Are the Windows XP clients running XP 64 bit or 32 bit OS?

MOC 20342B: Advanced Solutions of Microsoft Exchange Server 2013

Data Sheet: Archiving Symantec Enterprise Vault Store, Manage, and Discover Critical Business Information

Symantec Enterprise Vault and Symantec Enterprise Vault.cloud

Office 365 for the Information Governance and ediscovery Practitioner. Part II: ediscovery Deep Dive October 27, 2015

What are the compliance challenges of Microsoft Office 365?

Symantec Enterprise Vault for Microsoft Exchange

Take Advantage of Newer, More Powerful and Flexible Solutions: Exchange 2010/2013, or Cloud Solutions such as Office 365

Symantec Enterprise Vault for Microsoft Exchange Server

10 Reasons Why Enterprises Select Symantec.cloud for Archiving

White Paper. Mimosa NearPoint for Microsoft Exchange Server. Next Generation Archiving for Exchange Server By Bob Spurzem and Martin Tuip

# Is ediscovery eating a hole in your companies wallet?

Symantec Enterprise Vault for Microsoft Exchange

WaterfordTechnologies.com Frequently Asked Questions

Collaboration. Michael McCabe Information Architect black and white solutions for a grey world

MICROSOFT EXCHANGE, OFFERED BY INTERCALL

4 Critical Risks Facing Microsoft Office 365 Implementation

How Should Your Organization Deploy Microsoft Exchange?

Enhancing Exchange Server 2010 Availability with Neverfail Best Practices for Simplifying and Automating Continuity

Intelligent Information Management: Archive & ediscovery

What ediscovery challenges exist with Microsoft Office 365?

MIGRATING YOUR EMC SOURCEONE ARCHIVE

Eradicating PST Files from Your Network

Symantec Enterprise Vault.cloud Overview

Mimecast Archive

EXCHANGE TO OFFICE 365

REDCENTRIC MANAGED ARCHIVE SERVICE SERVICE DEFINITION

Cloud Relay Solution. Whitepaper

The Inevitable Extinction of PSTs

MICROSOFT EXCHANGE SERVER 2007 upgrade campaign. Telesales script

Mimecast Enterprise Information Archiving

The Exchange Management Shell

W H I T E P A P E R. Symantec Enterprise Vault and Exchange Server November 2011

Mod 9: Exchange Online Archiving

How Exclaimer Mail Archiver Works

SonaVault Archiving Software

Why you need Cryoserver for your Office 365 cloud service

Course 20341A MCSA: Core Solutions of Microsoft Exchange Server Days

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

The evolution of data archiving

Solving.PST Management Problems in Microsoft Exchange Environments

Microsoft SharePoint and Records Management Compliance

How to Avoid the Headache of User Mailbox Quotas

Benefits of upgrading to Enterprise Vault 11

How To Store s On A Server Or On A Hard Drive

The Disconnect Between Legal and IT Teams

WHITE PAPER SPON. Considerations for Archiving in Exchange Environments. Published July 2013 SPONSORED BY. An Osterman Research White Paper

Configuring SharePoint 2013 Document Management and Search. Scott Jamison Chief Architect & CEO Jornata scott.jamison@jornata.com

Veritas Enterprise Vault Overview

ediscovery and Search of Enterprise Data in the Cloud

How to sell Hosted Exchange to SMB s

Exchange Server 2010 & C2C ArchiveOne A Feature Comparison for Archiving

A Guide to PST Files How Managing PSTs Will Benefit Your Business

C2C ArchiveOne & Microsoft Exchange Server 2013

Archive Attender. Version 3.2. White Paper. Archive Attender is a member of the Attender Utilities family.

UNCLASSIFIED. UK Archiving powered by Mimecast Service Description

Protezione dei dati. Luca Bin. EMEA Sales Engineer Version 6.1 July 2015

Data Sheet: Archiving Symantec Enterprise Vault for Microsoft Exchange Store, Manage, and Discover Critical Business Information

Six Steps to a Successful Migration to Exchange Step 1: Migration Project Assessment, Planning and Design

Sy Computing Services, Inc. TOP REASONS TO MOVE TO MICROSOFT EXCHANGE Prepared By:

Archiving and the Cloud: Perfect Together

Symantec Enterprise Vault

ILM et Archivage Les solutions IBM

Microsoft Office SharePoint Online Lync Online Exchange Online

5/20/2013. The primary design goal was for simplicity of scale, hardware utilization, and failure isolation. Microsoft Exchange Team

Archiving Decision Tree

Archiving: Common Myths and Misconceptions

SharePoint Will be Your Repository for Governed Content

WHITE PAPER. Symantec Enterprise Vault and Exchange Alex Brown Product Manager

Veritas Enterprise Vault.cloud for Microsoft Office 365

Microsoft Designing and Deploying Microsoft Exchange Server 2016

2007 to 2010 SharePoint Migration - Take Time to Reorganize

Transcription:

What s New in Exchange 2013 Archiving and ediscovery By Paul Robichaux

Contents New Archiving Features in Exchange 2013...2 Building a Complete Archiving and ediscovery Solution...4 Conclusion...5 What s New in Exchange 2013 Archiving and ediscovery Microsoft has won the battle for on-premises collaboration and communications, and the company also is aggressively moving to take a dominant position in the cloud collaboration and communications market. With Exchange 2010, Microsoft showed that they could move to a single codebase that could be deployed in three ways: directly by customers on their own premises, by application service providers who sell hosted Exchange, and by Microsoft as part of the Office 365 service offering. With the introduction of Exchange 2013, Microsoft is betting more heavily that a single common codebase will bring them economies of scale for their own hosted services while still providing enough benefits to encourage on-premises customers running previous versions to upgrade. This bet revolves around a number of strategic investments, including major investments in archiving and compliance functionality. Microsoft has coordinated the release of SharePoint 2013, Lync 2013, and Exchange 2013 (the so-called Wave 15 versions). With the Wave 15 releases, for the first time Microsoft s archiving and discovery investments cross product lines, meaning that Lync, SharePoint, and Exchange are delivering a cohesive set of discovery, archiving, and compliance features. In previous versions, each of these products had separate archives, with no built-in way to search across them all. This feature gap represented a market opportunity for third-party archiving and compliance solutions, but it is one that Microsoft is moving to fill. In this paper, we ll discuss the new features in Exchange 2013, how they fit into Microsoft s compliance and discovery strategy, and how they fit into business requirements for compliance and discovery. We will also explore what gaps still exist in this latest offering and the options available to organizations for which Exchange 2013 s features are insufficient. 1 WHAT S NEW IN EXCHANGE 2013 ARCHIVING AND EDISCOVERY Sponsored by Sherpa Software

New Archiving Features in Exchange 2013 Microsoft has included a number of new archiving-related features in Exchange 2013. As with most other Exchange releases, some of the new features are compelling, while others are technically interesting but need a bit more seasoning to become deployment drivers. In-Place Hold Holds are not exactly an archiving feature, but it s worth mentioning the changes to holds that Microsoft has included in Exchange 2013 because holds are often used to supplement, or even replace, archives. The idea behind the in-place hold implementation in Exchange 2013 is that messages that need to be held can be preserved without moving them to a separate repository. You can define policies that specify whether items should be preserved indefinitely, according to their age, or based on keyword contents (which Microsoft calls a query-based hold); once a message is identified as the target of a hold, Exchange will perform copy-on-write operations to preserve both the original message and all changes to it. One interesting aspect of this approach is that when you create a query-based hold, it automatically applies to new items created after the hold is put in place. Site Mailboxes and Modern Public Folders It s safe to say that no one loves public folders; however, many organizations find them a valuable way to share stored data. Microsoft has not invested any significant effort in improving legacy public folders since Exchange 2003 or so, but in Exchange 2013 they offer two new technologies to replace them: Modern public folders do away with the multiple-master replication model of legacy public folders, substituting instead an architecture where a public folder is treated just like a mailbox. Modern public folders live in mailbox databases and both high availability and disaster recovery are provided by the existing database availability group (DAG) implementation. Treating PFs as mailboxes also means that Office 365 customers can use public folders, which is good news for those organizations that depend on them and thus haven t been able to consider moving to the cloud. Site mailboxes are team- or project-specific shared mailboxes that are unified with SharePoint 2013 document storage. The goal is to let Outlook 2013 or OWA 2013 users see a single unified view of mail messages, documents, and other data items related to a particular project. Both modern public folders and site mailboxes are first-class citizens in Outlook 2013 and outlook web 2013; neither are accessible in Outlook 2011 for Mac OS or from mobile clients. It remains to be seen whether Microsoft will address this limitation in future releases. Many organizations complained about the lack of archive support for mobile devices and the Mac in Exchange 2010, but Microsoft never did anything about it. In-Place ediscovery The biggest archiving-related change in Exchange 2013 is what Microsoft calls in-place ediscovery. In Exchange 2010, running a discovery search would copy messages that matched the search criteria into a specified discovery mailbox, from which they could be exported into a PST file or accessed by users who had the appropriate permissions. In Exchange 2013, you still perform discovery searches, but the results don t have to be copied to the discovery mailbox before use. Instead, you see live results from your search, or you can optionally create a saved search that is updated as needed. You can now export the results of a search to a PST file directly from the Exchange Administration Center (EAC), which is a helpful shortcut compared to the way Exchange 2010 does it. These may not sound like major improvements, but another aspect of in-place ediscovery is drawing a lot of justified attention: a single search can return results from Lync, SharePoint, and Exchange. This drastically simplifies the process of finding responsive records for a search based on terms or content; a discovery administrator now only has to perform a single search to pull content from all three systems. However, this capability requires the use of SharePoint 2013 as the primary discovery tool; you have to deploy SharePoint 2013, create a trust relationship between Exchange and SharePoint, and grant appropriate permissions on Exchange to SharePoint. Exchange 2013 can participate by providing content for inplace discovery across products, but cross-product Sponsored by Sherpa Software WHAT S NEW IN EXCHANGE 2013 ARCHIVING AND EDISCOVERY 2

searches have to be performed from SharePoint. To perform a new search, you create a new instance of a site template for ediscovery, then customize the search terms and sources you want to use. The resulting site contains responsive records from all those sources, all in a single location. One of the key advantages of this approach is that it eliminates duplication; the results that the searcher sees are pulled from their original location. In addition, Exchange now performs automatic de-duplication of results, if a responsive record appears in more than one source. Another advantage is that authorized discovery managers can perform searches without involving messaging or SharePoint administrators. Data Loss Prevention Exchange 2013 s data loss prevention (DLP) features might more accurately be labeled data leak prevention features; their goal is to reduce the risk that a user will accidentally share sensitive information. As with Active Directory Rights Management Services (AD RMS), the DLP features in Exchange do not, and cannot, provide guarantees that data will never be inappropriately disclosed, either by accident or on purpose. In the same way that locks help keep honest people honest, though, the DLP features are intended to help keep users from creating organizational liability through careless or inattentive disclosure. DLP is based on policies that specify three things: Conditions that are used to identify what sensitive data looks like. A simple example might be a US social security number (SSN); the DLP template for SSNs looks for 9-digit numbers. Actions that should be taken when a condition matches information in a message. Exceptions that, when triggered, exempt an otherwise-matching message from processing by the DLP policy This structure makes DLP policies very similar in behavior and administration to the familiar Exchange transport rule system. In fact, Exchange 2013 DLP extends the transport rule mechanism by adding new conditions and exceptions that allow DLP to match message content based on pattern matching through regular expressions or keyword matching. You can create DLP policies either by starting with a template or creating a new policy from scratch. Exchange 2013 includes about a dozen templates that cover various types of sensitive data, including personally identifiable information (PII) as defined by data protection laws in the US, UK, Germany, and Japan and a template for the PCI-DSS standard regulating the use of credit and debit card numbers. Exchange 2013 also enables a new feature in Outlook: Policy Tips are short messages that appear when a message appears to contain information that would trigger a DLP policy. This is meant to proactively warn users that their message might run afoul of a DLP policy before they actually send it. (Microsoft has not yet said which specific versions of Outlook will support Policy Tips, but it s a safe bet that initially the feature will require Outlook 2013.) Refinements in Existing Features Exchange 2013 includes a number of refinements to Exchange 2010 s core archiving and compliance feature set. The biggest is probably the move away from the Exchange content indexing engine to the FAST search core. After Microsoft acquired FAST, many observers expected them to use it as the basis for a separate product, but instead they ve baked the FAST engine into Exchange and SharePoint. The new search layer in Exchange is much faster and more robust than the Exchangespecific content engine, and the move to FAST is what makes in-place discovery possible. Another major refinement is that the search function in Outlook Web App (OWA) now searches both the primary and archive mailboxes. Having the archive mailbox more closely integrated with the primary mailbox makes it more likely that users will actually use the archive for its intended purpose. However, Exchange 2013 s archives are still not accessible from mobile devices or from Outlook for Mac. (And don t be fooled by Microsoft references to in-place archiving ; this is the new name for the Personal Archives feature from 2010, not a new feature.) 3 WHAT S NEW IN EXCHANGE 2013 ARCHIVING AND EDISCOVERY Sponsored by Sherpa Software

Building a Complete Archiving and ediscovery Solution Microsoft has a reliable history of introducing features by starting small and gradually expanding their scope in successive versions. Archiving and ediscovery are perfect examples of this behavior; the features first introduced in Exchange 2007 were improved in Exchange 2010 and again in Exchange 2013. Features first introduced in Exchange 2010 have been refined, as well. Archiving The archiving features in Exchange 2013 are largely unchanged from Exchange 2010. That may be because Microsoft views the use of archive mailboxes as a sort of historical curiosity. When Exchange, and the hardware it runs on, limited mailbox size to a few dozen or hundred megabytes, archiving systems helped make it easier for users to be productive by letting them offload important but non-critical messages to an archive. Over the last three releases of Exchange, Microsoft s efforts have focused on enabling large, low-cost mailboxes so that users don t have to deal with the hassles caused by mailbox size limits; in Exchange 2010 they added archiving to provide an easy way to separately manage less-needed mail, as well as a basic set of tools for meeting compliance-related archiving requirements. This basic archiving capacity may be sufficient for some organizations, but lacks several important features organizations require to develop and enforce corporate email retention policies. There are several third-party archiving solutions in the market that provide a richer and fuller set of options that would appeal to organizations whose needs exceed those provided in Exchange 2013. Sherpa Software s Archive Attender is one of them. It has an administrator controlled policy engine that allows for archiving based on granularly defined messaging criteria, to any network-based storage device. Archiving can also be initiated by end-users tagging messages that have exceeded their usefulness and should be moved out of their mail store. Retention options in the archive provide administrators the ability to control the length of time items remain in the archive. Optional stubs left in place of the original message, an add-in to Outlook, that includes the ability to perform a unified mailbox and archive search, and an independent web interface provide end-users easy access to all of their archived data. Other management features include giving administrators the ability to ensure that the correct corporate policies are applied to the appropriate users and to also control the frequency with which they are applied. Archive Attender s architecture allows for unified enforcement across geographically disparate locations. Additionally, the archived data can be easily and efficiently searched, and results exported to PST files to facilitate easy transmittal of the data. ediscovery Microsoft doesn t always coordinate feature development or support across product groups. The coordinated release schedule and long list of better together features in Office 2013, Exchange 2013, SharePoint 2013, and Lync 2013 thus marks a departure from business as usual. This departure is especially important in ediscovery because one very common complaint about discovery of electronically stored information (ESI) is that it can be very difficult to find and produce all the required ESI when production requires searching through multiple disconnected stores of information. Microsoft s strategy for the 2013 release wave is to eliminate this difficulty for customers who deploy all of the 2013 products. Exchange 2013 retains discovery search features, but the best new features including multi-source search are reserved for deployments that include SharePoint 2013. That means that organizations that have already adopted SharePoint and plan to upgrade, or that are willing to deploy SharePoint to get those features, will have an easier decision to make. Organizations that do not have or do not want to upgrade SharePoint 2013 are faced with a more difficult choice if they require ediscovery features. Multi-source discovery is only useful if you have multiple sources that may contain ESI, so customers who use Exchange only may be better served by using a third-party product as the basis for their discovery operations. Exchange 2013 s new discovery features still can t handle PSTs unless they are separately imported to primary or archive mailboxes, and they don t integrate with litigation or case management systems (although it appears that third parties will likely provide integration between these systems and SharePoint 2013 s discovery features.) Sponsored by Sherpa Software WHAT S NEW IN EXCHANGE 2013 ARCHIVING AND EDISCOVERY 4

Although the improvements in ediscovery are significant, there are a number of practical requirements still left unmet in Exchange 2013. In addition to the inability to search PST files, Exchange 2013 lacks the ability to index or search files stored on network shares. The advanced ediscovery Center only works with the 2013 versions of Exchange and Sharepoint; there is no support for searching data stored in prior versions. Third-party products, such as Sherpa Software s Discovery Attender, provide a significantly more robust feature set to help perform a more thorough and efficient ediscovery search. In addition to an extensive set of date, size and content criteria, Discovery Attender also includes various keyword and pattern matching options. Consistent and unified searches can be performed across multiple platforms including several versions of Exchange, both on-premise and hosted, and Sharepoint, PST files and network-based files. Additionally, Discovery Attender offers a number of post-search actions including hashing, labeling, deduplication of results and more, to further process and cull the data to reduce the impact and cost of discovery processing. Bundled with Discovery Attender is a Pre-search utility, which can be used to complete several pre-ediscovery tasks including converting several other mail formats (OST files for example) to more friendly formats (PST), deduplication of PST files and more to facilitate an efficient ediscovery process. Conclusion With the features announced in Exchange 2013, as is usually the case with Microsoft, enhancements have been made to features introduced in earlier versions. Also several new features should bring additional value in meeting organizational needs and extending the investment an organization makes in Exchange 2013. But even with these enhancements and new features, Exchange 2013 is unlikely to be sufficient for most organizations that have robust data retention, policy enforcement and ediscovery needs. Third-party solutions exist and can fill those areas not addressed natively by Exchange. This is definitely something organizations should explore prior to finalizing data management decisions. Paul Robichaux is a senior contributing editor for Windows IT Pro and a Microsoft Exchange MVP and MCSE who specializes in helping people understand how to get the most from Exchange. Paul's most recent book is the Exchange Server Cookbook (O'Reilly and Associates) and he blogs at www.robichaux.net/blog. 5 WHAT S NEW IN EXCHANGE 2013 ARCHIVING AND EDISCOVERY Sponsored by Sherpa Software

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information