Key factors when evaluating e-mail archiving tools are e-discovery and policy enforcement
E-mail archiving systems can serve a variety of purposes. At the most basic level, they free end users and messaging administrators from that onerous task of keeping individual inboxes as trim as possible by automatically archiving messages to less expensive storage.
E-mail archiving systems can serve a variety of purposes. At the most basic level, they free end users and messaging administrators from that onerous task of keeping individual in-boxes as trim as possible by automatically archiving messages to less-expensive storage.
How we tested these e-mail archiving systems
In addition, these systems facilitate e-discovery processes in which IT staff, auditors and lawyers use specialized search functions to find messages relating to a specific topic.
The software can also be used as a policy enforcement tool that can be configured to look out for messages that defy corporate rules and forward those messages to the appropriate person for review.
Finally, compliance and retention functions help IT organizations keep messages on hand to comply with corporate or legislative requirements.
In this Clear Choice Test of 10 vendors, we found that many are attempting to hit on all use cases defined above – to varying degrees of success -- while others are homing in on one or two main areas.
We invited almost two dozen vendors to participate in this test and a dozen took up the challenge, 10 of which we could compare side-by-side. Those include: Atempo's Digital Archive for Messaging (ADAM), C2C Systems' Archive One, GFI's MailArchiver, Intradyn's ComplianceVault, MessageSolution's Enterprise Email Archive, Mimosa Systems' NearPoint, Sunbelt Software's Exchange Archiver, Symantec's Enterprise Vault, Tangent's DataCove and Waterford Technologies' MailMeter.
We also tested a product from ProofPoint, but because they work differently from other 10 presented here, we've opted to cover those products in a separate story.
The overall top performer was Symantec's Enterprise Vault, with Mimosa Systems NearPoint and C2C's ArchiveOne suite close behind. All three offer a complete array of features, with enterprise-class functionality in management, granularity of permissions and scalability.
We've structured our findings in the context of the four main e-mail archiving purposes. For a full product-by-product see the drop-down menu above.
When used for mailbox management, e-mail archiving software mainly deals with moving messages and their attachments off the main server to the archive server, reducing space used on the central mail server.
The processes of mailbox management can be divided into two areas – backing up messages so they can be replaced if deleted by accident or lost, and moving the body of the message or any attachment to another server, leaving only a 'stub' on the Exchange server as a place holder.
Backing up an Exchange server via an e-mail archiving product is certainly not a substitute for regular backup process. For one thing, there is the issue of network performance. As noted in our story on performance, we saw a typical backup rate of 30,000 messages per hour. Extrapolating from that rate, a server with 5 million messages would then take over six days to either completely back up or restore via the message-by-message method used by most products tested.
While six days of background processing is acceptable for the one-time job of establishing a new archive, it would indeed be much faster to use a dedicated backup product such as BackupExec. Some of the products tested – namely C2C, Mimosa and Symantec -- integrate with third-party backup applications to provide a single interface for both archiving and disaster recovery of whole servers at good speeds.
But using these products to restore one mailbox or a single message sent to several users is a different matter, and all of the products offer self-service mechanisms for retrieving lost messages, which means that instead of an administrator having to access the backup application to find lost e-mails, users will be able to do that themselves.
Users have two options for finding and restoring a message – the Outlook plug-in or the archiving server's Web portal.
Using the Web portal is a kinder, gentler process. Users log in with their Exchange e-mail login and password and are presented with a simple search interface. While some users may need help constructing an effective search, this is not an area where a better interface will help much – only user training to explain the concepts.
Mimosa NearPoint and Symantec Enterprise Vault are a little more usable than the rest, by virtue of having had more previous versions to wear the sharp corners off, but GFI's MailArchiver also did quite well in this category.
The other application falling under the mailbox management umbrella is offloading messages from the user's mailbox to the archive server. The process is the same as one done for the disaster-recovery process -- stubbing the messages on the original Exchange server and moving the body of the message and their respective attachments to the archive server.
But the driving purpose is decreasing the space used on the Exchange server to take advantage of less-expensive storage on the archive server. Because the archive server doesn't need to handle the kinds of input/output loads that the Exchange server might, it doesn't need high performance storage – SATA-based drives are perfectly adequate, and can cost a tenth of Fibre Channel or SAS drives.
Testing in this area was pretty much pass/fail, because messages were either stubbed correctly or they were not. All of the products passed.
Once messages were stubbed, the effective size of the message was reduced to 2KB, the minimum that any message takes up (at least as far a reporting the message size through Exchange).
One differentiator here is that not all products do de-duplication of the archived messages – if an attachment is the same for six users, then only one copy is stored in the archive, and links are used for the rest. While the big enterprise players --Symantec, Mimosa, Atempo and C2C – can all de-dupe attachments, it's important to know that some of the products targeted at the small-to-midsize market, namely Sunbelt and GFI – do as well.
Once messages have been archived, ideally an Outlook plug-in is used to improve the display of stubbed messages and facilitate the retrieval of messages from the archive server.
All of the Outlook plug-ins provide the same functionality – the ability to show stubbed messages clearly as stubbed, and to retrieve them seamlessly from the archive if the user double-clicks on a message to open it, essentially making the stubbing process transparent to the end user. All also extend the search capabilities of the archive server to the Outlook interface, providing the same interface that users are used to in Outlook, but with orders of magnitude better response times for searches of large mailboxes.
The standout among plug-ins is Symantec, not because it offers more or less functionality or an easier interface, but because of the extremely granular level of control given to the administrator over which functions the user has access to. For instance, the admin can grant or deny the ability to mark messages for archiving, restore accidentally deleted messages, and about 30 other specific functions.
Atempo, C2C, MessageSolution, Mimosa, Sunbelt and Symantec provide forms for Exchange and for Internet Information Services that provide the same level of transparent user experience inside the Outlook Web Access (OWA) interface. This does not mean that the other vendors don't support OWA – users will just have to click on a link in the opened stubbed message to access the original content. Installing the forms can be complicated for the administrator, because the process involves an abstruse Microsoft management system (not necessarily the fault of the messaging archive vendors), and produces a somewhat less transparent degree of functionality. It shows a different icon to identify stubbed messages, requiring an additional click inside the stubbed message to retrieve the full message.
Atempo, C2C, MessageSolution, Sunbelt all support access to archived messages through the Blackberry and other mobile devices. We did not test this feature.
Products from ADAM, C2C, Mimosa, Symantec and Tangent did an excellent job of mailbox management from an administrative standpoint. They all had very flexible policy engines which enable the administrator to create sophisticated archiving policies. The policy engines can let you, for instance, archive only messages that the user keeps for more than 30 days, messages with specific keywords in the subject line, or messages with attachments.
All could find and import PST files from user's workstations to consolidate all e-mail, allowing administrators who previously forced users to archive messages in a local PST file on their respective PCs, to bring those messages back into the e-mail server and ensuring they are archived and backed up properly. While all products tested were able to import PST files, Mimosa, Sunbelt and Symantec offer specific tools for finding PST files on user's local PCs, consolidating and automatically importing them.
The products from GFI, Intradyn, MessageSolution, Sunbelt, Waterford didn't fail at any point in our mailbox management use case testing, they just don't provide the depth of functionality and management granularity that the top products do. While enterprises may need that functionality, many small or midsized businesses might be perfectly happy with the 'good' products.
E-discovery: Finding what you need
E-discovery is basically a jazzed up term for an advanced search of archived e-mail. Because most of the products tested use the same SQL database, search performance is much the same for all the products, returning results from even complex searches of more than 68,000 messages in less than a second in our test set up. Of course, your mileage will vary based on the power of the system upon which you install the archiving server and the speed of the attached storage mechanisms (see How we did it for the systems used in our test).
What differentiates products is the granularity with which IT staff can grant access to the search engine and its results. This granularity must allow users unfettered access to their own mail while at the same time extending rights to an auditor to search through e-mail belonging to various groups or users; must produce reports; and help define what can be done with messages once they are found – such as whether they can be exported to .PST files or be passed to others for review.
Of these top performers, Symantec offered the most granular control over how much an auditor could do, which users' mail the auditor could see, what types of searches could be set up, and what could be done with the e-mails that were found. Atempo, C2C and Mimosa were all close behind Symantec.
GFI, Sunbelt and Tangent all offer fairly flexible search engines, but not as many options for creating roles with very specific limitations.
Access to the search engine is available to all users for their own mailbox through the Outlook plug-in, and via a Web portal for more general searches. All of the products provide the same end-user functionality, with very little to differentiate them in this area.
Moving into the realm of searching among e-mail across users, most products allow for one person, such as an auditor or e-mail admin, to be designated to create searches. Then another person can be designated to actually review the messages found by the search.
Symantec Enterprise Vault offered the most flexibility by an extremely tiny margin. Many organizations won't need or care about the ability to grant an auditor the ability to view message headers but not open the messages, or to open messages but not view attachments, but in large organizations were security, HR and legal roles are extremely compartmentalized, this level of granularity can be useful. (Compare e-mail archiving systems in Network World's Buyer's Guide.)
The difference between excellent and good ratings lay in the number of security options available – the good products generally had only a few predefined roles, such as auditor or administrator. The excellent products allow an IT department to define custom roles with very specific abilities. For instance, Atempo, C2C, Mimosa and Symantec all provide the ability to search e-mails for the marketing group and the engineering group, to view e-mails for the marketing group but not the engineering group, and to run specific search templates such as those checking for harassment issues, but not pertaining to Sarbanes-Oxley Act compliance, for example.
Compliance and retention
Compliance and retention come into play when IT must adhere to either legislative requirements or corporate policy. What you want from a product is both the ability to specifically support legislative standards -- such as the Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry and Sarbanes-Oxley – coupled with an interface that allows the administrator to set specific policies for retention: which documents will be retained, for how long, for which users and/or some groups, and what is done at the end of the retention cycle.
Given the amount of time it can take to go through a regulation to determine the criteria necessary to satisfy it, built-in compliance templates can save the administrator a substantial amount of time.
Atempo, C2C, Mimosa, Symantec and Waterford support a wide variety of regulations, with built-in templates for Sarbanes-Oxley, SEC/NASD/NYSE, HIPPA and more. The templates may be included with the installation software or available through the vendors' support Web sites.
The templates can save the administrator time in researching the requirements necessary to comply with a specific policy. If the admin already has that information, creating the policy is a simple matter of selecting from a drop-down list of options.
GFI, Intradyn, MessageSolution, Sunbelt and Tangent don't include predefined policies with their products. Representatives from both MessageSolution and Sunbelt say the omission is because of liability issues rather than the development effort involved.
The differences in the products we tested fall into two main categories. First, how flexible is the policy engine when identifying messages that are to be retained? And how many options does each product offer in terms of what you can do with messages after they've been retained?
All of the products offer as much functionality as nearly anyone would need, allowing complex if-then-else criteria to be built to determine which e-mails, which users, what length of retention period and what to do with the messages at the end of the period. What the top performers bring is not so much extra capabilities as easier access to the functionality. Again, Symantec is the top player here, with Mimosa close behind, giving the administrator the ability to not only create policies to match any standard they're given, but to do so easily and to check the results by showing what e-mails would match a particular policy without having to actually run the archiving process.
Atempo, C2C and Waterford have the pre-built templates as well as very capable policy engines to create retention policies. GFI, Intradyn, MessageSolution, Sunbelt and Tangent are no less capable than the others in the policies that can be created, only in being slightly less easy to create the policies in the first place.
The appliance-based products from Intradyn and Tangent offer built-in Write Once Read Many (WORM) tape drives that meet specific requirements for non-alterable archives from organizations such as SEC, NYSE, and NASD. While some of the software products tested – such as C2C and Symantec -- support writing to WORM drives, you've still got to buy the extra hardware.
Keeping a watchful eye on e-mail content
Enforcing corporate rules on what is – or isn't -- appropriate e-mail content is not the sole responsibility of archiving products (see coverage of Data Leak Protection products). But these tools can help find messages that violate a corporate or legal policy, and subsequently forward them to an HR representative or auditor.
Setting up a search generally means composing a list of words that will trigger the enforcement action. Those words can be derogatory, sexually oriented, indicate proprietary information or comprise characters matching specific alpha-numeric patterns, such as numbers denoting either a Social Security number or credit card number.
Most vendors don't offer lists of words or categories as a default, mainly because of liability issues. However, lists can be downloaded from many Web sites that will serve as a starting point. All of the products that do policy enforcement have installation support, and the support engineers are happy to install the lists, if you want the lists pre-installed rather than approved by your internal legal department.
Sophisticated features offered by C2C, Mimosa and Symantec include the ability to specify that more than one word on the list must be in close proximity to another, so that one word alone out of context doesn't trigger the filter.
While the search part of this is easily done by all products tested, Atempo, GFI, Intradyn and Sunbelt don't include functionality that automatically forwards messages in violation to an appropriate enforcement agent. This is the critical part of the equation. If the HR manager or auditing administrator must manually run searches every day, the product is not acting as an effective policy enforcement engine.
All of the products tested allow for searching for e-mail that matches a list of terms, and to save and search against multiple lists. Differentiating functionality in this area consists of the flexibility to identify different classes of violations -- including sexual harassment, leaks of intellectual property, transmission of proscribed data such as Social Security numbers or account information -- and then to take action based on the type of violation, whether that's warning the sender that the message violates policy or forwarding a copy of the message to an HR representative or auditor, as well as the option to block or allow the sending of the message.
To complete the blocking operation, C2C, MessageSolution, Mimosa, Symantec, Tangent and Waterford archiving tools use the MAPI interface to Exchange to search through messages once they are placed in the out-box in Outlook, and to review the content before the message is sent. Configuring this option requires additional steps during installation of the archiving functionality. If a message violates a policy, instead of being sent, it is transferred from the out-box to a review folder.
All the products with the full enforcement functionality received an excellent rating. C2C, MessageSolution, Mimosa, Symantec and Waterford all had excellent, flexible policy enforcement options, which were well coordinated with many different policies that could be defined, each with a different set of search terms and notification criteria
The Tangent appliance got a good rating because of its ability to automatically run searches on a regular basis and send reports of violations found, but it does not allow the report readers to automatically respond to them.
The overall winner in this test was Symantec's Enterprise Vault because it offers extremely fine granularity for granting permissions and an overall maturity of its installation processes and administration tools that large enterprises will appreciate.
However, administrators at smaller companies who have 16 other responsibilities on their plates besides e-mail or who have specific needs for a particular, smaller set of features, certainly have a plethora of other viable options.
Harbaugh is a freelance reviewer and IT consultant in Redding, Calif. He has been working in IT for almost 20 years, and has written two books on networking, as well as articles for most of the major computer publications.
Learn more about this topic
Sponsored by AT&T
Sponsored by AT&T
From BGP to SSL, several Internet protocols are no match for today’s malicious hackers -- and should be...
“America’s Finest News Source,” better known as The Onion, has been poking fun at Google for more than...
Buyers of the earthly explanation for whatever fell from the sky in Roswell, N.M. back in 1947 are...
Sponsored by Brocade
Sponsored by AT&T
Microsoft faces not only its 40th anniversary in 2015, but a host of challenges that will define it for...
The breach of Sony Pictures Entertainment is clearly the biggest data breach of 2014, but theft of...
Announcement follows two-week investigation into major cyberattack
New Amazon competitors offer some compelling deals in the cloud, but at what price?