Last week, I wrote the first part of the solutions that Arcserve provide for Office 365, which was about how to protect your Office 365 environment. In this second part, I will cover the second solution which Arcserve provide which is email Archiving.
The need for archiving
Archiving has been around for a while now, and back in the day it was mainly for two reasons, either to lower the cost of storage use or to keep the inbox tidy.
From an IT admin perspective, email archiving was mainly used to reduce the amount of storage on our email servers, especially when these servers had expensive hardware. IT set policies around the age of emails or when last touched and these would have been archived into lower cost storage options.
End users archived their emails to keep their mailbox tidy, mainly using the outlook own archiving option to create PST files on their own machine / server share.
Over the years the market has shifted towards to compliancy and regulations as emails can be used as proof in legal cases. For this to happen, the email trail needs to be complete and not altered with.
This brings us why use archiving with Office 365…
Using Office 365 Exchange online, the need for data reduction is not so much of an issue anymore as users get quite a lot of capacity. However, the need for tidy inbox and more so compliancy has increased.
Office 365 has different subscription models such as E1, E3 and E5, where E1 is the most affordable one which is around £6 per user per month and E5 is the most expensive for around £31 per user per month. The higher the subscription the more features you get.
Basic end user archiving using the outlook client is standard, and E3 and E5 do deliver some compliancy features such as legal hold. However, these do not deliver a method to prevent alteration to the emails which is crucial for legal compliancy.
Office 365 does not have a dedicated auditor role, which means that a company admin will have full access to all employee emails
Another niggle using Office 365 are the search options, often end users are not too happy about the time it takes to find emails.
Lastly, if you just want to use the compliancy package you will need to invest £11 more per user per month which is a pretty high cost in my book.
This brings me to how Arcserve can help.
Last year, Arcserve released UDP Archiving. This allows companies to capture every email sent and received which than is indexed and stored. I have written an article about this release which you can find here
The beauty of this solution is the ease of use and the performance of the search capabilities. There is no need to have a degree in archiving implementation as the setup just takes minutes.
Arcserve UDP Archiving provides companies with;
- Meet legal and compliancy requirements, UDP Archiving provides reporting, retention management, role-based access and audit trails functionality out of the box
- Legal Hold management preserve email records as unalterable records
- Email lifecycle management, UDP archiving collects sent and received emails from the popular email systems (Office 365, Exchange, Gmail, Lotus Notes etc) and removes them automatically at the end of their retention, which is set in the policies.
- Compliance officer role, this role can purge emails when requested by someone to remove their personal data from the systems.
- Muli-tenancy, UDP Archiving is created with multi tenancy in mind, administrators or service providers can setup the archiver for multiple domains and customers.
Since I wrote my Archiving article last time, Arcserve has made some changes to the product, and the most important one is around GDPR compliancy.
A new role has been introduced earlier this year, which is the compliance officer. The compliance officer role is similar as the auditor role with one major difference. The compliance officer has the ability to purge emails if requested by someone to remove their personal data.
When a request comes in the Compliance officer can search for the emails, tag these and set a purge schedule with a cool off period. After the cool off these emails are being purged. However, when an email is part of a legal hold, these emails won’t be purged.
Another great value of Arcserve UDP Archiving is the flexible options for deploying this solution. You can deploy this on-premise as a virtual appliance within VMware or Hyper-V. for those customers who rather have this solution in the cloud, no worries.. Arcserve UDP Archiving can be found on the Amazon AWS marketplace, can be deployed in Azure (Arcserve is working on the Azure marketplace as well) and finally, Arcserve provides Archiving as a Service from their own cloud.
It is important to know that only the compliance officer and the auditor have full access to all emails. The superadmin and admin don’t have access at all to any emails and the users have access to their own emails.
How to setup Arcserve UDP Archiving for Office 365
To setup the virtual appliance please see my post here
There are 5 steps to be done to configure Office 365 using the Office 365 Exchange Online Admin;
- Create a non-routable new remote domain: Office 365 requires a remote domain to send the messages to the mail server (SMTP). The Remote Domain is not your regular email domain. The remote domain is a non-existent and non-routable/unresolvable domain from either inside or outside your organization (such as UDP.int). This domain is mandatory for the email address of the Mail Contact that is the recipient of the journaled message.
- Create a fake mail contact using the new domain: The Mail Contact is the account that acts as a holding location for journaled messages. The email address associated with this account is the designated recipient and must be associated with a non-existent, non-routable dummy Domain Name created in previous step.
- Create a Non-Delivery mailbox: Non-Delivery Report (NDR) mailbox helps you know about the message undelivered to the archive. The NDR is always a dedicated mailbox.
- Create a Send connector for the remote domain: Send Connector lets you route journaled mail sent from the Mail Contact to the UDP Archiving.
- Add a journaling rule: Journaling records inbound and outbound email communications to help organizations manage legal, regulatory, and organizational compliance requirements. From the journaling rule main page, you can enable or disable the journaling process. If there is a network outage and messages do not reach the archive, NDR mailbox ( journalNDR@<your domain>) helps you knowing about the undelivered message.
The full steps can be found in the Arcserve documentation here
When using Office 365 and an on-premise virtual appliance it is important to create a NAT rule on your firewall and to create a public DNS address for the archiving appliance.
Let’s have a look at the new compliance office role and use an advanced search to demonstrate how easy it is to use this solution.
When we log as the new compliance office role (in my demo I called it DPO), it will look and feel exactly the same as the auditor. And this is correct, the difference between the two is only the ability to purge which is done in the Tags menu option.
So lets do an advanced search with the following options, a name and a word in the body of the email, in my example this is Charlie* and remote*
This search instantly gives me results back, and in this case two emails.
In order to purge these emails, we will have to tag these. To tag select the emails and enter a tag name and click on the tag to confirm
When done you a get an on-screen notification
Next step is to go Tags in the menu on the left and click view/edit on the tag just created
Check the schedule Purge box and set a hold period (minimum of 3 days) and click save
Once done you can see this back in the audit log.
The on-premise solution can be licensed using an annual user subscription pack (min 25 users) which RRP equates to around £1.60 per user per month. The more users subscribed the more cost effective it will be.
The Arcserve cloud solution is licensed on capacity annual subscription (min 100GB)
I would encourage you to trial (30 days) this solution, it is easy to configure, and it is non-intrusive to implement. Download it here
If you would like to know more, please don’t hesitate to comment or leave me message or alternatively contact your local partner / Arcserve representative for more information.