Covering your assets

After last week's Presidential debate, and this week's stock market nose dive, there is a lot of doubt about the US Economy.  There is not much doubt; however, that there will be some litigation to follow after we recover a bit, and lawsuits mean the need to keep and protect email information that falls within your organization's compliance policies.  During times of legal maneuvering, your Exchange servers become targets for everything from your own legal team doing research to opposing counsel or - in more extreme cases - the government going on fact-finding missions through your corporate data systems.

Many companies have compliance policies based on regulations that govern their industries, and usually the internal policies will go well beyond these regulatory measures. Having those policies documented gives you the authority you need to take the appropriate measures when protecting your Exchange-based information; so your first step in determining what to do to cover yourself is consult those internal guidelines.  If you don't have a set of guidelines, the first thing you have to do is get it created, or create it yourself and make sure your company's legal team signs off on it!

If your policies simply detail that all data within a certain time frame must be protected off-site, you have a few great options.  Of course, there are replication/failover solutions that can give you the ability to get information back from a secondary server (see disclaimer below).  If those are outside your budget and/or logistical reach, then tape backup is your only answer.  No matter which method of getting and maintaining another copy of the data you use, be sure to be diligent about it.  Examine the data on the secondary server regularly if you are using a replication solution.  Test the integrity by running an ISInteg check on a monthly or quarterly basis - as this doesn't require you to interrupt your production data system to run this non-invasive check.  For a deeper scan of the database, you can use the ESEUtil system with various switches.  Both of these tools are included with Exchange, and are therefore both free and fully supported by Microsoft.

You can find a description of using ESEUtil here, and for ISInteg, check here.

If you're using tape backup, then perform regular test restorations and then run those utilities on the restored data!  I cannot tell you how many of my clients have come to me in a panic because they were in the middle of an emergency, never did test restores, and the data on the tapes was completely useless.  Test restore at least once per month or once per quarter, don't wait until you're in the middle of a disaster before you make sure the tapes work the way you planned.

If your corporate policies go beyond just protecting the data as a whole within certain time periods (such as "within 7 years from creation"), then you will need to look beyond just backup and/or Disaster Recovery tools.  Continuous Data Protection (CDP) solutions and Archiving solutions are on the menu for your company, and you have a lot to choose from.

CDP systems do as their name implies.  They continuously copy data to another server, but in such a way that not only do you keep all your current information; but changes, versions and information that may have been deleted from the production box.  Where a tape backup system lets you keep a daily (or semi-daily) version on the tape, and a replication solution will let you keep a real-time copy of the latest version of the data, CDP systems maintain a repository of changes.  This can be accomplished by using Exchange Journaling (described here) or by a form of replication solution either within Exchange or at the file level.  Once the information is transmitted to the repository, the internal working of the CDP system will ensure that all changes are independently tracked, so that you can restore information from any point in time that the system as a recovery point for.

Archiving solutions usually do what CDP system do, but with an added benefit for very large Exchange systems.  Archiving tools will remove information from the Exchange server based on data of last access, date or receipt, or many other factors which you control.  Any data not within the scope of the archival system is protected via the incorporated CDP solution, but when data falls into the archival rules, it is removed from the production server with a copy still remaining on the archive server.  This does help by reducing the size of your Exchange databases, but makes it absolutely critical that you provide proper Disaster Recovery protection for the archiving systems, as now that is the only place the archived data exists.

Finally, one note that many of my clients have overlooked.  Using CDP along or Disaster Recovery alone will not be a total solution for most organizations.  It is highly likely that you will need to make preparations for both recovery of different data components (CDP) and recover from the loss of the server system as a whole (Disaster Recovery).  You may be lucky enough to get away with just one or the other, but it's not very likely.

Any and all of these solutions can assist you when it comes time to either figure out your legal liabilities, or defend yourself against incoming lawsuits.  One of the worst things that can happen is to stand in front of a judge or mediator and say that you can't present the information they're demanding because - effectively - the dog ate it.  No matter how valid your excuse for not having the information may be, your company will appear to be trying to get away with something.  So, cover your assets!