Email Archiving for Compliance

6 products aim to help you store and manage messages to meet regulations

Jason Sherry

April 24, 2006

17 Min Read
ITPro Today logo in a gray background | ITPro Today

If your organization is like most today, an estimated 83 percent of your communications are electronic, with the vast majority going through your email system. New regulations require you to be able to produce on demand copies of messages in your email system. Microsoft Exchange Server's management and archival capabilities aren't adequate for most organizations in the face of these new requirements, so you might be in the market for an email archiving product. Here's a look at six contenders.

Problem and Solutions
Exchange's archiving support is lacking in that Exchange has no direct way to store messages for extended periods of time without keeping them in the Exchange Information Store (IS). In addition, Exchange doesn't provide a search interface to easily find relevant messages when needed. Finally, the built-in "archiving" support in Exchange, called message journaling, provides granularity only down to the store level for controlling what gets archived.

In addition to addressing an organization's archiving needs for legal or regulatory compliance, a good archiving solution can greatly reduce the cost of Exchange management. To accomplish this, an archiving solution reduces mailbox size by removing items that don't need to be in the IS. This reduces the backup/restore and disaster recovery times and the storage requirements for the Exchange databases and backup data.

I recently tested six email archiving products, paying special attention to their ability to provide subpoenaed message data and address regulatory requirements. I also looked at products' ability to reduce individual mailbox size and reduce server and administrative overhead by removing and archiving messages and attachments to a location outside the IS.

When reviewing the products, I considered the impact of the archiving solution on end users. I noted the changes users would see in their mailbox and how they would search for and access items that have changed in their mailbox or that have been moved to an archive. Web Table 1 compares the features of the six products.

Most of the products in this review included support for stub messages, which replace the original message in Exchange with one that contains a URL link or custom form that opens the actual message in the archive. Some of the products in this review used a simple stub message that provided only a URL link to the real message, while others provided part of the text of the original message and/or a custom Microsoft Outlook form that made opening the archive message seamless for the end user. The key advantage of leaving part of the message text in the user's mailbox is that the user can still use desktop or Outlook search tools such as Google or MSN Search to find archived messages.

GFi MailArchiver for Exchange 3.0
Unlike other products in this review, GFi MailArchiver doesn't actually make any changes to mailboxes. The product copies messages to an archive; it doesn't remove messages from mailboxes or replace them with stub messages to reduce mailbox size. Figure 1 shows MailArchiver's administrative console.

MailArchiver uses Microsoft SQL Server to store messages and their attachments. For MailArchiver to get messages into the store, message journaling must be enabled on Exchange. Message journaling obtains only future messages; a separate utility in MailArchiver's install directory imports existing messages from mailboxes, personal folder stores (PSTs), and public folders.

A Web based UI provides the functionality needed to search the archive and manage MailArchiver's settings. Delegation support is provided by setting up managers who can view all messages for users in a selected Active Directory (AD) group.

At the Web interface, users can search items copied from their mailbox or any other mailboxes to which they've been delegated access. The search is limited to seven unique fields, and once messages are found, users can restore them only one at a time.

MailArchiver is the only product reviewed that uses IMAP to obtain message data if the product isn't installed on the Exchange server. For optimum performance, via Exchange OLE DB, MailArchiver must be installed on the Exchange server itself.

SummaryGFi MailArchiver for Exchange 3.0

PROS: 100 percent Web-based user interface with basic support for delegating access to archived messagesCONS: Doesn't reduce mailbox or IS size; stores all attachments, with no support for single-instance storage, in SQL Server; historical mailbox, public folder, and PST data must be imported manuallyRATING: 2 out of 5 PRICE: $2995 for 500 usersRECOMMENDATION: Only smaller companies that have only basic email archiving needs should consider GFi MailArchiver.CONTACT: GFi Software * 888-243-4329 * http://www.gfi.com

Editor's note: This article has been updated since it first appeared in print.

Archive Attender 2.5 and Mail Attender for Exchange Enterprise 3.6
Sherpa Software has multiple products that focus on data discovery, reporting, and archiving for Exchange and Lotus Notes. The combination of two products—Archive Attender and Mail Attender for Exchange Enterprise—provides the functionality required for this review. Archive Attender, which Figure 2 shows, lets you archive messages based on folder, age, size, and mailbox. Mail Attender lets you send data to Archive Attender, produce detailed reports about messages and mailboxes, and manage mailboxes, public folders, and ISs. Mail Attender uses SQL Server to store policies and settings; Archive Attender stores all data in the Windows file system.

Archive Attender creates an Outlook folder that lets users easily search for and view messages that have been archived. When Archive Attender archives a message, it leaves a stub message behind to inform the user that the message was archived and provides a URL link to the message. Unfortunately, users working offline can't access any messages removed or replaced with stub messages. Archive Attender and Mail Attender also have no support for delegating access to messages.

SummaryArchive Attender 2.5 and Mail Attender for Exchange Enterprise 3.6

PROS: Mail Attender provides broad support for policies and reports; can scale to multiple serversCONS: No delegation support in either product; Archive Attender doesn't provide offline access or direct support for PSTs and public folders; stub messages contain only a URL link; Archive Attender doesn't use SQL Server, it stores all messages and indexing data on the file systemRATING: 3 out of 5 PRICE: $7500 for 500 users (for both products); $6000 without PST-archiving supportRECOMMENDATION: Archive Attender and Mail Attender together provide granular control over email archiving, but organizations with a mobile work force or that use PSTs or public folders extensively should look elsewhere.CONTACT: Sherpa Software * 800-255-5155 * http://www.sherpasoftware.com

Archive One Policy 4.2
C2C's Archive One Policy is focused on providing the key features needed to archive messages, manage mailbox and database size, and search the archived data. You can define multiple repositories, also known as archive stores, so that you can store data at different physical locations and with different retention settings. Archive One Policy also supports setting up multiple servers, a requirement for geographically dispersed organizations, and synchronizing settings across the servers. On the administration side, Archive One Policy has a granular delegation model that you can use to give users access to other users' mailboxes or to areas in the administration console.

The policies supported by the product, some of which are shown in Figure 3, are among the most extensive and flexible that I saw in the products I reviewed. You can use them to control what gets archived, deleted, copied, moved, unarchived, or just listed in reports on mailboxes, PSTs, and public folders. You can email the results and reports from policy executions to users or administrators. Archive One Policy fully supports PSTs in all archiving rules and discovers them by means of a standalone executable that you can run from a logon script or on an as-needed basis on clients.

Archive One Policy adds two new folders to users' mailboxes, the Retrieved messages folder and a folder used to access the Web-based search page. You can search against message subject, body, recipient, date, and attachments and across multiple mailboxes. Administrators can also save frequently used searches in the Archive Search folder in the console.

When a message is archived, it's replaced with a stub message in the original location. The stub message contains a customizable part of the original message body (by default, the first 1KB of text) and a URL link to the full message. When a message is restored, it's opened for the user and copied into the user's Retrieved messages folder. The stub message is left in its current format and location in the mailbox. An administrator can restore messages from the results of an archive search to a public folder or PST file. It would be nice to be able to restore messages to the original user's mailbox or another user's mailbox.

Archive One Policy provides offline support that keeps any messages archived from the user's mailbox in a local cache that works similarly to Outlook's offline support. When the user is online, Archive One Policy retrieves the data from the product's server; otherwise, it uses the local cache.

SummaryArchive One Policy 4.2

PROS: Supports offline access, PSTs, and public folders; simple installation; extensive role-based delegation support; can scale to multiple servers; customizable-length stub messages CONS: No Web console; public folders used for recovery and search results; product doesn't use SQL Server, it stores all messages and indexing data on the file systemRATING: 3.5 out of 5 PRICE: $11,130 for 500 usersRECOMMENDATION: Archive One Policy addresses the key areas needed for effective email archiving and should be considered when purchasing such a solution.CONTACT: C2C * 413-739-8575 * http://www.c2c.com

Enterprise Vault for Exchange 6.0
Symantec's Enterprise Vault consists of the Enterprise Vault Server core product and multiple modules that you can plug into the vault to archive various data sources. I reviewed Enterprise Vault Mailbox Management Advanced Edition, which comprises Enterprise Vault Server plus the Exchange Mailbox Archiving, PST Migrator, Exchange Public Folder Archiving, and Offline Vault modules. Other modules include Exchange Journal Archiving, SharePoint Archiving, and File System Archiving. You use the Microsoft Management Console (MMC) to manage all the modules and the policies that control which data is placed in the vault.

Enterprise Vault excels in the area of PST file management. It can discover PSTs by searching the registry of systems for pointers to PSTs in Outlook profiles or by searching shares for PST files. An Outlook plug-in included with Enterprise Vault can also publish the location of any PST files used by Outlook to Enterprise Vault. PST Migrator can report on the contents of discovered PSTs and archive their contents to the vault.

Enterprise Vault can replace messages in mailboxes or PSTs with stub messages. If the Outlook plug-in is installed when a user opens an archived message, the original message is retrieved from the vault automatically. Without the Outlook plug-in, the user will see part of the original message in the stub message and a URL to the archived message. Stub messages can be customized to control how many characters of the original message are retained and if any additional text should be inserted. The Outlook plug-in and Offline Vault module also provide support for accessing archived messages when offline.

The policy support in the Enterprise Vault UI limits you to controlling what's archived based on item age or size or a mailbox utilization percentage, with some support for exceptions. The UI also limits you to applying policies to the entire organization or to specific AD organizational units (OUs). For more granular policy support, you must create custom XML ruleset files.

Unique among the products in this review, Enterprise Vault can use the permissions defined in the AD on mailboxes to control which users can access which mailbox data in the vault. A user who has access to another user's mailbox in Exchange will automatically be given access to that mailbox's data in the vault.

Administrators can carry out searches in the MMC console, as Figure 4 shows. End users use a Web page to search the vault and place items in collections, or baskets, and they can view their data in the vault in the same folder structure as Outlook's. The offline support of Enterprise Vault can be controlled centrally or by users. For example, users could choose to keep only the last 90 days of archived messages in an offline vault on their systems or an administrator could configure a policy so that the last year of archived messages was kept in the offline vault.

SummaryEnterprise Vault 6.0

Editor's Choice

PROS: Extensive support for archiving from multiple data sources; seamless offline support; excellent support for PST archiving and removal (in the PST Migrator module); components can be distributed across multiple servers for scalabilityCONS: Creating custom polices requires custom XML ruleset files; no admin Web console; involved installation and configuration processRATING: 4.5 out of 5 PRICE: Mailbox Management Advanced Edition is $21,475 for 500 usersRECOMMENDATION: Enterprise Vault should be high on the list of email archiving products to look at for medium to large organizations.CONTACT: Symantec * 650-527-8000 * http://www.symantec.com

Mimosa NearPoint for Microsoft Exchange Server 1.1
Among the mail archiving products I looked at, Mimosa NearPoint for Microsoft Exchange Server 1.1 has a unique architecture that makes it more of an Exchange backup and recovery solution than an archiving solution. While most of the other products use Messaging API (MAPI) to get Exchange data, NearPoint uses the Exchange Extensible Storage Engine (ESE) backup APIs to actually copy all Exchange data to the NearPoint server on initial install. NearPoint then sets up a scheduled task to process the transaction logs and keep the NearPoint server up to date.

Once this Exchange shadowing is set up, NearPoint can archive mailboxes' content to reduce their size. This results in three versions of a mailbox: the "live" one in Exchange, an archived version in NearPoint that contains messages removed from the live mailbox, and a historical, or backup, copy in NearPoint. The historical copy can represent the mailbox at any point in time since NearPoint was configured to manage it.

Archiving policy support is limited to archiving based on message size and/or date or archiving mailboxes that have reached a specified percentage of their capacity. You can't archive messages based on their content.

Because NearPoint backs up the entire IS in addition to maintaining an archive of deleted messages, the NearPoint server requires storage in the amount of 250 to 350 percent of your current Exchange storage. This storage can be low cost (e.g., Serial ATA—SATA drives) because it's accessed only by the NearPoint extraction and recovery processes. Indexes and metadata are stored in SQL Server. Extracted messages and their attachments are stored on the file system; each unique attachment is stored only once, no matter how many people have received it.

Like Symantec Enterprise Vault, NearPoint provides a seamless experience in both Outlook and Microsoft Outlook Web Access (OWA), retrieving the full message from the NearPoint server when a user opens a stub message and presenting it in the original format. You can search data in NearPoint from an Outlook folder or a NearPoint Web page, as Figure 5 shows. The Web page also allows users to browse mailboxes in the same folder structure as Outlook's. The browse feature lets an administrator, or user with the appropriate rights, view a mailbox as it looked yesterday or last month. According to Mimosa, NearPoint 1.2 provides offline access to archived messages.

SummaryMimosa NearPoint for Microsoft Exchange Server 1.1

PROS: Full Exchange backup solution providing near-real-time snapshots of Exchange with the ability to view mailboxes as they were on a specific dateCONS: Requires 250 to 350 percent of current Exchange storage; limited support for public folders and archiving policies; PSTs must be manually imported; no Web-based administrative console; expensiveRATING: 4 out of 5 PRICE: $28,545 for 500 users; an additional $4710 for PST supportRECOMMENDATION: An organization that needs both email archiving and a better Exchange backup solution should consider Mimosa NearPoint.CONTACT: Mimosa Systems * 408-970-9070 * http://www.mimosasystems.com

Quest Archive Manager 3.0
Quest Software's recently released Quest Archive Manager 3.0 is based on technology acquired in its purchase of AfterMail in January. Archive Manager is the only full archiving product in this review to provide a 100 percent Web-based front end.

Archive Manager uses SQL Server to store message and indexing data. File attachments are stored on the file system, once per unique attachment. Setting policies to define which mailboxes and messages are archived is fairly straightforward. The policies are limited to archiving by message age, size, read status, or flagged status. You can copy a message to the archive, strip the message (replace it with a stub message), or delete it from the mailbox.

Archive Manager doesn't provide any offline support. Once messages are stripped or deleted from users' mailboxes, users have no way to get to those messages if they can't access the archive. Another weakness in the product is that importing PST data is a manual process.

Archive Manager provides granular delegation support to let managers or auditors access certain archived messages or mailboxes or specific Archive Manager functions. Archive Manager can also use existing AD groups to control access. However, unlike Symantec Enterprise Vault, Archive Manager requires you to manually configure delegation over who can access which mailboxes.

A unique feature of the product is its support for virtual mailboxes. You can group messages from multiple mailboxes into one mailbox and delegate access to that virtual mailbox.

Archive Manager's main console for viewing-data, shown in Figure 6, provides extensive support for searching and the ability to browse data in the same folder structure as Outlook's. Not only does Archive Manager show the entire message and headers, it lets you add comments and tags to messages that you can then search on. Archive Manager keeps a detailed audit trail so that users who have the appropriate access can view what searches have been carried out, which messages have been viewed, and who has viewed a given message. In addition, you can save searches and view search results via any Really Simple Syndication (RSS) reader.

SummaryQuest Archive Manager 3.0

PROS: 100 percent Web-based UI provides all message details and lets user add comments and tags; can archive SharePoint data; supports delegating access to archived data and product functionsCONS: No offline support; limited policy options; PSTs must be manually importedRATING: 4 out of 5 PRICE: $20,000 for 500 usersRECOMMENDATION: Archive Manager is another product that organizations should consider when looking for an email archiving solution. Its support for tagging archived items would help organizations that need to quickly find all messages related to a certain subject.CONTACT: Quest Software * 949-754-8000 * http://www.quest.com

Picking a Winner
Symantec's Enterprise Vault earned the highest rating in this review at 4.5 diamonds. Enterprise Vault has been on the market for a while, and that shows in the product's feature depth. Enterprise Vault's support for multiple data sources provides one-stop archiving for an organization, and its ability to distribute components across multiple systems and support for third-party storage solutions make it scalable.

Enterprise Vault has many user-and administrator-friendly features. PST management is one feature that really stands out. In addition, end users are minimally affected by archiving due to the product's offline support and its completely seamless access to archived messages.

Mimosa's NearPoint provides unique and significant value with its Exchange backup and restore capabilities that exceed those of most normal backup software. I suspect that this young product's limited policy, PST, and public folder support will improve in future versions and that NearPoint will grow into a very capable email archiving product. Quest's newly acquired Archive Manager, with its attractive UI and easy installation, will also be a major contender in this space, once it adds offline and better PST support.

Other archiving products not included in this review but worth a look are EMC's E-mailXtender Archive Edition and the ZANTAZ EAS product family.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like