Best and worst practices for email archiving in Exchange Server

Each organization handles Exchange Server email archiving differently. And the wrong approach can be detrimental. Can your archives get you in trouble?

Managing an email system can be difficult and frustrating. Email administrators battle with Exchange Server maintenance...

and storage allocation while scurrying to meet stringent business plans and hunting down the CEO's lost email message. Enterprise environments add to this burden with the demands of email archiving -- storing the right content in the right place for the right length of time.

Roles and responsibilities

Email archiving involves long-term storage and recovery of incoming and outgoing email messages. The choice of which messages to keep, how long to keep them and where to store these messages are all part of the organization's overall records retention and regulatory compliance policies. Archived email messages and attachments must be searchable and recoverable to meet the daily needs of email users, as well as the more demanding needs of compliance auditors and legal electronic discovery (e-discovery).

Many tools are available to automate and manage message archiving and retrieval. But, even with the best third-party tools, a fundamental lack of ownership of message archival policies results in weak (or nonexistent) processes. This leaves a company vulnerable to unnecessary risks.

"Archiving is not an infrastructure thing; it's not an application thing. I think that's why it falls to the wasteland," said Rand Morimoto, president of Convergent Computing, a solution provider headquartered in Oakland, Calif. "Historically, there has not been anybody in an organization responsible for archiving."

Morimoto also points out that archiving is not a requirement for most regulations, such as Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX) and others. Consequently, businesses often handle archiving email and other content inconsistently or erratically.

Who is responsible for email archiving? While dedicated email-archiving personnel within an enterprise are exceedingly rare, the responsibility should fall to a principal Exchange administrator. If this is possible, however, depends on the size and exposure of the organization.

"If it's a large organization, they will have an email administrator," said Allen Zuk, president and CEO of Sierra Management Consulting LLC, a Parsippany, N.J.-based independent technology consulting firm. "For smaller organizations, usually somebody who's wearing multiple hats -- a network engineer or a systems administrator -- assumes the email administrator function."

Checklist: Ensuring Exchange archives remain compliant

The key here is not so much who manages email archiving but that a responsible administrator handles the process reliably and consistently.

Breaking bad archiving habits

Consistency is key when it comes to email-archiving policies and procedures. An Exchange administrator may be in charge of email archiving or it may be someone else within the organization. No matter where the responsibility lies, it's easy to adopt poor habits, make mistakes or fail to follow procedures.

Poor habits could ultimately compromise archives and even jeopardize the company's compliance or e-discovery posture. Regardless of who manages a company's archiving process, the following oversights are common and companies should make every effort to avoid them.

  • Failure to observe retention policies -- Many Exchange administrators don't pay attention to retention periods or storage space when archiving messages. Instead, they tend to focus on the content.

    "They're not aware of the company's policy regarding data retention," Zuk said. "They keep stuff; they don't know why they're keeping it or they don't know how long they will keep it for."

  • Erring on the side of caution -- Saving every message for the maximum allowable time or moving messages from the server to the archive when the message database exceeds a certain threshold (500 GB, for example) -- is a mistake. Mapping the company retention policies to email storage can better meet the needs of the business, while saving considerable storage and index/search demands.

    You may not need to keep everything. Morimoto notes that many Exchange administrators save all messages for some period of time when they could potentially save nothing except messages they're legally obligated to keep.

    "There's a lot of stuff that people send that can just be purged and deleted," Morimoto said. Eighty to ninety percent of email, such as meeting confirmations, can be deleted after day one, he noted.

    Retention isn't just about keeping data. Exchange administrators must also be diligent in purging or deleting content that exceeds its retention period. For example, if a message must be retained for five years, it should be permanently deleted at five years and one minute. Third-party archival tools can automate the deletion process by using date metadata created when the data was stored. The catch with these tools, though, is that administrators must approve deletions prior to the actual date.


  • Not including archives in backup and disaster recovery (DR) strategies -- Archives are not backups, so any mail and other data that is relegated to archives must still be backed up. The archival storage platform itself may provide some level of resiliency at the disk level such as RAID 5 or RAID 6, but it is often prudent to perform regular backups to tape or an off-site location for DR purposes. Fortunately, archived data is generally a low priority for DR restoration.

  • Relying on Exchange Server for compliance -- Generally speaking, Exchange Server does not provide very dynamic archiving features. Businesses must select third-party archiving tools that address compliance concerns across all types of data.

    Morimoto explains that it's not just an Exchange Server issue. "When choosing an archiving tool, the Exchange administrators spend a lot of time looking at it just from an Exchange basis as opposed to a policy basis," he said, noting that an archiving tool should also handle other data types, such as files and instant messages, because all of that other data is covered by compliance obligations -- it's still potential evidence. The decision of an email archiving tool must go beyond the amount of mail that must be kept. Consider the retention of all data types.


  • Allowing .pst file proliferation -- Every Microsoft Outlook user can archive email messages in a personal storage (.pst) file located on each user's desktop. While .pst files are not harmful, they are space monsters -- consuming up to 2 GB on each desktop. This can cause the size of a user's online backup to balloon.

    Further, .pst file archives aren't subject to retention policies, so the file can retain email far longer than the company's set requirements. When messages are purged from the server/archive side, those messages are not removed from a user's .pst files. This can pose a significant threat for any company, since .pst files are often included in e-discovery requests. Therefore, old messages in long-forgotten .pst files can be used as evidence long beyond the time that the message was lawfully removed from a company's archives.


  • No media upgrade or refresh plan -- Archived data is often retained for much longer than the storage systems holding that data exist. But technology upgrades are rarely -- if ever -- factored into archive recovery or restoration plans. For example, if a new archiving tool is selected, it must interoperate with the archival storage platform. Similarly, if the archival storage system is upgraded or replaced, there must be a plan in place to migrate existing data to the new storage system.
    Email-archiving technologies to consider for Exchange Server

    "Another mistake is archiving stuff on media," Zuk said. "Then they [administrators] get wrapped up in a technology refresh and nobody goes back to look at the old information on a different format and transfer it."

    When a technology changes, verify that backups and archives are accessible. Otherwise it may be impossible to recover archives, which can leave the company vulnerable to disasters or compliance audits.

Building on best practices

Email archiving isn't just about problems and mistakes. Many organizations and Exchange Server administrators have adopted sound email-archiving practices.

Whether you're a small shop looking to improve existing processes or a large organization taking the time to reevaluate everyday activities, here are five points you should adopt in your organization:

  1. Review archival and retention policies regularly -- How often you should review the policy varies depending on the size of your business and its industry. For example, a small business that isn't governed by lengthy retention requirements may adopt a short-term email retention policy.

    "I just finished with a client whose [retention] policy was 30 days and they were on the ball -- [they saved] nothing over 30 days. They didn't keep anything," Zuk said. However, an annual review of the policy is certainly in order.

    For larger Exchange organizations, a frequent review is recommended. The review not only reinforces the policy for Exchange administrators, it also gives companies an opportunity to consider industry changes that might affect retention, such as upcoming legislation. Companies can also reevaluate infrastructure issues such as storage resources and backup/DR planning.


  3. Separate archival and DR storage -- Generally, data archives are one of the lowest priorities in DR, so archival data is typically backed up to inexpensive high-volume storage -- tape or optical media -- instead of online disk storage. If disaster strikes, the emphasis should be on restoring Exchange servers and their local message storage. Administrators should focus on archival restoration later in the recovery process. This approach lowers the cost of backup storage and helps speed the recovery of the most urgent corporate resources.

  5. Centralize email storage -- Years ago, Exchange servers typically existed at every site. And this type of distributed deployment made archiving difficult. Administrators are doing a better job of keeping track of where archive data is stored, often opting to consolidate Exchange servers and storage to ease data retention and management.

    "I see more organizations centralizing information," Morimioto said, noting that centralizing Exchange servers has improved an organization's ability to manage data. "I think the idea of regionalizing Exchange and managing it centrally is a good practice people have been doing for the last year or two."


  7. Outsource email and archival tasks -- Problems with archiving and retention often stem from lack of attention from overworked administrators. This is especially the case in smaller organizations where administrators already assume a wide range of responsibilities. One way to address this issue is to outsource email archiving.

    "They're [administrators] looking at third-party vendors -- outsourcing email completely," Zuk said. Outsourcing shifts responsibilities and policy-adherence requirements to the provider, allowing the client to monitor and manage content remotely without the burden of system ownership, licensing and so on. "It's cheaper for a smaller organization to just outsource it [email]." However, any outsourcing initiative must include a careful evaluation of data security using technologies like encryption.


  9. Maintain older readable versions of archival data -- Technology refreshes can render older data formats unreadable and inaccessible. The challenge is that overworked administrators are hard-pressed to refresh existing archives to new formats or platforms. This can cause serious problems when a compliance audit or discovery request arrives. It's a good practice to incorporate an archival refresh into the technology-refresh process while retaining an older version of the data for prospective requestors.

    "A third-party vendor or agency may not have the latest and greatest technology," Zuk said. "They [administrators] have the capability to provide that information on a format or media that the requestor was working with." Such awareness can help ensure that discovery requests are met promptly and successfully, mitigating any possible penalties or charges of spoliation.

Dig Deeper on Exchange Server setup and troubleshooting