Post on 02-May-2015
transcript
Exchange Server 2010 E-Mail Archiving
Alessandro AppianiMicrosoft TechNet Speaker & Certified Traineremail: v-alessa@microsoft.com
Pulsar IT Founder & CEOsip/im/email: alessandro.appiani@pulsarit.net
L’eccellenza sulle tecnologie MicrosoftPulsar IT è stata tra le prime società in Italia a
certificarsi sulle infrastrutture di rete Microsoft (1995) e sulle soluzioni in area ServerPulsar IT è specializzata sulle soluzioni per la comunicazione, la collaborazione e la sicurezzaLe persone di Pulsar IT sono Speaker tecnici in conferenze ed eventi Microsoft da oltre 15 anniPulsar IT è Microsoft Voice-Ready Partner specializzato nell’integrazione delle tecnologie Microsoft Unified Communications con i sistemi VoIP e legacy PBX
AgendaE-mail store & archive
esigenze
Exchange 2010 Archiving & Retentionobiettivi e design goal
Exchange Personal Archiveprincipi e funzionalitàconfigurazione e management
Archiving Policiescriteri di archiviazione, conservazione e gestione dei contenuti
eDiscoverysearch e multi-mailbox search
E-MAIL STORE & ARCHIVEIntroduzione e obiettivi
SharePoint
Outlook PSTs
Webmail
Third Party ArchiveBackups
Exchange Server
Dove sono le e-mail?
E-mail “store”
Exchange(MBs)
Org Archive(PBs)
Personal Archive
(TBs)
Outlook PSTs(GBs)
BackupBackup
• Tape/Disk Backups Common
• Item Level Backups Common
• Backups uncommon and hard
• Users do manual backups• IT does unsupported
backups
• Replication Common• Backups Less Common • Replication Only Choice
• Datasets Require Replication
End User Access
PSTs• Circumvent Quota• Highly Portable
Mailbox• Highly
Available/Reliable• Rich Client Access
Personal Archive• Circumvent Quota• Allow Org Control
Organization Archive• Keep all E-mail • Allow Org Control• Optimized for Search
Replicated Backups
Replicated Backups
Le problematiche
Mailbox PSTs Personal Archive
Org Archive
Poor End User Experience• Quotas painful• Forwards to keep mail• User burden of legal hold
• Only available locally• Search degraded• Data Loss (>5GB PST)
• OLK/OWA Integration• No user search for data • Issues with stubs
NA
Cost and Compliance Toolset for IT Pro/Records Mgr• SANs cost limits size• Backup costs limit size• High new mail inflow• SLAs hard to achieve• No org-wide mail search• No guaranteed legal hold• Info. Disclosure risk
• No Discovery• No Legal Hold• Corruption caused loss• No Backup/Recovery• Manual Backups• Backup to share
• >Twice CAPEX/OPEX• Delays Office upgrades• Add-in perf. problems• Backup costs limit size
• No generic feature set• >Twice CAPEX/OPEX
Le caratteristiche
Mailbox PSTs Personal Archive Org Archive
End User Experience • Logs, WORM, Read Only• Single
Instancing/Compression• Configuration Auditing • Mailbox Auditing • Journaling metadata• Rogue Admin Protection• Regulatory Accreditation• Protected Content
(signing/encryption)• Federated Discovery,
Retention and Reporting across content
• Data Mining and Visualization• Case Management• Archive for Bloomberg data• Supervisory Tools• ….• ….
• Rich Client (OLK/OWA)
• No quota• Portability
• OLK/OWA Support (w/ stubs)• Time based quota (Move/Delete)• Mobile Access (Search)
Cost and Compliance Toolset• Available • Reliable
• Cheap – Unmanaged
• Discovery • Message Retention
• Move Policy• Delete Policy• Hold Policy
• Reliable with multiple copies• Highly Available with
Replication• Role Based Access• Discovery Web Service• Bulk PST Import/Export• Archive in the cloud
EXCHANGE 2010 ARCHIVING & RETENTIONPrincipi e funzionalità
Exchange 2010: E-mail in Exchange
SharePoint
Outlook PSTs
Webmail
Third Party Archive
Backups
Exchange Server 2010
Exchange archiving, retention, discoverUniformare l’interfaccia utente e gli strumenti tra
store primario ed archivioUniformare i metodi di configurazione client, i protocolli e le modalità di accesso
rete privata/geografica/internetoutlook/web/mobile/...
Uniformare e semplificare la gestione dello storeUniformare e semplificare l’amministrazione delle componenti di exchange con quelle dell’archivingFavorire/sensibilizzare gli utenti alle tematiche di retention (conservazione) e consentire personalizzazioniConsentire la conservazione e la consultazione di grandi volumi di e-mail
Exchange 2010: conservare e trovareArchiving, message retention & discovery
Personal Archive
• Archive in Outlook/OWA
• Archive Mgmt with CMDLets and EMC
Move & Delete Policy
• Move and Delete Policies in OLK/OWA
• Folder/Item Level Policy
Hold Policy
• Edited/Deleted items preserved
• Single Item Restore
Multi-Mailbox Search
• CMDLet and Discovery GUI Support
• Role-based Access
Conservazione Ricerca
Affidabilità
Exchange 2010 ArchivingCome funziona
L’amministratore abilita/crea personal archiveAlla creazione dell’archive vengono automaticamente generate le folder (se configurate)L’amministratore può imporre criteri (policy) di “movimentazione” automatica di elementi
archive/move/delete/hold/... Messaging Record Managementle policy possono essere automatiche a livello mailbox, folder, item
L’utente può spostare contenutida PST oppure da primary mailbox ad archive e viceversa
L’utente (se consentito) può variare/scegliere (non creare) quali policy applicare ad una nuova folder
PERSONAL ARCHIVECaratteristiche, funzionalità utente, management
Personal ArchiveArchitettura ed accesso
Archive in Exchange 2010 è basato sul concetto di “secondary” mailbox*La sua configurazione è una proprietà dell’utente (in AD)
è abilitato by-userc’è un’associazione diretta tra user mailbox (primary) e archiveogni utente/mailbox ha al più un solo archive
L’archive risiede nello stesso DB della primary mailbox*L’amministratore può imporre quota differenti tra mailbox e archiveL’archive è aperto automaticamente da Outlook e OWA
architettura assolutamente uniforme tra mailbox e archivenessun problema per accesso interno/esterno/anywhere
Non c’è offline store per l’archive
* informazioni relative alla versione RTM
Personal ArchiveFunzionalità e caratteristiche
Semplice per l’utentemolto simile al concetto di PST o Outlook archive, ma server-sidecomportamento ed interfaccia identica tra mailbox primaria ed archivestesso approccio per Outlook ed OWA
PST possono essere importati nell’archive direttamente dagli utenti in modo semplice (drag-n-drop)Garantisce la persistenza e l’”ordine” della mailbox anche per gli utenti non attenti alle normative
Demo
{
}
Exchange 2010 AD Schema
Legacy-Exchange-DNms-Exch-ADC-Global-Namesms-Exch-AL-Object-Versionms-Exch-Configuration-Unit-BLms-Exch-CUms-Exch-Dirsync-IDms-Exch-Edge-Sync-Cookiesms-Exch-Edge-Sync-Source-Guidms-Exch-Heuristicsms-Exch-Hide-From-Address-Listsms-Exch-Inconsistent-Statems-Exch-OU-Rootms-Exch-Provisioning-Flagsms-Exch-Recipient-Validator-Cookiesms-Exch-Replicated-Object-Versionms-Exch-Replication-Signaturems-Exch-Server-Association-BLms-Exch-Server-Association-Linkms-Exch-Setup-Statusms-Exch-Unmerged-Attsms-Exch-Unmerged-Atts-Ptms-Exch-VersionShow-In-Address-Book
ms-Exch-Archive-Name ms-Exch-Archive-Warn-Quota ms-Exch-Archive-Quotams-Exch-Archive-GUIDms-Exch-Archive-Database-Linkms-Exch-Archive-Database-BLms-Exch-Availability-Org-Wide-Account-BLms-Exch-Availability-Per-User-Account-BLms-Exch-Delegate-List-BLms-Exch-Device-Access-Control-Rule-BLms-Exch-Mailbox-Move-Source-MDB-BLms-Exch-Mailbox-Move-Target-MDB-BLms-Exch-Mobile-Remote-Documents-Allowed-Servers-BLms-Exch-Mobile-Remote-Documents-Blocked-Servers-BLms-Exch-Mobile-Remote-Documents-
Internal-Domain-Suffix-List-BLms-Exch-Organizations-Address-Book-Roots-BLms-Exch-Organizations-Global-Address-Lists-BLms-Exch-Organizations-Template-Roots-BLms-Exch-OWA-Allowed-File-Types-BLms-Exch-OWA-Allowed-Mime-Types-BLms-Exch-OWA-Blocked-File-Types-BLms-Exch-OWA-Blocked-MIME-Types-BLms-Exch-OWA-Force-Save-File-Types-BLms-Exch-OWA-Force-Save-MIME-Types-BLms-Exch-OWA-Remote-Documents-Allowed-Servers-BLms-Exch-OWA-Remote-Documents-Blocked-Servers-BLms-Exch-OWA-Remote-Documents-Internal-Domain-Suffix-List-BLms-Exch-OWA-Transcoding-File-Types-BLms-Exch-OWA-Transcoding-Mime-Types-BLms-Exch-Parent-Plan-BLms-Exch-RBAC-Policy-BLms-Exch-RMS-Computer-Accounts-BLms-Exch-Server-Association-BLms-Exch-Server-Site-BLms-Exch-SMTP-Receive-Default-Accepted-Domain-BLms-Exch-Supervision-DL-BLms-Exch-Supervision-One-Off-BLms-Exch-Supervision-User-BLms-Exch-User-BLms-Exch-X500-Access-Control-Listms-Exch-Availability-Org-Wide-Account-BLms-Exch-Availability-Per-User-Account-BLms-Exch-Delegate-List-BLms-Exch-Device-Access-Control-Rule-BLms-Exch-Mailbox-Move-Source-MDB-BLms-Exch-Mailbox-Move-Target-MDB-BLms-Exch-Mobile-Remote-Documents-Allowed-Servers-BLms-Exch-Mobile-Remote-Documents-Blocked-Servers-BLms-Exch-Mobile-Remote-Documents-
Internal-Domain-Suffix-List-BLms-Exch-Organizations-Address-Book-Roots-BLms-Exch-Organizations-Global-Address-Lists-BLms-Exch-Organizations-Template-Roots-BLms-Exch-OWA-Allowed-File-Types-BLms-Exch-OWA-Allowed-Mime-Types-BLms-Exch-OWA-Blocked-File-Types-BLms-Exch-OWA-Blocked-MIME-Types-BLms-Exch-OWA-Force-Save-File-Types-BLms-Exch-OWA-Force-Save-MIME-Types-BLms-Exch-OWA-Remote-Documents-Allowed-Servers-BLms-Exch-OWA-Remote-Documents-Blocked-Servers-BLms-Exch-OWA-Remote-Documents-Internal-Domain-Suffix-List-BLms-Exch-OWA-Transcoding-File-Types-BLms-Exch-OWA-Transcoding-Mime-Types-BLms-Exch-Parent-Plan-BLms-Exch-RBAC-Policy-BLms-Exch-RMS-Computer-Accounts-BLms-Exch-Server-Association-BLms-Exch-Server-Site-BLms-Exch-SMTP-Receive-Default-Accepted-Domain-BLms-Exch-Supervision-DL-BLms-Exch-Supervision-One-Off-BLms-Exch-Supervision-User-BLms-Exch-User-BLms-Exch-X500-Access-Control-List
Garbage-Coll-Periodms-Exch-Alternate-Mailboxesms-Exch-Approval-Application-Linkms-Exch-Archive-Database-Linkms-Exch-AutoReplyms-Exch-Delegate-List-Linkms-Exch-Deleted-Item-Flagsms-Exch-Dumpster-Quotams-Exch-Dumpster-Warning-Quotams-Exch-ELC-Expiry-Suspension-End
ms-Exch-ELC-Expiry-Suspension-Startms-Exch-ELC-Mailbox-Flagsms-Exch-External-OOF-Optionsms-Exch-Home-MDBms-Exch-Home-Server-Namems-Exch-Mailbox-Guidms-Exch-Mailbox-Move-Flagsms-Exch-Mailbox-Move-Remote-Host-Namems-Exch-Mailbox-Move-Statusms-Exch-Mailbox-Move-Target-MDB-Linkms-Exch-Mailbox-OAB-Virtual-Directories-Linkms-Exch-Mailbox-Template-Linkms-Exch-Mailbox-Urlms-Exch-Max-Blocked-Sendersms-Exch-Max-Safe-Sendersms-Exch-MDB-Over-Hard-Quota-Limitms-Exch-MDB-Over-Quota-Limitms-Exch-MDB-Rules-Quotams-Exch-MDB-Storage-Quotams-Exch-MDB-Use-Defaultsms-Exch-Mobile-Allowed-Device-IDsms-Exch-Mobile-Blocked-Device-IDsms-Exch-Mobile-Debug-Loggingms-Exch-Mobile-Mailbox-Flagsms-Exch-Mobile-Mailbox-Policy-Linkms-Exch-Pf-Root-Urlms-Exch-Previous-Home-MDBms-Exch-UM-Addressesms-Exch-UM-Audio-Codecms-Exch-UM-Audio-Codec-2ms-Exch-UM-Enabled-Flagsms-Exch-UM-Enabled-Flags-2ms-Exch-UM-Fax-Idms-Exch-UM-Mailbox-OVA-Languagems-Exch-UM-Max-Greeting-Durationms-Exch-UM-Operator-Numberms-Exch-UM-Phone-Providerms-Exch-UM-Pin-Checksumms-Exch-UM-Server-Writable-Flagsms-Exch-UM-Template-Linkms-Exch-Use-OAB
User Object in AD
Exchange User PropertiesArchive è un’estensione della mailbox
Proprietà specifiche per l’archive:1. Archive GUID2. Archive Name3. Archive
Database4. Archive Quota
Archive Autodiscover
User ObjectMailbox Props Archive PropsMRM Props
AD
(2) Auto-Discover reads Archive props
(1) OLK does Auto-Discovery
CAS
(3) OLK receives Archive props in Auto- Discover response
(4) OLK connects to the Archive
No Outlook Restart!
Primary e archivestore accoppiato (es: move mailbox)
User ObjectMailbox Props Archive Props
AD
Primary Mailbox
Archive Mailbox
E2010 Source DB
Move Request Service
Primary Mailbox
Archive Mailbox
E2010 Target DB
CAS for Target DB
(1) MRS starts move request
(2) MRS moves data to target
(3) MRS updates AD with new target database
(5) Auto-Discover finds new database
(4) OLK does AutoDiscovery
(6) Outlook connects to target CAS server
CAS for Source DB
Demo
{
}
ARCHIVING POLICIESCriteri di archiviazione, conservazione e gestione dei contenuti
Archiving & RetentionLa gestione dei contenuti delle mailbox e l’archiviazione avviene utilizzando le tecnologie di Message Record Management di Exchange Server 2010Retention Policy
può essere associata ad una mailboxraggruppa un insieme di retention tag
Retention TagRetention policy tags (RPTs): sono quelli che si applicano alle default folders (Inbox, Sent items, Deleted Items, ...)Default policy tags (DPTs): si applicano agli item privi di altri retention tagsPersonal tags: sono quelli che l’utente può applicare a singoli item all’interno della propria mailbox e delle proprie folder
Retention Age Limit ActionsMoveToArchive, MoveToDeletedItems, DeleteAndAllowRecovery, PermanentlyDelete, MarkAsPastRetentionLimit
Un esempio
Archiving PolicyExchange Server Setup crea la retention policy “default archive policy” che contiene i seguenti retention tags (system tags*)
Retention tag name Tag type Description
Default 2 year move to archive
Default Messages are automatically moved to the archive mailbox after 2 years. Applies to items in the entire mailbox that don't have a retention tag applied explicitly or inherited from the folder.
Personal 1 year move to archive
Personal Messages are automatically moved to the archive mailbox after 365 days.
Personal 5 year move to archive
Personal Messages are automatically moved to the archive mailbox after five years.
Personal never move to archive
Personal Messages are never moved to the archive mailbox.
* Built-in retention tag gestiti separatamente dalle cmdlet (switch IncludeSystemTags)
Message Retention PolicyMove Policy: spostano automaticamente messaggi nell’archive
aiutano l’utente a mantenere la mailbox entro le dimensioni della quotaconcetto simile a Outlook Auto-Archive, ma server-side ... e senza PST
Delete Policy: cancellano automaticamente messaggi
consentono la rimozione degli elementi da non conservareaiutano a ridurre le dimensioni delle mailbox (quota)sono regole globali, condivise tra mailbox e archivele policy con durata maggiore “vincono”
Hold Policy: conservano automaticamente un messaggio
trasparente per l’utentegarantiscono la persistenza delle informazioni aziendali
Demo
{
}
EDISCOVERYRicerca dei contenuti
Ricercare i contenutiUtente
ha necessità di ricercare e consultare i contenuti recenti ed archiviati nella propria mailbox
Auditor/Legal/HR/...ha necessità di ricercare e consultare i contenuti recenti ed archiviati in una o più mailboxla ricerca può coinvolgere grandi quantità di datila ricerca deve normalmente essere mirata
specifiche mailboxrange di datekeyword/contenuti specifici...
Ricerca Possibilità di definire l’ambito di ricerca includendo anche l’archive
Anche la ricerca avanzata può agire su mailbox primaria ed archive
eDiscoveryricerca Multi-Mailbox
User Friendly
flessibile e semplificata per auditor, legal, HR, ...
Demo
{
}
IN SINTESI
Riepilogo
Archiving nativo in Exchange (finalmente )semplice per l’utentesemplice per il sysadmin
Sfrutta la nuova architettura di ExchangeI/O più leggerofacilità di mantenimento e gestione di grandi masse di datipensata per storage “large/slow/low-cost”
Parte del modello di Messaging Record Management
retention policy potentisensibilizzazione degli utenti
eDiscovery semplificatosecurity integrata in Exchange (con RBAC)interfaccia semplice e familiare per multi-mailbox search
Risorse (1)Understanding Personal Archives
http://technet.microsoft.com/en-us/library/dd979795.aspx
Managing Personal Archiveshttp://technet.microsoft.com/en-us/library/dd776121.aspx
Understanding Retention Tags and Retention Policies
http://technet.microsoft.com/en-us/library/dd297955.aspx
Understanding Messaging Records Managementhttp://technet.microsoft.com/en-us/library/dd335093.aspx
Understanding Legal Holdhttp://technet.microsoft.com/en-us/library/ee861123.aspx
Understanding Multi-Mailbox Searchhttp://technet.microsoft.com/en-us/library/dd335072.aspx
Risorse (2)Microsoft Exchange Server TechCenter
http://technet.microsoft.com/en-us/exchange
Microsoft Exchange Team Bloghttp://msexchangeteam.com
Microsoft Unified Communications Group Team Blog http://blogs.technet.com/uc
Microsoft Unified Communications | TechNet Edgehttp://edge.technet.com/unifiedcommunications
Microsoft Exchange Server Homehttp://www.microsoft.com/exchange
Microsoft Unified Communications (UC) Homehttp://www.microsoft.com/uc
Microsoft Exchange Server Italy Homehttp://www.microsoft.com/italy/server/exchange
© 2009 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.