Enterprise Vault journal archiving is a powerful component of the product, and facilitates the long term storage of journal mailbox data. Companies in the US have regulations around this, and even though in Europe the legal side of things are a bit messy, many companies are turning on journaling on the Exchange servers, and then using Enterprise Vault to keep things 'forever' - for now. In this simple guide, I'll explain how to setup journaling with Enterprise Vault, and some of the considerations that you need to think about for your environment.
Where will you archive to?
The first thing to consider is where will the journal archive reside. There are several options to consider here.
- Separate Vault Store
Some organisations want to keep this journaled data completely separate, so they set up a new Vault Store and have the journal archive reside in that location. Sometimes people even setup a whole new Vault Store Group. But the real thing to consider here is sharing. Enterprise Vault has three levels of sharing:
- None - obviously doesn't have any sharing
- Within Vault Store - all the archives within a single vault store are eligible for Single Instance comparisons
- Within Vault Store Group - all archives across all vault stores within the group are eligible for Single Instance comparisons (this is the new Optimised Single Instance Storage introduced in Enterprise Vault 8)
With these different options sometimes organisations setup journal archiving into a new vault store just to keep things separate, eg a separate name, separate vault store database, but they enable Single Instancing at the Vault Store group level.
In the end the choice is yours but consider under the covers what Enterprise Vault is doing, what additional storage may or may not be needed and so on, before making your decision.
- Regular Vault Store
Even if you have sharing only enabled 'within the vault store' you can take advantage of Single Instance Storage by having the archive sit inside the regular mailbox vault store. This way everything will be journal archived, and when mailbox archiving archives some of that same data it will result in no duplication of savesets.
Create a journal archive
When you have decided where the journal archive will reside, navigate to the Exchange Journal node in the VAC, right click and create a new journal archive. A simple wizard assists you in picking names, descriptions, vault store location, indexing level and so on. The end result is a nice new journal archive in the location you have decided on.
Review journal policy
The journal mailbox policy I would say is one of the simplest policies in the Enterprise Vault environment and would rarely need anything changing from the defaults. However it is worth a quick review to ensure it suits your particular environment:
The main things to consider here are:
- Expand distribution lists
This should be turned on if the reason you are doing journal archiving is for compliance reasons. The default is that it is turned on, so you shouldn't need to change anything. The reason to set it on is so that at a point in time the distribution lists in an email are expanded, and the recipients stored. This is important for compliance reasons, because if you are looking at an email sent 6 months ago which was sent to DL-ImportantPeople and you want to know if a particular person received that email you need to also look at the group membership at that time, not now. With DL expansion turned on you get that exact ability.
- Journal Delay
In environments where there are multiple Enterprise Vault servers, and multiple Exchange servers, sometimes there are multiple journal reports for a single mail. The journal delay setting acts as a kind of buffer time for the journal task to wait before proceeding with the archiving of a particular journal report. By default the task will wait 5 minutes for other expected copies of the journal report (which it can than archive together). After 5 minutes it will archive the item anyway. I would say that the default is plenty but in some organisations it does get increased to 15 minutes or so, particularly if there are servers spread across the world.
Add journal task
The next step is to add a journal task. This is a simple wizard again which asks for the name of the Exchange server, and a system mailbox to connect to.
Add a journal target
This is the final step in the setup of the journal archiving, and it's buried a little way down underneath the 'Targets' node in the VAC. In this wizard you select the journal mailbox that you want to target, and associate it with the task that you just created. You then get to choose the journal policy and retention category for items, and finally you pick the journal archive that you created earlier.
If you have multiple journal mailboxes you want to target they can all go to the same journal archive - which makes searching simpler down the road.
In addition if you have multiple journal targets that you want to add then it is better to have multiple journal tasks, rather than adding multiple targets to one task. This is because the way that the journal task operates is that it processes all the items for one target first, before moving on to the second. It processes the mailboxes/targets sequentially. If you have multiple tasks to those multiple targets, then they are processed in parallel. If your machine has plenty of horsepower (and it does, right?) then this is the best approach to take.
I can't emphasis enough that the journal mailbox(es) should be monitored closely. The journal task spins over the mails in the mailbox pretty much constantly, so it's not on a schedule like the normal mailbox archiving tasks. For this reason any delays, or connectivity issues or really any issue at all, can start to lead to a backlog of items in the journal mailbox. These issues when resolved mean that the return to normal processing of the journal mailbox can take some time, especially if 1 million items have built up in the time that the issue was present!