Email classification, search and discovery for FRCP litigation

Provide email classification services and archive systems to customers before they're forced to produce email records in response to Federal Rules of Civil Procedure (FRCP) litigation requirements.

Following on a tip about data protection and email archive challenges in the face of the new Federal Rules of Civil Procedure (FRCP), here I will discuss ways you might actually help customers provide court-requested information, if ever asked to do so, using email classification and discovery services.

The updates to the FRCP certainly aren't anything ground breaking; they are all sensible additions, many already enshrined in other, more legally demanding requirements. The main difference is that doing something about discovery and classification becomes relevant to more organizations than was previously the case. Here I will focus on email, since that's where nearly everyone keeps just about everything these days.

Email classification, archiving, and search and discovery tools

The big question is whether or not we keep the information within the mail server or push old email out to an email archive solution of some kind. Companies that must meet archiving requirements, in response to regulations set by their respective countries' financial services authorities, tend to select an enterprise-sized system such as Symantec Enterprise Vault, originally known as KVS. This is an expensive way of going about archiving and discovery, and is not necessarily the best way to go for companies only now affected by the updated FRCP rules.

More on email classification and archive systems
Data protection and archiving challenges in face of new FRCP rules 

Digital archiving helps avoid ediscovery litigation 

Email archiving software adoption risks and challenges for VARs

Smaller companies have a unique opportunity to update their technology, make it more resilient and adopt an innovative approach to archiving email. Let's take two products and see what they can do together to provide some email classification, email archiving and by extension search and discovery capabilities.

Exchange 2007 Standard Edition offers five private information stores, none of which are size limited in the same way that the 75 GB limit applied to the previous version of Exchange. Compellent has an email archive offering, unique in today's storage world, which allow a single information store to be spread across multiple categories of disk. Exchange 2007 provides a feature called Managed Folders that essentially replaces and enhances the functionality available within Exchange 2000 or 2003 Mailbox Management Recipient Policies. Here's how we might bring all this together in a cost-effective manner.

Example: How to set up email classification, archiving and discovery

This example is illustrated for simplicity. Day-to-day email is stored in the Microsoft Exchange information store in the normal manner, indistinguishable from how we might store it on direct-attached storage or a standard storage area network (SAN). The difference is that we place the information stores on a sample Compellent platform, which has at least three shelves of disks; oneFibre Channel, one SAS and one SATA shelf. The Compellent platform gives you full flexibility on what type of disk and how many shelves of each kind can be employed.

We then set up some additional stores and mailboxes within those stores to allow email archiving to take place. Storage policies allow it to specify the number of days data residing on individual blocks stay on their respective disk types. For example, data that is active or has been used within the last 30 days is configured to reside on Fibre Channel disk, data touched between 30 and 90 days will reside on SAS disks and all data over 90 days will be relegated to SATA disks. Even though the information stores are spread across three disk types, the store is seen as a single file on a single LUN by the Exchange Server.

On the Exchange server itself we configure Managed Folders Policies to move mail from users mailboxes and their own folder structures into an administrator-defined structure under Managed Folders. At the same time, we specify a journaling location for email transferred to those folders so that the email is co-located in another mailbox, this time on a LUN that has a policy to keep the information on medium-speed disks in the first instance, and slower-speed disks after a certain amount of time. The final step of course is to run a separate set of Managed Folder policies on the archive mailboxes at a future time to finally delete mail that is no longer required.

Since all email is still stored in the Microsoft Exchange environment it is searchable using Microsoft Outlook so long as the searcher has all the necessary permissions across the journaling mailboxes.

In summary I have shown how an innovative storage platform coupled with Microsoft Exchange can deliver an email classification and archiving system, allowing auditors and other authorized users to search through the information in an efficient manner while at no point allowing a store to grow to an unmanageable size or maintaining a store on inappropriately expensive storage.

About the author: MCSE+M, Microsoft MVP, is a technical architect for Posetiv Ltd., a U.K.-based storage integrator. He is responsible for the design of Microsoft Exchange and other Microsoft Server solutions for Posetiv's client base in terms of the SAN and NAS storage on which those technologies reside. Arnold has been a Microsoft MVP in the Exchange discipline since 2001, contributes to the Microsoft U.K. "Industry Insiders" TechNet program and can be found in the Exchange newsgroups and other Exchange forums. You can contact him at mark.arnold@msexchange.me.uk.

This was first published in June 2007

Dig deeper on Data Backup and Data Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close