This document describes how to successfully implement granular provisioning using Enterprise Vault for Exchange V7 and the best practices that can be adopted. With EV7 there is now a new and highly flexible GUI-driven provisioning model for Exchange mailbox archiving which provides a scalable method for managing EV mailbox archives within an enterprise. This allows greater control over the archiving parameters that are applied to particular users or groups of users. An archive policy can now be applied at a very granular level, hence the term Granular Provisioning Scope of Document
The term best practice can simply be described as the best way that has been found, thus far, to perform a given process or task. Therefore this document has been produced with input from Symantec EV experts and customers to describe how best to implement Granular Provisioning. As real world usage evolves, this document will be updated to reflect current best practice.
This document is aimed at customers, consultants and support staff and it is assumed the reader has a good understanding about the architecture and operational aspects of an Enterprise Vault server, Microsoft Exchange as well as Active Directory terminology.
Terms & Definitions
Granular Provisioning will also be referred to as GProv in this document (GP is already a much used abbreviation when talking about AD Group Policies). GProv is instrumented through the use of a new object in EV called a provisioning group; this will be referred to as a PG in this document. GProv is administered using the EV Vault Admin Console or VAC.
I would like to acknowledge the contribution that other individuals made towards making this a successful and informative document. Contributions and feedback came from the following teams; technical product management, technical field enablement, engineering, development and the performance team. Thanks to them all.
Granular Provisioning Introduction
This feature was first introduced in V6 and has been extensively improved in V7 to allow a much more granular approach to applying archiving policies and settings. GProv provides the ability for an organisation to selectively enable mailboxes for archiving as well as to apply different archive strategies across a range of users. The user experience can also be controlled by configuring different EV desktop settings within each policy. GProv does not entirely replace the functionality of EV Policy Manager (EVPM) but the differences will be explained later in this document.
The new GProv model improves upon V6 by expanding the scope of targets that a policy can apply to; this was previously restricted to an Organisational Unit (OU) but it is now possible to target almost any AD object. Targets are assigned within a new object in the Vault Admin Console (VAC) called a Provisioning Group. For even more flexibility, GProv targets can also defined using LDAP queries to select at an AD item level, such as Department Name.
Whilst GProv provides the facility to apply different polices across AD domains and forests, it is not considered a suitable method for provisioning a hosted environment. However, it could be helpful when used in a multi-tenant Exchange server configuration to provide different EV policies for different companies or subsidiaries.
Examples of Granular Provisioning Usage
Here are some examples to show how GProv could help an organisation to apply separate polices to different groups of users.
Enable Mailboxes – new mailboxes can be automatically enabled based on the AD settings of the user, such as group membership. This can then ensure the mailbox is assigned to the correct vault store, index and the appropriate archiving policy applied to the user.
Shortcut Control – different polices can be created to control what type of shortcuts are created for a user and at what point the shortcuts will be removed. For example, office bound user mailboxes could be assigned a policy to create shortcuts without body text and the shortcuts would be deleted if older than two years. Conversely mobile users could be assigned a policy to create full body text shortcuts with no shortcut removal period.
Desktop Settings – different aspects of the user experience can be controlled, it may be desirable to generally turn off features such as Archive Now or Delete but to make exceptions for some users.
Retention Categories – in some instances it may be a requirement that specific users are assigned a certain retention category, this is not a policy setting but is a property of the Provisioning Group so can be applied as part of the GProv process.
Indexing Levels –some users may need a higher level of indexing, this is a policy setting which can be applied to new users at a provisioning group level.
To read the complete article, download the PDF.