Do you worry about Enterprise Vault having local data on each persons workstation? Do you already have an environment where PST files are not allowed, and the data from them have been ingested into Enterprise Vault?
But what about Enterprise Vault related data? Do you have users that need to access this archived information when they’re not connected to the corporate network? What can you do in that regard?
These are the things that we’ll discuss in this article.
The obvious first choice is to not allow any local data to be stored on the end users workstation from Enterprise Vault. This means that the user will not be able to use or enable Vault Cache and Virtual Vault. It’s an option for some people, but it means that there is no access to archive data apart from online searches or browsing with Archive Explorer. This is a bad deal for people on the road who aren’t necessarily connected to the corporate network all the time.
An option for the remote users is to install and configure the Enterprise Vault Outlook Web App extensions. These can help provide access to both email, and archived content, when the user is not VPN’ed into the corporate network. With the new search interface in Enterprise Vault 11 they would actually get quite a good experience doing this, but it does require them to have a decent connection to the internet, and the new Enterprise Vault 11 search hasn’t been optimised for mobile phone or tablet devices yet.
If end users are allowed to have some data on their machine, but not full items, then it is possible to still configure Vault Cache and Virtual for these users. A few configuration tweaks are needed however to ensure that content is not pulled down and stored on the machine.
Whether this option works for you will depend on how strict the requirement is for ‘no local data’ because enabling Virtual Vault at all will result in an MDC file being created. The MDC file contents metadata about every archived item in the users archive. This metadata includes recipient information, subject lines, date and times, and 120 characters of the message body. This might still be bad news if the requirement for ‘no local data’ is strict, because this metadata will give an identifiable version of emails.
If it can be enabled then end-users will get quite a good experience whether they are online or offline. For the online users, they’ll have a few seconds delays when they click on the content in Virtual Vault whilst the item is retrieved from the Enterprise Vault server. For the offline users, they won’t be able to access the content of the items, only the short 120 characters of the message body stored in the metadata cache. Sometimes though, that might be enough.
One option to consider in the ‘no local data’ scenario is to instead encrypt the location where the Enterprise Vault Vault Cache and Virtual Vault data resides on the workstation. Obviously the rule of ‘no local data’ is then being broken, but the data which comes down from the Enterprise Vault server will at least be in an encrypted folder. This data can be the metadata cache (MDC) file used by Virtual Vault, and it can also be the Vault Cache data (.db files). How much will be placed there can also be limited by the administrator by policy setting, as we see here:
This experience for end-users will be the best for online and offline users. Both types of users will have fast access to archived emails. If the size restriction is put in place it will mean some data won’t be present. This will cause a short delay for online users whilst the data is retrieved, if required. It will mean that offline users won’t be able to access this data, instead they’ll see the short version of the message from the ‘stub’ stored in the metadata cache.
In summary you can see that there are several options available for an Enterprise Vault administrator if they want to try to limit or restrict or completely remove what Enterprise Vault data is allowed on an end-user workstation. With the all-new search interface in Enterprise Vault 11 end users can still get a good experience without any data stored locally, provided they are online and connected to the corporate network.
Have you had to tackle the issue of no local data on end-users workstations? Let me know in the comments below.