02-23-2012 10:18 AM
I am configuring Jounraling, but have a few questions:
1) If I want to Journal a Provision Group's mailbox, how is this done? Do I need to create a new Archive Journal for EACH user? I am currently using the EV Mailbox since it has the appropropriate permissions to everyone's mailbox.
2) Should I create a new Vault Group and Store for Journaling. It seems the answer is no based on SIS. But if yes, can the new Group, and partition be on the same LUN??
Thanks
Solved! Go to Solution.
02-23-2012 10:38 AM
Journaling is meant for journal mailboxes only, and shouldn't be used against a users mailbox, for the fact that a user can only be targeted by one archiving task on one EV Server, users also have mailbox structures such as \Inbox \Sent Items etc.
A Journal archive is simply a flat structure, it has no inbox, sent items, etc and expects the items to have a journal report to determine who received copies of the email, who are undisclosed recipients (BCC) etc
So the way it would normally work is
1. In Exchange, create a System Mailbox for Enterprise Vault and a Journal Mailbox that will receive the email
2. Configure Exchange to journal all email to that mailbox at the database level or on the hub transports within exchange
3. In the Vault Admin Console create a Journal Archive
4. In the Exchange Servers, create your exchange server target if it doesn't already exist
5. Under the Journal Mailboxes container, add your Journal you create in step 1
6. It will then ask if you want to use an existing journal task (if one exists) or a new journal task
7. Once you complete it, all email will be coming in to that journal mailbox and the journal task will connect every minute to check for email and archive it appropriately.
As for the Vault store questions, my advice would be to create a new Vault Store for journaling in the existing vault store group and have items shared between the mailbox and the journaling.
The reason is that journaling will create a lot of overhead and add far more entries in the database than mailbox archiving will, so its really based on performance, but you want to keep it in the group so that you keep the OSIS benefits
02-23-2012 10:38 AM
Journaling is meant for journal mailboxes only, and shouldn't be used against a users mailbox, for the fact that a user can only be targeted by one archiving task on one EV Server, users also have mailbox structures such as \Inbox \Sent Items etc.
A Journal archive is simply a flat structure, it has no inbox, sent items, etc and expects the items to have a journal report to determine who received copies of the email, who are undisclosed recipients (BCC) etc
So the way it would normally work is
1. In Exchange, create a System Mailbox for Enterprise Vault and a Journal Mailbox that will receive the email
2. Configure Exchange to journal all email to that mailbox at the database level or on the hub transports within exchange
3. In the Vault Admin Console create a Journal Archive
4. In the Exchange Servers, create your exchange server target if it doesn't already exist
5. Under the Journal Mailboxes container, add your Journal you create in step 1
6. It will then ask if you want to use an existing journal task (if one exists) or a new journal task
7. Once you complete it, all email will be coming in to that journal mailbox and the journal task will connect every minute to check for email and archive it appropriately.
As for the Vault store questions, my advice would be to create a new Vault Store for journaling in the existing vault store group and have items shared between the mailbox and the journaling.
The reason is that journaling will create a lot of overhead and add far more entries in the database than mailbox archiving will, so its really based on performance, but you want to keep it in the group so that you keep the OSIS benefits
02-23-2012 10:57 AM
Thanks. Management wants to use Journaling to track all emails in a provision group. For example, if a user in a provision group deletes an email, IT can go into the journal mailbox and find the emails and send it back to the user based on the retention policy on the journal mailbox.
Can journaling be done this way?
Can I assume the Journal Mailbox needs the same permissions on the Exchange as the EVMailbox?
02-23-2012 11:19 AM
ok if this is the case i would suggest provisioning by DL's or security groups etc
Then you could use Selective Journaling to say anything that is sent/received by this DL, archive it, anything else, delete it
OR the easier option is to have a DL thats used for provisioning and have your exchange team set up journaling rules on the exchange side so only those users email go to the journal mailbox
02-23-2012 11:23 AM
I prefer the easier option. Any docs on that? Like setting up DL, since now we are using Windows Groups for the Provisioning Group.
02-23-2012 11:55 AM
Well really if you are going to do transport rules in Exchange 2007/2010 and create distribution lists, then your Exchange team should be able to handle that easily as that is Exchange 101.
For the provisioning thats up to you, but you simply just change the target of your provisioning group to be a distribution group instead of whatever it is you are targeting now.
But anyway, some links regarding this can be found below.
How to create a distribution list in Exchange 2010:
http://technet.microsoft.com/en-us/library/bb124513.aspx
How to create a distribution list in Exchange 2007:
http://technet.microsoft.com/en-us/library/bb125256(v=EXCHG.80).aspx
How to create a distribution list in Exchange 2003
http://support.microsoft.com/kb/821904
How to journal based off of a distribution list in Exchange 2010:
http://technet.microsoft.com/en-us/library/bb124246.aspx
How to journal based off of a distribution list in Exchange 2007:
http://technet.microsoft.com/en-us/library/bb125256(v=EXCHG.80).aspx
Here is a white paper on how the exchange journal transport for 2007 works, similar to 2010:
http://technet.microsoft.com/en-us/library/bb738122(v=EXCHG.80).aspx
Enterprise Vault Provisioning Best Practices white paper:
https://www-secure.symantec.com/connect/articles/enterprise-vault-granular-provisioning-best-practic...
If you can't configure Exchange 2010 or 2007 to do the rules you want, you will need to use Selective Journaling, a couple of Articles can be found here, as well as in the Admin Guides for EV:
https://www-secure.symantec.com/connect/articles/selective-journaling-enterprise-vault
02-23-2012 12:17 PM
Thanks. My manager just wants to use EV Journaling since we have over 500 DL's
02-23-2012 12:36 PM
I think you miss the point that EV Journaling is just archiving the Exchange Journal mail. You need to configuring Journaling in Exchange to capture the mail you want and then target that Exchange Journal mailbox with an EV journal task.
02-23-2012 12:40 PM
Nope. That's exactly what I ma planning to do.
1) Setup a journal mail box
2) Create Exchange Rules to Archive everyone's email
3) Configure EV to archive the Journal mailbox.
02-23-2012 12:46 PM
By Everyone, you just mean those who are provisioned right by using the Exchange Journaling rules, right?
Either way i think you have enough information to get it sorted, really the bulk of the work is going to be on the exchange team to get journaling configured correctly.
However also remember that for premium journaling (i.e so it journals just the people you want) on Exchange, you have to have extra CAL's, meaning if you have 10,000 employees and you want to journal 5,000 of them then you need 5,000 extra CAL's etc
02-23-2012 09:28 PM
@ JesusWept
I have a question for you about your recommendations around the OSIS model, if you dont mind.
You recommended that he should enable sharing on the VSG level between the Mailbox Vault Store (MVS) and the Journal Vault Store ( JVS)
What would happnen if you had different Retention Categories, which is often the case, between the MVS(3 years) and the JVS(7 years)
If an item has archived first by the MVS then the actual item would be stored there but a reference in the Fingerprint database would only exist for the same item for the JVS. The actual item wouldn't also exist in the JVS
So now years later you implement Storage Expiry and don't get the storage recovery you expect because the item doesn't get removed from the MVS storage due to there being a reference to it for the JVS.
I may be missing something about how OSIS works but wouldn't this be problematic ?
02-24-2012 04:44 AM
02-24-2012 07:14 AM
Lol, that's an obvious and relevant point.
I missed that one :)
The only time I can think of where my concern may be relevant is where the customer has a specific storage device for the MVS and expects to see a reduction in that storage` device . But to be honest all my customers use more or less the same storage for Mail ,Journal ,SP or File .And when they run Storage expiry they just want too see any space reclaimed
Thanks for the response.
02-25-2012 12:22 AM
Interesting discussion,
I now understand the issues more clearly, and it is good to know that my decision to go with a Journal and separate Mailbox VS in a common VSG seems to have been the correct one.
And Hi to Bruce, thanks for your input yesterday - from Johnny
02-25-2012 04:32 PM
Last question...I promise:)
When creating a new vault store, does this mean a new partition? If yes, can this coexist in the exisiting partition or should this be on a new LUN (we use Netapp).
02-25-2012 05:20 PM