Mail policies made simple, seamless
Omniva effectively enforces retention policies without disrupting existing infrastructure
ANYONE IN BUSINESS will confirm that it’s one thing to create a policy and entirely another thing to enforce it. This is especially true when it comes to e-mail. Most enterprises have document retention policies, but applying them to e-mail, using the built-in tools of most message systems, is a Herculean task, even when relatively efficient change-distribution methods are employed.
E-mail retention policies may not sound like a business necessity to most CTOs and IT directors, but that changes quickly when the company becomes involved in litigation, as we’ve seen in cases such as the Enron collapse. Omniva Policy Systems offers a groundbreaking approach to maintaining the security of internal communications and those with external partners in its Omniva Policy Manager, which works in Microsoft Exchange 5.5 and Exchange 2000 environments. Support for IBM/Lotus Domino is expected later this year. A separate product, Omniva Wireless Gateway, adds support for handheld devices.
Perhaps the best feature of Omniva is that messages are end-to-end encrypted; user sessions are protected using 128-bit SSL, which provides a fairly formidable barrier to anyone trying to compromise security. While this is only as good as the underlying software — and the mid-August news of SSL holes in Web browsers, including Internet Explorer, reminds us of just how true that is — it nevertheless presents casual eavesdroppers and intruders with a much tougher nut to crack. Message keys are kept on the policy servers and scrubbed after the message has expired.
Omniva Policy Manager runs on Windows 2000 Advanced Server with the .Net framework installed, and it is usually deployed with an internal policy server behind the firewall for internal users and a second policy server in the company’s DMZ for external consumption. For Omniva’s purposes, any user who doesn’t authenticate against Active Directory or the Windows NT domain is considered “external” and vice versa. This leads to the need for some fancy footwork with one’s DNS servers or, as a fallback, with the [filename] etc/hosts file on each client.
Fortunately, Omniva Policy Manager doesn’t require any rip-and-replace of the underlying infrastructure, working equally well with NT domains — when the proper trust relationships are created — or with the more robust Active Directory. In most cases, the Exchange server will not be touched as part of the installation, and client setup is relatively painless, usually involving an update of the Windows Installer and the installation of a Microsoft Outlook add-in that adds policy buttons to the toolbar.
The policy servers should run at least a RAID-1 (data-mirroring) array for protecting the message keys; RAID-5 (data-striping) is preferred, though the array need not be a large one, as the Exchange server continues to host the message store. Larger environments can consider a clustered approach for ultimate fail-over protection.
Installing and configuring Omniva Policy Manager is relatively simple; we had our internal server supporting clients within a couple of hours. The documentation is thorough, although somewhat disorganized; the pre-installation configuration of DNS in particular, and the SSL site certification could be better handled.
It’s fairly easy to customize retention periods and policies through the Omniva snap-in to the Microsoft Management Console. Policies that affect the ability to copy, forward, or print messages can be enabled quickly. The default retention can be set with a click, and it’s just as easy to suspend any scrubbing of expired message keys, as in the case of litigation or similar processes. Omniva also provides tools for extracting messages from Outlook’s Personal Folders to comply with legal discovery requirements if necessary.
Policy-based e-mail management is finally becoming a reality, thanks to Omniva Policy Manager. Because it uses the existing OS directory, it reduces the administrative headache associated with policy-based tools, while providing an auditable tool for communication within and beyond the enterprise. Any shop with an e-mail retention policy should strongly consider Omniva Policy Manager for its flexibility and security.
