Symantec's Enterprise Vault finds what you're looking for

By Joel Snyder
Network World, June 11, 2007

Original Article on Network World Web Site

Symantec's Enterprise Vault system provides e-mail and file archiving, regulatory compliance and legal-discovery features suitable for the enterprise.

In this exclusive test of Symantec's latest release, EV 7.0, we found the product provides a very deep set of search and recovery tools that can tap into information archived from a wide variety of sources.

With support for Microsoft Exchange and Lotus Domino, as well as any SMTP connection, EV can work with any enterprise mail system. In addition, support for archiving other information repositories across the enterprise, including shared file systems and Microsoft SharePoint services, gives EV the ability to pull data from an even wider field.

EV is heavily linked into Microsoft Exchange clients, so we were also able to see benefits for users -- including automated message archiving and deletion -- tightly integrated into the Outlook e-mail client.

We did not test archiving performance but focused on the product's integration capabilities and its search and recovery features (see How we tested Enterprise Vault).

In our tests using Exchange 2007, we focused on e-mail applications as the most likely and interesting data stores for enterprise IT. EV talks to Exchange in two ways. First, it can link into the journaling capability of Exchange to get a copy of every message that passes through your mail system. In Exchange 2007, Microsoft requires that all messages go through a messaging hub (even if they are passed between users in the same message store) and then provides a way for third-party applications, such as EV, to get copies of those messages as they fly by. We turned on journaling for Exchange 2007 on the messaging hub and verified that messages sent using an Exchange 2007 server were captured by EV according to policy.

The second link to Exchange for EV is directly into each user's mailbox. When EV has its fingers deep into the mailbox, it can grab messages and move them to the vault, leaving behind a shortcut that will let the user get at the message moved to the EV message store. Once the message is controlled by EV, you can apply a range of retention policies, enforcing automatic deletion in the end.

Although the integration with Exchange is slick, we were concerned that moving messages out of Exchange and into EV trades off one storage nightmare for another. However, we found that EV can save message space in several ways. First, EV maintains "single instance" storage of messages even across different Exchange servers.

This means you need a single larger storage system rather than a series of smaller ones, as in Exchange. Because EV is a "write mostly" type of application with a much lower transaction rate than an Exchange server, storage cost can be much lower. Second, because EV can operate across multiple journaling, compliance and archiving applications, you don't have copies of each message for each application.

Symantec also offers a tool kit of three applications (PST Locator, PST Collector and PST Migrator) to hunt down and archive personal mailboxes (.PST files) on individual's laptops and desktops across the enterprise. EV also can archive documents in public folders within Exchange, as well as on Windows file servers and Microsoft SharePoint servers.

One direct hook that EV doesn't have is into instant messaging. Although it has some support for linking to other IM-archiving systems, the document-based orientation of EV doesn't mesh well with the synchronous nature of IM traffic.

Some may buy EV for its retention enforcement tools and ability to offload messages from overloaded Exchange servers, but most will look at it to satisfy legal discovery and regulatory compliance. For users, EV offers a direct plug-in for Outlook that directly links to their archived messages, along with any other vaults they have permissions to see. This plug-in not only allows message searching, but can be used to move messages in and out of the vault. We found that the plug-in worked moderately well but not perfectly. Users on Exchange 2007 could not archive messages from their mailboxes, and one of our Exchange 2003 users couldn't always archive his own mail.

The search and navigation tool is available within a Web browser, with access privileges defined by the system manager. Both the Outlook plug-in and the Web-based tools preserve the folder hierarchy within Outlook. If you're looking for something in your mailbox or someone else's, you can get considerable hints based on how the messages are filed. A second Web-based search interface lets you search across multiple users and archive types, though you lose the ability to see metadata.

The other two search tools are specifically aimed at legal discovery and regulatory compliance. Discovery Accelerator goes beyond simply searching for messages and lets the researcher collect messages together as part of a case, put messages on "hold" (so they don't get deleted), export messages and documents, and manage the task of reviewing messages for relevance.

Compliance Accelerator serves a different purpose: setting aside a sample of messages from monitored employees for review. Compliance Accelerator has tools to define employees, departments and reviewers, and to set the sample size, as well as special "hot word" queries to add to the list of messages that must be reviewed.

Overall, EV 7.0 offers an outstanding, multifaceted, set of tools that can be used for e-mail retention enforcement, offline storage management, legal discovery and regulatory compliance. While it's always possible to make a good thing better, users of EV 7.0 will likely find that its capabilities will exceed their needs.