We help IT Professionals succeed at work.

Email system design

1,829 Views
Last Modified: 2013-12-03
Which is the best design solution for an email system for 5 to 10 thousand accounts?

Users are distributed in 50 locations, connected with E1 lines. Most part of email traffic is local to neighbour locations, so using distributed email servers (4-5 pcs) is acceptable.
Main design goal is to keep email functional even if some locations are hit by nasty worms...
New solution must provide authentication too (LDAP, AD or other).

Currently using centralised approach, all email servers and antivir scanners in central location, single domain name, used inside and outside.
Latest worms created great problems.

Are there any (free) design guidelines?
Simple measures like using additional antivir scanner would be enough?
Any help welcome.
Comment
Watch Question

Commented:
If you are making major changes you may want to consider switching to Novell's Groupwise product.  This product is virtually worm and virus proof.  It scales well and has some good remote management tools.

Author

Commented:
Thanks. It would be great. I'll take a look.

Waiting for other comments...
MS Exchange,  Mail=x400, IMAP, POP3, MAPI, & Web, with enterprise collaboration, calendar sharing, resource sharing & planning, etc. Can be centrally managed and controlled with Active Dirctory.
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
@all:
Thanks for your input.

It looks like I have only 2 options: MS Exchange or open source.
About the authentication problem: I like to have only one user database, used both for authentication (email and network) and for contact lookups. Something like AD or NDS provide, I guess.
So open source can do this "trick" at this large scale?

@Scott:
Thanks for your comment, it's very helpful.
Maybe I'll contact you on email too.

Commented:
Five years ago groupwise was going to be dead.  Each year more seats are being sold for Groupwise because of it's security strenghs and it almost impervious to hackers, worms and viruses right out of the box.  It has great collaboration features, as well as phenomal calendar.

The Microsoft folks always predict Novell and their products are dead.  (Even when Novell has 3/4 of a billion dollars in cash!!)   I run a small isp and we use sendmail on a BSD server. When my networking customers want a solid low maintenance email package they get Groupwise.  It blows away exchange.  Many "exchange sites have to dedicate many full time people to manage multiple exchange servers.  Not so with groupwise.

Author

Commented:
Tried today to download a Groupwise brochure or anything from Novell's Groupwise site, but didn't succeed. Will try tomorrow again.

I am interested about that "almost impervious to hackers, worms and viruses right out of the box" thing".
GW has to connect with other email systems through gateways and it has to use some sort of AV scanning, which has to be updated, messages have to stay in the scanners queue, etc.
And this is where problems are when worms like MyDoom hits your 5000+ users inboxes...

Any idea how to avoid this?
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thank you for your comment, it's very usefull.
I'll visit Messagelabs.com right now for detailed info and  pricing.

Nobody proposed yet a Linux (and OpenLDAP) solution.
Novell bought Suse recently, is this good for Groupwise's future?

I have many points to award, not just 500, so keep up posting :-)
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
I really want to have multiple synchronization paths.  PLEASE define "MULTIPLE SYNCHRONIZATION PATHS".  What a load of marking crap.




>  Each year more seats are being sold for Groupwise because
>  of it's security strenghs and it almost impervious to hackers,
>  worms and viruses right out of the box.

Oh, Christ.  Please let us know which org employs you - to post this crud.  IBM GLobal Serv?  KPMG?  oh - no, the suits at Delloite?  

Groupwise is as impervious to hacking as Oracle is/was?  Only 11 vulns in the current release?  Bite me, please.

You show *us* hands-on admins claims of impervious software - I show you my shorts, unzipped.

Look, I admit that the notes and groupwise client(s) of all versions have been less targeted and/or acceptable to exploits than the MS "LookOut"  (*Outlook*)  client.

Because LookOut and its' accompanied (integrated) Browser (and tag-along O/S) .. are quite acceptable to exploits..  has nearly FSCK all to do with the machine (server) that feeds the broken clients..

Now,

I believe I can remember (2) or (3) "real"  MS-Exchange flaws in the 6+ years that I've admin'd it.  Most were in the web interface to it.  Generally, the back-end - Exchange beast (SQLserver) is rock solid, reliable and nice to deal with.  

Same as Groupwise, except groupwise has a nutty-less-known client.  Same for notes, except notes has a nutty-less-known client.  *snort*

Server products across the board are stable, despite the rants from the corporate sponsors.

I'm recommending you address your needs, wants and etc..  and then chose a product.  

I'm no Exchange lover.  I know it hands on - but like I posted before --

FIGURE OUT WHAT FEATURES YOU WANT AND BUILD TO THAT SPEC!

-- good luck.

-- Scott.


To Respond to Mojos' thing;


>Database Structure:
>The database structure in use by GroupWise will save you a
>myriad of headaches. GroupWise stores only ONE copy of a
>message per post office (a 10 MB attachment to 500 users on
>the same post office only takes up 10 Megabytes of storage).
>Furthermore, these databases are all encrypted, increasing security
>for your entire mail system.

Same for Exchange.  Exchange grew out of the SQL product - originally from Sybase.  The engine is solid like all ****.  No point for either Exchange or GroupWise here.


>Cross-Post-Office Proxy and Busy Search:
>Proxy to ANY other user in the GroupWise system
>(yes system, not post office)  Check for scheduling
>conflicts with ANY other user in the GroupWise system (again, system)

Hrm.  Seems this dude has experienced Exchange "site" boundaries.  Those of us that deployed systems with 16kbps frame relay in the early/mid 90's.. had to worry about this in either system.

Understand?  Back in the early 90s, we admins divvied up Exchange traffic and did block some info.  Calendars for people in LA didn't need to be available to people in NYC.. generally.

We chose to shut that poo-poo traffic off - with exchange, where I admin'd.  


>GroupWise Remote and Caching Modes:
>Remote users will love the remote option in GroupWise since
>it is exactly the same client, offering multipole synchronization
>paths. Caching mode is great for your users with slow WAN
>or remote connections.

Did you cut'n'paste that from the marketing brochure?  Give me a break.

Multiple synchronization paths?  

No, please.  PLEASE explain that load of marketing CRAP to me.

I really want to have multiple synchronization paths.  PLEASE define "MULTIPLE SYNCHRONIZATION PATHS".

My little exchange box does spit out info to clients when they're validated.  My LookOut clients will grab the data when they can.  If they have to be "offline" sometimes - is this an example of "MULTIPLE SYNCRONIZATION PATHS?"


****  Caching is nice.  Limiting users to reasonable size attachments is *FAR* better than hoping for a magic "online/offline" solution.


>Cross Platform:
>GroupWise runs on NetWare and/or Windows servers and
>Linux options are already in Beta!

Point to Groupwise..  except that it shouldn't be available for Netware (dead) or Windows.  Linux is the best platform.. even tho its non-commercial.  *gasp*

I strongly like the MS O/S integration crud that goes on with LookOut/Exchange/IE.  It breaks, but it is one nice, clean directory with a nice, clean client or two..

However, Vapourware linuxie products ain't a great claim to make.  5-10k seats?  Poo, solutions are "now"..  imo.


>Usage on NetWare:
>If you decide to run GroupWise on Netware (suggested) and
>you get a CLA license from Novell, you don't have to pay additional
>costs for each post office/domain/gateway that you add to your system!

*IF* G/W/Netware licensing lets your do it on a per-mailbox basis, I salute Novell.

Microsoft licensing has always been -- and always will be a nasty beast.  

Get the licensing for either product done and ..  with 5000+ seats, vendors will drool on your shoes.  Make them jump through hoops and remember to demand to pay only 20% of their initial offer.  (no joke)


>No password required with NDS:
>If used with NDS or eDirectory, the LAN credentials
>can be used by the GroupWise client and negate a second login.

That's awesome.  ****, I'd but Novell/Groupwise now.  (Same for AD/Exchange/Microsoft.  )

Unless that dude was cut and pasting marketing crap, I don't know what s/he intended with this one.  It's kinda like posting "mailboxes are protected with passwords"..


>Backup:
>GroupWise ships with target service agents that allow you to
>backup your post office and domains while in use. Furthermore,
>the use of these GroupWise TSAs allows USERS to recover from
>their own mistakes.. User accidentally deleted a piece of mail,
> no problem, open up a live backup copy and restore it to his/her mailbox.

Unh-hunh.  Billy-G includes a free Exchange/Online backup tool also.  Did you think the dark ages ruled ..?  Using even the free tools, Exchange gets backed up without any problems..

With Exchange, Users have a deleted items folder.  Admins set retention periods for items *deleted* from the deleted items folder.  (I use 14 days)  Users (with training) can recover their deleted items.

Most of my clients delete *ALL* email after 60 days.  No need to let discovery toss through email - when litigation occurs.  Mailbox manager manages 3GB files full of crap on  C: drive(s)..  'cause it's rockin'.

I'm sure there are archive/search/maintain products/tools for groupwise.  Just be aware that they are there for Exchange also - and are seasoned/broken in.



>Support:
>The best online FREE knowledebase available (you'll
>get more information on MS products from Novell than from Microsoft)
>I could go on and on, but after using nearly all of the mail
>packages out there, GroupWise is the supreme collaboration
>product for large scale deployments.

Unnh-hunh.  Product lovr.  get your head out of your arse, please.

You've yet to name one feature that groupwise sports - which Exchange dosen't.

Novell's directory is a product worthy of respect, imo.  ZEN works was funny.  GroupWise is nicely integrated..  

However, the flip-flop between "gunna deploy on Novell O/S, our Linux and/or a partnered Linux distro.."  would not make me feel comfy-womfy if I was a new/upgrading Groupwise/NDS customer.

Heck,  Micro-crud and their baby directory/stolen database technology dosen't make me feel comfy-womfy either.  

.. but,

Exchange and SQL rock  --  thanks to Sybase.  

Groupwise can go suck eggs.  *grin*

-- Scott.

Author

Commented:
Hi everybody!

Please behave like IT pros :-(

Because nobody give a hint on Linux alternatives i have to dig for myself in the last few days. This is what I found:

Suse Linux Openexchange Server 4.1 with a working demo here:
http://www.suse.com/en/business/products/suse_business/openexchange/demo.html
Enjoy!

References here:
http://www.suse.com/en/company/customer_references/openexchange.html
A 16000 user reference here:
http://www.suse.com/en/company/customer_references/evchurch.html

I found lot of things about MessageLabs managed email security service and it's very interesting.
Anybody have some price info, like virus scanning is 10k USD for 500 email acoount for 1 year or spam shieldding is 15k USD for 300 email account for 1 year ?

The above two solutions have all the features I want.

If you have any input on these 2 please don't hesitate.

Thanks.

P.S. I'll try to close the question on 17 feb. 2004.

Commented:
Sorry about the immature, abusive comments.

MessageLabs rocks.  So does Sybari.  (sybari.com).   Brightmail is also good.  I demo'd MessageLabs against my 750 users about a year and a half ago.  It was superb.  I highly recommend MessageLabs services.  Brightmail targets the 1000+ seat shops – I didn’t demo it, but your systems are a perfect client for Brightmail.

Listen:  The latest round(s) for worms target (windows o/s) PCs.  They propagate via email, sure..  but the real fix/preventative solution is to manage those PCs, not focus on email *after* the PCs are infected.




I still don't know why/what makes you want an LDAP user db.  My first LDAP user DB was up about 7? years ago..  for my first SMTP/POP3 box (netscape server products).

Perhaps you are responsible for only email?  You want the client app and quick-deployment that an independent DB will provide?

What I found was:  We put all the contact info in there (names, phone numbers, titles, etc..) and it had 0 functional impact on the organization.  Sure, you can look up names and phone numbers.  That's nice.  Don't expect anything more.  The "VP of business development" isn't worth looking up - unless you already know that she is interested/involved in the project.





Without knowing in more detail what you want - we'll just have a "IBM RULKEZ" (and C=64 sux) conversation..  with flames.  


Let's start with these questions:

1)  Do you have to store email?
1b)  Is that email stored on your server, or 10K PC’s with no backups?
1c)  Do you know how liable you are for retrieval of email?  (even when court cases come?)
2)  For how long will you have to store that email?  How long SHOULD you store that email?  (2 weeks?  2 years?  7 years?  How do you search it?)
3)  How big will that pile of email be?
3b)  How long will it take to back up that pile of email to tape/off-site?
4)  Do you have a mandate to block email transmitted viruses?
5)  If your users are SENDING email viruses, do you report that to who?
6)  Will your users send junk/bulk email?  (SPAM)  What’s your policy on that?
7)  How do you handle those abuses?  Fire the employee?  Warn them?  Once?  Twice?
8)  Do your users receive SPAM?  Do you have a mandate to stop delivery of SPAM-abuse to your users?  (ROI is easy to make)
9)  Who knows who in your directory?  What processes are in place - or could be in place - to maintain the directory?  (i.e. does HR notify I.T. when a termination or new hire occurs?)
 



What *IS* your organization?  ISP?  Corporate entity trying to address internal email requirements?  Entire LAN/auth update/grade?

OMG.  Corporate entity with no mandate, trying to fix 10,000 mailboxes and make it "better"..?

No offense intended, but this is one of the most nutty things I've read in awhile.  

You need to figure out some goals - _*THEN*_ choose the product/tool(s) that make it go, not choose the tool and enjoy it 'cause you like it.  With 10k mailboxes?  If you pick the *BEST* tech and it has nothing to do with your org - you're up the creek.

Stuff like period of email retention, appropriate use, etc.. are really more important that delivering the email and providing "name" lookups.  

Again, no offense intended, but your systems-admin "wants" may be radically different from your end-users' wants…  or your legal liability and/or requirements.

In fact, your end-users wants may be quite different from what your budget will let you deploy..  

I still don't think you're telling "us" what you need - and more importantly, why you need that stuff.  





LDAP is 'open' - whoopedie doo.  Do you need an email directory?  Do you need more?  Will this be the 18th, independent directory?  I.e. HR has a user (employee) database, file/print is distributed and consists of many databases, CustomApp#1 has its own set of logon username/passes, CustomApp#2 has ..  &c..

We also don't know if your mandate includes "re-doing" the PC/logon side - which the two commercial products ranted about here include.

What's so wonderful about LDAP?  Do you not want to log users on to their PCs from that LDAP (or other) Account info DB?  For 5-10k users, would not stuffing the names/passwords into a flat file perform well enough?  Are you trying to incorporate directory info such as phone number, job title, likes to golf?, etc.. etc..?  


Ugh.  One of my clients is 5 years into "discovery" (litigation -- aka being sued) and having the piles of email around is (was) a serious cost factor.  They expect to lawyer around the discovery phase for 5 more years - and *THEN* sit down with the judge to figure out which party was naughty.  (essentially a dispute over a

Now they have a 45 day email retention policy.  Here, in Canada, that's legal for most corporations..  so long as it is clearly explained, enforced and *CONSISTANTLY* applied.  (i.e. the VP of whatever does NOT get to keep 12 months of email on her PC.. or the discovery process goes nasty/long term..)

Storage, Retention, Use..  are the primary design criteria for an email system, imo.

Getting it there fairly reliably (a.k.a. 99.5% uptime) is easy.  

What do you need?

Despite the ranting, some of the questions that scdavis posed in his/her most recent response are truly relevant to you making a good decision about your collaboration systems.

Email retention is especially important these days. As scdavis stated, create a policy and stick by it, this is the only way to avoid getting into legal trouble.

To answer some of scdavis' questions:

>Database Structure:
>The database structure in use by GroupWise will save you a
>myriad of headaches. GroupWise stores only ONE copy of a
>message per post office (a 10 MB attachment to 500 users on
>the same post office only takes up 10 Megabytes of storage).
>Furthermore, these databases are all encrypted, increasing security
>for your entire mail system.

>> Same for Exchange.  Exchange grew out of the SQL product - originally from Sybase.  The engine is solid >>like  all ****.  No point for either Exchange or GroupWise here.

I am not knocking Exchange or SQL, and having used both (and Notes) for large deployments, I was noting the system which has fared the best. In migrating my 6,000 users from Exchange to GroupWise, my message stores were reduced by a tad over 30% even with an increase of storage retention by 15 days. That is a significant difference to consider when considering backup and maintenance times. I also consider the fact that only GroupWise products can read my message stores a big bonus for security.

>>Understand?  Back in the early 90s, we admins divvied up Exchange traffic and did block some info.  >>Calendars for people in LA didn't need to be available to people in NYC.. generally.
>>We chose to shut that poo-poo traffic off - with exchange, where I admin'd.  

In todays infrastructure, calendaring is essential to any company, maybe in the early 90s people didn't have as great a need, but today, most of my customers consider it essential. I have yet to come across a client other than universities that can deem celendaring information "poo-poo traffic". I'd like to have that luxury, but most of my customers consider their email and scheuling information VERY important, and GroupWise is 2nd only to Notes for providing unified calendaring and scheduling to is available to every mailbox.

>>Multiple synchronization paths?  
>>No, please.  PLEASE explain that load of marketing CRAP to me.

Let's see:
GroupWise remote offers
1) Direct dial asynchronous live sync
2) Direct dial asynchronous call back sync
3) Direct dial asynchronous request now, receive later sync
4) Automatic smart-docking when detecting a fast client/server connection
5) MTA live remote (yeah I know it is oxymorinc, but it works like a champ)
6) Live sync (WAN link or VPN)

That seems like multiple paths to me, plus it gives the users the option to choose which sync method they prefer. My converted Exchange users, while they want their Outlook client back, can't praise GroupWise remote enough. Limiting attachment sizes has nothing to do with remote access, so I'm not sure where these comments came in.

>>Unh-hunh.  Billy-G includes a free Exchange/Online backup tool also.  Did you think the dark ages ruled ..?  >>Using even the free tools, Exchange gets backed up without any problems..

I'm not sure I understand the comments, but why should you use a free (and most likely unsupported) product when there is a vendor-supplied and tested backup solution? You can add also on additional costs to get your databases backed up while in using "professional" tools that integrate with your backup, but the target service agents that ship with GroupWise fit the bill precisely, without adding extra cost or an unknown into your backup scheme. The addition of the GW TSAs adds another layer of accidental deletion protection (both for mail and user accounts) that facilitates recovery of user and admin (cough) mistakes.

>>Unless that dude was cut and pasting marketing crap, I don't know what s/he intended with this one.  It's >>kinda like posting "mailboxes are protected with passwords"..

Actually I was saying that with eDirectory it is a step toward implementing a single-sign-on solution (one of the most highly requested features these days), sorry I didn't make that clearer.

>>You've yet to name one feature that groupwise sports - which Exchange dosen't

When did I say that GW had any features which weren't present in Exchange? What I was commenting on was my experience with GroupWise after having designed, setup, and used GW, Exchange, and Notes. I'm sorry that you seem to have taken this personally (most Exchange proponents are used to getting attacked by other product "lovers" as you say, and it seems that most of them get very defensive because of it), I was merely trying to provide and answer with my insights to the question that was posed.

That being said, here is a list of things FOR Exchange:

* Better client
* Better editing tools
* Easier access to customise the address book
* Easily extensible client (this can also be considered a minus)

I do like some of your comments, however, once I could sift through the less relative text.

-Mojo

Commented:
> Despite the ranting, some of the questions that scdavis
> posed in his/her most recent response are truly relevant
> to you making a good decision about your collaboration systems.

Thanks, Mojo.  I think we agree on most important issues - even if we have product baises.

I'm a "him", fyi.   (shocker, I know..)

I suspect you have a bunch more GroupWise admin time under your "belt" than Exchange time.  Heck, that's great.  Thanks very much for posting about it - I think I learned something today..  



> Email retention is especially important these days.
> As scdavis stated, create a policy and stick by it,
> this is the only way to avoid getting into legal trouble.


*PHEW* -- thanks, Mojo.  Finally, someone else that recognises the importance of this issue.  

Out of curiosity - how many times have you had the law enforcement folks show up at your site?  (only twice for me)..




> I am not knocking Exchange or SQL, and having used
> both (and Notes) for large deployments, I was noting
> the system which has fared the best. In migrating
> my 6,000 users from Exchange to GroupWise, my message
> stores were reduced by a tad over 30% even with an
> increase of storage retention by 15 days. That is
> a significant difference to consider when considering
> backup and maintenance times. I also consider the
> fact that only GroupWise products can read my
> message stores a big bonus for security.


Perhaps you've stumbled across one of the Exchange DB annoyances here.  E55 and 2K both left the "file"  (priv.edb) as large as it peaked at.  I'm suggesting that your 30% reduction may have been due to "empty" space.. if you're comparing priv.edb to G/w's final on-disk file.

I am not familiar enough with Groupwise to comment on this, honestly.  I only know one half of the technologies that we're comparing, I admit.

That's why I hoped those technology independant questions would help KLASZLO.  

I'm not here to flog Exchange as the solution; I appreciate learning a bit more about GroupWise.  Thanks!






>>Understand?  Back in the early 90s, we admins
>>divvied up Exchange traffic and did block some
>>info.  Calendars for people in LA didn't need
>>to be available to people in NYC.. generally.
>>We chose to shut that poo-poo traffic
>>off - with exchange, where I admin'd.  

> In todays infrastructure, calendaring is essential
> to any company, maybe in the early 90s people didn't
> have as great a need, but today, most of my customers
> consider it essential. I have yet to come across a
> client other than universities that can deem celendaring
> information "poo-poo traffic".

Ooooh.  Apologies.  I've mis-communicated here.  I do know how upset the end-users get if their calendar ain't available.  (200 sales guys standing around wondering where they are supposed to be is amusing -- for about 0.02 seconds..)

Now, I suggest that in reaction to my "poo-poo"ing, you're assigning too much value to "calendaring".  I think there is a very important distinction to be made between what a client labels "essential" and what is 'really' essential.  

I've been hyper-whine-avated.  Let's (me) calm down and communicate.  My apologies for ranting and raving.  


Now, please note that I wasn't claiming Exchange couldn't do it.  I was pointing out that quite often, people in NYC don't communicate with folks in L.A.  Therefore, there's no NEED to push that calendar data across the WAN.  Administrative decisions made this "lack" of calendar availability the "best" choice - because nobody cared to use that data.. and some of those Frame Relay PVCs were charged per MByte.


I thought the original comment implied that large-scale calendar deployments with Exchange were not possible.  Hrmph.  Know what?  With Exchange 4.0 and 5.0 (site-wide calendaring), I just might agree.  Large scale "single site" (in Exchange lingo) deployments were problematic.  I had just approached it from the other side of the fence - that most shops isolated the calendars (sites) because there was little or no need/want for the data to be passed across the WAN.  

Different strokes, for different folks, essentially - with the acknowledgement that Exchange 4.x and 5.0 site-site replication was a pig.  Groupwise may have been more efficient.  



>>Multiple synchronization paths?  
>>No, please.  PLEASE explain that load of marketing CRAP to me.

Let's see:
GroupWise remote offers
1) Direct dial asynchronous live sync
2) Direct dial asynchronous call back sync
3) Direct dial asynchronous request now, receive later sync
4) Automatic smart-docking when detecting a fast client/server connection
5) MTA live remote (yeah I know it is oxymorinc, but it works like a champ)
6) Live sync (WAN link or VPN)


Okay, Mojo.  No offense intended.  I just hear this all as marking jargon.  To me that translates to:

1)  Dial Up
2)  Dial Up with call-back
3)  Dial Up scheduled call-back
<I think dial-up should be banned on general principle! .. and yeah, my first modem was 300bps.. without the accoustic coupler.>

4)  Smart Dock?  Sounds like "connect when TCP session is establishable".
5)  No Clue what MTA live remote is supposed to do.
6)  Normal, in-office, blue-cable in wall kinda connect?


It's nice to have the options, but I don't see these as selling features for any product.  I see 'em as 'required' functionality..  and if the users know there's 6 ways of connecting?  Oboy.  The Hell-desk is going to be busy, I'd guess.


> That seems like multiple paths to me, plus it gives the
> users the option to choose which sync method they prefer.
> My converted Exchange users, while they want their
> Outlook client back, can't praise GroupWise remote
> enough. Limiting attachment sizes has nothing to do
> with remote access, so I'm not sure where these comments came in.

Okay - let's not get hung up over how many "paths" the client can take after the users are trained.  Honestly, I see the 6 paths above as "2", really.  

Here's an honest admission that you might not be expectin' :  Outlook 97 and Outlook 2000 are annoying, at best, when using "offline" modes.  I've yet to spend enough time with Outlook2002/2003 to see if Billy's crew has cleaned it up.  

Before two years ago, I'd admit that offline/remote use of Outlook was not only aggravating, but downright foolish.  I used to actively discourage senior mgm't from using "offline/remote" outlook.  Nightmares, I tell ye.




>>Unh-hunh.  Billy-G includes a free Exchange/Online
>>backup tool also.  Did you think the dark ages
>>ruled ..?  Using even the free tools, Exchange
>>gets backed up without any problems..

> I'm not sure I understand the comments, but why should
> you use a free (and most likely unsupported) product
> when there is a vendor-supplied and tested backup solution?

Interesting.  We have differences in experience here, me thinks.  I thought you were implying that the (free) backup tools with NT/Exchange were not supported and not functional.  

I used to back up those 750 Exchange 5.5 Mailboxes with Windows NT (4.0) Backup.  (yeah, that's "NTBACKUP". We restored from those tapes quarterly to ensure it was 'really' working..)  The vendor (microsoft) made it, and it worked like a charm.  The same holds true for the "free" backup software included with Win2000 and Win2003 server product(s).

I find it rather aggravating that I have to license $2000 worth of software to backup my server, email server, desktops and whatnot.  $2000..?  It baffles my mind.  CA is just printing money.  Veritas is giggling all the way to the bank.  



> You can add also on additional costs to get your
> databases backed up while in using "professional"
> tools that integrate with your backup, but the target
> service agents that ship with GroupWise fit the bill
> precisely, without adding extra cost or an unknown
> into your backup scheme. The addition of the GW TSAs
> adds another layer of accidental deletion protection
> (both for mail and user accounts) that facilitates
> recovery of user and admin (cough) mistakes.


Okay, if I distill that down to functions - you claim that there are backup tools that ship with Groupwise?, or from a 3rd party vendor? that work perfectly.  

Hrmph.  Same as Exchange.  Go figure.  The vendors want us to be able to back it up.  

Deleted Item, Deleted Mailbox retention periods are the exchange lingo for "padding admin buttocks" ..  you can un-delete both "items" and "entire mailboxes".

What is a TSA?  





>> Unless that dude was cut and pasting marketing crap, I don't
>> know what s/he intended with this one.  It's kinda like
>> posting "mailboxes are protected with passwords"..

> Actually I was saying that with eDirectory it is a
> step toward implementing a single-sign-on solution
> (one of the most highly requested features these days),
> sorry I didn't make that clearer.

Ah.  I'm used to email/PC[domain] logon being unified.. with that super-wonderful *wink* NT4/lanman technology.  I misinterpreted your statement.  Sorry if I came across as hostile!

Honestly though, we techies have been chasing the "single logon" dream for more than a decade.  The directory is there.  Has been there since Novell brought the directory to us.  

Alas, the apps aren't playing nice.  They never did.  They never will.  






>>You've yet to name one feature that groupwise sports - which Exchange dosen't

> When did I say that GW had any features which
> weren't present in Exchange? What I was commenting
> on was my experience with GroupWise after having
> designed, setup, and used GW, Exchange, and Notes.
> I'm sorry that you seem to have taken this personally
> (most Exchange proponents are used to getting attacked
> by other product "lovers" as you say, and it seems
> that most of them get very defensive because of it), I
> was merely trying to provide and answer with my insights
> to the question that was posed.


Fascinating.  Honestly, I was being a whiny little snot, I realize.  My apologies.  

I do want to point out though - that GroupWise and Exchange are going "virtually" head-to-head in terms of feature availability thus far.  

I do appreciate your taking the time to share your knowledge and experience of/with Groupwise.  It's a bunch of opinion and knowledge that I havena really been exposed to before.  

(darnit - there goes the weekend!  Now I'll try to find demo/eval media and tinker with Groupwise/Edir over the weekend!)







> That being said, here is a list of things FOR Exchange:

> * Better client
> * Better editing tools
> * Easier access to customise the address book
> * Easily extensible client (this can also be considered a minus)


I'd say you're right;  here's how I'd phrase it;

*Less security disaster-prone client.  (LookOut!)
*I Agree; better GUI/human interaction are desirable.
*Address Book?  GAL?  My Contacts?  Whut?!  Indeed.  
*Client Extensibility is "just right".

(A colleague is developing "Eforms" for Outlook/Exchange .. we predict it will be a disaster, but it's so easy to screen-paint that any fool can do it..  ERD?  Relationships?  Annh - it's on the screen..!)


Yeah, I've run into several groupwise/Notes (especially) shops where customized "contacts" databases require not only ongoing development and maintenance - but Client Extensibility taken to the nth degree.  





> I do like some of your comments, however, once I could
> sift through the less relative text.

Yeah, I'm a nutter like that.

I think we agree on all the important issues.  

Now that I've learned a bit more about GroupWise, is this when/where I point out that Exchange whups butt 24x7 without any shame?  

*smirk*

Thanks, Mojo, for taking the time to post.

Best Wishes.

-- Scott.



Author

Commented:
Thanks for your inputs.

>Let's start with these questions:
>1)  Do you have to store email?
Yes.

>1b)  Is that email stored on your server, or 10K PC’s with no backups?
PC's with no backups and server(s) with backup. No policy for this in the past :-(

>1c)  Do you know how liable you are for retrieval of email?  (even when court cases come?)
No, working on this.

>2)  For how long will you have to store that email?  How long SHOULD you store that email?  (2 weeks?  2 years?  7 years?  How do you search it?)
Very good question, working on this.

>3)  How big will that pile of email be?
Working on an email policy with quotas. Let's assume an average of 10 MB/user. Deleted emails should be backed up somehow.

>3b)  How long will it take to back up that pile of email to tape/off-site?
Somekind of "off-site backup through LAN" or "fiber disk solution" will be used, no tapes.

>4)  Do you have a mandate to block email transmitted viruses?
Yes, security policy is enforced now and MessageLabs service is a good choice for the future.

>5)  If your users are SENDING email viruses, do you report that to who?
See 4.

>6)  Will your users send junk/bulk email?  (SPAM)  What’s your policy on that?
They are forbidden, see 4.

>7)  How do you handle those abuses?  Fire the employee?  Warn them?  Once?  Twice?
Warn, then fire.

>8)  Do your users receive SPAM?  Do you have a mandate to stop delivery of SPAM-abuse to your users?  (ROI is easy to make)
See 4.

>9)  Who knows who in your directory?  What processes are in place - or could be in place - to maintain the directory?  (i.e. does HR notify I.T. when a termination or new hire occurs?)
Good question. There is an ongoing debate on this between HR and IT.

>What *IS* your organization?
Corporate entity trying to address internal email requirements and possible LAN/authentication upgrade?

>Stuff like period of email retention, appropriate use, etc.. are really more important that delivering the email and providing "name" lookups.  
Understood. Working on these.

>Again, no offense intended, but your systems-admin "wants" may be radically different from your end-users' wants…  or your legal liability and/or requirements.
Good point. Working on these.

>I still don't think you're telling "us" what you need - and more importantly, why you need that stuff.
Your answers helped me already to find out some things I needed.
Can't give you more details.

Conclusions:
A. Need an email policy on usage, retention, liability, etc.
B. Need MessageLabs kind of services (antivir, antispam, antiporn).
C. Need input from users (what they really need).
D. Technology used is not the real problem (EXCHange, Groupwise, OpenExchange all are the same).
E. Directory usage is not the real problem.

It looks like this is THIS question's END. Maybe next on email policies...

Split points (proposal):
scdavis - 200 points
waybadmojo - 200 points
www-shoptheweb-co-uk - 100 points

I hope this is fair to you.
Thanks for your help.

Commented:
K,

Now I think that you're addressing the issue(s) correctly.  I think you're now on the path to finding the "right" system for you.

re: Policy Development - if you want to read some of the policies that I've had adopted before, I'd be happy to post them somewhere for ya.  Just let me know.

re: MessageLabs - Anti-Vir/Anti-Spam is good stuff to outsource unless you're got distinct content and a load of time to spend maintaining it..  Anti-Porn is not practical.  do NOT sell that concept to your management group.

re:  Input from users:  nice sounding on paper, but just like herding cats.  I tried that like 3 months ago at a place with 125 seats, about 7-8 distinct internal departments and no good came from it.  You'll end up with 7-8 sets of requirements (at least) and no clue how to deploy it.  Do it the other way around.  Come up with 3 solutions and let (force) the executives to select one.  

Soln A:  Give big box to keep 7 years email online (no joke) - abusrd cost.
Soln B:  Give enough box to keep 3-6 months online - reasonable cost.
Soln C:  Give enough box to keep nearly nothing online - push data down to clients, assume high training and support costs to deal with broken .PST files.  (no cash now, lots of soft costs)..

Best of luck.  Hope that helps.

-- S.

Commented:
Oh, yeah  -- one other thing:

I feel bad about my ranting.  Please assign any points to Mojo - that you feel should have been assigned to me.

>>1)  Do you have to store email?
>Yes.
>>1b)  Is that email stored on your server, or 10K PC’s with no backups?
>PC's with no backups and server(s) with backup. No policy for this in the past :-(

I hope this come across without too aggressive a tone; Please realize that you're storing email on un-backed up systems - which implies that either the email isn't important or you've accepted a certain amount of attritiion (loss).  Just clarify it and policy-ize it.  

Personally, I prefer to rant about "if it's important enough to keep, it should be kept centrally, searchably and assured against loss (backed up)".  All other "solutions" (psts on C: drives) is an exercise in foolish computing.  

(yeah, my last boss used to *love* it when I got on that kick..)



>1c)  Do you know how liable you are for retrieval of email?  (even when court cases come?)
No, working on this.

Again, Generally, the only industry that I've encountered that might have some legal requirement to keep it is brokerage services - for some kind of specialized corporate investing entities (don't ask, I dunno..)..  Don't flip out - just write it up and get your legal monkeys to sign off on it.  


>3)  How big will that pile of email be?
Working on an email policy with quotas. Let's assume an average of 10 MB/user. Deleted emails should be backed up somehow.

I strongly suggest working on a time frame, rather than a storage limit.  Nobody that makes decisions will understand 10MB/user well enough to deploy it.  Shortest I've deployed is 45 days, longest is 180 days.  You can guesstimate/predict total storage for your hardware platform(s) with a little pilot project..  


>>3b)  How long will it take to back up that pile of email to tape/off-site?
>Somekind of "off-site backup through LAN" or "fiber disk solution" will be used, no tapes.

High-tech.  I'm still an advocate of the "off-line" solution.  Windows (and all attached storage systems) are too fragile to be trusted, imo.  Sure, you can have 17 snapshots on the SAN - but if the virus asks windows to trash everything it has write access to, it's all going to go.  Getting it offline still has value.. even though tapes suck.


>>7)  How do you handle those abuses?  Fire the employee?  Warn them?  Once?  Twice?
> Warn, then fire.

Yup.  I've seen people that take home more than a half-million dollars (canadian) per year axed for abusing the email system.  No warning.  It spreads the word fast.


>8)  Do your users receive SPAM?  Do you have a mandate to stop delivery of SPAM-abuse to your users?  (ROI is easy to make)
See 4.

Great Stuff.  Check out that brightmail too, eh?


>9)  Who knows who in your directory?  What processes are in place - or could be in place - to maintain the directory?  (i.e. does HR notify I.T. when a termination or new hire occurs?)
Good question. There is an ongoing debate on this between HR and IT.

>What *IS* your organization?
Corporate entity trying to address internal email requirements and possible LAN/authentication upgrade?


Yeah, that's the worst case scenario.  Clarify that mandate before you decide to deploy anything.  I think you can do it.  All you need is some clear statement(s) of what's wrong and an ROI case for "stuff" primarily based around spam and potential litigation scenarios.

Best wishes.

-- Scott.
Great insights and responses, guys!

Comments
"Input from users:  nice sounding on paper, but just like herding cats"

ROTFL, I couldn't have come up witha  better analogy than that one. Give them an interface to your mail system and they will most likely be happy. They will fight all retention limits because they are pack rats, and they will never agree on global preferences, so don't bother. If you need a concensus on your options, get a meeting with your corporate "senior leaders" and pitch it to them and get their solutions on paper, that way employees get to bitch at their managers, not you.

Virus scanning
I'm a fan of the solutions from the big boys here. My most recent deployment was a migration from Norton to McAfee's solution ($30,000 for 1,000 desktops, unlimited servers, groupware, unified management console, gateway protection premium support, auto updates). Both of these products are very similar and offer rapid deployment against new WORMs and viruses, plus they offer protection at your perimiter in teh form of a SMTP scannner. Both offer integrated support and management of their desktop firewall products if you have to support remote users. I consider this my first line of defense against self inflicted wounds, so I like the ease of setup and teh centralized management and response options.

Backups
"Somekind of "off-site backup through LAN" or "fiber disk solution" will be used, no tapes"

I'm jealous, I want to push this type of solution, but so far my LTO tape backup solutions have exceeded my expectations after disappointing rollouts with DLT. LTO has proven to be a fast and economical solution for us once we established "written in stone" retention policies. Tapes stored offsite allow me a shot (albeit a slow one) at full disater recovery at another location, so I wouldn't rule out a "hard" solution.

Retention
"Personally, I prefer to rant about "if it's important enough to keep, it should be kept centrally, searchably and assured against loss (backed up)".  All other "solutions" (psts on C: drives) is an exercise in foolish computing."  

Yes, Yes, and Yes...
Electronic mail should no longer be considered a "local app" in most enterprises. If you are driving the technical components of making this decision, centralized will make your life significantly easier. You will be able to set global options, retention limits, and gateway access. Once you decide upon a solution, back it up centrally to ensure that users have a more difficult time shooting themselves in the foot with email. Regarding backups, make sure that you also assign a retention limit to your backups as well.. Example: 120 days on the server then 6 months on tape. Without a policy such as this you may be required (legally) to be able to recover any piece of email from any time. If you are doing business commercially, you can get bit by a retention policy over something as simple as a contract sent via email.

Retention by time vs size
"I strongly suggest working on a time frame, rather than a storage limit.  Nobody that makes decisions will understand 10MB/user well enough to deploy it.  Shortest I've deployed is 45 days, longest is 180 days.  You can guesstimate/predict total storage for your hardware platform(s) with a little pilot project.. "

I agree, wholeheartedly here..
Email retention by age is significantly easier to justify than retention by size, especially if you decide upon a centralized solution. Imagine users purging important mails so they can download that 25 MB salmon video that their friend saud that they "just hafta see"!

Directory
"Who knows who in your directory?  What processes are in place - or could be in place - to maintain the directory?  (i.e. does HR notify I.T. when a termination or new hire occurs?)
Good question. There is an ongoing debate on this between HR and IT."

This is an unending quest to unifiy... Make friends with HR so that they will share information with you as readily as possible. otherwise. you'll always be rushing to catch up with HR's changes or lack of communication. Bi-directional middleware apps exist to sync these directories if they are seperate databases.

Spam
Most of the pruducts out there work as advertised. Grab one that you like the interface on because you most likely will be using it often :)

-Mojo

Author

Commented:
Thanks again.

To Scott:
"Policy Development - if you want to read some of the policies that I've had adopted before, I'd be happy to post them somewhere for ya.  Just let me know."
I just sent you an email.

To ALL:
Thanks again for your valuable inputs.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.