Wednesday, August 30, 2006


Got some interesting reading for you folks this afternoon. While it isn't EV-specific I think it might be of value to most of us.

Hacking DRM - I missed this last June but it's a good read about what is and isn't effect media-DRM. Very interesting.

Also, security consultant Ross Anderson just released the text of his acclaimed book "Security Engineering". Find the whole thing here.

And while we're talking about security check out this post on the Daily Irrelevant. Funny.

I've recently switched over to Firefox and found a sweet RSS reader called WizzRSS. It adds a tree-structure to the left of your browser. Come to a site like CNN or other news site and with a couple of button clicks you can add that site's RSS feed to the tree. Later in the day you can click on the entry in the tree and a small pane fills with that site's newsposts. Click on one and viola, the browser goes and fetches. Very intuitive and easy to use. It really makes daily news-reads (a must for any consultant) very easy.

Anyone else have any great plug-ins for FF?

Monday, August 28, 2006

A Little Coding Project

For the past who knows how long mail has been going into a journal mailbox. One person at the client site has been going into the mailbox every few days and dragging everything out to a local .pst. That .pst would get thrown into a fileshare along with the other hundreds or more that were already there.

Those all need to be inside EV. Of course.

This requirement kickstarted me to tackle a project I've been toying with for a while, a wizard that helps you write EVPM scripts. Because there's no way in hell I plan on hand writing the scripted PST migration for who knows how many PST files.

So I present PolicyDoc. Now one thing to keep in mind is that PD never touches your EV environment. Hell, you don't even need to install it in the same domain as EV. Simply feed it some report files, point it at the folder of PST's and let it generate the .ini file. You can then take that file wherever you want to and run it. Of course, please sanity check the file before running, practice safe hex and all that. Right?

But I need a couple of folks who wouldn't mind putting the code through the wringer for me. If you are interested I'll provide a compiled .exe file along with the full source code so you can roll your own if you want to.

Eventually I plan on releasing PD as open source, I just want to ensure that it's as clean as possible before letting go of it. Shoot me an email and let me know if you're interested.

Oh, and here's what she looks like so far...





Friday, August 25, 2006

Tech Tip Friday: Message Classes

From the customer's point of view the best way to determine if EV has archived a piece of mail or not is via it's icon. However, for engineers there is a better way, viewing the message's message class, which directly controls the icon being displayed.

The best way to see the message class in Outlook is to go to View | Arrange By | Custom. From the Field dialog box add in a column for Message Class. Once that's done you can see message classes for all items in Outlook. Any message that EV has handled will have the class of IPM.Note.EnterpriseVault.XYZ

So what else can you do with message classes? When EV archives an item the default behavior is change the original message to a safety copy until the .DVS files are backed up. Well a safety copy is identical to the original message with the exception of being a different class.

Ok, that's neat, what can you do with it?

Well, EV support gets calls from time to time where messages stay in Pending (safety copy) mode and won't transition to archived items. Sometimes those message also fail "Cancel Opertaion" and get stuck in Pending mode. If this is the case you definitely need to troubleshoot root cause, but it is possible to alter the message class back to IPM.Note or whatever it was originally. This will return the item to a fully functional piece of Exchange mail.

There are some third party products out there that will do this or it can be done programmatically if your good with Visual Studio. Symantec doesn't provide tools to do this, but I'm offering it as an option.

Until next Friday!

Monday, August 21, 2006

Secure Futures?

Hey, that's my old boss!

Apparently John Thompson, the CEO of Symantec was out at the Air Force Information Technology Conference recently and gave a keynote speech.

During the speach John was talking about securing the entire corporate environment, protecting IP assets across the spectrum and from attacks on multiple fronts and of course, he's right on all counts.

Now, while I don't think that John was specifically talking about Enterprise Vault, a large part of the EV endeavor is to secure the IP flowing through systems as much as anything else. Sure it's main goal is reducing clutter inside the Exchange stores or on the fileservers, but the product's close ties with AD and MSRMS servers bring to light another use for it: securing intellectual property.

By physically removing the files from their expected locations off to some other storage device you've added one more layer of abstraction that a potential intruder has to navigate to achieve access to those same files. Granted it's not on the same level a nice layer of 128-bit encryption, but every little bit helps.

Friday, August 18, 2006

Tech Tip Friday: Backups

Proper distaster recovery of your EV system requires some thorough backup plans. Most large IT shops have to support what's called the 'smoking hole' recovery plan which means you have to be able to recover if your server is, well, a smoking hole. Nice, but that'll never happen, right? Remind me to tell you the story sometime of a server room that was hit by the chinese mafia. Seriously.

Backup plans for EV have to contain at a minimum the following three items:

  1. Store locations
  2. All EV databases (directory and stores)
  3. Indexes

Additionally you can also backup MSMQ's, and Shopping Cart locations but those aren't strictly required.

One more trick that can be easy to miss is to make sure that all items are backed up at the same point in time. If you just backed up your databases and a user manages to archive something before you can get the stores done then you're facing possible dataloss in a DR scenario. Snapshot it all at the same time.

Tune in next Friday for another Tech Tip.

Thursday, August 17, 2006

Experts Wanted

Darren Rouse makes an excellent post in his blog today about actually being an expert versus blogging as an expert when you don't really deserve the title. Like most other people I hate it when I find someone who claims something about themselves that patently isn't true. In fact I've taken great pleasure out of exposing people like that in the past. Hey, it's the little things in life that make it worthwhile, right?

So what about me? Do I consider myself an expert with Enterprise Vault? Nope. Not by a long shot. But I will say that I have been working with it for quite a while, and the number of people who have been at it longer than me (shout out to all the Arlington crew!) is... well about eight. Double that number for some old KVS consultants and there you have it.

But it's still kind of strange, because even with all of that support  experience under my belt, this job that I'm currently on is my first field experience with the product. So on one hand I know that I know a bit about it, but on the other hand I come to this blog with hat in hand, knowing that there's still tons more to learn.

Consider this blog to be what Darren calls a 'fellow traveller' blog, not an expert blog. It's just that this particular traveller is rather well seasoned.

Fair enough?

Wednesday, August 16, 2006

EV and RMS and Uncle Bill - Oh my!

So recently I've been playing with Microsoft's Rights Management Services products and their interactions with our beloved EV. Turns out that EV plays well with others. Sweet!

The first hurdle was getting the RMS system set up, you can download all the bits from here. You're gonna need the server portion (for those of you playing along with the home game), the client portion and don't forget to grab the IE addon, it'll come in handy later.

When you pull the files down and install them you'll notice that there are several help files installed, pull up the main one and go to the "Quick Start Guide", that's a good place to start. The file mentions several pre-req's that you'll need to install, but you're a seasoned EV admin so you eat pre-req's for breakfast, right?

Once those are setup the guide will walk you through provisioning the first server in the AD and here's where (at least philosophically) I run into some issues. I know that in any crypto environment you need an issuing authority. Well of course this is crypto. Remember all the old interfaces that MS built into Office to crypto the hell out of your docs? RMS is all that with a server service and a healthy dose of rights added on top. No bag of chips, sorry.

Anyway to paraphrase Henry Ford, you can choose any issuing authority you want to, as long as it's Microsoft. Ugh. Now, don't get me wrong, as ex-Softie I love them, but I've never been blind to their faults and while they can do a lot of stuff really well, let's just say that maybe they're a little... well... security challenged. Not like the VA system of course, but still.

Do you want your crypto and rights management to seamlessly integrate with Office and AD? You say you want EV to snuggle up in bed with this system and get all cosey? OK, but you have to hand the master keys over to Uncle Bill.


Yup, at any time that Microsoft wants to they could (possibly) revoke your certificate and shut down your access to your own information. Or better yet they could break into those oh-so-protected files and peek at the contents. Of course the install docs come with a nice little disclaimer that they won't do this without direct orders from a judge. Oh ok then, that's better.

Or not. Used to be, a long time ago, like last summer, that you could use Windows Media Center to record episodes of HBO's Sopranos. Nice! You could even go so far as to burn those episodes to CD/DVD and watch. Keep in mind that this isn't illegal. Laws of Fair Use clearly state that this is legal as long as you aren't selling those copies. You paid for the episode when you subscribed to HBO and you can make a personal recording and transcribe it to any media you want. Just don't sell it.

Well lo and behold HBO didn't like this. So along comes a critical update for Media Center that breaks your ability to burn episodes of Sopranos to discs. Oh you can still record them in Media Center, but that's where the data stops. So sorry.

Now where did I put that master key??

Tuesday, August 15, 2006

Late Update

Just a quick note that Monday's update will be delayed due to some ISP issues. Will have a superlength post on Wed evening to make up for it!

Sunday, August 13, 2006

So here we are...

The blog-nation would do well to have a simple template for new bloggers that says basically, "Hi, here I am, here's what I'm doing." :) Oh well, I guess I'll have to do this the old-fashioned way.

So my name is Lee Allison, odds are that if the title of this blog dragged you in here you might know who I am. I've spent the past three years (almost) supporting the Enterprise Vault suite of products as a KVS then Veritas then Symantec employee. Gotta love corporate buy-outs, eh? If you've gotten the poduct installed and running (or especially if you've gotten it just installed but not running!) you probably had a case open that I might have worked on.

Well, as of June I decided to spread my wings and see what my resume could do out in the open field. Turns out it did pretty well. Within three weeks of posting (thank you, Monster!) I had moved and started the new job I'm working on now.

And that job brings me to the point of this post. I'll be talking about the trials and tribulations of rolling out this product. Now you might think than an ex-support engineer wouldn't have any illusions about how his product actually behaves, but in the month and a half I've been doing this I've already learned more about EV than I had ever known before and seen it do things I never saw as an engineer. Who knew, eh? Honestly, I think Symantec would do well to run all support engineers through a month or so of field consulting just to get their hands dirty. But hey, even when I was with them they never really asked me my opinions. :) No worries.

So where is this job and what is it doing? Well, I'll be striving to maintain customer confidentiality while writing this so don't expect me to even drop any clues about the customer's identity. Having said that, here's the job scope:

Initially I'll be rolling out EV/CA for a small internal group at the client site, about a thousand users all total. These people interact with external vendors and need to sift through their email to ensure that if a vendor has promised to deliver X number of widgets then they actually did so. Pretty straightforward stuff, eh?

My plans here are at least two updates a week, more if I can manage it. Mondays and Wednesdays will be the major updates. Also, I'll try to link to points of interest around the blogosphere, assuming that email security things are of your interest. And hopefully poke a little fun at life as we know it in modern IT-land.