Stored/Archived Mail Prerequisites
To enable stored mail/archive features, you must install a Redirector Controller(see Redirector Controller Prerequisites) and the VaultBox components described in this section. This section applies only if your organization plans to use stored mail/archive features.
VaultBox Hardware Requirements
If you plan to use any stored/archived mail features, you must install the VaultBox on a dedicated server. You can use the same server on which SyncManager and RecoveryManager are installed, or you can dedicate a second, separate server to the VaultBox software. If you plan to install Redirector Controllers, ensure that the server hosting them meets the requirements as well.
The recommended minimum hardware requirements for any machine designated as a VaultBox system are:
|
Component |
Minimum Requirement |
|
Processor |
Dual-core 2 GHz or better |
|
Memory |
4 GB or better |
|
Disk Space |
Adequate storage for at least 7 days of email. A RAID setup with redundancy is recommended. |
If you have questions about whether or not a machine meets VaultBox requirements, contact Support.
VaultBox Planning
NOTE
Before installing VaultBoxes, get familiar with all requirements and work with your Support representative to identify your organization’s preferred routing topology.
Before you can install software for any VaultBox implementations and enable archived mail to be stored at the data center, you must do the following:
- Determine how many VaultBoxes you will need for your mail environment. See VaultBox Capacity Sizing.
- Allow port 22 (TCP) as outbound for SSH through the firewall from all VaultBox machines to the data-center:
- Chicago Data Center (CAWS)
- London Data Center (LAWS)
- Plano Data Center (PAWS)
- Ensure that all mail servers that use SMTP can communicate with any identified VaultBox systems using port 25 (TCP).
- On the mail server, increase the maximum recipients limit to a number at least as large as [the number of recipients on your largest mailing list * 2] + 1. For example, if your largest mailing list has 2000 users, increase the maximum recipients limit to at least 4001 ([2000 * 2] + 1).
- Identify routing requirements for use with the Historical Mail feature and, in the DNS zones file, create additional zones (at least one per preferred routing topology, with a maximum of eight) named consecutively. See VaultBox Mail Routing Requirements for more details.
- Assign MX records for VaultBox systems. Contact Support for specific instructions on how to do this for your organization.
Gather the following information for each machine that will be used as a VaultBox system:
- The system name
- The drive on which you will install the software
- The location of the cache directory where email messages arrive by SMTP before transmission to the data center
NOTE
Be sure you identify a drive with enough space for seven times the expected volume of daily mail. If you install the Historical Mail software on a drive with insufficient space, the feature will not work correctly.
NOTE
Verify that the following logs have been enabled for stored mail audit tracking:
- On the mail server, confirm that logging through the SMTP virtual server is enabled and configure sufficient log file space to hold 7 days of logging.
- On the VaultBox, enable SMTP logging of the Transfer service and configure sufficient log file space to hold 7 days of logging.
FIPS compliance needs to be disabled in Windows Security Policy Settings for the VaultBox server. AMS uses FIPS-compliant algorithms for secure message transfer, but may use non-compliant algorithms for some internal operations. If you have questions about AMS and FIPS compliance, please contact Support.
To disable FIPS:
- In Control Panel, double-click Administrative Tools.
- In Administrative Tools, double-click Local Security Policy.
- In Local Security Policy, expand Local Policies, expand Security Options, and then double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing.
- In the System cryptography: Use FIPS compliant algorithms for encryption, hashing and signing Properties dialog box, click the Local Security Setting tab.
- On the Local Security Setting tab, click Disabled, and then click OK.
- Close Local Security Policy.
VaultBox Capacity Sizing
Determining how many VaultBoxes are required to run AMS correctly in your environment depends on three factors:
- Peak message load
- VaultBox hardware specs
- Available bandwidth between your site and the data center
It is recommended to have one VaultBox for every 1GB of daily email data. So if your environment handles an average of 3GB email data every day, then prepare three VaultBox instances.
Each VaultBox server should have a minimum configuration of a dual-core 2 GHz or better processor and at least 1 terabyte (TB) of hard drive storage.
The VaultBox Transfer Service can take advantage of multiple CPUs, and multicore CPUs, thus system performance depends upon, and varies with, the underlying hardware specs.
The guidelines are based on VaultBoxes handling peak loads and are designed to avoid performance problems. Bandwidth between your site and the data center is one of the most important throughput limiting factors. The numbers listed in the table above assume the system will encounter no network bottlenecks and specifies the bandwidth required to achieve such capacity. These guidelines allow enough system headroom to process any possible queue build up due to unforeseen circumstances, such as temporary network outages.
VaultBox Mail Routing Requirements
Work closely with Support to determine the routing requirements for your organization. Because of the number of variables involved and the uniqueness of each network, it is not possible to provide a static requirements list.
Determining the routing requirements for your organization’s Email Archival implementation requires understanding your organization’s mail server routing topology and advanced knowledge of mail server functionality. An analysis of the variables involved leads to the identification of your organization’s preferred routing topology, which requires configuration of:
- Email Archival replication zones, which include the primary and secondary VaultBox systems to which each particular mail server routes mail. You must assign mail servers to the replication zones.
- DNS zones created in your internal DNS configuration.
- Email Archival MX records created in your internal DNS configuration.
Correct implementation of the preferred routing topology not only allows for functional operation of Email Archival, but helps maximize mail system manageability. Variables considered in making this determination include, but are not limited to:
- General network topology
- Mail server routing groups
- Connections between locations, including bandwidth and latency
- Number of users at each location
- Number of and which users at each location will enable the Email Archival feature
- Location of Internet access points
Smaller organizations may have only one preferred routing topology; large organizations may have one or more per data center.
Work closely with Support to determine the routing requirements for your organization. Because each network is unique, it is impossible to provide a static requirements list.
SMTP Connector
If you use an SMTP connector for sending outbound Internet mail, and it is configured to use a smart host and not DNS, then you must create an additional SMTP connector for the Historical Mail address space that uses internal DNS for address resolution.
In this configuration, if the additional SMTP connector is not created for the Historical Mail address space, then the Exchange servers may route the mail that should go to the VaultBox systems out to the Internet through the SMTP connector for Internet mail.
For additional information on SMTP connector configuration for the Historical Mail feature, contact Support.