Switch Technologies - Mail Sanctuary

Full Detailed Summary

Switch Technologies Executive SummaryExecutive Summary

Recent changes to Federal rules of civil procedure require organizations to develop procedures and policies for the systematic preservation and subsequent recall of information kept in electronic form. Since most organizations store about 70% of their internal information in the form of e-mail, the development of a searchable e-mail repository is of primary importance.

There are two alternate mechanisms to create an e-mail archive:

  • 1: Installation of an on-site mail archiving server or
  • 2: Use of a remote archive service.

A remote archive service provides several advantages over an on-site server solution. These are:

  • 1: Lower entry cost – There is no need to buy, up-front, expensive software, hardware and extensive disk arrays.
  • 2: Lower operational costs – There is no need to devote over-worked staff to the management of this service.
  • 3: Lower legal risk – Since mail that is remotely archived cannot be modified by the organization’s staff there is no risk that the institution can be accused of bias in the information it stores or accused of systematically removing any documents from the store.
  • 4: Elimination of hardware obsolescence costs – Maintenance of the hardware is the responsibility of the provider, not the institution.
  • 5: Ease of imposing and changing institutional policies in respect to the mail archive. The institution can specify the length of time e-mail should be retrievable; it can specify who is authorized to view and search the archive and it can specify if old e-mail should be destroyed or transferred to long-term storage media, such as Blue-Ray DVDs.

Switch Technologies Executive SummaryThe MailSanctuary

The MailSanctuary is a an e-mail archiving service, not a hardware solution. The institution avoids high initial entry costs by means of a low annual service charge. The problem of hardware obsolescence is managed by the service provider, not the institution. The day-to-day management of the service is performed by the provider, not the client. The archive is secure, searchable and, while off-site, it is reachable via a secure web-browser based connection from anywhere.

This solution meets current regulatory requirements for storage of electronic records by retaining each e-mail and associated attachments in their raw format. It protects the intellectual property of an organization and directly addresses corporate risk management issues. The powerful search capabilities embedded in this solution transform the e-mail store into a true knowledge-base for the organization and provide mechanisms for monitoring employee productivity and enforcing e-mail use policies.

Switch Technologies Executive SummaryTwo Independent Archives

The MailSanctuary stores an institution’s e-mail in two separate archives, a Searchable and a Raw Archive, stored on different disk arrays.

The Searchable Archive reads each e-mail, indexes every word in every message and stores each e-mail in an unaltered form. The extensive indexing makes it possible to search through a repository of hundreds of thousands of messages at blazingly fast speeds. Search expressions can range from simple searches on a word or phrase, to more complex expressions that utilize Boolean terms, wild cards, varying degrees of fuzziness and term boosting. If desired, individual users can have access to a searchable archive of their own e-mail correspondence.

The Searchable Archive indexes are backed up every day. In the event of index corruption, the index can be easily reverted to a prior day’s configuration and mail can be re-entered into the Searchable Archive by accessing the Raw Archive.

The Raw Archive is a daily collection of all e-mail activity. At the end of a day all mail is read through to produce a list of information for each mail: sender, recipient, size and subject. This information is accessible via the MailSanctuary web interface at various degrees of drill-down. Once the metadata has been created, the entire day’s mail is encrypted using the public key for a particular client. Client’s are provided with a tool to generate their key pairs. The client retains sole knowledge of the private key. The raw archive files can only be decrypted with the private key. A digital signature is taken of the encrypted file and the signature is written to the metadata file. When the file is moved to the Raw Archive server the digital signatures are compared to ensure that the file transferred properly. The Raw Archive represents a complete, sequential record of all e-mail activity for an institution from the start of the archiving process. Client’s can request to have the Raw Archive files delivered to their site on a regular basis on DVDs. Client’s are provided tools to easily decrypt the files using their private key.

The Raw Archive is a fail-safe for the institution’s mail archive. In the unlikely event that the Searchable Archive suffers a catastrophic failure, the entire Searchable Archive can be re-built from scratch. Because the Raw Archive files are double-blind encrypted an institution can safely have these files stored in an off-site disaster recovery location of their choice.

Operational ConsiderationsOperational Considerations


Of paramount importance in the provision of a remote e-mail archive are the concerns for the security of the data – who can access it and how. Since the archive will contain confidential and sensitive information it is important that only authorized individuals have access to the archive. The MailSanctuary solution addresses this concern by restricting access to credentialed users and by logging the search activity of these users. Authorized users connect to the archive network via encrypted web-browser sessions (SSL) and must present their authorization information to the server for access. Once authorized, the user session is restricted so that access can only be made to the specific server housing the institution’s archive. The session is handled by an SSL proxy – this means that even an authorized user cannot directly connect to the server from the Internet. Keeping the entire archive server farm independent from direct Internet connections provides an added level of security by reducing any threats imposed by unauthorized users.


The reliability of the long-term storage of the archive is achieved through the use of raid technology, proper management of the electrical and temperature environment and preventive maintenance and management of the server farm. In addition, digital signatures are used to verify that stored information is identical to the state of the data when it was created.

All mail indices and mail messages are stored on a raided San. All devices in the network operations center are powered through high capacity ups devices. The ups farm is monitored so that any electrical supply problems will cause a graceful shutdown of the impacted servers. The system is designed so that, in case of extended downtime of the Archiver (see discussion below), mail is safely retained on the Catcher (see discussion below) until the Archiver is back in operation. In an organization of about 400 users with about 10,000 messages per day, the Catcher can store well over 30 days worth of e-mail activity on its local drive.

Completeness of Mail Captures

In order to properly comply with Federal regulations, there must be a high degree of certainty that the archive reflects the complete scope of e-mail correspondence as designated by the institution. During the normal course of processing, the MailSanctuary produces reports that compare the messages received to the messages archived to insure that there are no omissions. Operator intervention will correct any detected omissions in the rare event that they should occur. As an additional precaution, the raw data files containing all e-mails collected for each day are also retained in the archive for disaster recovery purposes.

How mail flows in and out of the client site will determine how the MailSanctuary is integrated into the institution’s network. Also of concern in this respect are the rules an institution has in place to manage the e-mail flow. Consultation is available to help institution’s modify their Firewall policies to force mail to flow through the MailSanctuary devices.

Mail-flow Redundancy

Given the critical nature of e-mail to an institution it may be necessary to provide on-site redundancy for the local MailSanctuary device. It is also possible to provide this redundancy by using a remote device that will receive and relay e-mail only upon failure of the local device. The decision to provide such redundancy is highly site-specific and can be discussed in detail during site-preparation meetings.

Ease of Use

Great effort has been taken to make the system intuitive and easy to use. The archive is searched by entering phrases into the search window in a manner similar to how one performs a Google search. The search engine will return all matches for the requested search as a list of items. The user can then click on an e-mail subject and see the entire document. The document can then be printed or e-mailed elsewhere.

Here is a sample of a returned search:

Switch Technologies - MailSanctuary Interface

MailSanctuary How it WorksHow it Works

There are two components to the MailSanctuary solution.

A device, the Catcher, is placed in the path of the institution’s mail flow. It is the device that receives all in-bound and out-bound e-mail. It relays all in-bound e-mail to the current mail service. It also captures all out-bound e-mails sent from an organization. A copy of each e-mail is retained on this device for a limited period. This device integrates transparently into your SMTP/POP3 mail solutions as well as ms Exchange services.

The second part of this service is the data store, the Archiver, in the remote facility. A server dedicated to a client pulls the e-mail, via encryption, from the Catcher on a regular interval. Once in the data store the e-mail messages are analyzed, indexed and placed on the data store san. Once on the san the mail is secure and backed-up.

Authorized client users can securely query their e-mail archive using a web interface with search capabilities similar to Google or Yahoo searches. The search technology allows the client to specify searches by date, sender, receiver or by any text in the body of e-mail messages and attachments. The entire e-mail archive is transformed into a truly useful knowledge-base for the institution. The search engine imbedded in the Archiver is flexible and fast – enabling searches through hundreds of thousands of e-mails in seconds.

The CatcherThe Catcher

The Catcher is a small Unix device with SMTP and POP3 services. Figure 1 shows a typical installation for an institution that already has anti-Spam and antivirus protection.

Figure 1.

MailSanctuary - How it Works

The ArchiverThe Archiver

The heart of this service is the Archiver program. The Archiver periodically receives copies of new e-mail messages and indexes the messages and attachments, enabling swift searching for any text that these items may contain. The search returns a click-able list of identified items, allowing the client administrator to pull up the original message and any attachments with one-click.

Start Today!

You can start building your mail archive right away. Contact SWITCH Technologies today to learn just how easy and affordable it is to integrate this solution into your environment.