Backup Tag

Over the past month we’ve been holding LiveArchive Workshop Series with clients who want to get LiveArchive deployed and staff trained in under 1 hour. It’s going well and the question we get the most is: “Will it work on Azure/Linode/Oracle/___?!” Yes, it works with ALL public and private clouds because it’s built on top of open source technology standards that everyone offers. In order to deploy LiveArchive you’d follow the same principles and steps outlined in our Cloud Backend Setup at Amazon AWS, Microsoft Azure, Oracle Cloud, Google Cloud (even if you host it yourself on your own network/hardware). All public clouds offer containerized services and the Docker containers that make up LiveArchive are mariadb:latest, minio/minio:latest, and exchangedefender/livearchive-webmail:latest.

Navigating IT Politics

Now that you know ExchangeDefender LiveArchive works on all the popular cloud providers, it’s time to pick one. Here are 3 things to keep in mind:

1) Your choice will typically be controlled by the clients existing infrastructure and vendor policies – if they are an all Microsoft shop you’ll likely be deploying LiveArchive on Microsoft Azure. Regardless of your choice of cloud vendor, you will still get the same LiveArchive performance and keep in mind that full source code for the entire stack is available here: https://github.com/exchangedefender/livearchive-webmail. Having access to the code gives you the ability to optimize, customize, and future-proof your setup.

2) You will need access to DNS. In order to deploy LiveArchive you will need to create a CNAME for the LiveArchive UI which is required in order to request an SSL certificate.

3) You will need to allow several network policies on your choice of public or private cloud. Specifically, you will need to allow tcp ports 80/443 for the web services and you will need to allow tcp ports 9000/3306 to our LiveArchive network so that we can store your messages and message metadata. Cost is also an important criteria for many organizations so we recommend researching cloud cost calculators

This way you can see who will give you the best bang for the buck currently vs. over time as your organization grows. If you’re trying to keep the costs to a minimum your best option is going to keep minio and MariaDB services self-hosted or on semi-dedicated/VPS/colo deployment and to only put the LiveArchive Web UI in the cloud.


We look forward to seeing you in our workshops, and keep in mind you can get it going in under 10 minutes just by following these steps!

Over the next seven weeks, ExchangeDefender will hold interactive zoom workshops to help everyone set up their LiveArchive.

Thanks to the many of you who took our LiveArchive survey. We share your excitement and the opportunities LiveArchive presents to our users and want you to have it for your organization. Thank you for sharing tips for what works to get your team on board. We’ve been able to design a workshop that will cover all the bases and have your product deployed by the time the hour is up!

Open a ticket at https://support.exchangedefender.com and let us know which date and time works for you. Space is very limited so please claim your spot fast!!

Workshops will be presented over zoom and will be interactive, allowing you to ask questions and even help with your setup. Here is a brief overview:

  • LiveArchive Deployment Checklist
  • LiveArchive Deployment Scenario
  • LiveArchive Deployment Walkthrough
  • DNS and security setup

Requirements for the workshop:

  • Domain must be currently protected and configured with ExchangeDefender
  • Domain DNS zone management access (confirm MFA)
  • Microsoft M365 Administrator access (confirm MFA)

This FREE LiveArchive workshop simplifies everything! Get clear pricing, expert deployment guidance, and perfect configuration – all within an hour. Everyone in your organization gains immediate access to long-term email archives, including live incoming emails. Skip the confusing documentation and sign up now – spots are limited!

ExchangeDefender will be launching the LiveArchive Web UI during our webinar next week and we are looking forward to showing you how to launch it with a single command! In the meantime, this blog post is intended to give you a heads-up about the requirements and functionality so you can make design decisions.

Docker & Design

In a recent post, we discussed why MariaDB/RDS is required for the LiveArchive Web UI: it’s where we store the message metadata such as sender/recipient/subject/etc. These elements drive the UI and enable users to locate messages, search, and complete eDiscovery and email recovery tasks.

ExchangeDefender has organized the entire LiveArchive Web UI into a single container that can run on your own docker on a workstation or NAS in your office, across a wide variety of virtualization products and services, as well as public cloud like Amazon Web Services and Microsoft Azure. This makes ExchangeDefender Web UI easy to update, easy to manage, and easy to tweak to your requirements.

There are two ways to configure and start the container: preconfigured with environment variables or on-demand browser configuration. If you start the container without the environment defined you will be presented with a web configuration wizard that will prompt for S3 and RDS credentials. If this is the first time you’re deploying LiveArchive Web UI or just want to test it, this is the best way. Once you close your browser all the configuration vanishes and nobody else has access to your mail.

After you’ve configured everything to your liking and are looking to put the service into production, place the appropriate information in the container environment variables, and the container will always launch in production mode and bypass the wizard configuration.

Authentication

ExchangeDefender Web UI was designed to facilitate your email backup and eDiscovery needs. Our experience in compliance archiving and long-term email archiving has allowed us to work with countless organizations and one thing they all have in common is that they all have their own unique access and control needs.

ExchangeDefender Web UI by default presents all the available mailboxes and each email address has its own path. Using this predictable data storage process your Web Application Firewall can easily be configured to include or exclude data by path alone.

We designed the solution so it can be launched quickly, accessed, and managed without a lot of technical skill, and so it can be quickly modified/optimized for production. LiveArchive offers a lot of solutions to modern email problems and the flexibility means you can run different LiveArchive Web UI for different personnel or different tasks.

Resources & Customization

ExchangeDefender Web UI is completely free and open source. This means you can download it, modify it, and use it freely.

It also means that the solution will live even after ExchangeDefender as an organization is gone. You will not find any references or callbacks to our network and all the protocols are fully documented. This enables you to truly craft a failover email solution that can be completely disconnected from the Internet and placed into cold storage / safe.

Resource-wise the container is a little more than a web server and you can run hundreds of users with even the minimal 1 cpu / 1gb ram. This is possible because the SQL workload and data storage are handled by other services.


We hope you’re as excited about the launch as we are. Please join us for the webinar to see how it’s done and we’ll even help you set yours up right after the event! Just think of a good subdomain to point to your new LiveArchive backup platform.

On December 31st, our current version of LiveArchive will be decommissioned. Inbox, a business continuity solution we launched last year, has already taken the workload of LiveArchive and it does the job better, faster, with fewer clicks.

LiveArchive served our client base well for over a decade and we’re thankful for all the disasters it’s saved us and our clients from. Now that we’re looking at 2024 and beyond, LiveArchive must solve new problems. For starters, most email is no longer hosted on low-grade hardware in SMB offices managed by part-time hobbyist IT: It’s now professionally managed in high-end data centers. The primary concern is no longer “What if my T1 Internet connection goes down?”; “BACKUPS ARE OUR RESPONSIBILITY” and keeping all your eggs in one basket is never a good idea.

COVID and the work-from-home era have only exacerbated the problem of how quickly (if at all) you’ll get your email back when the disaster occurs. Cloud operators are vague in their data protection statements and there is no way to audit it. Backup tools and services similarly offer few guarantees and the supply chain attacks have only gotten more prominent.

New LiveArchive Migration Service

New LiveArchive is designed to help solve the 3 problems clients have with protecting cloud email:

1. We don’t have any room in our IT budget (and need to save $)
2. If we get compromised our backups will get cryptolocked too
3. We have to protect and backup our email

ExchangeDefender LiveArchive.next webinar on November 8th, 2023 covered exactly how the next version of LiveArchive is going to help you solve all of these problems.

Furthermore, we announced a LiveArchive Migration Service for our clients who wish to have the LiveArchive data ported to the new LiveArchive. Because LiveArchive is IMAP based we can pull existing LiveArchive data into the new version. We can use the same IMAP process to bring over mailboxes hosted on any other IMAP accessible (M365, Office365, Gmail, Exchange, and virtually every legacy email service).

In order to get your data migrated all you have to do is configure your new LiveArchive service and put your ticket request in by December 1st, 2023. We take care of everything else and to reward our loyal clients over the years the service will be provided free of charge (est $499 value).

One of the most common misconceptions we get to deal with in the email business is the notion that the almighty cloud eliminates the need for backups, redundancy, compliance archiving, and disaster planning in general. Nothing could be further from the truth so please share this checklist with your clients and decision makers so they can make informed decisions about how much protection is needed for critical business data.

image

Now, let’s tear apart the myths we hear most often:

It’s in the cloud so it’s already backed up. You will not find a single cloud service provider that will offer their backup policies in explicit detail. This is not just a matter of secrecy (exposing the network and storage design) but also of implementation: some services just don’t have a backup only a lagged copy. Never, ever, assume that your cloud provider cares about your data more than you do, it’s no coincidence that the first thing you do with every service you sign up for is a mandatory acceptance of terms of service that you’ve likely never read. Your data is your sole responsibility.

It’s in the cloud and they say it’s there forever. Sometimes marketing gets falsely associated with the actual service deliverables: “You will never have to delete email to make space” doesn’t translate into “Your email will never disappear” – all major email providers have a well documented trail of losing clients mail, deleting their mailboxes “for policy violations” and otherwise shunning any responsibility.

It’s in the cloud so someone is actively managing it. Cloud service providers manage the cloud service, management of your personal data is often the secondary concern. That sounds harsh so allow me to elaborate the top down view: Imagine your service just crashed, massive catastrophe: What is your primary concern? Restoring access to service to send/receive email, or restoring clients data from 5 years ago? Now align those priorities with the budget: What is more important to the cloud provider: service operation or access to old data? Many services are even pushing for not keeping all of your data in the cloud at all, the notion of archive boxes and focused views is all about not having the responsibility for your data.

It’s in the cloud so it meets compliance. Your regulatory compliance requires assurance that data could not have been deleted. That kind of assurance only comes with services like ExchangeDefender Compliance Archiving which archives messages before anyone has a chance to tamper or delete the data. Furthermore, the backend system for an archiving or compliance solution is radically different because of the liability: companies that insure confidential data storage are far more concerned about redundancy, backups and data loss than they are about the uptime and service availability.

Now that the myths surrounding the false sense of cloud security are shattered, let’s look over a brief plan you need to implement to safeguard your data:

1. Document everyone with access to email.
2. Come up with a policy for adding/removing employee email.
3. Identify any regulatory compliance requirements.
4. Identify business case scenario requiring long term archiving.
5. Document who has access to what and how changes are tracked.
6. Come up with a data retention and data backup plans.
7. Understand the law and security, make neccessary adjustments.
8. Designate a Compliance Officer to manage everything.
9. Test your backups and compliance archiving routinely.
10. Periodically audit everything in the previous 9 steps.

Truth is, there are hundreds of steps in cloud security management for each of the 10 items I listed above: The goal isn’t to give you a blueprint, the goal is to make you aware of complexities and the issues that can come up when the basics are ignored. If you would like the details, give us a call, email is what we do for a living and (unfortunately) our expertise is developed over the years of cleaning up our clients neglect of their email infrastructure – let us and our partners know how we can help.

ExchangeDefender Compliance Archive was designed as a blend of services and products to help organizations achieve regulatory compliance.  This complex process is always evolving with new regulatory requirements, changes in organization structure, and unique reporting requirements.

 

At ExchangeDefender we specialize in helping organizations with their eDiscovery needs. Here are the biggest fallacies we hear all the time:

 

“We have a backup”

Email backups are not sufficient for nearly any modern regulatory compliance requirements for email retention. Not only can the messages be deleted before backups run, but running reports across the entire organization is next to impossible, not to mention excessively expensive. We recently assisted a partner managing a small 15 employee office in their backup and restore process to locate a message from 5 years ago, costing the organization over $18,000 in IT labor alone.

 “We have a product/compliance service” 

Having a product or a service subscription is different from being in compliance with regulatory requirements. The difference between having a product and being in compliance is similar to “We have a CPA” and “We have filed our tax returns on time” – mistaking the two can be costly and dangerous.

“We are never going to need that” 

Most organizations downplay the importance of long term email archiving and eDiscovery. An overwhelming majority of subscribers to our eDiscovery service don’t have a specific regulatory requirement at all, they do it to effectively defend themselves from legal threats that are all too common these days. With email being the gateway for all corporate communication, it is the first place record retentions, legal holds, and subpoenas are issued for electronic records and there needs to be a system in place to effectively deliver that information.

“What we have is enough”

Regulatory compliance goes far beyond poorly interpreted recommendations and laws. It is a process of producing reports, identifying problems, and assuring that corporate communications policies are being followed, or at least addressed, in case there is an issue. If the organization does not have people in charge of managing the compliance on a monthly basis or there are no current reports searching for dangerous or sensitive content or there is no ongoing maintenance or an established incident record – the organization is likely out of compliance even if they purchased the right software or signed up for the right service at one point.

“We have a someone managing that”

Someone is not a good person to rely on when you get a subpoena and they are even more difficult to get into a courtroom. Plus, how much would you trust them to demonstrate expertise and defend the implementation of the compliance archiving and eDiscovery solution? Many organizations make a mistake of thinking that just signing up for a service or purchasing a product is sufficient for compliance but it’s really just a starting point. You need the personnel, product, service, and reporting to fully achieve regulatory compliance.

ExchangeDefender Compliance Archiving and eDiscovery are a part of a professional service that helps get your organization and its means of communication on path to achieving regulatory compliance. Whenever someone is fully confident that they have their compliance in order we simply ask them to “show me your last Compliance Officer Report” and almost everyone struggles to produce the report or even name the Compliance Officer, the processes being used for archiving, the type of data protection, or the way in which the entire process is tested and audited. With ExchangeDefender Compliance Archiving, you not only get a service, you get a partner that will work with you every step of the way in achieving your regulatory and organizational needs for proper record keeping.