Doug Geiger

Background: This business case was written for internal use by the client. The purpose of this case was to demonstrate the two best fit email backup solutions based on a previous needs analysis and survey of the environment. This case also describes the implications of doing nothing. To complete this case I worked with a number of subject-matter experts (SMEs), conducted my own research and discussed the case with the project manager and account manager; I then incorporated the explanations and recommendations I recieved into this document. The client was satisified with this document and moved forward with the project.

Purpose of the Proposed IT Investment: Objectives and Problems

The client must implement an archiving solution for the following reasons:

• Regulatory compliance
• Rectify an outstanding audit violation
• Improve internal controls
• As part of an overarching plan to improve email system for client

Background

The client email environment has evolved over the past several years. Components of the system have been identified as areas that could be improved dramatically. The natures of these improvements are detailed in other business cases. Aside from improvement, there are missing components such as archiving which will need to be built from the “ground up.” Included in this section is a high-level diagram of the current email environment. This solution makes no provision for the archiving of any email. 

 Key points

• This is a federally mandated requirement, with compliance towards federal and state regulations for data retention and availability
• Stakeholders include all persons with client email, all agencies to to which client is subject and client leadership
• While all users are affected–insofar as there is no current archiving solution in place—from a technical point of view, all changes will be made behind the scenes and will not affect users negatively in the switchover
• The types of solutions proposed have been widely implemented, are not novel or experimental and are considered best-practice methods

Email Archiving Proposals: Proposal Overview

The proposal is for client to deploy an archiving solution for all client email. Because the underlying email system may be changed soon, two solutions are offered. The first solution is built as though the underlying structure were not changing. The second solution assumes construction of a Microsoft Exchange environment. The proposed solution (in both cases) is essentially a combination of purchased hardware and changes to networking as well as logical rules for archiving built on business and compliance requirements.

Proposal One: Fortinet solution

This solution is predicated on a continuation of the current email environment. This solution is a modular solution utilizing key components of the Fortinet suite of appliances. This solution will allow client to meet compliance requirements by adding a component to the current architecture. An important caveat to this proposed solution is that if client plans to make a change to the Microsoft Exchange environment, this solution would not be the best since the some of the logical components of the Fortinet solution are native to the Exchange environment thus making them redundant and costly. If; however, the client intends to maintain the current architecture, then the Fortinet solution is the best. Below is a high-level diagram of the Fortinet based solution. The Fortinet solution consists of storage device as well as an appliance, which can be programmed to archive emails according to business rules. 

Proposal Two: Exchange-based solution

The second proposal is for an archiving solution as an extension of a Microsoft Exchange rollout. Exchange is a full featured email solution and has within itself many of the physical and logical requirements for an archiving solution. Additional required components will be added with ease due to the integratablilty built into the Exchange software.

Proposal Three: Do Nothing:  

There are no tenable alternatives to archiving email because the origin of this project is federally mandated, State Regulated and compliance audited, of which, resulted in the recent audit against The client. There are alternatives that exist in the way in which the email architecture is built and the mechanism for archiving. The most salient of these options are listed above.  Arguably, there is an option as to when these changes should be implemented. The reasons for electing to delay would need to be weighed against the consequenses of non-compliance.

General Assumptions:

• Because this is a compliance driven project (as opposed to cost-savings or performance based) the scope of this analysis is limited to the period of time necessary to install the solution
• While the email architecture of client affects this project; this project does not include the email architecture per se and so is limited only to the steps necessary to archive all emails. Acknowledgment of the impact of the overarching email architecture strategy is given in that there are two separate proposals; one for each of the paths in contention.
• From a hardware point of view; this project is limited to back-end equipment, archiving will occur automatically without required user input
• Under this proposal a collection of Fortinet hardware appliances will be employed in conjunction with the current environment
• All users may be affected to the extent that their email may be silently archived

Specific Assumtions

• For “Proposal One: Fortinet” it is assumed that the architecture will remain the same as it is currently
• For “Proposal Two: Exchange” it is assumed that the architecture will be moved to MS Exchange

Benefits and Risks

The chief benefit of this project is compliance with the 2006 amendment to the Federal Rules of Civil Procedure, which mandates that email be archived and made available for discovery. Implementation of this provides The client with coverage towards any legality or liability should email become a factor in any legal matters. Additionally, depending upon the sophistication of the solution, users may be able to access email that has been deleted from pre determined periods as it is then kept in the archive. There are few risks associated with this project. As with any network maintenance there may be periods of email access interuptions; however, these will be planned and occur when there is low need for email availability. There are no other risks inherrent in the project itself. 

Conclusion and Recommendation

Because this project is driven by regulatory compliance and it calls for a system of archiving which is widely held as a best practice, the resounding conclusion is in favor of acting now to develop a client email archiving solution so its required implementation may benefit from the other initiatives that the client has begun. If client elects to convert the email architecture to MS Exchange, it is recommended that the client choose Proposal 2. However, if client chooses to keep the current architecture, Proposal 1 is recommended. 

 

Business Case

Email archiving

Prepared For

Detroit Public Schools

 

 

Table of Contents

1. Purpose of the Proposed IT Investment

i. Objective and Problems

ii. Background

iii. Key Points

2. Email Archiving Proposals

i. Proposal Overview

ii. Proposal One: Fortinet solution

iii. Proposal Two: Exchange-based solution

iv. Proposal Three: Do Nothing

3. Assumptions

i. General Assumptions

ii. Specific Assumptions

4. Benefits and Risks

5. Conclusion and Recommendation

 

Purpose of the Proposed IT Investment

Objectives and Problems

The district must implement an archiving solution for the following reasons:

• Regulatory compliance

• Rectify an outstanding audit violation

• Improve internal controls

• As part of an overarching plan to improve email system for DPS

Background

The DPS email environment has evolved over the past several years. Components of the system have been identified as areas that could be improved dramatically. The natures of these improvements are detailed in other business cases. Aside from improvement, there are missing components such as archiving which will need to be built from the “ground up.” 

Included in this section is a high-level diagram of the current email environment. This solution makes no provision for the archiving of any email. 

 

Key points

• This is a federally mandated requirement, with compliance towards federal and state regulations for data retention and availability

• Stakeholders include all persons with DPS email, all agencies to to which DPS is subject and DPS leadership

• While all users are affected–insofar as there is no current archiving solution in place—from a technical point of view, all changes will be made behind the scenes and will not affect users negatively in the switchover

• The types of solutions proposed have been widely implemented, are not novel or experimental and are considered best-practice methods

 

Email Archiving Proposals

Proposal Overview

The proposal is for DPS to deploy an archiving solution for all DPS email. Because the underlying email system may be changed soon, two solutions are offered. The first solution is built as though the underlying structure were not changing. The second solution assumes construction of a Microsoft Exchange environment.

The proposed solution (in both cases) is essentially a combination of purchased hardware and changes to networking as well as logical rules for archiving built on business and compliance requirements.

Proposal One: Fortinet solution

This solution is predicated on a continuation of the current email environment. This solution is a modular solution utilizing key components of the Fortinet suite of appliances. This solution will allow DPS to meet compliance requirements by adding a component to the current architecture. 

An important caveat to this proposed solution is that if DPS plans to make a change to the Microsoft Exchange environment, this solution would not be the best since the some of the logical components of the Fortinet solution are native to the Exchange environment thus making them redundant and costly. If; however, DPS intends to maintain the current architecture, then the Fortinet solution is the best.

Below is a high-level diagram of the Fortinet based solution. The Fortinet solution consists of storage device as well as an appliance, which can be programmed to archive emails according to business rules. 

 

Proposal Two: Exchange-based solution

The second proposal is for an archiving solution as an extension of a Microsoft Exchange rollout. Exchange is a full featured email solution and has within itself many of the physical and logical requirements for an archiving solution. Additional required components will be added with ease due to the integratablilty built into the Exchange software.

 

Proposal Three: Do Nothing:  

There are no tenable alternatives to archiving email because the origin of this project is federally mandated, State Regulated and compliance audited, of which, resulted in the recent audit against The District. There are alternatives that exist in the way in which the email architecture is built and the mechanism for archiving. The most salient of these options are listed above.  

Arguably, there is an option as to when these changes should be implemented. The reasons for electing to delay would need to be weighed against the consequenses of non-compliance.

Assumptions 

General Assumptions:

• Because this is a compliance driven project (as opposed to cost-savings or performance based) the scope of this analysis is limited to the period of time necessary to install the solution

• While the email architecture of DPS affects this project; this project does not include the email architecture per se and so is limited only to the steps necessary to archive all emails. Acknowledgment of the impact of the overarching email architecture strategy is given in that there are two separate proposals; one for each of the paths in contention.

• From a hardware point of view; this project is limited to back-end equipment, archiving will occur automatically without required user input

• Under this proposal a collection of Fortinet hardware appliances will be employed in conjunction with the current environment

• All users may be affected to the extent that their email may be silently archived

Specific Assumtions

• For “Proposal One: Fortinet” it is assumed that the architecture will remain the same as it is currently

• For “Proposal Two: Exchange” it is assumed that the architecture will be moved to MS Exchange

 

Benefits and Risks

The chief benefit of this project is compliance with the 2006 amendment to the Federal Rules of Civil Procedure, which mandates that email be archived and made available for discovery. Implementation of this provides The District with coverage towards any legality or liability should email become a factor in any legal matters. Additionally, depending upon the sophistication of the solution, users may be able to access email that has been deleted from pre determined periods as it is then kept in the archive. 

There are few risks associated with this project. As with any network maintenance there may be periods of email access interuptions; however, these will be planned and occur when there is low need for email availability. There are no other risks inherrent in the project itself. 

Conclusion and Recommendation

Because this project is driven by regulatory compliance and it calls for a system of archiving which is widely held as a best practice, the resounding conclusion is in favor of acting now to develop a DPS email archiving solution so its required implementation may benefit from the other initiatives that DPS has begun.

If DPS elects to convert the email architecture to MS Exchange, it is recommended that DPS choose Proposal 2. However, if DPS chooses to keep the current architecture, Proposal 1 is recommended.