All About E-Mail Audits    7.4


All About E-Mail Audits

by Ron Herardian
©1999 Global System Services Corporation (GSS)

Overview

A messaging system audit can be used to reduce cost of ownership by reducing the frequency and severity of problems and, more important, by reducing the amount of time needed to troubleshoot and correct problems when they occur. An audit can also be used to prepare for an upgrade of your system to a new version, to get ready for system expansion, to prepare for coexistence with another e-mail system or as a step towards migration to a new solution. This article discusses why you might want to consider a messaging system audit, what is involved, what to expect, how to select a vendor, and how to get the most out of it.

A messaging system audit will produce a series of recommendations and guidelines that, once implemented (either in-house or by the vendor), will provide solutions to known problems, help you avoid potential problems, enhance performance and reliability, and improve fault tolerance and error recovery. Also, an audit report provides valuable documentation of the system and is an excellent diagnostic tool in the hands of IT staff. There are many reasons to consider an audit because there are many benefits.

Why Would I Need an Audit?

One of the reasons that messaging system audits are so important today is that most messaging software customers are not using the latest technology. Older systems tend to be constrained by technology limitations that limit scalability, impair reliability, or that create unnecessary administrative overhead.

There are three reasons why you might want to use an auditing service, (1) technical issues, (2) organizational challenges, and (3) strategic considerations. The technical reasons why you may want to use an auditing service are mainly related to problems that remain unsolved such as:

  1. Chronic system problems
  2. Recurring data loss
  3. Unreliable message delivery
  4. Unacceptable performance
  5. Mobile user connection problems
  6. Excessive IT overhead for administration, maintenance, and monitoring

Organizational and informational issues can also be solved by an audit. Here are some organizational reasons why you might want to have your system audited:

  1. Unable to completely resolve multiple issues in-house
  2. Lack of internal resources to analyze e-mail environment
  3. Lack of consensus regarding how problems should be addressed
  4. Poor documentation, or no documentation, of the system
  5. No one person in the organization understands the whole system
  6. Security-related concerns

There are also important strategic reasons to audit the system:

  1. Reduce cost of ownership
  2. Improve service levels
  3. Preparation for planned upgrade, migration, coexistence, or expansion
What Will I Get Out of It?

In general an audit can help you boost the performance and reliability of your system while stabilizing the infrastructure for future upgrade, migration, coexistence, or expansion. It is important to understand what performance and reliability mean before digging into what will be audited.

Performance levels can be defined in terms of end-to-end message delivery. Performance depends on several variables such as the number of users and servers, network and server configuration, the routing topology and design of the system, the average number of addressees per message and the sizes of messages, the level of system utilization compared with resources, hours of peak utilization, etc..

Reliability fundamentally depends on the design of the system, its upkeep, fault tolerance measures and error recovery methods. It is important to identify risks of data loss and potential failures not only in the system itself but in error detection and reporting. A Messaging system audit can identify what tools can be used, and the way in which they should be used, to have the greatest positive impact on the system.

What Exactly is Involved?

The first phase on any messaging system audit is data collection for environmental analysis. Here are a few of the things that should be reviewed during the audit:

  1. Network topology (LAN and WAN)
  2. Network file servers and server resources
  3. Network protocols and routing
  4. Message routing topology
  5. MTA connection types and protocols
  6. Server hardware and software configurations
  7. MTA configuration
  8. Logging and reporting configuration
  9. The relationship of messaging and directory services
  10. Automation, maintenance procedures
  11. Backup and monitoring systems
What Should I Expect from the Vendor?

The vendor will analyze the collected data and generate several deliverable including recommendations and diagrams. Here is a list of deliverables that the vendor should provide:

  1. General documentation of the system
  2. Point-by-point solutions to known problems
  3. A list of previously undiscovered issues and their solutions
  4. Architectural analysis, design review, and redesign recommendations, if necessary
  5. Configuration, implementation, and machine configuration review and analysis
  6. Diagrammatic representation of server deployment in LAN/WAN environment
  7. Diagrammatic representation of message routing topology
  8. Diagrammatic or tabular representation of the messaging topology
How to Choose a Vendor

It is important to understand that a messaging system audit is part of larger picture. When you select a vendor to perform your audit they must be qualified to handle much more than your e-mail system. The vendor must understand both the technology and organization issues surrounding e-mail, and also appreciate the unique challenges facing your organization. There are many ways to solve a problem but only one best way and this is rarely the same for any two customers: one size does not fit all.

The vendor you choose should represent a larger solution framework rather than providing a short-term, grab bag of tactical fixes for your system. Instead, both the vendor and the customer should be aware of the enterprise-wide implications and solve problems in a way that benefits the whole organization. Here are some key factors to look for when selecting a vendor:

  1. Experience with a variety of enterprise customers
  2. Outstanding expertise in your specific system
  3. Expertise in general networking and network operating systems
  4. Expertise in more than one messaging system
  5. Recommendations from satisfied customers who have used the same service
  6. An established vendor that will be there to support you in the future
  7. An established reputation of excellence and integrity
  8. Vendor certified/qualified business
Getting the Most from an Audit

To get ready for your audit make sure you understand what your goals are. Prioritize your goals so that the vendor can understand which ones are most critical. Typically the highest priority goals will be related to solving known problems. List and prioritize the problems, issues, and concerns that you have with the system. Assign at least one staff member to act as a liaison between the vendor and your organization that have information that will be needed. Also make sure to arrange appropriate facility and network access rights for the auditors.

Do some initial information gathering and collect information such as network diagrams and documentation of procedures or internal standards related to e-mail. Usually, the most important information independent of the e-mail system itself is detailed information about the network. Make sure you have information that can be used to determine the location in the network of each system component. Make sure you know your system in terms of the different e-mail systems in your organization and associated contact people who will be available during the audit. List any messaging gateways or switches that are in place, or that are planned, along with any directory services or directory synchronization systems. Make sure you know how many users are in the system, where they are located geographically and what the user workstation configurations are (including hardware, operating system, and applications). Break down the user population by how they use e-mail (desktop or Mobile) and in terms of what, if any, problems they report. If you have data from a monitoring system generate a set of reports, e.g., indicating the average sizes of messages and attachments along with traffic statistics.

Things Not to Do

Here is a short list of things to avoid: First, do not simply insert auditors into your computer room and shut the door. Get involved in the process or assign someone who can be involved. Make sure the auditors have necessary access to systems or provide them with contact information for people who do have access. Second, do not schedule the audit when key people are unavailable. Make sure the auditors have access to all of the relevant people. Provide contact information to the auditors. As a 3rd party the auditors can often cross organizational boundaries without upsetting the chain of command. Third, do not withhold information that may be needed to understand issues and determine the best solutions. The auditors are your friends and they are focused only on concrete problems and solutions. Finally, do not inform staff of the audit in a manner that makes them feel as if the audit is a criticism of their work. For best results, the auditors will need the full cooperation of IT staff. A messaging system audit can serve many purposes and has many benefits. Staff should be told that in the worst case, the auditors will find that IT staff require additional training and that the audit itself is a valuable training experience.

Summary

A messaging system audit can serve many purposes and can offer many substantial benefits. Whether you are attempting to resolve outstanding issues with your system, or planning for coexistence, upgrade, expansion, or migration, there is no substitute for a reliable, well-documented messaging infrastructure. A messaging system audit provides solutions to known problems, helps you avoid potential problems, enhances performance and reliability, and improves fault tolerance and error recovery. When choosing and working with a vendor remember that there is a larger picture and make sure to act as a facilitator of the audit process so that you can receive the maximum benefit.

About GSS

Global System Services Corporation (GSS) is the leading provider of consulting and professional services for large-scale and distributed infrastructure systems such as email and messaging, directory services, groupware, and wireless solutions. GSS customers include Fortune 500 companies, large services providers and telecom companies, government agencies, major messaging product vendors, and innovative technology startups.

GSS provides a complementary suite of services including strategic technology consultation and competitive vendor and product analysis, product and system architecture and design, system development deployment, customization, and testing, technical support, email migration, and other IT services. GSS has been directly responsible for some of the largest global systems and solutions and counts as customers many of the largest companies in the world.

From its offices in the Silicon Valley California, GSS delivers services and solutions to customers worldwide through a network of mobile consultants and qualified GSS Affiliates. With industry certified professionals on staff, GSS is a Qualified Lotus Business Partner, a Certified Microsoft Solution Provider (MCSP), a Principal Partner in the Sun Partner Advantage program and a member of the Sun Software Partner Council, as well as a member of key industry organizations.

Contact GSS

Global System Services Corporation (GSS)
650 Castro Street, Suite 120-268
Mountain View, CA 94041, U.S.A.
1 (650) 965-8669 phone
1 (650) 965-8679 fax
http://www.gssnet.com
info@gssnet.com


 
Messaging, Directory Services, Groupware


©1995-2005 by Global System Services Corporation (GSS). Portions of this material are copyright ©1995-1999 by Ron Herardian