Enterprise Software

Lock IT Down: Policy Patrol lets admins integrate policies into groupware

Add the power of policies to email


Since e-mail in the workplace has graduated to mission critical status, many organizations are delivering policies to ensure system and message integrity. However, many of these policies are not enforced on the server-side. Policy Patrol software lets administrators do just that.

E-mail is an enforceable means of communication, and e-mail messages represent your organization in some way to every internal and external recipient. Policy Patrol allows administrators to work with management to determine guidelines of usage, and then deliver enforcement from the back office.

First look at Policy Patrol
Policy Patrol, published by Red Earth Software, runs with Exchange 5.5, 2000, 2003, and Lotus Notes/Domino. Policy Patrol installs quite easily, and in my test environment running Windows 2000 with Exchange 2000 on the same server, the implementation was seamless. In this article, I will explain my experiences in working with Policy Patrol in conjunction with Exchange.

Policy Patrol installs with four Windows services that interact with Exchange directly. If you want, you can install just the console on a system, and connect to the machine running Policy Patrol (which may or may not be installed on the Exchange server itself) and administer your policies in that fashion.

The Policy Patrol console delivers an intuitive interface (Figure A).

Figure A


Creating groupware policies
Policy Patrol installs a standard set of policies, archives, reports, and other items that you can enable (the default configuration is disabled for these samples). The sample policy rules included with the installation offer admins a wealth of options to utilize. Some examples are:
  • Delaying delivery of large messages (greater than 10 MB) until a specified time.
  • Adding a signature, confidentiality message, disclaimer and/or other items to all outgoing messages.
  • Creating an archive repository link for all messages to a SQL database, .CSV file, or .XML archive.

The default policies, as well as the combinations of rules you can create, provide a wealth of possibilities for the administrator.

I quite easily created a rule using Policy Patrol that denies delivery of messages with more than 25 attachments or that is over 8 MB. Then I committed the new rules to the Exchange server, tested the condition, and got the expected result quickly. Figure B provides a summary of the policy that I created.

Figure B


Policy Patrol can overlap in some of Exchange’s management abilities (like delivery/read notification configuration), but the Policy Patrol interface makes it easier to work with these policy tasks.

In addition to the Policy Patrol console, you can perform limited administrative topics from a Web console. This Web console can let you view the status (and change) of messages that are quarantined or subject to delayed delivery.

Policy Patrol also lets you generate some reporting on your mail system usage. This reporting generates a nice .html file that you can use to review your periodic usage by user, or by several other sorting options. This can be of great assistance if your departmental funding is derived directly from usage. This can also be valuable as a metric to decide placement for busy mailboxes if you are in a multiserver environment.

Powerful contingency/standby operations
In the Policy Patrol console, you can create various policy rules and filters that could be used as a contingency in the event of a system failure, virus outbreak, organizational shakeup, disaster, or other disruptive event. Such policy rules, working with your groupware system, could assist in preventing further trouble or suspending delivery of messages until a patch/fix for an issue is in place.

For example, with Policy Patrol I created a policy rule called "RWV-EmergencyDeferDelivery." This rule will hold all messages for delivery until a specified time. I selected 23:45 to allow time to get a virus patch installed or resolve whatever topic may arise. Figure C shows the properties sheet outlining this rule.

Figure C


I also created a notification that will be sent to both the sender and recipient summarizing that their message delivery is being deferred, as you can see in Figure D.

Figure D


Note that in Figure D the sections that are highlighted in green are variable fields that you can use to automatically populate your automatic response. This lets you place information from the specific transaction to be dynamically populated to the recipient and sender (as I have it configured) in the response message.

An alternate method of sending this type of message is to have it go only to the sender. Then, before the suspend-delivery rule goes into effect, send a message to all of your mailboxes telling the users that messages will not be delivered until the underlying problem is addressed. Also, mailboxes are still able to send messages when this type of rule is enabled, but the messages leave the users' outboxes and reside within Policy Patrol in the "On Hold" area for delayed and quarantined messages.

Policy Patrol limitations
In experimenting with Policy Patrol in a lab scenario, I came across a few issues that administrators should be aware of if implementing this product.
  • Changes to existing policies – In the example above where I created the rule called "RWVAttachmentFilter” for the attachment rules, if I want to change that policy to apply it to both internally and externally received messages then the rest of the criteria have to be reselected (essentially re-creating the rule). However, if I am just changing the size or number of attachments, the existing rule does not require reconfiguration.
  • Creating, enabling, and modifying rules – Changes to rules do not take effect until you commit the changes (as a whole) to Exchange. This is either done manually by committing the changes, or you are prompted when you exit the Policy Patrol console.

More info on Policy Patrol
Red Earth Software's Web site has a wealth of documentation on Policy Patrol, as well as information for making a business case for implementing a policy enforcement tool into your groupware environment. For example, in its whitepaper, "Email content security - Addressing the email risks", Red Earth gives administrators information on how e-mail systems, and more importantly their usage, are important for regulatory, liability, confidentiality, spam, timing, and other situations regarding compliance and protection.

As far as pricing, a Policy Patrol licenses cost as little as $375 for 10 users and as much as $7,995 for 2500 users. You can also purchase a maintenance agreement and other license packages. Here's the link to pricing.

End sum
Your organization may have a robust groupware product in place, but are you implementing an enforced policy system that can integrate into your groupware and keep it from bogging down or exposing your company to liability? Policy Patrol offers an effective mechanism for implementing policies on a systemwide basis.

About Rick Vanover

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

Editor's Picks