Executive Summary The Data Archiving product/technology evaluation team began meeting in September 2014 and concluded work in March 2015. The team met approximately seven times during that period and compiled a selection of solutions currently in use at the University and reached a common understanding of what was in scope for this particular evaluation. The team then worked together to define a set of requirements and prioritized them according to the needs that were shared across multiple schools and centers. That list of requirements was sent to five vendors that represent the technical leaders in this discipline according to the 2014 Gartner Magic Quadrant for Enterprise Information Archiving, as the basis for a request for information (RFI). Based on the RFI results, four vendors CommVault, Global Relay, Hewlett- Packard, and Symantec were selected to come in for product demonstrations. After meeting all the vendors and reviewing available information, the team has determined that a campus solution is a viable option and that three of the vendors (CommVault, Hewlett- Packard, and Symantec) are potentially suitable options. In addition, due to a consolidation of all the ISC backup services on IBM technology, we believe that the IBM option should be considered as well. Each of these four options would require a more thorough vetting against the assembled requirements before a final vendor could be selected. Methodology: Data Archiving Defined In the first meeting, the team agreed that for the purposes of this study, we would be considering primarily unstructured data with the possibility that certain application data (SharePoint, Exchange, and others) could be considered as secondary requirements. The data archiving tools we were primarily considering were ones that could take less frequently used data and move it to slower and less expensive storage devices. The preference was for the data to be nearline, meaning it is easily accessed from the primary system, and not a completely separate and searchable data store. Page 1 of 6
Identified Requirements The team assembled a very large list of requirements that covered the needs of each School and Center. The requirements fell into the general categories of: Functional Capabilities Technical Requirements Interoperability Compatibility Support Compliance and Security Requirements were then prioritized by each team member and used to weigh the responses provided by vendors. Areas of particular concern for team members were compliance with HIPAA and FERPA as well as authentication methods that can natively integrate with systems we already have in use on campus. Vendor Evaluations: Commvault: CommVault Simpana is a full data protection system designed and built from the ground up. Archiving has become a strategic offering in the product which enables customers to meet backup windows, lower costs, and take control of data retention and governance policies. Simpana is installed on- premise on the customer's choice of server hardware. The CommServe component requires Microsoft Windows to run SQL server, but the Media Agents (data moving servers) can run Windows or Linux operating systems. There is wide support for major tape library vendors and many storage vendors have specific Intellisnap support for easy backup using native snapshotting. Cloud libraries can be configured as a target for backup and archive storage. Archiving is enabled at the client level in the CommServe interface, and is further configurable at the subclient level, which is the method used to specify what content will be backed up on a given client. Transparent recovery of archived files is achieved through stubs: pointers left in place of the original file that is moved off of the server. The OnePass technology used in Simpana for Archiving performs synthetic fulls of archive data. Rules can be set at the subclient level which can archive based on age of files, file size, last access time, user/group ownership, or disk capacity. Retention for archived files is also configurable to meet compliance requirements. The product offers advanced Page 2 of 6
content indexing which, in the context of archiving, will show end users thumbnail previews of files that in many cases eliminate the need to recover. The Data Archiving Evaluation team identified a need for e- mail archiving, which is supported on Simpana for Microsoft Exchange and IBM Domino. Email archiving is integrated with advanced discovery and legal hold features with the purchase of an additional licensing add- on. Journaling of all e- mail messages for compliance is possible. In the case of Exchange, archived e- mail messages are easily retrievable by users and administrators via an Outlook plugin. Import of Microsoft PST files is natively supported. Simpana features several other highly desired capabilities as polled by the Evaluation team. CommVault's patented binary- block deduplication technology claims to offer significantly more space savings than normal single- instance storage. An analytics tool is provided which can scan servers to determine which data is best suited for archiving in preparation for a migration. Security is ensured through heterogeneous encryption configurable as multiple types and strengths that can be set on data in transit and at rest. For more information, please visit: http://www.commvault.com/simpana- software Global Relay: Of all the vendors that we reviewed, Global Relay had the most unique set of characteristics. Like all of the other vendors considered they were in the Leaders section on the Gartner 2014 Magic Quadrant for Enterprise Information Archiving and rated high in all measures. However, there were some significant differences in terms of product capabilities and deployment options that we needed to consider. The most significant differentiator for Global Relay is that their offering is entirely centered on messaging and social media archiving with a particular focus on compliance requirements. During their presentation to our evaluation team they did indicate that there were some techniques we could use to incorporate file archiving into their product but the functionality is not there natively and would require some additional work on our part to get it working properly. Once the data is archived, it is both indexed and searchable. One attractive feature of Global Relay was their e- discovery feature. Unlike other products we reviewed, the e- discovery option is integrated into the base offering and does not incur additional licensing cost. Global Relay is also particularly focused on compliance issues and have robust capabilities in that space. Page 3 of 6
Global Relay is only available as a cloud- based software- as- a- service (SaaS) offering and cannot be deployed on- site at Penn. The SaaS capabilities were very attractive to some members of the review committee in that it would not require a large up- front investment in hardware and could be consumed incrementally. For others who wanted greater control of their data, the lack of a local hosting option was a potential negative but the model that would allow us to pay only for what we were consuming was universally attractive. While there are some very attractive features and functionality available in Global Relay, the lack of straightforward file archiving makes it incompatible with the requirements determined by the team. If a particular School or Center were looking for messaging platform archiving for compliance purposes, Global Relay would be a very attractive option for that use case. However, at this time we cannot recommend that Global Relay be pursued for a campus deployment of data archiving. For more information, please see: http://www.globalrelay.com/solutions Hewlett- Packard: Hewlett- Packard s purchase of Autonomy in 2011 was a topic of controversy in the technology media, but even with that in mind, HP was positioned as a 2014 leader in the Archiving space according to Gartner. We invited HP to present the hosted Digital Safe product and saw that Autonomy's technology was integrated into a full- featured suite that met the high priority requirements established by the evaluation team. Our team identified the requirement for a hardware- agnostic back- end, which Digital Safe fulfills in that it is a hosted solution that does not reside on premise in a data center and therefore no server, storage, or tape hardware is needed. The cloud- based model obviates other traditional archiving concepts. Tiering lesser- used archived data to cheaper storage is managed transparently in the SaaS infrastructure. "Stubbing" of archived files is replaced by full end- user access to all data via a web browser. A key component of an archive strategy is the ability to automatically scan and report on what data is eligible to archive for greatest efficiency. HP ControlPoint (http://www.autonomy.com/products/control- point) will perform this important analysis for a first- time movement of data to an archive, and can be used for ongoing management of data. An immutable archive of the data and any associated metadata is ensured, as Digital Safe resides on a fully compliant Write One, Read Many (WORM) storage architecture. We were assured that all customers are allocated separate data storage that is not co- Page 4 of 6
mingled with other customers for truly secure multi- tenancy. The two geographically dispersed datacenter locations where customer data is housed are SOC 2 certified and the product is governed end to end by ISO 27001/27002 standards. Robust file index and search is enabled via Intelligent Data Operating Layer (IDOL) and is one of the key Autonomy technologies acquired by HP in the purchase. IDOL offers conceptual and contextual search capabilities. One thousand file types and formats can be searched and indexed by the engine and over one hundred languages are supported. The HP ediscovery portion of the suite is licensed separately at an additional cost. It allows for advanced search of the indexed archive data and the ability to put e- mails and files on legal hold. From a compliance standpoint, e- mail can be journaled as it arrives or leaves so that no information is lost, even if messages are later deleted. The newer challenge of managing user footprints left on IM and social media that could potentially be the source of costly legal discovery is addressed by the indexing features of Digital Safe and search in the ediscovery product. Because of the diverse variety of products offered in HP's portfolio, as well as the varying needs between the Schools and Centers at the University, HP recommended separate professional services engagements to determine the range of requirements and custom fit the service offerings. An HP professional services migration team would also be instrumental in implementation of the archiving solutions chosen. For more information, please see: http://www.autonomy.com/products/digital- safe Symantec: Symantec's Enterprise Vault (EV) suite of products supports all of the must- have features determined by the Data Archiving Evaluation team. We focused on the on- premise version of Enterprise Vault, though there also is an offering called EV.cloud that provides hosted archiving- as- a- service. The Vault Store on the back- end supports the most popular modern storage and tape library options, avoiding lock- in to a particular hardware vendor or appliance. A highly- desired supported feature is the ability to tier less frequently- accessed data to cheaper storage. In addition, cloud storage can be presented as a target. When a file is moved off of primary storage, it is replaced with a stub and can be recalled by the end user. All file types can be archived with Enterprise Vault, as well as application- aware archiving of Microsoft SharePoint and Exchange. The product is administered via a Microsoft Management Console (MMC) in which Page 5 of 6
policies are applied to users and also to specify the behavior of how a given data type will be archived. There is a dependency on Active Directory, and Groups, LDAP queries, or OU membership can be used to define how policies target users. Vault Cache can be offered to users, which gives a local, offline cache of archived items for fast recovery. Vault Cache can be accessed interactively by using the Virtual Vault Outlook add- in. Users can archive items manually by dragging into the Virtual Vault, and restore items to the Inbox by dragging out. The Symantec ediscovery Platform powered by Clearwell (http://www.symantec.com/ediscovery- platform/) is separately licensed. It provides the ability to search archived files and e- mail messages. After which, these can be placed on legal hold, assigned to a team reviewers, and tagged or annotated. For more information, visit: http://www.symantec.com/enterprise- vault/ Page 6 of 6