Continuity Best Practice

Document created by user.oxriBaJeN4 Employee on Sep 23, 2015Last modified by user.oxriBaJeN4 Employee on Dec 22, 2016
Version 9Show Document
  • View in full screen mode

This page should be read in conjunction with the Mimecast Continuity Planning Manual.

Continuity best practice guidelines are available for administrators to plan and provide end users with continuity of email services during an infrastructure outage or disaster recovery event. These guidelines are summarized below.

It is important to ensure that you allow connections to the appropriate ports from the entire Mimecast regional IP Ranges, and that they are mapped through to the correct destination on your network.

Preparation for the Continuity Event

 

Although some steps may be necessary during email service interruption to users, the guidelines below will assist to plan for the outage before it takes place, which will reduce the amount of administration required during the event itself.

Service Monitor can be used to monitor email services and issue SMS/email alerts when configured mail flow thresholds are breached.

Administrator Authentication

 

As most customers opt to use network Directory authentication, it is important to consider how the Administrator (and later, users) will be able to access Mimecast services in the event of Directory unavailability. It is recommended that an administrator email address be configured with a cloud password. This can be used when logging in to services such as the Administration Console.

 

See theSetting Your Cloud Password page for full details.

 

User Authentication

 

If the network directory is unavailable, users may not be able to authenticate when accessing Mimecast using end user services. In this instance, it may be necessary to upload a spreadsheet to import Mimecast cloud passwords. See Adding Users to Mimecast Using a Spreadsheet Import for further details. Once complete these passwords will need to be communicated to the users. As email communication will be unavailable, another method should be considered to issue these passwords to users. Alternatively, it is possible to configure the Cloud passwords beforehand, and to issue them to the user prior to DR events.

Microsoft Office includes Integrated Authentication, which uses Windows tokens to authenticate users. The token expiry date can be configured as required.

Secondary Directory Connections

 

If possible, configure a secondary Directory connection to your local infrastructure. Mimecast can be configured to authenticate against multiple network Directory installations, so that if the primary Directory is unavailable, authentication for administrators and users continues to operate seamlessly.

 

End User Services

 

Consider how email services will be provisioned to end users during the DR event. Information on the available services should be provided to the users, with reference to the tutorial videos and user training that Mimecast provides.

  • Mimecast Personal Portal: Permissions may be required in order for users to access this webmail service. It may also be worthwhile adding the shortcut to access Mimecast Personal Portal to the user's desktop. It is recommended to check that several users can log in to Mimecast Personal Portal with their credentials to confirm that the settings are correct.
  • Mimecast for Outlook: This Windows service integrates seamlessly with Microsoft Outlook to provide email continuity and archive search services natively in the application. Mimecast for Outlook settings can be controlled from the administrator console using Application Settings definitions, which can be applied to specific sets of users or all users simultaneously.
    The connection state reported by Microsoft Outlook is not 100% reliable. Therefore to prevent entering continuity mode unnecessarily, we recommend that this option is disabled for Mimecast for Outlook.
  • Mimecast Mobile for BlackBerry: As with our other mobile apps, Mimecast Mobile for BlackBerry provides users with archive search functionality from the device mail app. It also includes continuity features, so that email flow continues during Exchange, BES or BlackBerry NOC unavailability. This continuity mode is enabled manually by the administrator during the infrastructure outage, so it is important to consider:
    • Mobile permissions for continuity.
    • Group configuration that includes the Mimecast Mobile for BlackBerry continuity members.
    • App activation during the event. Mimecast Mobile for BlackBerry is disabled automatically when the battery reaches the configured threshold.
      Mimecast recommends regular testing of Mimecast Mobile for BlackBerry continuity every six months.
  • Mimecast Synchronization Engine has a number of features that can greatly enhance the end user continuity experience, for those unavoidable occasions when the corporate Exchange server is not available, or users cannot access the corporate network.
    • Folder Synchronization: Exchange mailbox folders play a large part in the way that end users organize and find important emails and attachments. Mailbox Metadata Synchronization (Folder Replication) provides the ability to replicate emails in the same folder structure that end users are familiar with, to Mimecast.
      Folder Sync would also display the information from historical email data prior to implementing Mimecast, if this information has been Ingested.
      If using Folder Sync in your environment, Exchange Folders Live View is available from Mimecast Personal Portal interfaces. This provides end users with a view of the messages stored within their archive, in the same familiar folder structure used in their Exchange mailbox. Using this Live View, they can find, view, reply and forward emails, as if they were using their standard Exchange mailbox.
    • Calendars: Exchange calendars is an extensively utilized feature of Microsoft Outlook, and allows end users to track important meetings and activities. Using calendar replication, end users logging onto the Mimecast Personal Portal have read-only access to this data in the event of an Exchange outage.
    • File Archive: If enabled, Mimecast is able to provide users with access to files stored in user home drives and shared network drives. The files are accessible through Mimecast for Outlook and Mimecast Personal Portal.

 

During a Continuity Event

 

When a disaster recovery scenario takes place, impairing email flow for the organization, the following procedures should be followed:

  1. If the outage takes place in the organization infrastructure, and Mimecast is unable to deliver emails to the organization, inbound emails are automatically queued for a maximum of four days. After this time, the emails are bounced, and the sender will receive a notification of the bounce. If the outage is expected to last longer than this four day period, it is possible to pause inbound deliveries to your infrastructure. This will prevent the notifications from being issued to the sender. In this instance, Mimecast will continue to queue the emails indefinitely, and will deliver them gradually to the server once it becomes available. 
    It is important to notify Mimecast Support when using the pause inbound deliveries feature.
  2. Mimecast for Outlook: If enabled, continuity mode will automatically activate within 15 minutes of an Exchange server outage. This mode will only activate if a message exists in Mimecast that cannot be found on Exchange. This might mean delayed activation of continuity mode for some users. Administrators can manually activate continuity mode from the Administration Console, with a continuity event.
  3. Mimecast Mobile for BlackBerry: Requires manual activation of continuity by the administrator. Archive search services will be available regardless of the continuity event.
  4. If the network Directory is unavailable, users may not be able to authenticate when accessing Mimecast using end user services. In this instance, it may be necessary to upload a spreadsheet to import Mimecast cloud passwords. See Adding Users to Mimecast Using a Spreadsheet Import for further details. Once complete these passwords will need to be communicated to the users. As email communication will be unavailable, another method must be used to issue these passwords to users. 
    Mimecast for Outlook includes integrated authentication, which uses Windows tokens to authenticate users. The token expiry date can be configured as required.
  5. Users should be notified of the disaster recovery event, and receive information on which Mimecast services to use for continuity. If issues are experienced that are preventing users from accessing their emails in Mimecast, contact Mimecast support.

 

After a Continuity Event

 

Once the disaster recovery event is over, it may be necessary to revert some of the changes made during the event:

  1. End or remove any continuity event definitions that were in effect for Mimecast for Outlook, or Mimecast Mobile for BlackBerry. This will restore regular email flow to the applications.
    Mimecast Mobile for BlackBerry users will use a menu option on the device to manually de-duplicate disaster recovery messages.
  2. If the pause inbound deliveries feature was enabled, it can now be deactivated.
    It is important to test your delivery route to make sure that Mimecast can contact your email server.
  3. Communicate the end of the event to end users if appropriate.
  4. Monitor end user support calls for email Continuity issues.

Attachments

    Outcomes