Managing and protecting all enterprise data


Protect Exchange data

Email is now firmly established as a critical application, with more than 60% of enterprises using Microsoft Exchange for their corporate email, according to Gartner. This widespread adoption of Microsoft Exchange, and growing electronic discovery requirements, make protecting it a more complicated proposition than just performing simple backups and recoveries.

New and innovative products provide many more choices to protect Microsoft Exchange depending on your recovery point objective and recovery time objective requirements.

Email is now firmly established as a mission-critical application for many businesses, and more than 60% of enterprises use Microsoft Exchange for their corporate email, according to Gartner Inc. This widespread corporate adoption of Microsoft Exchange, coupled with its mission-critical nature and growing electronic discovery requirements, make protecting it a more complicated proposition than just performing simple backups and recoveries.

Recovery time objectives (RTOs), recovery point objectives (RPOs) and cost are what drive the level of protection businesses provide for their Microsoft Exchange environments. Companies that can withstand outages of up to one day may consider the use of the free Microsoft Windows Server 2003 NTBackup utility to protect their Microsoft Exchange data stores. But enterprises that need their Exchange storage groups backed up and recovered in seconds or minutes, either onsite or offsite, may need a combination of products to deliver the appropriate levels of recovery and availability they require.

Backup products for Exchange fall into three classes:

  • Backup software with specific Exchange agents
  • High-availability software and/or appliances
  • Archival software
Backup software products first install their client on the Exchange server and then install an agent that interacts directly with the Exchange database. The level of granularity the agent provides for the backup and restore of individual components of the Exchange database separates average backup software products from above average ones.

The Exchange agents of the big three backup software products--EMC Corp. NetWorker, IBM Corp. Tivoli Storage Manager (TSM) and Symantec Corp. Veritas NetBackup--each support full, differential, incremental and synthetic backups of the Exchange database, and permit admins to select specific Exchange storage groups to back up and restore. The strengths of these products lie in their scheduling and policy/media management abilities, which are desirable for firms that need to schedule their Exchange backups centrally or perform storage-area network-based backups using multiple media types.

But there's some question about whether firms need all of these features, which may be cumbersome to manage and use. For instance, IBM's TSM requires admins to first recover the entire storage group, mount the storage group in Exchange 2003 as a Recovery Storage Group, identify the message or mailbox that needs to be restored, and then copy it to the appropriate location in the production mail store. Exchange 2000 recoveries are even more time-consuming because admins may need to stop the entire Exchange 2000 server to recover specific messages or mailboxes.

Instead, support for "brick-level" recoveries of individual items like email messages are part of the standard by which backup software should be measured. These allow admins to select and restore one email at a time directly into the production mail store without first recovering the entire storage group.

Several backup software products, including BakBone Software Inc.'s NetVault:Backup, CA's ARCserve Backup and Symantec's Veritas NetBackup, offer support for brick-level recoveries, but users may need to select specific configuration options within the backup software to obtain them. CA's ARCserve offers both object-level and full backup options.

Another important feature offered by only a few programs is the ability to restore data from backups of earlier versions of Exchange into the current version. Backups of older versions of Exchange aren't compatible with current releases. To perform restores, most backup software products require admins to first create a server with the appropriate version of Exchange that matches the version of the backed up data store before the restore can occur. However, with growing legal discovery requirements and more companies planning upgrades to Exchange 2007, transparent restorations from previous versions of Exchange into current versions make this a new corporate must-have.

CA's ARCserve Backup supports release-independence, assuming the administrator backs the data up using the object-level backup; if ARCserve Backup's full backup option is used, release-independence doesn't apply. CommVault's Simpana goes one step further and supports the restoration of data created in newer versions of Microsoft Exchange to older releases.

The VSS connection
Exchange agent support of Windows Server 2003's Volume Shadow Copy Service (VSS) framework is another feature that lets firms make point-in-time backups of an Exchange database using their backup software.

There are three components to the Microsoft VSS framework: a requestor, a writer and a provider. Backup software acts as the requestor and controls the overall process of creating a copy of the Exchange database. It initiates the copy by first calling the Microsoft Exchange 2003 writer, which prepares the Exchange database for the copy by handling the acquiesce and dismount of the Exchange database while maintaining its integrity and consistency.

After the Exchange database is in this suspended state, the backup software calls on the VSS provider to execute the copy function. Either the Windows 2003 OS or the external storage system acts as the provider of the copy utility, which performs the actual copy of the Exchange database. Once the copy completes, the backup software instructs Exchange to remount the database and resume normal processing of email. This leaves a copy of the Exchange database that the backup software can use to perform restores or as a source to make a secondary copy of the data to disk or tape.

The level of recovery one can perform depends on the VSS provider called by the backup software. The VSS provider offered by the Microsoft Windows Server 2003 OS uses a shadow copy or copy-on-write approach to create copies of the Exchange database, which is supported by most backup software products. Symantec's Backup Exec supports only Symantec's VSS provider, which is offered as part of Symantec's Veritas Storage Foundation for Windows.

The Microsoft VSS provider delivers rapid snapshots of the Exchange database, but it requires the volume containing the original Exchange database to remain available to back up or restore data. In this scenario, if the volume with the main production Exchange database becomes inaccessible, so do any snapshots created from it. Another potential problem with this type of snapshot is that it's read-only.

To deliver faster Exchange recoverability, admins may want to consider using hardware VSS providers that support full-volume copies. Full-volume copies let admins mount and present these volumes to Exchange with full read and write capabilities. Creating these volumes requires the backup software to support systems that can create mirrored volumes and to offer a hardware VSS provider that supports this functionality.

How one user established
Microsoft Exchange RPOs and RTOs

Mohamad Alkazaz, an IT and telecommunications manager at Saint-Gobain Crystals, Newbury, OH, explains how he established Exchange recovery point objectives (RPOs) and recovery time objectives (RTOs) for his company:

Survey users. By surveying his 250 users, Alkazaz learned the level of data protection he needed to provide for Exchange and how quickly he might need to recover Exchange data. The survey revealed that users ranked availability of Exchange over application databases and file servers, which helped him justify the level of data protection he implemented for Exchange.

Offer alternative recovery options for emails of different ages. Some users indicated they wanted immediate recovery of their emails; but by checking further, Alkazaz found they only wanted emails that were less than a week old recovered immediately (in less than 30 minutes). Alkazaz was able to justify backing up recent emails to disk to allow these recoveries to occur in the timeframe users expected. He also kept LTO tape in the mix because management and users were agreeable to waiting longer (four hours or more) for recovery of emails over one week old.

Understand your backup options. Alkazaz uses CA ARCserve Backup, which gives him two ways to back up his Exchange database: object-level and full backup. He opted for full backup because he never knew for sure which users would request restores. Though more cumbersome to restore than object-level backups, fulls backed everything up and took less time to configure.

Establish ediscovery and compliance requirements. Alkazaz considered using email archival software to complement his backup software, but found after discussions with department managers that they could address 99% of their ediscovery and compliance requirements with CA ARCserve Backup.

When using all products from one vendor, such as EMC, the steps are usually more straightforward. The following sequence presumes the SnapView feature on EMC Clariion is licensed and that the Clariion has sufficient storage capacity to create the full-volume copy.

  • EMC's NetWorker Module for Microsoft Exchange agent recognizes EMC's Clariion hardware VSS provider for SnapView and communicates with the Clariion through TCP/IP.
  • NetWorker instructs the Exchange writer to quiesce the Exchange database.
  • SnapView creates the full volume copy on the Clariion storage system.
  • SnapView notifies the backup software after the full volume copy is created.
  • The backup software notifies the Exchange writer to take the Exchange database out of its quiesced state and resume email processing.
In environments where software and hardware from different vendors is used, admins need to take additional steps. For instance, they must verify that the backup software supports calls to the hardware VSS provider from the storage system on which the Exchange database resides. They'll also need to place the Exchange database on the volumes of the storage system that the hardware VSS provider will call if it's not already there.

If multiple hardware VSS providers are available, Symantec's Veritas NetBackup (and others) allow admins to select the hardware VSS provider they desire and then configure the type of copy--full-volume copy or copy-on-write--that they want the storage system to create (assuming the system supports these two types of copies). In instances where storage systems support only shadow copies, these copies are still subject to the same recoverability and availability limitations found in the VSS provider on Windows 2003 Server.

Even with VSS support, backup software often fails to meet the critical nature of Exchange. Techniques such as server clustering satisfy some of these needs, but for immediate offsite Exchange availability and recoverability in the event of loss of the primary Exchange server or site, specialized software and hardware is needed.

Continuous availability
Asynchronous replication software is one way to ensure Microsoft Exchange remains continuously available in the event the primary Exchange server goes offline. New features in asynchronous replication software products provide direct integration with Exchange to allow Exchange server failovers to occur in seconds or minutes with minimal or no disruption to enterprise users and even without administrator intervention.

EMC's RepliStor software gives admins a couple of different ways to deliver continuous availability. One is to configure two servers in the same domain at the same site with the same software and logical configuration, but to use unique hostnames on the production and standby servers. RepliStor is then installed on both servers and replicates and synchronizes the data between the production and standby servers. When a failure occurs on the primary server (an interruption of more than 120 seconds of the heartbeat between the two servers), RepliStor initiates the failover and starts Exchange services on the target server.

For offsite recoveries where servers may be in different domains, admins may configure RepliStor to work with Microsoft's VSS framework. RepliStor still replicates the primary Exchange database to the remote site, but it only initiates and retains snapshots on the standby server using Microsoft's VSS provider that Replistor calls through its built-in scheduler and snapshot policy manager. Exchange failovers are performed manually with admins selecting the most recent good point-in-time snapshot and then applying database and transaction logs to roll forward to the most current point-in-time.

CA's XOsoft WANSyncHA goes one step further and lets admins choose whether they want failovers at another site to occur automatically or if they want to be notified so the failover sequence can be initiated manually. Though automatic failover is a nice-to-have, there are many reasons servers at two different sites may lose communication, but these issues don't mean the production Exchange server is down and that the remote site should take over.

XOsoft WANSyncHA uses continuous data protection (CDP) to replicate data, remains aware of the state of the Exchange database during replication and supports cross-network failover. The use of CDP permits automated recovery up to the point of failure of the primary Exchange server.

Because XOsoft WANSyncHA remains aware of the state of the Exchange database, it constantly introduces checkpoints into its replication process that allow the remote copy to maintain consistency with the Exchange database so it can do a near-real time recovery without using a snapshot and replaying transaction logs. Should a recovery need to occur at the remote site, XOsoft WANSyncHA promotes the standby Exchange server to primary Exchange server and manipulates the DNS lookup table to route client requests to the secondary Exchange site.

The one downside with software-based asynchronous replication is that it requires the installation of an agent on the Exchange server, which some organizations may want to avoid. In that case, a hardware appliance that provides asynchronous replication, such as Teneros Inc.'s Application Continuity Appliance (ACA) for Microsoft Exchange, may be a better fit.

Teneros ACA for Microsoft Exchange is installed into the same network where the Exchange server resides. After it receives the Exchange IP address and appropriate security permissions, it creates an exact replica of the Exchange mail store and then goes into standby mode, monitoring the status of Exchange while continuously replicating the Exchange database. If an Exchange failure occurs, Teneros ACA takes over for the Exchange server in a few seconds and provides users with uninterrupted access to their email services.

Archival software provides three critical functions:

  • Reduces the size of Exchange message stores and speeds up backups
  • Lets companies quickly search and produce emails for legal discoveries
  • Preserves emails for specific time periods
Now that archival software is an integral part of Exchange data protection, some backup software vendors are starting to integrate the management of archival software with their traditional backup software.

For example, Symantec has integrated its Veritas NetBackup software and Enterprise Vault archival software in three key areas: data migration, recall and restore, and policy. Veritas NetBackup lets admins set a policy to migrate data from disk to tape under the management of Veritas NetBackup. However, data remains visible, searchable and accessible for Enterprise Vault users even if it's on tape. Requests for specific emails are passed from Enterprise Vault to Veritas NetBackup, which recalls data from whatever media it resides on.

Sampler of alternative Exchange protection products

Asynchronous replication and email archiving products may offer specific features that are a better fit for some environments than traditional backup software. Here are some products to consider:

Replication software/appliances

Asempra Technologies Business Continuity Server for Exchange uses CDP to provide near-instant recovery of specific messages. Admins may set policies for data retention that are the same across the enterprise or specific to each Exchange server. It also manages failovers so if the primary Exchange server fails, it updates Active Directory and DNS so users are rerouted to the standby Exchange server.

Cemaphore Systems MailShadow lets firms choose mailboxes from several Exchange servers and replicate them to a single Exchange server. This minimizes the amount of replication required while ensuring that the most critical users at each site have access to email.

Double-Take Software Double-Take for Windows. The Double-Take Application Manager provides integrated restore and failback capabilities to automatically recover data to the original production Exchange server and initiate failbacks. It also supports replication between dissimilar hardware and testing on replicated copies of Exchange data without remirroring datasets once the testing is complete.

Neverfail Group Neverfail for exchange replicates data and monitors the status of Exchange, physical servers, network infrastructure and OSes. If an error occurs, Neverfail sees if corrective actions can be taken before resorting to a full system failover to the standby server.

PostPath PostPath Server can be a replacement for the Exchange server, not just a failover device. Admins install PostPath to run side-by-side with the Exchange server until the entire Exchange mail store is replicated and then PostPath takes over for Exchange. PostPath runs on Linux and supports Exchange-dependent apps, protocols and clients.

Email archival software

Mimosa Systems NearPoint functions off-host so it doesn't require agents on the Exchange server to archive emails, nor does it use SMTP, MAPI or journaling to archive. It creates a shadow copy of the Exchange database using Mimosa's continuous app shadowing technology. It creates a near real-time, single-instance store of the database that breaks apart and indexes messages to support disk-based recoveries/searches.

Overtone Software Managetone for Microsoft Exchange uses the event notification feature in Exchange to create a second copy or archive of messages. This approach lets it copy every calendar and contact change, not just email messages, while generating less overhead. It stores all messages in an XML database, making them searchable with any third-party search engine.

As data expires in the Enterprise Vault archive, Enterprise Vault again sends commands to NetBackup to erase the data. The actual data erasure occurs in the background without any need for admins to get involved except when operators need to load tapes into tape libraries.

CA is also integrating its ARCserve Backup and Message Manager so they share a common policy engine, while CommVault's new Simpana 7.0 software suite permits users to store backups and archives in a single repository managed by the same policy engine.

Backup and beyond
Data protection requirements for Exchange now extend well beyond the traditional model of backup and recovery. Though backup software has been improved and takes advantage of new Exchange features, corporate needs for near real-time availability and access to any and all emails make near real-time failovers and archiving a prerequisite in most enterprise Exchange data protection strategies.

Article 16 of 26

Dig Deeper on Long-term archiving

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Storage

Access to all of our back issues View All