- Jerome Wendt, DCIG Inc.
New and innovative products provide many more choices to protect Microsoft Exchange depending on your recovery point objective and recovery time objective requirements.
Email is now firmly established as a mission-critical application for many businesses, and more than 60% of enterprises use Microsoft Exchange for their corporate email, according to Gartner Inc. This widespread corporate adoption of Microsoft Exchange, coupled with its mission-critical nature and growing electronic discovery requirements, make protecting it a more complicated proposition than just performing simple backups and recoveries.
Recovery time objectives (RTOs), recovery point objectives (RPOs) and cost are what drive the level of protection businesses provide for their Microsoft Exchange environments. Companies that can withstand outages of up to one day may consider the use of the free Microsoft Windows Server 2003 NTBackup utility to protect their Microsoft Exchange data stores. But enterprises that need their Exchange storage groups backed up and recovered in seconds or minutes, either onsite or offsite, may need a combination of products to deliver the appropriate levels of recovery and availability they require.
Backup products for Exchange fall into three classes:
- Backup software with specific Exchange agents
- High-availability software and/or appliances
- Archival software
The Exchange agents of the big three backup software products--EMC Corp. NetWorker, IBM Corp. Tivoli Storage Manager (TSM) and Symantec Corp. Veritas NetBackup--each support full, differential, incremental and synthetic backups of the Exchange database, and permit admins to select specific Exchange storage groups to back up and restore. The strengths of these products lie in their scheduling and policy/media management abilities, which are desirable for firms that need to schedule their Exchange backups centrally or perform storage-area network-based backups using multiple media types.
But there's some question about whether firms need all of these features, which may be cumbersome to manage and use. For instance, IBM's TSM requires admins to first recover the entire storage group, mount the storage group in Exchange 2003 as a Recovery Storage Group, identify the message or mailbox that needs to be restored, and then copy it to the appropriate location in the production mail store. Exchange 2000 recoveries are even more time-consuming because admins may need to stop the entire Exchange 2000 server to recover specific messages or mailboxes.
Instead, support for "brick-level" recoveries of individual items like email messages are part of the standard by which backup software should be measured. These allow admins to select and restore one email at a time directly into the production mail store without first recovering the entire storage group.
Several backup software products, including BakBone Software Inc.'s NetVault:Backup, CA's ARCserve Backup and Symantec's Veritas NetBackup, offer support for brick-level recoveries, but users may need to select specific configuration options within the backup software to obtain them. CA's ARCserve offers both object-level and full backup options.
Another important feature offered by only a few programs is the ability to restore data from backups of earlier versions of Exchange into the current version. Backups of older versions of Exchange aren't compatible with current releases. To perform restores, most backup software products require admins to first create a server with the appropriate version of Exchange that matches the version of the backed up data store before the restore can occur. However, with growing legal discovery requirements and more companies planning upgrades to Exchange 2007, transparent restorations from previous versions of Exchange into current versions make this a new corporate must-have.
CA's ARCserve Backup supports release-independence, assuming the administrator backs the data up using the object-level backup; if ARCserve Backup's full backup option is used, release-independence doesn't apply. CommVault's Simpana goes one step further and supports the restoration of data created in newer versions of Microsoft Exchange to older releases.
The VSS connection
Exchange agent support of Windows Server 2003's Volume Shadow Copy Service (VSS) framework is another feature that lets firms make point-in-time backups of an Exchange database using their backup software.
There are three components to the Microsoft VSS framework: a requestor, a writer and a provider. Backup software acts as the requestor and controls the overall process of creating a copy of the Exchange database. It initiates the copy by first calling the Microsoft Exchange 2003 writer, which prepares the Exchange database for the copy by handling the acquiesce and dismount of the Exchange database while maintaining its integrity and consistency.
After the Exchange database is in this suspended state, the backup software calls on the VSS provider to execute the copy function. Either the Windows 2003 OS or the external storage system acts as the provider of the copy utility, which performs the actual copy of the Exchange database. Once the copy completes, the backup software instructs Exchange to remount the database and resume normal processing of email. This leaves a copy of the Exchange database that the backup software can use to perform restores or as a source to make a secondary copy of the data to disk or tape.
The level of recovery one can perform depends on the VSS provider called by the backup software. The VSS provider offered by the Microsoft Windows Server 2003 OS uses a shadow copy or copy-on-write approach to create copies of the Exchange database, which is supported by most backup software products. Symantec's Backup Exec supports only Symantec's VSS provider, which is offered as part of Symantec's Veritas Storage Foundation for Windows.
The Microsoft VSS provider delivers rapid snapshots of the Exchange database, but it requires the volume containing the original Exchange database to remain available to back up or restore data. In this scenario, if the volume with the main production Exchange database becomes inaccessible, so do any snapshots created from it. Another potential problem with this type of snapshot is that it's read-only.
To deliver faster Exchange recoverability, admins may want to consider using hardware VSS providers that support full-volume copies. Full-volume copies let admins mount and present these volumes to Exchange with full read and write capabilities. Creating these volumes requires the backup software to support systems that can create mirrored volumes and to offer a hardware VSS provider that supports this functionality.
|How one user established
Microsoft Exchange RPOs and RTOs
Mohamad Alkazaz, an IT and telecommunications manager at Saint-Gobain Crystals, Newbury, OH, explains how he established Exchange recovery point objectives (RPOs) and recovery time objectives (RTOs) for his company:
When using all products from one vendor, such as EMC, the steps are usually more straightforward. The following sequence presumes the SnapView feature on EMC Clariion is licensed and that the Clariion has sufficient storage capacity to create the full-volume copy.
- EMC's NetWorker Module for Microsoft Exchange agent recognizes EMC's Clariion hardware VSS provider for SnapView and communicates with the Clariion through TCP/IP.
- NetWorker instructs the Exchange writer to quiesce the Exchange database.
- SnapView creates the full volume copy on the Clariion storage system.
- SnapView notifies the backup software after the full volume copy is created.
- The backup software notifies the Exchange writer to take the Exchange database out of its quiesced state and resume email processing.
If multiple hardware VSS providers are available, Symantec's Veritas NetBackup (and others) allow admins to select the hardware VSS provider they desire and then configure the type of copy--full-volume copy or copy-on-write--that they want the storage system to create (assuming the system supports these two types of copies). In instances where storage systems support only shadow copies, these copies are still subject to the same recoverability and availability limitations found in the VSS provider on Windows 2003 Server.
Even with VSS support, backup software often fails to meet the critical nature of Exchange. Techniques such as server clustering satisfy some of these needs, but for immediate offsite Exchange availability and recoverability in the event of loss of the primary Exchange server or site, specialized software and hardware is needed.
Asynchronous replication software is one way to ensure Microsoft Exchange remains continuously available in the event the primary Exchange server goes offline. New features in asynchronous replication software products provide direct integration with Exchange to allow Exchange server failovers to occur in seconds or minutes with minimal or no disruption to enterprise users and even without administrator intervention.
EMC's RepliStor software gives admins a couple of different ways to deliver continuous availability. One is to configure two servers in the same domain at the same site with the same software and logical configuration, but to use unique hostnames on the production and standby servers. RepliStor is then installed on both servers and replicates and synchronizes the data between the production and standby servers. When a failure occurs on the primary server (an interruption of more than 120 seconds of the heartbeat between the two servers), RepliStor initiates the failover and starts Exchange services on the target server.
For offsite recoveries where servers may be in different domains, admins may configure RepliStor to work with Microsoft's VSS framework. RepliStor still replicates the primary Exchange database to the remote site, but it only initiates and retains snapshots on the standby server using Microsoft's VSS provider that Replistor calls through its built-in scheduler and snapshot policy manager. Exchange failovers are performed manually with admins selecting the most recent good point-in-time snapshot and then applying database and transaction logs to roll forward to the most current point-in-time.
CA's XOsoft WANSyncHA goes one step further and lets admins choose whether they want failovers at another site to occur automatically or if they want to be notified so the failover sequence can be initiated manually. Though automatic failover is a nice-to-have, there are many reasons servers at two different sites may lose communication, but these issues don't mean the production Exchange server is down and that the remote site should take over.
XOsoft WANSyncHA uses continuous data protection (CDP) to replicate data, remains aware of the state of the Exchange database during replication and supports cross-network failover. The use of CDP permits automated recovery up to the point of failure of the primary Exchange server.
Because XOsoft WANSyncHA remains aware of the state of the Exchange database, it constantly introduces checkpoints into its replication process that allow the remote copy to maintain consistency with the Exchange database so it can do a near-real time recovery without using a snapshot and replaying transaction logs. Should a recovery need to occur at the remote site, XOsoft WANSyncHA promotes the standby Exchange server to primary Exchange server and manipulates the DNS lookup table to route client requests to the secondary Exchange site.
The one downside with software-based asynchronous replication is that it requires the installation of an agent on the Exchange server, which some organizations may want to avoid. In that case, a hardware appliance that provides asynchronous replication, such as Teneros Inc.'s Application Continuity Appliance (ACA) for Microsoft Exchange, may be a better fit.
Teneros ACA for Microsoft Exchange is installed into the same network where the Exchange server resides. After it receives the Exchange IP address and appropriate security permissions, it creates an exact replica of the Exchange mail store and then goes into standby mode, monitoring the status of Exchange while continuously replicating the Exchange database. If an Exchange failure occurs, Teneros ACA takes over for the Exchange server in a few seconds and provides users with uninterrupted access to their email services.
Archival software provides three critical functions:
- Reduces the size of Exchange message stores and speeds up backups
- Lets companies quickly search and produce emails for legal discoveries
- Preserves emails for specific time periods
For example, Symantec has integrated its Veritas NetBackup software and Enterprise Vault archival software in three key areas: data migration, recall and restore, and policy. Veritas NetBackup lets admins set a policy to migrate data from disk to tape under the management of Veritas NetBackup. However, data remains visible, searchable and accessible for Enterprise Vault users even if it's on tape. Requests for specific emails are passed from Enterprise Vault to Veritas NetBackup, which recalls data from whatever media it resides on.
|Sampler of alternative Exchange protection products
Asynchronous replication and email archiving products may offer specific features that are a better fit for some environments than traditional backup software. Here are some products to consider:
As data expires in the Enterprise Vault archive, Enterprise Vault again sends commands to NetBackup to erase the data. The actual data erasure occurs in the background without any need for admins to get involved except when operators need to load tapes into tape libraries.
CA is also integrating its ARCserve Backup and Message Manager so they share a common policy engine, while CommVault's new Simpana 7.0 software suite permits users to store backups and archives in a single repository managed by the same policy engine.
Backup and beyond
Data protection requirements for Exchange now extend well beyond the traditional model of backup and recovery. Though backup software has been improved and takes advantage of new Exchange features, corporate needs for near real-time availability and access to any and all emails make near real-time failovers and archiving a prerequisite in most enterprise Exchange data protection strategies.