As an IT administrator, you need to protect Exchange data. Typically, this means protecting every mailbox -- the personal database that stores each user's mail items (Inbox, Outbox, Sent Items, etc.), as well as its calendar, contacts, tasks and other user-created folders. Let’s take a look at some of the issues surrounding Exchange mailbox protection.
Problems with unprotected Exchange mailboxes
The loss of an email thread -- or even a single email -- can delay productivity and cause confusion. An email may constitute an entire transaction with a customer, for example; losing an email associated with a multi-million dollar contract can be catastrophic. "Email is the very personification of true information flow within, into and out of an organization," said Andy Grogan, Exchange Server MVP and head of IT for Hounslow Homes in the U.K. "[Email] can be as binding as a paper contract."
That underscores the legal and regulatory aspect of email. Virtually all businesses are subject to regulatory mandates that obligate email retention and ensure timely discovery during litigation. A lost mailbox or even a single lost email may cost you a court case, or expose the business to significant fines or other crippling penalties.
Options for protecting Exchange mailboxes
There are numerous options available to protect Exchange mailboxes, such as Exchange Server 2007’s cluster continuous replication feature. CCR performs asynchronous updates for a second copy of the email database once changes take place in the active copy. If a problem occurs with the active database or server, email can failover to the secondary (clustered) server and database.
In Exchange Server 2010 Microsoft replaced CCR with more robust database availability groups (DAGs), which allow up to 16 Exchange 2010 mailbox servers to support automatic database-level recovery in the event of failure. Exchange Server 2010 DAGs also introduce a lagged database feature that replicates the mailbox after a period of time. This provides a window that enables message recovery up to 14 days before synchronizing with other database copies.
The advantage here is that a message accidentally deleted from an Outlook client doesn't immediately remove the copy on the corresponding Exchange Server. Exchange Server 2010 also supports single-item restoration, allowing administrators to recover deleted email without restoring from a backup.
More conventional backup tools include Volume Shadow Copy Service (VSS), which is often used with older versions of Exchange Server. More recent tools include Exchange streaming backup and restore capabilities, which support target entire storage groups and individual databases within them.
Other backup tools include Microsoft's System Center Data Protection Manager and third-party backup tools like BackupExec. "Those [tools] both work in a traditional backup model where you're copying from a server to a backup tape [or disk]," said Mike Crowley, Exchange MVP and enterprise infrastructure architect with Planet Technologies, Inc. "Your data is stored in a separate location that may be offline in a protected environment. If something happens to the primary environment, you can revert back to that."
A wide range of email-archiving products, such as Symantec Enterprise Vault and Athena Archiver, can archive email content to a storage subsystem for quick recovery or legal discovery. There are also storage appliances dedicated to email archiving and recovery including the Fujitsu Services Archiving Appliance, Jatheon Technologies' Plug n Comply email archiving product and the ArcMail Defender Email Archiving Solution, among others.
Ttraditional storage backup capabilities like SAN snapshots can be used to protect Exchange mailboxes, but experts warn that Microsoft may not fully support snapshots from Exchange Server roles installed on virtual machines. Microsoft support is often an essential part of Exchange Server deployment, so some organizations opt for traditional backup or replicated clustering techniques.
It’s possible and less risky to combine backup techniques to protect Exchange mailboxes. There’s no reason why you can’t use CCR, database availability groups, VSS backups, vaulting and SAN snapshots as part of a highly resilient environment, Grogan noted.
Making the most of Exchange mailbox protection
Exchange Server 2010 SP1 allows you to separate the user's primary mailbox from his personal archives. Experts agree that organizations that allow users to create personal archives should keep both archives separate.
The principal advantage of separating the databases is that you don’t have to back up personal archives as frequently. The archives can also be moved to a lower, less expensive storage tier than the user's primary mailbox, which demands frequent tier 1 storage access for best performance. However, backup options for personal archives and the primary mailbox are identical.
Exchange Server 2010 is tightly integrated with Active Directory; an AD failure can cripple Exchange -- no matter the level of protection. Grogan reminds administrators to also back up Active Directory at least nightly.
Platform migration can seriously affect mailbox protection. Mailbox backups created for an older version of Exchange Server are not mountable in later server versions without a deliberate conversion process. Therefore, any protection plan must include provisions for migration. In many cases, an organization may need to retain a working server with an older Exchange version in order to access older backups.
Perhaps the most critical practice for Exchange mailbox protection is to test backups and restoration processes regularly. Simply verifying a backup is not enough, since a verify feature only ensures that the backup is readable. There is no way to ensure that the backup captured all of the necessary data. "Test restoration scenarios for Exchange from tape [or disk] monthly in a lab environment, which should be as close to production as possible," Grogan said.