Virtualized Exchange Servers in Distributed Configurations
As previously described, Backup Exec supports modern image-level (“agentless”) protection of VMware and Hyper-V virtual machines, including virtual machines hosting applications such as Exchange. It’s important to note that Backup Exec does not currently support image-level backups of virtualized Exchange servers in a distributed configuration. Only virtual standalone Exchange servers are supported for image-level backup and granular recovery.
In order to achieve granular recovery support of virtualized Exchange servers in a distributed configuration, such as an Exchange 2010 Database Availability Group (DAG), the virtual machines must be protected using agent-based backups, which essentially treats each virtual machine as if it were a standalone, physical system.
Note: Backup Exec does not support granular recovery of Exchange 2013 mailbox objects. This functionality is planned for a later release of Backup Exec.
Protection of Physical Exchange Servers
For physical Exchange servers, the Agent for Windows is installed locally to the Exchange server. The Agent for Windows interacts with the physical Exchange server to prepare the Exchange databases for backup and to transmit backup data to the Backup Exec server over the NDMP protocol.
Backup of Physical Exchange Servers
VSS Integration and Physical Exchange Servers
Backups of physical Exchange servers that are captured by the Agent for Windows are snapshot backups performed using Microsoft’s VSS Writers (the only exception is Exchange 2003, which does not have a VSS writer). In most cases, Backup Exec uses a VSS full backup, which ensures that Exchange is placed into a consistent state at the time of backup and also truncates transaction logs, a key element of maintaining a healthy database application over time.
The Agent for Windows can only protect Exchange components of a server after the Agent for Applications and Databases has been licensed within Backup Exec.
Granular Application Recovery of Physical Exchange Servers
In addition to preparing physical Exchange servers for backup and transmitting Exchange backup data to the Backup Exec server for storage, the Agent for Windows also plays a key role during Exchange recovery. For example, the presence of the Agent for Windows locally installed to a physical Exchange server enables the Backup Exec server to directly transmit and restore granular Exchange objects back to the production Exchange environment of an organization.
Offhost Backups of Physical Exchange Servers
Backup Exec also supports offhost backups of physical Exchange servers. Offhost backups help alleviate the processing overhead of backup operations from the physical Exchange server and transfer them to the Backup Exec server.
For more information on Backup Exec and configuring offhost backups of physical Exchange servers, refer to the Backup Exec Administrator’s Guide and the following technote: http://www.symantec.com/docs/HOWTO12231.
Granular Application Recovery of Exchange Virtual Machines
To enhance Backup Exec’s virtual machine protection and recovery capabilities, particularly when the virtual machine is hosting Exchange, the Agent for Windows should be installed into the guest virtual machine itself. In this configuration, Backup Exec can still capture snapshot-based, image-level backups of the destination virtual machine, but can then also offer dynamic application discovery capabilities and granular recovery of Exchange application components, all from a single-pass backup. In other words, even with the Agent for Windows installed to the virtual machine, the backup process remains what is known in the industry as an “agentless” backup; the presence of the Agent for Windows within the virtual machine simply allows for application metadata capture and granular recovery of application objects directly back to the original virtual machine.
Agent for Windows Enables Granular Recovery of Virtualized Exchange Servers
While Backup Exec fully supports protecting virtualized Exchange servers without installing the Agent for Windows to the virtual machine, recovery options are limited in this configuration. When the Agent for Windows is not present on the Exchange virtual machine, Backup Exec has no direct knowledge of Exchange being present on the virtual machine, and recovery options are limited to full virtual machine recovery and file/folder recovery.
Application-specific recovery features are only available when the Agent for Windows is installed to the Exchange virtual machine, which allows Backup Exec to discover the Exchange application and capture the Exchange metadata needed to enable application-specific recovery features.
VSS Integration and Virtualized Exchange Servers
When protecting virtualized Exchange servers, Backup Exec utilizes Microsoft’s VSS service to prepare the Exchange virtual machine for backup and truncation of Exchange transaction logs. For VMware environments, these VSS calls are made to the Agent for Windows on the Exchange virtual machine through interactions with the vStorage API, and involves the VSS writer on the virtual machine. The VSS writer will be either the VSS writer included with VMware Tools, or the Backup Exec VSS writer that is installed with the Agent for Windows. For Hyper-V environments, a similar process happens through interactions with the Hyper-V host via the local Agent for Windows agent installed to the Hyper-V host. The VSS writer that is used to prepare the virtual machine for backup will be either the VSS writer installed to the virtual machine along with Hyper-V Integration Services, or the Backup Exec VSS writer that is installed with the Agent for Windows.
With either VMware or Hyper-V environments, Backup Exec invokes a virtual machine-level VSS full backup, which prepares Exchange for the virtual machine snapshot event and truncates Exchange transaction logs. If the Agent for Windows is installed to the Exchange virtual machine, the VSS backup method can be changed to a VSS copy, which will not truncate log files.
For more information, refer to the following technote: http://www.symantec.com/docs/HOWTO74082.
Uniquely Named Mailbox
To enable key features related to the protection and recovery of Exchange servers, such as granular recovery of Exchange objects, Backup Exec must have access to a uniquely named mailbox within the Exchange infrastructure. Access to this mailbox enables Backup Exec to interact with Exchange and important components within the Exchange Information Store. In order to enable granular recovery of Exchange objects, you must use the appropriate Exchange Server management utility to assign the user account to the Exchange Organization Administrators role (Exchange 2007) or the Exchange Organization Management role (Exchange 2010/2013).
The uniquely named mailbox cannot be hidden in the Exchange Global Address List.
For more information about this mailbox and associated requirements, refer to the Backup Exec Administrator’s Guide or the following technote:
- Ensuring Exchange mailbox name is unique http://www.symantec.com/docs/TECH24691.
Exchange Management Tools
You must install the Exchange Management Tools on the Backup Exec server. The management tools on the Backup Exec server must be the same version or later as the management tools that are on the Exchange Server. For more information about installing the Exchange Management Tools, refer to your Microsoft Exchange documentation.
Protection of Virtualized Exchange Servers
For virtualized Exchange servers, Backup Exec interacts with the Exchange server through the virtual host, either through software APIs provided by the virtual infrastructure (VMware), or through the Agent for Windows installed to the virtual host (Hyper-V). For virtualized Exchange servers, Backup Exec fully supports what is generally known as “agentless” backup, both for VMware as well as Hyper-V environments.
Backup of Virtualized Exchange Servers
For additional information on requirements for protecting Exchange environments using Backup Exec, refer to the Backup Exec Administrator’s Guide and the following technotes:
- General Exchange protection requirements: http://www.symantec.com/business/support/index?page=content&id=HOWTO24128
- Exchange granular recovery requirements: http://www.symantec.com/docs/TECH51740
Note: “Licensing Backup Exec in Exchange Environments” provides more information about the Agent for Applications and Databases licensing.
Exchange Protection Methods and Technology
Backup Exec employs modern, highly advanced, and scalable technology to protect and recover Microsoft Exchange systems. While very easy-to-use, these sophisticated technologies ensure that Microsoft Exchange remains properly protected and ready for recovery events, allowing customers and partners to sleep easy at night, knowing they are prepared to handle any disaster that may befall their Exchange infrastructure.
Supported Exchange Versions
Backup Exec supports all major versions of Microsoft Exchange, including Exchange 2003/2007/2010/2013. Please note that for Exchange 2010/2013 systems, the Backup Exec server must be hosted on 64-bit hardware. For a complete list of supported software platforms and applications, please refer to the Backup Exec Software Compatibility List (SCL): http://entsupport.symantec.com/umi/V-269-1.
Components Used to Protect Exchange
The Backup Exec Server
The primary component used to protect and recover Microsoft Exchange is the Backup Exec server. The Backup Exec server interacts with the Exchange system to prepare the system for backup, to capture backup data selections, to store backup sets to the target storage device, and to perform recovery operations.
The Agent for Windows
For physical Exchange servers, the Backup Exec Agent for Windows is installed to the physical Exchange servers to identify, capture, and transmit Exchange backup data to the Backup Exec server for storage. For Exchange 2007 and later (Exchange 2003 does not have a VSS writer), Exchange backup data is captured through VSS snapshots and transmitted by the Agent for Windows to the Backup Exec server over the NDMP protocol, using a secure (TSL/SSL) and trusted connection.
For virtualized Exchange servers on the VMware vSphere or Microsoft Hyper-V platforms, the virtual machines hosting Exchange are protected using image-level backups through snapshot interactions with the virtual host. In these virtualized configurations, the Agent for Windows can be installed on the Exchange virtual machine to enable application discovery and metadata collection, allowing for granular application recovery features for virtualized Exchange servers. Protection of virtualized Exchange servers without the Agent for Windows installed is also supported, but virtual recovery options are limited to full virtual machine recovery and file/folder recovery.
Additional information on the differences in how Backup Exec can be used to protect physical and virtualized Exchange servers is provided in “The Agent for Applications and Databases.”
The Agent for Applications and Databases
When protecting either physical or virtualized Exchange servers with Backup Exec, a license for the Agent for Applications and Database is required before Backup Exec can perform backup and recovery operations of Exchange application data.
Enabling the Agent for Applications and Databases
Whether the Agent for Applications and Databases license is included or purchased separately depends on the Backup Exec version that is being used. For example, the standard Backup Exec 2012 product allows customers to pick and choose the different agents and options they need to protect their environment, while the Backup Exec 3600 Appliance includes unlimited use of the Agent for Applications and Databases in its core license.
It’s important to note that the Agent for Applications and Databases does not represent a true software agent that needs to be pushed or installed to a physical Exchange server in order to protect it; the license simply unlocks the ability for Backup Exec to interact with and protect Exchange components. The Agent for Applications and Databases also enables the use of Backup Exec’s VFF driver, which is used for advanced granular recovery operations.
Backup Exec and Integrated Archiving for Exchange – Part XI … More Performance Notes and Recommendations
Archiving Backups Stored to Tape
The Backup Exec 2012 SP2 Exchange Mailbox Archiving Option does not currently support archiving from backup data stored to tape media.
Backup Storage Types Supported for Exchange Archiving
In order to be eligible for archiving, backup sets must be stored to one of the following storage location types:
- Non-removable disk storage
- Deduplication disk storage
- A storage array in a Storage Provisioning Option environment
Data Removal Best Practices
It is recommended that vault store properties be set so that items are deleted from the original location only after vault stores are backed up. This is the default setting. Schedule vault store backups (full or incremental) to run between every run of archive tasks. That way, every archive task will be able to remove those items from the original location that were archived by the previous run of the archive task, thereby providing storage savings on the primary system and its subsequent backups.
End User Recovery of Archived Emails
The Backup Exec 2012 SP2 Exchange Mailbox Archiving Option provides the user-friendly Virtual Vault feature designed to make end user recovery of archived emails a very simple and painless process. It is recommended that Backup Exec 2012 SP2 administrators take full advantage of this feature. For details on configuring Virtual Vault for end users, please refer to the Backup Exec 2012 SP2 Administrator’s Guide Addendum.
Archive Storage Configuration Best Practices
Configure your backup destination storage to use different disks than your vault store partitions. This will give better performance for archive tasks that read data from backup sets and ingest the data into archives, as reading and ingestion processes will have separate physical disk resources at their disposal.
Configure your archive indexing location to use different disks than your vault store partitions. This will give better performance for archive tasks that index data as it is being archived, as indexing and ingestion processes will have separate physical disk resources at their disposal.
Microsoft Outlook Required
The Backup Exec 2012 SP2 Exchange Mailbox Archiving Option requires Outlook 2007 SP2 (including Microsoft hot fix 968858) to be installed to the Backup Exec 2012 SP2 server. Microsoft Outlook should be installed before installing the Exchange Mailbox Archiving Option.
Before installing the Exchange Mailbox Archiving Option, be sure that DNS has been configured correctly. The Backup Exec 2012 SP2 server adds its own alias into DNS, and Symantec has found that a large percentage of customer issues relating to the installation and configuration of the Backup Exec 2012 SP2 Exchange Mailbox Archiving Option are related to environments where DNS is not configured correctly. The installation wizard will prompt for a fully qualified domain name in order to create the DNS alias.
Exchange Objects not archived by an Exchange Mailbox Archiving Task
The following Exchange objects are not valid candidates for archiving tasks:
- Mail messages that have pending reminders
- Any Exchange items other than mail messages, such as address book entries and calendar items
- Mail messages in Exchange managed folders, journal mailboxes, or in public folders
Exchange Mailbox Archiving Option Sizing Guidelines
The Backup Exec 2012 SP2 Exchange Mailbox Archiving Option requires permanent disk space for the following archiving components:
- Vault store
- Vault store partitions
- Index locations
- The following SQL Express or SQL Server databases:
- Directory database
- Vault store databases
- Fingerprint databases
As the data in a vault store grows, additional vault store partitions can be added to provide additional capacity. Local drive or network shares can be used for vault store partitions. The following section offers introductory sizing guidelines for administrators; for further details, please refer to the Backup Exec 2012 Administrator’s Guide.
Sizing Guidelines for the Exchange Mailbox Archiving Option
Symantec supplies certain formulas that administrators can use to estimate disk space requirements for the Exchange Mailbox Archiving Option. The following values and variables are used in the formulas:
- ‘N’ is the number of emails
- ‘m’ is the average number of identical copies of attachments across user mailboxes
- The compression factor for attachments is estimated as 60%; if the attachments are mostly Office 2007 files, the compression factor to use is 90%
- The average number of emails that have attachments is estimated at 20%
- The average size of an email attachment is estimated at 250 KB
Vault Store Partition Size
The size of a vault store partition used for Exchange Mailbox Archiving Option depends on the following items:
- Size of the emails
- Type of attachments
- Number and size of the attachments
- Number of emails with attachments
Vault store partition sizing formula for the Exchange Mailbox Archiving Option for which single instance storage is enabled:
(Nx16) + ((1/m) x (Nx0.2×0.6×250) kilobytes
For example, if you want to know the disk space requirements for a vault store partition for 100,000 emails, you estimate that each email attachment is shared across three people on average. The calculation for the approximate disk space requirements would be as follows:
(100000 x 16) + ((1/3) x 100000 x 0.2 x 0.6 x 250) kilobytes = 2.6 GB approximately
The size of an index is approximately 8% of the total size of the items that are archived. The percentage may be less if there is less content to index. For example, there is less content to index when there are large attachments such as MP3 or .jpeg files.
Example: You have 100,000 emails that each has a body size of 8 KB. About 20% of the emails have attachments, each with an average total size of 250 KB. The index size is approximately 450 MB.
Directory Database Size
The Directory database only grows when a new mailbox or share is archived for the first time. The recommended disk space allocation is 500 MB.
Vault Store Database Size
The size of a vault store database is approximately:
N x 500 bytes
The vault store database grows with every item that is archived. Temporary space is used to hold information on the items that have not been backed up or indexed.
Fingerprint Database Size
The fingerprint database is created only if you enable single instance storage of archived items. Backup Exec 2012 SP2 initially allocates 212 MB for the fingerprint database. The fingerprint database grows with every item that is archived.
If the database grows to more than 212 MB, use the following calculation to estimate the disk space that it requires:
1/m x Nx0.2 x 500 bytes
Exchange Mailbox Analyzer Tool
To assist with planning efforts around Exchange email archiving, an Exchange mailbox analyzer utility is available for download from the SymIQ for Partners portal.
Exchange Mailbox Analyzer (EMA) is a tool that examines Microsoft Exchange Server 2003, 2007, and 2010 environments to collect information on:
- Number of messages
- Size of messages
- Age of messages
- Number of attachments
- Size of attachments
- Top users
- Duplicate attachments*
- Duplicate message bodies*
The results collected can be imported into the Enterprise Vault 8.0 sizing tool to help estimate sizing requirements for Enterprise Vault.
Client-side deduplication uses a process whereby deduplication calculations, meaning the identification of unique and non-unique blocks and the skipping of non-unique blocks, is driven by the local Backup Exec 2012 SP2 agent locally installed to the protected server. The advantage of using this method is that only the unique blocks of data are transferred to the Backup Exec 2012 SP2 server, greatly reducing the data traffic impact on network or LAN.
Backup Exec Server-side Deduplication
The Backup Exec server-side deduplication method uses a process where all backup data is transferred to the Backup Exec 2012 SP2 server before deduplication calculations are made. After backup data has arrived at the Backup Exec 2012 SP2 server, blocks are fingerprinted and identified as unique or non-unique, and either kept or skipped respectively.
The appliance deduplication method leverages a 3rd party deduplication device to handle all aspects of deduplication. Backup data is transferred to the appliance device for storage, while catalog information is transferred to the Backup Exec 2012 SP2 server.
The Backup Exec 2012 Hardware Compatibility List (HCL) contains information about all 3rd party deduplication devices that have been certified with Backup Exec 2012 SP2.You can find a list of compatible operating systems, platforms, and applicationsat the following URL: http://entsupport.symantec.com/umi/V-269-1
Flexible Deduplication Choices
Different deduplication methods can be mixed and matched to better service the configuration needs of Backup Exec 2012 SP2 customers.
Integrated Block-level Deduplication for Backups
Configurations are not restricted to a single deduplication method for a particular environment. Some protected servers will be better matched for one type of deduplication or another, and Backup Exec 2012 SP2 administrators have the flexibility to mix and match deduplication methods in order to tailor protection to meet the specific needs of their environment.
Combining the SIS deduplication technology within the Exchange Mailbox Archiving Option with the Deduplication Option can offer additional storage savings for Backup Exec 2012 SP2 administrators, allowing them to reduce storage costs by getting the most out of the backup and archiving storage resources at their disposal.
Support for Modern Microsoft Exchange Environments
The Backup Exec 2012 SP2 Exchange Mailbox Archiving Option supports modern Exchange email environments such as Exchange 2007 and 2010. This includes Exchange 2010 environments using a Database Availability Group (DAG) configuration.
Note: Backup Exec 2012 SP2 does not support the archiving of Exchange 2013 environments.
For a complete list of supported Exchange versions and supported operating system platforms, please refer to the Backup Exec 2012 Software Compatibility List (SCL).
You can find a list of compatible operating systems, platforms, and applications at the following URL:
Recovery of Archived Emails
Administrator Recovery of Archived Emails
Backup Exec 2012 SP2 administrators will always have full rights to recover email data that has been archived into the vault store. This is done using the search and restore functionality of Backup Exec 2012 SP2 user interface, which allows administrators to search against all protected data managed by the Backup Exec 2012 SP2 server, including backup data and archive data.
Backup Exec 2012 SP2 administrators can recover archived emails directly back to the original Exchange server or to an alternate server, and have the option of whether or not to overwrite emails of the same name if they already exist on the destination server.
End User Recovery of Archived Emails
End users can recover archived email data using the Virtual Vault feature of the Backup Exec 2012 SP2 Exchange Mailbox Archiving Option. Virtual Vault integrates with Microsoft Outlook allowing end users to search and find archived emails and associated attachments using the search tools built into Outlook itself. This method greatly simplifies end user email recovery of archived emails, as it is done through the Outlook interface with which end users are already familiar.
The Virtual Vault appears within the Outlook interface as another mailbox ‘node’ which contains email items that have been archived from the production Exchange server’s storage to the vault store. When end users find an email in Virtual Vault representing the archived email they need to recover, they simply open the email object directly within the Virtual Vault node as they would any normal email object.
Virtual Vault within Microsoft Outlook
Backup Exec Server-side Deduplication
Do you have VMware ESX or vSphere servers with high average processor utilization? If so, the Backup Exec server-side deduplication method can be a useful and effective deduplication solution for these environments. This method of deduplication is performed entirely on the Backup Exec server and does not impact source systems any more than a typical backup would.
The Backup Exec server-side deduplication method performs the deduplication processes against data when it arrives at the Backup Exec server – that is, just before the data is laid down on disk. Data is transmitted in its whole, un-deduplicated form, and then decomposed into deduplication blocks in-line by the Backup Exec server. Only the unique data blocks (that is, the data that the deduplication disk storage device doesn’t yet contain) are stored.
Figure 4: Backup Exec Server-side Deduplication
The Backup Exec server-side deduplication method is optimal for situations where:
• High Processor Utilization on Remote Servers
If the remote system has no processor cycles to spare for deduplication calculations, Backup Exec server deduplication can take the load and still perform deduplication.
• VMware Environments
When using the Agent for VMware and Hyper-V to capture image-level backups of VMware virtual machines, Backup Exec server-side deduplication must be used.
Backup Exec server-side deduplication is not recommended for the following environments:
• Remote Office Protection Over a WAN
With Backup Exec server-side deduplication, the Backup Exec server receives the entire data set before deduplication takes place. This is not a WAN-friendly method of deduplication. Generally, remote office protection without local storage should use client-side deduplication.
Any Backup Exec server that has the Deduplication Option licensed can utilize the Backup Exec server-side deduplication method. Most agents and backup types supported by Backup Exec can take advantage of the space savings inherent with Backup Exec server-side deduplication.
Backup Exec 2012 SP2 Agent Backup Exec Server-side Deduplication Support
Agent for Windows Yes
Agent for Linux Yes
Agent for Mac Yes
Agent for Applications and Databases Yes
Agent for VMware and Hyper-V (VMware) Yes
Agent for VMware and Hyper-V (Hyper-V) Yes
Some Backup Exec customer environments have an existing investment in deduplication-enabled appliances for onsite backup, offsite storage (disaster recovery), and remote office protection. The appliance deduplication method is an excellent fit for these environments.
The appliance deduplication method uses Symantec’s OpenStorage (OST) technology in conjunction with both a 3rd-party deduplication appliance and a manufacturer-developed OST plug-in. Together, these components enable the following:
• Intelligent Replication Tracking
Many 3rd party deduplication appliances include a replication feature enabling data to be efficiently copied from one device to another downstream device. When backup data is transferred by a Backup Exec server to a deduplication appliance through the OST plug-in, the Backup Exec server is able to track when data is replicated to additional appliances. This allows the Backup Exec server to be able to restore data from both the original deduplication appliance or from any of the additional appliance replication destinations.
Appliance deduplication requires that the Backup Exec server be paired with one or more supported OST-based deduplication appliances. Symantec Backup Exec is committed to expanding the breadth and depth of OST partners certified to work with Backup Exec, so additional OST devices are being certified and supported as they complete Backup Exec’s internal qualification processes.
For more information on supported 3rd-party appliances compatible with the OST-based appliance deduplication technology within Backup Exec 2012 SP2, please refer to the Backup Exec 2012 SP2 Hardware Compatibility List (HCL) available online.
Very loosely, we were instructed to delete everything pre dot com bubble bursting (2000), keep everything post and now we are fast running out of data centre disk allocation space, err?
In fact it’s wonder we manage to do anything given the amount of information we need to process. As a consequence we are now facing a greater threat – too much information. There are somewhere between 60 to 160 Billion mails sent around the world every single day. These emails include attachments such as reports, presentations, letters and pictures. In spite of the limitations such as privacy and too much unwanted mail, email is the best way to communicate efficiently, quickly and cheaply. The danger with email, as with any other way of sharing information, is that too much information simply clogs the system up and become a bottleneck to productivity.
Here are some useful top tips that may help:
- Understand the new business user – organisations must better understand the challenges employees are facing when navigating the world of information management. Look at when and how employees are accessing their information, make sure that data is indexed and categorised, and that intelligent archiving and search tools are available
- Prepare the infrastructure – with the relentless flow of information only set to continue, IT infrastructure must be able to cost effectively manage the increasing requirements for storage by implementing solutions able to dedupe and archive appropriately, automate processes and monitor and report on system status across all different devices and environments
- Prepare people – create IT policies that educate employees on how to manage their information – from email practices like limiting the ‘CC’ and ‘reply to all culture’, to saving only the latest document version and overcoming the fear of the delete button. Help employees understand the company’s information retention strategy so they know what information is recoverable. This will empower them to take charge of information control and maintain productivity and efficiency
- Keep security front of mind – it seems like an obvious statement, but reinforcing company security policies around mobile devices could protect against significant and damaging data loss. Make sure employees know the company processes and take advantage of technologies that enable the IT department to see where the most important information is, at all times
- Encourage staff to switch off – with the information era in full swing and with more and more opportunity for employees to stay connected at all times, it’s important that organisations support staff welfare and encourage them to switch off every once in a while
Seriously consider optimising your storage to reduce overall front end storage usage. Improving capacity can be done through integrated archiving and deduplication as well as tiering your storage. Archiving moves old data to a separate store so you don’t have to backup the same data day-in, day-out – forever. Deduplication only backs up data (at a block level) once, using a pointer to the unique data. So you can both reduce the amount you backup as well as dramatically reducing your backup window with archiving and data deduplication.
But, I hear you say, if I implement deduplication technology what are the benefits? Well, Backup Exec can help with that too. Read all about the Backup Exec Deduplication Assessment Tool in Part III.