Virtualized Exchange Servers in Distributed Configurations
As previously described, Backup Exec supports modern image-level (“agentless”) protection of VMware and Hyper-V virtual machines, including virtual machines hosting applications such as Exchange. It’s important to note that Backup Exec does not currently support image-level backups of virtualized Exchange servers in a distributed configuration. Only virtual standalone Exchange servers are supported for image-level backup and granular recovery.
In order to achieve granular recovery support of virtualized Exchange servers in a distributed configuration, such as an Exchange 2010 Database Availability Group (DAG), the virtual machines must be protected using agent-based backups, which essentially treats each virtual machine as if it were a standalone, physical system.
Note: Backup Exec does not support granular recovery of Exchange 2013 mailbox objects. This functionality is planned for a later release of Backup Exec.
Protection of Physical Exchange Servers
For physical Exchange servers, the Agent for Windows is installed locally to the Exchange server. The Agent for Windows interacts with the physical Exchange server to prepare the Exchange databases for backup and to transmit backup data to the Backup Exec server over the NDMP protocol.
Backup of Physical Exchange Servers
VSS Integration and Physical Exchange Servers
Backups of physical Exchange servers that are captured by the Agent for Windows are snapshot backups performed using Microsoft’s VSS Writers (the only exception is Exchange 2003, which does not have a VSS writer). In most cases, Backup Exec uses a VSS full backup, which ensures that Exchange is placed into a consistent state at the time of backup and also truncates transaction logs, a key element of maintaining a healthy database application over time.
The Agent for Windows can only protect Exchange components of a server after the Agent for Applications and Databases has been licensed within Backup Exec.
Granular Application Recovery of Physical Exchange Servers
In addition to preparing physical Exchange servers for backup and transmitting Exchange backup data to the Backup Exec server for storage, the Agent for Windows also plays a key role during Exchange recovery. For example, the presence of the Agent for Windows locally installed to a physical Exchange server enables the Backup Exec server to directly transmit and restore granular Exchange objects back to the production Exchange environment of an organization.
Offhost Backups of Physical Exchange Servers
Backup Exec also supports offhost backups of physical Exchange servers. Offhost backups help alleviate the processing overhead of backup operations from the physical Exchange server and transfer them to the Backup Exec server.
For more information on Backup Exec and configuring offhost backups of physical Exchange servers, refer to the Backup Exec Administrator’s Guide and the following technote: http://www.symantec.com/docs/HOWTO12231.
Granular Application Recovery of Exchange Virtual Machines
To enhance Backup Exec’s virtual machine protection and recovery capabilities, particularly when the virtual machine is hosting Exchange, the Agent for Windows should be installed into the guest virtual machine itself. In this configuration, Backup Exec can still capture snapshot-based, image-level backups of the destination virtual machine, but can then also offer dynamic application discovery capabilities and granular recovery of Exchange application components, all from a single-pass backup. In other words, even with the Agent for Windows installed to the virtual machine, the backup process remains what is known in the industry as an “agentless” backup; the presence of the Agent for Windows within the virtual machine simply allows for application metadata capture and granular recovery of application objects directly back to the original virtual machine.
Agent for Windows Enables Granular Recovery of Virtualized Exchange Servers
While Backup Exec fully supports protecting virtualized Exchange servers without installing the Agent for Windows to the virtual machine, recovery options are limited in this configuration. When the Agent for Windows is not present on the Exchange virtual machine, Backup Exec has no direct knowledge of Exchange being present on the virtual machine, and recovery options are limited to full virtual machine recovery and file/folder recovery.
Application-specific recovery features are only available when the Agent for Windows is installed to the Exchange virtual machine, which allows Backup Exec to discover the Exchange application and capture the Exchange metadata needed to enable application-specific recovery features.
VSS Integration and Virtualized Exchange Servers
When protecting virtualized Exchange servers, Backup Exec utilizes Microsoft’s VSS service to prepare the Exchange virtual machine for backup and truncation of Exchange transaction logs. For VMware environments, these VSS calls are made to the Agent for Windows on the Exchange virtual machine through interactions with the vStorage API, and involves the VSS writer on the virtual machine. The VSS writer will be either the VSS writer included with VMware Tools, or the Backup Exec VSS writer that is installed with the Agent for Windows. For Hyper-V environments, a similar process happens through interactions with the Hyper-V host via the local Agent for Windows agent installed to the Hyper-V host. The VSS writer that is used to prepare the virtual machine for backup will be either the VSS writer installed to the virtual machine along with Hyper-V Integration Services, or the Backup Exec VSS writer that is installed with the Agent for Windows.
With either VMware or Hyper-V environments, Backup Exec invokes a virtual machine-level VSS full backup, which prepares Exchange for the virtual machine snapshot event and truncates Exchange transaction logs. If the Agent for Windows is installed to the Exchange virtual machine, the VSS backup method can be changed to a VSS copy, which will not truncate log files.
For more information, refer to the following technote: http://www.symantec.com/docs/HOWTO74082.
Uniquely Named Mailbox
To enable key features related to the protection and recovery of Exchange servers, such as granular recovery of Exchange objects, Backup Exec must have access to a uniquely named mailbox within the Exchange infrastructure. Access to this mailbox enables Backup Exec to interact with Exchange and important components within the Exchange Information Store. In order to enable granular recovery of Exchange objects, you must use the appropriate Exchange Server management utility to assign the user account to the Exchange Organization Administrators role (Exchange 2007) or the Exchange Organization Management role (Exchange 2010/2013).
The uniquely named mailbox cannot be hidden in the Exchange Global Address List.
For more information about this mailbox and associated requirements, refer to the Backup Exec Administrator’s Guide or the following technote:
- Ensuring Exchange mailbox name is unique http://www.symantec.com/docs/TECH24691.
Exchange Management Tools
You must install the Exchange Management Tools on the Backup Exec server. The management tools on the Backup Exec server must be the same version or later as the management tools that are on the Exchange Server. For more information about installing the Exchange Management Tools, refer to your Microsoft Exchange documentation.
Protection of Virtualized Exchange Servers
For virtualized Exchange servers, Backup Exec interacts with the Exchange server through the virtual host, either through software APIs provided by the virtual infrastructure (VMware), or through the Agent for Windows installed to the virtual host (Hyper-V). For virtualized Exchange servers, Backup Exec fully supports what is generally known as “agentless” backup, both for VMware as well as Hyper-V environments.
Backup of Virtualized Exchange Servers
For additional information on requirements for protecting Exchange environments using Backup Exec, refer to the Backup Exec Administrator’s Guide and the following technotes:
- General Exchange protection requirements: http://www.symantec.com/business/support/index?page=content&id=HOWTO24128
- Exchange granular recovery requirements: http://www.symantec.com/docs/TECH51740
Note: “Licensing Backup Exec in Exchange Environments” provides more information about the Agent for Applications and Databases licensing.
Exchange Protection Methods and Technology
Backup Exec employs modern, highly advanced, and scalable technology to protect and recover Microsoft Exchange systems. While very easy-to-use, these sophisticated technologies ensure that Microsoft Exchange remains properly protected and ready for recovery events, allowing customers and partners to sleep easy at night, knowing they are prepared to handle any disaster that may befall their Exchange infrastructure.
Supported Exchange Versions
Backup Exec supports all major versions of Microsoft Exchange, including Exchange 2003/2007/2010/2013. Please note that for Exchange 2010/2013 systems, the Backup Exec server must be hosted on 64-bit hardware. For a complete list of supported software platforms and applications, please refer to the Backup Exec Software Compatibility List (SCL): http://entsupport.symantec.com/umi/V-269-1.
Components Used to Protect Exchange
The Backup Exec Server
The primary component used to protect and recover Microsoft Exchange is the Backup Exec server. The Backup Exec server interacts with the Exchange system to prepare the system for backup, to capture backup data selections, to store backup sets to the target storage device, and to perform recovery operations.
The Agent for Windows
For physical Exchange servers, the Backup Exec Agent for Windows is installed to the physical Exchange servers to identify, capture, and transmit Exchange backup data to the Backup Exec server for storage. For Exchange 2007 and later (Exchange 2003 does not have a VSS writer), Exchange backup data is captured through VSS snapshots and transmitted by the Agent for Windows to the Backup Exec server over the NDMP protocol, using a secure (TSL/SSL) and trusted connection.
For virtualized Exchange servers on the VMware vSphere or Microsoft Hyper-V platforms, the virtual machines hosting Exchange are protected using image-level backups through snapshot interactions with the virtual host. In these virtualized configurations, the Agent for Windows can be installed on the Exchange virtual machine to enable application discovery and metadata collection, allowing for granular application recovery features for virtualized Exchange servers. Protection of virtualized Exchange servers without the Agent for Windows installed is also supported, but virtual recovery options are limited to full virtual machine recovery and file/folder recovery.
Additional information on the differences in how Backup Exec can be used to protect physical and virtualized Exchange servers is provided in “The Agent for Applications and Databases.”
The Agent for Applications and Databases
When protecting either physical or virtualized Exchange servers with Backup Exec, a license for the Agent for Applications and Database is required before Backup Exec can perform backup and recovery operations of Exchange application data.
Enabling the Agent for Applications and Databases
Whether the Agent for Applications and Databases license is included or purchased separately depends on the Backup Exec version that is being used. For example, the standard Backup Exec 2012 product allows customers to pick and choose the different agents and options they need to protect their environment, while the Backup Exec 3600 Appliance includes unlimited use of the Agent for Applications and Databases in its core license.
It’s important to note that the Agent for Applications and Databases does not represent a true software agent that needs to be pushed or installed to a physical Exchange server in order to protect it; the license simply unlocks the ability for Backup Exec to interact with and protect Exchange components. The Agent for Applications and Databases also enables the use of Backup Exec’s VFF driver, which is used for advanced granular recovery operations.
We have become a species of information addicts – the “information explosion” is affecting the everyday lives of office workers. What is crystal clear is that we are all suffering from a 21st century ailment – Information Overload – and it is taking over our personal lives, working lives, and our businesses.
Businesses need to protect a broad range of information, generated in a plethora of ways, through multiple applications used by billions of individuals around the world. Organisations not only need to protect their information and IT infrastructure, but need to be aware of how the infrastructure facilitates the sharing and use of the information used by the organisation between, not just connections among colleagues, but linking businesses, from businesses to consumers, as well as between consumers themselves. In other words, all the collaborative environments, and the movement of data while in use.
Accessing work information out of hours, compulsively checking emails, texts and social media and hoarding endless emails and multiple versions of the same file are all symptoms of information overload. But the technology enabling us to be more productive (fantastic mobile devices and faster connectivity) together with the mismanagement of information is actually counter-productive.
Email is Business Critical
Email has become an indispensable way of communicating and transferring data in the modern electronic age. In the year 2010, it was estimated that almost 300 billion emails were sent each day, and around 90 trillion emails were sent every year. Considering the rate at which data continues to increase year-over-year, the number of emails sent today is likely significantly greater. Email is used for many forms of communication, including business critical communications for companies of all sizes.
Companies rely heavily upon email systems to conduct day-to-day business operations, and any significant period where access to email is lost is considered to be highly intolerable.
All email solutions used by modern businesses are based upon a server infrastructure hosting an email software system. Whether hosted locally on physical or virtualized servers, hosted by a partner, or hosted in the cloud, these email software systems support the incredible amount of email transmissions that happen every day, and can be implemented in many different sizes and configurations. Perhaps the most common and popular email system used in the industry today is Microsoft Exchange.
Because Microsoft Exchange plays such a critical role in the ability for organizations to conduct day-to-day business, it’s equally critical that companies employ protection solutions that enable them to quickly and easily recover their Exchange system should a data loss or disaster event occur. Backup and recovery solutions of the highest value will offer features that enable the following:
- Functionality designed specifically for Microsoft Exchange
- Protection of Exchange while it remains online and functional
- Ability to protect physical Exchange servers as well as virtualized Exchange systems
- Support for highly available Exchange configurations
- Adherence to Microsoft best practices for Exchange backup and recovery
- Optimization of secondary (backup) storage using data deduplication technology
- Support for local as well as offsite storage of backup data
- Multiple levels of recovery from a single-pass backup
Symantec Backup Exec
For many years, the Symantec Backup Exec product family has offered market-leading solutions for the protection of Microsoft Exchange, and solves each of the key problems mentioned above. The Agent for Applications and Databases offers purpose-built functionality to ensure Microsoft Exchange is properly protected against disaster and to help partners and customers quickly and easily perform any level of Exchange recovery, whether it’s bare metal recovery of a physical Exchange server, granular recovery of an individual Exchange email, or anything in between.
Key benefits of Backup Exec include the ability to:
- Reduce business downtime
- Eliminate complexity
- Spend less time managing backups
- Ensure critical information on virtual or physical systems is always protected
- Restore data in seconds
- Reduce storage and management costs
- Optimise network utilisation
- Eliminate redundant additional backup jobs
- Provide granular recovery of data for applications and databases
Performance Notes and Recommendations
Configuring Backup Exec’s Deduplication Disk Storage Device
Backup Exec 2012 SP2’s Deduplication Option allows customers to create a single deduplication disk storage device per Backup Exec server. A deduplication disk storage device is where all deduplication blocks are stored, regardless of whether client-side or Backup Exec serve-sider deduplication was used for a specific backup. A Backup Exec server hosting a deduplication disk storage device can hold up to 32 TB of deduplicated data. Note that the deduplication disk storage device is not utilized for backups and restores when appliance deduplication is used. Appliance deduplication stores all backup data on the specific appliance.
Processor Utilization with Client and Server Deduplication
Depending on the type of deduplication used, processor utilization will vary. In general, the deduplication process is not gated or throttled in any way, and is geared towards accomplishing deduplicated backups and restores of deduplicated data as quickly as possible.
Client-side deduplication performs the bulk of deduplication calculations on the client (or source) system. The client-side deduplication process will consume as much of one (1) core of one processor as it can on that client system during deduplication calculations. While the actual amount of processor utilization will depend on the amount of data to be deduplicated and the speed of the processor, expect to see at least 75% processor utilization for that processor core for the duration of deduplication processing. During catalog operations, CPU utilization on the client is very low.
Backup Exec server-side deduplication performs the bulk of the deduplication calculations on the Backup Exec server. Similar to client-side deduplication, the Backup Exec server-side deduplication process will consume as much of one (1) core of one processor as it can on that Backup Exec server system. While the actual amount of processor utilization will depend on the amount of data to be deduplicated and the speed of the processor, expect to see at least 75% utilization for that processor core for the duration of any Backup Exec server-side deduplication backup job. For both client-side and Backup Exec server-side deduplication, initial backup jobs will be the slowest. As time goes on, backup speeds increase as more database fingerprints are created within the database.
For agents that cannot use client-side deduplication (Agent for Mac, etc.) there is no change to system requirements as outlined in the Backup Exec 2012 Administrator’s Guide. This is also true for Windows and Linux Agents that do not choose to use client-side deduplication.
Memory Utilization with Client-side and Backup Exec Server-side Deduplication
With both client-side and Backup Exec server deduplication, the majority of memory consumption takes place on the Backup Exec server. This is primarily a performance optimization geared towards fast and accurate calculation of deduplication fingerprints. On the Backup Exec server, both client-side and Backup Exec server-side deduplication require 8 GB (gigabytes) of free physical memory for the first 5 TB (terabytes) of deduplicated data stored by the Backup Exec server. For storage beyond 5 TB of deduplicated data, a formula of 1.5 x N, where N is the total number of deduplicated storage in terabytes, is used to calculate free memory requirements. For example, if 8 TB of deduplicated data is stored, the Backup Exec server would require at 1.5 x 8 GB, or 12 GB, of free physical memory.
Memory requirements for clients using client-side deduplication are not very stringent. Symantec requires 1.5 GB of free physical memory on each individual client that uses client-side deduplication.
Backup Exec Server-side Deduplication
Do you have VMware ESX or vSphere servers with high average processor utilization? If so, the Backup Exec server-side deduplication method can be a useful and effective deduplication solution for these environments. This method of deduplication is performed entirely on the Backup Exec server and does not impact source systems any more than a typical backup would.
The Backup Exec server-side deduplication method performs the deduplication processes against data when it arrives at the Backup Exec server – that is, just before the data is laid down on disk. Data is transmitted in its whole, un-deduplicated form, and then decomposed into deduplication blocks in-line by the Backup Exec server. Only the unique data blocks (that is, the data that the deduplication disk storage device doesn’t yet contain) are stored.
Figure 4: Backup Exec Server-side Deduplication
The Backup Exec server-side deduplication method is optimal for situations where:
• High Processor Utilization on Remote Servers
If the remote system has no processor cycles to spare for deduplication calculations, Backup Exec server deduplication can take the load and still perform deduplication.
• VMware Environments
When using the Agent for VMware and Hyper-V to capture image-level backups of VMware virtual machines, Backup Exec server-side deduplication must be used.
Backup Exec server-side deduplication is not recommended for the following environments:
• Remote Office Protection Over a WAN
With Backup Exec server-side deduplication, the Backup Exec server receives the entire data set before deduplication takes place. This is not a WAN-friendly method of deduplication. Generally, remote office protection without local storage should use client-side deduplication.
Any Backup Exec server that has the Deduplication Option licensed can utilize the Backup Exec server-side deduplication method. Most agents and backup types supported by Backup Exec can take advantage of the space savings inherent with Backup Exec server-side deduplication.
Backup Exec 2012 SP2 Agent Backup Exec Server-side Deduplication Support
Agent for Windows Yes
Agent for Linux Yes
Agent for Mac Yes
Agent for Applications and Databases Yes
Agent for VMware and Hyper-V (VMware) Yes
Agent for VMware and Hyper-V (Hyper-V) Yes
Some Backup Exec customer environments have an existing investment in deduplication-enabled appliances for onsite backup, offsite storage (disaster recovery), and remote office protection. The appliance deduplication method is an excellent fit for these environments.
The appliance deduplication method uses Symantec’s OpenStorage (OST) technology in conjunction with both a 3rd-party deduplication appliance and a manufacturer-developed OST plug-in. Together, these components enable the following:
• Intelligent Replication Tracking
Many 3rd party deduplication appliances include a replication feature enabling data to be efficiently copied from one device to another downstream device. When backup data is transferred by a Backup Exec server to a deduplication appliance through the OST plug-in, the Backup Exec server is able to track when data is replicated to additional appliances. This allows the Backup Exec server to be able to restore data from both the original deduplication appliance or from any of the additional appliance replication destinations.
Appliance deduplication requires that the Backup Exec server be paired with one or more supported OST-based deduplication appliances. Symantec Backup Exec is committed to expanding the breadth and depth of OST partners certified to work with Backup Exec, so additional OST devices are being certified and supported as they complete Backup Exec’s internal qualification processes.
For more information on supported 3rd-party appliances compatible with the OST-based appliance deduplication technology within Backup Exec 2012 SP2, please refer to the Backup Exec 2012 SP2 Hardware Compatibility List (HCL) available online.
Keep your business up and running - by discovering backup and storage management inefficiencies you can cut costs, while making sure that your data is fully protected. Highly beneficial at a time when budgets are under strain.
It is really useful to go through the process of trying to find out:
- How well your data is protected
- If you are missing backing up critical data
- How prepared you are for increasing data volumes
- Whether your strategy supports business growth or lowers performance
- If you are taking advantage of the most cost-effective solutions available
It never ceases to amaze me how well we don’t know ourselves. To quote Polonius, “unto thine own self be true”; the more honest you are with yourself the more accurate and the more useful the results will be. We know our business, don’t we? We know that we are doing the best we can, aren’t we? It’s not like someone is trying to catch you out – give it a go, there are some pretty simple questions you can ask yourself just to get going, simply because the world has moved on, the drivers for improving backup and recovery operations are ever stricter:
- How can you keep business-critical applications running, delivering improved ROI, while complying with regulations
- How can you justify spending in times of budgetary constraint by demonstrating the quality and effectiveness of your systems
- What is the best way to convince business users of the importance of investing in backup solutions, before data is lost, while also establishing what should be backed up – and why
- How confident are you that you can cover all your IT service requirements? If you are not very confident – how not confident are you, 25%, 50%, or do you stick to all your business service agreements?
- What level of backup reporting do you have that allows you to justify future IT investment to optimise your recovery time objectives? Is there a requirement for reporting metrics, occasionally, or more regularly?
- How confident are you that your main business managers understand the importance of backup? Most of us take backup for granted but how confident are you that your backup policy covers all areas of the business?
Are you confident that you have the right backup and recovery systems in place and are getting the most out of them? A backup and recovery, or storage, assessment will highlight areas of weakness but also help to identify where Backup Exec can improve efficiencies and save you money.