Five disaster-proofers take different tacks to mail server protection
Cemaphore MailShadow is an effective product that allows you to take a granular approach to protecting e-mail accounts. High-priority users can be replicated while others are protected only by backups, resulting in lower replication costs. Although some admins may take issue with the absence of automated fail-over, the product is easy to set up and administer and offers a reasonable value.
Quest Availability Manager for Exchange
Quest offers QAM (Quest Availability Manager) alone or as part of the Quest Availability Suite. The suite also includes a management application that proactively monitors Exchange, looking for data errors or configuration errors that might cause problems. I tested the management product, Quest Spotlight on Exchange, earlier this year.
QAM -- Version 2.0 in this review -- works in a fashion similar to MailShadow, allowing the administrator to designate specific mailboxes to be protected and moving users to a reserve server if any of the protected Exchange servers becomes unavailable. As does MailShadow, QAM replicates transactions rather than duplicating the message store, so it is not vulnerable to replicating database problems, and one backup server can protect multiple primary Exchange servers.
As opposed to MailShadow, QAM does use an agent on the server, but it offers additional benefits, including automatic fail-over from the primary to the secondary mailbox store. Another advantage is lower pricing per mailbox than MailShadow.
Installation of QAM involves the agent and an extension to the Microsoft Exchange System Management application to allow it to manage the QAM functions as well. In addition, you must give the Administrator account the proper permissions and set up a service account. Finally, you will need a second mailbox store, which may either be on the same Exchange server as the primary or on a second Exchange server. QAM allows you to set up secondary stores on two Exchange servers so that each fails over to the other, or to set up Click for larger view. a backup Exchange server with stores for each primary Exchange server in the enterprise.
If QAM detects a failure on the primary Exchange server, either in the availability of the store or in Exchange services, it will initiate fail-over to the secondary store. Users will have to restart Outlook to switch to the secondary store, and QAM provides an alert notifying them of this. It takes about five minutes for the fail-over process to take place, during which users cannot access their accounts, although incoming messages are still received by the backup Exchange server.
When the administrator shifts mailboxes back to the primary Exchange server, all changes made to the secondary server are replicated back to the primary.
Quest offers a variety of applications to make managing Exchange easier, including a monitoring/troubleshooting application, migration managers to ease the transition from older versions of Exchange to newer ones, and more. Tight integration among these applications makes overall management easier and can also help prevent problems such as mailbox store corruption from happening in the first place. Given the low cost of $8 per mailbox ($10 per mailbox for the suite), Quest Availability Manager is easy to recommend to any administrator who can live with a five-minute delay in availability of e-mail for end-users.
DigiVault is a backup product, not a fail-over system, but because it provides continuous data protection, it has a place in the high-availability scenario. It uses a small agent on each Exchange 2000 or Exchange 2003 server to track all changes to the database. All transactions are recorded as they occur, ensuring no loss of e-mails that have arrived since the last backup. I tested Version 1.4.
Multiple Exchange servers can be protected by one DigiVault repository and be managed from a single console. Backups can be scheduled, but restores are performed manually.
DigiVault requires domain admin privileges to install. The console and the DigiStore vault can share the same system. The DigiStore repository requires enough storage to hold the mail stores for all servers you want to protect. Although the repository is compressed, storage requirements will quickly mount if you keep each version of messages in the store. Archiving can be driven by fine-grain policies, but policy is applied on a per-store basis. You can track every change to some accounts, while keeping only the latest copy of other mailboxes, but only by spreading the accounts across separate stores.
One console is used to manage backups and restores for all servers in the domain. The data store is encrypted using a public/private key. Transmissions to the data store can be encrypted as well, if the store is at an off-site location connected via WAN.
Restores must be performed on unmounted stores, meaning users’ mailboxes must be offline until the recovery is complete. Restores went quite rapidly in my testing, however, with a 1.1GB mailbox restored in less than a minute. Data can be restored to a different server or mailbox, if necessary for auditing purposes. Transactions received since the last backup are backed up before the restore commences.
DigiVault does not provide high availability in the same sense as the other products covered here, but it should be considered as an adjunct for the others, and it may be enough for organizations that can tolerate short periods of unavailability. DigiVault works with Lucid8’s GOexchange product to find and correct errors in the store and rebuild indexes to provide a more reliable environment in Exchange.
Each of these solutions offers benefits and disadvantages, and pricing varies widely. Which is least expensive will depend on how many users per server you have. If yours is one of those organizations that actually manages to support thousands of users per Exchange server, Neverfail’s $7,600 per server pair might be cheaper than Quest’s $8 per user, per year. You’ll also need to look at how many additional servers are required. All but Neverfail can protect multiple Exchange servers with one backup server, Neverfail requiring one backup server for each Exchange server protected.
The degree of automatic protection and impact on the end-user also varies widely. DigiVault requires taking the mail store offline to restore it, and in the event of hardware failure, it requires a complete re-install. It’s intended to protect against data loss, not outages, and it does this well. MailShadow requires admins to initiate a manual switch-over for affected users and requires users to restart Outlook. Quest has automated switch-over for affected users, although Outlook will have to be restarted. Both Neverfail and SteelEye provide automatic fail-over for a whole server, and SteelEye provides additional many-to-one functionality at a lower price.
The best fit for you will depend on the percentage of your user accounts that need to be protected, how many Exchange servers you have to protect, how much you care about having to install an agent on the Exchange server, and whether you regard database corruption as a major threat. Although database corruption is not likely, the process to recover from it can be so terrible that it’s worth additional protective measures, either through a CDP product such as DigiVault or via the transaction-based replication MailShadow and Quest provide.
Ease of administration (15.0%)
User impact (20.0%)
Overall Score (100%)
|Neverfail for Exchange 5.0||8.0||8.0||8.0||7.0||8.0||9.0|
|SteelEye LifeKeeper for Exchange 5.2||7.0||8.0||8.0||7.0||9.0||9.0|
|Cemaphore Systems MailShadow 2.0||7.0||7.0||7.0||7.0||8.0||7.0|
|Quest Availability Manager for Exchange 2.0||8.0||8.0||9.0||8.0||9.0||8.0|
|Lucid8 DigiVault 1.4.2||8.0||8.0||8.0||8.0||7.0|
You may still be better off sticking with Win7 or Win8.1, given the wide range of ongoing Win10...
Early results look promising: the many-hours-long Win7 waits may be behind us
Now that we're down to the wire, many upgraders report that the installer hangs. If this happens to...
Sponsored by Hewlett Packard Enterprise
Hello, computer: Hands-free computing a la 'Star Trek' is coming soon
Looking for a job in tech or planning to make a career change? Here is CareerCast's list of the top 10...
A new report pulls back the curtain and reveals the ‘Wild West’ of unrestricted facial recognition...
APT group FruityArmor exploited Windows GDI memory handling to break out of browser sandboxes and...