Fail-over friends keep Exchange chugging
Five disaster-proofers take different tacks to mail server protection
In addition to the primary Exchange 2003 servers that host the mailboxes to be protected, MailShadow requires three physical systems: the Source MailShadow Gateway, the Recovery MailShadow Gateway, and the Recovery Exchange Server. In a corporate environment, the Source MailShadow Gateway would be hosted in the main Exchange datacenter, while the Recovery MailShadow Gateway and Recovery Exchange Server would be in a remote DR (disaster recovery) site. Only one gateway is needed at each end, and one Recovery server can support multiple Source servers. All of the servers should be in the same Windows domain.
Click for larger view.
When e-mail accounts have been designated as protected, there is an initial interval required for creating the backup accounts with the messages already existing in the protected accounts. The time necessary for this process will depend on the amount of e-mail stored in the inbox. In my tests, replicating an inbox of about 200KB took just a couple of minutes. But with an inbox of 1.1GB, initial replication took several hours. If you have a lot of users with fat inboxes, you might want to start replication over a weekend.
Administration via the MMC (Microsoft Management Console) snap-in is easy and follows the usual MMC conventions. Administrators can control replication by storage group, by Exchange server, or by individual accounts.
After the initial synchronization, any further transactions -- receipt of new mail, deletions of messages, moves from one folder to another, and edits of messages -- are captured and replicated to the backup server, in chronological order. This is done asynchronously, but in the same sequence as on the primary server. No agent is required on the primary Exchange server because MailShadow uses the Exchange transaction engine APIs via MAPI to identify transactions to replicate.
MailShadow identifies duplicate attachments, sending each attachment only once across a WAN link to reduce traffic loads.
As opposed to Quest, Cemaphore has chosen to use a manual fail-over process to avoid spurious fail-overs that could result in a conflict between the primary and backup mailboxes. With MailShadow, when a mailbox becomes unavailable the administrator must switch users over to the backup mailbox. This can be done on an individual basis or for all users on a given Exchange server. Users must restart Outlook to reconnect to the backup mailboxes.
When the primary Exchange server is brought back online, users can be switched back to the primary account. Any changes to the mailboxes that occur during the fail-over are incrementally updated on the primary server. If the primary Exchange server is completely wiped out, a full replication operation will take place. The switch-over process after the restore is manual as well.