A major part of having a setup of Exchange Server is to protect your setup from a complete disaster and ensure business continuity, without any data loss. If the server’s hardware is faulty or there is a software issue, you need to recover the service. You also need to take into consideration the human errors where the business must protect the data from accidental or intentional deletion.
How can we protect our infrastructure against disasters?
To protect your infrastructure against natural and other disasters (since these are unforeseen and you cannot predict them), you need to use the below methods to ensure resilience and recoverability of services.
- High Availability
The first thing that comes into mind is to have a reliable backup at your side. The backup software must be application-aware and compatible with the version of Exchange Server you have installed. If you have a Database Availability Group (DAG), you must ensure that the backup application is compatible with it as well. Backup applications which are not application-aware or compatible with your infrastructure, they might damage your live databases. In case of a disaster, you might go to restore and find out that the data cannot be used as the application is not compatible with your Exchange Server.
To ensure recoverability and long-term restore availability, it is recommended to keep backups in an archive for several years, depending on the government laws in the respective country and the business. The best solution to have this kind of restorability is by taking these backups offsite, since cloud storage of such magnitude would be expensive as compared to tapes.
Apart from the daily backups, the schedule would be like:
- Week 1 (rotation after 1 month)
- Week 2 (rotation after 1 month)
- Week 3 (rotation after 1 month)
- Week 4 (rotation after 1 month)
- Monthly Separate tape for each month (rotation after 12 months)
- End of Year tape, new tape for each year (never used again and stored in archive or fireproof safe)
The backups alone are important, but you need to also create a schedule to test these tapes and the recoverability of the data from the media. So, a schedule of two times a year would suffice to test restore data from these tapes. If something happens, you can recover from them.
With Exchange Server, you can setup high availability by using Database Availability Groups (DAG). When you setup high availability, if the primary server goes down, the system will automatically failover to the secondary server in the primary site. And if the primary site goes down, you will have an additional node in the secondary site to ensure that the business continues to work.
This is the recommended setup, but the site can consist of only two servers, with another unrelated server acting as a file share witness. The primary server will be the active copy of the database/s and will replicate the data to the passive copies on other servers. If the main server goes down, the mechanism in the cluster will automatically failover to the second server and configure the databases on the second server as the active copies.
In this case, you still need to take backups. In case all the servers are down and the sites are not available, you would need to restore all the servers on new hardware on a temporary site. You must also remember that as per Microsoft article, restoring from a snapshot of the virtual machine where you have Exchange Server installed is not supported.
According to Microsoft, “However, virtual machine snapshots aren't application aware, and using them can have unintended and unexpected consequences for a server application that maintains state data, such as Exchange. As a result, making virtual machine snapshots of an Exchange guest virtual machine isn't supported.”
In case of a full disaster recovery, you must rely on the backup solution to restore on the new site.
Recovery of accidental deletions
If a user deleted an email, folder, or item that need to be recovered, the Exchange Admin need to load up the backup when the email was thought to exist and restore the items accordingly. This would involve the restore of the database using these three methods:
The granular restore will not take that long if the backup software has the feature. But the Dial Tone Restore or Recovery Database would take longer as it involves the restore of the EDB file and requires enough resources to manage this.
In Exchange Server 2013 and Exchange Server 2016, you can enable the Messaging Policy and Compliance and Data Loss Prevention. These include the new Recoverable Items folder and enabling the Hold Policy on the mailbox. This will retain all the deleted and modified data for the specified timeline set by the company and drastically reduce the burden on the Exchange Admins where they would have to go through a lengthy process to recover the data required. Apart from this, if the emails were deleted before a backup was taken, the emails would not be recovered, unless the hold policy is in place. This can also come in handy as part of the security and data loss prevention. Even if the user deletes the emails, empties the recycle bin, and removes the recoverable items, the admins will still be able to recover the emails.
For more information on this, refer to the Microsoft links below:
In cases where everything goes as planned, you would not face any issues. However, if there are issues, the last thing you need is to be cornered by such an issue and not able to recover.
Finally, to ensure the recoverability of your precious data, you need to have a tool like, Stellar Repair for Exchange, in your arsenal of weapons. The tool can seamlessly open any version of the Exchange Server database and in any state, and export it to PST and other formats. It can also export directly to a live Exchange Database or an Office 365 tenant. Stellar Repair for Exchange is the right companion of an Exchange Admin to ensure full recoverability of data.