Protecting Microsoft Exchange Server against disaster and data loss is a constant challenge. The explosive growth of e-mail is increasing Exchange store size and straining existing disaster recovery methods. In particular, traditional data protection and disaster recovery tools for Exchange are falling short in the areas of recovery point and recovery speed. Log shipping is a database recovery method that exists for other commercially available databases and is scheduled to be included in the next major release of Exchange. This article introduces log shipping as a new method for protecting Exchange data and describes how it functions to improve recovery point and recovery speed.
Log shipping is a method of protecting structured database information and is deployed with market leading database products such as Oracle Database and Microsoft SQL Server Database. Log shipping combines a full database copy with a continuous process that copies all database transaction log files. Transaction log files are small files (size varies by application) that contain all additions and deletions to the database. In the event of a recovery, log files are "replayed" to the full database in the order that they were created. The replay process in effect brings the contents of the database back to a point in time just prior to the crash and results in minimal data loss.
Microsoft Exchange is database architecture but has not deployed log shipping in any of its prior releases. Microsoft, however, announced that log shipping will be included in Exchange E12; the next major release of Exchange that was scheduled to be released in late 2006 or early 2007. When log shipping is delivered, it will offer two major improvements for Exchange data protection. First, log shipping is a continuous data protection method and protects every log file. Log files in Exchange are 5 MB in size, which is quite small. By copying each log file to a standby server, log shipping protects Exchange data down to just a few messages; a major improvement over the traditional once-a-day backup practice that exposes up to 24 hours of message data to potential loss.
Second, log shipping is a disk-based recovery method and will improve recovery speed when engaged. In the event of a crash, the Exchange database files and log files are restored from disk and transferred quickly to the production Exchange Server. Compared to traditional tape-based data protection methods for Exchange that take hours to complete, log shipping promises to greatly reduce the time for Exchange database recovery.
Figure one illustrates log shipping for Microsoft Exchange at a high level. In step one, a full backup of Exchange is performed using the Extensible Storage Engine (ESE) Backup API. The full backup is performed online and copies all the Exchange database files to the standby server. Step two is a continuous process that copies all new Exchange Transaction Log Files (log files) to the standby server. As mentioned previously, these log files are 5 MB in size and contain all new additions and deletions to the Exchange database. Depending on Exchange activity, the number of new log files created in a given time period can become quite large. The third step is to replay the log files directly into the Exchange database copy on the standby server. This third step is critical because it keeps the Exchange database copies up-to-date and ready for disaster recovery. In the event of a disaster or Exchange database crash, Exchange database recovery can be performed fast from disk using the copies of the Exchange databases on the standby server.
In theory, the full backup of Exchange to the standby server (step one) need only be performed one time followed by the continuous copying of log files and log replay. Compared to current best practices that recommend a daily full backup of Exchange data, log shipping will reduce the impact of backup on the Exchange Server. The continuous process of copying log files to the standby server (step two) is minimal due to the small size of the log files and because the replay process (step three) is performed "off-host." In practice, it may be reasonable to perform a full backup to the standby server on a weekly basis with continuous log shipping in between. No matter – log shipping is configurable and can be modified to match individual needs and preferences.
In addition to improving Exchange recovery, log shipping has several other important benefits. Log shipping does not require expensive hardware or software. Your choice for standby server need not be similar in capacity to your production server and you can use the standby server for other tasks, helping to justify the standby server cost. Implementing log shipping is not difficult and once it is up and running, very little maintenance is required. Compared to third-party disaster recovery products that attempt to protect Exchange data with byte-level changes, log shipping is relatively inexpensive and easy to maintain.
Log shipping also benefits e-mail archival solutions. A challenge facing e-mail archival solutions is the need to capture 100 percent of Exchange data for regulatory compliance and litigation support – without impacting Exchange Server performance. E-mail archival solutions commonly use an Exchange feature called "journaling" as a means of capturing 100 percent of incoming and outgoing e-mail. Journaling is enabled for each mailbox store and keeps a physical copy of all incoming and outgoing e-mail data in a separate journal mailbox. For a given mailbox store, journaling effectively doubles the total message traffic. Therefore, as long as all other conditions such as CPU power, memory, and storage space remain constant, the enabled mailbox store can process approximately half of the message being sent. This results in approximately 15 to 35 percent performance degradation.
Log shipping offers a new approach to Exchange e-mail archival without requiring journaling. Because log shipping is a continuous back-up method, it satisfies the need to capture 100 percent of Exchange data, thereby replacing Exchange journaling. The data contained on the standby server is well suited for e-mail archival and it is performed "off-host" using a standby server with no impact on Exchange Server. This is a major improvement over traditional e-mail archival solutions that rely on journaling and severely impact Exchange Server performance.
Log shipping is a continuous back-up process that benefits Exchange disaster recovery and also benefits e-mail archival solutions that, in the past, relied on Exchange journaling to capture 100 percent of Exchange data for compliance. Log shipping dramatically improves Exchange recovery and in the event of a server failure, limits the loss of data to very little or none at all. Log shipping can replace Exchange journaling for capturing 100 percent e-mail data for e-mail archival without adding any performance burden on Exchange Server. Log shipping was to be a part of the next major release of Exchange due in late 2006 or early 2007.
Bob Spurzem has more than 20 years experience in high technology product development and marketing, and currently he is a senior product marketing manager with Mimosa Systems Inc. Prior to this, his experience includes work as a senior product marketing manager for Legato Systems and Veritas Software companies.
