6.5 Best practice 5: Select the right backup and recovery strategy

6.5 Best practice #5: Select the right backup and recovery strategy

Why back up? Today’s hardware and software environments are increasingly reliable. Techniques have been developed to protect massive amounts of information. However, no solution is perfect, and there is always a chance that some form of failure will occur. The failure could arise in hardware or software or through the fault of a human operator or administrator. For mission-critical applications, such as Microsoft Exchange Server, it is key to have a safety net so that production data and service can be restored in a minimal amount of time. Loss of data is very often associated with a crash or failure in the disk or storage subsystem. Hence, the important storage vendors in the industry have made substantial investments in data protection improvements. However, there are other ways in which information could be lost other than by a single disk crash:

• I/O subsystem failure

• System software failure

• Accidental or malicious deletion of information

• Destructive viruses

• Natural disasters

• Theft

A solid backup and restore strategy provides the basis for recovering information in a reliable manner. The backup type or combination of backup types you select can have a substantial impact on operational procedures, training, tape management, and restore times. It all comes down to tapes, time, and volume. Depending on which backup strategy you select, each of these will be affected. Table 6.4 shows the three basic backup strategies for Exchange 2000/2003. NOTE: The copy backup is not typically considered as a disaster-recovery operation for Exchange deployments, but as an archival or point-in-time copy option.

As one would expect, there are many trade-offs when selecting the right combination of backup types to include in your backup strategy for Exchange. The time required, the number of tapes, and the volume of data are all important considerations. If you select a daily normal backup, you gain the advantage of only having to deal with one tape (assuming your dataset can fit on one tape), and the time and volume of data are usually fixed, allowing you to plan your recovery windows better. If you choose to perform a normal backup on the first day of your backup cycle and combine this with daily incremental backups thereafter, day one is similar to option 1. However, the subsequent days on which incremental backups are performed are much quicker because only the log files are backed up. The problem with option 2 is that recovery is more difficult to manage because multiple tapes are required and the process will take more time. Option 2 also has more exposure to operator error or media failure. Option 3 is a middle-ground approach between options 1 and 2. With this approach, a normal (full) backup is taken on the first day, followed by differentials on subsequent days. This ensures that only two tapes are required for recovery since tape one will have the normal backup from day one (database, logs, and patch files), and tape two will contain all the log files accumulated since. Since you only have two tapes, time, volume, errors, and chance of media failures are also reduced. You will need to consider these trade-offs when selecting the strategy that works best for your Exchange deployment. Keep in mind that the method you select will in large part determine the time it takes to recover Exchange. From a best-practices point of view, most organizations I come into contact with have selected option 1 for obvious reasons. As the mission-critical nature of Exchange grows, the ability to limit the number of tapes, reduce errors and media failures, as well as simplify procedures, becomes paramount. While options 2 and 3 are viable solutions, most savvy Exchange administrators have discovered the advantages of option 1 and have made it their best practice.

Daily normal (full) —The advantage of a daily normal backup is simplicity. It is by far the simplest schedule and the easiest option to manage when you need to restore your Exchange databases because you need only the last normal backup set. This approach is also far less prone to operator error and tape-management problems due to its simplicity. One final advantage to daily normal backups is that the integrity-checking operations are performed each and every day to ensure that your database is not corrupt. Equally, this applies to ESE Page Zeroing, when enabled, and allows this operation to be performed daily, thereby potentially reducing system overhead by spreading out the impact of page zeroing. The only disadvantage to this approach is that it requires the entire volume of Exchange data to be backed up each day. Depending on the size of your Exchange databases, normal backups can be very time consuming and may not fit into daily backup windows available to your organization. Additionally, normal backup operations may require a tape swap each day due to management or capacity considerations.

Normal with incremental —The obvious advantage of the normal with incremental approach is that it takes the least time, backs up the least amount of data, and has the least impact on system resources. This is due to the fact that, after the first normal backup in the cycle, each daily backup merely consists of the transaction logs that have accumulated since the last backup. The disadvantages are also apparent because in order to restore, between two and seven backup sets (on a weekly cycle) will be required. This can complicate tape management and operational procedures and can be quite prone to operator error. Also, since only one normal backup (in option 1) is performed each cycle, the advantages of integrity checking and ESE Page Zeroing are also lost.

Normal with differential —The advantage of this approach is that, like the normal with incremental approach, less time, volume, and impact on the system are felt. In addition, a maximum of two backup sets will be required to perform a recovery—the last normal and the last differential set. Another side benefit of this strategy is that, throughout the week, multiple copies of the log files are stored because each differential backup is simply a cumulative of log files since the last normal backup. In the event that a log file from the current set is corrupt, another copy may be found on another differential backup set from a different day. The disadvantage to the normal with differential approach is that, each day, the differential backup set will be larger and take more time as log files accumulate over the duration of the cycle.

Whatever your strategy for recovering your Exchange Server data, it must meet your organizational requirements. In addition, your recovery strategy should include Exchange Server data viewed not only in terms of the entire information store or database, but also as smaller increments of recovery such as an individual mailbox or even an individual item such as a message. In your planning, you will need to address how recovery for each unit (server, database, mailbox, or item) will be accomplished. Your practices and procedures can leverage several technologies in unison or individually to accomplish these tasks. Your backup and recovery strategy must also account and compensate for limitations in Exchange Server’s capabilities. Since a maximum of four configured storage groups (and 20 databases) per server is supported in Exchange 2000/2003, you will have to plan even more carefully. The key is to guide your recovery strategy based on your SLAs. SLAs then drive your maximum disaster-recovery windows, which in turn dictate your maximum data size and the technology you must use to provide disaster-recovery.

Figure 6.3: Comparing backup strategies in terms of time, tapes, and volume.