Protecting Exchange with Azure Backup (Part 3)

by [Published on 31 May 2016 / Last Updated on 31 May 2016]

Configuring the protection of Exchange Server 2016 and restoring databases and single user mailboxes.

If you would like to be notified of when Rui Silva releases the next part in this article series please sign up to our MSExchange.org Real Time Article Update newsletter.

If you would like to read the other parts in this article series please go to:

Backing up Exchange Server

  1. Before creating the Protection Group, since we’re protecting an Exchange Server, we must copy the ese and eseutil files (usually located at C:\Program Files\Microsoft\Exchange Server\V15\Bin) to the DPM Server (C:\Program Files\Microsoft Azure Backup\DPM\DPM\bin). The versions of eseutil.exe and ese.dll that are installed on the computer running the most recent edition of Exchange Server must be the same versions that are installed on the Azure Backup Server.

Image
Figure 1: ese and eseutil files on the DPM server

  1. To create a Protection Group, in Microsoft Azure Backup console, in the Protection task area, in the Actions pane, click Create protection group (Figure 2). The New Protection Group Wizard appears and guides you through the process of creating the protection group (Figure 3). Click Next.

Image
Figure 2: Create Protection Group

Image
Figure 3: New Protection Group Wizard

  1. On the Select Protection Group Type, select Servers and click Next (Figure 4).
  2. On the Select Group Members page, verify that all computers that store data you want to protect are displayed in the Available members box. In the Available members box, expand the server nodes to display the available data sources on each server and to see available Exchange mailbox databases. Place a check mark in the box next to each mailbox database you want to include. As you select data sources, your selections appear in the Selected members box (Figure 5). Click Next.

Image
Figure 4: Select Protection Group Type

Image
Figure 5: Select Group Members

  1. On the Select Data Protection Method page, select I want short-term protection using check box for short-term protection and then select the media you want to use from the drop-down list. Azure Backup Server only supports Disk for short-term protection (Figure 6). The option I want online protection is only available if short-term protection using disk is selected. Click Next.

Image
Figure 6: Select Data Protection Method

  1. On the Specify Exchange Protection Options page, select the Run Eseutil to check data integrity check box to check the integrity of the Exchange Server databases (Figure 7). This will offload the backup consistency checking from the Exchange Server to the Azure Backup Server which means the I/O impact of running eseutil on the Exchange Server during the backup itself is eliminated. If protecting a DAG, make sure Run for log files only is selected.
    If you didn’t previously copy the eseutil file, as mentioned on step 1, you’ll see an error (Figure 8). Click Next.

Image
Figure 7: Exchange Protection Options

Image
Figure 8: Error eseutil

  1. On the Specify Exchange DAG Protection page (Figure 9), select the databases for copy backup and express full backup. For protecting multiple copies of the same database, select only one database for express full and incremental backup and then select the remaining copies for copy backup.

Image
Figure 9: Exchange DAG Protection

  1. On the Specify Short-Term Goals page (Figure 10), select the retention duration for data recovery in the Retention range box. In the Synchronization frequency section, select the frequency of the incremental backups or Just before a recovery point to configure MABS to perform an express full backup just before each scheduled recovery point. To modify the recovery point schedule for a data source, click Modify next to the desired data source. Click Next.

Image
Figure 10: Short-Term Goals

  1. Microsoft Azure Backup Server will display its recommended disk allocations (Figure 11). This step enables you to allocate how much of the disk storage pool will be used to protect these particular data sources. You should allocate the DPM replica volume to slightly larger than the amount you expect each data source to grow in the short term. Sizing the recovery point volume will determine how many previous recovery points are available for rapid, disk-based restore. To accept the recommended allocations, click Next. To change a recommended allocation, click Modify, adjust the allocations, click OK, and then click Next.

Image
Figure 11: Disk Allocation

  1. On the Choose Replica Creation Method page (Figure 12), select when you want DPM to execute the initial replication of your data and click Next.
    • Select the Automatically option to have DPM replicate the data across the network. Select Now to have DPM immediately begin copying the data from the computers you are protecting to the DPM server; Select Later to start the initial copy at a later time if you want to schedule the job to run only during periods of light network traffic.
    • Select Manually to use tape, USB storage, or other portable media to transfer the baseline data to the DPM server.

Image
Figure 12: Replica Creation Method

  1. On the Choose Consistency check options page (Figure 13), chose either the Run a consistency check if a replica becomes inconsistent or the Run a daily consistency check according to the following schedule. Click Next.

Image
Figure 13: Replica Creation Method

  1. Choose the database that you want to back up to Azure, and then click Next (Figure 14).

Image
Figure 14: Specify Online Protection Data

  1. Define the schedule for Azure Backup, and then click Next (Figure 15). Online recovery points are based on express full recovery points. Therefore, you must schedule the online recovery point after the time that’s specified for the express full recovery point.

Image
Figure 15: Specify Online Backup Schedule

  1. Configure the retention policy for Azure Backup, and then click Next (Figure 16).

Image
Figure 16: Specify Online Retention Policy

  1. Choose an online replication option and click Next (Figure 17). If you have a large database, it could take a long time for the initial backup to be created over the network. To avoid this issue, you can create an offline backup.

Image
Figure 17: Specify Online Replication

  1. On the Summary page (Figure 18), review the tasks that MABS is set to perform to create the protection group and then click Create Group. Review the confirmation page (Figure 19) and click Close.

Image
Figure 18: Summary

Image
Figure 19: Protection Group Creation Status

MABS will immediately create the first replica of the storage groups and will show an OK protection status if it succeeds (Figure 20).

Image
Figure 20: Exchange Protection Group

Restoring Exchange Data

Since Microsoft Azure Backup Server (MABS) is a stripped-down version of System Center DPM 2012 R2, it supports recovery of the following Exchange data:

  • Recover a single mailbox: MABS can recover a single mailbox. It copies the entire database to do so as recommended by Exchange. Individual mailbox recovery is done through a recovery database rather than directly to the database that hosted the original mailbox. The recovery database must exist before you can attempt this recovery.
  • Recover an Exchange database: You can recover a database by using the "latest" recovery point, resulting in near zero data loss when the recovery is complete.
  • Recover an entire Exchange server: You can recover an entire Exchange server if you’ve protected the server with a bare metal backup in addition to protecting the data.

Depending on the type of information to recover, you also have some flexible restore options where to dump the data:

  • To its original location.
  • To a Recovery Storage Group / Recovery Database.
  • To a separate network folder.

Besides all the discrete recovery points that are available (and they can be every 15 minutes), MABS provides one more recovery capability: to recover “latest”, resulting in near zero data loss when the recovery is complete. In the event of a complete loss of the Exchange database files, one can choose “latest” which instructs MABS to first restore to the last recovery point and then roll forward the surviving transaction logs beyond that, as long as the best practice of storing Exchange databases on one volume and logs on another has been respected. 

To recover a Mailbox Database to its original location, follow these steps:

  1. Open Microsoft Azure Backup Console and click Recovery on the navigation bar. Browse to the mailbox database you wish to recover in the All Protected Exchange Data node. Click any bold date in the calendar, select the Latest recovery point from the Recovery time drop-down box and click Recover in the Actions pane to launch the Recovery Wizard (Figure 21).

Image
Figure 21: Selecting a mailbox database recovery point

  1. Review the recovery selection and click Next (Figure 22). Select Recover to original Exchange Server location and click Next (Figure 23). If you’ve worked with DPM before, notice that MABS doesn’t have the “Copy to Tape” option.

Image
Figure 22: Review Recovery Selection

Image
Figure 23: Select Recovery Type

  1. On the Specific Recovery Options page, make sure Mount the databases after they are recovered is selected. If you want MABS to send a notification when the recovery process is finished, select the Send an e-mail when this recovery completes check box and enter one or more e-mail addresses (Figure 24). Click Next.

Image
Figure 24: Specific Recovery Options

  1. Now we must go back to the Exchange Server in order to allow the databases to be overwritten by the restore. If you miss this step, the restore will fail. Open your Exchange Administration Center, navigate to servers > databases, select the desired Exchange mailbox database and click Edit button. Go to maintenance, select the This database can be overwritten by a restore check box and click save (Figure 25).
    Back to the MABS server, on the Summary page, review your selected settings and click Recover (Figure 26). When the recovery is complete, click Close (Figure 27).

Image
Figure 25: Mailbox Database Properties

Image
Figure 26: Summary

Image
Figure 27: Recovery Status

Recovering Individual Exchange 2016 Mailbox

MABS supports the recovery of individual mailboxes, although unlike other products that do brick-level backups, to recover a mailbox, MABS must copy the entire database, because this is the recommended method that Exchange supports, as explained in Knowledge Base article 904845, "Microsoft support policy for third-party products that modify or extract Exchange database contents".

Individual mailbox recover is done to a recovery database rather than directly to the database that hosted the original mailbox. The recovery database must exist prior to attempting this recovery

If you follow some best practices, such as keeping deleted items and deleted mailboxes for a period of time, the probability that you’ll ever need to restore a single mailbox is quite low. Nevertheless if you cannot recover the needed data using these methods, here are the steps to recover a protected mailbox using MABS:

  1. On the protected Exchange server, if you do not have an existing Recovery Mailbox Database, create one by using the New-MailboxDatabase cmdlet in Exchange Management Shell. Configure the recovery database to allow it to be overwritten by using the Set-MailboxDatabase cmdlet in Exchange Management Shell. 

a)  New-MailboxDatabase -Recovery -Name RDB-SECRETAGENTS -Server E2K16-DS2

b)  Set-MailboxDatabase -Identity ‘RDB-SECRETAGENTS’ -AllowFileRestore $true

Image
Figure 28: New-MailboxDatabase

Image
Figure 29: RDB-CONTROL database

  1. Open Microsoft Azure Backup Server console and click Recovery on the navigation bar. Navigate to the mailbox database you wish to recover, under All Protected Exchange Data pane, to display the list of available mailboxes. Click a date in the calendar, select a recovery point from the Recovery time drop down box and click Recover in the Actions pane to launch the Recovery Wizard (Figure 30). When you select a mailbox for recovery, you cannot select Latest as the recovery point, this functionality is not available for individual mailboxes (Figure 31).

Image
Figure 30: Selecting a mailbox recovery point

Image
Figure 31: Select Recovery Type

  1. Review the recovery selection and click Next (Figure 32). Select Recover mailbox to an Exchange server database to recover the mailbox to its original server, or select Copy to a network folder to copy the database files to a separate folder location. Click Next (Figure 33).

Image
Figure 32: Review Recovery Options

Image
Figure 33: Select Recovery Type

  1. On the Specify Destination window, specify the location to write the recovered mailbox database to (The Recovery Mailbox created in step 1), and click Next (Figure 34).

Image
Figure 34: Specify Destination

  1. On the Specify Recovery Options, choose whether you want to use Network bandwidth usage throttling and SAN based recovery using hardware snapshots if available and applicable. Specify if you want MABS to send an e-mail message when the recovery process is finished and click Next (Figure 35).
  2. On the Summary page, review your selected settings and click Recover (Figure 36). When the recovery is complete, click Close (Figure 37).

Image
Figure 35: Specify Recovery Options

Image
Figure 36: Summary

Image
Figure 37: Recovery Status

  1. After the recovery process finishes, we still don’t have the required mailbox restored. What we have is the mailbox database where the mailbox belongs to restored to the Recovery Mailbox. The final step to restore the mailbox is to run a PowerShell cmdlet:

a)  New-MailboxRestoreRequest –SourceDatabase ’RDB-SECRETAGENTS’ –SourceStoreMailbox ‘Maxwell Smart’ –TargetMailbox MaxwellS@myherodemo.com –TargetRootFolder Recovery

Image
Figure 38: Recovery Storage Group files

If we now open the Maxwell Smart mailbox, all its contents until 10:00 PM are located beneath the Recovery folder (Figure 39).

Image
Figure 39: Maxwell Smart mailbox after restore

After you complete the restore, the Recovery Mailbox can be dismounted and deleted, using the following PowerShell cmdlet:

  • Remove-MailboxDatabase -Identity ‘RDB-SECRETAGENTS’

Image
Figure 40: Remove-MailboxDatabase

Conclusion

Azure Backup protects your data by backing it up to the Microsoft cloud. Your data can be anything from a single file or folder up to a datacenter. Azure Backup can be used in conjunction with Windows client operating systems, Windows Server, System Center Data Protection Manager, Microsoft SharePoint, Microsoft Exchange, Microsoft SQL Server, Hyper-V VMs, as well as Azure IaaS VMs running on Windows and Linux.

When deciding whether or not to use Azure Backup, remember that Exchange 2016 native data protection provides:

  • Disaster recovery
  • Recovery of accidentally deleted items
  • Long-term data storage
  • Point-in-time database snapshots

Native protection might not be enough if application errors, corruptions, or security and malware incidents occur. In these situations DPM/MABS provides a number of benefits:

  • Less DAGs are required—Native protection requires additional mailbox servers (3 or more) to host copies of active data.
  • Simpler restore – DPM provides simple and centralized data recovery from point-in-time backups.
  • Longer retention range – DPM provides longer retention times for backed up data. Native protection is limited to 14 days.
  • Consistent backup of Microsoft workloads - DPM provides a centralized and simple backup and recovery process across your Microsoft workloads, including, Exchange, file servers, SQL Server, Hyper-V, and SharePoint.

If you would like to be notified of when Rui Silva releases the next part in this article series please sign up to our MSExchange.org Real Time Article Update newsletter.

If you would like to read the other parts in this article series please go to:

See Also


The Author — Rui Silva

Rui Silva avatar

Rui Silva specializes in Unified Communications and Enterprise Cloud solutions, using Microsoft technologies, with a proven track record of 15+ years experience working with some of the biggest companies in Portugal and Western Europe. Rui can often be found in the cloud or on-premises contributing to the Technical Community through blogging, writing articles or with a presence in the social networks.

Advertisement

Featured Links