Would you stop doing backups on your Exchange systems if you could? That might seem like a foolish question. For most Exchange administrators, backups are right up there with motherhood and apple pie as core beliefs; I’d venture a guess that very few of us would be comfortable not taking any backups at all. However, Microsoft explicitly supports backup-free Exchange environments in some circumstances. How is this possible? And perhaps more important, is it a good idea?
You might remember an old-school Exchange feature called circular logging. When circular logging is enabled, Exchange keeps a finite number of transaction logs instead of opening a new log-file generation each time the previous log file fills. An advantage of circular logging is that its disk space usage is predictable, but a major disadvantage is that your recovery options are limited because previous transactions are overwritten. For that reason, circular logging is used only in a very small number of circumstances, such as when you need to drastically restrict the growth of transaction logs when moving a large number of mailboxes.
A relatively new Exchange feature is cluster continuous replication (CCR). When you use CCR, log files generated on the active server are replicated by Exchange to the passive server. The replicated log files are played into the passive copy of the database so that the database remains up-to-date. You could certainly argue that after a log file has been replicated and replayed, there’s no need to keep it around—if you have some other protection mechanism, such as a Volume Shadow Copy Service (VSS) point-in-time copy or a vendor-specific clone, to protect the original databases.
Quite a bit of communication occurs between the active and passive nodes to indicate which log files have been copied, which have been replayed, and which can be safely deleted. It’s this mechanism that allows you the option of running without backups: A log will be deleted only if the CCR active and passive targets agree that it’s been properly replayed. In addition, if either the active or passive nodes are a source for a Standby Continuous Replication (SCR) target, the SCR node must have received and replayed the log as well.
Now that we’ve covered the “how” of going backup free, the larger question is whether it’s a good idea to do so. Millions of mailboxes around the world are protected by CCR, including those belonging to all of Microsoft’s employees. It’s a trustworthy technology. Likewise, VSS is a mature solution, and if you combine CCR and VSS-based copies, the odds are quite good that you’ll be able to quickly recover data in the event of a failure. However, the whole concept of not having a purpose-built backup mechanism makes me a bit nervous, sort of like embarking on a long car trip without a spare tire. Sure, there’s AAA and roadside assistance if you need it, but that’s not the same as having your own last-ditch protection.
Microsoft supports the option of skipping Exchange backups, but nowhere does the company recommend it. That’s because the decision to stop performing regular backups isn’t to be taken lightly. If you’re currently running without backups, or considering replacing your backup solution with a combination of CCR and disk-based point-in-time copies, I’d love to hear from you—and if you think this is a crazy concept, that would be good to know too!