Shadow Copy & Safety Net on Exchange 2013

In a previous blog article, I had mentioned 2 features which were included in the transport service mailbox role of Exchange 2013: Shadow Copy and Safety Net. What are these features and how do they play a role in mail delivery? Network administrators are always in search of failover or redundancy. This is exactly the same process but for mail flow and delivery. It ensures that those messages are not lost in submission or transmission and provides high availability for message traffic.

Both features do require pre-stage planning and specific environment layout. Without the procedures listed below, both options will not be available.

– 2 or more multiple mailbox servers are required. Recommend that a DAG environment be created (DAG setup requires windows server clustering to be configured).
– Primary and second servers are required to perform a “heartbeat” communication.

Once the environment is created, the Shadow Copy feature offers redundant copies of messages until the message is delivered. This means is that when the primary mailbox server receives a message, the primary transport service on the mailbox server will open an SMTP session to the secondary transport service mailbox server to create a backup copy. This copy is held on the secondary server until the primary server has processed the message for delivery. Once that is complete, the secondary server will use the Safety Net feature to have the message copied from a shadow queue to the Safety Net queue on the same server. The Safety Net queue holds a copy of the message for 2 days even after the original message is delivered.

In addition to the Safety Net feature, there is also a Shadow Safety Net mechanism that has all the items in the Safety Net feature copied as a backup on the secondary server. The secondary mailbox holds a copy of active messages in the Safety Net queue and holds an entire backed-up copy of the Safety Net queue itself.

It is a long and processed-based procedure to achieve this final result due to the Cluster integration which is out of the scope of Exchange, but the result is extremely beneficial for security, SLA, and corporate compliancy.

Below is a scenario of the layout:

DAG TRANSPORT BOUNDRY

Message is received in our redundant environment.

1. Transport service opens a session to the second server to make a shadow copy.
2. Message is delivered from Transport service to the Mailbox service role to the Mailbox database.
3. Once the secondary server syncs with the primary Safety Net, a copy of the message is sent from Shadow queue to Safety Net which is held for 2 days or more etc.