Sunday, February 24, 2013

An insight into Exchange 2013 Safety Net

Saftey Net is the new version of Transport Dumpster which was first introduced in Exchange 2007 and was continued in Exchange 2010.  I wrote about Transport Dumpster back in May 2011, please refer to the following blog post URL:

http://clintboessen.blogspot.com/2011/05/continuous-replication-block-mode-vs.html

However lets do a quick recap...

Transport Dumpster resides on all Hub Transport roles on both Exchange 2007/2010.  All messages which get delivered to users mailboxes is routed through a hub transport server and stored in Transport Dumpster.  In the event an email is sent from one user to another user on the same mailbox server, the mailbox server routes the email to a hub transport server and back again through MAPI.  This is to ensure that things such as journaling rules, transport rules and any other transport agents take effect, the message is filtered for malware/viruses (if configured), the message is trackable using message tracking logs and the message is copied in transport dumpster for a small period of time.

The following diagram shows what happens when Joe sent an email to Bob on the same mailbox server, the message goes to a hub transport server in the same AD site then back again to the mailbox server.



In Exchange 2010 the Transport Dumpster is controlled using the Set-TransportConfig cmdlet is configured to 15MB per database per default.  This means for every mailbox database the transport dumpster will always hold the last 15MB of email delivered to the  mailbox server.

What is the point?

In a database availability group (DAG) environment your active copy ships transaction logs to your passive copies.  What happens if suddenly your active mailbox server was to fail?  The passive copy may have not received the last transaction log, this will result in mail loss (assuming file mode replication is used).  After a mailbox database failover in a DAG environment, the new active copy will check for any non-replicated emails in the transport dumpster.  In the event it requires additional email, it will retrive the missing content from the dumpster.

Exchange 2013 Safety Net

Now that we have done a quick recap of Exchange Transport Dumpster which existed in Ex2010/2007 for DAG/CCR environments, lets look at whats new in Exchange 2013 Safety Net.

Unlike Transport Dumpster, Safety Net you cannot configure how many MB of messages to store, only how long you want to store messages with the default being 2 days.  This is because by setting a limit on the amount of data can result in data loss during a failover in the event a large amount of data had not replicated to the passive database copy.  Microsoft wanted to design Safety Net as a lossless solution hence this design change.

Message resubmissions from Safety Net are initiated by the Active Manager component of the Microsoft Exchange Replication service that manages DAGs and mailbox database copies. No manual actions are required to resubmit messages from Safety Net.

Safety Net is a queue that's associated with the Transport service on a Mailbox server. This queue stores copies of messages that were successfully processed by the server.  Safety Net uses the mail.que database, the same database which is used to store messages in queue.  As by default Safety Net will keep the last 2 days worth of email in this queue, expect the mail.que database to be larger then previous versions of Exchange.

The mail.que database file uses the Extensive Storage Engine (ESE), the same database technology which is used by the mailbox databases themselves.

Another improvement with Exchange 2013 Safety Net over Transport Dumpster is redundancy.  Safety Net itself is now redundant, and is no longer a single point of failure. This introduces the concept of the Primary Safety Net and the Shadow Safety Net. If the Primary Safety Net is unavailable for more than 12 hours, resubmit requests become shadow resubmit requests, and messages are re-delivered from the Shadow Safety Net.

With Safety Net being redundant, you can now feel confident in configuring the database mount dial setting to a more relaxed setting other then lossless and still feel confident that email will not be lost during failover.

1 comment: