Cemaphore Systems MailShadow
MailShadow is not strictly speaking an Exchange fail-over
product; more accurately, it’s an Exchange mailbox fail-over product. MailShadow uses the Exchange
transaction log to mirror each transaction for designated e-mail accounts on one or more Exchange
2003 servers to a backup Exchange server. If a primary Exchange server fails, or its database is
corrupted, the designated accounts can access the backup server instead. Because the replication is
based on transactions, no corruption of the Exchange database is passed on to the backup. I tested
Version 2.0.
In addition to the primary Exchange 2003 servers that host the mailboxes to be protected,
MailShadow requires three physical systems: the Source MailShadow Gateway, the Recovery MailShadow
Gateway, and the Recovery Exchange Server. In a corporate environment, the Source MailShadow
Gateway would be hosted in the main Exchange datacenter, while the Recovery MailShadow Gateway and
Recovery Exchange Server would be in a remote DR (disaster recovery) site. Only one gateway is
needed at each end, and one Recovery server can support multiple Source servers. All of the servers
should be in the same Windows domain.
In addition to setting up the three additional servers, you will need to set up a service account,
give it the proper permissions and delegation rights for each Exchange server to be protected, and
then add the account to a group created during the MailShadow install. These procedures are well-
documented in the manuals.
When e-mail accounts have been designated as protected, there is an initial interval required for
creating the backup accounts with the messages already existing in the protected accounts. The time
necessary for this process will depend on the amount of e-mail stored in the inbox. In my tests,
replicating an inbox of about 200KB took just a couple of minutes. But with an inbox of 1.1GB,
initial replication took several hours. If you have a lot of users with fat inboxes, you might want
to start replication over a weekend.
Administration via the MMC (Microsoft Management Console) snap-in is easy and follows the usual MMC
conventions. Administrators can control replication by storage group, by Exchange server, or by
individual accounts.
After the initial synchronization, any further transactions -- receipt of new mail, deletions of
messages, moves from one folder to another, and edits of messages -- are captured and replicated to
the backup server, in chronological order. This is done asynchronously, but in the same sequence as
on the primary server. No agent is required on the primary Exchange server because MailShadow uses
the Exchange transaction engine APIs via MAPI to identify transactions to replicate.
MailShadow identifies duplicate attachments, sending each attachment only once across a WAN link to
reduce traffic loads.
As opposed to Quest, Cemaphore has chosen to use a manual fail-over process to avoid spurious fail
-overs that could result in a conflict between the primary and backup mailboxes. With MailShadow,
when a mailbox becomes unavailable the administrator must switch users over to the backup mailbox.
This can be done on an individual basis or for all users on a given Exchange server. Users must
restart Outlook to reconnect to the backup mailboxes.
When the primary Exchange server is brought back online, users can be switched back to the primary
account. Any changes to the mailboxes that occur during the fail-over are incrementally updated on
the primary server. If the primary Exchange server is completely wiped out, a full replication
operation will take place. The switch-over process after the restore is manual as well.
Cemaphore MailShadow is an effective product that allows you to take a granular approach to
protecting e-mail accounts. High-priority users can be replicated while others are protected only
by backups, resulting in lower replication costs. Although some admins may take issue with the
absence of automated fail-over, the product is easy to set up and administer and offers a
reasonable value.