Imagine for a moment that you never had to back up your Exchange servers again.  Sounds crazy right?  Well with Exchange Server 2010, it may not be as crazy as you think.

In a recent post I described the killer new High Availability feature of Exchange Server 2010 – the Database Availability Group (or DAG for short).

A DAG is an Organization-level object that allows a database to have several passive replicas on other servers (DAG members).  When a DAG is configured it permits individual mailbox databases to failover to passive instances should any problem with the active database arise.

The nature of DAGs means that they can be deployed to protect from failures at almost any layer of the Exchange infrastructure.  DAGs can protect from anything from a single failed server hard disk to an entire data center failure as long as the DAG is architected accordingly.

How this relates to backups is simply this – if a database is protected from all failure scenarios by the DAG, why would you need to back it up at all?  Let’s take a closer look at this question.

Exchange Failure Scenarios

The DAG will protect data from any Exchange failure scenario:

Database Corruption –the database will simply failover to one of the passive copies.

Server or Server Component – all active databases on the server (or just those on the disk that failed if that is the case) will failover to one of the passive copies.

Network Failure – if a DAG member becomes unreachable another member will bring those databases online.

Site Failure – because DAGs can easily span multiple physical locations, even those in separate Active Directory sites, if a data center fails another DAG member at a different site will bring those databases online.

Other Data Loss Scenarios

Deleted Mailbox Items – Exchange Server 2010 introduces a new feature known as Single Item Recovery.  This means that when a user deleted a mailbox item it is put into a recoverable items area instead of being permanently deleted.  This area has a configurable retention period, and so the administrator can simply configure a reasonable period to allow people to recover deleted items without relying on backups.

Deleted Mailboxes – although it is quite easy to export mailboxes before deleting them this requires manual effort to do so.  However because of the Journaling capability of Exchange Server the mailbox items for deleted mailboxes can be recovered from the journal store.  In addition to this, deleted mailboxes are not immediately purged from the database and so can be easily reattached if necessary.

What’s the Catch Then?

You might be thinking from the above that it is entirely possible and practical to never back up your Exchange Server 2010 environment provided the right features are configured for replication and retention.

In fact in some organizations this level of protection will be quite acceptable.  But none of the above protects the Exchange environment from accidental or malicious deletion of Exchange Server data.

For example, if someone deleted the Database Availability Group all of the associated databases would also be deleted.  Without a backup these could not then be restored.

To protect from both accidental and malicious destruction of the Exchange environment you must make use of the new Role Based Access Control (RBAC) features in Exchange Server 2010.  Although RBAC itself is not a new concept, previous versions of Exchange Server never included the depth and granularity of control over access permissions that Exchange Server 2010 does.

Using RBAC to allow people only the minimum permissions they need to do their job can protect the environment from accidental or malicious deletion of data.  Ultimately though someone needs to be trusted with the highest level of permissions, which still opens the door to some risks.

It is likely that even the least risk adverse organizations will still employ backups of some kind for their Exchange Server 2010 environment, though perhaps on a less frequent schedule.

Do you plan to modify your normal backup practices in light of the new Exchange Server 2010 features?