Saturday, March 20, 2010

Message Redundancy - Hub Transport Servers | Shadow Redundancy vs Transport Dumpster

As we discussed in the last article, High Availability is becoming very critical for every organization, message loss is one very critical and important aspect that we cannot ignore. By message loss, we mean here the message loss that can incur at the time of failure of one or more servers.

With introduction of Microsoft Exchange Server 2007 role based model, Hub Transport Server role provided the centralized transport pipeline through which all messages had to pass, thus making it possible and very efficient to set transport rules and policies.
For standalone non clustered mailbox servers, there is no built in protection as the message loss can occur if a server fails. Here on the Hub Transport Server, the message is stored in the transport database and is deleted as soon as it is sent to the next hop.

However, the feature called Transport Dumpster was introduced in Exchange Server 2007 that protect against message loss for the mailboxes that reside on a CCR cluster. Transport Dumpster holds the messages that are sent to the recipients whose mailbox resides on a clustered mailbox server, and recent sent items are retransmitted back in the event of failure of one cluster node so that messages are not lost during failover.

In Exchange 2010, there's a new feauture Shadow Redundancy that provides redundancy for messages for the entire time they are in transit. With Shadow Redundancy in exchange 2010, the deletion of a message from the transport databases is delayed until the transport server verifies that all of the next hops for that message have completed delivery. If a successful delivery is not reported, the hub server will try to resend the message.

Shadow redundancy uses the SMTP service extensions that allows the SMTP hosts to negotiate Shadow Redundancy support in Exchange 2010.

So the key points here are:
  • Transport Dumpster in Exchange 2007 only safeguards messages for the mailboxes that reside on CCR node, however Shadow Redundance is inbuilt in Exchange 2010 that can be enabled or disabled for the entire organization.
  • Shadow Redundancy makes hub transport servers more resilient against message loss. Exchange Server 2007 deletes messages from the database as soon as they were sent to the next hop, however, Shadow Redundancy keeps messages in the database until Exchange confirms that they were been delivered.
  • Earlier versions of Exchange were not designed to verify message delivery, however Microsoft has extended SMTP service in Exchange 2010 that allows this now.

Understand more indepth about Shadow Redundancy. Also, here's an excellent technet that explains detailed Shadow Redundancy Mail Flow Scenarios. This topic explains in detail what happens for each specific message flow scenario that can involve Exchange.