|
1.0 Introduction
SecuriData Message Level Restore (SD-MLR) is a solution to backup E-mails
from MS Exchange Server, MS Outlook, Lotus Domino Server, Lotus Notes, and
GroupWise at the individual message level.
For details about backing up E-mail Server Databases with dedicated backup
sets or File System Backup sets, see 6.0 Backup Comparison: SecuriData’s
backup solution for E-mail .
2.0 SecuriData Solution
• SD-MLR is a separate program that needs to be installed on the E-mail
message computer / server.
• SD-MLR is a Tool enabled as requested from SD-System, like other SD-Client
tools.
• SD-MLR searches for new E-mails based on a user defined filter.
• SD-MLR transforms the E-mail into a data stream and passes this stream to
SD-Client for backup processing.
• E-mails are saved as individual objects on SD-System.
3.0 SecuriData Message Level Restore (SD-MLR)
This section outlines the features of the SD-MLR service.
3.1 Configuration
SD- Operator must first enable the SD-MLR on SD-System in order to allow
SD-Clients to use it. This option is only available if the SD-System has the
appropriate license.
The SD-MLR Service program must be installed on each E-mail message computer
/ server you wish to back up.
3.2 Computer requirements
• Requires Windows 2000 / XP / 2003 on E-mail Message computer.
• Requires the SD-MLR service to be installed and running on the same
computer.
• MS Exchange: Versions 2000 and 2003 supported.
• MS Outlook: Versions 2000 and 2003 supported.
• Lotus Domino / Notes: Versions 6.5 and higher supported.
• GroupWise: Versions 6.5.4 and higher supported.
3.3 SD-MLR Installation Instructions
Refer to the SD-MLR Installation Guide PDF.
3.4 SD-MLR Service Account Requirements.
1. When installing the SD-MLR Service on MS Exchange Server, the user
account that runs the service determines the rights to backup the MS
Exchange Server’s E-mails. Even if the service is run by a user from the
local Administrators group, that user may not have enough rights to backup
all the MS Exchange Server’s E-mails.
2. Users that are members of the Domain Admins Group, or who are delegated
as "Exchange Full Administrator" should be able to backup all E-mails from
the MS Exchange Server. However, sometimes those users are not explicitly
granted the necessary privileges. Therefore, the SD-MLR tries to grant
itself those rights and use them on behalf of privileged users.
2.1 User scenarios for SD-MLR Service Account
• Domain Admins:
• SD-MLR service account must be a member of Domain Admins and
local/Built-in Administrators groups.
• This scenario is simple, but some network security policies may not allow
use of the Domain Admins group.
• Domain User:
• SD-MLR service account must be a member of local Administrators group.
• SD-MLR service account must be a member of Domain Built-in Backup Operator
or Administrators group.
• SD-MLR service account must be delegated as Exchange Full Administrator.
• This scenario is a little complicated, but does not require use of the
Domain
Admins group.
• Local Administrator:
• When starting up, SD-MLR may fail to grant the "Receive As" right for the
service account.
• This option is more flexible, but you need to manually add the "Receive
As" privilege.
3.5 Current implementation
The SD-MLR installation verifies if the service account is Domain Admins or
Exchange Full Administrator:
1. If it is a member of Domain Admins, installation continues.
2. If it is an Exchange Full Administrator, a warning message will popup:
"The service account is not a domain administrator. SD-MLR will grant
"Receive As" right for this account. Click OK to continue. Click Cancel to
select another account."
3. If it is neither, a warning message will popup: "The service account is
not a domain administrator or Exchange Full Administrator. Only users with
"Receive As" right will be able to backup E-mails from other mailboxes.
Click OK to continue. Click Cancel to select another account."
4. If the user that runs the installation does not have rights to Active
Directory, and / or the service account is not a member of the Domain Admins
group, the Installation is not able to check if the account is an Exchange
Full Administrator. The Installation will popup a warning message:
"Installation can not verify if the Service account is an Exchange Full
Administrator. If it is not, only users with "Receive As" right will be able
to backup E-mails from other mailboxes. Click OK to continue. Click Cancel
to select another account."
5. For each backup or restore request, SD-MLR checks if the user is a member
of the Domain Admins group or is an Exchange Full Administrator, and if the
service account has the "Receive As" privilege:
• If yes, SD-MLR will proceed using the service account and the user will be
able to see all mail boxes.
• If no, SD-MLR will proceed using the user’s credentials.
4.0 Backup Comparison: E-mail level backup of
E-mail Servers
|
|
Exchange Email Backup |
Lotus Domino / Notes Email Backup |
GroupWise Backup |
|
Mailbox
Backup |
SecuriData supports backup of individual
E-mails from mailboxes and public folders through Exchange E-mail
Backup set.
The SD-MLR service account will grant “Receive as” right for all
mailboxes to the service account. In this way it can access all
E-mails.
The backup includes E-mails, notes, tasks, appointments, contacts
and activities from the user mailboxes and documents from the public
folders.
During backup, SD-Client scans all items and only backs up the new
or changed items. Changed items will be processed as delta and only
the changes will be sent to SD-System.
Steps to create Exchange E-mail Backup set with Windows SD-Client:
1. Start New Backup Set Wizard. Select E-mail Messages. Click next.
2. Select E-mail Server Type: Exchange Server. Click next.
3. Select the server and user credentials. Click next.
• Domain Admin or Exchange Full Administrator can
view all user mailboxes.
4. Add directories / E-mails to the backup item list. The first 3
directory levels are Storage Group, Store and User.
Click next.
5. Choose backup item options. Click next.
6. Choose backup set options. Click next.
7. Choose notification options. Click next.
8. Choose schedule. Click next.
9. Set Backup set name and finish the wizard.
Now you can use this backup set to backup Microsoft Exchange Server
E-mail on demand or on schedule |
SecuriData supports backup of individual E-mails from mailboxes
through Lotus E-mail Backup set.
During SD-MLR installation, user needs to provide the Notes.INI file
path and the password for the user ID file. This also requires Lotus
Notes to be installed.
The backup includes Mail from the user mailbox databases.
During backup, SD-Client scans all items and only backs up the new
or changed items. Changed items will be processed as delta and only
the changes will be sent to SD-System.
Steps to create email backup set with Windows SD-Client:
1. Start New Backup Set Wizard. Select E-mail Messages.
Click next.
2. Select the E-mail Server Type: Lotus. Click next.
3. Select the server and user credentials. Click next.
If the target computer is Lotus Domino Server, the
mailboxes appear under the Lotus Domino folder. If the target
computer is Lotus Notes and mail file location is local, the
mailboxes appear under the Lotus Notes folder.
For local administrators, all mailboxes are listed. For regular
users, only their own mailbox is listed.
4. Add directories / E-mails to the backup item list. Click next.
5. Choose backup item options. Click next.
6. Choose backup set options. Click next.
7. Choose notification options. Click next.
8. Choose schedule. Click next.
9. Set Backup set name and finish the wizard.
Now you can use this backup set to backup Lotus Notes or Domino
Server E-mails on demand or on schedule. |
SecuriData supports backup of individual
E-mails from mailboxes through GroupWise E-mail Backup set. During
SD-MLR installation, user needs to provide the GroupWise Server IP
address and port number. The backup includes E-mails, notes, tasks,
appointments, notification and phone messages from the user
mailboxes.
During backup, SD-Client scans all items and only backs up the new
or changed items. Changed items will be processed as delta and only
the changes will be sent to SD-System.
Steps to create backup set with Windows SD-Client:
1. Start New Backup Set Wizard. Select E-mail Messages.
Click next.
2. Select the E-mail Server Type: GroupWise. Click next.
3. Select the server and user credentials.
Click next.
All users that granted proxy or use an empty password can be
displayed.
4. Add directories / E-mails to the backup item list. Click next.
5. Choose backup item options. Click next.
6. Choose backup set options. Click next.
7. Choose notification options. Click next.
8. Choose schedule. Click next.
9. Set Backup set name and finish the wizard.
Now you can use this backup set to backup GroupWise E-mails on
demand or on schedule.
|
|
Mailbox
Restore |
SecuriData supports restores of individual E-mails into mailboxes
and public folders with Exchange E-mail Backup set.
Restore Steps:
1. Select backup set. Start Restore Now Wizard.
2. Select directories / E-mails to restore. Click next.
3. Select Restore Location. Click next.
4. Select Restore Options. Finish the wizard.
No extra step is needed after restore. |
SecuriData supports restores of individual E-mails into mailboxes
through Lotus E-mail Backup set.
Restore Steps:
1. Select backup set. Start Restore Now Wizard.
2. Select directories / E-mails to restore. Click next.
3. Select Restore Location. Click next.
4. Select Restore Options. Finish the wizard.
No extra step is needed after restore. |
SecuriData supports restores of individual E-mails into mailboxes
through GroupWise E-mail Backup set.
Restore Steps:
1. Select backup set. Start Restore Now Wizard.
2. Select directories / E-mails to restore. Click next.
3. Select Restore Location. Click next.
4. Select Restore Options. Finish the wizard.
No extra step is needed after restore. |
4.1
Email Backup
• The backup process is scheduled by SD-Client or initiated by SD-User.
• The user can define the following search criteria (all are optional):
- From date
- To date
- From address
- To address
- Other criteria
• SD-Client with the above search criteria
retrieves a list of E-mails.
• SD-Client will communicate with SD-MLR to retrieve the E-mail stream.
• SD-MLR will verify the mail, build an index record of the mail (for mail
retrieval)
and send the index record with E-mail stream to SD-Client.
• Index record – will be kept in the SD-Client database. The index record
(for each mail) shall contain the following data:
- The owner of the data (i.e. the mailbox)
- The date of mail submission
- The sender
- The list of recipients
- The subject of the mail
- Additional flags like Attachment file name(s), follow up flag, importance,
etc.
• SD-Client will compress and encrypt the E-mail and send it to SD-System.
4.2
Email Restore
• The restore is initiated by SD-User.
• The user can define the following search criteria (all are optional):
- From date
- To date
- From address
- To address
- Other criteria
• SD-Client with the above search criteria retrieves a list of E-mails from
the database.
• SD-Client will communicate with SD-System to retrieve the E-mail stream.
• SD-Client will decrypt and decompress the E-mail and send it to SD-MLR.
• SD-MLR creates a new E-mail and copies all attributes to the new E-mail.
5.0 Troubleshooting / FAQ / Error Messages
5.1 Can I backup an Outlook PST file that is open?
• Only if the current logged on user is the same user as the DS-MLR service
account.
5.2 Can I backup an Outlook profile that is connecting to an Exchange
mailbox?
• There are two kinds of MS Outlook profiles: Exchange and Internet.
• For Internet profiles, the E-mails are downloaded from E-mail Server
(Exchange etc.) and stored in the local PST file.
DS-MLR can read those E-mails.
• For Exchange profiles, the E-mails are sitting on the Exchange server. To
access those E-mails, the DS-MLR service
account needs the “Receive As” privilege on that Exchange server. Otherwise,
DS-MLR will return an access denied error.
6.0 Backup Comparison: SecuriData’s backup
solution for E-mail Server Databases
|
|
Exchange Backup |
Lotus Domino / Notes Backup |
GroupWise Backup |
|
Database
Backup |
SecuriData supports backup of an online MSt Exchange Server Database
with Microsoft Exchange Server Backup Set.
For Exchange 2000/2003, the backup is based on Storage Group level.
All databases and transaction logs of the same Storage Group will be
backed up in one folder.
For Exchange 5.5, the SD database and MDB database will be backed up
in separate folders.
During backup, SD-Client gets the database list from Exchange server
and reads all database files. After backing up the database files,
SD-Client gets the list of transaction log files and backs them up.
After backup finishes successfully,
SD-Client will truncate the transaction logs. All files will be
processed as delta and only the changes will be sent to SD-System.
Steps to create Microsoft Exchange Server Backup set with Windows
SD-Client:
1. Start New Backup Set Wizard. Select Microsoft Exchange Server
backup set. Click next.
2. Select the server. Click next.
3. Select the dump option. Click next.
4. Add database to backup item list. Click next.
5. Choose backup item options. Click next.
6. Choose backup set options. Click next.
7. Choose notification options. Click next.
8. Choose schedule. Click next.
9. Set Backup set name and finish the wizard.
Now you can use this backup set to backup Microsoft Exchange Server
databases on demand or on schedule. |
According to IBM Lotus Domino documentation, the user has two
choices for backup procedures. You can use the traditional method of
making backup copies of files, or you can use
transaction logging.
SecuriData can backup the databases with File System Backup Set (the
first choice), but is not supporting the transaction-logging backup.
You need to backup all Domino server data files including databases,
template files, the
NOTES.INI file, and ID files.
During backup, SD-Client scans all files and only backs up the new
or changed files. Changed files will be processed as delta and only
the changes will be sent to SD-System.
Steps to create backup set:
2. Start New Backup Set Wizard. Select File System backup set. Click
next.
3. Select the server. Click next.
4. Add the database file path to the backup item list. Click next.
• For Lotus Domino server, the default mail database path is: <Lotus
Domino installation path>\data\mail
• For Lotus Notes in single user mode, the default mail database
path is: <Lotus Notes installation path>\data\mail
• For Lotus Notes in multiple user mode, the default mail database
path is: C:\Documents and Settings\<user name>\Local
Settings\Application Data\Lotus\Notes\data\mail
5. Choose backup item options. Click next.
6. Choose backup set options. Click next.
7. Choose notification options. Click next.
8. Choose schedule. Click next.
9. Set Backup set name and finish the wizard.
Now you can use this backup set to backup Lotus on demand or on
schedule. |
SecuriData supports the backup/restore
of GroupWise with the SD-Client with File system backup set. You
need to backup Domain database, Post office, Libraries and
Documents.
During backup, SD-Client scans all files and only backs up the new
or changed files. Changed files will be processed as delta
and only the changes will be sent to SD-System.
Steps to create backup set:
1. Start New Backup Set Wizard. Select File System backup set. Click
next.
2. Select the GroupWise server. Click next.
3. Add the Domain and post office path on the server to the backup
item list. Click next.
4. Choose backup item options. Click next.
5. Choose backup set options. Click next.
6. Choose notification options. Click next.
7. Choose schedule. Click next.
8. Set Backup set name and finish the wizard.
Now you can use this backup set to backup GroupWise databases on
demand or on schedule.
|
6.1
Restore Comparison: SecuriData’s backup solution for E-mail Server
Databases
|
|
Exchange Backup |
Lotus Domino / Notes Backup |
GroupWise Backup |
|
Database
Restore |
SecuriData supports restores of Microsoft Exchange Server Database
with Microsoft Exchange Server Backup set.
For Exchange 2000/2003, SD-Client dismounts the Storage Group before
restore. Database files are restored to the current
location. Transaction logs are restored to a temporary location.
After all restores have finished, SD-Client informs Exchange server
to close the restore. Exchange server will apply transaction logs
and mount all databases.
For Exchange 5.5, SD-Client stops the Exchange services first.
All database files and transaction logs are restored to the current
location. Restart the Exchange services.
Steps to start Restore:
1. Select backup set. Start Restore Now Wizard.
2. Select Databases to restore. Click next.
3. Select Restore Location and Options.
Finish the wizard.
Now, SD-Client will restore the database to the selected location. |
Restoring Domino server
1. Stop the domino server.
2. Restore all files to the original location.
3. Restart the Domino server.
Restoring individual shared mail database
1. Restore the file to disk using SD-Client.
2. At the console, enter the Push command to push changes from the
backup shared mail database to the current shared mail database. For
example, after restoring the shared mail database into the directory
h:\backup, enter
this command at the console:
Push Manufacturing h:\backup\SHARE1.NSF
• where Manufacturing is the name of the server and SHARE1.NSF is
the name of the shared mail database.
3. Delete the backup copy of the shared mail database.
4. In the user's mail file, purge messages that no longer have
corresponding message content in the shared mail file. |
Restoring a Domain
1. Stop the MTA for the domain.
2. Restore domain database to original location.
3. Restart MTA for the domain.
4. Synchronize the domain.
Restoring a Post Office
1. Stop the POA for the post office.
2. Restore all files of this post office to the original location
using SD-Client.
3. Select Post Office object, then click Tools>GroupWise
Utilities>Backup/Restore Mailbox. On the Backup tab, select Restore,
then click Yes.
4. Restart POA for the post office.
5. To update the restored post office database (wphost.db) with the
most current information stored in the domain database, rebuild the
post office database.
6. To update another restored database such as user databases
(userxxx.db) and message databases (msgnn.db) with the most current
information stored in another post office, run Analyze/Fix Databases
with the Contents selected.
Restoring an Individual Database
1. Make sure the user to whom the affected database belongs is not
running the GroupWise client.
2. Restore the database into the proper location in the post office
directory using SD-Client.
• User databases are stored in the OFUSER
subdirectory in the post office.
• Message databases are stored in the OFMSG
subdirectory.
3. To update the restored database with the most current information
available, run Analyze/Fix Databases with the Contents selected.
|
|
