Backing up Microsoft Exchange using SonicWALL CDP allows users to store and retrieve
Microsoft Exchange revisions from an agent machine. Microsoft Exchange backup cannot be configured using the Web Management Interface.
See the following sections:
You can backup individual user mailboxes by using the Microsoft Exchange User Mailbox
Backup and Restore server application in the SonicWALL CDP Agent User Interface. The user mailbox is backed up onto your SonicWALL CDP appliance.
For Microsoft Exchange 2010 on Windows Server 2008, SonicWALL CDP supports backup and
restore on a multi-application, single server deployment, in which the same server has several applications installed, such as Exchange, SQL, and Active Directory.
In the Agent User Interface, you can create a
Microsoft Exchange - User Mailbox
application object for for one or more user mailboxes, input the login credentials for the Exchange server, configure a backup schedule, create a backup task, optionally select offsite backup, and restore individual user mailboxes to the Exchange server. For information about restoring a user mailbox, see the “Recovering a Microsoft Exchange User Mailbox” section
.
The User Mailbox Backup and Restore feature includes the following capabilities:
User Mailbox Backup and Restore backs up and restores messages in the user’s Outlook
Mailbox, including the Inbox, Drafts, Deleted Items, and Sent Items, as well as messages within all other folders with custom names.
It does not back up the Outlook Calendar, Notes, Contacts, Tasks, Meeting Requests, and
Public Folders. It also does not back up locally archived folders.
See the following sections:
The SonicWALL CDP Microsoft Exchange User Mailbox Backup and Restore feature is
implemented as a server application that is automatically discovered by the SonicWALL CDP Agent User Interface. To get started using the feature, select the Policies
tab and then select Applications
in the left pane of the Agent User Interface. To backup user mailboxes, you must configure an application object, a schedule, and a backup task that includes both the application object and the schedule.
The User Mailbox application allows you to add or delete individual user mailboxes for backup,
set backup schedules, restore specific backups of individual mailboxes, enter credentials for accessing the Exchange server, and configure offsite backup. You can view log entries in the SonicWALL CDP Agent User Interface on the Status
tab to verify that backups are successful.
This section lists the necessary prerequisites for successful operation of the SonicWALL CDP
Agent User Interface with the Microsoft Exchange User Mailbox Backup and Restore feature. For information about supported servers and versions of Exchange, see the “Supported Platforms and Deployment Requirements” section
.
SonicWALL CDP uses
ExOLEDB
to access Microsoft Exchange 2007, 2003, and 2000. The Exchange OLE DB Provider
should be installed along with Microsoft Exchange, and must be accessible by the SonicWALL CDP Web Management Interface and Agent User Interface.
The ADO (ActiveX Data Objects) and CDO (Collaboration Data Objects) APIs are also required
by this feature. These are application programming interfaces provided by Microsoft that allow applications to access data stores in a uniform manner. These APIs are included with the Microsoft Exchange installation.
SonicWALL CDP uses the Exchange Backup and Restore API to access Microsoft Exchange.
The Microsoft ESE Backup Client DLL (EsEbCli2.dll) should be installed along with Microsoft Exchange, and must be accessible by SonicWALL CDP Web Management Interface and Agent User Interface. The Collaboration Data Objects for Exchange Management (CDOEXM) APIs are also used to automate the restore procedure, but not required by this feature.
To backup user mailboxes, you must configure an application object, a schedule, and a backup
task that includes both the application object and the schedule. This section describes how to create the application object.
You can test the connection to the Exchange Server by clicking the
Authentication
button while adding or editing an application object. It is not necessary to enter any authentication credentials to test the connection.
To create an application object with individual user mailboxes for backup, perform the following
steps:
Step 5
|
Select
Microsoft Exchange - User Mailbox
in the Application
drop-down list. The list of available applications is automatically populated through a discovery process. For proper discovery, the Microsoft Volume Shadow Copy service must not be disabled. See “Backup and Recovery Troubleshooting”
for more information.
|
Step 6
|
Under
Application items
, select the checkboxes for one or more user mailboxes to back up.
|
The new application object appears in the
Policies
screen of the Agent User Interface.
To backup user mailboxes, you must configure an application object, a schedule, and a backup
task that includes both the application object and the schedule. This section describes how to create the schedule object.
To configure a schedule for user mailbox backups, perform the following steps:
|
•
|
Day Interval
– The backup occurs every so many days calculated from a particular date.
|
A backup task includes both an application object and a schedule for the backup. Without a
backup task, no backups will occur.
For offsite backup, you can choose the
Send All Files Offsite
option when adding or editing a backup task.
To create a backup task for a user mailbox backup, perform the following steps:
Step 5
|
Select
Application
from the Select File Type
drop-down list.
|
Step 8
|
The
Trimming Algorithm
field is not configurable for Application policies. The field displays the type of trimming algorithm in use.
|
Step 9
|
In the
Offsite
drop-down list, select one of the following options:
|
Access between the SonicWALL CDP appliance and the Exchange server where the user
mailboxes reside can be configured to require authentication credentials or not. When you add an application object for a user mailbox backup, you can choose to add authentication credentials if required by the Exchange server. In either case, you can use the Authentication dialog box to test the connection between the SonicWALL CDP appliance and the Exchange server.
Before configuring a User Mailbox application object to use credentials when accessing the
Exchange server, you must first configure the credentials on the Exchange server. The user name must have appropriate privileges to access user mailbox data on the Exchange server. For more information about configuring users and access privileges on Microsoft Exchange, see the following Microsoft knowledge base articles:
http:/support.microsoft.com/kb/821897
http://support.microsoft.com/kb/556045
This section describes how to remove a user mailbox from the list of mailboxes scheduled for
backup.
To remove a user mailbox from the backup task, perform the following steps:
This section describes how to tell if your user mailbox backups are working correctly. You can
view log entries showing the backups in the Status
page of the SonicWALL CDP Agent User Interface.
You should see log entries showing backups right after the first scheduled backup after creating
a backup task for one or more user mailboxes, and then after each scheduled backup.
You can backup and restore a Microsoft Exchange Storage Group by using the SonicWALL
CDP Microsoft Exchange InfoStore Backup and Restore server application in the SonicWALL CDP Agent User Interface. The Storage Group, or InfoStore, is backed up onto your SonicWALL CDP appliance.
For Microsoft Exchange 2010 on Windows Server 2008, SonicWALL CDP supports backup and
restore on a multi-application, single server deployment, in which the same server has several applications installed, such as Exchange, SQL, and Active Directory.
In the Agent User Interface, you can create a
Microsoft Exchange - InfoStore
application object for for one or more storage groups, input the login credentials for the Exchange server, configure a backup schedule, create a backup task, optionally select offsite backup, and restore storage groups back to the Exchange server. For information about restoring a Storage Group, see the “Recovering a Microsoft Exchange Storage Group” section
.
The SonicWALL CDP Microsoft Exchange InfoStore Backup and Restore feature includes the
following capabilities:
The SonicWALL CDP Microsoft Exchange InfoStore Backup and Restore feature is
implemented as a server application that is automatically discovered by the SonicWALL CDP Agent User Interface. To get started using the feature, select the Policies
tab and then select Applications
in the left pane of the Agent User Interface. To backup a storage group, you must configure an application object, a schedule, and a backup task that includes both the application object and the schedule.
The InfoStore application allows you to add or remove individual Microsoft Exchange Storage
Groups for backup, set backup schedules, restore specific backups of the Exchange server, and configure offsite backup. You can view log entries in the SonicWALL CDP Agent User Interface on the Status
tab to verify that backups are successful.
This section lists the necessary prerequisites for successful operation of the
Microsoft
Exchange - InfoStore
server application on the SonicWALL CDP Agent User Interface. For information about supported servers and versions of Exchange, see the “Supported Platforms and Deployment Requirements” section
.
SonicWALL CDP uses the Exchange Backup and Restore API to access Microsoft Exchange.
The Microsoft ESE Backup Client DLL (EsEbCli2.dll) should be installed along with Microsoft Exchange, and must be accessible by SonicWALL CDP Web Management Interface and Agent User Interface. The Collaboration Data Objects for Exchange Management (CDOEXM) APIs are also used to automate the restore procedure, but not required by this feature.
You can copy the EsEbCli2.dll file from your Microsoft installation disk, or download it from
Microsoft, or copy it manually from another location into the SonicWALL Continuous Data Protection folder where the Agent client was installed. The default program installation folder location is:
C:\Program Files\SonicWALL\SonicWALL Continuous Data Protection
To backup a storage group, you must configure an application object, a schedule, and a backup
task that includes both the application object and the schedule. This section describes how to create the application object.
To create an application object for Microsoft Exchange Storage Group backup, perform the
following steps:
Step 5
|
Select
Microsoft Exchange - InfoStore
in the Application
drop-down list. The list of available applications is automatically populated through a discovery process. For proper discovery, the Microsoft Volume Shadow Copy and VSS Writer services must not be disabled. See “Backup and Recovery Troubleshooting”
for more information.
|
Step 6
|
Under
Application items
, select the checkboxes for one or more storage groups to back up.
|
The new application object appears in the
Policies
screen of the Agent User Interface.
To backup a storage group, you must configure an application object, a schedule, and a backup
task that includes both the application object and the schedule. This section describes how to create the schedule object.
To configure a schedule for storage group backups, perform the following steps:
|
•
|
Day Interval
– The backup occurs every so many days calculated from a particular date.
|
A backup task includes both an application object and a schedule for the backup. Without a
backup task, no backups will occur.
For offsite backup, you can choose the
Send All Files Offsite
option when adding or editing a backup task.
To create a backup task for a storage group backup, perform the following steps:
Step 5
|
Select
Application
from the Select File Type
drop-down list.
|
Step 8
|
The
Trimming Algorithm
field is not configurable for Application policies. The field displays the type of trimming algorithm in use.
|
Step 9
|
In the
Offsite
drop-down list, select one of the following options:
|
|
•
|
Send all Files Offsite
– Offsite backup settings must already be configured in the SonicWALL CDP Web Management Interface, and the offsite appliance must be available.
|
To remove a storage group from the list of groups scheduled for backup, perform the following
steps:
This section describes how to tell if your Microsoft Exchange backups are working correctly.
You can view log entries showing the backups in the Status
page of the SonicWALL CDP Agent User Interface.
You should see log entries showing backups after each scheduled backup after creating a
backup task for one or more storage groups.
This section describes how to manually obtain the EsEbcli2.dll from your Microsoft Exchange
Server 2007 Installation CD.
The Microsoft Exchange - InfoStore application should function properly.
This section describes how to manually obtain the EsEbcli2.dll from the Microsoft Exchange
Server 2007 Service Pack 1, available at the Microsoft Download Center.
The Microsoft Exchange - InfoStore application should function properly.
Active Directory is included within the System State application object in SonicWALL CDP 6.0
and higher. When creating a System State application object, you can select components, including Active Directory, to back up. This allows you to backup and recover Active Directory revisions from agent machines together with interdependent system files to provide a consistent environment.
See the following sections:
To backup System State and Active Directory, you must configure an application object, a
schedule, and a backup task that includes both the application object and the schedule. This section describes how to create the application object.
To backup System State and Active Directory using the Agent User Interface, perform the
following steps:
Step 1
|
Open the
SonicWALL
Agent User Interface
on the Domain Controller.
|
Step 6
|
Select
System State
in the Application
drop-down list. The list of available applications is automatically populated through a discovery process. For proper discovery, the Microsoft Volume Shadow Copy service must not be disabled. See “Backup and Recovery Troubleshooting”
for more information.
|
Step 7
|
Under
Application items
, select the checkboxes for one or more System State components to back up. You can select Active Directory
in this screen. SonicWALL recommends selecting the Select All
checkbox to ensure that all associated System State files are backed up along with Active Directory.
|
The exact list of system components that make up your computer's System State data depend
on the computer's operating system and configuration. For example, on a Windows Server you might see the following:
The new application object appears in the
Policies
screen of the Agent User Interface.
To backup System State and Active Directory, you must configure an application object, a
schedule, and a backup task that includes both the application object and the schedule. This section describes how to create the schedule object.
To configure a schedule for System State and Active Directory backups, perform the following
steps:
|
•
|
Day Interval
– The backup occurs every so many days calculated from a particular date.
|
A backup task includes both an application object and a schedule for the backup. Without a
backup task, no backups will occur.
For offsite backup, you can choose the
Send All Files Offsite
option when adding or editing a backup task.
To create a backup task for a System State and Active Directory backup, perform the following
steps:
Step 5
|
Select
Application
from the Select File Type
drop-down list.
|
Step 8
|
The
Trimming Algorithm
field is not configurable for Application policies. The field displays the type of trimming algorithm in use.
|
Step 9
|
In the
Offsite
drop-down list, select one of the following options:
|
|
•
|
Send all Files Offsite
– Offsite backup settings must already be configured in the SonicWALL CDP Web Management Interface, and the offsite appliance must be available.
|
This section describes how to tell if your System State backups are working correctly. You can
view log entries showing the backups in the Status
page of the SonicWALL CDP Agent User Interface.
You should see log entries showing backups after each scheduled backup after creating a
backup task for System State and Active Directory.
View the backup status in the right pane.
Step 3
|
Click the
My Backups
tab and view the list of backup revisions.
|
Backing up Microsoft SQL Server using SonicWALL CDP allows users to store and retrieve
Microsoft SQL Server revisions from an agent machine. Microsoft SQL databases are configured for backup using the SonicWALL CDP Agent User Interface.
During SQL backup and restore using CDP, the Agent Service directly interfaces with the
Microsoft SQL server through the Open Database Connectivity (ODBC) API, using an SQL-ODBC driver that is installed with SQL. By ODBC, the Agent service communicates to the SQL server through transactional SQL commands.
When the SonicWALL CDP Agent Service backs up an SQL database, it instructs SQL to place
the data in a certain location in memory. The Agent Service will then process the data one block at a time, compressing it and sending to the appliance.
The Agent Service first needs to connect to the database and authenticate using either
Windows user account credentials or using an SQL account. More details are provided in the “SQL Authentication” section
.
This section contains the following subsections:
To backup Microsoft SQL databases, you must configure an application object, a schedule, and
a backup task that includes both the application object and the schedule. This section describes how to create the application object.
To create an application object for Microsoft SQL database backup, perform the following
steps:
Step 1
|
Open the
SonicWALL
Agent User Interface
on the SQL server.
|
Step 6
|
Select either
Microsoft SQL Server
or Microsoft SQL Server Desktop Engine (MSDE)
in the Application
drop-down list. The list of available applications is automatically populated through a discovery process. For proper discovery, the Microsoft Volume Shadow Copy and VSS Writer services must not be disabled. See “Backup and Recovery Troubleshooting”
for more information.
|
Step 7
|
Under
Application items
, select the checkboxes for one or more databases to back up.
|
The new application object appears in the
Policies
screen of the Agent User Interface.
To backup Microsoft SQL databases, you must configure an application object, a schedule, and
a backup task that includes both the application object and the schedule. This section describes how to create the schedule object.
To configure a schedule for Microsoft SQL database backups, perform the following steps:
|
•
|
Day Interval
– The backup occurs every so many days calculated from a particular date.
|
A backup task includes both an application object and a schedule for the backup. Without a
backup task, no backups will occur.
For offsite backup, you can choose the
Send All Files Offsite
option when adding or editing a backup task.
To create a backup task for Microsoft SQL database backup, perform the following steps:
Step 5
|
Select
Application
from the Select File Type
drop-down list.
|
Step 8
|
The
Trimming Algorithm
field is not configurable for Application policies. The field displays the type of trimming algorithm in use.
|
Step 9
|
In the
Offsite
drop-down list, select one of the following options:
|
|
•
|
Send all Files Offsite
– Offsite backup settings must already be configured in the SonicWALL CDP Web Management Interface, and the offsite appliance must be available.
|
To remove a database from the list of SQL databases scheduled for backup, perform the
following steps:
This section describes how to tell if your Microsoft SQL backups are working correctly. You can
view log entries showing the backups on the Status
page of the SonicWALL CDP Agent User Interface.
You should see log entries showing backups after each scheduled backup after creating a
backup task for SQL.
To view the status of SQL backups:
View the backup status in the right pane.
Step 3
|
Click the
My Backups
tab and view the list of backup revisions.
|
SQL backup configuration is set at different levels. These are:
Servers normally have only one instance, which matches the Windows computer name. SQL
instances can be created to allow for completely separate database management access to different databases.
Also, an instance will be created for each database version installed on the same machine. For
example, SQL 2000 and SQL 2005 can run on the same server, but they will have different instances.
For example, Offsite Backup is applied to the entire agent, meaning that all selected instances
and databases will be backed up to offsite. Authentication is set at an instance level.
Offsite Service backup of CDP is set at the agent level when configuring the backup task. This
implies that all SQL instances and databases selected on the agent will be backed up to the Offsite Service.
You can view files backed up offsite by expanding the
Offsite
option while logged into the Agent as Administrator. For information about this, see the “Administrative Use of the Agent User Interface” section
.
Databases can become corrupted over time. Therefore, it is common practice to run a
Database Consistency Check (DBCC) periodically to make sure that the database is healthy.
In order to backup a database, the SQL account used to access the SQL database must have:
In general, a user called “sa” is created when SQL is installed.
To verify the SQL account configuration, perform the following steps:
For access to Microsoft SQL Server, SonicWALL CDP uses Windows Authentication in which
the Windows user credentials are submitted to SQL.
This section contains the following subsections:
Microsoft SQL Server can operate in one of two security (authentication) modes:
Windows Authentication mode allows a user to connect through a Microsoft Windows user
account.
Mixed Mode allows users to connect to an instance of SQL Server using either Windows
Authentication or SQL Server Authentication. Users who connect through a Windows user account can make use of trusted connections in either Windows Authentication Mode or Mixed Mode.
SQL Server Authentication is provided for backward compatibility. For example, if you create a
single Windows 2000 group and add all necessary users to that group, you will need to grant the Windows 2000 group login rights to SQL Server and access to any necessary databases.
When a user connects through a Windows user account, SQL Server revalidates the account
name and password by calling back to Windows for the information.
SQL Server achieves login security integration with Windows by using the security attributes of
a network user to control login access. A user's network security attributes are established at network login time and are validated by a Windows domain controller. When a network user tries to connect, SQL Server uses Windows-based facilities to determine the validated network user name. SQL Server then verifies that the person is who they say they are, and then permits or denies login access based on that network user name alone, without requiring a separate login name and password.
Login security integration operates over any supported network protocol in SQL Server.
Note that if a user attempts to connect to an instance of SQL Server providing a blank login
name, SQL Server uses Windows Authentication. Additionally, if a user attempts to connect to an instance of SQL Server configured for Windows Authentication Mode by using a specific login, the login is ignored and Windows Authentication is used.
Windows Authentication has certain benefits over SQL Server Authentication, primarily due to
its integration with Windows security system. Windows security provides more features, such as secure validation and encryption of passwords, auditing, password expiration, minimum password length, and account lockout after multiple invalid login requests.
Because Windows users and groups are maintained only by Windows, SQL Server reads
information about a user's membership in groups when the user connects. If changes are made to the accessibility rights of a connected user, the changes become effective the next time the user connects to an instance of SQL Server or logs on to Windows (depending on the type of change).
When a user connects with a specified login name and password from a non-trusted
connection, SQL Server performs the authentication itself by checking to see if a SQL Server login account has been set up and if the specified password matches the one previously recorded. If SQL Server does not have a login account set, authentication fails and the user receives an error message.
SQL Server Authentication is provided for backward compatibility because applications written
for SQL Server version 7.0 or earlier may require the use of SQL Server logins and passwords.
Also, SQL Server Authentication may be required for connections with clients other than
Windows clients.
To set up Windows Authentication Mode security with the SQL management interface:
Step 3
|
On the
Security
tab, under Authentication
, click Windows only
.
|
Step 4
|
Under
Audit level
, select the level at which user accesses to Microsoft SQL Server are recorded in the SQL Server error log:
|
|
•
|
None
causes no auditing to be performed.
|
|
•
|
Success
causes only successful login attempts to be audited.
|
|
•
|
Failure
causes only failed login attempts to be audited.
|
|
•
|
All
causes successful and failed login attempts to be audited.
|
To set up Mixed Mode security with the SQL management interface:
Step 3
|
On the
Security
tab, under Authentication
, click SQL Server and Windows
.
|
Step 4
|
Under
Audit level
, select the level at which user accesses to Microsoft SQL Server are recorded in the SQL Server error log:
|
|
•
|
None
causes no auditing to be performed.
|
|
•
|
Success
causes only successful login attempts to be audited.
|
|
•
|
Failure
causes only failed login attempts to be audited.
|
|
•
|
All
causes successful and failed login attempts to be audited.
|