The following is tip #11 from "20 tips on protecting and recovering Exchange data in 20 minutes," excerpted from the book, "Mission Critical Microsoft Exchange 2003" (Digital Press, a division of Elsevier, Copyright 2004). For more information about this book and other computing titles, please click here. Return to the main page for more tips on this topic.
During an on-line normal backup, another important feature is available. This is ESE' Page Zeroing feature.
Page zeroing is the ability to "zero" each deleted page in the database. This is typically implemented as a security measure in which pages of the database that have been logically deleted (i.e., a user deletes a mail message, and it has been aged out of the deleted items cache) are overwritten to ensure that the data is truly deleted and cannot be recovered by would-be spies, hackers or U.S Department of Justice staff members with too much time on their hands.
ESE Page Zeroing became available in Exchange 5.5 Service Pack 2 (released in December 1998) and is an important feature for Exchange deployments desiring the highest levels of data security. ESE Page Zeroing for Exchange 2000/2003 is enabled via an Exchange System Manager option (shown below) and is available on a per-storage-group level.
Microsoft chose to implement page zeroing as part of the backup process. More specifically, since this operation must touch the database and has nothing to do with the log files, page zeroing is done as part of an on-line normal backup operation. During a normal backup (when ESE Page Zeroing is enabled), as the database engine checks the integrity and copies pages to backup media, it will also zero delete pages in the database by writing a specific byte pattern to the page. Technically, the pages are not zeroed, but contain a byte pattern known to the database as an empty page with no data. Regardless of the technicality, each deleted page no longer contains the original data and is safe from potential security threats.
As you might guess, ESE Page Zeroing can be a resource-intensive process for your Exchange server. Additional overhead beyond what the backup operation already consumes is required to perform the zeroing operation. When ESE Page Zeroing is enabled, the first normal backup operation will be the most resource intensive because all deleted pages in each database are zeroed.
Once the initial operation has been completed by the database engine, only newly deleted pages will need to be zeroed on subsequent normal backups. If you select a strategy of only one normal backup per cycle, all page zeroing operations are only performed at that time. If you are concerned about the additional overhead of ESE Page Zeroing, I recommend that you perform the initial backup (doing a backup to disk is extremely fast) of your databases at a time of low user activity (which may be the most typical case anyway).
Subsequent normal backups should not be particularly resource intensive. Also, if you have a large occurrence of deletion, such as when a large number of mailboxes or public folders are moved or deleted, I recommend the same procedure as in the case of the initial backup previously discussed. Overall, page zeroing should not be a significant performance problem on your Exchange server. However, following these recommendations may make your life a bit easier in the long run.
The backup operation for Exchange (ESE) is very intricate, and it can be confusing. However, it is crucial that Exchange administrators understand how this important operation works. As you can see, how you structure your backups and the combination of full and incremental or differential backups you employ will determine the recoverability of your valuable Exchange data. As an exercise, you should always plan on testing backup operations in a lab environment in order to understand this process better.
Get more "20 tips on protecting and recovering Exchange data in 20 minutes". Return to the main page.
About the author: Jerry Cochran is a contributing editor for Windows IT Pro and Exchange & Outlook Administrator and a group program manager for Microsoft. He is the author of Mission-Critical Microsoft Exchange 2000 (Digital Press).