Microsoft introduces Transport dumpster in Exchange 2007 and continues with Exchange 2010, All email traffic (incoming/outgoing) must go through a Hub transport server before reaches to the mailbox.
Transport dumpster is a feature of the HUB transport of the Exchange Server 2010/2007 all messages which gets delivered to user’s mailboxes is routed through a HUB transport server and get stored in the Transport Dumpster. Even an email sent from one user to another user on the same mailbox server, the mailbox server routes the email to a HUB transport server and back again through MAPI.
Transport dumpster designed to minimize data loss during the mail delivery either it is a DAG in a lossy failover scenario or CCR and LCR mailboxes. Transport dumpster is used for replicated mailbox databases only, it never defend messages sent to public folders, nor does it defend messages sent to recipients on mailbox databases that are not replicated.
The entire HUB transport server in the active directory site of the DAG contains the transport dumpster queue for a particular mailbox and the dumpster is stored inside the mail.que file.
Exchange Server Transport Dumpster Settings
There are two settings that control the life span of a message within the transport dumpster.
•MaxDumpsterSizePerDatabase Defines the size available for each storage group on the Hub Transport server. The recommendation is that this be set to 1.5 times the maximum message size limit within your environment. The default value for this setting is 18 MB.
•MaxDumpsterTime Defines the length of time that a message remains within the transport dumpster if the dumpster size limit is not reached. The default is 7 days.
In Exchange 2010 the Transport Dumpster is controlled using the Set-TransportConfig cmdlet is configured to 15MB per database per default. This means for every mailbox database the transport dumpster will always hold the last 15MB of email delivered to the mailbox server.
In the event of a lossy fail over (where the server or database goes offline due to some reason), the “MSExchangeRepl” (MSExchange replication service) will set the “DumpsterRedeliveryRequired” Attribute to True for the database which just became Active after the failover. This is done with the help of the “LastLogInspected” marker which is set on every database. Hub servers will then redeliver the missing messages from the mail.que file depending upon the MaxDumpsterSizePerDatabase or MaxDumpsterTime whichever is latest.
We can run the following command to see the current settings:
Get-TransportConfig |fl *Dumpster*
Changes in Exchange 2010
In Exchange 2007, messages were retained in the transport dumpster until the administrator –defined time limit or size limit is reached. In Exchange 2010, the transport dumpster now received feedback from the replication pipeline to determine which messages have been delivered and replicated.
When messages route through HUB transport server and replicated mailbox database in DAG, a copy is kept in the transport queue (mail.que) until the replication pipeline has notified the Hub Transport server that messages has been replicated to and inspected by all copies of the mailbox database. Once logs have been replicated to and inspected by all copies then logs will truncated from the transport dumpster. This exercise keeps Transport Dumpster smaller only copies of the transaction logs haven’t yet been replicated.
Transport dumpster also enhanced to account for the changes to the Mailbox Server roles that enable a single mailbox database to move between Active Directory sites. As you know DAG can be extended to multiple Active Directory sites, and result, a single mailbox database in one Active Directory site can fail over to another Active Directory site. When this occurs, any transport dumpster redelivery requests will be sent to both Active Directory sites, the original site and the new site.
Exchange 2013 Safety Net
In Exchange 2013, Microsoft replaced the transport dumpster with Safety Net.
How Safety Net Works
Shadow redundancy keeps a redundant copy of the message while the message is in transit. Safety Net keeps a redundant copy of a message after the message is successfully processed. So it means Safety Net begins where shadow redundancy ends.
The primary Safety Net exists on the Mailbox server that held the primary message before the message was successfully processed by the transport service.
Message resubmissions from Safety Net are initiated by the Active Manager component of the Microsoft Exchange Replication service that manages DAGs and mailbox database copies. No manual actions are required to resubmit messages from Safety Net.
Safety Net is a queue that's associated with the Transport service on a Mailbox server. This queue stores copies of messages that were successfully processed by the server. Safety Net uses the mail.que database, the same database which is used to store messages in queue. As by default Safety Net will keep the last 2 days’ worth of email in this queue, expect the mail.que database to be larger than previous versions of Exchange.
The mail.que database file uses the Extensive Storage Engine (ESE), the same database technology which is used by the mailbox databases themselves.
Similarities between Safety Net and Transport Dumpster
- Just as in a transport dumpster, safety Net is also a queue that is related to the Transport service on a Mailbox server
- It stores copies of messages already processed by the mailbox
- The duration for which the messages remain in the queue can be specified as in a dumpster. The default is 2 days
Why Safety Net is better than Transport Dumpster
- Safety Net is not just applicable for DAGs but also for Public Folders and other Mailboxes which are not a part of DAGs unlike a transport dumpster
- Due to the redundant nature of Safety Net it is never a single point of failure. Because of the availability of the Primary Safety Net and the Shadow Safety Net, even if the Primary Safety Net is unavailable for more than 12 hours, resubmit requests are forwarded to shadow resubmit and act as shadow resubmit requests, and messages are re-delivered from the Shadow Safety Net thus ensuring message delivery even if one of the safety net fails
- Another advantage of safety net is that safety net do net limit the message storage based on size but only by duration. For example if you set 12 days as the duration limit, the messages will be deleted only after 12 days of being in the inbox
- Safety Net does not require manual resubmission of messages. Message resubmission is initiated by the Active Manager component of the Microsoft Exchange Replication service
- Another improvement with Exchange 2013 Safety Net over Transport Dumpster is redundancy. Safety Net itself is now redundant, and is no longer a single point of failure. This introduces the concept of the Primary Safety Net and the Shadow Safety Net. If the Primary Safety Net is unavailable for more than 12 hours, resubmit requests become shadow resubmit requests, and messages are re-delivered from the Shadow Safety Net.