Thats a lot of questions to answer....
So I will try to answer from our perspective...
a.) Our "Failover" machine is physically in another location.
If the "main" box, can't be contacted within 5 minutes, the Failover machine kicks off.
(how we move data between the two, is a different discussion.)
** We did check with SM, that as long as we have an Enterprise license AND one
machine will not be running, when the other is up, we are compliant with license.
b.) Told you # a.) first, because to support our process, we have two
"gate MX servers" that handle incoming mail. We are, or will be, once we get a
bug ironed out with SM, be using SM exclusively for this purpose.
c.) We have own process to dynamically control DNS to coincide with #a.) switches....
Our position is this: Our email HAS to be available... not having a redundant
process is not an option for us.
In reflection... we actually practice BCP (business continuation procedures) .. 3 times a year.
I know we are anal... but we learn something new everytime. Being in the mid-west our concern is more suffering from a natural disaster, where a specific site could be down for many hours, if not days.
To me, it really depends on your business requirements. The cost for hardware and software is not monumental .. in comparison to effects of being unavailable ( in our estimation).