Embed Size (px)
Citation preview
NameTitle
Microsoft
Exchange High Availability Solution Architecture Design Session
Architecture Design Session
Solution
Overview
Technology
Overview
Point out technologie
s for relevant
capabilitiesDiscuss
technologies
Architecture
Discussion
Discuss Architecture
Decision Points
POC Plannin
g
Develop scope and
specifications for POC
VPC-based demo
Web –based demo
View the capabilities
in action
Show various
possibilities
Vision scope input
from solution briefing
Solution
Briefing Summa
ry
Architecture Design Session
Vision scope input
from solution briefing
Solution
Briefing Summa
ry
• Service downtime disrupts business operations and reduce productivity
• Achieving high availability for all types of communication is expensive
• Protection against Site-level Disasters
Challenges
• Meeting stringent SLAs• Accelerate productivity• Ensure business continuity • Reduce IT cost
Business Drivers
Summary of Pains and Drivers
Technical Requirements • Easy to Deploy and Manage• Deliver a high-value hosted continuity service• Provide IT control with failover, redundancy, and scalability across
your organization
Architecture Design Session
Solution
Overview
Vision scope input
from solution briefing
Solution
Briefing Summa
ry VPC-based demo
Web –based demo
View the capabilities
in action
Show various
possibilities
Authenticatio
n
Administratio
n
Storage
Compliance
Unified Inbox & Presence Audio
Conferencing
E-mail andCalendaring
WebConferencing Telephony
VideoConferencin
g Voice MailInstant
Messaging (IM)
Authentication
Administration
Storage
User Experien
ce
Authenticatio
n
Administratio
n
Storage
UserExperien
ce
Authentication
Administration
Storage
User Experien
ce
Authentication
Administration
Storage
UserExperien
ceAuthenticatio
n
Administratio
n
Storage
User Experien
ce
Authenticatio
n
Administratio
n
Storage
UserExperien
ce
Authenticatio
n
Administratio
n
Storage
User Experien
ce
Telephony and
Voice Mail InstantMessaging
E-mail andCalendarin
gUnified
Conferencing: Audio,
Video, Web
On-Premises or in the Cloud
Communications Today
Streamline Communications
Amplify Protection and Control
Provide a Unified and Extensible
Platform
Across Devices PC, Mobile, Web
Increase Efficiency and
Flexibility
>>
>>
>>
>>Maximize
IT Resources with S+S
Authentication
Administration
Storage
Compliance
Unified Identity, Presence, and
Inbox
On-Premises or in the Cloud
Microsoft Unified CommunicationsIncreased productivity through communications convergence
Sce
nari
os
Pro
duct
s
On Premise Hosted by Microsoft
Deliv
ery
IM and Presence
Unified Messaging
E-Mail and Calendaring
VoIP
Mobility
Security and Compliance
E-mail Security, Compliance, and
Continuity
Hosted by Microsoft or by Partners Hosted by Partners
Microsoft UC Products and Services
Conferencing
UC Journey Through Infrastructure Optimization
Basic
BasicStandard ized
StandardizedDynam ic
DynamicRationalized
Rationalized
identify where
you are
identify where you
want to be
Basic e-mail, file shares, mostly phone based
communication
Standard platform for
secure e-mail and IM
Ad hoc teaming around functions & projects based on IT standards
Increasing unification of
communication channels
Fully managed collaboration platform and
pervasive access
Seamless collaboration across the firewall
Federation of communication information and
policy
IT is astrategic asset
IT is abusiness enabler
IT is an Efficient cost
center
IT is a cost center
Identifying Target Maturity Level IM
&
Pre
sen
ce
Basic
BasicStandardized
StandardizedDynamic
DynamicRationalized
Rationalized
Voic
eC
on
fere
nci
ng
Messag
ing
Legacy TDM PBX, traditional phones
Limited voice mail and call routing
Highly available hybrid telephony infrastructure
Online & offline access to voice mail
Managed call routing
Encrypted voice infrastructure with unified inbox accessible from PCs, phones, & web browsers
Managed storage
Presence-based call routing
Integrated voice platform for IM/presence; conferencing with LOB applicationsAuto-remediation, proactive monitoring of call qualityFederated identity and presence-based call routing
Rich mailbox & calendaring
Secure, remote, online & offline access
Basic AV/AS/AP protection and disaster recovery
Solution supports encryption
Business continuity with AS/AP and multi-layer AV protection
Support advanced policy-driven message controls
Provisioning for user inboxes
Basic email with no remote access and with limited security
Minimal or decentralized IT support
User inboxes are fully managed by IT
Seamless business continuity with multiple AV/AS protection
Advanced policy control to mobile devices & applications
Integration with LOB applications
Federation of calendarPublic IM/online presence, ad-hoc use for daily business
Secure access from inside & outside the firewall
Supports peer-to-peer voice & video communications
Presence enabled email client
Secure IM/online presence accessible from a variety of devices and integrated into enterprise productivity & collaboration platform
Persistence group chat
Supports federation and integration with LOB applications
Sporadic use of audio & web conferencing
Limited video conferencing capabilities
Integrated & secure conferencing platform
Supports high-quality audio & video
Remotely accessible collaboration features
Secure web conferencing accessible from remote locations and devices
IT-managed video conferencing with limited remote access
Contextual unified conferencing solution tightly integrated with collaboration infrastructure and LOB applications
High Availability
Unified CommunicationHigh Availability Overview
Exchange High Availability technologies1. Primarily designed to protect Exchange mailbox
data (Mailbox server role)2. Add redundancy to provide HA for service roles
(UM, CAS, HT, Edge)
3. Remember that:1. High Availability is automatic failovers2. Site Resilience is manual failovers!
Exchange Server 2010 High Availability Goals
Reduce complexity Reduce cost Native solution - no single point of failureImprove recovery timesSupport larger mailboxesSupport large scale deployments
Exchange Server Improvements
Improved mailbox uptime
More storage flexibility
Better end-to-end availability
• Online mailbox moves• Improved transport resiliency
• Further Input/Output (I/O) reductions
• RAID-less/JBOD support
•Improved failover granularity•Simplified administration•Incremental deployment•Unification of CCR + SCR•Easy stretching across sites•Up to 16 replicated copies
Easier and cheaper to deploy
Easier and cheaper to manage
Better Service Level Agreements (SLAs)
Reduced storage costs
Larger mailboxes
Key Benefits
Easier and cheaper to manage
Better SLAs
Lync Server 2010 High Availability and Resiliency Goals
Reduce complexity Reduce cost Native solution - no single point of failureResilient Voice ServiceSupport large scale deploymentsHigh AvailabilityResiliency architectureBranch office resiliencyData Center resiliency
Architecture Design Session
Solution
Overview
Technology
Overview
Point out technologie
s for relevant
capabilitiesDiscuss
technologies
Vision scope input
from solution briefing
Solution
Briefing Summa
ry VPC-based demo
Web –based demo
View the capabilities
in action
Show various
possibilities
Enterprise Network
ExternalSMTP
servers
Edge TransportRouting and
AV/AS
Phone system (PBX or VOIP)
Client AccessClient
connectivityWeb services
Hub TransportRouting and
policy
Web browser
Outlook (remote user)
Mobile phone
Outlook (local user)
Line of business application
MailboxStorage of
mailbox items
Unified Messaging
Voice mail and voice access
Exchange Server 2010 Deployment ModelRole based Deployment
Exchange High Availability TechnologiesContinuous Replication technology
Leverages on-site data replication (CCR) and off-site data replication (SCR) and combines into a single framework called a “Database Availability Group.”Removes the need of managing Failover Clustering separatelyReduces the need for multiple servers to achieve high redundancy in small deployments – Two Servers can provide full redundancySimplified recovery from a variety of failures (disk-level, server-level, and datacentre-level)Can be deployed with cheaper storage types
Mailbox Server
1
Mailbox Server
2
Mailbox Server
3
Mailbox Server
4
Mailbox Server
16
Exchange High Availability TechnologiesMailbox Resiliency
Evolution of Continuous Replication technologyProvides full redundancy of Exchange roles on as few as two serversReduce backup frequency through up to 16 replicas of each databaseSingle solution for High Availability, Disaster Recovery, and Backup
Simplified administration reduces complexityBuilt-in features for mailbox recovery
Improved availabilityCan be deployed on a range of storage options
Mailbox
ServerDB1
DB3
DB2
DB4DB5
Recover quickly from disk and database failures
Mailbox
ServerDB1DB2
DB4DB5
DB3
Mailbox
ServerDB1DB2
DB4DB5
DB3
Replicate databases to remote datacenter
San Jose New York
Exchange High Availability TechnologiesMailbox Resiliency Overview
Client Access Server
Mailbox Server 1
Mailbox Server 2
Mailbox Server 3
Mailbox Server 4
AD site: Dallas
Mailbox Server 5
Client Access Server
Clients connect via CAS serversClient
DB2
DB3
DB1 DB4
DB5
DB1
DB2
DB3
DB4
DB5
DB1
DB2
DB3
DB4
DB5
DB1
DB3
DB5
DB1
DB1
AD site:San Jose
Mailbox Server 6
Failover managed within Exchange
Easy to stretch across sites
Database -centric failover
Database
Availability Group
Exchange High Availability TechnologiesMailbox Resiliency Components
Database Availability Group (DAG)
Mailbox Servers
Mailbox Database Copies
Active Manager
RPC Client Access Service
Active Manager Client
DB2
DB1
DB2
DB3
DB1
DB2
DB3
DB1
Active Manage
r
Active Manage
r
Active Manage
r
RPC Client Access Service
DB3
AM Client
Database Availability Group
Exchange High Availability Technologies DAG (Database Availability Group) & Mailbox Servers
Mailbox ServersHost the active and passive copies of multiple mailbox databasesSupport up to 100 databases per server
Database Availability Group
DB2
DB1
DB2
DB3
DB1
DB2
DB3
DB1
DB3
Database Availability Group
A group of up to 16 mailbox servers that host a set of replicated databasesWraps a Windows® Failover ClusterDefines the boundary of replication and failover/ switchover (*over)
Exchange High Availability Technologies Mailbox Database Copies
Database names are unique across an forestUp to 16 copies of each databaseEach database has one Active copy in a DAG Each server hosts only one copy of a database
Replication using Log ShippingSystem tracks health of each copy
Exchange High Availability Technologies Continuous Replication
Log File 2
Log File 1
Log File 2
Log File 1
Database behind on logs (e.g Server Reboot)
Log File 4
Log File 3
Databaseavailable for log replication
Send me the latest log files … I have log 2
Log File 5
Log File 4
Log File 5
Log File 3
Database copy up to date
Continuous Replication – File ModeContinuous Replication – Block Mode
ES
E L
og
B
uff
er
Rep
licatio
n L
og
B
uff
er
Log File 6
Log File 6Log is built
and inspected
Log File 7Log fragment
detected and converted to complete logX
Exchange High Availability Technologies Active Manager
Selects the “best” copy to activate when the active mailbox database fails30-second database failoverProcess which runs on every server in DAGProvides definitive information on where a database is active and mounted
Active Directory® is primary source for configuration informationActive Manager is primary source for changeable state information such as active and mounted
Active Manager Client runs on CAS and HUB Servers
Exchange High Availability Technologies Achieving double resiliency
• Single Site• 4 Nodes in a DAG• 3 Database Copies
Database Availability Group (DAG)
DB2
DB3
DB5DB4
DB7 DB8 DB1
DB2 DB3 DB4
MailboxServer 1
DB5 DB6 DB7
DB8 DB1 DB2
MailboxServer 2
MailboxServer 3
CAS NLB Farm
DB3 DB4 DB5
DB6 DB7 DB8
MailboxServer 4
DB1
DB6
• Upgrade server 1• Server 2 fails• Server 1 upgrade is done• 2 active copies die
Exchange High Availability Technologies Resiliency across datacenters - Built-in site resiliency
Same deployment and management tools as High Availability in a single datacenterNo stretched subnet networking requirementsImproved process to prevent “Split Brain” Database Availability GroupSimplified standby datacenter validationFaster datacenter switchover process
Fewer resources required for datacenter resiliencyNo Client re-configuration required to access databases in standby datacenterSupport for 2 node datacenter resilient topologies
Two node DAGs can use Datacenter Activation Coordination (DAC) modeDAC mode available to single site configurations
Easy to add high availability to existing deploymentHigh availability configuration is post-setup
Mailbox Server 1
Mailbox Server 2
Database Availability Group
Mailbox Server 3
Datacenter 1 Datacenter 2
DB2
DB3
DB1
DB2
DB3
DB1
DB2
DB3
DB1
Mailbox servers in a DAG can host other Exchange 2010 roles
Exchange High Availability Technologies Incremental Deployment - Reduces cost & complexity
Exchange High Availability Technologies RPC Client Access Server
MAPI clients e.g. Microsoft Office Outlook connecting from inside the Organization Firewall no longer connects to Mailbox ServerMAPI clients connects to Client Access Server for mailbox and directory accessClient Access Server Array to be deployed to provide high availability and redundancyProvides a better client experience when failover occursAllows a higher number of concurrent connections and a higher number of mailboxes per server
MBX
Exchange CAS Array
Outlook Clients
GC
High Availability During FailuresKeeping users connected
Mailbox Database or Server failure…..
Client disconnected for <30 seconds
Client
DB2DB3
DB1
Load Balanced Client Access Servers
Client Access Server failure…..
Client reconnects through another Client Access Server
DB1
DB2DB3
DB1
Mailbox Servers Database Availability Group
DB1
High Availability During MovesKeeping users connected
Email Client
Mailbox Server 1 Mailbox Server 2
Client Access Server
Users remain online while their mailboxes are moved between servers
Sending messagesReceiving messagesAccessing entire mailbox
Administrators can perform migration and maintenance during regular hours
Exchange High Availability TechnologiesTransport Resiliency
Provides resilience and simplifies recovery from a transport server failureProvide redundancy for messages for the entire time they're in transitMessage in Transport Database gets deleted only after it verifies that all of the next hops for that message have completed deliveryEasy maintenance of Hub Transport or Edge Transport serverEliminates the need for storage hardware redundancy for transport servers
Message flow with shadow redundancy
High Availability - Email in transitAutomatic protection against loss of queued email due to hardware failure
Simplifies Hub and Edge Transport Server upgrades and maintenance
Mailbox Server
HubTransport
Edge TransportServers keep “shadow copies” of
items until they are delivered to the next hop
Edge Transport
Exchange High Availability Technologies Backup Using Exchange 2010
DatacenterFailures
AdministratorError
MailboxCorruption
Long Term Data
Retention
Mailbox Resiliency
Single ItemRecovery
Personal Archive + Retention Policies
Lagged Copy
Fast Recover
y
Data Retentio
n
HW/SWFailures
AccidentallyDeleted Items
• Fast recovery• Data redundancy
• Guaranteed item retention
• Past point-in-time database recovery
• Secondary mailbox for older data
Reason for Backup
Recovery Feature
Exchange 2010 Feature Benefit
Exchange High Availability TechnologiesExchange Hosted Services Continuity
Offsite, Microsoft-maintained business continuance30-day rolling archive of online email stored offsiteFull Web and Outlook accessMessage archive is encrypted and only accessible to authorized usersAutomated failover when your site goes downMultiple vendors used for message hygiene
Exchange High Availability Simplified Administration - Reduces cost & complexity
High Availability administration all within Exchange 2010
Exchange Management Console for common tasksExchange Management Shell (PowerShell)
Mailbox Databases managed at Organizational LevelSame automated database failover process used for a range for failures—disk, server, networkSimplified activation of Exchange 2010 services in a standby datacenter
Additional Tools provided to simplify management
Active mailbox database redistributionDAG Maintenance ModeSingle Copy AlertFailover Metrics Reporting (Improved)DAG property page supports static IP address specification
Exchange High Availability Simplified Administration – Managing Availability
1
2 3
Select a database
View locations and status of replicated copies
Take action (add copies, change master, etc.)
Architecture Design Session
Solution
Overview
Technology
Overview
Point out technologie
s for relevant
capabilitiesDiscuss
technologies
Architecture
Discussion
Discuss Architecture
Decision Points
Vision scope input
from solution briefing
Solution
Briefing Summa
ry VPC-based demo
Web –based demo
View the capabilities
in action
Show various
possibilities
High Availability ScenariosSmall Deployment
IT assets are located at a single site. Customers has requirement of higher uptime with lower cost. Additionally the customer has the following concerns:
Protection against Server/Disk failureProtection against Database failureConnection failure – Consider where messages go if you are offlineData loss – Consider the impact of lost messages, Archiving and regulatory impact of retentionSite loss – Plan for site failure, what do you need to recover?
High Availability ScenariosMedium Deployment
IT assets are located at a number of different sites. The customers has high uptime requirements. Additionally the customer has the following concerns:
Protection against Server/Disk failureProtection against Database failureConnection failure – Evaluate redundant links, and routing impactsData loss – Consider site replication, Archiving and offsite backup requirementsSite loss – Consider a hosted standby, or site replication
High Availability ScenariosLarge Deployment
IT assets are located at a number of different sites often times in data centre-grade facilities. The customer has high uptime requirements. Additionally the customer has the following concerns:
Server failure – Implement DAG with extended nodes in other sitesConnection failure – Have redundant links to the internet and between sitesData loss – Consider site replication, Archiving and offsite backup requirementsSite loss – Create site failover plans
Architecture Decision Points
• Current High Availability technologies
Current Infrastructure
• Future High Availability needs and goals
Future Infrastructure
• Basic deployment planningDeployment
Architecture Decision PointsCurrent Infrastructure
What are the currently implemented high availability technologies?What is the current network and office topology?What are the company drivers and requirements for high availability?What are the current site resiliency goals?
Architecture Decision PointsFuture Infrastructure
What are the future plans for the network and office topology?What are the expansion expectations for the next six months, a year, two years, and five years? What level of high availability is needed?Does everyone need the same level of service?How will you address business continuance/site loss? Do you want to do it all in-house or outsource some of or all of it?
Architecture Decision PointsDeployment
How can you prepare now to meet your future high availability needs?Will you upgrade existing systems or implement all new systems?Exchange rely on Active Directory so it needs to be made highly available as wellExchange Hosted Services provides a quick, easily implemented HA solution for site loss and business continuanceDAG spanned to multiple nodes and multiple hub and CAS servers for Microsoft Exchange
Architecture Design Session
Solution
Overview
Technology
Overview
Point out technologie
s for relevant
capabilitiesDiscuss
technologies
Architecture
Discussion
Discuss Architecture
Decision Points
POC Plannin
g
Develop scope and
specifications for POC
Vision scope input
from solution briefing
Solution
Briefing Summa
ry VPC-based demo
Web –based demo
View the capabilities
in action
Show various
possibilities
POC Planning
Sponsor NameProject Timing Goals and ObjectivesScope Milestones Risks & Dependencies
Next Steps
Proof of Concept•Assemble resources from the business side and from the IT group•Understand business processes that are being addressed•Gain knowledge about technology infrastructure•Verify the technology roadmap•Review the POC scope and assumptions
Proof of Concept
Architecture Design Session
Solution Briefing
Solution Development
© 2007 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Appendix Slides…
Exchange High Availability Technologies Creating Redundant Environment
Multiple Unified Messaging Servers can be deployed in a dial plan to achieve the resiliency and high availabilityIP Gateways can be set up to route calls in a round-robin manner to balance the load between multiple UM servers in a dial plan and detect UM server failureMultiple Edge Transport Servers can be deployed to provide redundancy and failover capabilitiesMultiple HUB Transport Servers can be deployed to provide redundancy and load distributionMultiple Client Access Servers can be deployed in Client Access Array to provide redundancy and prevents single Points of failuresCreate Database Availability Group (DAG) with multiple copies of database Create Database Availability Group (DAG) that span multiple Mailbox servers
Lync Server High Availability Technologies Creating Redundant Environment
Instant MessagingEnterprise Edition: Multiple Front-End Server, Array of Edge Servers
Web ConferencingEnterprise Edition: Multiple Front-End Servers, Array of Edge Servers
VoiceMultiple Mediation Servers and GatewaysMultiple voice routes
Web Based IM/PALoad balance multiple Exchange 2010 CAS Servers
Monitoring ServerClustered SQL database
Archiving ServerClustered SQL database
Persistent Group ChatMultiple Group Chat Servers in a pool
Site Resilience
Namespace, Network and Certificate Planning
Each datacenter is considered active and needs their own namespacesEach datacenter needs the following namespaces
OWA/OA/EWS/EAS namespacePOP/IMAP namespaceRPC Client Access namespaceSMTP namespace
In addition, one of the datacenters will maintain the Autodiscover namespace
Planning for site resilienceNamespaces
Best Practice: Use Split DNS for Exchange hostnames used by clientsGoal: minimize number of hostnames
mail.contoso.com for Exchange connectivity on intranet and Internetmail.contoso.com has different IP addresses in intranet/Internet DNS
Important – before moving down this path, be sure to map out all host names (outside of Exchange) that you want to create in the internal zone
Planning for site resilienceNamespaces
Datacenter 1
CAS HT
MBX
Datacenter 2
HT CAS
ADAD MBX
Internal DNSMail.contoso.comPop.contoso.comImap.contoso.comAutodiscover.contoso.comSmtp.contoso.comOutlook.contoso.com
Internal DNSMail.region.contoso.comPop.region.contoso.comImap.region.contoso.comSmtp.region.contoso.comOutlook.region.contoso.com
Exchange ConfigExternalURL = mail.region.contoso.comCAS Array = outlook.region.contoso.comOA endpoint = mail.region.contoso.com
Exchange ConfigExternalURL = mail.contoso.comCAS Array = outlook.contoso.comOA endpoint = mail.contoso.com
External DNSMail.region.contoso.comPop.region.contoso.comImap.region.contoso.comSmtp.region.contoso.com
External DNSMail.contoso.comPop.contoso.comImap.contoso.comAutodiscover.contoso.comSmtp.contoso.com
Planning for site resilienceNamespaces
Design High Availability for DependenciesActive DirectoryNetwork services (DNS, TCP/IP, etc.)Telephony services (Unified Messaging)Backup servicesNetwork servicesInfrastructure (power, cooling, etc.)
Planning for site resilienceNetwork
LatencyMust have less than 250 ms round trip
Network cross-talk must be blockedRouter ACLs should be used to block traffic between MAPI and replication networksIf DHCP is used for the replication network, DHCP can be used to deploy static routes
Lower TTL for all Exchange records to 5 minutesOWA/EAS/EWS/OA, IMAP/POP, SMTP, RPCCASBoth internal and external DNS zone
Planning for site resilienceNetwork
Certificate Type Pros Cons
Wildcard Certs • One cert for both sides• Flexible if names change
• Wildcard certs can be expensive, or impossible to obtain
• WM 5 clients don’t work with wildcard certs
• Setting of Cert Principal Name to *.company.com is global to all CAS in forest
Intelligent Firewall • Traffic is forwarded to the ‘correct’ CAS
• Requires ISA or other firewall which can forward based on properties
• Additional hardware required• AD replication delays affect publishing
rules
Load Balancer • Load Balancer can listen for both external names and forward to the ‘correct’ CAS
• Requires multiple certificates• Requires multiple IP’s• Requires load balancer
Same Config in Both Sites
• Just an A record change required after site failover
• No way to run DR site as Active during normal operation
Manipulate Cert Principal Name
•Minimal configuration changes required after failover•Works with all clients
• Setting of Cert Principal Name to mail.company.com is global to all CAS in forest
Planning for site resilienceCertificates
Planning for site resilienceCertificates
Best practice: minimize the number of certificates1 certificate for all CAS servers + reverse proxy + Edge/HubUse Subject Alternative Name (SAN) certificate which can cover multiple hostnames
If leveraging a certificate per datacenter, ensure the Certificate Principal Name is the same on all certificates
Outlook Anywhere won’t connect if the Principal Name on the certificate does not match the value configured in msstd: (default matches OA RPC End Point)Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.contoso.com
