Upload
scott
View
34
Download
0
Embed Size (px)
DESCRIPTION
Architecting a Multi-host Environment With Exchange 2000 Andres Sanabria Network Specialist Microsoft Corporation. What Is An ASP. Defining Characteristics: Applications-centric Deploy, host, manage and rent Applications license ownership One-to-many Delivers on contract Centrally managed. - PowerPoint PPT Presentation
Citation preview
Architecting a Multi-host Architecting a Multi-host Environment With Environment With Exchange 2000Exchange 2000
Andres SanabriaAndres SanabriaNetwork SpecialistNetwork SpecialistMicrosoft CorporationMicrosoft Corporation
What Is An ASPWhat Is An ASP
Defining Characteristics:Defining Characteristics: Applications-centric Applications-centric
Deploy, host, manage and rentDeploy, host, manage and rent Applications license ownershipApplications license ownership One-to-manyOne-to-many Delivers on contractDelivers on contract Centrally managedCentrally managed
TopicsTopics
Hosting scenarios and modelsHosting scenarios and models Active DirectoryActive Directory™™ design design Messaging configurationMessaging configuration Scalability and reliabilityScalability and reliability ClientsClients ManagementManagement
Hosting Scenarios And ModelsHosting Scenarios And Models
Centralized (shared server hosting)Centralized (shared server hosting) All software components, hardware live All software components, hardware live
at ASP data centerat ASP data center ISP-like configurationISP-like configuration Vast scale services (messaging, conf, wireless)Vast scale services (messaging, conf, wireless)
De-centralized De-centralized Co-located and/or off-site CPECo-located and/or off-site CPE Remotely managed by MSPRemotely managed by MSP Tied into ASP directory in some casesTied into ASP directory in some cases
Fully distributed (dedicated server hosting)Fully distributed (dedicated server hosting) Complete data/config isolationComplete data/config isolation Management, monitoring and recoveringManagement, monitoring and recovering Highest SLA, costsHighest SLA, costs
Active Directory DesignActive Directory Design
Customer RequirementsCustomer Requirements Single point of management for any Single point of management for any
resource (applications, users, email,..etc)resource (applications, users, email,..etc) Totally secure and isolated environment Totally secure and isolated environment Share the same infrastructure for Share the same infrastructure for
multiple companiesmultiple companies Delegate Configuration to ASP personnelDelegate Configuration to ASP personnel Delegate user mgmt to customerDelegate user mgmt to customer Automate most of my workAutomate most of my work
Scripts, schedule task, applicationScripts, schedule task, application Increase the availabilityIncrease the availability
Active Directory DesignActive Directory Design
Name Space Partition Name Space Partition Organization Unit - OU ModelOrganization Unit - OU Model
Each OU will host a CompanyEach OU will host a Company Administrative containersAdministrative containers Unit of delegate administrationUnit of delegate administration
User Principal Name- UPN Model User Principal Name- UPN Model (Same as pre-Windows 2000) = (Same as pre-Windows 2000) =
OU name //UsabilityOU name //Usability Set security ACL in groups created in the OUSet security ACL in groups created in the OU
AllUsers@customer1AllUsers@customer1 , , AdminOu@customer1AdminOu@customer1 Remove Authenticate UsersRemove Authenticate Users
Single forestSingle forest Keep it simple, “Less Is Better”Keep it simple, “Less Is Better” Security – top design prioritySecurity – top design priority
Active Directory DesignActive Directory Design
MyAsp.Com
Company1.com
om
om
Company2.com
Admin@company2
.com
om
Active Directory – Active Directory – Shared Hosting Architecture Shared Hosting Architecture
WTSWTS
Offi
ce O
nlin
eO
ffice
On
line
Oth
er T
S A
pps
Oth
er T
S A
pps
Active Directory DesignActive Directory Design
Exchange 2000Exchange 2000
Me
ssa
gin
gM
ess
ag
ing
Inst
ant M
ess
agi
ng
Inst
ant M
ess
agi
ng
Co
nfe
ren
cing
Co
nfe
ren
cing
Un
ifie
d M
essa
gin
gU
nifi
ed
Mes
sag
ing
Wir
ele
ssW
irel
ess
Oth
er IS
V A
pp
sO
ther
ISV
Ap
ps
Ma
na
ged
PC
Ma
na
ged
PC
Benefits of a single platform (Windows 2000) Benefits of a single platform (Windows 2000) and integration of productsand integration of products
Active Directory DesignActive Directory Design
Configure the AD to be GC Configure the AD to be GC to improve performanceto improve performance
At least one GC per geographical At least one GC per geographical locationlocation Replicated to two servers for RedundancyReplicated to two servers for Redundancy
Build in a “Round Robin” type Build in a “Round Robin” type of solutionof solution
Easy to integrated via ADSI, Easy to integrated via ADSI, or LDAP callor LDAP call
Messaging ConfigurationMessaging Configuration
Recipient PoliciesRecipient Policies Automatically create SMTP address Automatically create SMTP address
base on rulesbase on rules Users/LogonName ends with <OU Name> Users/LogonName ends with <OU Name>
= @<SMTP Address>= @<SMTP Address> Groups/DisplayName end with <OU Groups/DisplayName end with <OU
Name> = @<SMTP Address>Name> = @<SMTP Address> Multiple SMTP Address per userMultiple SMTP Address per user
Messaging ConfigurationMessaging Configuration
Global address List and Offline Address listGlobal address List and Offline Address list Support Multiple GAL and ADLSupport Multiple GAL and ADL Have a common place for all the user to look up Have a common place for all the user to look up
other usersother users Users/e-mail ends with <OU Name>Users/e-mail ends with <OU Name>
SecuritySecurity AllUsersAllUsers@customer1@customer1 , ,
Allow = read, execute, read permissions, list Allow = read, execute, read permissions, list content, read properties, open address listcontent, read properties, open address list
AdminOuAdminOu@customer1@customer1 Full administrative privilegeFull administrative privilege
For MAPI usersFor MAPI users
Messaging ConfigurationMessaging Configuration
Outlook Web AccessOutlook Web Access Limiting MAPI/RPC lookup via ADLimiting MAPI/RPC lookup via AD
msExchQueryBaseDNmsExchQueryBaseDN Using ADSIEdit.exeUsing ADSIEdit.exe
ou=<ou name>, dc=<domain_name>, ou=<ou name>, dc=<domain_name>, dc=<root_domain>dc=<root_domain>
ExEx ou=Customer1, dc=myAsp, dc= comou=Customer1, dc=myAsp, dc= com
Per userPer user Scriptable via ADSIScriptable via ADSI
Messaging ConfigurationMessaging Configuration External DNSExternal DNS
Primary zones per customerPrimary zones per customer IN A IN A pointing to the Virtual IP addresspointing to the Virtual IP address WWW WWW for the OWAfor the OWA MXMX for the SMTP addressfor the SMTP address
Integrated to the AD Integrated to the AD For redundancy and replication For redundancy and replication
EX.EX. Customer1.comCustomer1.com
@ MX@ MX 1010 mail.Customer1.com.mail.Customer1.com.MAIL MAIL AA 208.217.184.2208.217.184.2 ;SMTP;SMTPwww www AA 208.217.184.3 208.217.184.3 ;OWA;OWA
AD and FE server will resolve the mailbox location AD and FE server will resolve the mailbox location and alias for the userand alias for the user
Scalability Scalability And ReliabilityAnd Reliability
Exchange 5.5Exchange 5.5 Designed for enterprises and SMORGsDesigned for enterprises and SMORGs Thousand usersThousand users
MCISMCIS Designed for hosted configurations Designed for hosted configurations Million UsersMillion Users
High-performance POP/IMAP/NNTP servicesHigh-performance POP/IMAP/NNTP services Chat ServerChat Server
Provisioning built-inProvisioning built-in Scales to the massesScales to the masses
Scalability Scalability And ReliabilityAnd Reliability
Scalability and reliability through Scalability and reliability through partitioning and redundancypartitioning and redundancy
Partition separate servers for:Partition separate servers for: ProtocolsProtocols StorageStorage DirectoryDirectory
Add redundancy with:Add redundancy with: Clustering Clustering Load BalancingLoad Balancing
Scalability Scalability And ReliabilityAnd Reliability Scaling VerticalScaling VerticalVersionVersion ProcessorProcessor RAMRAM
Windows 2000 ServerWindows 2000 Server 4 Way SMP4 Way SMP 4 GB RAM4 GB RAM
Windows 2000 Advance Windows 2000 Advance ServerServer
8 way SMP8 way SMP 8 GB RAM8 GB RAM
Windows 2000 Data centerWindows 2000 Data center 32 way SMP32 way SMP 64 GB RAM64 GB RAM
Scaling HorizontalScaling HorizontalVersionVersion Net Load BalNet Load Bal Cluster servCluster serv
Windows 2000 ServerWindows 2000 Server N/AN/A N/AN/A
Windows 2000 Advance Windows 2000 Advance ServerServer
Up to 32 nodes Up to 32 nodes 2 node2 node
Windows 2000 Data centerWindows 2000 Data center Up to 32 nodes Up to 32 nodes 4 Node Cluster4 Node Cluster
Scalability Scalability And ReliabilityAnd Reliability
Network Load BalancingNetwork Load Balancing TCP/IP Load BalancingTCP/IP Load Balancing 32 nodes could be view as a single server32 nodes could be view as a single server Great for front-end servers Great for front-end servers
Used by TCP/UDP Protocols, app. Used by TCP/UDP Protocols, app. HTTP, IMAP, POP3, smtpHTTP, IMAP, POP3, smtp
dynamically adjusts, distributing requestsdynamically adjusts, distributing requests
Scalability Scalability And ReliabilityAnd Reliability FE/BE ConfigurationsFE/BE Configurations
Front-end servers are important for hosting Front-end servers are important for hosting configurationsconfigurations Provides unified namespace across the farmProvides unified namespace across the farm Offloads SSL processing from back-endsOffloads SSL processing from back-ends Provides an additional security layerProvides an additional security layer Allows for seamless server consolidationAllows for seamless server consolidation Allows seamless distribution of user data across Allows seamless distribution of user data across
multiple servers without having to re-authenticatemultiple servers without having to re-authenticate IMAP/POP/HTTP/WebDAVIMAP/POP/HTTP/WebDAV
Scalability Scalability And ReliabilityAnd Reliability
Cluster ServerCluster Server Application . Application . state full, back-end serversstate full, back-end servers Fail Over in the case that the application failFail Over in the case that the application fail Fail Back when the server is back on lineFail Back when the server is back on line Active || Passive applicationActive || Passive application Exchange is a Cluster aware applicationExchange is a Cluster aware application
Resource.dll: Exchange wrote its own // EXCHRES.DLLResource.dll: Exchange wrote its own // EXCHRES.DLL A resource group is an atomic unit of fail over/A resource group is an atomic unit of fail over/
fail backfail back Exchange Virtual ServerExchange Virtual Server
Let the back end do the heavy liftingLet the back end do the heavy lifting ProcessingProcessing Accessing storageAccessing storage SecuritySecurity
Failover/User ExperienceFailover/User Experience
EVS2EVS2
EVS1
EVS1EVS1
XXHTTP,POP, HTTP,POP, IMAP,MAPIIMAP,MAPI
Scalability Scalability And Reliability And Reliability Partition separate serversPartition separate servers
Router /DNS Router /DNS service service resolverresolver
Router /DNS Router /DNS service service resolverresolver
ProtocolProtocol ProtocolProtocol ProtocolProtocol ProtocolProtocol ProtocolProtocol
StoreStoreStoreStore StoreStoreStoreStore
Cluster ACluster A Cluster BCluster B
Windows Windows 2000 2000 DirectoryDirectory
Scalability Scalability And ReliabilityAnd ReliabilityStorageStorage
Shared StorageShared Storage
Machine Machine BB
Machine Machine AA
Local Attach StorageLocal Attach Storage SupportedSupported
Scalability Scalability And ReliabilityAnd ReliabilityStorageStorage
4 Server Cluster4 Server Cluster 3 Servers Running3 Servers Running
Nodes = 15 Nodes = 15 storagesstorages
60 storage60 storage 2 Servers Running2 Servers Running
Nodes = 10 Nodes = 10 storagesstorages
40 storages40 storages 1 Server Running1 Server Running
Nodes = 5 StorageNodes = 5 Storage 20 storages20 storages
2 Node Cluster 2 Node Cluster 1 Server Running1 Server Running
Nodes = 10 Storage Nodes = 10 Storage 20 Storage20 Storage
3 Node Cluster3 Node Cluster 2 Servers Running2 Servers Running
Nodes = 10 storage Nodes = 10 storage 30 storage30 storage
1 Server Running1 Server Running Nodes = 6 storageNodes = 6 storage 18 Storage18 Storage
Always plan for 20 Storages at most per single serverAlways plan for 20 Storages at most per single server
Scalability Scalability And ReliabilityAnd Reliability
Scalability is priority one for most Scalability is priority one for most hosting scenarioshosting scenarios
Current scenarios:Current scenarios: 1 million user test1 million user test FE/BE scalabilityFE/BE scalability SAN testingSAN testing
Large scalability labs in Large scalability labs in Bldg 43 + MPSCBldg 43 + MPSC
Client ScenariosClient Scenarios
DigitalDigital tabletstablets
PC - Desktop PC - Desktop PC - Laptop PC - Laptop Windows TerminalWindows Terminal
Win CE - Palm PCWin CE - Palm PCWin CE – HH ProWin CE – HH ProSmart PhonesSmart PhonesCellular PhonesCellular Phones
ClientClient AuthenticationAuthentication ProtocolProtocol AdvantagesAdvantages DisadvantagesDisadvantages
OWAOWA BasicBasic
Basic + SSLBasic + SSL
NTLMNTLM
DigestDigest
httphttp
httpshttps
Basic& DigestBasic& Digestbrowser independentbrowser independent
HTML 3.2+HTML 3.2+ No client updatesNo client updates With SSL entire With SSL entire
session is encryptedsession is encrypted
No offline No offline capabilitiescapabilities
Secure Secure connection connection requires SSLrequires SSL
SSL slows down SSL slows down performanceperformance
O2KO2K NTNT
BasicBasic
MAPI MAPI POP3POP3
IMAP4IMAP4
Rich functionalityRich functionality
large installed baselarge installed base
MAPI clients only MAPI clients only connect to the connect to the backendbackend
VPN required for VPN required for MAPIMAPI
Network Traffic loadNetwork Traffic load
OEOE BasicBasic
Basic over Basic over SSLSSL
NTNT
POP3POP3
IMAP4 IMAP4 LDAPLDAP
large installed baselarge installed base
little overhead, good little overhead, good performanceperformance
SSL slows down SSL slows down performanceperformance
NT requires VPNNT requires VPN
POP3IPOP3IMAP4MAP4
BasicBasic POP3POP3
IMAP4IMAP4
Light and good to just Light and good to just connectconnect
Lack of featuresLack of features
ManagementManagement
Remote ManagementRemote Management Windows Terminal ServerWindows Terminal Server MMCMMC Lights Out OperationLights Out Operation
Automatic tasks Automatic tasks CDO / CDO EXMCDO / CDO EXM ADSIADSI OLE DBOLE DB Objects : Objects :
Interfaces, methods, propertiesInterfaces, methods, properties Dual interfacedDual interfaced
C++, Visual Basic, VB Scripting Edition, JscriptC++, Visual Basic, VB Scripting Edition, Jscript
Call To ActionCall To Action
Follow the next session Follow the next session Check the Architecture White PaperCheck the Architecture White Paper Use the “Deployment guide”Use the “Deployment guide”
Saturday we will build the ASP Saturday we will build the ASP environmentenvironment
Send feedback and comments to Send feedback and comments to [email protected]@Microsoft.com