UCC305

Exchange Server 2010High Availability Design

Scott Schnollscott.schnoll@microsoft.comPrincipal Technical WriterMicrosoft Corporation

Agenda

Example designsSizingActive DirectoryNamespacesCertificatesUser Distribution ModelsStorageNetworkDatabase Availability Group (DAG) Member Policies

3

Exchange Server 2010 High AvailabilityDesign Principles: Example Designs

DAG Design Examples

Two–member DAGSmallest possible DAG that can provide high availabilityBest-suited for small organizations that need high availability, but not site resilienceEnables redundancy of all roles with only two Exchange servers (can be Standard Edition of Exchange)Will require third server (witness)Will require non-WNLB solution

DAG Design Examples

Four-member DAG (single site)

Provides greater availability than a 2 or 3-member DAGCan deploy enough copies to

Use Exchange Native Data ProtectionUse JBOD instead of RAIDDeploy lagged database copies

DAG Design Examples

Seven-member, multi-site DAGProvides greater availability by adding voting-only Mailbox serversBecause more voters are available, more servers can be lost while still maintaining quorum

Exchange Server 2010 High Availability

Design Principles: Sizing Database Availability Groups

Sizing Database Availability Groups

The larger the DAG…the better the resiliency, as larger DAGs continue to provide as much service as they can after more failures, based on the configurationthe better efficiency of the hardware, as you can more evenly distribute the active load across all members

For server count, consider a multiple of the number of database copies you are deploying

For example 3 copies and 3 or 6 servers, 4 copies and 4 or 8 servers, etc.

Sizing Database Availability Groups

Question: How many DAGs should I deploy?Answer: It depends

You will need to deploy multiple DAGsIf you need more than 16 serversIf you are deploying across multiple domainsIf you need to separate administration of DAGs

You may also need multiple DAGs depending on your site resilience architecture

Exchange Server 2010 High Availability

Design Principles: Active Directory

Active Directory

Follow Active Directory guidance for Active Directory site definition

http://aka.ms/nyd3h5

Site assignment controls the association of Client Access and Hub Transport to Mailbox

CAS/HUB service local Mailbox servers, “mostly”

Exchange Server 2010 High Availability

Design Principles: Namespaces

Namespaces

When planning for site resilience, each datacenter needs to be considered active

Exchange Server 2010 site resilience requires active Client Access and Hub Transport in each datacenter containing Mailbox server

These services are used by databases that undergo a cross-site *over

Namespaces

Each datacenter is considered activeEach datacenter needs the following namespaces

OWA/OA/EWS/EAS namespacePOP/IMAP namespaceRPC Client Access Server Array namespaceSMTP namespace

One datacenter will maintain Autodiscover namespaceNew in SP1 – FailbackURL namespace

Namespaces

Use Split DNS for Exchange hostnames used by clients

Minimizes number of needed hostnamesmail.contoso.com for Exchange connectivity on intranet and Internetmail.contoso.com has different IP addresses in intranet/Internet DNS

Moscow

CAS HT

MBX

St. Petersburg

HT CAS

ADAD MBX

Internal DNSMail.contoso.comPop.contoso.comImap.contoso.comAutodiscover.contoso.comSmtp.contoso.comOutlook.contoso.com

Internal DNSMail.sp.contoso.comPop.sp.contoso.comImap.sp.contoso.comSmtp.sp.contoso.comOutlook.sp.contoso.com

ExternalURL = mail.sp.contoso.com

CAS Array = outlook.sp.contoso.com

OA endpoint = mail.sp.contoso.com

ExternalURL =mail.contoso.com

CAS Array =outlook.contoso.com

OA endpoint =mail.contoso.com

External DNSMail.sp.contoso.comPop.sp.contoso.comImap.sp.contoso.comSmtp.sp.contoso.com

External DNSMail.contoso.comPop.contoso.comImap.contoso.comAutodiscover.contoso.comSmtp.contoso.com

Namespaces

Exchange Server 2010 High Availability

Design Principles: Certificates

Certificates

Minimize the number of certificates by using 1 certificate forAll Client Access, Edge Transport, Hub Transport and reverse proxy servers

Use Subject Alternative Name (SAN) certificate to cover multiple hostnamesIf leveraging a certificate per datacenter, then ensure that the Certificate Principal Name is the same on all certificates

Outlook Anywhere won’t connect if the Principal Name on the certificate does not match the value configured in msstd:

Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.contoso.com

Exchange Server 2010 High Availability

Design Principles: User Distribution Models

User Distribution Models

Active/Passive user distribution modelDatabase copies deployed in the secondary datacenter, but no active mailboxes are hosted there

Active/Active user distribution modelUser population dispersed across both datacenters with each datacenter being the primary datacenter for its specific user population

Prim

ary

Data

cent

er

Secondary Datacenter

MBX-B

CAS-Pri

MBX-D

CAS-Sec HT2010

MBX-CMBX-A

HT2010

DAG1

Outlook Outlook

DAG1FSW

Active Active

Active/Active User Distribution

Prim

ary D

atac

ente

r Secondary Datacenter

MBX-B

CAS-Pri

MBX-D

CAS-Sec HT2010

MBX-CMBX-A

HT2010

DAG1

Outlook Outlook

DAG1FSW

MBX-F MBX-HMBX-GMBX-E

DAG2

DAG2FSW

Active

ActivePassive

Passive

Active/Active User Distribution

Exchange Server 2010 High Availability

Design Principles: RPC Client Access Server Array

RPC Client Access Server Array

1 RPC CAS Array per Active Directory siteRPC CAS Array does not provide any load balancing: you need a load balancer

FQDN of the RPC CAS Array must resolve internally to a load-balanced virtual IP address in DNS

RPCClientAccessServer is a property of Mailbox databaseIf database was created before array, then it is set to random CAS FQDN (or local machine if role co-location)If database is created after array, then it is set to the array FQDNConfigure pre-existing databases to use RPC CAS Array

Set-MailboxDatabase -RPCClientAccessServer

Exchange Server 2010 High Availability

Design Principles: Storage

2 HA Copies (Total)

3+ HA Copies (Total)

2+ HA Copies / Datacenter

1 Lagged Copy

2+ Lagged Copies / Datacenter

Server in Primary Datacenter RAID RAID or JBOD RAID or JBOD RAID RAID or JBOD

Servers in Secondary Datacenter RAID RAID RAID or JBOD RAID RAID or JBOD

Storage

Host each copy of a database on isolated storageDeployment on RAID or JBOD will be based on several factors

CostHardwareNumber and type of copiesDatacenter topology

Exchange Server 2010 High Availability

Design Principles: Network

Network

Complete redundancy is preferred but not requiredMust have < 500 ms round-trip return latency between DAG membersReplication is always from source to target

If you have multiple passive copies in a remote datacenter, you will have multiple log streams from the active (one to each passive)

Network

DAGs include compression for log shippingControllable setting for the DAGControlled at subnet level (default is inter-subnet)MSIT sees 30% compressionAmount will vary for each customer based on message traffic

SP1 adds Continuous Replication Block ModeReduces the exposure of data loss on failure by replicating to passive copies all logs writes in parallel to them being locally persistedOnly active when replication is up-to-date in terms of copying complete logs

Network

If using iSCSI storage, configure DAG and cluster to ignore iSCSI networksSet-DatabaseAvailabilityGroupNetwork -Identity <DAG Network Name> -ReplicationEnabled:$false -IgnoreNetwork:$true

Block cross-network communication to minimize heartbeat traffic

Blocked

Allowed

Subnet 3

Subnet 4Subnet 2

Subnet 1

M M M M

R R R R

Exchange Server 2010 High Availability

Design Principles: DAG Member Policies

Policies

Database Copy Automatic Activation PolicyConfigured with Set-MailboxServer

Blocked – no automatic activationIntrasiteOnly – activation within site only; blocks cross-site failoverUnrestricted – normal mode, no restrictions

Policies

Maximum Active DatabasesConfigured with Set-MailboxServerWhole number value that specifies the maximum number of active database copies on the serverOnce maximum is reached, no other databases can be activated on server

Related Content

UCC402 - Exchange 2010 High Availability Deep Dive

Resources

Exchange Team Bloghttp://aka.ms/EHLO

Exchange 2010 Documentation Libraryhttp://aka.ms/Ex2010Docs

Feedback

Your feedback is very important! Please complete an evaluation form!

Thank you!

Questions?

UCC305Scott Schnoll

Principal Technical Writerscott.schnoll@microsoft.comhttp://blogs.technet.com/scottschnollTwitter: @schnoll

You can ask me questions at the “Ask the Expert” zone:November 10, 2011 12:30 – 13:30