Exchange Server 2013Architecture Deep Dive, Part 1Scott SchnollPrincipal Technical WriterMicrosoft Corporation

Agenda

Exchange Server EvolutionArchitecture ChangesClient Access Server Role

Exchange: Past, Present and Future

C C C H H H

L7 LB

2010

• Separate HA solution per role

• Introduction of the DAG

• Support for Hybrid deployments

CAS HT

MBX MBX

2007

• Separate roles for deployment & segmentation

• Support cheaper storage

Ex Ex

SAN

Ex Ex

2000/2003

• Role differentiation through manual configuration

• Backups and hardware solutions for “reliability”

?

Previous Server Role Architecture

5 server roles

Tightly-coupledin terms ofversioningfunctionalityuser partitioninggeo-affinity

Internal Network Phone system (PBX

or VOIP)

Web browser

Outlook (remote

user)

Mobile phone

Line of business application

Outlook (local user)

Layer 7 LB

ExternalSMTP

servers

Forefront Online

Protection for Exchange

E H

UM

C

Challenges with Legacy Model

Exchange deployments can be complicatedLoad balancing is difficult and can require expensive solutionsWhen dedicated server roles are deployed, hardware can go unutilized or under-utilizedToo many namespaces required

Evolution of Server Roles

Evolution of Server Roles

7

E C H U M

Exchange 2010

C

Client Access Server Role

Thin, stateless (protocol session) server that includes:Client access protocols (HTTP, POP, IMAP)SMTP proxyUM call routerExchange-aware proxy serverUnderstands requests from client protocolsSupports proxy and redirection logic for client protocols

Mailbox Server Role

Server that processes, renders and stores Exchange dataIncludes components previously found in separate roles (CAS, Hub, UM)Connectivity to user’s mailbox is always provided by the protocol stack on the Mailbox server hosting the active database copy

CAS Array

DAG

Evolution of Server Roles

10

E M

Exchange 2010

C MC

MC

Architectural Changes

Exchange 2013 Architectural ThemeUse Building Blocks to facilitate deployments at all scales – from self-hosted, small organizations to Office 365• Server role evolution• Network layer improvements• Versioning and inter-op principles

Exchange 2013 Architecture BenefitsHardware efficiencyDeployment simplicityCross-version inter-opFailure isolation

Protocols, Server Agents

Business Logic

Storage

EWS

RPC CA

Transport

Assistants

MRSMRSProx

y

EWS

RPC CA

Transport

Assistants

MRSMRSProx

y

Server1 (Vn) Server2 (Vn+1)

XSOMailIte

m

Other APIs

CTS

Store

ESE

Contentindex

File system

XSOMailIte

m

Other APIsCTS

Store

ESE

Contentindex

File system

SMTP

MRS proxyprotocol

EWS protocol

Custom WS

Banned

Exchange 2013 Tenet: Every Server is an Island

E2010

Functional Differences

AuthN, Proxy, Re-direct

Protocols, API, Biz-logic

Assistants, Store, CI

Exchange 2010Architecture

AuthN, Proxy, Re-direct

Store, CI

Protocols, Assistants, API,

Biz-logic

Exchange 2013Architecture

Client Access

Mailbox

Client AccessHub Transport,

Unified Messaging

Mailbox

L4 LB

L7 LB

Client Access Server Role

Client Access Server Role

Domain-joined machine in the internal Active Directory forestThin, stateless (protocol session) server

Comprised of three components:Client access protocols (HTTP, IMAP, POP)SMTPUM Call Router

Exchange-aware proxy serverUnderstands requests from different protocols (OWA, EWS, etc.)Contains logic to route specific protocol requests to their destination end-pointSupports proxy and redirection logic for client protocolsCapable of supporting legacy servers with redirect or proxy logic

Client Access Array

A group of CAS organized in a load-balanced configuration

Designed to work with TCP affinity (aka, layer 4 LB)Does not require application-level session affinity (aka, layer 7 LB)

Provides a unified namespace and authenticationSimilar to Exchange 2010 in terms of providing a unified endpoint for client connectivity and authentication

Outlook Connectivity Changes

Exchange 2013 supports RPC/HTTP only; No RPC/TCPBenefits• Simplifies the protocol stack• Provides an extremely reliable and stable connectivity model• RPC session is always on Mailbox server hosting active copy• Eliminates need for RPC CAS Array and RPC CAS Array

namespace(s)• Eliminates end user interruptions like “The Exchange

administrator has made a change that requires you to quit and restart Outlook” during mailbox moves or *overs

Load Balancer

MDB

HTTP Proxy

IISClient Acces

s

RPC CA

Mailbox

IIS

RPS OWA, EAS, EWS, ECP, OAB

POP, IMAP SMTP UM

POP IMAP

Transport UM

SMTPPOP, IMAPHTTP

MailQ

Client Protocol Flow in Exchange 2013

RpcProxy

SMTP

SIP

Redirect

SIP + RTP

POP/IMAPOutlook Web App Outlook EAS EAC PowerShell

Namespace Simplification

No longer requires multiple namespaces for site resilient solutions or site-specific scenariosEasy to setup a single, worldwide client access namespaceCan be used in coexistence with Exchange 2010

Sue (somewhere in

NA) DNS Resolution

DAG

VIP #1 VIP #2

Sue (traveling in APAC)DNS Resolution via Geo-

DNSRound-Robin between # of VIPs

DAG

VIP #3 VIP #4

mail.contoso.com

Round-Robin between # of VIPs

Single Common Namespace

Split DNS

Outlook supports only a single RPC Proxy endpointIf Outlook Anywhere is allowed on the Internet, this may have internal Outlook clients connect to the external firewall for connectivity

Use split DNS to ensure that internal Outlook clients follow internal pathwayForces internal clients to use internal IPForces external clients to use external IP

Third-Party MAPI Products

Need to use RPC/HTTP to connect to CAS 2013Exchange 2013 is the last release to support a MAPI/CDO downloadMust move to Exchange Web ServicesMAPI/CDO download updated to include support for RPC/HTTPWill require third-party application configuration

either by programmatically editing a dynamic MAPI profile;or by setting registry keys

Legacy environments can continue to use RPC/TCP

Front End Transport Service

Front End Transport Service

Handles all inbound and outbound external SMTP traffic for the organization, as well as client endpoint for SMTP trafficDoes not replace the Edge Transport Server roleFunctions as a layer 7 proxy and has full access to protocol conversationDoes not queue mail locally, and is statelessIf enabled, all outbound traffic appears to come from CAS 2013Listens on TCP25 and TCP587 (two receive connectors)

Front End Transport Service

Network protection – centralized, load-balanced egress/ingress point for the organization

Mailbox locator – avoids unnecessary hops by determining the best MBX 2013 to deliver the message

Front End Transport Service

Front End Transport service

SMTP ReceiveProtocol Agents

SMTP to MBX 2013SMTP from MBX 2013

External SMTP External SMTP

Hub Selector

SMTP Send

Inbound | Outbound Mail Flow

Inbound Mail Flow

1. FET accepts initial SMTP connection

2. After DATA command is issued, FET determines the next destination for the recipients in the message

3. FET starts the SMTP proxy session to the appropriate destination

Outbound Mail Flow

1. MBX 2013 determines if mail recipient is a remote destination and selects a FET within local site when the FrontEndProxyEnabled parameter on Send Connector is set to $true

2. MBX 2013 connects to FET and initiates SMTP conversation

3. FET proxies outbound connection to appropriate destination

Entry Point Routing

FET uses delivery groups: DAG, mailbox, AD siteBifurcation does not occur on FET, so only one DAG or Mailbox server is selected, regardless of the number of recipients in a messageServer selection within the delivery group is based on recipient type• If message only has a single mailbox recipient, select MBX

server within delivery group based on proximity of AD site• If multiple mailbox recipients, select MBX server in closest

delivery group, factoring in site proximity• If there are no mailbox recipients (DG, MEUs, etc.), select a

random MBX 2013, giving preference to local AD site

Summary

New CAS architecture• Simplifies the network layer• Removes need for RPC CAS Array and RPC CAS Array

Namespace• Provides deployment flexibility

New Front End Transport Service• Provides centralized, load-balanced egress/ingress point for

the organization and for client/application SMTP submissions• Avoids unnecessary hops by determining the best place to

deliver the message

Questions?

Scott SchnollPrincipal Technical Writerscott.schnoll@microsoft.comhttp://aka.ms/schnoll

schnoll