Exchange server 2013Storage | High Availability | Site ResilienceOctober 2013

StorageDatabases per volumeAutoreseedSelf-recovery behaviorsLagged copy innovations

High availabilityManaged availabilityDatabase failover changesBest copy selection changesDAG network innovations

Site resilience

Agendahttp://aka.ms/E15HATechEdAUhttp://aka.ms/E15HATechEdNZhttp://aka.ms/E15HATechDaysNLhttp://aka.ms/E15HATechEdNAhttp://aka.ms/E15HATechEdEU

2

DAG architectureMSExchangeReplMSExchangeDAGMgmtClusterCrimson Channel

Witness server placement

Dynamic quorum

DAG member maintenance

Agenda

3

DAG architecture

DAG replication serviceIntroduced in Exchange 2007 RTMMicrosoft exchange replication service | MSExchangeReplMSExchangeRepl.exeRuns on all Mailbox servers (not just DAG members)Communicates with Active Directory and other DAG members

Includes 16 componentsActive Directory lookup Replay RPC server wrapper TPR API manager

Copy status lookup Remote data provider wrapper Support API manager

Replay core manager VssWriter Server locator manager

Seed manager Active manager Health state tracker

Autoreseed manager Active manager RPC server wrapper

Disk reclaimer manager Failure item manager

5

Introduced in RTM CU2Microsoft Exchange DAG management service | MSExchangeDagMgmtMSExchangeDagMgmt.exeRuns on all Mailbox servers (not just DAG members)Communicates with Active Directory and other DAG members

Includes 4 componentsActive Directory lookupCopy status lookupMonitoringTracer instance

DAG management service

6

Writes events to same place as replication serviceMicrosoft Exchange DAG management service | MSExchangeDagMgmtMSExchangeDagMgmt.exeRuns on all mailbox servers (not just DAG members)Communicates with Active Directory and other DAG members

Created for two primary reasons:Active Directory lookupCopy status lookup

As we refactor more, other functions will move to this serviceAutoReseedDisk reclaimerDynamic replay lag playdownFuture AutoDAG copy layout and mobility features

DAG management service

7

Introduced in NT Server enterprise edition (1997)Cluster Service | ClusSvcClussvc.exe

Exchange DAGs use several cluster componentsQuorumMembership and node managementNetworks and heartbeatingCluster registry

Cluster service

8

Quorum is required in order to mount databases

Quorum is based on votes, not membership

Voting can be riggedVotes can be taken away manually or dynamically

Exchange manages quorum model, not quorumExchange management of quorum model based on nodes, not votesRemoving votes requires manual configuration of quorum modelExchange will make incorrect quorum model management decisions if votes are manually removed at the cluster level

Cluster service

9

Active manager stores database / server information in the cluster registry for DAG membersRegistry changes are replicated immediately to all DAG members

Stored information is used as part of BCSS

Cluster registry

10

IsEntryExist?True*ActiveServer?ex2*LastMountedServer?ex2*LastMountedTime?2013-07-15T22:29:39*MountStatus?Mounted*IsAdminDismounted?False*IsAutomaticActionsAllowed?True*

ActiveServerName of the server where the database is currently mounted or is expected to be mounted when mount operations complete

LastMountServerThe name of the server where the database was last successfully mounted

LastMountedTimeThe date and time stamp of the last time the database was mounted

Cluster registry

11

IsEntryExist?True*ActiveServer?ex2*LastMountedServer?ex2*LastMountedTime?2013-07-15T22:29:39*MountStatus?Mounted*IsAdminDismounted?False*IsAutomaticActionsAllowed?True*

MountStatusThe current mount status for the databasePossible values are mounted / dismounted

IsAdminDismountedDesignates whether the current dismounted status of the database is the result of administrator actionPossible values are true / false

IsAutomaticActionsAllowedDesignates whether the database can be automatically activated by AMPossible values are true / false

Cluster registry

12

Applications andslogsArea of Windows Server event log used by applications for logging and internal communicationThese logs store events from a single application or component rather than events that might have system-wide impactThis is referred to as an application's crimson channel

Exchange 2013 has multiple channelsActiveMonitoringHighAvailabilityMailboxDatabaseFailureItemsManagedAvailabilityPushNotificationsTroubleshooters

Crimson channel

13

Crimson channel

14

Witness server placement

Basic guidance for placement of witness server in Exchange 2010“We recommend that you use a Hub Transport server running on Microsoft Exchange Server 2010 in the Active Directory site containing the DAG. This allows the witness server and directory to remain under the control of an Exchange administrator.”

“If your DAG is extended to multiple datacenters, we recommend deploying the witness server in the datacenter that is considered to be the primary datacenter.”

Witness server placement

16

Exchange 2013 guidance more complicated due to new options introduced by architectural changes

Exchange 2013 includes support for new DAG configuration options that are not recommended or possible in previous versions of ExchangeA third location, such as a third physical datacenter or branch office

Witness server placement

17

Ultimately, the placement of a DAG’s witness server depends on business requirements and the options available to the organization

Witness server placement

Deployment scenario

Recommendations

Single DAG deployed in a single datacenter Locate witness server in the same datacenter as DAG members

Single DAG deployed across two datacenters; no additional locations available

Locate witness server in primary datacenter

Multiple DAGs deployed in a single datacenter

Locate witness server in the same datacenter as DAG members. Additional options include:Using the same witness server for multiple DAGsUsing a DAG member to act as a witness server for a different DAG

Multiple DAGs deployed across two datacenters

Locate witness server in the same datacenter as DAG members. Additional options include:Using the same witness server for multiple DAGsUsing a DAG member to act as a witness server for a different DAG

Single or Multiple DAGs deployed across more than two datacenters

Locate the witness server in the datacenter where you want the majority of quorum votes to exist

18

If the organization has a third location, then the DAG’s witness server can be deployed there for automatic siteThe witness server location must have network infrastructure and connectivity that is isolated from network failures that affect the two datacenters with Exchange

For all DAGs, the availability of the witness server should be on the Exchange administrator’s radar

Witness server placement

19

Azure is not supported for use as a Witness Server for Exchange DAGs

Investigation into using Azure to host witness server ran into dead endAzure does not yet support the required underlying network configuration to enable an Azure file server VM to act as a witness server

More info at http://aka.ms/DAGAzure

Witness server placement

20

Dynamic quorum

Windows Server 2012 Cluster (and later) feature

Cluster quorum majority is determined by the set of nodes that are active members of the cluster at a given time

This is an important distinction from the cluster quorum in Windows Server 2008 R2, where the quorum majority is fixed, based on the initial cluster configuration

Enabled for all clusters by default

Dynamic quorum

22

Cluster dynamically manages the vote assignment to nodes, based on the state of each nodeWhen a node shuts down or crashes, the node loses its quorum voteWhen a node successfully rejoins the cluster, it regains its quorum voteBy dynamically adjusting the assignment of quorum votes, the cluster can increase or decrease the number of quorum votes that are required to keep runningThis enables the cluster to maintain availability during sequential node failures or shutdowns

Dynamic quorum

23

With dynamic quorum management, it is also possible for a cluster to run on the last surviving cluster nodeBy dynamically adjusting the quorum majority requirement, the cluster can sustain sequential node shutdowns to a single nodeThis is referred to as “Last Man Standing” scenario

Dynamic quorum

24

Dynamic quorum management does not allow the cluster to sustain a simultaneous failure of a majority of voting members

To continue running, the cluster must always have a quorum majority at the time of a node shutdown or failure

If you explicitly remove the vote of a node, the cluster cannot dynamically add or remove that vote

Dynamic quorum

25

Dynamic quorumDQ = 7

Dynamic quorumDQ = 4

XX

X

Dynamic quorumDQ = 3

XX

XX

Dynamic quorumDQ = 2

XX

XXX

Use Get-ClusterNode to verify DynamicWeight common property of Node0 = does not have quorum vote1 = has quorum vote

Get-ClusterNode <Name> | ft name, *weight, state

Vote assignment for all cluster nodes can be verified by using the Validate Cluster Quorum test

Dynamic quorum

Name DynamicWeight NodeWeight State---- ------------- ---------- -----EX1 1 1 Up

30

Dynamic quorum does not change quorum requirements for DAGs

Dynamic quorum does work with DAGs

All internal DAG testing is performed with dynamic quorum enabled

Dynamic quorum is enabled in Office 365 for DAG members on Windows Server 2012

Exchange is not dynamic quorum-aware

Dynamic quorum and DAGs

31

Cluster team guidance on dynamic quorum:“Selecting this option generally increases the availability of the cluster. By default the option is enabled, and it is strongly recommended to not disable this option. This option allows the cluster to continue running in failure scenarios that are not possible when this option is disabled.”

Exchange team guidance on dynamic quorum:Leave it enabled for majority of DAG membersDon’t factor it into availability plansThe advantage is that, in some cases where 2008 R2 would have lost quorum, 2012 can maintain quorum; this only applies to a few cases, and should not be relied upon when planning a DAG

Dynamic quorum and DAGs

32

DAG member maintenance

Basic guidance for DAG member maintenance in Exchange 2010Run StartDagServerMaintenance.ps1 to put DAG member in maintenance modePerform the maintenance (e.g., install the update rollup)Run StopDagServerMaintenance.ps1 to take DAG member out of maintenance mode and put it back into productionOptionally rebalance the DAG by using RedistributeActiveDatabases.ps1

DAG member maintenance

34

DAG member maintenanceExchange 2013 guidance more complicated due to Managed Availability

Go into maintenance modeSet-ServerComponentState <Server> -Component HubTransport -State Draining -Requester MaintenanceSet-ServerComponentState <Server> -Component UMCallRouter –State Draining –Requestor MaintenanceRedirect-Message -Server <Server> -Target <FQDNTarget>Suspend-ClusterNode <Server>Set-MailboxServer <Server> -DatabaseCopyActivationDisabledAndMoveNow $TrueSet-MailboxServer <Server> -DatabaseCopyAutoActivationPolicy BlockedSet-ServerComponentState <Server> -Component ServerWideOffline -State Inactive -Requester Maintenance

Verify production modeGet-ServerComponentState <Server> | ft Component,State -AutosizeGet-MailboxServer <Server> | ft DatabaseCopy* -AutosizeGet-ClusterNode <Server> | flGet-Queue

DAG member maintenanceExchange 2013 guidance more complicated due to Managed Availability

Go into maintenance modeSet-ServerComponentState <Server> -Component ServerWideOffline -State Active -Requester MaintenanceSet-ServerComponentState <Server> -Component UMCallRouter –State Active –Requestor MaintenanceResume-ClusterNode <Server>Set-MailboxServer <Server> -DatabaseCopyActivationDisabledAndMoveNow $FalseSet-MailboxServer <Server> -DatabaseCopyAutoActivationPolicy UnrestrictedSet-ServerComponentState <Server> -Component HubTransport -State Active -Requester Maintenance

Verify production modeGet-ServerComponentState <Server> | ft Component,State -AutosizeGet-MailboxServer <Server> | ft DatabaseCopy* -AutosizeGet-ClusterNode <Server> | flGet-Queue

Q&A

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.