Scott Schnoll Microsoft...
Transcript of Scott Schnoll Microsoft...
Agenda
Discuss the topology changes introduced in Exchange Server 2010
Client Access
Transport
Mailbox
Exchange 2010 Enterprise Topology
Enterprise Network
ExternalSMTP
servers
MailboxStorage of mailbox and public folder
items
Edge TransportRouting & AV/AS
Unified MessagingVoice mail & voice access
Phone system (PBX or VOIP)
Client AccessClient connectivity
Web services
Hub TransportRouting & Policy
Web browser
Outlook (remote user)
Mobile phone
Outlook (local user)
Line of business application
Consolidation of Store Access PathsM
idd
leTi
er
Exchange Biz Logic
Mai
lbo
x MAPI RPC
Store
Exchange Components
OWA
SyncUM
Transport Agents
Mailbox Agents
WS
Entourage
Outlook / MAPI clients
DAV
Mid
dle
Tier
MAPI, RFR &
NSPI RPC
Exchange Core Biz Logic
ExchangeBiz Logic
Mai
lbo
x
MAPI RPC
Store
Exchange Components
OWA
SyncUM
Transport Agents
Mailbox Agents
WS
Outlook / MAPI clients
Entourage
Client AccessThe middle tier
CAS is true middle tier with new services and functionality designed to restrict all Outlook data access to a single common path by migrating Mailbox and Directory endpoints to CAS
Outlook data connections go to RPC Client Access service on CAS instead of connecting directly to mailbox servers
Address Book service on CAS replaces the DSProxy interface
Public folder connections connect directly to the Mailbox server, but through RPC Client Access service on backend
MBX
Exchange CAS Array
Outlook Clients
GC
Client AccessHow RPC Client Access service improves experience
Provides a better client experience during switchovers/failoversWhen a MBX server fails over, Outlook client will only see ~30 sec disconnection, as compared to 1-TTL min before
Uses the same business logic for Outlook and other CAS clientsCalendar logging + fix up
Content/body conversion
Greatly simplifies AD topology requirements for Outlook
Supports more concurrent connections/mailboxes per Mailbox server
Reduces code and client logic in Exchange Store process for increased reliability
Client AccessHow directory referral connections work1. Outlook calls get Address Book
server API
2. CAS queries Active Directorya. Mailbox location (AD site)
b. Mailbox version
c. RpcClientAccessServer property of mailbox database
3. CAS tells Outlook which CAS or CAS array should be used for directory requests
4. Outlook connects to the appropriate CAS
If mailbox is moved back to 2003/2007, CAS will redirect the client to the mailbox server so that it can provide a referral to a global catalog server
Otherwise, all legacy mailboxes will get directory referrals from mailbox server
CAS 2010
MBX 2010 GC
1
2
3
CAS 2010
MBX 2010 GC
4
AD
Sit
e 1
AD
Sit
e 2
Client AccessOutlook anywhere improvements
Outlook Anywhere clients use the Address Book service on CAS for directory-related requests
This architecture resolves the issue regarding DSProxy and split HTTP connections that are due to using SSL-ID load balancing solutions
MailboxAD
Outlook connecting with Outlook Anywhere
RPC_IN_DATA
RPCLDAP
CASRPC Client Access and Address Book services
Windows 2008+RPC/HTTP Proxy
HTTPSRPC_IN_DATA
HTTPSRPC_OUT_DATA
RPC_OUT_DATA
Client AccessWriting to the directory
New behavior ensure that Outlook can write changes to Active Directory for the following scenarios
Distribution group membership
Delegate management
Certificate management
When the Address Book service detects one of these modifications, it will utilize the appropriate cmdlet to commit the change to Active Directory based on the property tag (assuming user is scoped and authorized to make those changes)
Add/Remove-DistributionGroupMember
Set-Mailbox -PublicDelegates
Set-Mailbox -UserCertificate -UserSMIMECertificate
Exchange Server 2007
Outlook Clients
Client AccessScaling mailbox connections
MBX
60K connections / MBX server
Exchange Server 2007
MBX
60K outbound connections / CAS IP (W2K8)
CAS GC
60K outbound connections / MBX server
Outlook Anywhere Clients
Client AccessScaling mailbox connections
MBXExchange CAS NLB
# of CAS serversx 100 connections / CAS RPCCA
service/process
Outlook Clients
GCLDAP
Exchange Server 2010
Client AccessFirewall/proxy guidelines
Internet Security and Acceleration (ISA) Server 2006Kernel memory limitations imposed by the 32-bit architecture
ISA:CAS ratio 3:1 (worst case – heavy Outlook Anywhere usage)Important when you have a large percentage of your users connected via Outlook Anywhere, as the ratio of Transmission Control Protocol (TCP) connections to users is much higher than you would see for Outlook Web Access (OWA), ActiveSync, POP, or IMAP traffic
Beyond ISA 2006 … pre-release product informationForefront Unified Access Gateway (UAG)
Next-generation secure remote access product and the future version of Microsoft Intelligent Application Gateway—native 64-bit architecture
Will be tested with Exchange Server 2010
Forefront Threat Management Gateway (TMG)Next-generation network security product and the future version of Microsoft ISA Server—native 64-bit architecture
Will be tested with Exchange Server 2010
Client AccessUpgrade/deployment considerations
VersioningExchange 2010 CAS required in every Active Directory site where Exchange 2010 Mailbox is deployed
Exchange 2007 Mailbox requires Exchange 2007 CAS
Load balancingIf planning on deploying more than 8 CAS servers in a load balanced array, consider deploying hardware load balancing solution
If CAS is co-located with highly available Mailbox server, then non-Windows NLB solution is needed (e.g., hardware load balancer, ISA load balancing, or third-party software-based load balancing)
Transport RolesResiliency issues in Exchange 2007
Transport database is statefulLoss of service results in loss of mail
Transport dumpster impacts the environmentIn extreme cases, up to 200% increase in IOPS/message due to many SGs and inefficient cache usage when compared to similar scenarios without dumpster
Redelivery submission results in entire quota being redelivered and store removing duplicates
Transport RolesExchange 2010 resiliency improvements
Shadow redundancy is a new feature of transportProvides redundancy for messages for the entire time they are in transit
Transport becomes stateless
Eliminates need for RAID, which reduces 50% write I/O
Transport Dumpster ChangesDatabase replication feedback is now used to control which messages remain in transport dumpster
When message has been replicated to all database copies, message is truncated from transport dumpster
Transport dumpster size is now based on log replication latency and frequency of feedback
Transport RolesHow does shadow redundancy work?
1
2
1. Hub (shadow) delivers message to Edge1 (primary)Detects that Edge1 supports Transportredundancy through XSHADOW verbHub moves message to shadow queue and stamps Edge1 as current, primary owner
2. Edge1 (primary) receives message (becomes “primary owner”)Edge1 delivers message to next hop Edge1 updates discard status of the message indicating delivery complete to foreign MTA
Hub
Edge1 Edge2
Foreign MTA
Transport RolesHow does shadow redundancy work?
1
2
3. Success: Hub (shadow) queries Edge1 (primary) for expiry status
Hub issues XQDISCARD command (next SMTP Session),Edge1 checks local discard status and responds with list of messages considered delivered Hub deletes messages from its shadow queue
4. Failure: Hub (shadow) queries Edge1 (primary) discard status and resubmits
Hub opens SMTP session, issued XQDISCARD command (heartbeat)—if Hub can’t contact Edge1 within timeout, resubmits messages in shadow queue—resubmitted messages are delivered to Edge2 (go to #1)
43
Hub
Edge1 Edge2
Foreign MTA
Transport RolesShadow redundancy: other scenarios
For systems that do not support shadow redundancy, Exchange 2010 utilizes a delayed acknowledgement process
SMTP submission from Exchange 2003/2007, 3rd party Message Transfer Agent( MTA ) and Mail User Agent (MUA - UM, POP and IMAP clients)
250 response delayed up to 30 sec (default)
If transport server fails before ack, client resubmits
Mailbox Submission redundancy relies on copy of message in sender’s “Sent Items” folder
Mail Submission Service resubmits copy when hub doesn’t acknowledge successful delivery of message
System generated (Journal Report, NDR) are considered “side effects” of original message submission, tracked as part of original delivery status
Transport RolesExchange 2010 performance enhancements
ESE changes:ESE page size is 32 KB
ESE database page compression
Intrinsic long value record storage
ESE version store maintenance
DB cache size increased to 1 GB
Checkpoint depth increased to 512 MB
Results: With transport dumpster changes and ESE improvements, transport IOPS requirements are targeted to be reduced by more than 50%
Larger message sizes are supported without causing backpressure
Transport RolesEdge transport improvements
Better Performance for EdgeSync via Deltasync ModeUnder this mode, each time EdgeSync service only reads the delta change since last sync and updates the target accordingly
Support for safe senders and blocked senders Configurable Safe List quotas
Administrator defined blocked senders
Automatic update of Safe Sender list propagation into Active Directory
Transport RolesResilient routing for co-located HA Mailbox/Transport
Hub Transport attempts to re-route a message for a local Mailbox server to another Hub Transport server in same site if the Hub Transport server is also a DAG member and it has a copy of the mailbox database mounted locally
Mail Submission service was modified so that it would prefer to not submit messages to a local Hub Transport role when Mailbox/Hub server is a member of a DAG. The behavior is to load balance across other Hub Transport servers in same Active Directory site, and fall back to local Hub Transport server if there are no other available Hub Transport servers in the same site
Transport RolesUpgrade/deployment considerations
Shadow redundancy enables RAID-less (JBOD) solutions for mail.que database
Routing version boundary change:
Exchange 2010 Mailbox servers can only submit to Exchange 2010 Hub Transport servers and Exchange 2010 Hub Transport servers can only deliver to Exchange 2010 Mailbox servers
Exchange 2007 Mailbox servers can only submit to Exchange 2007 Hub Transport servers and Exchange 2007 Hub Transport servers can only deliver to Exchange 2007 Mailbox servers
Exchange 2010 Hub Transport servers can communicate with Exchange 2007 Hub Transport servers via SMTP (and vice versa)
For Edge, Exchange 2010 Hub Transport will become authoritative for Edgesync in the coexistence scenario
MailboxStore/ESE changes
Exchange 2007 Issues Exchange Server 2010
Exchange does many small, random input/outputs (I/Os) which inhibit the types of disks that can be used
Exchange store schema and ESE optimized for fewer large, smoother, sequential I/Os
•Store schema changes•DB I/O size improvements•Database cache effectiveness improvements•ESE optimized for new store schema
Result: Exchange 2010 reduces I/O by an additional 70% when compared to Exchange Server 2007 and is optimized for SATA class disks
Large item count per folder is an issue due to restricted views (affects large mailbox deployments)
Schema changes of the table structure and deferred index updates greatly improves restricted view performance
Result: Supports 100,000 items per folder
Outlook Personal Folder Files (PSTs) are a litigation, security, and management nightmare
New Messaging Records Management features•Item level policy settings•Archive mailbox feature for importing and storing PST data•Compliance Officer search capabilities
Result: PSTs can be removed by placing data into Exchange repository and can be searched easily
Attend UNC322 – Storage in Exchange Server 2010
MailboxHigh availability changes
Other advantagesStep up to automatic failover without rebuilding the mailbox server
Incrementally add replicated copies to meet business needs
No subnet or special DNS requirements
Single-copy cluster Cluster Continuous Replication
Exchange Server 2010High Availability
*Over granularity Server-level Server-level Database-level
Copies of data 1 2 2 to 16
*Over time ~2 min ~2 min - TTL ~30 sec
*Over management Windows Cluster Windows Cluster Exchange Server
Data replication SCR or 3rd party replication Continuous replication Continuous replication
Management tools Separate Separate Unified
Host other roles? No No Yes
Attend UNC303 – High Availability in Exchange Server 2010
MailboxUpgrade/deployment considerations
Streaming backup support has been removed
Utilize direct-attached storage (DAS) solutions to reduce costs with large mailboxes and continuous replication
Deploy Database Availability Groups (DAGs) and use replication to achieve high availability
If deploying 3 or more database copies, consider RAID-less (JBOD) storage design and combining logs and database on same spindles
Ensure unique database names across the organization
MailboxUpgrade/deployment considerations
Large mailbox support (10 GB+) enables different scenariosDeploy Office 2007 Service Pack 2 (SP2) or later
Leverage records management functionality
Scenario 1:Deploy a single mailbox to contain all data
Scenario 2:Deploy primary mailbox to support 1-2 years worth of data
Deploy archive mailboxes to allow end users to retain long-term needed data
MailboxPublic Folders
Co-existence support between Mailbox server 2010 and Mailbox server 2003/2007
Outlook can access public folder data from Exchange 2010, 2007, or 2003
OWA 2010 only gives access to public folders with replicas located on Exchange 2010
This is different from OWA 2007, which had a redirection behavior, opening up OWA 2000/2003 for public folders on older mailbox servers in separate browser windows
Get-PublicFolderStatistics now captures last user access
Unlike Exchange 2007, public folder stores can no longer be enabled for continuous replication, but you can create a public folder store on a mailbox server that resides in a DAG
Public Folder replication is your data resiliency solution
ToolsProfiling
Exchange Profile Analyzer (EPA)
Performance Monitor (Perfmon)
SizingExchange 2010 Mailbox Server Sizer (name TBD)
ValidationJetstress 2010 - http://bit.ly/2Gyg7X
Exchange Load Generator “Loadgen”
Remote Connectivity Analyzer –https://www.testexchangeconnectivity.com
MonitoringExchange 2010 Management Pack - http://bit.ly/t3DLW
Key Takeaways
Exchange Server 2010 introduces several paradigm shifts
Client connections are performed through Client Access Server role
Shadow redundancy introduces message resiliency within transport pipeline
High Availability, store, and new compliance scenarios improve data retention, resiliency, and availability
There are changes to server sizing and scalability, most notably with CAS
Level 2Room S221: UNC303 – by Scott Schnoll
Room S222: BIN05-HOL – by Microsoft Certified Trainer
Room S224 & 225: SVR203R – by Ward Ralston
Room S226 & 227: DAT213 – by Luming Han
Room S228: UNC16-HOL-E – by Microsoft Certified Trainer
Level 4Room S421: WCL268– by Chi Man Tang
Room S423: WMB202 – by Jim Tsui
Room S425: SEC354 – by Mohit Saxena
Room S427: DEV352 – by Karen Liu
Room S428: SVR14-HOL-R – by Microsoft Certified Trainer
Next Session (Day 2) – 09:30 – 10:45
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
Related Content
Breakout SessionsUNC337 - Exchange Server 2010 ArchitectureUNC312 - Exchange 2010 Upgrade and Coexistence with Exchange 2007 and 2003UNC303 - High Availability in Exchange Server 2010UNC378 - Site Resilience in Exchange Server 2010UNC322 - Storage in Exchange Server 2010UNC323 - Exchange 2010 and Hyper-V (300)
Hands-on LabsUNC16-HOL - Microsoft Exchange Server 2010 Compliance: Information Leakage Protection and ControlUNC12-HOL - Microsoft Exchange Server 2010 High Availability and Storage ScenariosUNC11-HOL - Microsoft Exchange Server 2010 Governance and ArchivingUNC15-HOL - Microsoft Exchange Server 2010 Transport Routing
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.