UCC305
Exchange Server 2010High Availability Design
Scott [email protected] Technical WriterMicrosoft Corporation
Agenda
Example designsSizingActive DirectoryNamespacesCertificatesUser Distribution ModelsStorageNetworkDatabase Availability Group (DAG) Member Policies
3
DAG Design Examples
Two–member DAGSmallest possible DAG that can provide high availabilityBest-suited for small organizations that need high availability, but not site resilienceEnables redundancy of all roles with only two Exchange servers (can be Standard Edition of Exchange)Will require third server (witness)Will require non-WNLB solution
DAG Design Examples
Four-member DAG (single site)
Provides greater availability than a 2 or 3-member DAGCan deploy enough copies to
Use Exchange Native Data ProtectionUse JBOD instead of RAIDDeploy lagged database copies
DAG Design Examples
Seven-member, multi-site DAGProvides greater availability by adding voting-only Mailbox serversBecause more voters are available, more servers can be lost while still maintaining quorum
Sizing Database Availability Groups
The larger the DAG…the better the resiliency, as larger DAGs continue to provide as much service as they can after more failures, based on the configurationthe better efficiency of the hardware, as you can more evenly distribute the active load across all members
For server count, consider a multiple of the number of database copies you are deploying
For example 3 copies and 3 or 6 servers, 4 copies and 4 or 8 servers, etc.
Sizing Database Availability Groups
Question: How many DAGs should I deploy?Answer: It depends
You will need to deploy multiple DAGsIf you need more than 16 serversIf you are deploying across multiple domainsIf you need to separate administration of DAGs
You may also need multiple DAGs depending on your site resilience architecture
Active Directory
Follow Active Directory guidance for Active Directory site definition
http://aka.ms/nyd3h5
Site assignment controls the association of Client Access and Hub Transport to Mailbox
CAS/HUB service local Mailbox servers, “mostly”
Namespaces
When planning for site resilience, each datacenter needs to be considered active
Exchange Server 2010 site resilience requires active Client Access and Hub Transport in each datacenter containing Mailbox server
These services are used by databases that undergo a cross-site *over
Namespaces
Each datacenter is considered activeEach datacenter needs the following namespaces
OWA/OA/EWS/EAS namespacePOP/IMAP namespaceRPC Client Access Server Array namespaceSMTP namespace
One datacenter will maintain Autodiscover namespaceNew in SP1 – FailbackURL namespace
Namespaces
Use Split DNS for Exchange hostnames used by clients
Minimizes number of needed hostnamesmail.contoso.com for Exchange connectivity on intranet and Internetmail.contoso.com has different IP addresses in intranet/Internet DNS
Moscow
CAS HT
MBX
St. Petersburg
HT CAS
ADAD MBX
Internal DNSMail.contoso.comPop.contoso.comImap.contoso.comAutodiscover.contoso.comSmtp.contoso.comOutlook.contoso.com
Internal DNSMail.sp.contoso.comPop.sp.contoso.comImap.sp.contoso.comSmtp.sp.contoso.comOutlook.sp.contoso.com
ExternalURL = mail.sp.contoso.com
CAS Array = outlook.sp.contoso.com
OA endpoint = mail.sp.contoso.com
ExternalURL =mail.contoso.com
CAS Array =outlook.contoso.com
OA endpoint =mail.contoso.com
External DNSMail.sp.contoso.comPop.sp.contoso.comImap.sp.contoso.comSmtp.sp.contoso.com
External DNSMail.contoso.comPop.contoso.comImap.contoso.comAutodiscover.contoso.comSmtp.contoso.com
Namespaces
Certificates
Minimize the number of certificates by using 1 certificate forAll Client Access, Edge Transport, Hub Transport and reverse proxy servers
Use Subject Alternative Name (SAN) certificate to cover multiple hostnamesIf leveraging a certificate per datacenter, then ensure that the Certificate Principal Name is the same on all certificates
Outlook Anywhere won’t connect if the Principal Name on the certificate does not match the value configured in msstd:
Set-OutlookProvider EXPR -CertPrincipalName msstd:mail.contoso.com
User Distribution Models
Active/Passive user distribution modelDatabase copies deployed in the secondary datacenter, but no active mailboxes are hosted there
Active/Active user distribution modelUser population dispersed across both datacenters with each datacenter being the primary datacenter for its specific user population
Prim
ary
Data
cent
er
Secondary Datacenter
MBX-B
CAS-Pri
MBX-D
CAS-Sec HT2010
MBX-CMBX-A
HT2010
DAG1
Outlook Outlook
DAG1FSW
Active Active
Active/Active User Distribution
Prim
ary D
atac
ente
r Secondary Datacenter
MBX-B
CAS-Pri
MBX-D
CAS-Sec HT2010
MBX-CMBX-A
HT2010
DAG1
Outlook Outlook
DAG1FSW
MBX-F MBX-HMBX-GMBX-E
DAG2
DAG2FSW
Active
ActivePassive
Passive
Active/Active User Distribution
RPC Client Access Server Array
1 RPC CAS Array per Active Directory siteRPC CAS Array does not provide any load balancing: you need a load balancer
FQDN of the RPC CAS Array must resolve internally to a load-balanced virtual IP address in DNS
RPCClientAccessServer is a property of Mailbox databaseIf database was created before array, then it is set to random CAS FQDN (or local machine if role co-location)If database is created after array, then it is set to the array FQDNConfigure pre-existing databases to use RPC CAS Array
Set-MailboxDatabase -RPCClientAccessServer
2 HA Copies (Total)
3+ HA Copies (Total)
2+ HA Copies / Datacenter
1 Lagged Copy
2+ Lagged Copies / Datacenter
Server in Primary Datacenter RAID RAID or JBOD RAID or JBOD RAID RAID or JBOD
Servers in Secondary Datacenter RAID RAID RAID or JBOD RAID RAID or JBOD
Storage
Host each copy of a database on isolated storageDeployment on RAID or JBOD will be based on several factors
CostHardwareNumber and type of copiesDatacenter topology
Network
Complete redundancy is preferred but not requiredMust have < 500 ms round-trip return latency between DAG membersReplication is always from source to target
If you have multiple passive copies in a remote datacenter, you will have multiple log streams from the active (one to each passive)
Network
DAGs include compression for log shippingControllable setting for the DAGControlled at subnet level (default is inter-subnet)MSIT sees 30% compressionAmount will vary for each customer based on message traffic
SP1 adds Continuous Replication Block ModeReduces the exposure of data loss on failure by replicating to passive copies all logs writes in parallel to them being locally persistedOnly active when replication is up-to-date in terms of copying complete logs
Network
If using iSCSI storage, configure DAG and cluster to ignore iSCSI networksSet-DatabaseAvailabilityGroupNetwork -Identity <DAG Network Name> -ReplicationEnabled:$false -IgnoreNetwork:$true
Block cross-network communication to minimize heartbeat traffic
Blocked
Allowed
Subnet 3
Subnet 4Subnet 2
Subnet 1
M M M M
R R R R
Policies
Database Copy Automatic Activation PolicyConfigured with Set-MailboxServer
Blocked – no automatic activationIntrasiteOnly – activation within site only; blocks cross-site failoverUnrestricted – normal mode, no restrictions
Policies
Maximum Active DatabasesConfigured with Set-MailboxServerWhole number value that specifies the maximum number of active database copies on the serverOnce maximum is reached, no other databases can be activated on server
Resources
Exchange Team Bloghttp://aka.ms/EHLO
Exchange 2010 Documentation Libraryhttp://aka.ms/Ex2010Docs
Questions?
UCC305Scott Schnoll
Principal Technical [email protected]://blogs.technet.com/scottschnollTwitter: @schnoll
You can ask me questions at the “Ask the Expert” zone:November 10, 2011 12:30 – 13:30
Top Related