Ross Smith IVPrincipal Program ManagerMicrosoft Corporation

Exchange 2013 Architecture

ARC302

AgendaFundamentalsClient ConnectivityNamespace Planning & PrinciplesPreferred Architecture

Exchange 2013 Fundamentals

Exchange 2013 Server Role Architecture

AD

Web

browserOutlook

(remote user)

Mobile

phone

Line of business applicationOutlook (local

user)

External

SMTPservers

Exchange Online

Protection

Enterprise Network

Phone system (PBX

or VOIP)

Edge TransportRouting and AV/AS

2 Building BlocksClient Access Array• Evolution of E2010 CAS Array• SMTP Front-End

Database Availability Group• Evolution of E2010 DAG• Includes core server protocols

Loosely coupled• Functionality• Versioning• User partitioning• Geo affinity

Layer

4LB

CAS

CAS

CAS

CAS

CAS

CAS Array

MBX

MBX

MBX

MBX

MBX

DAG

E2010Banned

Server1 (Vn) Server2 (Vn+1)

Protocols, Server Agents

EWS

RPC CA

Transport

Assistants

MRS MRSProxy

Transport

Assistants

EWS

RPC CA

MRS MRSProxy

Business Logic

XSO Mail Item

Other APICTS

XSO Mail Item

Other APICTS

StorageStore

Content index

File systemESE

StoreContent index

File systemESE

SMTP

MRS proxy protocol

EWS protocol

Custom WS

Every Server is an Island

CAS

For a given mailbox’s connectivity, the protocol being used is always served by the protocol instance that is local to the active database copy

Each CAS determines the right end point for the traffic, and so all sessions – regardless of where they started – end up in the same place

This means that the rendering for clients like OWA occurs on the Mailbox server, Transport transcoding is occurring on the Mailbox server, etc.

User

DAG1

MBX-A MBX-B

The key to enlightenment…

What is the Client Access server role?CAS2013 is comprised of three components:

Client protocols (HTTP, IMAP, POP)SMTPUM Call Router

Thin, stateless (protocol session) servers organized in a load balanced configuration

Session affinity NOT required at the load balancer

Provides a unified namespace and authentication for clientsWhere the logic “lives” to route a specific protocol request to the “correct” destination end point

Capable of supporting legacy servers with redirect or proxy logic

Is a domain-joined machine in the corporate forest

What is the Mailbox server role?A server that hosts all the components that process, render and store the data Clients do not connect directly to MBX2013 servers; connectivity is through CAS2013Evolution of E2010 DAG

Collection of servers that form a HA unitDatabases are replicated between servers in a given DAGServers can be in different locations, for site resiliencyMaximum of 16 Mailbox servers100 database copies / server

MBX1

MBX2

MBX16

Exchange IOPS Trend

DB IOPS/Mailbox

Exchange 2003 Exchange 2007 Exchange 2010 Exchange 2013

1

0.8

0.6

0.4

0.2

0

+93% reduction!

8KB Page Size

STM Removed

Store Quaranti

ne

10GB Mailboxe

s

Elimination of Partial B+

Merges

Cache Warming on

Passive

Log Roll

32KB Page Size

Message properties stored as

blobs

Per-Database Process

Fast Failover

TBA Store Maintenance

Lost Write Detection

Cache Maintained after

Recovery

100GB Mailboxes

Database Compressi

on

1 Million Items / Folder

Managed Store

Lost Log Resilience

Page Dependency

Removal

Online Page Zeroing

Per-Mailbox Tables

100MB Checkpoint Depth on

Passive Copies

Lagged Copy Enhancements

OS Upgrade Support

128MB Extent Size

Optimized for 7.2K RPM Disks

100 Databases / Server

Hung IO and Bluescreen

Support

Gap Coalescing

Smooth IO Writes

Incremental Resync

Improved Async Read Capability

Support for 231 log

generations

1GB Mailboxes

64-bit architecture

Standby Continuous Replication

20,000 Items / Folder

ESE & Store ImprovementsLog checksum recovery from

single-bit errors

50 Databases /

server

Database Cache Compression

Improved IO

Coalescing

Continuous Replication

Parallel Mounting

Database Space Allocation Hints

Multiple Databases / JBOD Disk

Lazy View Update

Changes

Lazy Indexes

Online Database Checksum

1MB Log Files

100MB Checkpoint Depth on

Active Copies

Version Store Improvements

1:1 Read:Write Ratio

Physical Contiguity Store Schema Changes

Tuned Maintenanc

e Writes

Single Page Restore

100,000 Items / Folder

JBOD Support

Database Cache Priority

B+ Tree Defrag

BDM for Active and Passives

Pre-read Keys

2010No more

deferred content conversion

2007

AutoReseed

2013

What is the Edge Transport server role?Handles all Internet-facing mail flow

Can be installed in a perimeter network

Does not have to be joined to a domain

Utilizes EdgeSync process to provide one-way replication of recipient and configuration information

FET is bypassed unless roles are co-located

No longer has built-in antivirus components, but does contain anti-spam capabilities

Command-line management only

External

SMTPservers

EOP

Edge Transport

Servers

MailboxServers

AD

EdgeSync

TCP 50636

Mail flow

Client AccessServers

MDB

Transport

MBX Transport

Front-End Transport

2 Recipients

DAG

CAS

MBX

Transport Architecture

MDB

Transport

MBX Transport

Front-End Transport

CAS

MBX

Every DAG represents a transport HA boundaryTransport site resilience is provided by spanning DAGs across Active Directory sites

Every message is redundantly persisted before its receipt is acknowledged to the senderDelivered messages are kept redundant in transport similar to active messages

Known as Safety NetTime-based preservation of data

Transport ArchitectureHigh Availability

Monitoring and recovery infrastructure is integrated with Exchange’s high availability solutionDetects and recovers from problems as they occur and are discoveredIs user focused – if you can’t measure it, you cannot monitor it

Managed AvailabilityThe brains behind the operation

—OWA send—OWA failure—OWA failure detected —OWA recycle AppPool —OWA recycle complete —OWA verified as healthy —OWA send—OWA failure—OWA failure detected —OWA recycle AppPool —OWA recycle AppPool failed—Failover server’s databases—OWA service restarts—OWA verified as healthy —Server becomes “good” failover target (again)

LB CAS-1

CAS-2

DAG

MBX-1

DB1 DB2

MBX-2

OWA

DB1 DB2

MBX-3

OWA DB1 DB2

OWA

OWA

OWA

OWA

DB1

DB1

Managed Availability + RetriesS**t breaks but the Experience does not

Client Connectivity

CAS2013

MBX2013

RPC CA

IIS

RPS OWA, EAS, EWS, ECP, OAB

POP IMAP

Transport UM

RpcProxy

MDB MailQ

HTTP Proxy

IISPOPIMAP

SMTP UM

TelephonyIMAP SMTP

OWA EAS EACOutlook PowerShell

Load Balancer

HTTP POPIMAP

SMTP

Redirect

SIP +

RTP

CAS2013 Client Protocol Architecture

Exchange 2013 does not support RPC/TCP connectivityWhat are the benefits?

Does not require a “RPC CAS array namespace” for the DAGNo longer have to worry about “The Exchange administrator has made a change that requires you to quit and restart Outlook” during mailbox moves or *over eventsExtremely reliable and stable connectivity model – the RPC session is always on the MBX2013 server hosting the active database copy

What changes?RPC end point for Outlook client is now a GUID (and SMTP suffix)Support for internal and external Outlook Anywhere namespaces

Outlook Connectivity – RPC/HTTPOutlook Anywhere is in

Outlook RPC/HTTP Connections

CAS2013

MBX2013

RPC CA

IIS

HTTP Proxy

IIS

LB

HTTP

MDB

HTTPSRPC_DATA_IN

HTTPSRPC_DATA_OUT

HTTPSRPC_DATA_IN

HTTPSRPC_DATA_OUT

HTTPSRPC_DATA_IN

HTTPSRPC_DATA_OUT

RpcProxy

HTTP

RPC

MAPI

Double-wrapped for your protection!

Outlook

Outlook Connectivity – MAPI/HTTPOutlook Anywhere is on the way out

What is it?New connectivity mechanism

No longer uses intermediary RPC components (on client or server)ROPs are still used, just sent to Exchange directly over HTTP

Advertised via AutodiscoverClient advertises support and server returns configuration settings

Disabled by default

RequiresExchange 2013 SP1 (or later)Exchange 2013 mailboxOutlook 2013 SP1 (or later)Client restart

Why?Provides more reliable connection

80% of users connect in 5s or less82% of users resume from hibernate sync times of 30s or less73% of users take 30s or less to start synchronization from bootStandard HTTP pattern instead of two long-lived HTTP connections

Removes RPC stack dependency

Better diagnosticsHeader information

Common authentication scheme across protocol stack

Outlook MAPI/HTTP Connections

CAS2013

MBX2013

HTTP Proxy

IIS

LB

HTTP

MDB

HTTPSReq/Response

HTTPSReq/Response

HTTPSReq/Response

HTTPSHanging Notification

HTTP

MAPI

Single-wrapped for your enjoyment!Outlook

IIS

MAPI HTTP Handler

MBX2013

CAS2013

Load Balancer

HTTP Proxy

IIS

DB

Protocol Head

HTTP

MBX2007

CAS2007

Load Balancer

IIS

DB

Middle Tier Layer

OWA Legacy Redirect Request

MBX2007

DB

Cross-Site OWA Proxy Request

CAS2007

IIS

Middle Tier Layer

CAS2013 Client Protocol Connectivity FlowExchange 2007 Coexistence

Outlook Anywhere Proxy RequestActiveSync Proxy Request

Site

B

ou

nd

ary

MBX2013

CAS2013

Load Balancer

HTTP Proxy

IIS

DB

Protocol Head

HTTP

Legacy Proxy Request

MBX2010

DB

Cross-Site Legacy Proxy Request

CAS2010

IIS

Middle Tier Layer

CAS2013 Client Protocol Connectivity FlowExchange 2010 Coexistence

Load Balancer

Cross-Site OWA Redirect Request

Site

B

ou

nd

ary

MBX2010

CAS2010

Load Balancer

DB

Middle Tier Layer

IIS

MBX

CAS

Load Balancer

HTTP Proxy

IIS

DB

Protocol Head

Local Proxy Request

HTTP

HTTP

Site

B

ou

nd

ary

MBX

CAS

Load Balancer

HTTP Proxy

IIS

DB

Protocol Head

HTTP

OWA Cross-Site Redirect Request

HTTP

MBX

DB

Protocol Head

HTTP

Cross-Site Proxy Request

HTTP

Site

B

ou

nd

ary

CAS

HTTP Proxy

IIS

CAS2013 Client Protocol Connectivity FlowEnd State

Namespace Planning & Principles

Exchange 2013 no longer needs all the namespaces that Exchange 2010 requiredTwo namespace models you can deploy

Bound ModelUnbound Model

Can still deploy regional namespaces to control trafficCan still have specific namespaces for protocolsLeverage split-DNS to minimize namespaces and control connectivity

Deploy separate namespaces for internal and external Outlook Anywhere host names

Namespace Planning

Sue (somewhere in

NA) DNS Resolution

DAG1

mail VIP mail2 VIP

mail.contoso.com

mail2.contoso.com

DAG2

Jane(somewhere in

NA)DNS Resolution

Passive

Active

Active

Passive

Bound Model

Round-Robin between # of VIPs

Sue (somewhere in

NA) DNS Resolution

DAG

VIP #1 VIP #2

mail.contoso.com

Unbound Model

Exchange 2013 no longer requires session affinity at the load balancing layer

For a given protocol session, CAS now maintains a 1:1 relationship with the Mailbox server hosting the user’s data

Remember to configure health probes to monitor healthcheck.htm, otherwise LB and MA will be out of syncLoad balancer configuration and health probes will factor into namespace design

Load Balancing

CAS

OWA

ECP

EWS

EAS

OAB

MAPI

RPC

AutoD

Single Namespace / Layer 4

autodiscover.contoso.com

User

Layer

4LB

mail.contoso.com

health check

CAS

OWA

ECP

EWS

EAS

OAB

MAPI

RPC

AutoD

Single Namespace / Layer 7

autodiscover.contoso.com

User

Layer

7LB

mail.contoso.com

health check

Health check executes against each virtual directory

mapi.contoso.com

User

Layer

4LB

mail.contoso.com

ecp.contoso.com

ews.contoso.com

eas.contoso.com

oab.contoso.com

oa.contoso.com

CAS

OWA

ECP

EWS

EAS

OAB

MAPI

RPC

AutoD

autodiscover.contoso.com

Multiple Namespaces / Layer 4

Generalist IT admin

Those with increased network flexibility

Those who want to maximize

server availability

+ Simple, fast, no affinity LB+ Single, unified namespace+ Minimal networking skillset

- Per Server Availability

+ Per protocol availability+ Single, unified namespace

- SSL termination @ LB- Requires increase networking skillset

+ Simple, fast, no affinity LB+ Per protocol availability

- One namespace per app protocol- One VIP per protocol

SimplicityFunctionality

Wh

o’s

it

for?

Trad

e-O

ffs

Exchange Load Balancing Options

The Preferred ArchitectureThe on-premises architecture we want you to deploy

Preferred ArchitectureNamespace Design

For a site resilient datacenter pair, a single namespace / protocol is deployed across both datacenters

autodiscover.contoso.comHTTP: mail.contoso.comIMAP: imap.contoso.comSMTP: smtp.contoso.com

Load balancers are configured without session affinity, one VIP / datacenter

Round-robin, geo-DNS, or other solutions are used to distribute traffic equally across both datacenters

mail VIP

mail VIP

Preferred ArchitectureDAG Design

Each datacenter should be its own Active Directory site

Deploy unbound DAG model spanning each DAG across two datacenters

Distribute active copies across all servers in the DAG

Deploy 4 copies, 2 copies in each datacenter

One copy will be a lagged copy (7 days) with automatic play down enabled

Native Data Protection is utilized

Single network for replication and client traffic

Utilize a third datacenter for Witness server placement, if possible

Increase DAG size density before creating new DAGs

DAG

mail VIP

mail VIP

Witness Server

Preferred ArchitectureServer Design

Multi-role servers deployed on commodity hardware

JBOD storage utilizing large capacity 7.2K SAS disks

Multiple databases / volume

AutoReseed with hot spare

DAG

mail VIP

Large Mailboxes for the win!Large Mailbox Size 100GB+

Aggregate Mailbox = Primary Mailbox + Archive Mailbox + Recoverable Items1-2 years of mail (minimum)1 million items / folder

Increased knowledge worker productivity

Eliminate or reduce PST reliance

Eliminate or reduce third-party archive solutions

Outlook 2013 allows you to control OST size!

Gives more options around mailbox deployments

Time ItemsMailbox

Size

1 Day 150 11 MB

1 Month 3300 242 MB

1 Year 39000 2.8 GB

2 Years 78000 5.6 GB

4 Years 156000 11.2 GB

Selina(somewhere in

NA)DNS Resolution

DAG

na VIP na VIP

Batman(somewhere in Europe)

DNS Resolution

DAG

eur VIP

eur VIP

Preferred Architecture

na.contoso.comeur.contoso.com

New building block architecture provides flexibility in load balancing, namespace planning and high availabilityTake advantage of large, low-cost mailboxes by utilizing large capacity 7.2K RPM disksSimpler is better!

Summary

1. Go to the Pre-Release Programs Booth

2. Tell us about your Office 365 environment/or on premises plans

3. Get selected to be in a program

4. Try new features first and give us feedback!

Start now at:http://prereleaseprograms-public.sharepoint.com/

Pre-Release Programs TeamBe first in line!

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.