View
4.090
Download
3
Embed Size (px)
DESCRIPTION
More info on http://techdays.be.
Citation preview
Exchange Server 2013Architecture Deep Dive, Part 1Scott SchnollPrincipal Technical WriterMicrosoft Corporation
Agenda
Exchange Server EvolutionArchitecture ChangesClient Access Server Role
Exchange: Past, Present and Future
C C C H H H
L7 LB
2010
• Separate HA solution per role
• Introduction of the DAG
• Support for Hybrid deployments
CAS HT
MBX MBX
2007
• Separate roles for deployment & segmentation
• Support cheaper storage
Ex Ex
SAN
Ex Ex
2000/2003
• Role differentiation through manual configuration
• Backups and hardware solutions for “reliability”
?
Previous Server Role Architecture
5 server roles
Tightly-coupledin terms ofversioningfunctionalityuser partitioninggeo-affinity
Internal Network Phone system (PBX
or VOIP)
Web browser
Outlook (remote
user)
Mobile phone
Line of business application
Outlook (local user)
Layer 7 LB
ExternalSMTP
servers
Forefront Online
Protection for Exchange
E H
UM
C
Challenges with Legacy Model
Exchange deployments can be complicatedLoad balancing is difficult and can require expensive solutionsWhen dedicated server roles are deployed, hardware can go unutilized or under-utilizedToo many namespaces required
Evolution of Server Roles
Evolution of Server Roles
7
E C H U M
Exchange 2010
C
Client Access Server Role
Thin, stateless (protocol session) server that includes:Client access protocols (HTTP, POP, IMAP)SMTP proxyUM call routerExchange-aware proxy serverUnderstands requests from client protocolsSupports proxy and redirection logic for client protocols
Mailbox Server Role
Server that processes, renders and stores Exchange dataIncludes components previously found in separate roles (CAS, Hub, UM)Connectivity to user’s mailbox is always provided by the protocol stack on the Mailbox server hosting the active database copy
CAS Array
DAG
Evolution of Server Roles
10
E M
Exchange 2010
C MC
MC
Architectural Changes
Exchange 2013 Architectural ThemeUse Building Blocks to facilitate deployments at all scales – from self-hosted, small organizations to Office 365• Server role evolution• Network layer improvements• Versioning and inter-op principles
Exchange 2013 Architecture BenefitsHardware efficiencyDeployment simplicityCross-version inter-opFailure isolation
Protocols, Server Agents
Business Logic
Storage
EWS
RPC CA
Transport
Assistants
MRSMRSProx
y
EWS
RPC CA
Transport
Assistants
MRSMRSProx
y
Server1 (Vn) Server2 (Vn+1)
XSOMailIte
m
Other APIs
CTS
Store
ESE
Contentindex
File system
XSOMailIte
m
Other APIsCTS
Store
ESE
Contentindex
File system
SMTP
MRS proxyprotocol
EWS protocol
Custom WS
Banned
Exchange 2013 Tenet: Every Server is an Island
E2010
Functional Differences
AuthN, Proxy, Re-direct
Protocols, API, Biz-logic
Assistants, Store, CI
Exchange 2010Architecture
AuthN, Proxy, Re-direct
Store, CI
Protocols, Assistants, API,
Biz-logic
Exchange 2013Architecture
Client Access
Mailbox
Client AccessHub Transport,
Unified Messaging
Mailbox
L4 LB
L7 LB
Client Access Server Role
Client Access Server Role
Domain-joined machine in the internal Active Directory forestThin, stateless (protocol session) server
Comprised of three components:Client access protocols (HTTP, IMAP, POP)SMTPUM Call Router
Exchange-aware proxy serverUnderstands requests from different protocols (OWA, EWS, etc.)Contains logic to route specific protocol requests to their destination end-pointSupports proxy and redirection logic for client protocolsCapable of supporting legacy servers with redirect or proxy logic
Client Access Array
A group of CAS organized in a load-balanced configuration
Designed to work with TCP affinity (aka, layer 4 LB)Does not require application-level session affinity (aka, layer 7 LB)
Provides a unified namespace and authenticationSimilar to Exchange 2010 in terms of providing a unified endpoint for client connectivity and authentication
Outlook Connectivity Changes
Exchange 2013 supports RPC/HTTP only; No RPC/TCPBenefits• Simplifies the protocol stack• Provides an extremely reliable and stable connectivity model• RPC session is always on Mailbox server hosting active copy• Eliminates need for RPC CAS Array and RPC CAS Array
namespace(s)• Eliminates end user interruptions like “The Exchange
administrator has made a change that requires you to quit and restart Outlook” during mailbox moves or *overs
Load Balancer
MDB
HTTP Proxy
IISClient Acces
s
RPC CA
Mailbox
IIS
RPS OWA, EAS, EWS, ECP, OAB
POP, IMAP SMTP UM
POP IMAP
Transport UM
SMTPPOP, IMAPHTTP
MailQ
Client Protocol Flow in Exchange 2013
RpcProxy
SMTP
SIP
Redirect
SIP + RTP
POP/IMAPOutlook Web App Outlook EAS EAC PowerShell
Namespace Simplification
No longer requires multiple namespaces for site resilient solutions or site-specific scenariosEasy to setup a single, worldwide client access namespaceCan be used in coexistence with Exchange 2010
Sue (somewhere in
NA) DNS Resolution
DAG
VIP #1 VIP #2
Sue (traveling in APAC)DNS Resolution via Geo-
DNSRound-Robin between # of VIPs
DAG
VIP #3 VIP #4
mail.contoso.com
Round-Robin between # of VIPs
Single Common Namespace
Split DNS
Outlook supports only a single RPC Proxy endpointIf Outlook Anywhere is allowed on the Internet, this may have internal Outlook clients connect to the external firewall for connectivity
Use split DNS to ensure that internal Outlook clients follow internal pathwayForces internal clients to use internal IPForces external clients to use external IP
Third-Party MAPI Products
Need to use RPC/HTTP to connect to CAS 2013Exchange 2013 is the last release to support a MAPI/CDO downloadMust move to Exchange Web ServicesMAPI/CDO download updated to include support for RPC/HTTPWill require third-party application configuration
either by programmatically editing a dynamic MAPI profile;or by setting registry keys
Legacy environments can continue to use RPC/TCP
Front End Transport Service
Front End Transport Service
Handles all inbound and outbound external SMTP traffic for the organization, as well as client endpoint for SMTP trafficDoes not replace the Edge Transport Server roleFunctions as a layer 7 proxy and has full access to protocol conversationDoes not queue mail locally, and is statelessIf enabled, all outbound traffic appears to come from CAS 2013Listens on TCP25 and TCP587 (two receive connectors)
Front End Transport Service
Network protection – centralized, load-balanced egress/ingress point for the organization
Mailbox locator – avoids unnecessary hops by determining the best MBX 2013 to deliver the message
Front End Transport Service
Front End Transport service
SMTP ReceiveProtocol Agents
SMTP to MBX 2013SMTP from MBX 2013
External SMTP External SMTP
Hub Selector
SMTP Send
Inbound | Outbound Mail Flow
Inbound Mail Flow
1. FET accepts initial SMTP connection
2. After DATA command is issued, FET determines the next destination for the recipients in the message
3. FET starts the SMTP proxy session to the appropriate destination
Outbound Mail Flow
1. MBX 2013 determines if mail recipient is a remote destination and selects a FET within local site when the FrontEndProxyEnabled parameter on Send Connector is set to $true
2. MBX 2013 connects to FET and initiates SMTP conversation
3. FET proxies outbound connection to appropriate destination
Entry Point Routing
FET uses delivery groups: DAG, mailbox, AD siteBifurcation does not occur on FET, so only one DAG or Mailbox server is selected, regardless of the number of recipients in a messageServer selection within the delivery group is based on recipient type• If message only has a single mailbox recipient, select MBX
server within delivery group based on proximity of AD site• If multiple mailbox recipients, select MBX server in closest
delivery group, factoring in site proximity• If there are no mailbox recipients (DG, MEUs, etc.), select a
random MBX 2013, giving preference to local AD site
Summary
New CAS architecture• Simplifies the network layer• Removes need for RPC CAS Array and RPC CAS Array
Namespace• Provides deployment flexibility
New Front End Transport Service• Provides centralized, load-balanced egress/ingress point for
the organization and for client/application SMTP submissions• Avoids unnecessary hops by determining the best place to
deliver the message