Upload
judith-ford
View
222
Download
2
Tags:
Embed Size (px)
Citation preview
High Availability in
Scott SchnollPrincipal Technical WriterMicrosoft CorporationSession Code: UNC3
Agenda
Exchange 2010 High Availability Vision/GoalsExchange 2010 High Availability FeaturesExchange 2010 High Availability Deep DiveDeploying Exchange 2010 High Availability FeaturesTransitioning to Exchange 2010 High AvailabilityHigh Availability Design Examples
Exchange 2010 High Availability Vision/Goals
Exchange 2010 High Availability Vision and Goals
Vision: Deliver a fast, easy-to-deploy and operate, economical solution that can provide messaging service continuity for all customersGoals
Deliver a native solution for high availability/site resilienceEnable less expensive and less complex storageSimplify administration and reduce support costsIncrease end-to-end availabilitySupport Exchange Server 2010 OnlineSupport large mailboxes at low cost
Exchange 2010 High Availability Solution
Unified technology for high availability and site resilienceNew framework for creating highly available MailboxesEvolution of continuous replication technologyCan be deployed on a range of storage optionsNative to Exchange; not bolted onto the side
DB1
Front End Server
NodeB(passive)
Outlook OWA, ActiveSync, or Outlook Anywhere
San Jose
Dallas
Standby Cluster
Third-party data replication needed for site resilience
Complex site resilience and recovery
Clustering knowledge required
DB2
DB3
DB4
DB5
DB6
Failover at Mailbox server level
DB1
DB2
DB3Clustered Mailbox Server had to be created manually
Exchange Server 2003
NodeA(active)
DB1
Client Access Server
NodeB(passive)
SCROutlook OWA, ActiveSync, or Outlook Anywhere
San Jose
Dallas
Standby Cluster
No GUI to manage SCR
Complex activation for remote server / datacenter
Clustering knowledge required
DB2
DB3
DB4
DB5
DB6
DB1
DB2
DB3
DB4
DB5
DB6
Failover at Mailbox server level
DB1
DB2
DB3Clustered Mailbox Server can’t co-exist with other roles
Exchange Server 2007
NodeA(active) CCR
DB2
DB3
DB2
DB3
DB4
DB4
DB5
Client Access Server
Mailbox Server 1
Mailbox Server 2
Mailbox Server 3
Mailbox Server 6
Mailbox Server 4
Dallas
San Jose
Mailbox Server 5
DB5
DB2
DB3
DB4
DB5DB1
DB1DB1
DB1
Failover managed by/with Exchange
Database level failover
Easy to extend across sites
All clients connect via CAS servers DB3
DB5
DB1
Client
Exchange Server 2010
Exchange 2010 High Availability Features
Exchange 2010 High Availability Terminology
High Availability – Solution must provide data availability, service availability, and automatic recovery from failuresDisaster Recovery – Process used to manually recover from a failureSite Resilience – Disaster recovery solution used for recovery from site failure*over – Short for switchover/failover; a switchover is a manual activation of one or more databases; a failover is an automatic activation of one or more databases after a failure
Exchange 2010 High Availability Feature Names
Mailbox Resiliency – Name of Unified High Availability and Site Resilience SolutionDatabase Mobility – The ability of a single mailbox database to be replicated to and mounted on other mailbox serversIncremental Deployment – The ability to deploy high availability /site resilience after Exchange is installedExchange Third Party Replication API – An Exchange-provided API that enables use of third-party replication for a DAG in lieu of continuous replication
Exchange 2010 High Availability Feature Names
Database Availability Group – A group of up to 16 Mailbox servers that host a set of replicated databasesMailbox Database Copy – A mailbox database (.edb file and logs) that is either active or passiveRPC Client Access service – A Client Access server feature that provides a MAPI endpoint for Outlook clientsShadow Redundancy – A transport feature that provides redundancy for messages for the entire time they are in transit
Exchange 2010 *overs
Within a datacenterDatabase or server *overs
Datacenter level: switchoverBetween datacenters
Database or server *oversAssumptions:
Each datacenter is a separate Active Directory siteEach datacenter has live, active messaging servicesStandby datacenter must be active to support single database *over
Exchange 2007 Concepts Brought Forward
Extensible Storage Engine (ESE)Databases and log files
Continuous ReplicationLog shipping and replayDatabase seedingStore service/Replication serviceDatabase health and status monitoringDivergenceAutomatic database mount behavior
Concepts of quorum and witnessConcepts of *overs
Exchange 2010 Deprecated Concepts
Storage GroupsDatabases identified by the server on which they liveServer names as part of database namesClustered Mailbox Servers
Pre-installing a Windows Failover ClusterRunning Setup in Clustered ModeMoving a CMS network identity between serversShared Storage
Two HA Copy LimitsPrivate and Public Networks
Exchange 2010 High Availability Deep Dive
Exchange 2010 HA Fundamentals
Database Availability GroupServerDatabaseDatabase CopyActive ManagerRPC Client Access
DAG
copy copy
AM
SVR
copy copy
AM
SVR
DB DB
RPC CAS
RPC CAS
Database Availability Group (DAG)
Base component of high availability and site resilienceA group of up to 16 servers that host a set of replicated databases“Wraps” a Windows Failover Cluster
Manages membership (DAG member = node)Provides heartbeat of DAG member serversActive Manager stores data in cluster database
Defines a boundary for:Mailbox database replicationDatabase and server *oversActive Manager
Active Manager
Exchange component that manages *oversRuns on every server in the DAGSelects best available copy on failoversIs the definitive source of information on where a database is active
Stores this information in cluster databaseProvides this information to other Exchange components (e.g., RPC Client Access and Hub Transport)
Two Active Manager roles: PAM and SAMActive Manager client runs on CAS and Hub
Active Manager
Primary Active Manager (PAM)Runs on the node that owns the cluster groupGets topology change notificationsReacts to server failuresSelects the best database copy on *overs
Standby Active Manager (SAM)Runs on every other node in the DAGResponds to queries about which server hosts the active copy of the mailbox database
Both roles are necessary for automatic recoveryIf Replication service is stopped, automatic recovery will not happen
Active ManagerSelection of Active Database Copy
Active Manager selects the “best” copy to become active when existing active fails1. Ignores servers that are unreachable or activation is
temporarily or regularly blocked2. Sorts copies by currency to minimize data loss3. Breaks ties during sort based on Activation Preference4. Selects from sorted listed based on copy status of each copy
Active ManagerSelection of Active Database Copy
Active Manager selects the “best” copy to become active when existing active fails
Catalog HealthyCopy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
CopyQueueLength < 10ReplayQueueLength < 50
Catalog CrawlingCopy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
CopyQueueLength < 10ReplayQueueLength < 50
Catalog HealthyCopy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
ReplayQueueLength < 50
Catalog CrawlingCopy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
ReplayQueueLength < 50
5Copy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
ReplayQueueLength < 50
6Catalog HealthyCopy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
CopyQueueLength < 10
7Catalog CrawlingCopy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
CopyQueueLength < 10
8Catalog HealthyCopy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
9Catalog CrawlingCopy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
10Copy status Healthy, DisconnectedAndHealthy,
DisconnectedAndResynchronizing, orSeedingSource
Example: Database Failover
Database failure occursFailure item is raisedActive Manager moves active databaseDatabase copy is restoredSimilar flow within and across datacenters
DB2
DB3
DB2
DB3
DB4
DB4
DB5
Mailbox Server
1
Mailbox Server
2
Mailbox Server
3
Mailbox Server
4
Mailbox Server
5
DB5
DB2
DB3
DB4
DB5DB1
DB1
DB1
DAG
Example: Server FailoverServer failure occursCluster notification of node downActive Manager moves active databasesServer is restoredCluster notification of node upDatabase copies resynchronize with active databasesSimilar flow within and across datacenters
DB2
DB3
DB2
DB3
DB4
DB4
DB5
Mailbox Server
1
Mailbox Server
2
Mailbox Server
3
Mailbox Server
4
Mailbox Server
5
DB5
DB2
DB3
DB4
DB5DB1
DB1
DB1
DAG
DAG Lifecycle
DAG is created initially as empty object in Active Directory
Continuous replication or 3rd party replication using Third Party Replication modeDAG is given a name and one or more IP addresses (or configured to use DHCP)
When first Mailbox server is added to a DAGA Windows failover cluster is formed with a Node Majority quorum using the name of the DAG The server is added to the DAG object in Active DirectoryA cluster network object (CNO) for the DAG is created in the built-in Computers containerThe Name and IP address of the DAG is registered in DNSThe cluster database for the DAG is updated with info on configured databases, including if they are locally active (which they should be)
DAG Lifecycle
When second and subsequent Mailbox server is added to a DAG
The server is joined to cluster for the DAGThe quorum model is automatically adjusted
Node Majority - DAGs with odd number of membersNode and File Share Majority - DAGs with even number of membersFile share witness cluster resource, directory, and share are automatically created by Exchange when needed
The server is added to the DAG object in Active DirectoryThe cluster database for the DAG is updated with info on configured databases, including if they are locally active (which they should be)
DAG Lifecycle
After servers have been added to a DAGConfigure the DAG
Network EncryptionNetwork Compression
Configure DAG networksNetwork subnetsEnable/disable MAPI traffic/replication
Create mailbox database copiesSeeding is performed automatically
Monitor health and status of database copiesPerform switchovers as needed
DAG Lifecycle
Before you can remove a server from a DAG, you must first remove all replicated databases from the serverWhen a server is removed from a DAG:
The server is evicted from the clusterThe cluster quorum is adjusted as neededThe server is removed from the DAG object in Active Directory
Before you can remove a DAG, you must first remove all servers from the DAG
Deploying Exchange 2010 HA Features
Deploying Exchange 2010 HA Features
Legacy Deployment Steps (CCR/SCC)
1. Prepare hardware, install proper OS, and update
Extra for SCC: configure storage2. Build Windows Failover Cluster
Extra for SCC: configure storage3. Configure cluster quorum, file share
witness, and public and private networks
4. Run Setup in Custom mode and install clustered mailbox server
5. Configure clustered mailbox serverExtra for SCC: configure disk resource
dependencies6. Test *overs
Legacy Deployment Steps (CCR/SCC) Exchange 2010 Incremental Deployment
1. Prepare hardware, install proper OS, and update
Extra for SCC: configure storage2. Build Windows Failover Cluster
Extra for SCC: configure storage3. Configure cluster quorum, file share
witness, and public and private networks
4. Run Setup in Custom mode and install clustered mailbox server
5. Configure clustered mailbox serverExtra for SCC: configure disk resource
dependencies6. Test *overs
1. Prepare hardware, install proper OS, and update
2. Run Setup and install Mailbox role3. Create a DAG and replicate databases4. Test *overs
Exchange 2010 Incremental Deployment (Beta)
Create a DAGNew-DatabaseAvailabilityGroup -Name DAG1 -FileShareWitnessShare \\EXHUB1\DAG1FSW -FileShareWitnessDirectory C:\DAG1FSW
Add first Mailbox Server to DAGAdd-DatabaseAvailbilityGroupServer -Identity DAG1 -MailboxServer EXMBX1 -DatabaseAvailablityGroupIpAddresses 10.0.0.8
Add second and subsequent Mailbox ServerAdd-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EXMBX2
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EXMBX2 -DatabaseAvailablityGroupIpAddresses 10.0.0.8,10.0.1.8
Add Mailbox Database CopyAdd-MailboxDatabaseCopy -Identity MBXDB1 -MailboxServer EXMBX3
Extend as needed
Exchange 2010 Incremental Deployment (Post-Beta)
Create a DAGNew-DatabaseAvailabilityGroup -Name DAG1 –WitnessServer EXHUB1 -WitnessDirectory C:\DAG1FSW -DatabaseAvailablityGroupIpAddresses 10.0.0.8
Add first Mailbox Server to DAGAdd-DatabaseAvailbilityGroupServer -Identity DAG1 -MailboxServer EXMBX1
Add second and subsequent Mailbox ServerAdd-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EXMBX2
Add a Mailbox Database CopyAdd-MailboxDatabaseCopy -Identity MBXDB1 -MailboxServer EXMBX3
Extend as needed
Transitioning to Exchange 2010 High Availability
Transition Steps
Verify that you meet requirements for Exchange 2010Deploy Exchange 2010Use Exchange 2010 mailbox move features to migrateUnsupported Transitions
In-place upgrade to Exchange 2010 from any previous version of ExchangeUsing database portability between Exchange 2010 and non-Exchange 2010 databasesBackup and restore of earlier versions of Exchange databases on Exchange 2010Using continuous replication between Exchange 2010 and Exchange 2007
Exchange Server 2010 High Availability Design Examples
Member servers of DAG can host other server roles
8 processor cores recommended with a maximum of 64GB RAM
UM role not recommended for co-location
2-server DAGs should use RAID
Client AccessHub
TransportMailbox
Client AccessHub
TransportMailbox
Hardware Load Balancer
DB1
DB2
DB3
DB2
DB1
DB2
DB3
High Availability Design ExampleBranch/Small Office Design
Single Site
3 HA Copies
Database Availability Group
DB1 DB2 DB3
DB5 DB6
DB1 DB2 DB3
DB4 DB5 DB6
DB1 DB2 DB3
DB4 DB5 DB6DB4
MailboxServer 1
MailboxServer 2
MailboxServer 3
3 Nodes
X
CAS NLB Farm
AD: Dublin
XJBOD -> 3 physical Copies
2 servers out -> manual activation of server 3
In 3 server DAG, quorum is lostDAGs with more servers sustain more failures – greater resiliency
High Availability Design ExampleDouble Resilience – Maintenance + DB Failure
• Single Site• 4 Nodes• 3 HA Copies• JBOD -> 3 physical Copies
Database Availability Group (DAG)
DB2 DB3
DB5DB4
DB7 DB8 DB1
DB2 DB3 DB4
MailboxServer 1
DB5 DB6 DB7
DB8 DB1 DB2
MailboxServer 2
MailboxServer 3
X
CAS NLB Farm
AD: Dublin
DB3 DB4 DB5
DB6 DB7 DB8
MailboxServer 4
DB1 XDB6
• Upgrade server 1• Server 2 fails• Server 1 upgrade is done• 2 active copies die
High Availability Design ExampleDouble Node/Disk Failure Resilience
DAG Design Considerations
1 DAG with 4 or more servers provides better availability than multiple DAGs each with 3 or fewer serversReasons for multiple DAGs
Require separate DAG-level admin ownershipNeed more than 16 mailbox serversSeparate domains – A DAG is bounded by the domain
DAG Design Considerations
Site Resilient DeploymentsStretched DAG’s primary site is the site containing majority
Witness server or majority of nodesSeparate DAGs needed when users are affiliated with a specific site
For example:DAG1 for Redmond users and DAG1 stretches to Dublin siteDAG2 for Dublin users and DAG2 stretches to Redmond site
Key Takeaways
Greater end-to-end availability with Mailbox ResiliencyUnified framework for high availability and site resilienceFaster and easier to deploy with Incremental DeploymentReduced TCO with core ESE architecture changes and more storage optionsSupports large mailboxes for less money
question & answer
Win!LifeCam Show
Ultra-Thin Mobile DesignWorld-Class High Definition Optics
Question:What protocol is used for log shipping in Exchange 2007? What protocol is used for log shipping in Exchange 2010?
Please attend other business productivity sessionsOffice and SharePoint track (OFC)Unified Communications (UNC)
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learningMicrosoft Certification and Training Resources
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
Related ContentBreakout Sessions (session codes and titles)•UNC308 - Microsoft Exchange Server 2010 Architecture•UNC310 - Microsoft Exchange Server 2010 Transition and Deployment •UNC312 - Storage in Microsoft Exchange Server 2010•UNC311 - Unified Messaging in Microsoft Exchange Server 2010•UNC309 - Microsoft Exchange Server 2010 Management Tools•UNC307 - Archiving and Retention in Microsoft Exchange Server 2010
Interactive Theater Sessions (session codes and titles)•UNC12H - Microsoft Exchange Server 2010 High Availability and Storage Scenarios•UNC13H - Microsoft Exchange Server 2010 Server Management Tools•UNC14H - Microsoft Exchange Server 2010 Setup and Deployment
Whiteboard Sessions (session codes and titles)•WTB304 - Designing Microsoft Exchange Server 2010 High Availability Solutions
Exchange Deployment Planning Serviceshttp://www.microsoft.com/licensing/software-assurance/packaged-services.aspx
announcing
Take Advantage of EDPS to get your Deployment Going
Microsoft Software Assurance BenefitStructured engagement to help guide your organization through the deployment planning Review new Microsoft Exchange product featuresBest Practice SharingHelp to create comprehensive deployment and implementation plans3, 5, 10, or 15—as determined by your Software Assurance coverage
Track Resources
Exchange Server 2010 Documentationhttp://technet.microsoft.com/library/bb124558(EXCHG.140).aspx
Read Exchange Team Blog Postshttp://msexchangeteam.com/archive/category/11164.aspx
Participate in Exchange Server 2010 Forumshttp://social.technet.microsoft.com/Forums/en-US/exchange2010/threads
Communications Server 2007 R2 Documentationhttp://technet.microsoft.com/en-us/library/dd440724(office.13).aspx
Read Communications Server Team Blog Postshttp://communicationsserverteam.com/
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.