Exchange 2007 High Availability and Disaster Recovery by zzc95435

VIEWS: 7 PAGES: 72

									Exchange 2007 High Availability and
                y
Disaster Recovery
Dejan Foro
dejan.foro@exchangemaster.net
Sponzori
Predavač
       MCP Hall of Fame
           (1 od 6 u svijetu)
       Microsoft MVP - Exchange
               d         ij t )
           (1 od 100 u svijetu)
       14 godina u informatici
       MCP MCP+I, MCSE NT40 MCSE+I, MCSE
       MCP, MCP+I           NT40, MCSE+I
       2000, MCSE 2000:Messaging, MCSA 2003,
       MCSA 2003:Messaging, MCSE 2003, MCT
       MCP Success Stories
       Exchange User Group Croatia (suosnivač)
       Exchange User Group Europe (osnivač)
Predavač

 Kvalifikacije    temu
 K alifikacije na tem
   Iskustvo i certifikati:
     Exchange 5.5,
     Exchange 2000,
     Exchange 2003
   Oko 1,5 godina iskustva sa Exchange 2007
         , g                         g
   kroz MVP program (Exchange Titanium,
          g     ,      ,        )
   Exchange 12.., beta1, beta2..)
   Dvadesetak uspješnih disaster recoverya
Sadržaj
      j

 Uvod
 High Availability – visoka dostupnost
   Tehnološka poboljšanja u Exchange 2007 glede
   visoke dostupnosti
 Disaster recovery
   preventiva
   backupp
   restore/recovery
                            j
 Best Practices, dokumentacija, linkovi ,
 dodatni izvori
 Q&A
Izazovi današnjice
              j
     E mail
     E-mail je postao BUSINESS CRITICAL APLIKACIJA !!!
            75 % intelektualnog vlasništva tvrtke je u e-mailu
            79 % tvrtki prihvaća e-mail kao sredstvo za poslovne transakcije
            (narudžbe, potvrde o plaćanju i sl.)
            U 75 % sudskih procesa vezano za Fortune 500 kompanije e-mail je bio
            ključni dokazni materijal
     Downtime, ili čak samo kašnjenje maila može biti veliki problem
           Restore Time Obj ti
     RTO - R t       Ti                          ki               t
                          Objectives – vremenski prozor za restore sve
     manji
     Globalne tvrtke rade 24x7, prozor za backup i održavanje je sve
     manji
     Gubitak e-mail poruka je neprihvaljiv iz poslovnih i/ili zakonskih
     razloga
     Backup od sinoć više nije dovljno dobar
izvor: Symantec corporation “Redefining Exchange Server Data Protection with Symantec Backup Exec 11 d for Windows Servers”
High availability u Exchange 2003 -
“stari,
“stari klasični clustering”
Nedostatci:

            baze su                 failure
 Storage i ba e s single point of fail re
      p              p
 Kompleksan i skup hardware
 Što s mailom koji je stigao nakon zadnjeg
 backupa ?
 Replikacija i failover na “rezervnu lokaciju”
 skoro nemoguća misija
 Ovisnost o MSDTC servisu
 “Split brain” situacija
 Kompleksna restore procedura
Noviteti u Exchange 2007
                 g

 High availability
   Clustered Continuous Replication (CCR)
   Local C                       (LCR)
          Continuous Replication ( C )
   “klasični” clustering
 Disaster recovery
   Dodani disaster recovery alati u toolbox
   Baze nemaju više .STM fajlove
   unaprijeđen VSS Volume Shadow Copy
   backup – potreban 3rd party software
                     p
Cluster continuous replication - CCR
Prednosti CCR-a nad “klasičnim”
clusteringom
 Storage i baze više nisu single point of failure
 Nema potrebe za specijalnim hardwareom
 Moguć trenutni failover na node na udaljenoj
 rezervnoj lokaciji
 Nema gubitka maila od zadnjeg backupa
 Korisnici ne moraju čekati na restore
 Majority Node set qorum i witness file share
               Split Brain
 spriječavaju “Split Brain” situacije
 Backup sa passivnog noda
CCR video
Cluster Continuous Replication - CCR
                     p

 Msexchange.org
 Msexchange org
   Installing, Configuring and Testing an Exchange
                                p        (   )
   2007 Cluster Continuous Replication (CCR) Based
   Mailbox Server (part 1,2,3)
     http://www.msexchange.org/tutorials/Installing-Configuring-
     Testing Exchange 2007 Cluster Continuous Replication
     Testing-Exchange-2007-Cluster-Continuous-Replication-
     Based-Mailbox-Server-Part1.html
   Backing Up Exchange Databases via the Passive
                       Server 2007 CC C
   Node in an Exchange S           CCR Cluster
     http://www.msexchange.org/tutorials/Backing-Up-
             g
     Exchange-Databases-via-Passive-Node-Exchange-g
     Server-2007-CCR-Cluster.html
         j
Instalacija CCR clustera

- share na hub transport serveru
    • (za Majority Node Set (MNS) quorum)
- Instalacija Windows cluster
    - odabrati Majority Node Set MNS Quorum umjesto
             g
      lokalnog kvoruma
•   Konfiguracija quoruma da koristi Witness file share
•   Instalacija aktivnog Exchange 2007 mailbox noda
•   Instalacija pasivnog Exchange 2007 mailbox noda
•   Provjera failovera
“standardni” clustering
                      g

 MSExchange.org
 MSE change org
   Installing a Two Node Exchange Server
   2007 Single Copy Cluster (SCC) in a Virtual
   Server Test Environment
    http://www.msexchange.org/tutorials/Installing-
     Two-Node-Exchange-Server-2007-Single-Copy-
     Cl t Vi t l S          E i       t P t1 ht l
     Cluster-Virtual-Server-Environment-Part1.html
                   p
Local Continuous Replication
Disaster recovery
                y

 Preventiva
 Pre enti a
 Backupp
 Restore
Preventiva

 Preventiva              ori
 Pre enti a - najčešći uzori katastrofa i
 kako ih spriječiti
  j
Najčešći uzori katastrofa

1. Nepravilno konfiguriran antivirusni
1 Nepra ilno konfig riran anti ir sni
   software
2. Antivirusni software nije instaliran
3 Ljudska greška – ručno brisanje
3.
   transakcijskih logova ili baza, formatiranje
   krivog di k i sl.
   ki      diska l
4. Drugi razlozi (ispad diska, nestanak
   struje, 3rd party software, itd.)
Kako pravilno konfigurirati file system
antivirusni software

 Exclusioni            obavezno
 E cl sioni koje treba oba e no
 konfigurirati:
    Exchange direktoriji:
            g                          g
      C:\Program Files\Microsoft\Exchange Server
         Baze
         Transakcijski logovi
         Checkpoint file
         SMTP Mailroot
         MTA folder
         Folderi od connectora (Exchange 5.5 connector, Notes
         connector)
         SRS
Kako pravilno konfigurirati file system
antivirusni software (2)
 Exclusioni koje treba obavezno konfigurirati:
   M: drive (Exchange 2000), obavezno ga isključiti iz
   backupa !!!
   %SystemRoot%\System32\Inetsrv
   Radni direktorij od Exchange antivirusnog softwarea
   Radni direktorij od antispam software
   Cluster quorum fajlovi
   Direktorij u kojem radite održavanje ili popravak baza
   sa eseutil i isinteg alatima
Kako pravilno konfigurirati file system
antivirusni software (3)

         antivirus      pravilno konfiguriran:
 Ukoliko anti ir s nije pra ilno konfig riran
    Oštećenja baza, logova, checkpoint fileova
    “nestajanje” itema
    Rušenje antivirusnog softwarea za Exchange
    Oštećenje IIS metabasea
    Ošt ć j SMTP servicea
    Oštećenje            i
Kako pravilno konfigurirati file system
antivirusni software (4)

    iše detalja:
Za više detalja
Msexchange.org website:
          g      g
    How to properly configure File System
    antivirus software on Exchange Server
     http://www.msexchange.org/articles/Properly-
      Configure-file-system-antivirus-Exchange.html
            g         y                     g
Preventiva
         p
 Budite spremni – obavezno štivo
   Exchange 2003 Technical Documentation Library
      Exchange
     “Exchange server 2003 Disaster Recovery Operations
     Guide”, (240 pages, revision 12.12.2006)
      http://technet.microsoft.com/en-us/library/bb125070.aspx
     “Using Recovery Storage Groups in Exchange Server
     2003”
      http://technet microsoft com/en us/library/aa998782 aspx
      http://technet.microsoft.com/en-us/library/aa998782.aspx
     “Exchange Server Database Utility Guide”
         p                                     y            p
      http://technet.microsoft.com/en-us/library/aa996953.aspx
     Microsoft knowledge base article 182081 “Description
     of the Isinteg utility”
      http://support.microsoft.com/?kbid=182081
Preventiva

 preporuke:
 prepor ke
   Firewall, antivirus, patching
   Uključiti deleted items retention
   Isključiti circular logging
   Držati baze i logove na odvojenim diskovima
prevencija
p       j

 Preporuke:
 Prepor ke
   Barem 2 domain controllera
   Active Directory i Exchange na odvojenim
   strojevima
        j
   Isključiti write cash na SCSI controllerima
   Staviti diskove u RAID
   Održavanje – defragmentacija sa eseutilom
   Best Practices Analyzer
Deleted Items Retention
Deleted items retention
Deleted items retention - tip
                            p

                                  klj čen
 Ako je deleted items retention uključen
 korisnik može sam vratiti mailove iz svog
 deleted items foldera
 Ako koriste Shift+Delete stvari ne idu u
 deleted items folder
        klj čiti DumpsterAlwayson registry
 Ti – uključiti D
 Tip                  t Al              i t
 key
 KB article 246153
    y
“Recycle bin“ za mailboxe
                   y
Best Practices Analyzer
                   y
Best Practices Analyzer
     p
Backup
Backup - standardni problemi
     p              p

 Organizacijski
 Organi acijski
   Planiranje i kontrola
     Tko radi backup?
     Što se backupira ?
     Kontrola izvršenja backupa (da li se backup
     stvarno i radi i da li funkcionira?)
     Pohrana i manipulacija medijima
        Off-site čuvanje
        zaštita od fizičkog oštećenja
          š        f č       š ć
        Enkripcija podataka
Kako pravilno raditi Exchange backup
     p                     g       p

 Exchange backup
   System state
         y
   File system
     Ne uključivati Exchange baze i logove kao dio file
     system backupa !!!
        Exchange 2003
            C:\program files\exchsrvr\mdbdata
        Exchange 2007
            C:\program files\Microsoft\Exchange
            Server\Mailbox\storagegroupname
   Online backup Exchangea kroz Exchage backup
   funkciju ili 3rd party agent
   DC, DNS,
   DC DNS CA b k    backup
   NE backupirati IFS (M: drive u Exchange 2000)
Backup - preporuke
     p p p

 Smanjiti količinu materijala koji se backupira:
    Antispam
    E mail archiving
    E-mail
 Disk staging – disk to disk to tape
 Distribuirati korisnike u više storage grupa i baza
    Manji uticaj na korisnike ako baza nije dostupna
                       t            ć    t iš
    B ži b k i restore – mogućnost više paralelnih
    Brži backup                                    l l ih
    backup ili restore jobova
 Osigurajte rezervne komponente (diskove, memoriju,
                                      (diskove memoriju
 mrežne kartice)
             p       g
Windows backup “tuning”

HKEY_CURRENT_USER
HKEY CURRENT USER
  Software
    Microsoft
              p
       Ntbackup
        Backup Engine
             p       g
Windows backup “tuning”



                           Default   Custom
Logical Disk Buffer Size     32        64
Max Buffer Size             512       1024
Max Num Tape Buffers         9         16
3rd party backup vs. Windows backup
    p y        p                  p
 3rd party se preporuča
   (Symantec Backup Exec11d, ranije Veritas Backup Exec)
      Restore pojedinih stavki, foldera ili mailbox restore iz
      database b k
      d t b      backupa
      Continuous backup protection
             g                    y
      Intelligent disaster recovery
      Exclusions
      Redoslijed backupa
      Različiti accounti pod kojima se izvršava backup
      Reporting
      Monitoring
      Data encryption
      Agenti za druge tehnologije (SharePoint, Oracle,
      Lotus…)
Zašto BackupExec?
           p

      backup
 Rade back p komponente u samim
 Windowsima
   Windows backup API
   Backup utility
   Windows Automated System Recovery
   VSS
 Microsoft ih koristi in-house
 Većinski udio na tržištu i brojne nagrade
     p                  p
BackupExec – continuous protection
Backup Exec – continuous protection
Dokumentacija sustava
           j

            a rekonstr kcij sustava
 Neophodna za rekonstrukciju s sta a
   Vaš backup možda nije moguće restorati
   Ili uopće nemate backup …
 Automatsko dokumentiranje i praćenje
 promjena:
   Ecora - Auditor www.ecora.com
   Netpro - Change Auditor www.netpro.com
Prije katastrofe ...
   j

                         recovery
 Imajte spreman disaster reco er kit


 NAPRAVITE DISASTER
 RECOVERY TESTING !!!
Disaster Recovery Kit
                y

 Build it as you install and change the machine
   Intelligent recovery CD
              CDs,       keys, drivers,
   Software CDs serial keys drivers service accounts
   details, patches, registry hacks..
   Internal information:
      Printed contact information of critical people (who has the
      keys of your datacenter, spare parts, alarm codes, etc.)
   Support information
      Support phone numbers, contact IDs, etc
           g
   IP configuration
   Disk configuration
PRIČA

                  Recovery
        Disaster Reco er
        testing u Hrvatskim
        Željeznicama
Disaster recovery testing
                y       g

 Provjera
 Pro jera da li tehničko osoblje ima
 potrebna tehnička znanja
 Provjerava da li procedura funkcionira
 Provjerava da li imate ste što vam je
 potrebno za recovery
 Mjeri vrijeme potrebno za – Restore u
 pravilu traje 2,5 3x duže nego backup
               2,5-3x
Disaster
Recovery
       y

 izazovi:
 i a o i
   Problem No 1: doći do restore gumba
   Bez prethodne pripreme restore u prosjeku
   traje 2 DANA
      j
   Riješenje: Intelligent Disaster Recovery CD
Recovery
       y

                Exchange    trake:
 Prije restorea E change sa trake
   UKLJUČITI circular logging
   Uključiti “this database can be overwritten by
   a restore” opciju na bazama koje restorate
                p j                j
A što ako nemamo backupa?
                      p

       pokušati:
 Možte pok šati
   Popravak oštećenih baza
     Eseutil
     Isinteg
   Server Rebuild :
     Exchange 2007:
        Setup /mode:RecoverServer
           g
     Exchange 2003:
        Setup /disasterrecovery
Server rebuild

      server
 Edge ser er
   ExportEdgeConfig.ps1
     This script exports all user-configured settings and
     data from an Edge Transport server, and stores
     that d t i           fil
     th t data in an XML file.
   ImportEdgeConfig.ps1
     This script imports all user-configured settings and
     data stored in the XML file that is created by the
     ExportEdgeConfig.ps1 script.
     E     tEd C fi         1    i t
Dodatni izvori
Dodatni izvori

 You
 Yo had me at EHLO – Microsoft
 Exchange team blog – CCR setup video
   http://msexchangeteam.com
 MS Exchange org
   www.msexchange.org
Dodatni izvori - Webcasts
Dodatni izvori - Virtual Labs
Dodatni izvori - TechNet TNT sessions

Microsoft Exchange Server 2003 Disaster
Recovery
Demo 1 - Backup Best Practices
Demo 2 - Mailbox Recovery
Demo 3 - R
D                 i Stores
          Recovering St
Demo 4 - Replacing a Microsoft Exchange
Server
Demo 5 - Alternate Server Recovery
http://www.microsoft.com/downloads/details.asp
x?FamilyID=386f88e8-d378-499a-a2d8-
3f17962e41c5&Displa Lang en
3f17962e41c5&DisplayLang=en
Additional resources - Community
                               y

 Exchange      Group
 E change User Gro p Croatia
   www.eugcro.org


 Exchange User Group Europe
   www.eugeurope.org
   Online community
   Forum
   Link library
Contact

dejan.foro@exchangemaster.net
dejan foro@exchangemaster net
+41 79 598 56 47

 LinkedIn:
  http://www.linkedin.com/in/dejanforo

 Xing (OpenBC):
  http://www.xing.com/profile/Dejan_Foro
  p       p             j
Ispunite upitnike i osvojite…

								
To top