Exchange 2007 High Availability and Disaster Recovery by zzc95435

VIEWS: 7 PAGES: 72

									Exchange 2007 High Availability and
        y
Disaster Recovery
Dejan Foro
dejan.foro@exchangemaster.net
Sponzori
Predavač
    MCP Hall of Fame
      (1 od 6 u svijetu)
    Microsoft MVP - Exchange
        d     ij t )
      (1 od 100 u svijetu)
    14 godina u informatici
    MCP MCP+I, MCSE NT40 MCSE+I, MCSE
    MCP, MCP+I      NT40, MCSE+I
    2000, MCSE 2000:Messaging, MCSA 2003,
    MCSA 2003:Messaging, MCSE 2003, MCT
    MCP Success Stories
    Exchange User Group Croatia (suosnivač)
    Exchange User Group Europe (osnivač)
Predavač

 Kvalifikacije  temu
 K alifikacije na tem
  Iskustvo i certifikati:
   Exchange 5.5,
   Exchange 2000,
   Exchange 2003
  Oko 1,5 godina iskustva sa Exchange 2007
     , g             g
  kroz MVP program (Exchange Titanium,
     g   ,   ,    )
  Exchange 12.., beta1, beta2..)
  Dvadesetak uspješnih disaster recoverya
Sadržaj
   j

 Uvod
 High Availability – visoka dostupnost
  Tehnološka poboljšanja u Exchange 2007 glede
  visoke dostupnosti
 Disaster recovery
  preventiva
  backupp
  restore/recovery
              j
 Best Practices, dokumentacija, linkovi ,
 dodatni izvori
 Q&A
Izazovi današnjice
       j
   E mail
   E-mail je postao BUSINESS CRITICAL APLIKACIJA !!!
      75 % intelektualnog vlasništva tvrtke je u e-mailu
      79 % tvrtki prihvaća e-mail kao sredstvo za poslovne transakcije
      (narudžbe, potvrde o plaćanju i sl.)
      U 75 % sudskih procesa vezano za Fortune 500 kompanije e-mail je bio
      ključni dokazni materijal
   Downtime, ili čak samo kašnjenje maila može biti veliki problem
      Restore Time Obj ti
   RTO - R t    Ti             ki        t
             Objectives – vremenski prozor za restore sve
   manji
   Globalne tvrtke rade 24x7, prozor za backup i održavanje je sve
   manji
   Gubitak e-mail poruka je neprihvaljiv iz poslovnih i/ili zakonskih
   razloga
   Backup od sinoć više nije dovljno dobar
izvor: Symantec corporation “Redefining Exchange Server Data Protection with Symantec Backup Exec 11 d for Windows Servers”
High availability u Exchange 2003 -
“stari,
“stari klasični clustering”
Nedostatci:

      baze su         failure
 Storage i ba e s single point of fail re
   p       p
 Kompleksan i skup hardware
 Što s mailom koji je stigao nakon zadnjeg
 backupa ?
 Replikacija i failover na “rezervnu lokaciju”
 skoro nemoguća misija
 Ovisnost o MSDTC servisu
 “Split brain” situacija
 Kompleksna restore procedura
Noviteti u Exchange 2007
         g

 High availability
  Clustered Continuous Replication (CCR)
  Local C            (LCR)
     Continuous Replication ( C )
  “klasični” clustering
 Disaster recovery
  Dodani disaster recovery alati u toolbox
  Baze nemaju više .STM fajlove
  unaprijeđen VSS Volume Shadow Copy
  backup – potreban 3rd party software
           p
Cluster continuous replication - CCR
Prednosti CCR-a nad “klasičnim”
clusteringom
 Storage i baze više nisu single point of failure
 Nema potrebe za specijalnim hardwareom
 Moguć trenutni failover na node na udaljenoj
 rezervnoj lokaciji
 Nema gubitka maila od zadnjeg backupa
 Korisnici ne moraju čekati na restore
 Majority Node set qorum i witness file share
        Split Brain
 spriječavaju “Split Brain” situacije
 Backup sa passivnog noda
CCR video
Cluster Continuous Replication - CCR
           p

 Msexchange.org
 Msexchange org
  Installing, Configuring and Testing an Exchange
                p    (  )
  2007 Cluster Continuous Replication (CCR) Based
  Mailbox Server (part 1,2,3)
   http://www.msexchange.org/tutorials/Installing-Configuring-
   Testing Exchange 2007 Cluster Continuous Replication
   Testing-Exchange-2007-Cluster-Continuous-Replication-
   Based-Mailbox-Server-Part1.html
  Backing Up Exchange Databases via the Passive
            Server 2007 CC C
  Node in an Exchange S      CCR Cluster
   http://www.msexchange.org/tutorials/Backing-Up-
       g
   Exchange-Databases-via-Passive-Node-Exchange-g
   Server-2007-CCR-Cluster.html
     j
Instalacija CCR clustera

- share na hub transport serveru
  • (za Majority Node Set (MNS) quorum)
- Instalacija Windows cluster
  - odabrati Majority Node Set MNS Quorum umjesto
       g
   lokalnog kvoruma
•  Konfiguracija quoruma da koristi Witness file share
•  Instalacija aktivnog Exchange 2007 mailbox noda
•  Instalacija pasivnog Exchange 2007 mailbox noda
•  Provjera failovera
“standardni” clustering
           g

 MSExchange.org
 MSE change org
  Installing a Two Node Exchange Server
  2007 Single Copy Cluster (SCC) in a Virtual
  Server Test Environment
  http://www.msexchange.org/tutorials/Installing-
   Two-Node-Exchange-Server-2007-Single-Copy-
   Cl t Vi t l S     E i    t P t1 ht l
   Cluster-Virtual-Server-Environment-Part1.html
          p
Local Continuous Replication
Disaster recovery
        y

 Preventiva
 Pre enti a
 Backupp
 Restore
Preventiva

 Preventiva       ori
 Pre enti a - najčešći uzori katastrofa i
 kako ih spriječiti
 j
Najčešći uzori katastrofa

1. Nepravilno konfiguriran antivirusni
1 Nepra ilno konfig riran anti ir sni
  software
2. Antivirusni software nije instaliran
3 Ljudska greška – ručno brisanje
3.
  transakcijskih logova ili baza, formatiranje
  krivog di k i sl.
  ki   diska l
4. Drugi razlozi (ispad diska, nestanak
  struje, 3rd party software, itd.)
Kako pravilno konfigurirati file system
antivirusni software

 Exclusioni      obavezno
 E cl sioni koje treba oba e no
 konfigurirati:
  Exchange direktoriji:
      g             g
   C:\Program Files\Microsoft\Exchange Server
     Baze
     Transakcijski logovi
     Checkpoint file
     SMTP Mailroot
     MTA folder
     Folderi od connectora (Exchange 5.5 connector, Notes
     connector)
     SRS
Kako pravilno konfigurirati file system
antivirusni software (2)
 Exclusioni koje treba obavezno konfigurirati:
  M: drive (Exchange 2000), obavezno ga isključiti iz
  backupa !!!
  %SystemRoot%\System32\Inetsrv
  Radni direktorij od Exchange antivirusnog softwarea
  Radni direktorij od antispam software
  Cluster quorum fajlovi
  Direktorij u kojem radite održavanje ili popravak baza
  sa eseutil i isinteg alatima
Kako pravilno konfigurirati file system
antivirusni software (3)

     antivirus   pravilno konfiguriran:
 Ukoliko anti ir s nije pra ilno konfig riran
  Oštećenja baza, logova, checkpoint fileova
  “nestajanje” itema
  Rušenje antivirusnog softwarea za Exchange
  Oštećenje IIS metabasea
  Ošt ć j SMTP servicea
  Oštećenje      i
Kako pravilno konfigurirati file system
antivirusni software (4)

  iše detalja:
Za više detalja
Msexchange.org website:
     g   g
  How to properly configure File System
  antivirus software on Exchange Server
   http://www.msexchange.org/articles/Properly-
   Configure-file-system-antivirus-Exchange.html
      g     y           g
Preventiva
     p
 Budite spremni – obavezno štivo
  Exchange 2003 Technical Documentation Library
   Exchange
   “Exchange server 2003 Disaster Recovery Operations
   Guide”, (240 pages, revision 12.12.2006)
   http://technet.microsoft.com/en-us/library/bb125070.aspx
   “Using Recovery Storage Groups in Exchange Server
   2003”
   http://technet microsoft com/en us/library/aa998782 aspx
   http://technet.microsoft.com/en-us/library/aa998782.aspx
   “Exchange Server Database Utility Guide”
     p                   y      p
   http://technet.microsoft.com/en-us/library/aa996953.aspx
   Microsoft knowledge base article 182081 “Description
   of the Isinteg utility”
   http://support.microsoft.com/?kbid=182081
Preventiva

 preporuke:
 prepor ke
  Firewall, antivirus, patching
  Uključiti deleted items retention
  Isključiti circular logging
  Držati baze i logove na odvojenim diskovima
prevencija
p    j

 Preporuke:
 Prepor ke
  Barem 2 domain controllera
  Active Directory i Exchange na odvojenim
  strojevima
    j
  Isključiti write cash na SCSI controllerima
  Staviti diskove u RAID
  Održavanje – defragmentacija sa eseutilom
  Best Practices Analyzer
Deleted Items Retention
Deleted items retention
Deleted items retention - tip
              p

                 klj čen
 Ako je deleted items retention uključen
 korisnik može sam vratiti mailove iz svog
 deleted items foldera
 Ako koriste Shift+Delete stvari ne idu u
 deleted items folder
    klj čiti DumpsterAlwayson registry
 Ti – uključiti D
 Tip         t Al       i t
 key
 KB article 246153
  y
“Recycle bin“ za mailboxe
          y
Best Practices Analyzer
          y
Best Practices Analyzer
   p
Backup
Backup - standardni problemi
   p       p

 Organizacijski
 Organi acijski
  Planiranje i kontrola
   Tko radi backup?
   Što se backupira ?
   Kontrola izvršenja backupa (da li se backup
   stvarno i radi i da li funkcionira?)
   Pohrana i manipulacija medijima
    Off-site čuvanje
    zaštita od fizičkog oštećenja
     š    f č    š ć
    Enkripcija podataka
Kako pravilno raditi Exchange backup
   p           g    p

 Exchange backup
  System state
     y
  File system
   Ne uključivati Exchange baze i logove kao dio file
   system backupa !!!
    Exchange 2003
      C:\program files\exchsrvr\mdbdata
    Exchange 2007
      C:\program files\Microsoft\Exchange
      Server\Mailbox\storagegroupname
  Online backup Exchangea kroz Exchage backup
  funkciju ili 3rd party agent
  DC, DNS,
  DC DNS CA b k  backup
  NE backupirati IFS (M: drive u Exchange 2000)
Backup - preporuke
   p p p

 Smanjiti količinu materijala koji se backupira:
  Antispam
  E mail archiving
  E-mail
 Disk staging – disk to disk to tape
 Distribuirati korisnike u više storage grupa i baza
  Manji uticaj na korisnike ako baza nije dostupna
            t      ć  t iš
  B ži b k i restore – mogućnost više paralelnih
  Brži backup                  l l ih
  backup ili restore jobova
 Osigurajte rezervne komponente (diskove, memoriju,
                   (diskove memoriju
 mrežne kartice)
       p    g
Windows backup “tuning”

HKEY_CURRENT_USER
HKEY CURRENT USER
 Software
  Microsoft
       p
    Ntbackup
    Backup Engine
       p    g
Windows backup “tuning”              Default  Custom
Logical Disk Buffer Size   32    64
Max Buffer Size       512    1024
Max Num Tape Buffers     9     16
3rd party backup vs. Windows backup
  p y    p         p
 3rd party se preporuča
  (Symantec Backup Exec11d, ranije Veritas Backup Exec)
   Restore pojedinih stavki, foldera ili mailbox restore iz
   database b k
   d t b   backupa
   Continuous backup protection
       g          y
   Intelligent disaster recovery
   Exclusions
   Redoslijed backupa
   Različiti accounti pod kojima se izvršava backup
   Reporting
   Monitoring
   Data encryption
   Agenti za druge tehnologije (SharePoint, Oracle,
   Lotus…)
Zašto BackupExec?
      p

   backup
 Rade back p komponente u samim
 Windowsima
  Windows backup API
  Backup utility
  Windows Automated System Recovery
  VSS
 Microsoft ih koristi in-house
 Većinski udio na tržištu i brojne nagrade
   p         p
BackupExec – continuous protection
Backup Exec – continuous protection
Dokumentacija sustava
      j

      a rekonstr kcij sustava
 Neophodna za rekonstrukciju s sta a
  Vaš backup možda nije moguće restorati
  Ili uopće nemate backup …
 Automatsko dokumentiranje i praćenje
 promjena:
  Ecora - Auditor www.ecora.com
  Netpro - Change Auditor www.netpro.com
Prije katastrofe ...
  j

             recovery
 Imajte spreman disaster reco er kit


 NAPRAVITE DISASTER
 RECOVERY TESTING !!!
Disaster Recovery Kit
        y

 Build it as you install and change the machine
  Intelligent recovery CD
       CDs,    keys, drivers,
  Software CDs serial keys drivers service accounts
  details, patches, registry hacks..
  Internal information:
   Printed contact information of critical people (who has the
   keys of your datacenter, spare parts, alarm codes, etc.)
  Support information
   Support phone numbers, contact IDs, etc
      g
  IP configuration
  Disk configuration
PRIČA

         Recovery
    Disaster Reco er
    testing u Hrvatskim
    Željeznicama
Disaster recovery testing
        y    g

 Provjera
 Pro jera da li tehničko osoblje ima
 potrebna tehnička znanja
 Provjerava da li procedura funkcionira
 Provjerava da li imate ste što vam je
 potrebno za recovery
 Mjeri vrijeme potrebno za – Restore u
 pravilu traje 2,5 3x duže nego backup
        2,5-3x
Disaster
Recovery
    y

 izazovi:
 i a o i
  Problem No 1: doći do restore gumba
  Bez prethodne pripreme restore u prosjeku
  traje 2 DANA
   j
  Riješenje: Intelligent Disaster Recovery CD
Recovery
    y

        Exchange  trake:
 Prije restorea E change sa trake
  UKLJUČITI circular logging
  Uključiti “this database can be overwritten by
  a restore” opciju na bazama koje restorate
        p j        j
A što ako nemamo backupa?
           p

    pokušati:
 Možte pok šati
  Popravak oštećenih baza
   Eseutil
   Isinteg
  Server Rebuild :
   Exchange 2007:
    Setup /mode:RecoverServer
      g
   Exchange 2003:
    Setup /disasterrecovery
Server rebuild

   server
 Edge ser er
  ExportEdgeConfig.ps1
   This script exports all user-configured settings and
   data from an Edge Transport server, and stores
   that d t i      fil
   th t data in an XML file.
  ImportEdgeConfig.ps1
   This script imports all user-configured settings and
   data stored in the XML file that is created by the
   ExportEdgeConfig.ps1 script.
   E   tEd C fi     1  i t
Dodatni izvori
Dodatni izvori

 You
 Yo had me at EHLO – Microsoft
 Exchange team blog – CCR setup video
  http://msexchangeteam.com
 MS Exchange org
  www.msexchange.org
Dodatni izvori - Webcasts
Dodatni izvori - Virtual Labs
Dodatni izvori - TechNet TNT sessions

Microsoft Exchange Server 2003 Disaster
Recovery
Demo 1 - Backup Best Practices
Demo 2 - Mailbox Recovery
Demo 3 - R
D         i Stores
     Recovering St
Demo 4 - Replacing a Microsoft Exchange
Server
Demo 5 - Alternate Server Recovery
http://www.microsoft.com/downloads/details.asp
x?FamilyID=386f88e8-d378-499a-a2d8-
3f17962e41c5&Displa Lang en
3f17962e41c5&DisplayLang=en
Additional resources - Community
                y

 Exchange   Group
 E change User Gro p Croatia
  www.eugcro.org


 Exchange User Group Europe
  www.eugeurope.org
  Online community
  Forum
  Link library
Contact

dejan.foro@exchangemaster.net
dejan foro@exchangemaster net
+41 79 598 56 47

 LinkedIn:
 http://www.linkedin.com/in/dejanforo

 Xing (OpenBC):
 http://www.xing.com/profile/Dejan_Foro
 p    p       j
Ispunite upitnike i osvojite…

								
To top