VIEWS: 156 PAGES: 103 POSTED ON: 7/9/2011
Deploying Exchange Server 2010 James Oryszczyn President, JSO Technology LLC 1 Flexible and Reliable Provide the flexibility needed to operate a scalable, high performing, and easy to administer messaging infrastructure Delivered in Exchange Server 2007 Improved Installation and deployment experience High Availability through Continuous Replication Simplified management console and command line shell Building on these Investments in Exchange Server 2010 Single platform for High Availability and Disaster Recovery Role-based admin, web-based management, and user self-service Choice of storage hardware from SAN to low-cost DAS options 2 • Single platform for availability, backup, and recovery • Online mailbox moves keep users connected • Role-based administration and user self-service • Web-based management and remote PowerShell • Choice of storage from SAN to low-cost DAS • Modular server roles ease deployment 3 Deliver Deployment Flexibility Greater Range of Storage Options Through Performance Enhancements Storage Area Direct Attached w/ Direct Attached w/ JBOD SATA Network (SAN) SAS Disks SATA Disks (RAID-less) E2K3 • 70% reduction in IOPS E2K7 E2010 • Smoother IO patterns • Resilience against corruption Read IOPS Write IOPS 4 Requirements to Deploy Exchange 2010 5 Exchange 2010 System Requirements Supported Operating Systems 64-bit edition of Windows Server 2008 Standard with Service Pack 2 (SP2) 64-bit edition of Windows Server 2008 Enterprise with SP2 64-bit edition of Windows Server 2008 R2 Standard 64-bit edition of Windows Server 2008 R2 Enterprise Supported Systems for Exchange Management Tools Windows Vista with SP2 for management tools only installation 64-bit edition of Windows Server 2008 Standard with SP2 64-bit edition of Windows Server 2008 Enterprise with SP2 64-bit edition of Windows Server 2008 R2 Standard 64-bit edition of Windows Server 2008 R2 Enterprise 64-bit edition of Windows 7 6 Outlook Requirements Exchange 2010 supports the following versions of Microsoft Office Outlook Outlook 2010 Outlook 2007 Outlook 2003 Entourage 2008 for Mac, Web Services Edition 7 Outlook 2003 Notes On clients running Outlook 2003, you may notice that folder updates don't occur automatically in a timely manner. This situation occurs because User Datagram Protocol (UDP) notifications aren't supported in Exchange 2010. For more information about resolving this issue, see Knowledge Base article 2009942, In Outlook 2003, e-mail messages take a long time to send and receive when you use an Exchange 2010 mailbox. However, Outlook 2007 and Outlook 2010 are automatically compatible with this change. Exchange 2010 RTM: Clients running Outlook 2003 don’t use RPC encryption, which RPC Client Access requires by default. You will either need to turn off the RPC encryption requirement or configure Outlook 2003 to use RPC encryption. However, Outlook 2007 and later versions are automatically compatible with the change to RPC Client Access because they support RPC encryption by default. For more information, see Understanding RPC Client Access. Exchange 2010 SP1: In Exchange 2010 SP1, the RPC encryption requirement is disabled by default. Any new Client Access Servers (CAS) deployed in the organization will not require encryption. However, any CAS servers deployed prior to Exchange 2010 SP1, or upgraded to Exchange 2010 SP1, will retain the existing RPC encryption requirement setting. 8 Server Virtualization Support Microsoft Hyper-V Server 2008 Microsoft Hyper-V Server 2008 R2 VMWARE 4.0 or later with Patch 1 Any third-party hypervisor that has been validated under the Windows Server Virtualization Validation Program. The Exchange guest virtual machine: Is running Microsoft Exchange 2010. Is deployed on the Windows Server 2008 with SP2 or Windows Server 2008 R2 operating system. Doesn't have the Unified Messaging server role installed. All Exchange 2010 server roles, except for the Unified Messaging server role, are supported in a virtualization environment. This is due to the real-time response requirements associated with voice communications with the Unified Messaging server role. 9 Active Directory Requirements Make sure that the functional level of your forest is at least Windows Server 2003, and that the schema master is running Windows Server 2003 with Service Pack 1 (SP1) or later. No Windows 2000 Domain Controllers Must run domain prep and Forest prep to Prepare the Domain for Exchange 2010 Exchange 2010 Editions and Licenses Standard and Enterprise Big Difference is Enterprise Exchange supports 50+ Mailboxes, Standard supports 5 Standard and Enterprise CAL Enterprise CAL includes Email Archiving and spam filtering Must buy both the Standard and Enterprise CAL’s. They are not an either/or. It is a Standard plus Enterprise 10 Exchange 2010 HA Requirements Windows 2008 SP2 or Windows 2008 R2 Enterprise Edition Required Can use the Standard or Enterprise Edition of Exchange Server A SAN or Shared Storage is not required, can run on JBOD (Just a Bunch of Disks) More about this Topic in the next Section 11 Exchange 2010 Server Rolls Mailbox Server • Holds the Exchange Mailbox data and also Public Folders Hub Transport • Handles routing email in/out of the Exchange Organization Client Access • All access to the Exchange Mailbox Database comes via the Client Access • Change from prior Versions of Exchange, they connected directly to the Exchange server database. Why is this? HA is why. We will explain this better later in the presentation Unified Messaging • Allows Phone systems to store Voice Messages Edge Transport • I do not use this roll, sits in DMZ for Mail routing and spam filtering 12 Exchange 2003 to Exchange 2010 Upgrade Exchange 2003 organization must be in Native Mode and Have SP2 installed Exchange 2010 OWA will not Proxy back to Exchange 2003 mailboxes Will need to run OWA in parallel Deploy Exchange 2010 servers in this order: Client Access Hub Transport Unified Messaging Mailbox Move mailboxes from Exchange 2003 to Exchange 2010 13 Exchange 2007 to Exchange 2010 Upgrade Upgrade existing Exchange 2007 servers to Exchange 2007 Service Pack 2 (SP2). Deploy Exchange 2010 servers in this order: Client Access Hub Transport Unified Messaging Mailbox Move mailboxes from Exchange 2007 to Exchange 2010 14 To the Cloud… Demo on Installed Exchange 2010 Hub Transport and Mailbox Server 15 High Availability 16 Manual AD site: Dallas “activation” of Client Access remote mailbox Server DB4 Outlook (MAPI) OWA, ActiveSync, or server DB5 client Outlook Anywhere Standby Server DB6 AD site: San Jose Mailbox server can’t co-exist Client Access Server with other roles SCR SCR managed CCR #1 CCR #1 CCR #2 separately; no CCR #2 Node A Node B Node A Node B GUI Windows cluster Windows cluster Clustering knowledge DB1 DB1 DB4 DB4 required DB2 DB2 DB5 DB5 Database failure DB6 requires server DB3 DB3 DB6 failover Core Architectural Shift Active Manager Database Availability Group PAM SAM DAG Networks Windows Failover Cluster Default Cluster Group Cluster IP Address Cluster Cluster Name Database Cluster Quorum 18 Core Architectural Shift Windows Failover Cluster Default Cluster Clustered Mailbox Group Server (CMS) • Cluster IP Address • CMS IP Address • Cluster Name • CMS Name • Cluster Quorum • CMS resources (exres.dll) • CMS disk resources Cluster Cluster Networks Database 19 Core Architectural Shift Database Availability Group Mailbox Server Mailbox Server Mailbox Server Get- Get- Get- MailboxDatabaseCopyStatus MailboxDatabaseCopyStatus MailboxDatabaseCopyStatus Move- Move- Move- ActiveMailboxDatabase ActiveMailboxDatabase ActiveMailboxDatabase Primary Active Manager Standby Active Manager Standby Active Manager Storage Storage Storage 20 Enable Continuous Availability Simplified Mailbox High Availability and Disaster Recovery with New Unified Platform San Jose New York Mailbox Mailbox Mailbox Server Server Server DB1 DB1 DB1 Recover quickly DB2 DB2 DB2 from disk and DB3 DB3 DB3 database failures DB4 DB4 DB4 DB5 DB5 DB5 • Evolution of Continuous Replication technology • Easier than traditional clustering to deploy and manage • Allows each database to have 16 replicated copies • Provides full redundancy of Exchange roles on as few as two servers • Capabilities of CCR and SCR combined into one platform 21 Continuous Availability Limit User Disruption During Mailbox Moves and Maintenance E-Mail Client Users stay connected and productive as mailboxes are moved between servers Send messages Client Access Server Receive messages Access entire mailbox Administrators can perform migration and maintenance Mailbox Server 1 Mailbox Server 2 during regular hours 22 Exchange Server 2010 High Availability Fundamentals Database Availability Group • A group of up to 16 servers hosting a set of replicated databases • Wraps a Windows Failover Cluster – Manages servers’ membership in the group – Heartbeats servers, quorum, cluster database • Defines the boundary of database replication • Defines the boundary of failover/switchover • Defines boundary for DAG’s Active Manager Mailbox Mailbox Mailbox Mailbox Mailbox Server 1 Server 2 Server 3 Server 4 Server 16 23 Exchange Server 2010 High Availability Fundamentals Server • Unit of membership for a DAG • Hosts the active and passive copies of multiple mailbox databases • Executes Information Store, CI, Assistants, etc., services on active mailbox database copies • Executes replication services on passive mailbox database copies Mailbox Mailbox Mailbox Server 1 Server 2 Server 3 DB1 DB4 DB3 DB2 DB1 DB4 DB3 DB2 24 Exchange Server 2010 High Availability Fundamentals Mailbox Database • A database has 1 active copy – active copy can be mounted or dismounted • Maximum # of passive copies == # servers in DAG – 1 Mailbox Mailbox Mailbox Server 1 Server 2 Server 3 DB1 DB4 DB3 DB2 DB1 DB4 DB3 DB2 DB1 25 Exchange Server 2010 High Availability Fundamentals Mailbox Database (Continued) – ~30 seconds database – Server failover/switchover involves moving all active databases to one or more other servers – Database names are unique across a forest – Defines properties relevant at the database level » Globally Unique Identifier (GUID): a Database’s unique ID » EdbFilePath: path at which copies are located » Servers: list of servers hosting copies 26 Exchange Server 2010 High Availability Fundamentals Continuous Replication • Continuous replication has the following basic steps: – Database copy seeding of target – Log copying from source to target – Log inspection at target – Log replay into database copy 27 Exchange Server 2010 High Availability Fundamentals Database Seeding • There are three ways to seed the target instance: – Automatic Seeding • Requires 1st log file containing CreateDB record – Update-MailboxDatabaseCopy cmdlet • Can be performed from active or passive copies – Manually copy the database 28 Exchange Server 2010 High Availability Fundamentals Log Shipping • Log shipping in Exchange Server 2010 leverages Transmission Control Protocol (TCP) sockets – Supports encryption and compression – Administrator can set TCP port to be used • Replication service on target notifies the active instance the next log file it expects – Based on last log file which it inspected • Replication service on source responds by sending the required log file(s) • Copied log files are placed in the target’s Inspector directory 29 Exchange Server 2010 High Availability Fundamentals Log Inspection • The following actions are performed to verify the log file before replay: – Physical integrity inspection – Header inspection – Move any Exx.log files to ExxOutofDate folder that exist on target if it was previously a source • If inspection fails, the file will be recopied and inspected (up to 3 times) • If the log file passes inspection it is moved into the database copy’s log directory 30 Exchange Server 2010 High Availability Fundamentals Incremental Resync • Incremental reseed scenario – Active DB1 on server1 fails – Passive DB1 on server3 takes over service – Sometime later, failed DB1 on server1 comes back as passive – contains inconsistent data – Make DB1 on server1 consistent with new active • Transaction logs of active and failed copy are compared to find divergence point • Determines from logs the database pages that changed after divergent point • Copies database pages from active to failed copy, then play new logs, until in- sync Mailbox Mailbox Mailbox • Replaces Exchange Server Server 1 Server 2 Server 3 2007’s Lost Log Resilience (LLR) – LLR is set to 1 X DB1 DB1 DB1 31 31 Exchange Server 2010 HA Goals • Reduce complexity • Reduce cost • Native solution - no single point of failure • Improve recovery times • Support larger mailboxes Make High Availability Exchange deployments mainstream! 32 Exchange Server 2010 High Availability Fundamentals Backups • Streaming backup APIs for public use have been cut, must use Volume Shadow Copy Service (VSS) for backups – Backup from any copy of the database/logs – Always choose Passive (or Active) copy – Backup an entire server – Designate a dedicated backup server for a given database • Restore from any of these backups scenarios Mailbox Mailbox Mailbox Server 1 Server 3 Database Availability Group Server 2 DB1 DB1 DB1 DB2 DB2 DB2 DB3 DB3 DB3 VSS requestor 33 Multiple Database Copies Enable Backupless Configurations Site/server/disk failure • Exchange Server 2010 HA Archiving/compliance • E-mail archive Recover deleted items • Extended/protected dumpster retention Database Availability Group Mailbox Mailbox Mailbox Server 1 Server 2 Server 3 7-14 day lag copy DB1 DB1 DB1 DB2 DB2 DB2 X DB3 DB3 DB3 34 Backupless Configuration • JSO does not recommend the Backup less configuration • Database corruption could destroy your Exchange database • If you do not have archiving, restoring Individual emails could be a challenge • If you have your servers in the same Datacenter, a natural disaster could destroy your Exchange 35 JSO Approved Backup Solution Unitrends • Already Supports Exchange Server2010 • Offers individual Email restore without using Microsoft’s API (uses On track Power Control) • Also provides Bare Metal restore, allowing for quick Exchange server recovery from a crash. Can restore to different hardware • Can also aid with server Virtualization. 36 To the Cloud… Setup HA in Exchange 2010 37 Client Access Role 38 Client Access Server Agenda Overview of Client Access Server (CAS) functions Remote procedure call (RPC) Client Access Service Exchange Web Services (EWS) Offline Address Book Functionality Topology scenarios Secure Sockets Layer (SSL) and certificate considerations 39 What Client Access Servers Do Client Access Server Microsoft® Internet Explorer®, Mozilla OWA & ECP Firefox™, Safari® RPC Mobile Devices EAS Mailbox Server Outlook®, Entourage®, LOB apps EWS Lightweight Outlook, Entourage, Directory Access Line-of-Business (LOB) apps, Mobile Protocol (LDAP) Autodiscover Devices Domain Outlook Offline Address Controller Book download Proxied Outlook from the Internet Outlook HyperText Transfer Anywhere Protocol (HTTP) Thunderbird POP/IMAP Other CAS Outlook from the intranet RPC Client Server Access Service 40 Store Access Paths All Roads Go Through the Client Access Server Exchange Components Outlook, other Entourage, 3rd (EWS, ActiveSync, Unified Messaging Application Exchange Components party apps Messaging (UM), Outlook Programming Interface (EWS, ActiveSync, UM, Web App (OWA), Mailbox (MAPI) clients OWA, Mailbox Agents, Agents, Transport Agents) Outlook, other Transport Agents) MAPI clients Exchange MAPI, RFR** Exchange Middle Entourage,3rd & NSPI*** Business Tier Middle Business Tier party apps RPC Logic Logic Exchange Core Business Logic MAPI RPC DAV* Mailbox MAPI RPC Mailbox Store Store 41 Request for Response Distributed Authoring and Versioning (DAV) Exchange Server 2010 Middle Tier What is it? Outlook Clients • New services in Exchange Server 2010 that reside on CAS – Restrict all Outlook data access to a single common path by migrating Mailbox and Directory endpoints to CAS Exchange CAS Array • What it handles: – Outlook data connections go to RPC Client Access Service on CAS instead of connecting to Mailbox servers – Address Book Service on CAS replaces MBX GC DSProxy interface, handles all Outlook Directory connections – Public folder connections connect directly to the Mailbox server, but through RPC Client Access Service running on backend 42 RPC Client Access Service The Why • Provides a better client experience during switchovers/failovers – When a Mailbox (MBX) server fails over, Outlook client will only see ~30 sec disconnect, as compared to 1-Time to Live (TTL) min before • Uses the same business logic for Outlook and CAS clients – Data validation, especially Calendar logging + repair – Compliance – Archive mailbox infrastructure – Content/body conversion • Scaling mailbox connections – More concurrent connections / mailboxes per Mailbox server • Reduces code and client logic in Exchange Store process for 43 increased reliability Data Validation and Compliance Exchange • New Calendar Validation and Components Compliance features require (EWS, ActiveSync, UM, OWA, acting on items as they are Client saves item (new Mailbox Agents, saved or existing) Transport Agents) – Calendar Logging – capture the state of items as they are saved, for diagnostics MAPI, RFR Exchange and repair & NSPI Business – Dumpster – keep deleted Middle Tier RPC Logic items around so they may Exchange Core be restored Business Logic – Retention – keep deleted items around for per MAPI RPC Mailbox On Save: • If it’s a meeting message, retention policy make a copy in the Calendar Store Logging folder • Can support these features • If the Save is a Delete, make a copy in the for all clients without any Recoverable Items folder client changes using Middle Tier “magic” 44 Client Access Scaling Mailbox Connections 60K outbound 60K outbound connections/CAS IP connections/MBX (W2K8) server Outlook Anywhere Clients CAS MBX GC Exchange Server 2007 65K connections/MBX server Outlook Clients MBX Exchange Server 2007 45 RPC Client Access Service How Directory Referral Connections Work 1. Outlook calls get Address Book server 4 application program interface (API) 1 3 2. CAS queries AD DS AD DS Site a. Mailbox location (AD DS site) AD DS Site b. Mailbox version c. RpcClientAccessServer property of mailbox CAS 2010 1 database CAS 2010 2 2 3. CAS tells Outlook which CAS server or array should be used for directory requests 4. Outlook connects to the appropriate CAS MBX 2010 GC MBX 2010 GC • If mailbox is moved back to 2003/2007, CAS will redirect the client to the mailbox server so that it can provide a referral to a global catalog server • Otherwise, all legacy mailboxes will get directory referrals from mailbox server 46 RPC Client Access Array CAS Point of Failure Failure Mitigation MDB (Data access) Create DAGs* that have multiple copies of the MDB MBX Server (Data access) Create DAGs that span multiple servers CAS Server (Outlook RPC access) Create Client Access array MBX * DAG = Database Availability Group • Prevents single point of failure for RPC Client access • Enables DB-level high availability Requirements: • Load balancer – Windows NLB, any software LB for small deployments Load Balancer – Any hardware LB for larger deployments – A10 Networks make a Great Load Balancer Exchange CAS Array • User affinity (source IP or otherwise) – Session-based clients 47 Load Balancing and Server Affinity Client • OWA and EWS require server affinity – During a session, all client requests must go to the same CAS NLB using Client IP or server 3rd party cookie LB – Other CAS services do not require client-server affinity • Client IP-based load balancing • Cookie-based load balancing UAG • “Poor man’s” solution array • Windows Network Load Balancing (NLB) – Affinity fails if client IP changes during session – Does not work behind reverse proxies like Internet Security UAG cookie LB and Acceleration (ISA) since the client IP is masked by the reverse proxy • ISA 2006 and Unified Access Gateway (UAG) can do client IP LB for servers behind it CAS array – “No hassle” solution – ISA 2006, UAG or 3rd party Load Balancers 48 Microsoft Recommends a Hardware Load Balancing for a CAS Array •JSO recommended solution for Exchange 2010 CAS Load Balancing is A10 networks AX Series •A10 includes all Features in their products, no add-on license fee’s •Works well with Microsoft and numerous additional products •Can use with other products besides Microsoft Exchange 2010 •If interested in a demo, contact us 49 Storage 50 Storage Exchange storage background Disk storage technology 2010+ Microsoft® Exchange Server 2010 storage architecture Store innovations Extensible Storage Engine (ESE) database innovations Exchange Server 2010 storage design Summary 51 Exchange Server 2007 Storage Background • Significant innovation in Exchange Server 2007 – Reduce storage input/output (I/O) (70%) – Use large amounts of memory (64 bit) – Increased page size (4 kilobyte (KB) -> 8 KB) – Lower storage costs – Support large mailboxes (> 1 gigabyte (GB)) – Provide fast search (CI) – Continuous replication (log shipping) – High Availability (HA) + fast recovery – Eliminate single points of failure 52 Disk Technology Futures SATA (3.5") 2006 2010 2013 Drive Capacity (GB) 750 2,000 8,000 RPM 7.2K 7.2K 10k Transfer Rate (Mb/sec) 930 2,000 5,000 Read Seek Time (ms) 8 7.2 6.5 FC/SAS (3.5”) 2006 2010 2013 Drive Capacity (GB) 300 600 2,400 RPM 15K 15K 15K Transfer Rate (Mb/sec) 975 2,000 4,000 Read Seek Time (ms) 3.7 3.3 2.8 • Disk capacity trend predicted to continue • Sequential throughput increasing linearly based on areal density (2010 Serial ATA (SATA) = 250 megabytes (MB)/sec) • Random I/O performance not expected to improve substantially 53 Random vs. Sequential Disk I/O • Random I/O – Disk head has to move to process Disk Head subsequent I/O – Head movement = High I/O latency – Seek Latency limits I/O per second (IOPS) • Sequential I/O – Disk head does not move to process subsequent I/O – Stationary head = low I/O latency – Disk revolutions per minute (RPM) speed limits I/O per second (IOPS) 7.2K SATA Disk (20ms Latency) Random = 50 IOPS Sequential = +300 IOPS 54 FLASH/Solid State Drive (SSD): Exchange Server 2010 Scenarios Flash best utilized by Exchange Server 2010 (RC) PCM* NAND when used as a cache within storage stack HBA / RAID NAND Exchange Server 2010 Mailbox Server Enterprise SAN SATA Array Hybrid SSD** HDD 55 *Pulse Code Modulation (PCM) ** Solid State Drive Exchange Server 2010 Storage Vision SATA/Tier 2 I/O Reduction Sequential I/O Disk Optimization Large, Fast, Low- cost Mailboxes RAID-less Storage Design Storage Flexibility (JBOD*) 56 I/O Reduction: Store Schema Changes • Store schema = the way the store organizes data in the ESE Database • Exchange Server 2010: One simple theme – Move away from doing many, random, small size, disk I/Os to doing fewer, sequential, large size, disk I/O's • Significant Benefits – Fast/efficient… • Outlook Web App (OWA)/Outlook Online Mode – End user viewing for “cold” states/first time view creation – Calendar operations – Search performance • Outlook cached mode/Exchange Active Sync – OST sync = sequential I/O – Exchange ActiveSync Server (EAS) sync = sequential I/O • Server management – Move mailbox 57 – Content Index Crawls I/O Reduction: Database Table Architecture Per Store Per Folder Message Table Message/Folder Mailbox Table Folders Table Attachments Table (Msg) Table (MFT) Exchange Jeff’s Mbx Jeff:Inbox Joe:Msg10 Jeff:Excel.xls Joe:Inbox:H1 erver 2007 Ann’s Mbx Ann:Drafts Jeff:Msg32 Ann:Pic.bmp Joe:Inbox:H2 Joe’s Mbx Joe:Unread Ann:Msg180 Joe:Help.doc Joe:Inbox:H3 Secondary Indexes used for Views Per Database Per Mailbox Per View Message View Tables (e.g. Mailbox Table Folders Table Body Table Header Table From) Exchange Server Jeff’s Mbx Joe:Inbox Joe:H10 Joe:Msg10 Joe:H920 2010 (RC) Ann’s Mbx Joe:Drafts Joe:H302 Joe:Help.doc Joe:H302 Joe’s Mbx Joe:Unread Joe:H920 Joe:Msg302 Joe:H10 58 Store Schema Changes: Physical Contiguity Exchange B+ Tree Server 1078 92 4577 6 872 7210 3278 21 9346 2007 Many, small size, I/Os (1 per 8K page) B+ Tree Exchange Server 2010 1078 1079 1080 1081 1082 1083 3456 3457 3458 (RC) Fewer, larger size, sequential I/Os 59 I/O Reduction: Store Schema Elements • How do you move from random I/O to sequential I/O? Element Exchange Server 2007 Exchange Server 2010 (RC) Poor physical contiguity of leaf Excellent physical contiguity of Physical Contiguity pages—hence many, small size, leaf pages—so fewer, large size (ESE) IOs (1 for each page) IOs, spanning N pages (N ≈100) Headers for an entire mailbox Headers for each folder kept in Logical Contiguity kept in a single table—hence separate table—so many, small (Store) size, IOs spread over many tables fewer, large sized, IOs on a single table All views and indexes updated Views and indexes updated only Temporal Contiguity each time a mail is delivered—so when they are accessed by user— (View) many, small size, IOs spread over so fewer, large sized, IOs done time together 60 I/O Reduction: Maintain Contiguity Over Time New Database Maintenance Architecture: ESE Function Exchange Server 2007 Service Pack 1 (SP1) Exchange Server 2010 Cleanup Cleanup performed during Online Defrag Cleanup performed at run time (when hard delete (deleted items/mailboxes) (OLD) which occurs during Online occurs)—happens during Store dumpster cleanup Maintenance (OLM) time window (OLM), pages are zeroed by default Space Compaction Database is compacted and space reclaimed Database is compacted and space reclaimed at run- during Online Defrag (OLD) time—auto-throttled Maintain Contiguity N/A: Contiguity is compromised by space Database is analyzed for contiguity and space at run (defragmentation) compaction time and is defragmented in the background (B+Tree Defrag/OLD2)—auto-throttled Database Checksum When configured, ½ of OLD maintenance Two options (both Active and Passive copies): window reserved for sequential scan 1. Run DB Checksum in the background 24x7 (Checksum), manual throttle—active DB copy (default). Sequential I/O only 2. Run DB Checksum during OLM window. Sequential I/O Database B+Tree Defragmentation (aka OLD2): Background/throttled process that maintains space and contiguity of database tables 61 I/O Reduction: Database Contiguity Results Exchange Server 2007 Message Header Table (aka MFT) DB Page Numbers FRAGMENTED Random deletes at the tail Exchange Server 2010 Message Header Table (aka MsgHeader) CONTIGUOUS *Production/Dogfood database analysis Blue = contiguous (good) Red = fragmented (bad) 62 Mitigate DB Space Growth: Database Compression Defrag and 32 KB page size Problem: Store Schema change, space hints, B+Tree combine to increase DB file size by 20% Solution: Growth is 100% mitigated by Database Compression Targeted compression for message headers and text/html bodies (7bit/Express) DB File Size Comparison DB Space Analysis 1.50 Counts E2K7 SP1 E2010 1.20 Mailbox Count 750 750 1.00 1.00 Tables 14754 92435 1.00 0.88 Secondary Indexes 85784 4557 Msg Views Pages 28486144 5814032 Used Pages (%) 85.7% 86.7% 0.50 Available Pages (%) 14.3% 13.3% 32KB Pages Msg Table (% space) 84.9% 80.0% 0.00 E2K7/RTF E14/RTF E14/Mix E14/HTML 1 Database, 750 x 250MB mailboxes RTF = RTF Compressed, Mix = 77% HTML, 15% RTF, 8% Text 63 Avg. Message size = ~50KB Putting It All Together: Mailboxes/Disk Mailboxes/Disk (7.2K SATA) +4X Mailboxes/Disk! +500 125 Exchange Server 2007 Exchange Server 2010 (Beta) 250 MB Mailbox Size, 3MB DB Cache/user, 12 x 7.2k SATA disks (DB/Logs on same spindles), Loadgen Outlook 2007 Online Very Heavy Profile, measured at <20ms RPC Average latency 64 Exchange Server 2010 HA Storage Design Flexibility SAN DAS (SAS) DAS (SATA) JBOD (SATA) HA = Shared Storage Clustering +1.0 IOPS/Mailbox HA = CCR 3.5” 15K 146GB FC Disks HA = DAG (2 DB copies) HA = DAG (3+ DB copies) .33 IOPS/Mailbox RAID10 for DB & Logs .11 IOPS/Mailbox .11 IOPS/Mailbox 2.5” 146GB 10K SAS Disks Dedicated Spindles 3.5” 2TB 7.2K SATA/SAS Disks 3.5” 2TB 7.2K SATA/SAS Disks RAID5 for DB Multi-path (HBA’s, FC Switches, RAID10 for DB & Logs 1 DB = 1 Disk RAID10 for Logs SAN array controllers) SAS Array Controller (/w BBU) SAS Array Controller (/w BBU) SAS Array Controller (/w BBU) Backup = Streaming off active Backup = Optional/VSS Backup = Optional/VSS Backup = VSS Snapshot Fast Recovery = Hardware VSS Fast Recovery = Database Failover Fast Recovery = Database Fast Recovery = CCR (Snapshots/Clones) Failover More options to reduce storage cost 65 65 Exchange Server 2010 Storage Requirements/Best Practices Storage Guidance Stand Alone Exchange Server (RC) Exchange Server 2010 2010 HA (2 copies) (RC) HA (3+ copies) Storage Type Direct attached storage (DAS), Storage Area Network (SAN) (Fibre Channel, iSCSI) Disk Type Serial Attached SCSI (SAS), Fibre Channel, Serial ATA (SATA) , SSD RAID Redundant Array of Independent Disks (RAID) RAID optional recommended RAID Type RAID-1/0, RAID-5, RAID-6 JBOD DB/Log Isolation Best Practice Not required Windows Disk Type Basic (recommended), Dynamic Partition Type GUID Partition Table (GPT) (recommended), Master Boot Record (MBR) Partition Alignment Windows 2008 Default (1 MB) File System NT File System (NTFS) NTFS Allocation Unit Size 64 KB for both database and log volumes Encryption Support Outlook Protection Rules, Bitlocker 66 66 Summary • Exchange Server 2010 store has… – Reduced DB IOPS by +70%...again! – Optimized for large mailboxes (+10 GB) and 100K item counts – Optimized for large/slow/low-cost disks (SATA/Tier2) – Made JBOD/RAID-less storage a viable option – Enables unmatched storage flexibility to push storage Capex costs down 67 Mailbox and Administration Improvements 68 Email Trends • IT organizations need to… – Maximize efficiency – Reduce cost The annual cost of helpdesk support staff for e-mail systems with 7,500 mailboxes is approximately $20/mailbox. This cost goes up the smaller the organization. (“Email Support Staff Requirements and Costs: A Survey of 136 Organizations”, Ferris Research, June 2008). 69 Simplify Administration Empower Specialist Users to Perform Specific Tasks with Role- based Administration Compliance Officer Human Resources Help Desk Staff Conduct Mailbox Update Employee Manage Mailbox Searches for Info in Company Quotas Legal Discovery Directory 70 Management GUIs EMC ECP • Primarily for on-premise IT • Primarily for pros • Tenant Administrators • Requires client side • Specialists (helpdesk, installation discovery, etc) • End Users (message tracking, DGs, OWA options, etc • Web Browser based administration 71 Existing Management Tools MMC Powershell Cmdlets (Business logic) Process / Machine IIS Boundary Metabase Local Store Machine AD 72 The annual cost of helpdesk support staff for e-mail systems with 7,500 mailboxes is approximately $20/mailbox. This cost goes up the smaller the organization. (“Email Support Staff Requirements and Costs: A Survey of 136 Organizations”, Ferris Research, June 2008). Empower Specialist Users − Compliance Officer – Conducts Legal Discovery Searches − HR Officer - Updates Employee Info in Company Directory Lower Support Costs − End-Users can Track Status of sent messages − End-Users can Create and Manage Distribution Lists 73 74 Email Access From Anywhere 75 Anywhere Access Help manage communication overload by offering an easy to navigate, universal inbox with advanced messaging features Delivered in Exchange Server 2007 Outlook experience on the web, phone, and mobile device Single inbox for voice mail, e-mail, and more Increased productivity with improved calendar experience Building on these Investments in Exchange Server 2010 Easier Inbox navigation with enhanced conversation view Voice mail with text preview and customizable call answering rules Access from virtually any platform, Web browser or device 76 To the Cloud… Exchange 2010 Management Tools 77 Manage Inbox Overload Organize and Navigate with Ease Using Enhanced Conversation View and Filtering Conversation View Instant Messaging Ignore Conversation 78 Manage Inbox Overload Help Reduce Unnecessary and Undeliverable E-Mail Through New Sender MailTips 79 Enhance Voice Mail Quickly Triage and Take Action on Messages with Voice Mail Preview Audio Playback Contextual Contact Text Preview Actions of Voice Mail 80 Enhance Voice Mail Create Customized Voice Mail Menus and Call Answer Rules to Give Important Calls Top Priority Text Preview of Voice Mail Defining a Custom Voice Mail Menu Managing Call Answer Rules 81 Collaborate Effectively A Familiar and Rich Outlook Experience Across Clients, Devices and Platforms Desktop Web Mobile 82 Compliance and E-Mail Archiving 83 Protection and Compliance Achieve increased IT governance compliance with integrated tools to preserve, protect and discover e-mail communications Delivered in Exchange Server 2007 On-premises and hosted protection from virus and spam Compliance to corporate and government regulations Mobile device security and management policies Building on these Investments in Exchange Server 2010 Integrated archiving capabilities Rules-based protection of e-mail and voice mail messages Granular retention policies and powerful multi-mailbox search 84 E-Mail Archiving Preserve and Discover E-mail Data Without Changing the User or IT Pro Experience Preserve Discover Personal Move and Multi-Mailbox Hold Policy Archive Delete Policies Search Seamless integrated experience in Outlook and Outlook Web App Granular retention policies that do not disrupt user workflow Powerful and easy to use web-based e-Discovery tools 85 To the Cloud… Setting Up Exchange 2010 Email Archiving 86 Protect Communications Automatically Protect Messages With Centralized Rights Management Rules Automatic Content-Based Protection: • Transport Rule action to apply RMS template to e-mail or voice mail • Support for scanning of attachments and searching of protected mail • Internet Confidential and Do Not Forward Policies available out of box • Information protection cross PC, web, and mobile device 87 Advanced Security Stop Malicious Software and Spam from Entering into the Messaging Environment Hosted Service On-Premise Software Internet SMTP Hub Transport Server Mailbox Server Client Access Server Antivirus and anti-spam protection for Exchange Server 2010 Server Roles Multiple scan engines throughout the corporate infrastructure Tight integration with Exchange maximizes availability and performance Easy-to-use management console for central configuration and operation 88 Federation Scenarios • Federation and Free/Busy • How Federated Sharing Works in Microsoft® Exchange Server 2010 – Free/Busy – Calendar and contact sharing – Sharing policy • Federation and Exchange Online 89 Federation Services 90 Federation Objectives How data in Exchange is shared across organizations using federation technology Controls around exposing data outside the Exchange organization Role of the Microsoft Federation Gateway for data sharing across Exchange organizations What this presentation is not about: Federated Sharing is not about user single- sign-on to the Exchange mailbox in the cloud This presentation is not about hosted Exchange 91 Exchange Server 2010 Sharing Goals • Make it convenient Sharing Relationships – Users can share easily Mary Joe – Low administration people overhead fabrikam.com orgs contoso.com – Leverage relationships Sharing Dial • Make it secure MANAGE DISCOVER – Set the sharing dial – Allow admin to scope EDIT VIEW – Avoid exposure 92 How Should Free/Busy Work? Viewing Free/Busy for someone else should be as simple as typing in their e-mail address. External user 93 Cross Organization Free/Busy Solutions Outlook® Exchange Server Exchange Server Exchange Server 2003/2007 2000/2003 2007 2010 Internet Public Folders and Web Services and Service Web Services and Clearinghouse Service Account Account Federation Convenient User Admin Secure Solve it once for all clients User Admin 94 Free/Busy – Internet Clearinghouse Outlook 2003/2007 Fabrikam Clearinghouse Contoso Mary mary23 joe72 Joe Convenient @live.com @live.com Required LiveId, client always on No administrator action required contoso\joe Secure Must know other people’s LiveIds No administrator control Exchange 95 Free/Busy – Public Folders Exchange Server 2003 Fabrikam Contoso Mary Joe Convenient No user action required contoso\joe fabrikam\mary Service accounts, PF/AD replication Secure No per-user access Public Folders Mailbox Public Folders Admin selects organizations joe@ fabrikam\svcacct contoso.com Active Directory® Domain Services (AD DS) AD DS 96 Free/Busy – Web Services (WS) Exchange Server 2007 Fabrikam Contoso Mary Convenient Joe Free/Busy request firstname.lastname@example.org No user action required Free/Busy response DS replication Service accounts, ADjoe@contoso.com fabrikam\mary contoso\svcacct Secure Client Access Client Access Default permission applies externally Org Info Administrator selects organizations contoso.com Mailbox contoso\svcacct contoso endpt joe@ contoso.com AD DS AD DS fabrikam\svcacct 97 Free/Busy – WS and Federation Exchange Server 2010 Fabrikam Contoso No user action or client publishing Mary Joe Free/Busy request Convenient email@example.com Free/Busy response No user action required firstname.lastname@example.org fabrikam\mary Administrator controls which No service accounts, no replication Token: email@example.com users No directory Client Access Client Access participate replication Secure Federated token contoso.com No AD trusts or fabrikam.com Can specify external users Organization service accounts Organization Relationship Relationship Microsoft Administrator can control per user controls which Admin Mailbox orgs have access Federation Gateway Federated Trust Federated Trust 98 Benefits of Exchange Server 2010 Federation • Federated Sharing provides – Easy setup of external data sharing – Broader reach without additional steps to setup – More secure with controls for administrators and users • Federated Sharing possible through – Server can act on behalf of specific user • Specific user identified by e-mail address • User not prompted for credentials – Microsoft Federation Gateway acting as a trust broker • Reduces explicit point-to-point trust management • No AD DS trusts, service or cloud accounts to manage • Minimizes certificate exchanges • Verifies domain ownership 99 Establishing Federation in Exchange Server 2010 One-Time Setup Fabrikam Federation Gateway Contoso Certificate Certificate Certificate Federation trust Federation trust Organization Id: A154… Organization ID: C293… Organization ID: A154… Domains: contoso.com URL: http://... URL: http://... Organization Id: C293… DNS Record Domains: fabrikam.com DNS Record fabrikam.com TXT appId= C293… contoso.com TXT appId= A154… Step 1 – Create trust with certificate exchange Step 2 – Prove domain ownership Step 3 – Add domains 100 Federation Gateway • Broker services only for the trusts between Exchange organizations • No cached credentials in the cloud • Not a Microsoft passport / Windows live credential set • Hosted in the Microsoft “Cloud” data centre • Client access server (CAS) needs to reach Microsoft Federation Gateway (MFG) via the Internet – Can’t be hosted in an isolated network 101 • Lower IT costs with a Flexible and Reliable messaging platform 102 Additional Resources • Exchange 2010 site http://www.microsoft.com/exchange/2010 http://technet.microsoft.com/exchange http://www.microsoft.com/exchange/2010/try-it http://www.microsoft.com/learning/ http://www.msexchangeteam.com 103
"Deploying Exchange Server 2010"