Flexible and Reliable

Document Sample
Flexible and Reliable Powered By Docstoc

      Introducing Exchange Server 2010

                                                          James Oryszczyn
                                                          President, JSO Technology LLC

      Flexible and                  Anywhere                  Protection and
        Reliable                     Access                    Compliance
  • Continuous Availability   • Manage Inbox Overload      • E-mail Archiving
  • Simplify Administration   • Enhance Voice Mail         • Protect Communications
  • Deployment Flexibility    • Collaborate Effectively    • Advanced Security

                            Optimize for
                         Software + Services

                 Flexible and Reliable
Provide the flexibility needed to operate a scalable, high performing,
          and easy to administer messaging infrastructure

   Delivered in Exchange Server 2007
      Improved Installation and deployment experience
      High Availability through Continuous Replication
      Simplified management console and command line shell

   Building on these Investments in Exchange Server 2010
      Single platform for High Availability and Disaster Recovery
      Role-based admin, web-based management, and user self-service
      Choice of storage hardware from SAN to low-cost DAS options


                                  Continuous Availability
       Simplify Mailbox Resiliency with New Unified
    Platform for High Availability and Disaster Recovery
                               San Jose                                                           New York

                         Mailbox               Mailbox                                              Mailbox
                         Server                Server                                               Server
                           DB1                   DB1                                                 DB1      Replicate databases
 Recover quickly           DB2                   DB2                                                 DB2      to remote datacenter
   from disk and           DB3                   DB3                                                 DB3
database failures          DB4                   DB4                                                 DB4
                           DB5                   DB5                                                 DB5

                    Evolution of Continuous Replication technology
                    Easier to deploy and manage than traditional clustering
                    Allows for each database to have up to 16 replicated copies

                               Continuous Availability
          Limit User Disruption During Mailbox Moves
                       and Maintenance
                               E-Mail Client

                                                                                 Users stay connected and
                                                                                 productive as mailboxes are
                                                                                 moved between servers
                                                                                    Send messages
                          Client Access Server                                      Receive messages
                                                                                    Access entire mailbox
                                                                                 Administrators can perform
                                                                                 migration and maintenance
            Mailbox Server 1                      Mailbox Server 2
                                                                                 during regular hours

                          Core Architectural Shift
             Active Manager
                                                   Database Availability Group
                                                                                                DAG Networks

                                                          Windows Failover Cluster

                                                       Default Cluster Group

                                                            Cluster IP Address        Cluster
                                                              Cluster Name           Database
                                                             Cluster Quorum


                         Core Architectural Shift
                                    Database Availability Group
         Mailbox Server                    Mailbox Server              Mailbox Server

                  Get-                              Get-
                                                    Get-                        Get-
        MailboxDatabaseCopyStatus         MailboxDatabaseCopyStatus   MailboxDatabaseCopyStatus

               Move-                             Move-
                                                 Move-                       Move-
        ActiveMailboxDatabase             ActiveMailboxDatabase       ActiveMailboxDatabase

        Primary Active Manager            Standby Active Manager      Standby Active Manager

               Storage                          Storage                     Storage

                       Exchange Server 2010
Active Directory ® Domain Services Schema Organization
     Servers                            Availability                         Databases
                                       Groups (DAG)

     Server 1                                DAG 1                          Database 1

                                                                               Copy 1             8

     Exchange Server 2010 High Availability
                       Database Availability Group
• A group of up to 16 servers hosting a set of replicated
• Wraps a Windows Failover Cluster
   – Manages servers’ membership in the group
   – Heartbeats servers, quorum, cluster database
• Defines the boundary of database replication
• Defines the boundary of failover/switchover (*over)
• Defines boundary for DAG’s Active Manager
    Mailbox           Mailbox           Mailbox            Mailbox                  Mailbox
    Server 1          Server 2          Server 3           Server 4                Server 16



       Exchange Server 2010 High Availability
•    Unit of membership for a DAG
•    Hosts the active and passive copies of multiple mailbox databases
•    Executes Information Store, CI, Assistants, etc., services on active mailbox
     database copies
•    Executes replication services on passive mailbox database copies
                         Mailbox      Mailbox       Mailbox
                         Server 1     Server 2      Server 3

                            DB1          DB4          DB3
                            DB2          DB1          DB4
                            DB3          DB2


       Exchange Server 2010 High Availability
                 Mailbox Database (Continued)
    – ~30 seconds database *overs
    – Server failover/switchover involves moving all active
      databases to one or more other servers
    – Database names are unique across a forest
    – Defines properties relevant at the database level
     »    Globally Unique Identifier (GUID): a Database’s unique ID
     »    EdbFilePath: path at which copies are located
     »    Servers: list of servers hosting copies


            Exchange Server 2010 High
             Availability Fundamentals
                        Continuous Replication

• Continuous replication has the following basic steps:
      –   Database copy seeding of target
      –   Log copying from source to target
      –   Log inspection at target
      –   Log replay into database copy


         Exchange Server 2010 High
          Availability Fundamentals
                         Database Seeding
• There are three ways to seed the target instance:
    – Automatic Seeding
        • Requires 1st log file containing CreateDB record
    – Update-MailboxDatabaseCopy cmdlet
        • Can be performed from active or passive copies
    – Manually copy the database

   Exchange Server 2010 High Availability
                           Log Shipping
• Log shipping in Exchange Server 2010 leverages Transmission
  Control Protocol (TCP) sockets
   – Supports encryption and compression
   – Administrator can set TCP port to be used
• Replication service on target notifies the active instance the
  next log file it expects
   – Based on last log file which it inspected
• Replication service on source responds by sending the required
  log file(s)
• Copied log files are placed in the target’s Inspector directory

       Exchange Server 2010 High Availability
                  Log Inspection
• The following actions are performed to verify the log
  file before replay:
   – Physical integrity inspection
   – Header inspection
   – Move any Exx.log files to ExxOutofDate folder that exist on
     target if it was previously a source
• If inspection fails, the file will be recopied and
  inspected (up to 3 times)
• If the log file passes inspection it is moved into the
  database copy’s log directory


               Exchange Server 2010 High Availability
•   Incremental reseed scenario                      Incremental Resync
      – Active DB1 on server1 fails
      – Passive DB1 on server3 takes over service
      – Sometime later, failed DB1 on server1 comes back as passive – contains
        inconsistent data
      – Make DB1 on server1 consistent with new active
•   Transaction logs of active and failed copy are compared to find divergence
•   Determines from logs the database pages that changed after divergent
•   Copies database pages from active to failed copy, then play new logs, until
                                                 Mailbox     Mailbox      Mailbox
    in-sync                                      Server 1   Server 2      Server 3
•   Replaces Exchange Server
    2007’s Lost Log Resilience (LLR)
      – LLR is set to 1
                                                   DB1        DB1     X     DB116

    Exchange Server 2010 High Availability
           Fundamentals Backups
•   Streaming backup APIs for public use have been cut, must use Volume Shadow Copy
    Service (VSS) for backups
     – Backup from any copy of the database/logs
     – Always choose Passive (or Active) copy
     – Backup an entire server
     – Designate a dedicated backup server for a given database
•   Restore from any of these backups scenarios

                Mailbox                 Mailbox          Mailbox
                Server 1                                 Server 3     Database Availability Group
                                        Server 2

                  DB1                        DB1          DB1
                  DB2                        DB2          DB2
                  DB3                        DB3          DB3
                                                                                            VSS requestor

            Multiple Database Copies Enable
              Backupless Configurations
    Site/server/disk failure                               •     Exchange Server 2010 HA
    Archiving/compliance                                   •     E-mail archive
    Recover deleted items                                  •     Extended/protected dumpster

               Database Availability Group

                    Mailbox                   Mailbox      Mailbox
                    Server 1                  Server 2     Server 3

                                                                                     7-14 day lag copy
                        DB1                        DB1          DB1
                       DB2                         DB2          DB2

                       DB3                         DB3          DB3


    Exchange Server 2010 High Availability
                          Mailbox Database
• Unit of *over
• A database has 1 active copy – active copy can be
  mounted or dismounted
• Maximum # of passive copies == # servers in DAG – 1
                      Mailbox        Mailbox        Mailbox
                      Server 1       Server 2       Server 3

                         DB1            DB4            DB3
                         DB2            DB1           DB4
                         DB3            DB2           DB1


             Backup less Configuration

    • JSO does recommend the Backup less configuration

    • Database corruption could destroy your Exchange database

    • If you do not have archiving, restoring Individual emails could be a

    • If you have your servers in the same Datacenter, a natural disaster could
    destroy your Exchange

        JSO Approved Backup Solution
    • Already Supports Exchange Server2010

    • Offers individual Email restore without using Microsoft’s API (uses Ontrack

    • Also provides Bare Metal restore, allowing for quick Exchange server
    recovery from a crash. Can restore to different hardware

    • Can also aid with server Virutualization. Can preform a PtoV using Bare
    Metal restore
    •JSO offers a Managed Solution, we take care of the system for you. You pay
    a monthly fee


    Database Availability Groups
   Easily Deliver Reliability and Availability

Unitrends Exchange Database Recovery
Can demo Bare Metal Restore at the end
   of this Presention if Time Permits

    Client Access Server
       Overview of Client Access Server (CAS)
       Remote procedure call (RPC) Client Access
       Exchange Web Services (EWS)
       Offline Address Book Functionality
       Topology scenarios
       Secure Sockets Layer (SSL) and certificate


                        What Client Access Servers Do
                                                 Client Access Server

Microsoft® Internet Explorer®, Mozilla                 OWA & ECP
                     Firefox™, Safari®
                         Mobile Devices                   EAS                                     Mailbox
     Outlook®, Entourage®,    LOB apps                   EWS                   Lightweight
                 Outlook, Entourage,                                         Directory Access
  Line-of-Business (LOB) apps, Mobile                                        Protocol (LDAP)
                              Devices                                                             Domain
                                                  Offline Address                                Controller
                                                  Book download
            Outlook from the Internet                 Outlook                 HyperText Transfer
                                                    Anywhere                   Protocol (HTTP)
                          Thunderbird                  POP/IMAP                                   Other
       Outlook from the intranet                     RPC Client                                   Server
                                                   Access Service

                                Store Access Paths
                     All Roads Go Through the Middle Tier
  Exchange Components                Outlook, other         Entourage, 3rd
  (EWS, ActiveSync, Unified      Messaging Application                               Exchange Components
                                 Programming Interface
                                                             party apps
  Messaging (UM), Outlook                                                                (EWS, ActiveSync, UM,
  Web App (OWA), Mailbox             (MAPI) clients                                      OWA, Mailbox Agents,
  Agents, Transport Agents)                                 Outlook, other                 Transport Agents)
                                                             MAPI clients

                                                                             MAPI, RFR** Exchange

                                      Entourage, 3rd


              Business                                                        & NSPI*** Business

                                       party apps                                RPC       Logic
                                                                                  Exchange Core
                                                                                  Business Logic

                        MAPI RPC      DAV*


                                                                                   MAPI RPC
                              Store                                                   Store

                                                           Name Service Provider Interface (NSPI)                26
              Request for Response                       Distributed Authoring and Versioning (DAV)

                      Exchange Server 2010 Middle Tier
                                 What is it?      Outlook Clients
  • New services in Exchange Server 2010
    that reside on CAS
        – Restrict all Outlook data access to a single
          common path by migrating Mailbox and
          Directory endpoints to CAS                                              Exchange CAS Array
  • What it handles:
        – Outlook data connections go to RPC
          Client Access Service on CAS instead of
          connecting to Mailbox servers
        – Address Book Service on CAS replaces                                    MBX                 GC
          DSProxy interface, handles all Outlook
          Directory connections
        – Public folder connections connect directly
          to the Mailbox server, but through RPC
          Client Access Service running on backend


                       RPC Client Access Service
                                              The Why
• Provides a better client experience during switchovers/failovers
    – When a Mailbox (MBX) server fails over, Outlook client will only see ~30
      sec disconnect, as compared to 1-Time to Live (TTL) min before
• Uses the same business logic for Outlook and CAS clients
    –     Data validation, especially Calendar logging + repair
    –     Compliance
    –     Archive mailbox infrastructure
    –     Content/body conversion
• Scaling mailbox connections
    – More concurrent connections / mailboxes per Mailbox server
• Reduces code and client logic in Exchange Store process for
  increased reliability                                                                                   28

                       Data Validation and Compliance
                                      Components                        •   New Calendar Validation and
                                    (EWS, ActiveSync,                       Compliance features require
                                       UM, OWA,                             acting on items as they are
                     Client saves
                      item (new      Mailbox Agents,
                     or existing)   Transport Agents)                       saved
                                                                             – Calendar Logging – capture
                                                                               the state of items as they are
                                                                               saved, for diagnostics and
              MAPI, RFR Exchange                                               repair

               & NSPI Business
                                                                             – Dumpster – keep deleted

                RPC       Logic
                Exchange Core                                                  items around so they may be
                Business Logic                                                 restored
                                                                             – Retention – keep deleted

                     MAPI RPC            On Save:                              items around for per
                                         • If it’s a meeting message,
                                         make a copy in the Calendar           retention policy
                         Store           Logging folder
                                         • If the Save is a Delete,     •   Can support these features for
                                         make a copy in the
                                         Recoverable Items folder
                                                                            all clients without any client
                                                                            changes using Middle Tier 29

                              Client Access
                      Scaling Mailbox Connections                  60K outbound           60K outbound
                                                                 connections/CAS IP     connections/MBX
                                                                      (W2K8)                 server
                  Outlook Anywhere Clients                      CAS              MBX             GC

                                          Exchange Server 2007

                                                   65K connections/MBX server

                    Outlook Clients                                            MBX

                                          Exchange Server 2007


                             Client Access
                     Scaling Mailbox Connections
                               1 connection :                                        100 shared RPC
                               1 client session                                       connections

          Outlook Clients                              Exchange CAS NLB

                                    1 CAS Session :
                                    1 client session                  GC
                                                                                                 1 MBX Session :
                                                                                                 1 client session
         Exchange Server 2010

•        Note: 1 connection != 1 session, 250K RPC Context handle limit on MBX

                      RPC Client Access Service
     How Directory Referral Connections Work
    1.      Outlook calls get Address Book server                                         4
            application program interface (API)                           1     3
                                                             AD DS Site

    2.      CAS queries AD DS
                                                                                                AD DS Site

          a.     Mailbox location (AD DS site)
          b.     Mailbox version
          c.     RpcClientAccessServer property of mailbox

                                                                          CAS 2010                           CAS 2010

    3.      CAS tells Outlook which CAS server or array
            should be used for directory requests
    4.      Outlook connects to the appropriate CAS

                                                              MBX 2010              GC           MBX 2010           GC

     •     If mailbox is moved back to 2003/2007, CAS will redirect the client to the mailbox
           server so that it can provide a referral to a global catalog server
     •     Otherwise, all legacy mailboxes will get directory referrals from mailbox server

                                   Address Book Service
                      GAL and Address List segmentation
          In prior versions of Exchange, each client computed the user’s GAL differently
          Outlook chooses the GAL based on AD DS                        ACL), GAL
          membership, and GAL size
              A user cannot see a GAL of which she is not a member
          CAS components use the out-of-box GAL, or honor msExchQueryBaseDN if set
              …but name resolution is performed against the entire Directory
              Deleting the out-of-box GAL breaks OWA, cmdlets
          Various bugs and design limitations with hidden users
          Result: Organizations with multiple GALs for different user segments are
          difficult to configure (30-page whitepaper)
          Exchange Server 2010 goals:
              Consistency among clients
              Flexibility: GAL membership != GAL assignment
              Make hidden users work correctly


                            RPC Client Access Array                                                                CAS
      Point of Failure                  Failure Mitigation
      MDB (Data access)                 Create DAGs* that have multiple copies of the MDB
      MBX Server (Data access)          Create DAGs that span multiple servers
      CAS Server (Outlook RPC access)   Create Client Access array
                                                             * DAG = Database Availability Group

      •    Prevents single point of failure for RPC Client access
      •    Enables DB-level high availability

      • Load balancer
             – Windows NLB, any software LB for small
               deployments                                                                              Load Balancer
             – Any hardware LB for larger deployments
                 – A10 Networks make a Great Load Balancer                                             Exchange CAS Array
      •    User affinity (source IP or otherwise)
             – Session-based clients

  Load Balancing and Server Affinity                                                               Client

 •    OWA and EWS require server affinity
       – During a session, all client requests must go to the same CAS                              NLB using Client IP or
           server                                                                                    3rd party cookie LB

       – Other CAS services do not require client-server affinity
 •    Client IP-based load balancing
 •    Cookie-based load balancing                                      UAG
              • “Poor man’s” solution                                  array
 •    Windows Network Load Balancing (NLB)
       – Affinity fails if client IP changes during session
       – Does not work behind reverse proxies like Internet Security                                    UAG cookie LB
           and Acceleration (ISA) since the client IP is masked by the
           reverse proxy
              • ISA 2006 and Unified Access Gateway (UAG) can do
                 client IP LB for servers behind it                     CAS
       – “No hassle” solution
       – ISA 2006, UAG or 3rd party Load Balancers                                                                       35

      Microsoft Recommends a Hardware Load
             Balancing for a CAS Array
•JSO Recommended solution for Exchange 2010 CAS Load Balancing
                      is A10 networks AX Series
 •A10 includes all Features in their products, no add-on license Fee’s

     •Works well with Microsoft and numerous additional products

     •Can use with other products besides Microsoft Exchange 2010

                             •If Interested in a Demo, Contact us


    A10 Hardware Load Balancing Features
                          Advanced Layer 4/Layer 7 Server Load Balancing
                          Fast TCP, Fast UDP, Fast HTTP, Full HTTP Proxy
                          High-performance, template-based, Layer 7 URL and URL
                          hash switching
                          Header, URL and domain manipulation
                          Comprehensive Layer 7 application persistence support
                          aFleX technology for deep packet inspection and traffic

                          Comprehensive load balancing methods for server
                          Round Robin
                          Least Connections
                          Weighted Round Robin
                          Weighted Least Connections
                          Fastest Response
                          Advanced Health Monitoring to ensure servers and
                          applications are responding as expected, and to remove
                          unresponsive servers of applications from load
                          Comprehensive protocol support - ICMP, TCP, UDP,
                          HTTP, HTTPS, FTP, RTSP, SMTP,
                          POP3, SNMP, DNS, RADIUS, LDAP, SIP
                          TCL scriptable health check support

                 A10 Deployment Methods
Routed Mode:
Load balancer acts as a Layer 3 switch (uses IP
addresses to forward traffic)
All servers are connected to the load balancer
(or through a Layer 2 switch)
Isolates the subnet from larger network, more
One-arm Mode:
Load balancer is attached to switch with one
Servers can communicate with clients without
going back through load balancer
Avoids unnecessary traffic, maximizes

     Exchange storage background
     Disk storage technology 2010+
     Microsoft® Exchange Server 2010 storage
        Store innovations
        Extensible Storage Engine (ESE) database
     Exchange Server 2010 storage design


          Exchange Server 2007 Storage
      •    Significant innovation in Exchange Server 2007
            – Reduce storage input/output (I/O) (70%)
            – Use large amounts of memory (64 bit)
            – Increased page size (4 kilobyte (KB) -> 8 KB)
            – Lower storage costs
            – Support large mailboxes (> 1 gigabyte (GB))
            – Provide fast search (CI)
            – Continuous replication (log shipping)
            – High Availability (HA) + fast recovery
            – Eliminate single points of failure

                    Disk Technology Futures
    SATA (3.5")                           2006        2010        2013

    Drive Capacity (GB)                   750         2,000       8,000
    RPM                                   7.2K        7.2K        10k
    Transfer Rate (Mb/sec)                930         2,000       5,000

    Read Seek Time (ms)                   8           7.2         6.5
    FC/SAS (3.5”)                         2006        2010        2013

    Drive Capacity (GB)                   300         600         2,400
    RPM                                   15K         15K         15K
    Transfer Rate (Mb/sec)                975         2,000       4,000

    Read Seek Time (ms)                   3.7         3.3         2.8

      •    Disk capacity trend predicted to continue
      •    Sequential throughput increasing linearly based on areal density (2010
           Serial ATA (SATA) = 250 megabytes (MB)/sec)
      •    Random I/O performance not expected to improve substantially

          Random vs. Sequential Disk I/O
•   Random I/O
     – Disk head has to move to process          Disk Head
       subsequent I/O
     – Head movement = High I/O latency
     – Seek Latency limits
       I/O per second (IOPS)
•   Sequential I/O
     – Disk head does not move to process
       subsequent I/O
     – Stationary head = low I/O latency
     – Disk revolutions per minute (RPM) speed
       limits I/O per second (IOPS)
                                     7.2K SATA Disk (20ms Latency)
                                     Random = 50 IOPS
                                     Sequential = +300 IOPS                         42


            FLASH/Solid State Drive (SSD): Exchange
                   Server 2010 Scenarios
                                   Flash best utilized by Exchange Server 2010 (RC)
         NAND                      when used as a cache within storage stack

                                                    HBA /                                           NAND

                                                                   Exchange Server
                                                                    2010 Mailbox

 Enterprise SAN
                                           HDD                                                             43
*Pulse Code Modulation (PCM)                                ** Solid State Drive

                   Exchange Server 2010 Storage
                              Vision    SATA/Tier 2
        I/O Reduction
       Sequential I/O                                                                        Disk

                                              Large, Fast, Low-
                                               cost Mailboxes
       Storage Design                                                                         Storage
         Flexibility                                                                          (JBOD*)

   *Just a Bunch of Disks (JBOD)                                                                           44

                  I/O Reduction: Store Schema Changes
        •    Store schema = the way the store organizes data in the ESE Database
        •    Exchange Server 2010: One simple theme
               – Move away from doing many, random, small size, disk I/Os to doing fewer, sequential,
                 large size, disk I/O's
        •    Significant Benefits
               – Fast/efficient…
                       • Outlook Web App (OWA)/Outlook Online Mode
                               –   End user viewing for “cold” states/first time view creation
                               –   Calendar operations
                               –   Search performance

                       • Outlook cached mode/Exchange Active Sync
                               –   OST sync = sequential I/O
                               –   Exchange ActiveSync Server (EAS) sync = sequential I/O

                       • Server management
                               –   Move mailbox
                               –   Content Index Crawls                                                     45


        I/O Reduction: Database Table Architecture
                        Store                Per Folder

                                                                          Message Table                                       Message/Folder
               Mailbox Table                  Folders Table                                  Attachments Table
                                                                          (Msg)                                               Table (MFT)

 Exchange       Jeff’s Mbx                    Jeff:Inbox                  Joe:Msg10           Jeff:Excel.xls                  Joe:Inbox:H1
Server 2007
               Ann’s Mbx                      Ann:Drafts                  Jeff:Msg32         Ann:Pic.bmp                      Joe:Inbox:H2

                Joe’s Mbx                     Joe:Unread                  Ann:Msg180         Joe:Help.doc                     Joe:Inbox:H3
                                                                                                                  Secondary Indexes used for Views

              Per Database                                                Per Mailbox                                            Per View

                                                                            Message                                             View Tables (e.g.
                 Mailbox Table                    Folders Table                                   Body Table
                                                                            Header Table                                        From)
  Server           Jeff’s Mbx                     Joe:Inbox                     Joe:H10         Joe:Msg10                         Joe:H920
 2010 (RC)
                   Ann’s Mbx                      Joe:Drafts                    Joe:H302       Joe:Help.doc                       Joe:H302

                   Joe’s Mbx                     Joe:Unread                     Joe:H920        Joe:Msg302                         Joe:H10

              Store Schema Changes: Physical
        Exchange                                                          B+ Tree
         Server              1078        92        4577        6          872       7210       3278       21      9346

                                                                                              Many, small size, I/Os (1 per 8K page)

                                                                            B+ Tree
      Server 2010              1078        1079      1080          1081     1082      1083       3456      3457     3458


                                                                                                      Fewer, larger size, sequential I/Os

              Store Schema Changes: Lazy View
    Exchange                                              All Unread or Flagged items (view)
    Server 2007
                        M1             M2                   M1                     M3         M2
     Nickel &
     Approach                                                                                         Many, random, I/Os (1 per update)

  DB I/O        M1 arrives          M2 arrives              M1 flagged          M3 arrives   M2 deleted                                             Time
                                                                                                                           User uses OWA/Outlook Online and
                                                                                                                           switches to this view

     Server 2010                                          All Unread or Flagged items (view)

     Pay to Play
                         M1             M2                   M1                    M3         M2
                                                                                                      Fewer, sequential, I/Os (1 per view)


       I/O Reduction: Store Schema Elements
       •    How do you move from random I/O to sequential I/O?

           Element                    Exchange Server 2007                       Exchange Server 2010 (RC)

                                  Poor physical contiguity of leaf             Excellent physical contiguity of
    Physical Contiguity
                                  pages—hence many, small size,                leaf pages—so fewer, large size
    (ESE)                         IOs (1 for each page)                        IOs, spanning N pages (N ≈100)

                                                                             Headers for an entire mailbox
                                 Headers for each folder kept in
     Logical Contiguity                                                      kept in a single table—hence
                                 separate table—so many, small
     (Store)                                                                 fewer, large sized, IOs on a single
                                 size, IOs spread over many tables

                                 All views and indexes updated               Views and indexes updated only
   Temporal Contiguity           each time a mail is delivered—so            when they are accessed by user—
   (View)                        many, small size, IOs spread over           so fewer, large sized, IOs done
                                 time                                        together

     I/O Reduction: Maintain Contiguity Over
New Database Maintenance Architecture:
        ESE Function          Exchange Server 2007 Service Pack 1 (SP1)                  Exchange Server 2010

 Cleanup                     Cleanup performed during Online Defrag       Cleanup performed at run time (when hard delete
 (deleted items/mailboxes)   (OLD) which occurs during Online             occurs)—happens during Store dumpster cleanup
                             Maintenance (OLM) time window                (OLM), pages are zeroed by default
 Space Compaction            Database is compacted and space reclaimed    Database is compacted and space reclaimed at run-
                             during Online Defrag (OLD)                   time—auto-throttled
 Maintain Contiguity         N/A: Contiguity is compromised by space      Database is analyzed for contiguity and space at run
 (defragmentation)           compaction                                   time and is defragmented in the background
                                                                          (B+Tree Defrag/OLD2)—auto-throttled

 Database Checksum           When configured, ½ of OLD maintenance        Two options (both Active and Passive copies):
                             window reserved for sequential scan          1. Run DB Checksum in the background 24x7
                             (Checksum), manual throttle—active DB copy        (default). Sequential I/O
                             only                                         2. Run DB Checksum during OLM window.
                                                                               Sequential I/O

Database B+Tree Defragmentation (aka OLD2):
Background/throttled process that maintains space and contiguity of database tables

  I/O Reduction: Database Contiguity Results
Exchange Server 2007 Message Header Table (aka MFT)
                                                                                                                 DB Page

                                                                  Random deletes at the tail
Exchange Server 2010 Message Header Table (aka MsgHeader)

*Production/Dogfood database analysis
                                                                                  Blue = contiguous (good)
                                                                                  Red = fragmented (bad)


      Mitigate DB Space Growth: Database
Problem: Store Schema change, space hints, B+Tree Defrag and 32 KB page size
    combine to increase DB file size by 20%
Solution: Growth is 100% mitigated by Database Compression
     Targeted compression for message headers and text/html bodies (7bit/Express)
DB File Size Comparison                                                DB Space Analysis

1.50                                                                           Counts          E2K7 SP1       E2010
                    1.20                                              Mailbox Count                   750           750
                                                                      Tables                        14754         92435
          1.00                  1.00
1.00                                        0.88                      Secondary Indexes             85784          4557
                                                                                                                              Msg Views
                                                                      Pages                     28486144       5814032
                                                                      Used Pages (%)                85.7%         86.7%
0.50                                                                  Available Pages (%)           14.3%         13.3%
                                                                      Msg Table (% space)           84.9%         80.0%       32KB Pages

         E2K7/RTF   E14/RTF    E14/Mix    E14/HTML

                                            1 Database, 750 x 250MB mailboxes
                                 RTF = RTF Compressed, Mix = 77% HTML, 15% RTF, 8% Text
                                                Avg. Message size = ~50KB

       Putting It All Together: Mailboxes/Disk
                                                             Mailboxes/Disk (7.2K SATA)

                          +4X Mailboxes/Disk!


                 Exchange Server 2007                 Exchange Server 2010 (Beta)
                                                                                 250 MB Mailbox Size, 3MB DB Cache/user, 12 x 7.2k SATA
                                                                                 disks (DB/Logs on same spindles), Loadgen Outlook 2007
                                                                                 Online Very Heavy Profile, measured at <20ms RPC Average
                                                                                 latency                                            53

JBOD/RAID-less Storage: Lost Flush Detection
  What is a lost flush?
     A DB write I/O that the disk subsystem/OS returned as completed did not actually
     get written to media or was written in the wrong location (aka lost write).

  Why are they so bad?
      Your database may be logically corrupt and you do not know it!

  How can they be detected in Exchange Server 2010 (RC)?
     Two methods:
           1. In memory flush map (active and passive): memory overhead of 2
               bits/page—event ID 530 is fired when detected (-1119) and page can
               be patched.
                           Perfmon Counter: MSExchange Database - > Database Pages Lost Flush Detection %:
                                The percentage of database pages which have valid lost flush detection
                                information recorded.
             2.     Database recovery: event is fired (ID 516: timestamp mismatch, (-567))
                    and database must be re-seeded.


1.     Page corruption detected
       on Active Copy (e.g., -

                                                                Database Availability Group (DAG)
2.     Active DB places
       marker in log stream
       to notify passive                         Mailbox Server              Mailbox Server                      Mailbox Server
       copies to ship up to
       date page
                                                    Node 1                      Node 2                              Node 3

3.     Passive receives log and
       replays up to marker,
       retrieves good page,                           DB1-Active                  DB1-CopyA                        DB1-CopyB
       invokes Replay Service
       callback and ships page
                                                            Log                         Log                            Log

4.     Active receives good                              Page1                       Page1                           Page1
       page, writes page to log,
       DB page is patched
                                                         Page2                       Page2                           Page2

5.     Subsequent page repair                            Page3                       Page3                           Page3
       from additional copies
                                                        Database                    Database                        Database

             1.     Page corruption detected
                    on DB Passive Copy (e.g.,
                    -1018)                                                               DAG

              2.    Passive copy pauses                Mailbox Server              Mailbox Server                   Mailbox Server
                    log replay (log
                    copying continues)                    Node 1                      Node 2                           Node 3

              3.    Passive retrieves the
                    corrupted page # from                   DB1-Active                  DB1-CopyA                      DB1-CopyB
                    the active using DB
                    seeding infrastructure
                                                                  Log                         Log                            Log
              4.    Passive copy waits till
                    log file which meets                       Page1                       Page1                          Page1
                    max required generation
                    requirement is
                    copied/inspected, then                     Page2                       Page2                          Page2
                    patches page
                                                               Page3                      Page33                          Page3

              5.    Passive resumes log                       Database                    Database                       Database

                   Exchange Server 2010 HA Storage Design Flexibility

         SAN                                     DAS (SAS)                     DAS (SATA)                          JBOD (SATA)
     HA = Shared Storage Clustering
     +1.0 IOPS/Mailbox                       HA = CCR
     3.5” 15K 146GB FC Disks                                                 HA = DAG (2 DB copies)                  HA = DAG (3+ DB copies)
                                             .33 IOPS/Mailbox
     RAID10 for DB & Logs                                                    .11 IOPS/Mailbox                        .11 IOPS/Mailbox
                                             2.5” 146GB 10K SAS Disks
     Dedicated Spindles                                                      3.5” 2TB 7.2K SATA/SAS Disks            3.5” 2TB 7.2K SATA/SAS Disks
                                             RAID5 for DB
     Multi-path (HBA’s, FC Switches,                                         RAID10 for DB & Logs                    1 DB = 1 Disk
                                             RAID10 for Logs
     SAN array controllers)                                                  SAS Array Controller (/w BBU)           SAS Array Controller (/w BBU)
                                             SAS Array Controller (/w BBU)
     Backup = Streaming off active           Backup = VSS Snapshot           Backup = Optional/VSS                   Backup = Optional/VSS
     Fast Recovery = Hardware VSS                                            Fast Recovery = Database Failover       Fast Recovery = Database
                                             Fast Recovery = CCR
     (Snapshots/Clones)                                                                                              Failover

                                             More options to reduce storage cost                                                         57


                   Exchange Server 2010 Storage
                    Requirements/Best Practices
       Storage Guidance         Stand Alone          Exchange Server (RC)      Exchange Server 2010
                                                      2010 HA (2 copies)        (RC) HA (3+ copies)
Storage Type                Direct attached storage (DAS), Storage Area Network (SAN) (Fibre
                            Channel, iSCSI)
Disk Type                   Serial Attached SCSI (SAS), Fibre Channel, Serial ATA (SATA) , SSD
RAID                        Redundant Array of Independent Disks (RAID)       RAID optional
RAID Type                   RAID-1/0, RAID-5, RAID-6                          JBOD
DB/Log Isolation            Best Practice           Not required
Windows Disk Type           Basic (recommended), Dynamic
Partition Type              GUID Partition Table (GPT) (recommended), Master Boot Record (MBR)
Partition Alignment         Windows 2008 Default (1 MB)
File System                 NT File System (NTFS)
NTFS Allocation Unit Size   64 KB for both database and log volumes
Encryption Support          Outlook Protection Rules, Bitlocker

       • Exchange Server 2010 store has…
            – Reduced DB IOPS by +70%...again!
            – Optimized for large mailboxes (+10 GB) and 100K
              item counts
            – Optimized for large/slow/low-cost disks
            – Made JBOD/RAID-less storage a viable option
            – Enables unmatched storage flexibility to push
              storage Capex costs down


                   Simplify Administration
         Delegate Specific Tasks to Specialist Users
              with Role-based Administration
       Compliance Officer           Human Resources                    Help Desk Staff

         Conduct Mailbox            Update Employee
                                                                      Manage Mailbox
          Searches for              Info in Company
         Legal Discovery                Directory


                    Management GUIs

EMC                                                   ECP
•Primarily for on-premise IT pros                     •Primarily for
•Requires client side installation                     •Tenant Administrators
                                                       •Specialists (helpdesk, discovery, etc)
                                                       •End Users (message tracking, DGs,
                                                        OWA options, etc
                                                      •Web Browser based administration


                               User Self-Service
                                 Help Lower Support Costs

           Deployment Flexibility
Wide Range of Storage Hardware Options Enabled
 By Scalability and Performance Enhancements

    Storage Area                 Direct Attached w/        Direct Attached w/          JBOD SATA
   Network (SAN)                      SAS Disks                SATA Disks              (RAID-less)

    Continual platform innovation yields 70% reduction in disk IO
    Disk IO patterns optimized for better hardware utilization
    Resilience against corruption through automated page-level repairs


                      Anywhere Access
Help manage communication overload by offering an easy to navigate,
        universal inbox with advanced messaging features
   Delivered in Exchange Server 2007
      Outlook experience on the web, phone, and mobile device
      Single inbox for voice mail, e-mail, and more
      Increased productivity with improved calendar experience

   Building on these Investments in Exchange Server 2010
      Easier Inbox navigation with enhanced conversation view
      Voice mail with text preview and customizable call answering
      Access from virtually any platform, Web browser or device

                  Manage Inbox Overload
    Organize and Navigate with Ease Using Enhanced
            Conversation View and Filtering

                                                           Conversation View

  Instant Messaging

                                 Ignore Conversation

             Conversations in Outlook Web
                      Enable Your Users to Get More Done


                Manage Inbox Overload
Help Reduce Unnecessary and Undeliverable E-Mail
         Through New Sender MailTips

            Enhance Voice Mail
Quickly Triage and Take Action on Messages with
               Voice Mail Preview

                            Audio Playback

                                             Contextual Contact
Text Preview                                      Actions
of Voice Mail

                   Voice Mail Preview
                    Quickly Triage Voice Mail Messages


                      Enhance Voice Mail
      Create Customized Voice Mail Menus and Call
     Answer Rules to Give Important Calls Top Priority

      Text Preview
      of Voice Mail

                                                          Defining a Custom
                                                          Voice Mail Menu
    Managing Call
    Answer Rules

          Collaborate Effectively
    A Familiar and Rich Outlook Experience Across
            Clients, Devices and Platforms

    Desktop                    Web                    Mobile

           Protection and Compliance
Achieve increased IT governance compliance with integrated tools to
       preserve, protect and discover e-mail communications

  Delivered in Exchange Server 2007
     On-premises and hosted protection from virus and spam
     Compliance to corporate and government regulations
     Mobile device security and management policies

  Building on these Investments in Exchange Server 2010
     Integrated archiving capabilities
     Rules-based protection of e-mail and voice mail messages
     Granular retention policies and powerful multi-mailbox search


            E-Mail Archiving
 Preserve and Discover E-mail Data Without
  Changing the User or IT Pro Experience

                  Preserve                                          Discover

Personal            Move and                                        Multi-
                  Delete Policies           Hold Policy                Search

Seamless integrated experience in Outlook and Outlook Web App
Granular retention policies that do not disrupt user workflow
Powerful and easy to use web-based e-Discovery tools

     Integrated Archiving and Retention
           Preserve and discover e-mail data

    Protect Communications
       Automatically Protect Messages
  With Centralized Rights Management Rules

      Automatic Content-Based Protection:
      • Transport Rule action to apply RMS template to e-mail or voice mail
      • Support for scanning of attachments and searching of protected mail
      • Internet Confidential and Do Not Forward Policies available out of box
      • Information protection cross PC, web, and mobile device


                          Advanced Security
Stop Malicious Software and Spam from Entering into the
                  Messaging Environment
Hosted Service                                                     On-Premise Software

 Internet     SMTP

                                                Hub Transport Server    Mailbox Server          Client Access Server

                                                                           Antivirus and anti-spam protection for Exchange
                                                                           Server 2010 Server Roles

 Multiple scan engines throughout the corporate infrastructure
 Tight integration with Exchange maximizes availability and performance
 Easy-to-use management console for central configuration and operation

 MX Logic® Email Defense Service
Superior Combination of Technologies and Features
Our industry-leading threat experts developed this managed Software as a Service solution
to provide protection from a wide range of email threats. This advanced technology, backed by skilled,
24/7 support includes more than 20 layers of filters, including:
More than 20 separate filters
Advanced Spam Blocking
Virus and Worm Scanning
Content and Attachment Filtering
Fraud Protection
Email Attack Protection
Outbound Message Filtering

 MX Logic® Email Defense Service
        In addition, the Email Defense Service provides:
        Sophisticated Quarantine Management
        Group Policies Management
        Around-the-clock Monitoring and Protection
        MX Logic® Disaster Recovery Services
        Secure message delivery over Transport Layer Security (TLS)
        Intelligent Routing to deliver mail to multiple servers for a single domain

        Easy management and administration
        Built on advanced and proprietary technology managed behind the scenes by the
        threat experts at MX Logic, the Email Defense Service provides an easy set-and-forget
        management experience through the MX Control Console™, our web-based
        administrative and reporting portal. With this intuitive user interface it's easy to
        customize the service to meet your business needs.
        Accurate and effective quarantine with customizable reporting
        Comprehensive email threat reporting
        Web-based administration
        Fine-tune email protection


MX Logic® Email Defense Service
   Automatic updates provide zero-hour protection
   With the MX Logic Threat Center providing up-to-the-minute
   updates, network administrators are freed from the day to day
   threat management. Our Threat Center technologists monitor the
   global state of email around the clock - providing a dynamic,
   proactive defense that protects against even the latest threats.
   Around-the-clock threat management
   Trend monitoring and up-to the-minute researching
   Immediate deployment of updates and patches

                  Federation Scenarios
• Federation and Free/Busy
• How Federated Sharing Works in Microsoft®
  Exchange Server 2010
  – Free/Busy
  – Calendar and contact sharing
  – Sharing policy
• Federation and Exchange Online

            Federation Objectives
                How data in Exchange is shared across
                organizations using federation technology
                Controls around exposing data outside the
                Exchange organization
                Role of the Microsoft Federation Gateway for
                data sharing across Exchange organizations

                What this presentation is not about:
                Federated Sharing is not about user single-
                sign-on to the Exchange mailbox in the cloud
                This presentation is not about hosted Exchange


  Exchange Server 2010 Sharing Goals
• Make it convenient
                                                        Sharing Relationships
    – Users can share easily
                                                          Mary           people              Joe
    – Low administration
      overhead                                      orgs

    – Leverage relationships

                                                                  Sharing Dial
• Make it secure                                                     MANAGE      DISCOVER

    – Set the sharing dial
                                                                       EDIT       VIEW
    – Allow admin to scope
    – Avoid exposure


             How Should Free/Busy Work?
     Viewing Free/Busy for someone else should be as simple as typing in
                            their e-mail address.



  Cross Organization Free/Busy Solutions
               Outlook®         Exchange Server             Exchange Server              Exchange Server
              2003/2007           2000/2003                      2007                         2010
                 Internet        Public Folders and     Web Services and Service         Web Services and
              Clearinghouse       Service Account              Account                     Federation



Secure                        Solve it once for all clients



           Free/Busy – Internet Clearinghouse
                                             Outlook 2003/2007
            Fabrikam                                         Clearinghouse

      Mary                                    mary23                           joe72
                                               Required LiveId, client always on

                                             No administrator action required
                                               Must know other people’s LiveIds

                                                    No administrator control

                       Free/Busy – Public Folders
                                         Exchange Server 2003
           Fabrikam                                                                                  Contoso

   Mary                                                                                                             Joe
                                                  No user action required                                          contoso\joe
                                          Service accounts, PF/AD replication

                                                    No per-user access
                                                                                                  Public Folders         Mailbox
                   Public Folders
                                              Admin selects organizations
Active Directory® Domain Services
             (AD DS)                                                                                       AD DS

                  Free/Busy – Web Services (WS)
                                         Exchange Server 2007
         Fabrikam                                                                                   Contoso

     Mary                                Convenient                                                                Joe
                         Free/Busy request
                         No user action required
                                                                      Free/Busy response
                                                               DS replication
                                         Service accounts,
                     Client Access                                                         Client Access
                                           Default permission applies externally

                        Org Info          Administrator selects organizations
                       contoso endpt

              AD DS                                                                                        AD DS



          Free/Busy – WS and Federation
                                 Exchange Server 2010
      Fabrikam                                                                                 Contoso
                        No user action or
                        client publishing
  Mary                                                                                                      Joe
                      Free/Busy request

                                                                    Free/Busy response
                                          No user action required
fabrikam\                                                                                               Administrator
                                                                                                        controls which
                                 No service accounts, no replication
                                         Token:                                           users
  No directory Client Access                                                        Client Access
   replication            Secure
                                       Federated token
                               No AD trusts or            
                                        Can specify external users
                 Organization                              service accounts              Organization
                 Relationship                                                            Relationship
                                 Administrator can control per user controls which
                                                                 Admin                                      Mailbox
                                                                  orgs have access
     Federated Trust                                                                           Federated Trust

   Benefits of Exchange Server 2010 Federation
 • Federated Sharing provides
       – Easy setup of external data sharing
       – Broader reach without additional steps to setup
       – More secure with controls for administrators and users
 • Federated Sharing possible through
       – Server can act on behalf of specific user
          • Specific user identified by e-mail address
          • User not prompted for credentials
       – Microsoft Federation Gateway acting as a trust broker
          • Reduces explicit point-to-point trust management
          • No AD DS trusts, service or cloud accounts to manage
          • Minimizes certificate exchanges
          • Verifies domain ownership

Establishing Federation in Exchange Server 2010
                                            One-Time Setup
         Fabrikam                              Federation Gateway                                Contoso
         Certificate                                     Certificate                             Certificate

      Federation trust                                                                         Federation trust
                                                    Organization Id: A154…
      Organization ID: C293…                                                                   Organization ID: A154…
      URL: http://...                                                                          URL: http://...

                                                    Organization Id: C293…
         DNS Record                                 Domains:                        DNS Record TXT appId= C293…                                                   TXT appId= A154…

                Step 1 – Create trust with certificate exchange
                Step 2 – Prove domain ownership
                Step 3 – Add domains


                  Federation Gateway
• Broker services only for the trusts between Exchange
• No cached credentials in the cloud
• Not a Microsoft passport / Windows live credential
• Hosted in the Microsoft “Cloud” data centre
• Client access server (CAS) needs to reach Microsoft
  Federation Gateway (MFG) via the Internet
   – Can’t be hosted in an isolated network

      Usage of Microsoft Federation Token
                                                      Can make e-mail claims
 Contoso SAML token issued by MFG on behalf of Paul   for any address in a
     for the Exchange Delivery offer targeted to      namespace the
                                organization owns
                                                      Offers represent an
                                                      (application program
 Offer:                                               interface) API on a service
   MSExchange.DeliveryInternalSubmit                  endpoint of Exchange
   MSExchange.SharingCalendarRead                     Web Services (EWS)
   MSExchange.SharingCalendarFreeBusy                 PoP key returned when
                                                      token issued and included
                                                      in encrypted token
 Proof of Possession (PoP) (symmetric key)                Encrypt sharing
                                                          payloads for Federated
           (encrypted to fabrikam’s public key)           Encrypt message for
                                                          Federated Delivery


    Information Stored In the MFG


                        Information Stored In AD DS

                                         Stored in the Exchange configuration container
                                         Including trust info and policies

                         Federation Certificate Management
                                                                      FederationTrust object
                Reads the certificate from local
                machine store and set                                 Current Certificate: 1                       Federation Gateway
                thumbprint in AD DS.                          AD
                                                              DS                                                             Organization Id: A154…
                                                                              Uploads public cert                            Public Cert: 1
                                                                              to gateway
–thumbprint a05c2f…..

            2010 Admin Box

                                             Securely installs certificate to all
                                             CAS/Hub transport server (HUB)
                                             servers in the same site the task runs

                                                                   2010 CAS/HUB                                                     2010 CAS/HUB
        Machine where task is run

        Certificate 1                                                                                                                                Cert
                                                                                                  Local service pulls cert                       distribution
            Local cert store                                                                      from remote sites to                             Service

                                                                 Servers in same site             all CAS/HUB servers
                                                                                                                                 Servers in other sites
Import-ExchangeCertificate                                        where task is run               based on thumbprint
                                                                                                  information in AD DS
   Imports certificate from a file into the
                                                              Certificate 1                                                    Certificate 1
   local machine’s certificate store
                                                                   Local cert store                                                Local cert store

                               Federated Free/Busy Access
            Free/ Busy request 1                                                      5    Free/Busy request
 Mary                           Fabrikam                                               Contoso
                                                                                           Federated Token
                                     8                                                7
             Free/Busy response                   CAS                                      Free/Busy response                   CAS

                                           Org-Org relationship                                                              Org-Org relationship
                                                                                               Crack token,         6
                                           Domain:                                                               Domain:
           Lookup info for                                                                     lookup info for
                               2           Endpoint: https://...                                                             Freebusy: true
           target org                                                                          requesting org,
                                           …                                                                                 Level: Free/Busy
                                                                                               and enforce
                                                                                                                             Group: Department1

                                              3                           4                                                  All connections over Secure
          Exchange server                                                                      Encrypted token has
                                   Token request               Federated Token                 requestor’s e-mail
                                                                                                                             Sockets Layer (SSL)
          submits signed           Alias:    Alias:
          request for token        To:             To:                 address, can only be          No e-mail addresses are
                                   For: Free/Busy              For: Free/Busy                  cracked by target org
          on behalf of user                                                                                                  stored in the cloud
                                                                                                                             No accounts need to be
                                           MS Federation Gateway                                                             managed
Gateway verifies
signature, ensures              Organization Id: C293…                Organization Id: A154…
e-mail alias matches                                                                                     Signs token and encrypts
                                Domains:                 Domains:
domains                                                                                                  with target org’s public



          Optimized for Software + Services

    • Lower IT costs with a Flexible and Reliable
      messaging platform

                     Additional Resources
•   Exchange 2010 site