Scott Schnoll Principal Technical Writer Microsoft Corporation Session Code: UNC3

Agenda
Exchange 2010 High Availability Vision/Goals Exchange 2010 High Availability Features Exchange 2010 High Availability Deep Dive Deploying Exchange 2010 High Availability Features Transitioning to Exchange 2010 High Availability High Availability Design Examples

Exchange 2010 High Availability Vision and Goals

Vision: Deliver a fast, easy-to-deploy and operate,
economical solution that can provide messaging service continuity for all customers

Goals
Deliver a native solution for high availability/site resilience Enable less expensive and less complex storage Simplify administration and reduce support costs Increase end-to-end availability Support Exchange Server 2010 Online Support large mailboxes at low cost

Exchange 2010 High Availability Solution

Unified technology for high availability and site resilience New framework for creating highly available Mailboxes Evolution of continuous replication technology Can be deployed on a range of storage options Native to Exchange; not bolted onto the side

Exchange Server 2003

Outlook OWA, ActiveSync, or Outlook Anywhere

Complex site resilience and recovery Clustered Mailbox Server had to be created manually

Dallas
DB1 DB2

Standby Cluster

DB3

San Jose
Front End Server

NodeA (active)

NodeB (passive)

Third-party data replication needed for site resilience

Clustering knowledge required

DB1 DB2 DB3 DB4 DB5 DB6

Failover at Mailbox server level

Exchange Server 2007

Outlook OWA, ActiveSync, or Outlook Anywhere

Complex activation for remote server / datacenter Clustered Mailbox Server cant co-exist with other roles

Dallas

SCR
Standby Cluster

DB1 DB2

DB3

San Jose
Client Access Server

NodeA (active)

CCR

NodeB (passive)

No GUI to manage SCR

Clustering knowledge required

DB1 DB2 DB3 DB4 DB5 DB6 DB1 DB2 DB3 DB4 DB5 DB6

Failover at Mailbox server level

Exchange Server 2010

Dallas

All clients connect via CAS servers

San Jose
Client Access Server Mailbox Server 6

DB1 DB3 DB5

Easy to extend across sites

Failover managed by/with Exchange

Mailbox Server 1 Mailbox Server 2 Mailbox Server 3 Mailbox Server 4 Mailbox Server 5

DB1 DB2 DB3

DB4 DB5 DB1

DB2 DB3

DB5 DB1

DB3 DB4 DB5

DB4

DB2

Database level failover

Exchange 2010 High Availability Terminology

High Availability Solution must provide data availability, service availability, and automatic recovery from failures Disaster Recovery Process used to manually recover from a failure Site Resilience Disaster recovery solution used for recovery from site failure *over Short for switchover/failover; a switchover is a manual activation of one or more databases; a failover is an automatic activation of one or more databases after a failure

Exchange 2010 High Availability Feature Names

Mailbox Resiliency Name of Unified High Availability and Site Resilience Solution Database Mobility The ability of a single mailbox database to be replicated to and mounted on other mailbox servers
Incremental Deployment The ability to deploy high availability /site resilience after Exchange is installed Exchange Third Party Replication API An Exchangeprovided API that enables use of third-party replication for a DAG in lieu of continuous replication

Exchange 2010 High Availability Feature Names

Database Availability Group A group of up to 16 Mailbox servers that host a set of replicated databases Mailbox Database Copy A mailbox database (.edb file and logs) that is either active or passive RPC Client Access service A Client Access server feature that provides a MAPI endpoint for Outlook clients Shadow Redundancy A transport feature that provides redundancy for messages for the entire time they are in transit

Exchange 2010 *overs

Within a datacenter
Database or server *overs

Datacenter level: switchover Between datacenters

Database or server *overs Assumptions:
Each datacenter is a separate Active Directory site Each datacenter has live, active messaging services Standby datacenter must be active to support single database *over

Exchange 2007 Concepts Brought Forward

Extensible Storage Engine (ESE)
Databases and log files

Continuous Replication
Log shipping and replay Database seeding Store service/Replication service Database health and status monitoring Divergence Automatic database mount behavior

Concepts of quorum and witness Concepts of *overs

Exchange 2010 Deprecated Concepts

Storage Groups Databases identified by the server on which they live Server names as part of database names Clustered Mailbox Servers
Pre-installing a Windows Failover Cluster Running Setup in Clustered Mode Moving a CMS network identity between servers Shared Storage

Two HA Copy Limits Private and Public Networks

Exchange 2010 HA Fundamentals

Database Availability Group Server Database Database Copy Active Manager RPC Client Access

DAG

Database Availability Group (DAG)

Base component of high availability and site resilience A group of up to 16 servers that host a set of replicated databases Wraps a Windows Failover Cluster
Manages membership (DAG member = node) Provides heartbeat of DAG member servers Active Manager stores data in cluster database

Defines a boundary for:

Mailbox database replication Database and server *overs Active Manager

Active Manager
Exchange component that manages *overs
Runs on every server in the DAG Selects best available copy on failovers Is the definitive source of information on where a database is active
Stores this information in cluster database Provides this information to other Exchange components (e.g., RPC Client Access and Hub Transport)

Two Active Manager roles: PAM and SAM

Active Manager client runs on CAS and Hub

Active Manager
Primary Active Manager (PAM)
Runs on the node that owns the cluster group Gets topology change notifications Reacts to server failures Selects the best database copy on *overs

Standby Active Manager (SAM)

Runs on every other node in the DAG Responds to queries about which server hosts the active copy of the mailbox database

Both roles are necessary for automatic recovery

If Replication service is stopped, automatic recovery will not happen

Active Manager
Selection of Active Database Copy

Active Manager selects the best copy to become active when existing active fails
1. Ignores servers that are unreachable or activation is
temporarily or regularly blocked 2. Sorts copies by currency to minimize data loss 3. Breaks ties during sort based on Activation Preference 4. Selects from sorted listed based on copy status of each copy

Active Manager
Selection of Active Database Copy

Active Manager selects the best copy to become active when existing active fails

10 8 6 9 5 7
Catalog Copy status Crawling Healthy Healthy, DisconnectedAndHealthy, DisconnectedAndResynchronizing, or SeedingSource ReplayQueueLength CopyQueueLength < 10 50 ReplayQueueLength < 50

Example: Database Failover

Database failure occurs Failure item is raised Active Manager moves active database Database copy is restored Similar flow within and across datacenters
DAG

Mailbox Server 1

Mailbox Server 2

Mailbox Server 3

Mailbox Server 4

Mailbox Server 5

DB1 DB2 DB3

DB4 DB5 DB1

DB2 DB3 DB4

DB5 DB1 DB2

DB3
DB4 DB5

Example: Server Failover

Server failure occurs Cluster notification of node down Active Manager moves active databases Server is restored Cluster notification of node up Database copies resynchronize with active databases Similar flow within and across datacenters
DAG

Mailbox Server 1

Mailbox Server 2

Mailbox Server 3

Mailbox Server 4

Mailbox Server 5

DB1 DB2 DB3

DB4
DB5 DB1

DB2 DB3 DB4

DB5 DB1 DB2

DB3 DB4 DB5

DAG Lifecycle
DAG is created initially as empty object in Active Directory
Continuous replication or 3rd party replication using Third Party Replication mode DAG is given a name and one or more IP addresses (or configured to use DHCP)

When first Mailbox server is added to a DAG

A Windows failover cluster is formed with a Node Majority quorum using the name of the DAG The server is added to the DAG object in Active Directory A cluster network object (CNO) for the DAG is created in the built-in Computers container The Name and IP address of the DAG is registered in DNS The cluster database for the DAG is updated with info on configured databases, including if they are locally active (which they should be)

DAG Lifecycle
When second and subsequent Mailbox server is added to a DAG
The server is joined to cluster for the DAG The quorum model is automatically adjusted
Node Majority - DAGs with odd number of members Node and File Share Majority - DAGs with even number of members File share witness cluster resource, directory, and share are automatically created by Exchange when needed

The server is added to the DAG object in Active Directory The cluster database for the DAG is updated with info on configured databases, including if they are locally active (which they should be)

DAG Lifecycle
After servers have been added to a DAG
Configure the DAG
Network Encryption Network Compression

Configure DAG networks

Network subnets Enable/disable MAPI traffic/replication

Create mailbox database copies

Seeding is performed automatically

Monitor health and status of database copies Perform switchovers as needed

DAG Lifecycle
Before you can remove a server from a DAG, you must first remove all replicated databases from the server When a server is removed from a DAG:
The server is evicted from the cluster The cluster quorum is adjusted as needed The server is removed from the DAG object in Active Directory

Before you can remove a DAG, you must first remove all servers from the DAG

Deploying Exchange 2010 HA Features

Legacy Deployment Steps (CCR/SCC) 1. Prepare hardware, install proper OS, and update Extra for SCC: configure storage 2. Build Windows Failover Cluster Extra for SCC: configure storage 3. Configure cluster quorum, file share witness, and public and private networks 4. Run Setup in Custom mode and install clustered mailbox server 5. Configure clustered mailbox server Extra for SCC: configure disk resource dependencies 6. Test *overs Exchange 2010 Incremental Deployment 1. Prepare hardware, install proper OS, and update 2. Run Setup and install Mailbox role 3. Create a DAG and replicate databases 4. Test *overs

Exchange 2010 Incremental Deployment (Beta)

Create a DAG
New-DatabaseAvailabilityGroup -Name DAG1 -FileShareWitnessShare \\EXHUB1\DAG1FSW -FileShareWitnessDirectory C:\DAG1FSW

Add first Mailbox Server to DAG

Add-DatabaseAvailbilityGroupServer -Identity DAG1 -MailboxServer EXMBX1 -DatabaseAvailablityGroupIpAddresses 10.0.0.8

Add second and subsequent Mailbox Server

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EXMBX2 Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EXMBX2 -DatabaseAvailablityGroupIpAddresses 10.0.0.8,10.0.1.8

Add Mailbox Database Copy Extend as needed

Add-MailboxDatabaseCopy -Identity MBXDB1 -MailboxServer EXMBX3

Exchange 2010 Incremental Deployment (Post-Beta)

Create a DAG
New-DatabaseAvailabilityGroup -Name DAG1 WitnessServer EXHUB1 WitnessDirectory C:\DAG1FSW -DatabaseAvailablityGroupIpAddresses 10.0.0.8

Add first Mailbox Server to DAG

Add-DatabaseAvailbilityGroupServer -Identity DAG1 -MailboxServer EXMBX1

Add second and subsequent Mailbox Server Add a Mailbox Database Copy Extend as needed

Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EXMBX2 Add-MailboxDatabaseCopy -Identity MBXDB1 -MailboxServer EXMBX3

Transition Steps
Verify that you meet requirements for Exchange 2010 Deploy Exchange 2010 Use Exchange 2010 mailbox move features to migrate Unsupported Transitions
In-place upgrade to Exchange 2010 from any previous version of Exchange Using database portability between Exchange 2010 and non-Exchange 2010 databases Backup and restore of earlier versions of Exchange databases on Exchange 2010 Using continuous replication between Exchange 2010 and Exchange 2007

High Availability Design Example

Branch/Small Office Design

8 processor cores recommended with a maximum of 64GB RAM

Client Access Hub Transport Mailbox

Client Access Hub Transport Mailbox

Member servers of DAG can host other server roles

UM role not recommended for co-location

DB2

2-server DAGs should use RAID

High Availability Design Example

Double Resilience Maintenance + DB Failure
2 servers outSite Single -> manual activation of server 3

3 Nodes In 3 server DAG, quorum is lost 3 HA Copiesservers sustain more DAGs with more JBOD -> 3 physical Copies failures greater resiliency
Mailbox Server 3

Mailbox Server 1

Mailbox Server 2

X
Database Availability Group

High Availability Design Example

Double Node/Disk Failure Resilience

Mailbox Server 1

Mailbox Server 2

Mailbox Server 3

Mailbox Server 4

X
Database Availability Group (DAG)

DAG Design Considerations

1 DAG with 4 or more servers provides better availability than multiple DAGs each with 3 or fewer servers Reasons for multiple DAGs
Require separate DAG-level admin ownership Need more than 16 mailbox servers Separate domains A DAG is bounded by the domain

DAG Design Considerations

Site Resilient Deployments
Stretched DAGs primary site is the site containing majority
Witness server or majority of nodes

Separate DAGs needed when users are affiliated with a specific site
For example: DAG1 for Redmond users and DAG1 stretches to Dublin site DAG2 for Dublin users and DAG2 stretches to Redmond site

Key Takeaways
Greater end-to-end availability with Mailbox Resiliency Unified framework for high availability and site resilience Faster and easier to deploy with Incremental Deployment Reduced TCO with core ESE architecture changes and more storage options Supports large mailboxes for less money

Win!
LifeCam Show
Ultra-Thin Mobile Design World-Class High Definition Optics

Question:
What protocol is used for log shipping in Exchange 2007? What protocol is used for log shipping in Exchange 2010?

Please attend other business productivity sessions

Office and SharePoint track (OFC) Unified Communications (UNC)

Resources
www.microsoft.com/teched
Sessions On-Demand & Community

www.microsoft.com/learning
Microsoft Certification & Training Resources

http://microsoft.com/technet
Resources for IT Professionals

http://microsoft.com/msdn
Resources for Developers

www.microsoft.com/learning Microsoft Certification and Training Resources

Related Content
Breakout Sessions (session codes and titles) UNC308 - Microsoft Exchange Server 2010 Architecture UNC310 - Microsoft Exchange Server 2010 Transition and Deployment UNC312 - Storage in Microsoft Exchange Server 2010 UNC311 - Unified Messaging in Microsoft Exchange Server 2010 UNC309 - Microsoft Exchange Server 2010 Management Tools UNC307 - Archiving and Retention in Microsoft Exchange Server 2010 Interactive Theater Sessions (session codes and titles)

UNC12H - Microsoft Exchange Server 2010 High Availability and Storage Scenarios

UNC13H - Microsoft Exchange Server 2010 Server Management Tools UNC14H - Microsoft Exchange Server 2010 Setup and Deployment

Whiteboard Sessions (session codes and titles) WTB304 - Designing Microsoft Exchange Server 2010 High Availability Solutions

Exchange Deployment Planning Services

http://www.microsoft.com/licensing/software-assurance/packaged-services.aspx

Take Advantage of EDPS to get your Deployment Going

Microsoft Software Assurance Benefit Structured engagement to help guide your organization through the deployment planning Review new Microsoft Exchange product features Best Practice Sharing Help to create comprehensive deployment and implementation plans 3, 5, 10, or 15as determined by your Software Assurance coverage

Track Resources
Exchange Server 2010 Documentation
http://technet.microsoft.com/library/bb124558(EXCHG.140).aspx

Read Exchange Team Blog Posts

http://msexchangeteam.com/archive/category/11164.aspx

Participate in Exchange Server 2010 Forums

http://social.technet.microsoft.com/Forums/en-US/exchange2010/threads

Communications Server 2007 R2 Documentation

http://technet.microsoft.com/en-us/library/dd440724(office.13).aspx

Read Communications Server Team Blog Posts

http://communicationsserverteam.com/

 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.