us - exchange 2010 - architecture
TRANSCRIPT
-
8/2/2019 Us - Exchange 2010 - Architecture
1/47
-
8/2/2019 Us - Exchange 2010 - Architecture
2/47
Martin CoetzerTechnical ConsultantMicrosoft
Session Code: UNC308
-
8/2/2019 Us - Exchange 2010 - Architecture
3/47
Agenda
Discuss the topology changes introduced inExchange Server 2010
Client Access
Transport
Mailbox
Understand our guidance on server sizing
-
8/2/2019 Us - Exchange 2010 - Architecture
4/47
Exchange 2010 Enterprise Topology
Enterprise Network
External
SMTP
servers
Mailbox
Storage of mailbox
items
Edge Transport
Routing & AV/AS
Unified Messaging
Voice mail &
voice access
Phone system
(PBX or VOIP)
Client Access
Client connectivityWeb services
Hub Transport
Routing & Policy
Web browser
Outlook
(remote user)
Mobile phone
Outlook (local
user)
Line of business application
-
8/2/2019 Us - Exchange 2010 - Architecture
5/47
Consolidation of Store Access Paths
Middle
Tier
Exchange
Biz Logic
Mailbox MAPI RPC
Store
Exchange Components
OWA
Sync UM
Transport
Agents
Mailbox
Agents
WS
Entourage
Outlook /
MAPI clients
DAV
Middle
Tier
MAPI,
RFR &
NSPI RPC
Exchange Core Biz Logic
Exchange
Biz Logic
Mailbox
MAPI RPC
Store
Exchange Components
OWA
Sync UM
Transport
Agents
Mailbox
Agents
WS
Outlook /
MAPI clients
Entourage
-
8/2/2019 Us - Exchange 2010 - Architecture
6/47
RPC Client Access ServiceThe What
A new service in Exchange Server 2010that resides on CAS
What it handles:
Outlook data connections go to CAS insteadof connecting directly to mailbox servers
Replaces the DSProxy interface byproviding an Address Book service on CAS
Public folder connections connect directlyto the mailbox server, but through RPCClient Access
MBX
Exchange CAS Array
Outlook Clients
GC
-
8/2/2019 Us - Exchange 2010 - Architecture
7/47
RPC Client Access ServiceThe Why
Provides a better client experience during switchovers/failoversWhen a MBX server fails over, Outlook client will only see ~30 secdisconnection, as compared to 1-TTL min before
Uses the same business logic for Outlook and other CAS clients
Calendar logging + fix up
Content/body conversion
Greatly simplifies AD topology requirements for Outlook
Supports more concurrent connections/mailboxes per Mailboxserver
Reduces code and client logic in Exchange Store process forincreased reliability
-
8/2/2019 Us - Exchange 2010 - Architecture
8/47
Client AccessClient RPC Connection Changes
Exchange Server 2007 Exchange Server 2010
Outlook / MAPI
clients
Mailbox
MAPI RPC DSProxy
Store
ESE AD
NSPI
CAS RpcProxy
RPC Data Flow HTTP Data Flow Common Data Flow
Outlook / MAPI
clients
Mailbo
xMAPI RPC
Store
ESE AD
LDAP
CASArray MAPI RPC RPCProxy
NSPI,
RFR RPC
Exchange Biz Logic
-
8/2/2019 Us - Exchange 2010 - Architecture
9/47
RPC Client Access ServiceHow Directory Referral Connections Work
1. Outlook calls get Address Bookserver API
2. CAS queries Active Directory
a. Mailbox location (AD site)
b. Mailbox version
c. RpcClientAccessServer property ofmailbox database
3. CAS tells Outlook which CAS serveror array should be used fordirectory requests
4. Outlook connects to the
appropriate CAS
If mailbox is moved back to 2003/2007, CAS will redirect the client to themailbox server so that it can provide a referral to a global catalog server
Otherwise, all legacy mailboxes will get directory referrals from mailbox server
CAS 2010
MBX 2010 GC
1
2
3
CAS 2010
MBX 2010 GC
4
ADSite
1
ADSite
2
-
8/2/2019 Us - Exchange 2010 - Architecture
10/47
RPC Client Access ServiceOutlook Anywhere Improvements
Outlook Anywhere clients utilizethe Address Book service onCAS for directory relatedrequests
This architecture resolves issuessurrounding DSProxy and splitHTTP connections that are dueto using SSL-ID load balancing
solutions
MailboxAD
Outlook connecting
with Outlook
Anywhere
RPC_IN_DATA
RPCLDAP
CASRPC Client Access
Services + Address Book
Windows 2008+RPC/HTTP Proxy
HTTPS
RPC_IN_DATA
HTTPS
RPC_OUT_DATA
RPC_OUT_DATA
-
8/2/2019 Us - Exchange 2010 - Architecture
11/47
RPC Client Access ServiceWriting to the Directory
Question: Does this new behavior ensure that Outlook can writechanges to Active Directory for the following scenarios?
Distribution group membership
Delegate management
Certificate management
Answer: When the Address Book service detects modificationsfor one of those scenarios, it will utilize the appropriate cmdletto commit the change to Active Directory based on the propertytag (assuming user is scoped and authorized to make thosechanges):
Add/Remove-DistributionGroupMember
Set-MailboxPublicDelegates
Set-MailboxUserCertificateUserSMIMECertificate
-
8/2/2019 Us - Exchange 2010 - Architecture
12/47
Exchange Server 2007
Outlook Clients
Client AccessScaling Mailbox Connections
MBX
60K connections / MBX server
Exchange Server 2007
MBX
60K outbound
connections /CAS IP (W2K8)
CAS GC
60K outbound
connections /MBX server
Outlook Anywhere Clients
-
8/2/2019 Us - Exchange 2010 - Architecture
13/47
Client AccessScaling Mailbox Connections
MBXExchange CAS NLB
# of CAS servers
x 100 connections / CAS RPCCA
service/process
Outlook Clients
GC
LDAP
Exchange Server 2010
-
8/2/2019 Us - Exchange 2010 - Architecture
14/47
Client AccessFirewall/Proxy Guidelines
Internet Security and Acceleration (ISA) Server 2006Kernel memory limitations imposed by the 32-bit architecture
ISA:CAS ratio 3:1 (worst case heavy Outlook Anywhere usage)
Important when you have a large percentage of your users connected viaOutlook Anywhere, as the ratio of Transmission Control Protocol (TCP)connections to users is much higher than you would see for Outlook Web
Access (OWA), ActiveSync, POP, or IMAP traffic
Beyond ISA 2006 pre-release product information
Forefront Unified Access Gateway (UAG)
Next-generation secure remote access product and the future version ofMicrosoft Intelligent Application Gatewaynative 64-bit architecture
Will be tested with Exchange Server 2010
Forefront Threat Management Gateway (TMG)
Next-generation network security product and the future version ofMicrosoft ISA Servernative 64-bit architecture
Will be tested with Exchange Server 2010
-
8/2/2019 Us - Exchange 2010 - Architecture
15/47
Client AccessArchitectural Considerations
Exchange 2010 is version specificExchange 2010 CAS required in every AD site whereExchange 2010 MBX is deployed
Exchange 2007 MBX requires Exchange 2007 CAS
Load balancingIf planning on deploying more than 8 CAS servers in a loadbalanced array, consider deploying hardware load balancingsolution
Attend the UNC310 Transition/Deployment session tounderstand the intricacies involved in co-existence!
-
8/2/2019 Us - Exchange 2010 - Architecture
16/47
Transport RolesResiliency Issues in Exchange 2007
Transport database is statefulLoss of service results in loss of mail
Transport dumpster impacts the environment
In extreme cases, up to 200% increase inIOPS/message due to many SGs and inefficientcache usage when compared to similar scenarioswithout dumpster
Redelivery submission results in entire quota beingredelivered and store removing duplicates
-
8/2/2019 Us - Exchange 2010 - Architecture
17/47
Transport RolesExchange 2010 Resiliency Improvements
Shadow redundancy is a new feature of transportProvides redundancy for messages for the entire time theyare in transit
Transport becomes stateless
Eliminates need for RAID, which reduces 50% write I/ODumpster Changes
Database replication feedback is now used to control whichmessages remain in dumpster
When message has been replicated to all database copies,message is truncated from dumpster
Dumpster size is now based on log replication latency andfrequency of feedback
-
8/2/2019 Us - Exchange 2010 - Architecture
18/47
Transport RolesHow does Shadow Redundancy Work?
1
2
1. Hub (shadow) delivers message to Edge1(primary)Detects that Edge1 supports Transportredundancy through XSHADOW verb
Hub moves message to shadow queue andstamps Edge1 as current, primary owner
2. Edge1 (primary) receives message(becomes primary owner)
Edge1 delivers message to next hopEdge1 updates discard status of themessage indicating delivery completeto foreign MTA
Hub
Edge1 Edge2
Foreign
MTA
-
8/2/2019 Us - Exchange 2010 - Architecture
19/47
Transport RolesHow does Shadow Redundancy Work?
1
2
3. Success: Hub (shadow) queries Edge1 (primary) forexpiry status
Hub issues XQDISCARD command (next SMTPSession),Edge1 checks local discard status andresponds with list of messages considered delivered Hub deletes messages from its shadow queue
4. Failure: Hub (shadow) queries Edge1 (primary)discard status and resubmits
Hub opens SMTP session, issued XQDISCARD
command (heartbeat)if Hub cant contact Edge1within timeout, resubmits messages in shadowqueueresubmitted messages are delivered to Edge2(go to #1)
43
Hub
Edge1 Edge2
Foreign
MTA
-
8/2/2019 Us - Exchange 2010 - Architecture
20/47
Transport RolesShadow Redundancy Other Scenarios
For systems that do not support shadow redundancy, Exchange2010 utilizes a delayed acknowledgement process
SMTP submission from Exchange 2003/2007, 3rd party MessageTransfer Agent( MTA ) and Mail User Agent (MUA - UM, POP and IMAPclients)
250 response delayed up to 30 sec (default)If transport server fails before ack, client resubmits
Mailbox Submission redundancy relies on copy of message insenders Sent Items folder
Mail Submission Service resubmits copy when hub doesnt acknowledge
successful delivery of messageSystem generated (Journal Report, NDR) are considered sideeffects of original message submission, tracked as part oforiginal delivery status
-
8/2/2019 Us - Exchange 2010 - Architecture
21/47
Transport RolesExchange 2010 Performance Enhancements
ESE changes:ESE page size is 32KB
ESE database page compression
Intrinsic long value record storage
ESE version store maintenance
DB cache size increased to 1GBCheckpoint depth increased to 512MB
Results:
With transport dumpster changes and ESE improvements, transport
IOPS requirements are targeted to be reduced by more than 50%Larger message sizes are supported without causing backpressure
-
8/2/2019 Us - Exchange 2010 - Architecture
22/47
Transport RolesEdge Transport Improvements
Better Performance for EdgeSync via Deltasync ModeUnder this mode, each time EdgeSync service only reads thedelta change since last sync and updates the targetaccordingly
Support for safe senders and blocked sendersConfigurable Safe List quotas
Administrator defined blocked senders
Automatic update of Safe Sender list propagation into ActiveDirectory
-
8/2/2019 Us - Exchange 2010 - Architecture
23/47
Transport RolesOther Improvements
Information Leakage Protection and Control(IPC) features
Instrumentation and reporting improvements
Measuring end-to-end message delivery latencyServer component latency
Historical reporting and trends
End user message tracking
-
8/2/2019 Us - Exchange 2010 - Architecture
24/47
Transport RolesArchitectural Considerations
Shadow redundancy enables RAID-less solutions for mail.que databaseRouting version boundary change:
Exchange 2010 Mailbox servers can only submit to Exchange 2010 HubTransport servers
Exchange 2010 Hub Transport servers can only deliver to Exchange 2010Mailbox servers
Exchange 2007 Mailbox servers can only submit to Exchange 2007 HubTransport servers
Exchange 2007 Hub Transport servers can only deliver to Exchange 2007Mailbox servers
Exchange 2010 Hub Transport servers can communicate with Exchange 2007Hub Transport servers via SMTP (and vice versa)
For Edge:
Exchange 2010 Hub Transport will become authoritative for Edgesync in thecoexistence scenario
-
8/2/2019 Us - Exchange 2010 - Architecture
25/47
MailboxStore/ESE Changes
Exchange 2007 Issues Exchange Server 2010
Exchange does many small, random input/outputs (I/Os) which
inhibit the types of disks that can be used
Exchange store schema and ESE optimized for fewer large,
smoother, sequential I/Os
Store schema changes
DB I/O size improvements
Database cache effectiveness improvements
ESE optimized for new store schema
Result: Exchange 2010 reduces I/O by an additional 70%when compared to Exchange Server 2007 and is optimized for
SATA class disks
Large item count per folder is an issue due to restricted views
(affects large mailbox deployments)
Schema changes of the table structure and deferred index
updates greatly improves restricted view performance
Result: Supports 100,000 items per folder
Outlook Personal Folder Files (PSTs) are a litigation, security, and
management nightmare
New Messaging Records Management features
Item level policy settingsArchive mailbox feature for importing and storing PST
data
Compliance Officer search capabilities
Result: PSTs can be removed by placing data into Exchange
repository and can be searched easily
-
8/2/2019 Us - Exchange 2010 - Architecture
26/47
MailboxHigh Availability Changes
Other advantagesStep up to automatic failover without rebuilding the mailbox server
Incrementally add replicated copies to meet business needs
No subnet or special DNS requirements
Single-copy cluster Cluster ContinuousReplication
Exchange Server 2010 HighAvailability
*Over granularity Server-level Server-level Database-level
Copies of data 1 2 2 to 16
*Over time ~2 min ~2 min ~30 sec (POR)
*Over management Windows Cluster Windows Cluster Exchange Server
Data replication Partner replication or SCR Continuous replication Continuous replication
Management tools Separate Separate Unified
Host other roles? No No Yes
Single-Copy Cluster Cluster ContinuousReplication
*Over granularity Server-level Server-level
Copies of data 1 2
*Over time ~2 min ~2 min
*Over management Windows Cluster Windows Cluster
Data replication Partner replication or SCR Continuous replication
Management tools Separate Separate
Host other roles? No No
-
8/2/2019 Us - Exchange 2010 - Architecture
27/47
High Availability Design ExampleDouble Resiliency
Single Site4 Nodes
3 HA Copies
JBOD -> 3 physical Copies
Database Availability Group (DAG)
Mailbox
Server 1
Mailbox
Server 2
Mailbox
Server 3
X
Mailbox
Server 4
Upgrade server 1Server 2 fails
Server 1 upgrade is done
2 active copies die
-
8/2/2019 Us - Exchange 2010 - Architecture
28/47
MailboxExchange 2010 High Availability Sizing
Leverage the incremental deployment capabilities of ExchangeServer 2010
You do not need to deploy site resilience out of the box!
Deploy larger database availability groups (DAGs) over smallerDAGs
Distribute database copies across nodes in a matrix
Improved database seed/log shipping performance across thewide area network (WAN)
DAG network compression/encryption (optional)
Log shipping is now Transport Control Protocol (TCP) socket basedUse multiple 1 Gb networks or 10 Gb network to improve localarea network (LAN) re-seed/log replication queue drainperformance
-
8/2/2019 Us - Exchange 2010 - Architecture
29/47
MailboxArchitectural Considerations
Streaming backup support has been removedUtilize direct-attached storage (DAS) solutions to reduce costswith large mailboxes and continuous replication
Leverage the Storage Cost Calculator
Deploy Database Availability Groups (DAGs) and use replication
to achieve high availabilityIf deploying 3 or more database copies, consider RAID-less storagedesign and combining logs and database on same spindles
Ensure unique database names across the organization
Attend UNC312 - Storage in Microsoft Exchange Server 2010 onTuesday at 9:15
Attend UNC301 - High Availability in Microsoft Exchange Server2010 today at 14:30pm
-
8/2/2019 Us - Exchange 2010 - Architecture
30/47
MailboxArchitectural Considerations
Large mailbox support (10 GB+) enables different scenariosDeploy Office 2007 Service Pack 2 (SP2) or later
Leverage records management functionality
Scenario 1:
Deploy a single mailbox to contain all data
Scenario 2:Deploy primary mailbox to support 1-2 years worth of data
Deploy archive mailboxes to allow end users to retain long-term neededdata
Attend UNC307 - Archiving and Retention in Microsoft ExchangeServer 2010 on Tuesday at 10:50
-
8/2/2019 Us - Exchange 2010 - Architecture
31/47
Public Folders
Co-existence support between Mailbox server 2010 and Mailboxserver 2003/2007
Outlook can access public folder data from Exchange 2010,2007, or 2003
OWA 2010 only gives access to public folders with replicas
located on Exchange 2010This is different from OWA 2007, which had a redirection behavior,opening up OWA 2000/2003 for public folders on older mailbox serversin separate browser windows
Get-PublicFolderStatistics now captures last user access
Unlike Exchange 2007, public folder stores can no longer beenabled for continuous replication, but you can create a publicfolder store on a mailbox server that resides in a DAG
Public Folder replication is your data resiliency solution
-
8/2/2019 Us - Exchange 2010 - Architecture
32/47
Agenda
Discuss the topology changes introduced inExchange Server 2010
Understand our guidance on server sizing
-
8/2/2019 Us - Exchange 2010 - Architecture
33/47
Scale Out vs. Scale Up
Scale out is a strategic choice made byMicrosoft
Focus is on supporting large mailboxes at lowcost, goal to further decrease input/output (I/O)to reduce Total Cost of Ownership (TCO)
Scaling up increases risk that an outage orfailure affects more users
Scaling out provides an opportunity for highavailability at low cost
-
8/2/2019 Us - Exchange 2010 - Architecture
34/47
Processor Core Scalability
Single role serversBeta: 12 cores maximum
No benefit moving to 16 cores from a performanceperspective
High scale all-in-one servercurrently underinvestigation
Beta: 16 cores max
-
8/2/2019 Us - Exchange 2010 - Architecture
35/47
Client AccessBetaSizing Guidance
Since CAS role is now a true middle-tiersolution, CAS servers will require beefierhardware
CAS to Mailbox processor core ratio changesdrastically as a result of RPCCA (Beta1: 3:4)
Processor/Memory requirements:
8 cores recommended
2 GB RAM/core recommended (8 GB min)
-
8/2/2019 Us - Exchange 2010 - Architecture
36/47
TransportBeta Sizing Guidance
Memory and processor requirements arestaying inline with Exchange 2007 requirements
Processor/Memory requirements:
4 cores recommended
1 GB RAM/core recommended
Transport rule attachment scanning and contentencryption technologies may impact these
guidelines
-
8/2/2019 Us - Exchange 2010 - Architecture
37/47
MailboxBetaSizing Guidance
Use 4 8 total cores for mailbox16 cores shows decline in throughput on single rolemachines
RAM
4GB base RAM for content indexing and mailbox assistants2-8MB per mailbox recommended for database cache andwill be based on message profile and mailbox size
Example: Light Message Profile with 10+GB mailbox 8MB memory
Size and prepare disks correctlyUse storage calculator
-
8/2/2019 Us - Exchange 2010 - Architecture
38/47
Unified MessagingBetaSizing Guidance
Use 4 cores4-8 GB of RAM recommended
More than 8 GB is not shown to improve TCO orscale
Not recommended combining with other roles
Audio quality can be affected
Place close to the mailbox servers that host UM-
enabled mailboxes
Voice mail preview may impact these guidelines
ll l
-
8/2/2019 Us - Exchange 2010 - Architecture
39/47
CAS/HUB/MAILBOX 1
CAS/HUB/MAILBOX 2
Member servers of DAG
can host other server
roles
DB2
2 server DAGs, with
server roles combined
or not, should use RAID
All-In-One Server ExampleBranch Office or Smaller Deployment
8 processor coresrecommended
with a maximum
of 64GB RAM
UM role not
recommended for
co-location
h
-
8/2/2019 Us - Exchange 2010 - Architecture
40/47
Exchange 2010 Beta RatioGuidelines
Processor core ratiosClient Access Server (CAS) : Mailbox = 3 : 4
Hub Transport server : Mailbox
= 1 : 7 (no A/V on Hub)
= 1 : 5 (with A/V Hub)
Edge guidance expected to be very similar toExchange Server 2007
GC: Mailbox
= 1 : 4 (32bit GC)
= 1 : 8 (64-bit GC)
l l
-
8/2/2019 Us - Exchange 2010 - Architecture
41/47
Capacity Planning Tools
ProfilingExchange Profile Analyzer (EPA)
Performance Monitor (Perfmon)
SizingExchange Server 2010 Mailbox StorageRequirements Calculator
Validation
Jetstress 2010
Exchange Load Generator Loadgen
K k
-
8/2/2019 Us - Exchange 2010 - Architecture
42/47
Key Takeaways
Exchange Server 2010 introduces several paradigm shiftsClient connections are performed through Client Access Server roleShadow redundancy introduces message resiliency within transportpipeline
High Availability, store, and new compliance scenarios improve dataretention, resiliency, and availability
There are changes to server sizing and scalability, most notablywith CAS
Attend the deep-dive breakout sessions for more in-depthinformation!
-
8/2/2019 Us - Exchange 2010 - Architecture
43/47
R
-
8/2/2019 Us - Exchange 2010 - Architecture
44/47
www.microsoft.com/teched
International Content & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources TechEd Africa 2009 sessions will bemade available for download the weekafter the event from: www.tech-ed.co.za
R l d C
http://www.microsoft.com/techedhttp://microsoft.com/technethttp://microsoft.com/msdnhttp://www.microsoft.com/learninghttp://www.tech-ed.co.za/http://www.tech-ed.co.za/http://www.tech-ed.co.za/http://www.tech-ed.co.za/http://www.microsoft.com/learninghttp://microsoft.com/msdnhttp://microsoft.com/technethttp://www.microsoft.com/teched -
8/2/2019 Us - Exchange 2010 - Architecture
45/47
Related Content
Microsoft Exchange Server 2010 Transition and Deployment(UNC310)
High Availability in Microsoft Exchange Server 2010 (UNC301)
Unified Messaging in Microsoft Exchange Server 2010 (UNC311)
Microsoft Exchange Server 2010 Management Tools (UNC309)
Storage in Microsoft Exchange Server 2010 (UNC312)
Microsoft Hyper-V: Dos and Don'ts for Microsoft ExchangeServer 2007 SP1 and 2010 (VIR308)
Archiving and Retention in Microsoft Exchange Server 2010
(UNC307)
f
-
8/2/2019 Us - Exchange 2010 - Architecture
46/47
Complete a session
evaluation andenter to win!
10 pairs of MP3
sunglasses to be won
-
8/2/2019 Us - Exchange 2010 - Architecture
47/47
2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should
not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.