Martin Coetzer Technical Consultant Microsoft Session Code UNC308 Agenda Discuss the topology changes introduced in Exchange Server 2010 Client Access Transport Mailbox Understand our guidance on server sizing ID: 571664
Download Presentation The PPT/PDF document "Exchange Server 2010 Architecture" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
Exchange Server 2010 Architecture
Martin Coetzer
Technical Consultant
Microsoft
Session Code: UNC308Slide3
AgendaDiscuss the topology changes introduced in Exchange Server 2010Client AccessTransportMailboxUnderstand our guidance on server sizingSlide4
Exchange 2010 Enterprise Topology
Enterprise Network
External
SMTP
servers
Mailbox
Storage of mailbox items
Edge Transport
Routing
& AV/AS
Unified Messaging
Voice mail &
voice access
Phone system (PBX or VOIP)
Client Access
Client connectivity
Web services
Hub Transport
Routing
& Policy
Web browser
Outlook (remote user)
Mobile phone
Outlook (local user)
Line of business applicationSlide5
Consolidation of Store Access Paths
Middle
Tier
Exchange Biz Logic
Mailbox
MAPI RPC
Store
Exchange Components
OWA
Sync
UM
Transport Agents
Mailbox Agents
WS
Entourage
Outlook / MAPI clients
DAV
Middle
Tier
MAPI, RFR & NSPI
RPC
Exchange Core Biz
Logic
Exchange
Biz Logic
Mailbox
MAPI RPC
Store
Exchange Components
OWA
Sync
UM
Transport Agents
Mailbox Agents
WS
Outlook / MAPI clients
Entourage
Exchange 2007
Exchange 2010Slide6
RPC Client Access ServiceThe WhatA new service in Exchange Server 2010 that resides on CASWhat it handles:Outlook data connections go to CAS instead of connecting directly to mailbox servers
Replaces the DSProxy interface by providing an Address Book service on CAS
Public folder connections connect directly to the mailbox server, but through RPC Client Access
MBX
Exchange CAS Array
Outlook Clients
GCSlide7
RPC Client Access ServiceThe WhyProvides a better client experience during switchovers/failoversWhen a MBX server fails over, Outlook client will only see ~30 sec disconnection, as compared to 1-TTL min before
Uses the same business logic for Outlook and other CAS clients
Calendar logging + fix up
Content/body conversion
Greatly simplifies AD topology requirements for Outlook
Supports more concurrent connections/mailboxes per Mailbox server
Reduces code and client logic in Exchange Store process for increased reliabilitySlide8
Client AccessClient RPC Connection ChangesExchange Server 2007
Exchange Server 2010
Outlook / MAPI clients
Mailbox
MAPI RPC
DSProxy
Store
ESE
AD
NSPI
CAS
RpcProxy
RPC Data Flow
HTTP Data Flow
Common Data Flow
Outlook / MAPI clients
Mailbox
MAPI RPC
Store
ESE
AD
LDAP
CAS Array
MAPI RPC
RPCProxy
NSPI,
RFR RPC
Exchange Biz LogicSlide9
RPC Client Access Service
How Directory Referral Connections Work
Outlook calls get Address Book server API
CAS queries Active Directory
Mailbox location (AD site)
Mailbox version
RpcClientAccessServer
property of mailbox database
CAS tells Outlook which CAS server or array should be used for directory requests
Outlook connects to the appropriate CASIf mailbox is moved back to 2003/2007, CAS will redirect the client to the mailbox server so that it can provide a referral to a global catalog server
Otherwise, all legacy mailboxes will get directory referrals from mailbox server
CAS 2010
MBX 2010GC
1
2
3
CAS 2010
MBX 2010
GC
4
AD Site 1
AD Site 2Slide10
RPC Client Access ServiceOutlook Anywhere ImprovementsOutlook Anywhere clients utilize the Address Book service on CAS for directory related requestsThis architecture resolves issues surrounding DSProxy and split HTTP connections that are due to using SSL-ID load balancing solutions
Mailbox
AD
Outlook connecting with Outlook Anywhere
RPC_IN_DATA
RPC
LDAP
CAS
RPC Client Access Services + Address Book
Windows 2008+
RPC/HTTP Proxy
HTTPS
RPC_IN_DATA
HTTPS
RPC_OUT_DATA
RPC_OUT_DATASlide11
RPC Client Access ServiceWriting to the DirectoryQuestion: Does this new behavior ensure that Outlook can write changes to Active Directory for the following scenarios?Distribution group membershipDelegate managementCertificate management
Answer: When the Address Book service detects modifications for one of those scenarios, it will utilize the appropriate cmdlet to commit the change to Active Directory based on the property tag (assuming user is scoped and authorized to make those changes):
Add/Remove-
DistributionGroupMember
Set-Mailbox –
PublicDelegates
Set-Mailbox –
UserCertificate –UserSMIMECertificate Slide12
Exchange Server 2007Outlook Clients
Client Access
Scaling Mailbox Connections
MBX
60K connections / MBX server
Exchange Server 2007
MBX
60K outbound connections / CAS IP (W2K8)
CAS
GC
60K outbound connections / MBX server
Outlook Anywhere ClientsSlide13
Client AccessScaling Mailbox Connections
MBX
Exchange CAS NLB
# of CAS servers
x 100 connections / CAS RPCCA service/process
Outlook Clients
GC
LDAP
Exchange Server 2010Slide14
Client AccessFirewall/Proxy GuidelinesInternet Security and Acceleration (ISA) Server 2006Kernel memory limitations imposed by the 32-bit architectureISA:CAS ratio 3:1 (worst case – heavy Outlook Anywhere usage)
Important when you have a large percentage of your users connected via Outlook Anywhere, as the ratio of Transmission Control Protocol (TCP) connections to users is much higher than you would see for Outlook Web Access (OWA), ActiveSync, POP, or IMAP traffic
Beyond ISA 2006 … pre-release product information
Forefront Unified Access Gateway (UAG)
Next-generation secure remote access product and the future version of Microsoft Intelligent Application Gateway—native 64-bit architecture
Will be tested with Exchange Server 2010
Forefront Threat Management Gateway (TMG)
Next-generation network security product and the future version of Microsoft ISA Server—native 64-bit architecture
Will be tested with Exchange Server 2010Slide15
Client AccessArchitectural ConsiderationsExchange 2010 is version specificExchange 2010 CAS required in every AD site where Exchange 2010 MBX is deployedExchange 2007 MBX requires Exchange 2007 CAS
Load balancing
If planning on deploying more than 8 CAS servers in a load balanced array, consider deploying hardware load balancing solution
Attend the UNC310 Transition/Deployment session to understand the intricacies involved in co-existence!Slide16
Transport RolesResiliency Issues in Exchange 2007Transport database is statefulLoss of service results in loss of mailTransport dumpster impacts the environment
In extreme cases, up to 200% increase in IOPS/message due to many SGs and inefficient cache usage when compared to similar scenarios without dumpster
Redelivery submission results in entire quota being redelivered and store removing duplicatesSlide17
Transport RolesExchange 2010 Resiliency ImprovementsShadow redundancy is a new feature of transportProvides redundancy for messages for the entire time they are in transitTransport becomes stateless
Eliminates need for RAID, which reduces 50% write I/O
Dumpster Changes
Database replication feedback is now used to control which messages remain in dumpster
When message has been replicated to all database copies, message is truncated from dumpster
Dumpster size is now based on log replication latency and frequency of feedbackSlide18
Transport RolesHow does Shadow Redundancy Work?
1
2
Hub (shadow)
delivers
message to Edge1 (primary)
Detects that Edge1 supports Transport
redundancy through XSHADOW verb
Hub moves message to shadow queue and stamps Edge1 as current, primary owner
2. Edge1
(primary) receives message
(becomes “primary owner”)
Edge1 delivers message to next hop Edge1 updates discard status of the message indicating delivery complete to foreign MTA
Hub
Edge1
Edge2
Foreign MTASlide19
Transport RolesHow does Shadow Redundancy Work?
1
2
3.
Success
: Hub (shadow) queries Edge1 (primary) for expiry status
Hub
issues XQDISCARD command (next SMTP Session),Edge1 checks local discard status and responds with list of messages considered delivered
Hub
deletes messages from its shadow queue
Failure: Hub (shadow) queries Edge1 (primary) discard status and
resubmits Hub opens SMTP session, issued XQDISCARD command (heartbeat)—if Hub can’t contact Edge1 within timeout, resubmits messages in shadow queue—resubmitted messages are delivered to Edge2 (go to #1)
4
3
Hub
Edge1
Edge2
Foreign MTASlide20
Transport RolesShadow Redundancy Other ScenariosFor systems that do not support shadow redundancy, Exchange 2010 utilizes a delayed acknowledgement processSMTP submission from Exchange 2003/2007, 3rd party Message Transfer Agent( MTA ) and Mail User Agent (MUA - UM, POP and IMAP clients)
250 response delayed up to 30 sec (default)
If transport server fails before
ack
, client resubmits
Mailbox Submission redundancy relies on copy of message in sender’s “Sent Items” folder
Mail Submission Service resubmits copy when hub doesn’t acknowledge successful delivery of message
System generated (Journal Report, NDR) are considered “side effects” of original message submission, tracked as part of original delivery statusSlide21
Transport RolesExchange 2010 Performance EnhancementsESE changes:ESE page size is 32KBESE database page compressionIntrinsic long value record storage
ESE version store maintenance
DB cache size increased to 1GB
Checkpoint depth increased to 512MB
Results:
With transport dumpster changes and ESE improvements, transport IOPS requirements are targeted to be reduced by more than 50%
Larger message sizes are supported without causing backpressureSlide22
Transport RolesEdge Transport ImprovementsBetter Performance for EdgeSync via Deltasync Mode
Under this mode, each time
EdgeSync
service only reads the delta change since last sync and updates the target accordingly
Support for safe senders and blocked senders
Configurable Safe List quotas
Administrator defined blocked senders
Automatic update of Safe Sender list propagation into Active DirectorySlide23
Transport RolesOther ImprovementsInformation Leakage Protection and Control (IPC) features Instrumentation and reporting improvementsMeasuring end-to-end message delivery latencyServer component latencyHistorical reporting and trends
End user message trackingSlide24
Transport RolesArchitectural ConsiderationsShadow redundancy enables RAID-less solutions for mail.que databaseRouting version boundary change:Exchange 2010 Mailbox servers can only submit to Exchange 2010 Hub Transport serversExchange 2010 Hub Transport servers can only deliver to Exchange 2010 Mailbox servers
Exchange
2007 Mailbox servers can only submit to Exchange 2007 Hub Transport servers
Exchange 2007 Hub Transport servers can only deliver to Exchange 2007 Mailbox servers
Exchange 2010 Hub Transport servers can communicate with Exchange 2007 Hub Transport servers via SMTP (and vice versa)
For Edge:
Exchange 2010 Hub Transport will become authoritative for Edgesync in the coexistence scenarioSlide25
MailboxStore/ESE Changes
Exchange 2007 Issues
Exchange Server 2010
Exchange does many small, random input/outputs (I/Os) which inhibit the types of disks that can be used
Exchange store schema and ESE optimized for fewer
large, smoother,
sequential I/OsStore schema changes
DB I/O size improvementsDatabase cache effectiveness improvements
ESE optimized for new store schema
Result: Exchange 2010 reduces I/O by an additional 70% when compared to Exchange Server 2007 and is optimized for SATA class disks
Large item count per folder is an issue due to restricted views (affects large mailbox deployments)Schema changes of the table structure and deferred index updates greatly improves restricted view performance
Result: Supports 100,000 items per folder
Outlook Personal Folder Files (PSTs) are a litigation, security, and management nightmareNew Messaging Records Management features
Item level policy settingsArchive mailbox feature for importing and storing PST dataCompliance Officer search capabilities
Result: PSTs can be removed by placing data into Exchange repository and can be searched easilySlide26
MailboxHigh Availability ChangesOther advantagesStep up to automatic failover without rebuilding the mailbox serverIncrementally add replicated copies to meet business needs
No subnet or special DNS requirements
*Over = Failover or Switchover
Single-copy cluster
Cluster Continuous Replication
Exchange Server 2010
High Availability
*Over granularity
Server-level
Server-level
Database-level
Copies of data
122 to 16
*Over time
~2 min~2 min
~30 sec (POR)*Over managementWindows Cluster
Windows ClusterExchange ServerData replicationPartner replication or SCR
Continuous replicationContinuous replication
Management toolsSeparate
Separate
Unified
Host other roles?
No
No
Yes
Single-Copy ClusterCluster Continuous Replication
*Over granularity
Server-level
Server-level
Copies of data
12*Over time
~2 min
~2 min*Over
managementWindows Cluster
Windows ClusterData replication
Partner replication or SCR
Continuous replication
Management tools
Separate
Separate
Host other roles?
No
NoSlide27
High Availability Design Example
Double Resiliency
Single Site
4 Nodes
3 HA Copies
JBOD -> 3 physical Copies
Database Availability Group (DAG)
DB2
DB3
DB5
DB4
DB7
DB8
DB1
DB2
DB3
DB4
Mailbox
Server 1
DB5
DB6
DB7
DB8
DB1
DB2
Mailbox
Server 2
Mailbox
Server 3
X
CAS NLB Farm
AD: Dublin
DB3
DB4
DB5
DB6
DB7
DB8
Mailbox
Server 4
DB1
X
DB6
Upgrade server 1
Server 2 fails
Server 1 upgrade is done
2 active copies dieSlide28
MailboxExchange 2010 High Availability SizingLeverage the incremental deployment capabilities of Exchange Server 2010You do not need to deploy site resilience out of the box!Deploy larger database availability groups (DAGs) over smaller DAGs
Distribute database copies across nodes in a matrix
Improved database seed/log shipping performance across the wide area network (WAN)
DAG network compression/encryption (optional)
Log shipping is now Transport Control Protocol (TCP) socket based
Use multiple 1
Gb
networks or 10 Gb network to improve local area network (LAN) re-seed/log replication queue drain performanceSlide29
MailboxArchitectural ConsiderationsStreaming backup support has been removedUtilize direct-attached storage (DAS) solutions to reduce costs with large mailboxes and continuous replication Leverage the Storage Cost Calculator
Deploy Database Availability Groups (DAGs) and use replication to achieve high availability
If deploying 3 or more database copies, consider RAID-less storage design and combining logs and database on same spindles
Ensure unique database names across the organization
Attend UNC312 - Storage in Microsoft Exchange Server 2010 on Tuesday at 9:15
Attend UNC301 - High Availability in Microsoft Exchange Server 2010 today at 14:30pmSlide30
MailboxArchitectural ConsiderationsLarge mailbox support (10 GB+) enables different scenariosDeploy Office 2007 Service Pack 2 (SP2) or laterLeverage records management functionality
Scenario 1:
Deploy a single mailbox to contain all data
Scenario 2:
Deploy primary mailbox to support 1-2 years worth of data
Deploy archive mailboxes to allow end users to retain long-term needed data
Attend UNC307 - Archiving and Retention in Microsoft Exchange Server 2010 on Tuesday at 10:50Slide31
Public FoldersCo-existence support between Mailbox server 2010 and Mailbox server 2003/2007Outlook can access public folder data from Exchange 2010, 2007, or 2003OWA 2010 only gives access to public folders with replicas located on Exchange 2010This is different from OWA 2007, which had a redirection behavior, opening up OWA 2000/2003 for public folders on older mailbox servers in separate browser windowsGet-
PublicFolderStatistics
now captures last user access
Unlike Exchange 2007, public folder stores can no longer be enabled for continuous replication, but you can create a public folder store on a mailbox server that resides in a DAG
Public Folder replication is your data resiliency solutionSlide32
AgendaDiscuss the topology changes introduced in Exchange Server 2010Understand our guidance on server sizingSlide33
Scale Out vs. Scale UpScale out is a strategic choice made by MicrosoftFocus is on supporting large mailboxes at low cost, goal to further decrease input/output (I/O) to reduce Total Cost of Ownership (TCO)Scaling up increases risk that an outage or failure affects more usersScaling out provides an opportunity for high availability at low costSlide34
Processor Core ScalabilitySingle role serversBeta: 12 cores maximumNo benefit moving to 16 cores from a performance perspectiveHigh scale all-in-one server—currently under investigationBeta: 16 cores maxSlide35
Client Access Beta Sizing GuidanceSince CAS role is now a true middle-tier solution, CAS servers will require beefier hardwareCAS to Mailbox processor core ratio changes drastically as a result of RPCCA (Beta1: 3:4)
Processor/Memory requirements:
8 cores recommended
2 GB RAM/core recommended (8 GB min)Slide36
TransportBeta Sizing GuidanceMemory and processor requirements are staying inline with Exchange 2007 requirementsProcessor/Memory requirements: 4 cores recommended1 GB RAM/core recommended
Transport rule attachment scanning and content encryption technologies may impact these guidelinesSlide37
Mailbox Beta Sizing GuidanceUse 4 – 8 total cores for mailbox16 cores shows decline in throughput on single role machinesRAM
4GB base RAM for content indexing and mailbox assistants
2-8MB per mailbox recommended for database cache and will be based on message profile and mailbox size
Example: Light Message Profile with 10+GB mailbox – 8MB memory
Size and prepare disks correctly
Use storage calculatorSlide38
Unified Messaging Beta Sizing Guidance Use 4 cores 4-8 GB of RAM recommended
More than 8 GB is not shown to improve TCO or scale
Not recommended combining with other roles
Audio quality can be affected
Place close to the mailbox servers that host UM-enabled mailboxes
Voice mail preview may impact these guidelinesSlide39
CAS/HUB/MAILBOX 1
CAS/HUB/MAILBOX 2
Member servers of DAG can host other server roles
Hardware Load Balancer
DB1
DB2
DB3
DB2
DB1
DB2
DB3
2 server DAGs, with server roles combined or not, should use RAID
All-In-One Server Example
Branch Office or Smaller Deployment
8 processor cores recommended with a maximum of 64GB RAM
UM role not recommended for co-locationSlide40
Exchange 2010 Beta Ratio Guidelines Processor core ratiosClient Access Server (CAS) : Mailbox = 3 : 4Hub Transport server : Mailbox= 1 : 7 (no A/V on Hub)= 1 : 5 (with A/V Hub)Edge guidance expected to be very similar to Exchange Server 2007
GC: Mailbox
= 1 : 4 (32–bit GC)
= 1 : 8 (64-bit GC)Slide41
Capacity Planning ToolsProfilingExchange Profile Analyzer (EPA)Performance Monitor (Perfmon)SizingExchange Server 2010 Mailbox Storage Requirements CalculatorValidationJetstress 2010Exchange Load Generator “Loadgen”Slide42
Key TakeawaysExchange Server 2010 introduces several paradigm shiftsClient connections are performed through Client Access Server roleShadow redundancy introduces message resiliency within transport pipelineHigh Availability, store, and new compliance scenarios improve data retention, resiliency, and availabilityThere are changes to server sizing and scalability, most notably with CAS
Attend the deep-dive breakout sessions for more in-depth information!Slide43
question & answerSlide44
www.microsoft.com/teched
International Content & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
Required Slide
Speakers,
TechEd 2009 is not producing
a DVD. Please announce that
attendees can
access session
recordings from Tech-Ed website. These will only be available after the event.
Tech
·Ed
Africa 2009 sessions will be made available for download the week after the event from:
www.tech-ed.co.zaSlide45
Related ContentMicrosoft Exchange Server 2010 Transition and Deployment (UNC310) High Availability in Microsoft Exchange Server 2010 (UNC301)Unified Messaging in Microsoft Exchange Server 2010 (UNC311)Microsoft Exchange Server 2010 Management Tools (UNC309)Storage in Microsoft Exchange Server 2010 (UNC312) Microsoft Hyper-V: Dos and Don'ts for Microsoft Exchange Server 2007 SP1 and 2010 (VIR308)
Archiving and Retention in Microsoft Exchange Server 2010 (UNC307)
Required Slide
Speakers,
please list the Breakout Sessions,
TLC Interactive Theaters and Labs
that are related to your session.Slide46
Required Slide
Complete a session evaluation and enter to win!
10 pairs of MP3
sunglasses
to be
wonSlide47
©
2009 Microsoft
Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT
MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Required Slide