Exchange Server 2010 Architecture - WordPress

Martin Coetzer
Technical Consultant
Microsoft
Session Code: UNC308
Agenda
Discuss the topology changes introduced in
Exchange Server 2010
Client Access
Transport
Mailbox
Understand our guidance on server sizing
Exchange 2010 Enterprise Topology
Enterprise Network
Edge Transport
Routing & AV/AS
Phone system
(PBX or VOIP)
Hub Transport
Routing & Policy
External
SMTP
servers
Mobile phone
Web browser
Mailbox
Storage of mailbox
items
Unified Messaging
Voice mail &
voice access
Client Access
Client connectivity
Web services
Outlook
(remote user)
Line of business application
Outlook (local user)
Consolidation of Store Access Paths
Entourage
Exchange Components
Exchange Components
Outlook /
MAPI clients
Outlook /
MAPI clients
Exchange
Biz Logic
Entourage
Mailbox
Middle
Tier
Sync
UM
MAPI RPC
Store
Mailbox
Agents
DAV
Mailbox
OWA
Mailbox
Agents
Middle
Tier
WS
WS
Transport
Agents
OWA
Sync
MAPI,
Exchange
RFR &
Biz Logic
NSPI RPC
Exchange Core Biz Logic
MAPI RPC
Store
Transport
Agents
UM
RPC Client Access Service
The What
Outlook Clients
A new service in Exchange Server 2010
that resides on CAS
What it handles:
Outlook data connections go to CAS instead
of connecting directly to mailbox servers
Replaces the DSProxy interface by
providing an Address Book service on CAS
Public folder connections connect directly
to the mailbox server, but through RPC
Client Access
Exchange CAS Array
MBX
GC
RPC Client Access Service
The Why
Provides a better client experience during switchovers/failovers
When a MBX server fails over, Outlook client will only see ~30 sec
disconnection, as compared to 1-TTL min before
Uses the same business logic for Outlook and other CAS clients
Calendar logging + fix up
Content/body conversion
Greatly simplifies AD topology requirements for Outlook
Supports more concurrent connections/mailboxes per Mailbox
server
Reduces code and client logic in Exchange Store process for
increased reliability
Client Access
Client RPC Connection Changes
Exchange Server 2007
Exchange Server 2010
Outlook / MAPI
clients
RpcProxy
MAPI RPC
DSProxy
NSPI
RPC Data Flow
Mailbox
AD
HTTP Data Flow
RPCProxy
NSPI,
RFR RPC
Exchange Biz Logic
MAPI RPC
Store
Store
ESE
MAPI RPC
ESE
Mailbox
CAS Array
CAS
Outlook / MAPI
clients
Common Data Flow
LDAP
AD
RPC Client Access Service
How Directory Referral Connections Work
a.
b.
c.
3.
4.
Mailbox location (AD site)
Mailbox version
RpcClientAccessServer property of
mailbox database
CAS tells Outlook which CAS server
or array should be used for
directory requests
Outlook connects to the
appropriate CAS
1
4
3
CAS 2010
MBX 2010
2
GC
AD Site 2
2.
Outlook calls get Address Book
server API
CAS queries Active Directory
AD Site 1
1.
CAS 2010
MBX 2010
GC
If mailbox is moved back to 2003/2007, CAS will redirect the client to the
mailbox server so that it can provide a referral to a global catalog server
Otherwise, all legacy mailboxes will get directory referrals from mailbox server
RPC Client Access Service
Outlook connecting
with Outlook
Anywhere
Outlook Anywhere Improvements
Outlook Anywhere clients utilize
the Address Book service on
CAS for directory related
requests
This architecture resolves issues
surrounding DSProxy and split
HTTP connections that are due
to using SSL-ID load balancing
solutions
HTTPS
RPC_IN_DATA
HTTPS
RPC_OUT_DATA
Windows 2008+
RPC/HTTP Proxy
RPC_IN_DATA
RPC_OUT_DATA
CAS
RPC Client Access
Services + Address Book
LDAP
AD
RPC
Mailbox
RPC Client Access Service
Writing to the Directory
Question: Does this new behavior ensure that Outlook can write
changes to Active Directory for the following scenarios?
Distribution group membership
Delegate management
Certificate management
Answer: When the Address Book service detects modifications
for one of those scenarios, it will utilize the appropriate cmdlet
to commit the change to Active Directory based on the property
tag (assuming user is scoped and authorized to make those
changes):
Add/Remove-DistributionGroupMember
Set-Mailbox –PublicDelegates
Set-Mailbox –UserCertificate –UserSMIMECertificate
Client Access
Scaling Mailbox Connections
Outlook Anywhere Clients
60K outbound
connections /
CAS IP (W2K8)
CAS
MBX
Exchange Server 2007
60K connections / MBX server
MBX
Outlook Clients
Exchange Server 2007
60K outbound
connections /
MBX server
GC
Client Access
Scaling Mailbox Connections
# of CAS servers
x 100 connections / CAS RPCCA
service/process
Outlook Clients
GC
Exchange Server 2010
MBX
Exchange CAS NLB
LDAP
Client Access
Firewall/Proxy Guidelines
Internet Security and Acceleration (ISA) Server 2006
Kernel memory limitations imposed by the 32-bit architecture
ISA:CAS ratio 3:1 (worst case – heavy Outlook Anywhere usage)
Important when you have a large percentage of your users connected via
Outlook Anywhere, as the ratio of Transmission Control Protocol (TCP)
connections to users is much higher than you would see for Outlook Web
Access (OWA), ActiveSync, POP, or IMAP traffic
Beyond ISA 2006 … pre-release product information
Forefront Unified Access Gateway (UAG)
Next-generation secure remote access product and the future version of
Microsoft Intelligent Application Gateway—native 64-bit architecture
Will be tested with Exchange Server 2010
Forefront Threat Management Gateway (TMG)
Next-generation network security product and the future version of
Microsoft ISA Server—native 64-bit architecture
Will be tested with Exchange Server 2010
Client Access
Architectural Considerations
Exchange 2010 is version specific
Exchange 2010 CAS required in every AD site where
Exchange 2010 MBX is deployed
Exchange 2007 MBX requires Exchange 2007 CAS
Load balancing
If planning on deploying more than 8 CAS servers in a load
balanced array, consider deploying hardware load balancing
solution
Attend the UNC310 Transition/Deployment session to
understand the intricacies involved in co-existence!
Transport Roles
Resiliency Issues in Exchange 2007
Transport database is stateful
Loss of service results in loss of mail
Transport dumpster impacts the environment
In extreme cases, up to 200% increase in
IOPS/message due to many SGs and inefficient
cache usage when compared to similar scenarios
without dumpster
Redelivery submission results in entire quota being
redelivered and store removing duplicates
Transport Roles
Exchange 2010 Resiliency Improvements
Shadow redundancy is a new feature of transport
Provides redundancy for messages for the entire time they
are in transit
Transport becomes stateless
Eliminates need for RAID, which reduces 50% write I/O
Dumpster Changes
Database replication feedback is now used to control which
messages remain in dumpster
When message has been replicated to all database copies,
message is truncated from dumpster
Dumpster size is now based on log replication latency and
frequency of feedback
Transport Roles
How does Shadow Redundancy Work?
1. Hub (shadow) delivers message to Edge1
(primary)
Detects that Edge1 supports Transport
redundancy through XSHADOW verb
Hub moves message to shadow queue and
stamps Edge1 as current, primary owner
Hub
1
Edge1
Edge2
2
Foreign
MTA
2. Edge1 (primary) receives message
(becomes “primary owner”)
Edge1 delivers message to next hop
Edge1 updates discard status of the
message indicating delivery complete
to foreign MTA
Transport Roles
How does Shadow Redundancy Work?
3. Success: Hub (shadow) queries Edge1 (primary) for
expiry status
Hub issues XQDISCARD command (next SMTP
Session),Edge1 checks local discard status and
responds with list of messages considered delivered
 Hub deletes messages from its shadow queue
Hub
1
4
3
4.
Edge1
Edge2
2
Foreign
MTA
Failure: Hub (shadow) queries Edge1 (primary)
discard status and resubmits
Hub opens SMTP session, issued XQDISCARD
command (heartbeat)—if Hub can’t contact Edge1
within timeout, resubmits messages in shadow
queue—resubmitted messages are delivered to Edge2
(go to #1)
Transport Roles
Shadow Redundancy Other Scenarios
For systems that do not support shadow redundancy, Exchange
2010 utilizes a delayed acknowledgement process
SMTP submission from Exchange 2003/2007, 3rd party Message
Transfer Agent( MTA ) and Mail User Agent (MUA - UM, POP and IMAP
clients)
250 response delayed up to 30 sec (default)
If transport server fails before ack, client resubmits
Mailbox Submission redundancy relies on copy of message in
sender’s “Sent Items” folder
Mail Submission Service resubmits copy when hub doesn’t acknowledge
successful delivery of message
System generated (Journal Report, NDR) are considered “side
effects” of original message submission, tracked as part of
original delivery status
Transport Roles
Exchange 2010 Performance Enhancements
ESE changes:
ESE page size is 32KB
ESE database page compression
Intrinsic long value record storage
ESE version store maintenance
DB cache size increased to 1GB
Checkpoint depth increased to 512MB
Results:
With transport dumpster changes and ESE improvements, transport
IOPS requirements are targeted to be reduced by more than 50%
Larger message sizes are supported without causing backpressure
Transport Roles
Edge Transport Improvements
Better Performance for EdgeSync via Deltasync Mode
Under this mode, each time EdgeSync service only reads the
delta change since last sync and updates the target
accordingly
Support for safe senders and blocked senders
Configurable Safe List quotas
Administrator defined blocked senders
Automatic update of Safe Sender list propagation into Active
Directory
Transport Roles
Other Improvements
Information Leakage Protection and Control
(IPC) features
Instrumentation and reporting improvements
Measuring end-to-end message delivery latency
Server component latency
Historical reporting and trends
End user message tracking
Transport Roles
Architectural Considerations
Shadow redundancy enables RAID-less solutions for mail.que database
Routing version boundary change:
Exchange 2010 Mailbox servers can only submit to Exchange 2010 Hub
Transport servers
Exchange 2010 Hub Transport servers can only deliver to Exchange 2010
Mailbox servers
Exchange 2007 Mailbox servers can only submit to Exchange 2007 Hub
Transport servers
Exchange 2007 Hub Transport servers can only deliver to Exchange 2007
Mailbox servers
Exchange 2010 Hub Transport servers can communicate with Exchange 2007
Hub Transport servers via SMTP (and vice versa)
For Edge:
Exchange 2010 Hub Transport will become authoritative for Edgesync in the
coexistence scenario
Mailbox
Store/ESE Changes
Exchange 2007 Issues
Exchange does many small, random input/outputs (I/Os) which
inhibit the types of disks that can be used
Exchange Server 2010
Exchange store schema and ESE optimized for fewer large,
smoother, sequential I/Os
•Store schema changes
•DB I/O size improvements
•Database cache effectiveness improvements
•ESE optimized for new store schema
Result: Exchange 2010 reduces I/O by an additional 70%
when compared to Exchange Server 2007 and is optimized for
SATA class disks
Large item count per folder is an issue due to restricted views
(affects large mailbox deployments)
Schema changes of the table structure and deferred index
updates greatly improves restricted view performance
Result: Supports 100,000 items per folder
Outlook Personal Folder Files (PSTs) are a litigation, security, and
management nightmare
New Messaging Records Management features
•Item level policy settings
•Archive mailbox feature for importing and storing PST
data
•Compliance Officer search capabilities
Result: PSTs can be removed by placing data into Exchange
repository and can be searched easily
Mailbox
High Availability Changes
Single-Copy
Single-copy Cluster
cluster
Cluster Continuous
Replication
Exchange Server 2010 High
Availability
*Over granularity
Server-level
Server-level
Database-level
Copies of data
1
2
2 to 16
*Over time
~2 min
~2 min
~30 sec (POR)
*Over management
Windows Cluster
Windows Cluster
Exchange Server
Data replication
Partner replication or SCR
Continuous replication
Continuous replication
Management tools
Separate
Separate
Unified
Host other roles?
No
No
Yes
Other advantages
Step up to automatic failover without rebuilding the mailbox server
Incrementally add replicated copies to meet business needs
No subnet or special DNS requirements
High Availability Design Example
Double Resiliency
Upgrade
Single
Siteserver 1
Server
4
Nodes2 fails
Server
1 upgrade is done
3
HA Copies
2 active
die Copies
JBOD
-> copies
3 physical
Mailbox
Server 1
Mailbox
Server 2
Mailbox
Server 3
X
Database Availability Group (DAG)
Mailbox
Server 4
Mailbox
Exchange 2010 High Availability Sizing
Leverage the incremental deployment capabilities of Exchange
Server 2010
You do not need to deploy site resilience out of the box!
Deploy larger database availability groups (DAGs) over smaller
DAGs
Distribute database copies across nodes in a matrix
Improved database seed/log shipping performance across the
wide area network (WAN)
DAG network compression/encryption (optional)
Log shipping is now Transport Control Protocol (TCP) socket based
Use multiple 1 Gb networks or 10 Gb network to improve local
area network (LAN) re-seed/log replication queue drain
performance
Mailbox
Architectural Considerations
Streaming backup support has been removed
Utilize direct-attached storage (DAS) solutions to reduce costs
with large mailboxes and continuous replication
Leverage the Storage Cost Calculator
Deploy Database Availability Groups (DAGs) and use replication
to achieve high availability
If deploying 3 or more database copies, consider RAID-less storage
design and combining logs and database on same spindles
Ensure unique database names across the organization
Attend UNC312 - Storage in Microsoft Exchange Server 2010 on
Tuesday at 9:15
Attend UNC301 - High Availability in Microsoft Exchange Server
2010 today at 14:30pm
Mailbox
Architectural Considerations
Large mailbox support (10 GB+) enables different scenarios
Deploy Office 2007 Service Pack 2 (SP2) or later
Leverage records management functionality
Scenario 1:
Deploy a single mailbox to contain all data
Scenario 2:
Deploy primary mailbox to support 1-2 years worth of data
Deploy archive mailboxes to allow end users to retain long-term needed
data
Attend UNC307 - Archiving and Retention in Microsoft Exchange
Server 2010 on Tuesday at 10:50
Public Folders
Co-existence support between Mailbox server 2010 and Mailbox
server 2003/2007
Outlook can access public folder data from Exchange 2010,
2007, or 2003
OWA 2010 only gives access to public folders with replicas
located on Exchange 2010
This is different from OWA 2007, which had a redirection behavior,
opening up OWA 2000/2003 for public folders on older mailbox servers
in separate browser windows
Get-PublicFolderStatistics now captures last user access
Unlike Exchange 2007, public folder stores can no longer be
enabled for continuous replication, but you can create a public
folder store on a mailbox server that resides in a DAG
Public Folder replication is your data resiliency solution
Agenda
Discuss the topology changes introduced in
Exchange Server 2010
Understand our guidance on server sizing
Scale Out vs. Scale Up
Scale out is a strategic choice made by
Microsoft
Focus is on supporting large mailboxes at low
cost, goal to further decrease input/output (I/O)
to reduce Total Cost of Ownership (TCO)
Scaling up increases risk that an outage or
failure affects more users
Scaling out provides an opportunity for high
availability at low cost
Processor Core Scalability
Single role servers
Beta: 12 cores maximum
No benefit moving to 16 cores from a performance
perspective
High scale all-in-one server—currently under
investigation
Beta: 16 cores max
Client Access
Beta Sizing Guidance
Since CAS role is now a true middle-tier
solution, CAS servers will require beefier
hardware
CAS to Mailbox processor core ratio changes
drastically as a result of RPCCA (Beta1: 3:4)
Processor/Memory requirements:
8 cores recommended
2 GB RAM/core recommended (8 GB min)
Transport
Beta Sizing Guidance
Memory and processor requirements are
staying inline with Exchange 2007 requirements
Processor/Memory requirements:
4 cores recommended
1 GB RAM/core recommended
Transport rule attachment scanning and content
encryption technologies may impact these
guidelines
Mailbox
Beta Sizing Guidance
Use 4 – 8 total cores for mailbox
16 cores shows decline in throughput on single role
machines
RAM
4GB base RAM for content indexing and mailbox assistants
2-8MB per mailbox recommended for database cache and
will be based on message profile and mailbox size
Example: Light Message Profile with 10+GB mailbox – 8MB memory
Size and prepare disks correctly
Use storage calculator
Unified Messaging
Beta Sizing Guidance
Use 4 cores
4-8 GB of RAM recommended
More than 8 GB is not shown to improve TCO or
scale
Not recommended combining with other roles
Audio quality can be affected
Place close to the mailbox servers that host UMenabled mailboxes
Voice mail preview may impact these guidelines
All-In-One Server Example
Branch Office or Smaller Deployment
8 processor cores
recommended
with a maximum
of 64GB RAM
UM role not
recommended for
co-location
CAS/HUB/
MAILBOX 1
CAS/HUB/
MAILBOX 2
Member servers of DAG
can host other server
roles
DB2
2 server DAGs, with
server roles combined
or not, should use RAID
Exchange 2010 Beta Ratio
Guidelines
Processor core ratios
Client Access Server (CAS) : Mailbox = 3 : 4
Hub Transport server : Mailbox
= 1 : 7 (no A/V on Hub)
= 1 : 5 (with A/V Hub)
Edge guidance expected to be very similar to
Exchange Server 2007
GC: Mailbox
= 1 : 4 (32–bit GC)
= 1 : 8 (64-bit GC)
Capacity Planning Tools
Profiling
Exchange Profile Analyzer (EPA)
Performance Monitor (Perfmon)
Sizing
Exchange Server 2010 Mailbox Storage
Requirements Calculator
Validation
Jetstress 2010
Exchange Load Generator “Loadgen”
Key Takeaways
Exchange Server 2010 introduces several paradigm shifts
Client connections are performed through Client Access Server role
Shadow redundancy introduces message resiliency within transport
pipeline
High Availability, store, and new compliance scenarios improve data
retention, resiliency, and availability
There are changes to server sizing and scalability, most notably
with CAS
Attend the deep-dive breakout sessions for more in-depth
information!
Resources
Tech·Ed Africa 2009 sessions will be
made available for download the week
after the event from: www.tech-ed.co.za
www.microsoft.com/teched
www.microsoft.com/learning
International Content & Community
Microsoft Certification & Training Resources
http://microsoft.com/technet
http://microsoft.com/msdn
Resources for IT Professionals
Resources for Developers
Related Content
Microsoft Exchange Server 2010 Transition and Deployment
(UNC310)
High Availability in Microsoft Exchange Server 2010 (UNC301)
Unified Messaging in Microsoft Exchange Server 2010 (UNC311)
Microsoft Exchange Server 2010 Management Tools (UNC309)
Storage in Microsoft Exchange Server 2010 (UNC312)
Microsoft Hyper-V: Dos and Don'ts for Microsoft Exchange
Server 2007 SP1 and 2010 (VIR308)
Archiving and Retention in Microsoft Exchange Server 2010
(UNC307)
10 pairs of MP3
sunglasses to be won
Complete a session
evaluation and
enter to win!
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should
not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.