12. How Are Databases Protected in a DAG? Continuous replication protects databases across servers in the DAG DB4 DB2 DB3 DB1 DB2 DB4 DB4 DB2 DB3
13. Comparing Exchange Server 2010 to Exchange Server 2007 Mailbox Availability Options Exchange Server 2007 Exchange Server 2010 LCR CCR SCR SCC DAG Point of Failure Server None None Storage None VSS Backup Supported Supported Not supported Supported Supported Replication Copies Single copy on server Single copy on passive node Multiple targets None Up to 16 targets Log Replay Delay None None Up to 24 hours or 50 log files None Up to 14 days Data Loss Protection Transport dumpster Transport dumpster Not available None Transport dumpster Failover Manual Automatic failover Manual Automatic failover Automatic switchover by database Can Run with Multiple Roles Yes No Target Only No Yes
14.
15. Demonstration: How to Create and Configure a DAG In this demonstration, you will see how to create and configure a DAG
22. How Shadow Redundancy Provides High Availability for Hub Transport Servers Transport server delays message deletion until it verifies that the message has been delivered past the next hop Hub External SMTP Mail Server Edge2 Edge1
23.
24.
25.
26.
27.
Editor's Notes
Module 7: Implementing High Availability Course 10135A Presentation: 85 minutes Lab: 90 minutes After completing this module, students will be able to: Describe the high availability options Configure highly available mailbox databases Deploy highly available non-Mailbox servers Deploy high availability solution for multiple sites Required materials To teach this module, you need the Microsoft® Office PowerPoint® file 10135A_07.ppt. Important: We recommend that you use PowerPoint 2002 or a later version to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides might not be displayed correctly. Preparation tasks To prepare for this module: Read all of the materials for this module. Practice performing the demonstrations and the lab exercises. Work through the Module Review and Takeaways section, and determine how you will use this section to reinforce student learning and promote knowledge transfer to on-the-job performance. Note about the demonstrations : To prepare for the demonstrations, start the 10135A-VAN-DC1 virtual machine and log on to the server before starting the other virtual machines. To save time during the demonstrations, log on to the Exchange servers and open the Exchange Server management tools before starting the demonstrations. Additionally, connect to the Microsoft Outlook® Web App site on the Exchange servers, and then log on as Administrator. It can take more than a minute to open the management tools and Outlook Web App for the first time. Make sure that students are aware that there are additional information and resources for the module on the Course Companion CD.
Module 7: Implementing High Availability Course 10135A
Module 7: Implementing High Availability Course 10135A
Lead a discussion about high availability. Define high availability as the implementation of a system design that ensures a high level of operational continuity over a specific time period. Many students may attribute high availability to failover clustering or load balancing. However, you can achieve high availability only with good design, testing, training, and operational processes. Also mention that you measure availability by the percentage of time the application is available. Also be sure to note that planned downtime is usually exempted from these measurements. Planned downtime is downtime scheduled for routine proactive updates and maintenance. References Microsoft High Availability White Paper: http://go.microsoft.com/fwlink/?LinkId=179979 Module 7: Implementing High Availability Course 10135A
Lead a discussion about the components that make up a high availability solution. Question: Which components are important for running a high availability solution? Answer: Be sure to capture these main points, but know that students answers may vary: Redundant hardware components Server hardware Network hardware Storage hardware Software components (clustering) Operational readiness Operational training Proactive maintenance Change management Detailed system health monitoring Question: What are common single points of failure in a messaging solution? Answer: Answers will vary. Some may include: Internet connectivity; server failures with hard drives, fans and power supplies; and environmental factors, such as power and cooling. Module 7: Implementing High Availability Course 10135A
Use this slide to prepare the students for this module’s remaining topics. Discuss the new Mailbox server high availability solution for mailbox data. Although the implementation of mailbox high availability is different in Microsoft Exchange Server 2010, the basic concepts are the same. If students are familiar with Exchange Server 2007 high availability technologies, you may find it beneficial to discuss the differences between Exchange Server 2007 and Exchange Server 2010. However, this module does provide additional information later. Since public folder high availability is the equivalent of adding replicas, this module provides no additional coverage of public folder high availability. Module 7: Implementing High Availability Course 10135A
Briefly discuss the high availability options for the non-Mailbox server roles. Each of these will be discussed in detail in later lessons. Essentially, adding multiple servers and configuring them for high availability makes non-mailbox roles redundant. Module 7: Implementing High Availability Course 10135A
Module 7: Implementing High Availability Course 10135A
Explain a database availability group (DAG) and how it leverages continuous transaction log replication to the passive database copies within the DAG. Point out that a DAG: Requires the failover clustering feature, although all installation and configuration tasks occur with the Exchange Server management tools . Although a DAG requires the failover clustering feature, Exchange Server does not use Windows® failover clustering to handle database failover. Instead, it uses Active Manager to control failover. Uses an enhanced version of the continuous replication technology that Exchange Server 2007 introduced . Exchange Server 2010 improves upon the best continuous replication pieces from Exchange Server 2007. Can be created after you have installed the Mailbox server . You can set up a Mailbox server to host active mailboxes, and then add to a DAG later. Allows a single database to be moved between servers in the group without affecting other databases . Failover clustering is done per mailbox database, not for an entire server, making Exchange Server 2010 more flexible than previous Exchange Server versions. Allows up to 16 copies of a single database on separate servers . You can add 16 servers to a DAG, which allows you to create 16 databases. Defines the boundary for replication since only servers within the DAG can host database copies . You cannot replicate database information to Mailbox servers outside the DAG. Module 7: Implementing High Availability Course 10135A
Discuss the role of the Active Manager. Mention that although the DAG relies on the failover clustering feature, it relies on Active Manager to do the failover or switchover processes. References Exchange Server 2010 Help: Understanding Mailbox Database Availability: Active Manager Module 7: Implementing High Availability Course 10135A
Talk through the continuous replication process using the slide: Exchange Server writes, and then closes, the active log. The Replication Service replicates the closed log to servers hosting the passive databases. Since each copy of the database is identical, Exchange Server inspects, and then replays or applies, the transaction logs to the database copies. The databases remain in sync. Mention that you must seed the databases for this process. Seeding a database ensures that a good copy of the database is available on each server so that you can replay transaction logs, as appropriate. Question: What other technologies use continuous replication? Answer: Exchange Server 2007, Microsoft SQL Server®, and others. Module 7: Implementing High Availability Course 10135A
The active database copy uses continuous replication to keep the passive copies in sync, based on their lag-time setting. A DAG leverages the Windows Server® operating system failover clustering feature. However, it relies on the Active Manager server to maintain status of all of the databases that the DAG hosts. A single database can be switched or failed between servers within the DAG. At any given time, a copy is either the replication source or the replication target, but not both. A server may not host more than one copy of a given database. Not all databases need to have the same number of copies. In a 16-node DAG, one database can have 16 copies, while another database is not redundant and contains only the one active copy. Discuss the difference between a failover and a switchover. References Exchange Server 2010 Help: Understanding Mailbox Database Availability Module 7: Implementing High Availability Course 10135A
Discuss the difference between the Exchange Server 2010 and the Exchange Server 2007 mailbox high availability solutions. Stress that the new DAG model is the best combination of the Exchange Server 2007 options. Module 7: Implementing High Availability Course 10135A
Discuss DAG networks, especially the importance of redundancy and configuring networks to allow for replication, encryption, and compression. Next, discuss the process of configuring a database to be highly available within a DAG. Lastly, define and discuss truncation, replay lag times, and preferred list sequence number. Question: How do you plan to use the preferred list sequence number? Answer: Answers may vary. However, many students will prefer to spread the activity to multiple servers. Rotating the preference for the databases through all available servers allows each server to serve client requests actively. References Exchange Server 2010 Help: Add a Mailbox Database Copy Module 7: Implementing High Availability Course 10135A
Demonstrate how to create a DAG by adding at least two servers to the group, and then adding a copy of one of the databases. Discuss the prerequisites for configuring a DAG, such as Windows Server 2008 Enterprise, and that Microsoft recommends that the failover clustering feature be installed prior to creating a DAG. Preparation Ensure that the 10135A-DC1, 10135A-VAN-EX1, and 10135A-VAN-EX2 virtual machines are running. Log on to 10135A-VAN-EX1 as Administrator with the password of Pa$$w0rd . Demonstration Steps You will create a new database availability group named DAG1, add member servers to it, and create a copy of a mailbox database. 10135A-VAN-EX1 and 10135A-VAN-EX2 already have the Mailbox server role installed and configured on them. They also have Windows failover clustering feature installed. 1. On VAN-EX1, click Start , click All Programs , click Microsoft Exchange Server 2010 , and then click Exchange Management Shell . 2. At the Exchange Management Shell prompt, type New-DatabaseAvailabilityGroup –Name DAG1 –WitnessServer VAN-DC1 -WitnessDirectory C:\\FSWDAG1 –DatabaseAvailabilityGroupIpAddress 10.10.0.25 , and then press ENTER. We recommend using the local Hub Transport server to act as the file share witness. A two-node DAG configuration requires a file share witness, since it requires a majority of votes at all times to maintain quorum. In a two-node cluster without a file share witness, when one of the nodes is rebooted, a majority of votes cannot be obtained and the cluster fails. You can specify the Hub Transport server and the local directory to be configured as the file share witness when you create a DAG. As a best practice, you should add the file share witness to other clusters too. Clusters with even numbers of nodes use the file share witness as a tie-breaker vote in establishing quorum. 3. At the Exchange Management Shell prompt, type Add-DatabaseAvailabilityGroupServer DAG1 –MailboxServer VAN-EX1 , and then press ENTER. 4. Click Start , click Programs , click Microsoft Exchange Server 2010 , and then click Exchange Management Console . 5. In the Console Tree, expand Microsoft Exchange On-Premises , expand Organization Configuration , and then click Mailbox . 6. In the Results pane, click the Database Availability Groups tab. 7. In the Work pane on the Database Availability Groups tab, right-click DAG1 , and then click Manage Database Availability Group Membership from the context menu. 8. In the Manage Database Availability Group Membership wizard, click Add . 9. In the Select Mailbox Server dialog box, click VAN-EX2 , and then click OK . Module 7: Implementing High Availability Course 10135A
10. In the Manage Database Availability Group Membership wizard, click Manage to complete the changes, and then click Finish to close the wizard. 11. In the Results pane, click the Database Management tab. 12. In the Results pane, click Mailbox Database 1 , and then in the Actions pane, click Add Mailbox Database Copy . 13. In the Add Mailbox Database Copy wizard, click Browse to select the server to which to add the copy. 14. In the Select Mailbox Server dialog box, click VAN-EX2 , and then click OK . 15. In the Add Mailbox Database Copy wizard, click Add to create the copy of Mailbox Database 1. 16. Review the results, and then click Finish . Question: What information do you need before configuring a DAG? Answer: At minimum, the administrator needs to know within which network the DAG will reside and the servers that will participate in the DAG. References Exchange Server 2010 Help: Create a Database Availability Group, Managing Database Availability Group Membership, and Managing Database Availability Groups Module 2: Configuring Mailbox Servers Course 10135A
The transport dumpster was first introduced in Exchange Server 2007 to allow for recovery of database failovers of Clustered Continuous Replication (CCR) and Local Continuous Replication (LCR) availability solutions. Module 7: Implementing High Availability Course 10135A
Discuss what would happen if a failure occurred and not all of the logs could be copied to the passive copy before you need to make it active. Discuss how to use the transport dumpster when failover occurs. Active manager selects the best copy to activate, as follows: 1. Enumerates the available copies 2 Ignores all servers that are unreachable 3. Sorts available copies by how up-to-date they are (content index, copy queue length and replay queue length). Breaks ties based on activation preference Activity Draw a simple Exchange Server messaging environment on the board. Be sure to include one Hub Transport server and two Mailbox servers configured in a DAG. Now walk through a scenario in which a message is delivered through the Hub Transport server to the active database on the first Mailbox server. Just after Exchange Server delivers the message, the server fails, and no data is recovered. Now walk through the steps on the slide to discuss how this database failover process works. Discuss the AutoDatabaseMountDial setting and when to use it. The three possible values for the AutoDatabaseMountDial setting are: BestAvailability . If you specify this value, the database automatically mounts if the copy queue length is less than or equal to twelve. The copy queue length is defined as the number of logs that the passive copies recognize as needing to be replicated. If the copy queue length is more than twelve, the database will not automatically mount. When the copy queue length is less than or equal to twelve, Exchange Server attempts to replicate the remaining logs to the passive copies and mount the database. GoodAvailability . If you specify this value, the databases automatically mount immediately after a failover, if the copy queue length is less than or equal to six. If the copy queue length is more than six, the databases do not automatically mount. When the copy queue length is less than or equal to six, Exchange Server attempts to replicate the remaining logs to the passive copy and mount the database. Lossless . If you specify this value, the databases do not automatically mount until all logs that were generated on the active copy are copied to the passive copy. References Exchange Server 2010 Help: Set-MailboxServer Module 7: Implementing High Availability Course 10135A
Demonstrate how to use the Exchange Management Console and Exchange Management Shell to review the available information regarding database replication health. In the demonstration, show how to view the health status of the database copies in the Exchange Management Console or Exchange Management Shell. Preparation Ensure that the 10135A-DC1, 10135A-VAN-EX1 and 10135A-VAN-EX2 virtual machines are running. Log on to 10135A-VAN-EX1 as Administrator with the password of Pa$$w0rd . Demonstration Steps 1. On VAN-EX1, click Start , click All Programs , click Microsoft Exchange Server 2010 , and then click Exchange Management Console . 2. In the Console Tree, expand Microsoft Exchange On-Premises , expand Organization Configuration , and then expand Mailbox . 3. In the Results pane, click the Database Management tab. 4. In the Results pane, click Mailbox Database 1 , and then in the Actions pane, in the bottom Mailbox Database 1 area, click Properties . 5. Review the information on the General tab: The database status might be Healthy, Initializing, Failed, Mounted, Dismounted, Disconnected, Suspended and Failed, Suspended, Resynchronizing, Seeding Describe Copy queue length (logs) and Replay queue length (logs) . 6. Click OK to close. Question: Why is monitoring these statistics important? Answer: As discussed previously, high availability is more than just redundant software and hardware. It is a crucial tool for identifying and reacting to problems quickly and effectively. Monitoring the statistics can help you do this. Module 7: Implementing High Availability Course 10135A
Module 7: Implementing High Availability Course 10135A
Discuss creating a client access array and that you should create an array of Client Access servers (using the New-ClientAccessArray cmdlet) in each site, and then load balance using one of the methods listed on the slide. Module 7: Implementing High Availability Course 10135A
Walk the students through a typical shadow redundancy scenario: Hub delivers message to Edge: a. Hub opens a Simple Mail Transfer Protocol (SMTP) session with Edge. b. Edge advertises shadow redundancy support. c. Hub notifies Edge to track discard status. d. Hub submits message to Edge. e. Edge acknowledges the receipt of message, and records the Hub’s name for sending the message’s discard information. f. Hub moves the message to the shadow queue for Edge, and marks Edge as the primary server. Hub becomes the shadow server. 2. Edge delivers message to next hop: a. Edge submits message to third-party mail server. b. Third party mail server acknowledges the message’s receipt. c. Edge updates the message’s discard status as delivery complete. 3. Hub queries Edge for discard status (success case): a. At end of each SMTP session with Edge, Hub queries Edge for discard status on messages previously submitted. If Hub has not opened any SMTP sessions with Edge after the initial message submission, it will open an SMTP session with Edge just to query for discard status after a specific time. b. Edge checks local discard status, sends back the list of messages that have been delivered, and removes the discard information. c. Hub server deletes the list of messages from its shadow queue. Hub queries Edge for discard status and resubmits the message (failure case): a. If Hub cannot contact Edge, Hub resumes the primary server role, and resubmits the messages in the shadow queue. b. Resubmitted messages are delivered to another Edge server, and the workflow starts from step 1. Within Exchange Server 2010, the Shadow Redundancy Manager (SRM) is the core component of a Transport server that is responsible for managing shadow redundancy. The SRM is responsible for maintaining the following information for all the primary messages that a server is currently processing: The shadow server for each primary message being processed. The discard status to be sent to shadow servers. If time permits, allow the students to create other scenarios that might occur, and then use the board to walk through how shadow redundancy provides easy recovery. References Exchange Server 2010 Help: Understanding Shadow Redundancy and Shadow Redundancy Mail Flow Scenarios Module 7: Implementing High Availability Course 10135A
Discuss the high availability options for the Edge Transport role. Be sure to mention why you might choose these options. Edge Transport also supports shadow redundancy, as mentioned in the previous slide, but shadow redundancy does not cover all scenarios because most of the messaging servers to which the Edge Transport role communicates do not support shadow redundancy. Acknowledge that you would use similar methods if you were using Hub Transports for inbound and outbound e-mail. Module 7: Implementing High Availability Course 10135A
In this lab, students will: Deploy a DAG Deploy highly available Hub Transport and Client Access servers Exercise 1 In this exercise, students will deploy a DAG and test continuous replication. Inputs: Students will be provided with the instructions on how to configure a DAG, and then how to configure multiple database copies. Outputs: Students will configure a DAG and configure multiple copies of a database between multiple servers. Students also will verify that continuous replication is working by performing a database switchover. Exercise 2 In this exercise, students will configure and test highly available Client Access and Hub Transport servers. Inputs: Students will be given instructions on how to make the Client Access and Hub Transport servers highly available. Outputs: Students will configure and verify network load balancing for Client Access servers, and verify that the Hub Transport servers are highly available. Exercise 3 In this exercise, students will verify that the high availability configuration is working properly. Inputs: Students will be give instructions on how to test the configuration for successful configuration. Outputs: Students will use the SMTP service and Queue Viewer to verify messages, and simulate a server failure. Before the students begin the lab, read the scenario associated with each exercise to the class. This will reinforce the broad issue that the students are troubleshooting and will help to facilitate the lab discussion at the module’s end. Remind the students to complete the discussion questions after the last lab exercise. Module 7: Implementing High Availability Course 10135A
Module 7: Implementing High Availability Course 10135A
Use the questions on the slide to guide the debriefing after students complete the lab exercises. Question: When might you choose to initiate a database switchover? Answer: You can initiate database switchovers to move databases off a DAG member for maintenance tasks, such as applying software updates. Question: If you deploy only two Hub Transport servers in an Active Directory® site, would shadow redundancy protect messages between mailboxes in the same site? Answer: Shadow redundancy does not protect messages delivered within the same site, because the messages will not have traversed more than one Hub Transport server. However, you can recover these messages using the transport dumpster functionality. Module 7: Implementing High Availability Course 10135A
Review Questions Question: Besides planning for Exchanger Server failures, what other failures should you consider? Answer: Exchange Server high availability configurations protect against software and server failures, and database corruption. It is important to consider larger issues, such as local network failures, Internet connectivity issues, and data center power and cooling failures. Question: In which scenarios might you use hardware load balancing with Edge Transport servers? Answer: In high utilization scenarios requiring hundreds of Edge Transport servers, it may make more sense to use a hardware load balancer than to create hundreds of Domain Name System (DNS) mail exchanger (MX) resource records. Doing this also may reduce the number of public IP addresses required. Common Issues and Troubleshoot Tips Point the students to possible troubleshooting tips for the issues that this section presents. Real-World Issues and Scenarios Question: An organization has several branch offices with a small number of employees. However, the organization needs to deploy a high availability solution in the remote offices. What configuration can it deploy to meet it business needs? Answer: It may be possible to deploy two servers and install the Mailbox, Hub Transport, and Client Access server roles on both. The organization can create a DAG and use a hardware load balancer to load balance client access connectivity. Question: An organization uses a variety of service-level agreements for database availability for different business units. It wants to minimize the number of mailbox servers it deploys. How can it do this? Answer: Deploy all Mailbox servers in a single DAG, and then configure each of the business unit’s mailbox databases with the appropriate number of copies to meet the service level. Best Practices Help the students understand the best practices presented in this section. Ask students to consider these best practices in the context of their own business situations. Module 7: Implementing High Availability Course 10135A