10135 b 07
-
Upload
wichien-saisorn -
Category
Documents
-
view
349 -
download
7
description
Transcript of 10135 b 07
Module 7
Implementing High Availability
Module Overview
• Overview of High Availability Options
• Configuring Highly Available Mailbox Databases
• Deploying Highly Available Non-Mailbox Servers
• Deploying High Availability with Site Resilience
Lesson 1: Overview of High Availability Options
• What Is High Availability?
• Discussion: Components of a High Availability Solution
What Is High Availability?
High availability:
• Implements system design that ensures a high level of operational continuity
• Is measured by the percentage of time the application is available
Availability Target Permitted Annual Downtime
99% 87 hours, 36 minutes
99.9% 8 hours, 46 minutes
99.99% 52 minutes, 34 seconds
99.999% 5 minutes, 15 seconds
Discussion: Components of a High Availability Solution
• Which components are important for running a high availability solution?
• What are some single points of failure in a messaging solution?
Lesson 2: Configuring Highly Available Mailbox Databases• What Is a Database Availability Group?
• What is Quorum?
• What Is Active Manager?
• What Is Continuous Replication?
• How Are Databases Protected in a DAG?
• Configuring a Database Availability Group
• Configuring Databases for High Availability
• Demonstration: How to Create and Configure a DAG
• What Is the Transport Dumpster?
• Understanding the Failover Process
• Designing Monitoring and Management for a DAG
• Demonstration: How to Monitor Replication Health
What Is a Database Availability Group?
A DAG is a collection of servers that provides the infrastructure for replicating and activating database copies. DAGs:
• Require the failover clustering feature, although all installation and configuration is done with the Exchange Server management tools
• Use Active Manager to control failover
• Use an enhanced version of the continuous replication technology that Exchange Server 2007 introduced
• Can be created after the Mailbox server is installed
• Allow a single database to be activated on another server in the group without affecting other databases
• Allow up to 16 copies of a single database on separate servers
• Define the boundary for replication
What Is Quorum?
Exchange Server 2010 DAG quorums:
• Are based on votes in Windows Server 2008
• Allow nodes, file shares, and shared disks to have votes, depending on the quorum mode
• Use node majority with a witness server for quorum:
• DAGs with an even number of Mailbox servers use the witness server
• DAGs with an odd number of Mailbox servers use node majority
Quorum defines consensus that enough cluster members are available to provide servicesQuorum defines consensus that enough cluster members are available to provide services
What Is Active Manager?
Active Manager:
• Runs a process on each server in the DAG
• One node is the PAM
• Remaining nodes are SAM
• Manages which database copies are active and which are passive
• Stores database state information
• Manages database switchover and failover processes
• Does not require direct administration configuration
What Is Continuous Replication?
Database Availability GroupDatabase Availability Group
DB1DB1
File Mode
Block Mode
DB1DB1 DB1DB1
ES
E L
og
Bu
ffer
ES
E L
og
Bu
ffer
Rep
licati
on
Log
Bu
ffer
Rep
licati
on
Log
Bu
ffer
Rep
licati
on
Log
Bu
ffer
Rep
licati
on
Log
Bu
ffer
How Are Databases Protected in a DAG?
DB4DB4
DB2DB2
DB3DB3
DB1DB1
DB2DB2
DB4DB4 DB4DB4
DB2DB2
DB3DB3
Continuous replication protects databases across servers in the DAGContinuous replication protects databases across servers in the DAG
Configuring Database Availability Group
To configure DAGs you must define the following:
Additionally consider these settings for larger or multi-site implementations:
• Witness Server – Server used to store witness information
• Witness Directory – directory used on the witness server to store witness information
• Database availability group IP addresses – IP address(es) used by DAG
• DAG Networks including replication
• DAG Network Compression
• DAG Network Encryption
• Third-Party Replication Mode
• Alternative Witness Server
• Alternative Witness Directory
Configuring Databases for High Availability
After creating a DAG, adding Mailbox servers to the DAG, and configuring the DAG, you must still do the following:
• Create database copies
• Set truncation lag time
• Set replay lag time
• Set preferred list sequence number
Demonstration: How to Create and Configure a DAG
In this demonstration, you will see how to create and configure a DAG
What Is the Transport Dumpster?
The transport dumpster:
• Protects against Mailbox server failures when transaction logs have been lost
• Keeps copies of all messages delivered in the transport queue (mail.que) until the transaction logs have replicated to all servers in the DAG, or until the maximum dumpster size is reached
• Redelivers missing email messages when a failure occurs
Understanding the Failover Process
If a failure occurs, the following steps occur for the failed database:
Active Manager determines the best copy to activate
The replication service on the target server attempts to copy missing log files from the best “source”:
• If successful, the database mounts with zero data loss
• If unsuccessful (failover), the database mounts based on the AutoDatabaseMountDial setting
The mounted database generates new log files (using the same log generation sequence)
Transport dumpster requests are initiated for the mounted database to recover lost messages
When original server or database recovers, it determines if any logs are missing or corrupt, and fixes them if possible
Designing Monitoring and Management for a DAG
• Allocate the necessary permissions for managing a DAG• Organization Management
• DAGs
• Database copies
• Failure may not be noticed
• Exchange Server 2010 SP1 or newer includes several scripts and commands for DAG monitoring and management
• Consider using System Center Operations Manager 2012
Demonstration: How to Monitor Replication Health
In this demonstration, you will see how to:
• Monitor replication health using the Exchange Management Console and the Exchange Management Shell
• View various status messages
• View available statistics
Lesson 3: Deploying Highly Available Non-Mailbox Servers
• How High Availability Works for Client Access Servers
• How Shadow Redundancy Provides High Availability for Hub Transport Servers
• How High Availability Works for Edge Transport Servers
How High Availability Works for Client Access Servers
A client access array is created with multiple Client Access servers. You can achieve high availability and load balancing by using one of these methods:
• Software-based NLB
• Hardware-based NLB
• Round-robin DNS
To configure a client access array:
• Configure existing databases using the Set-MailboxDatabase cmdlet with the RpcClientAccess parameter
• Use the New-ClientAccessArray cmdlet
• Configure internal URIs for Exchange services
Transport server delays message deletion until it verifies that the message has been delivered past the next hopTransport server delays message deletion until it verifies that the message has been delivered past the next hop
How Shadow Redundancy Provides High Availability for Hub Transport Servers
HubHub
External SMTP Mail
Server
External SMTP Mail
Server
Edge2Edge2
Edge1Edge11. Deliver to
Edge1
1. Deliver to Edge1
2. Deliver to next hop
2. Deliver to next hop
3. Query discard status
3. Query discard status
4. If failure, resubmit
4. If failure, resubmit
How High Availability Works for Edge Transport Servers
Load balancing and high availability methods for Edge Transportinclude:
• Multiple DNS MX records that are created to specify multiple authoritative SMTP servers for the domain.
• Hardware-based load balancing that is used to load balance inbound SMTP connections to any available Edge Transport server.
Load balancing and high availability methods for Edge Transportinclude:
• Multiple DNS MX records that are created to specify multiple authoritative SMTP servers for the domain
• Hardware-based load balancing that is used to load balance inbound SMTP connections to any available Edge Transport server
Lesson 4: Deploying High Availability with Site Resilience
• Requirements for Creating a Multiple Site DAG
• What Is Datacenter Activation Coordination Mode?
• Deploying Exchange 2010 for Site Resilience
• Switchover and Switchback Process with Site Resilience
• Best Practices for Site Resilient Solutions
Requirements for Creating a Multiple Site DAG
Requirements include:
• Other server roles must be available in each site
• At least one Mailbox server in each site
• DAC mode for DAGs that span multiple locations
• Prevents split-brain syndrome
• Round-trip network latency time of maximum 500 milliseconds between DAG members
What Is Datacenter Activation Coordination Mode?
DAC mode:
Data center 1
Data center 1
Data center 2
Data center 2
DACP=1DACP=1 DACP=1DACP=1 DACP=1DACP=1
DAG in DAC Mode
DAG in DAC Mode
DACP=0DACP=0DACP=0DACP=0
• Prevents split-brain syndrome
• Uses the DACP Protocol to decide if a database can be mounted
• 0 : Database cannot be mounted
• 1 : Database can be mounted
No DACP=1, no database mounted
No DACP=1, no database mounted
Mountdatabase
Mountdatabase
Data center 2
Data center 2
DACP=1DACP=1DACP=1DACP=1DACP=1DACP=1
Data center 1
Data center 1
DAG in DAC Mode
DAG in DAC Mode
Deploying Exchange 2010 for Site Resilience
Site resiliency:
• Does not require any special configuration for Hub Transport and Client Access servers
• The Edge Transport server:
• Requires Internet connectivity for the alternate data center
• Requires multiple MX records for incoming messages
• Requires the following server roles to be available in each site (besides the Mailbox role):
• Active Directory Domain Controller
• Hub Transport server
• Client Access server
Switchover and Switchback Process with Site Resilience
Site ASite A Site BSite B
DAG
Hub Transport(FSW)
Hub Transport(FSW)
Hub TransportHub TransportClient AccessClient Access Client AccessClient Access
(Alt FSW)(Alt FSW)
Best Practices for Site Resilient Solutions
Best practices include:
• Verify failover functionality with periodic testing
• Reduce failover time by using low TTL on DNS records for the Client Access server array, Client Access server URLs, and SMTP records
• Closely monitor replication health and other system components to ensure failover health
• Follow proper change-management procedures
• Prevent cluster network cross-talk
Lab: Implementing High Availability
• Exercise 1: Deploying a DAG
• Exercise 2: Deploying Highly Available Hub Transport and Client Access Servers
• Exercise 3: Testing the High Availability Configuration
Logon information
Estimated time: 60 minutes
Lab Scenario
You are the messaging administrator for A. Datum Corporation. You have completed the basic installation for three Exchange servers. Now you must complete the configuration so that they are highly available.
Lab Review
• When might you choose to initiate a database switchover?
• If you deploy only two Hub Transport servers in an Active Directory site, would shadow redundancy protect messages between mailboxes in the same site?
Module Review and Takeaways
• Review Questions
• Common Issues and Troubleshooting Tips
• Real-World Issues and Scenarios
• Best Practices