Exchange 2007 Architecture and Deployment Jim McBee [email protected] http://mostlyexchange.blogspot.com Agenda  Messaging Challenges  64-bit Exchange Architecture  Server Roles  High Availability  Upgrading to Exchange 2007  Summary.

Download Report

Transcript Exchange 2007 Architecture and Deployment Jim McBee [email protected] http://mostlyexchange.blogspot.com Agenda  Messaging Challenges  64-bit Exchange Architecture  Server Roles  High Availability  Upgrading to Exchange 2007  Summary.

Exchange 2007 Architecture
and Deployment
Jim McBee
[email protected]
http://mostlyexchange.blogspot.com
Agenda
 Messaging
Challenges
 64-bit Exchange Architecture
 Server Roles
 High Availability
 Upgrading to Exchange 2007
 Summary
Exchange 2007 Themes
IT Pro Situation
 E-mail
is mission-
critical
 E-mail
systems
too complex/
expensive
 Management
tasks tedious,
not automated
Control
Info Worker Situation
 Users
want easy
access to all their
communications
 Mobile
devices are
increasingly
common
 Calendaring
is
frustrating
Anywhere
Access
Org-wide Situation
 Security
the top
concern
 Spam
and viruses
compromise the
e-mail experience
 Regulatory
compliance
critical in many
industries
Built-In
Protection
Why upgrade to Exchange 2007?












More scalable
Greatly improved OWA
Consistent scripting interface
Auto-discovery for Outlook
2007
Customizable over-quota and
NDR messages
Per-Recipient Journaling
Schedule-able OOF
Local Continuous Replication
Clustered Continuous
Replication
Message routing based on
Active Directory sites
No more Administrative
Groups!
Restore databases to any
server










Unified messaging (voice
mail, faxing, Outlook Voice
Access)
Per-User Safe Sender and
Blocked Sender lists
Transport rules (disclaimers,
message security, attachment
filtering)
E-mail Lifecycle Management
OWA SharePoint document
access
Improved message transport
security
Simplified Exchange
Management Console
Improved anti-spam features
32KB rules limit gone!
Calendar Concierge
The New Exchange
Architecture
The Move to 64 Bits

Improved caching
–
No more 4GB barrier
– Can reduce I/O up to 70%

Reduce number of required
spindles
–

Removes kernel bottlenecks
–
–


Fewer, larger drives to meet
requirements
Paged pool
Non-paged pool
Increases simultaneous
connections
Recommended RAM
–
2GB + 10MB per user
Why Change the Architecture?
 Scalability:
support larger mailboxes and
a larger number of connected clients
 Simplicity: use existing concepts in the
underlying Windows operating system
 Flexibility: provide more flexibility in
deploying and managing Exchange
 Trustworthy: protect against attacks,
malware, eavesdropping, and tampering
Simplified Deployment
 Improved
management (see in EX02)
–
Exchange Management Console
– Exchange Management Shell
– Administrative model
 Role-based
deployment
 Improved installation process
 No more administrative groups
 Improved high availability features
Server Roles
Improved Installation

Role Based installation
aims to reduce
management complexity
and improve security
–
–
–


Servers can be optimized
for the roles installed on it
Increased availability
through load balancing
and clustering by roles
Management by server
roles is more intuitive
Install via GUI / Wizard
Command line/scriptable
–
Unattended Install
(Exchange Management
Shell)
Exchange 2007 Server Roles
By defining well-described roles, we can:
–
–


Remove unnecessary functionality
Reduce the attack surface
Benefit: optimize server performance
Benefit: reduced exposure in the perimeter
Hub
Transport
Server
Client
Access
Server
Mailbox
Server
Unified
Messaging
Server
Edge
Transport
Server
Perimeter Network
Protected Network
Server Roles 1/5

Edge Transport
–
Must be on its own separate physical machine
– No other roles installed
– May be workgroup member or joined to an Active
Directory domain
– Uses Active Directory Application Mode (ADAM) for
configuration and recipient information
– Perimeter policy enforcement (see EX03)
– Message hygiene (see EX04)
•
•
•
Anti-spam
Transport anti-virus
Not Required
Server Roles 2/5

Client Access Server (CAS)
–
–
–
–
–
Supports Outlook Web Access, Exchange
ActiveSync, Outlook Anywhere (formerly
RPC/HTTPS), POP3 and IMAP4 protocols, Autodiscover, and Web services
At least one CAS in each site and domain where
mailbox servers exist
Requires good network connection to mailbox
servers
Uses RPC communication to mailbox server
MAPI/RPC clients connects directly to the mailbox
servers
Server Roles 3/5
 Hub
Transport
–
Handles message delivery and routing (see
EX03)
– Applies policies to incoming and outgoing
mail (see EX03)
– Can handle message hygiene functions
– Reduces cost and complexity
•
•
Provides more predictable routing
Reduces downtime
Server Roles 4/5
 Mailbox
–
–
–
–
–
Responsible for serving mailbox databases
and public folders
Mailbox access through MAPI
Possible to require MAPI encryption
Possible to run without public folders
HA options:
•
•
•
Local Continuous Replication (LCR)
Cluster Continuous Replication (CCR)
Single Copy Cluster (SCC)
Server Roles 5/5
 Unified
Messaging
–
Placed in the protected corporate network
– Requires that Mailbox and Hub Transport
roles exist
– Check with your phone vendor to see if their
phone system will work with UM server
•
May require PBX gateway
Network Placement

Edge Transport Server:
–
–
Perimeter placement recommended
Should not be a member of corporate AD forest
•
•
–

Must be connected to a Hub Transport server
Client Access Server:
–
–

Perimeter AD forest
Workgroup
ISA can publish OWA, RPC over HTTP, and
ActiveSync
At least one in every AD site with a mailbox server
Hub Transport:
–
At least one in every AD site with a mailbox server
Enterprise Topology
SMTP
Server
Edge
Transport
Hub
Transport
Routing
Routing
Mailbox
Hygiene
Policy
Public
Folders
Mailbox
PBX/
VoIP
`
Unified
Messaging
External
Clients
`
Client
Access
Applications
OWA
Internal
Clients
Protocols
EAS, POP, IMAP,
Outlook Anywhere
Programmability
Web services, Web parts
Voice
Messaging
Fax
Outlook Voice
Access
Things to Consider

Interdependencies
–
–
–

Fault tolerance
–
–
–

Mailbox servers require the Hub Transport role for message
delivery – even to the same database
The CAS roles provide OWA, ActiveSync, RPC over HTTP,
the Availability Service, Auto-discovery, and more
The Edge role requires a Hub Transport server
Mailbox servers can only talk to Hub Transport servers in the
same Active Directory site
Mailbox servers will talk to Hubs on the same server before
other Hubs in the same Active Directory site
For proxy & re-direct scenarios CAS connects to "best" CAS
CAS not the same as FE servers
Changes to Message Routing
Changes to Message Routing


Routing uses Active Directory sites
Hub Transport in one site always attempts
direct connect to another site first
–
When direct relay is not possible, uses automatically
established connections based on:
•
•
•




Sites
Site Links
Costs
RGs and RGCs not required
No more link state updates
Automatic configuration of routing topology
Division of services between Hub and Edge
Changes to Message Routing

Hub Transport routing changes significantly
–
–
–
First, select a route
Then, attempt direct delivery along the route
Delay fan-out as long as possible
•

Delay “bifurcation” or message split
Route selection is simplified and deterministic
–
–
–
Identify least cost route
If multiple routes with same cost, choose one with
lowest hop count
If equal sites exist, find last site prior to destination
Routing example
Site A
Site C
Site B
Site D
To Edge or Not To Edge
 Edge
servers are optional
 You can continue to use other perimeter
SMTP relays and smart hosts
 Hub Transport role can receive mail
directly from the Internet or send mail
directly to the Internet
High Availability
Focus on High Availability

Improve data availability
–
–

Protect mailbox data from failures and corruptions
Reduce time required to restore mailbox data
Service availability
–
Make mailbox data more available
– Make cluster failover less painful
– Make cluster management easier
– Support for ‘stretch’ or ‘geo-clusters’
– Allow large mailboxes inexpensively
High Availability Options

Hub Transport Role
–
–

Edge, Client Access Server and Unified Messaging
Roles
–
–
–
–

Redundant hardware
Automatically load balanced and redundant with multiple HTs
Redundant hardware
Windows NLB or third party load balancing
Round robin DNS
DNS MX records (Edge only)
Mailbox Server Role
–
–
–
–
Replication and clustering
Local Continuous Replication (LCR for single servers)
Clustered Continuous Replication (CCR)
Single Copy Clustering (SCC)
Local Continuous Replication

Additional copy of the logs
–
–

On the same server
On a different volume
Benefits
–
Easy configuration
– Single datacenter
– Doesn’t require expensive hardware
– Online backups
– Very quick restoration of service

Drawbacks
–
–
Manual activation
Additional storage requirements
LCR Diagrammed
Server
Transaction
Logs
Database
Copy of Database
Copy of
Transaction
Logs
Clustered Continuous Replication

Benefits
–
Potentially no single point of failure
– Two copies of the data on separate servers
– No need for shared storage.
– Full redundancy with automatic recovery
– Backup mailboxes without disturbing production
– Doesn’t require validation for clustered configuration

Drawbacks
–
–
–
–
Initial database seeding required
Servers must be on same subnet
Transaction logs pulled over SMB shares
Some scenarios required log validation, replay
CCR Caveats

Requires Microsoft Cluster Services
–
–


Two-node, Active/Passive only
Backup:
–
–


Majority Node Set cluster
Requires a third “voting” node - uses a shared folder
Streaming backup against production storage
groups
VSS backup against production and replica storage
groups
Limit of one database per storage group
Can be used for PF database if it is the only PF
database in the organization
CCR Diagrammed
Server 1
Database
Transaction
Logs
Server 2
Replicated
Transaction
Logs
Rebuilt
Database
LCR versus CCR

LCR
–
–
–
–
–
Focused towards resiliency
Improve restore time
Administrator has to initiate restore manually
Single data-center solution
Implements log shipping and replay out of the box
•

Log files are copied locally and replayed
CCR
–
–
Targeted towards site resiliency
Automatic failovers
– Single or two-data center solution
– Supports “stretch” option
– Implements log shipping and replay out of the box
•
–
Log files are copied to remote server and replayed
Simplifies cluster deployment
•
No SAN or shared storage
Shared Copy Clusters


Requires Microsoft Cluster Services
Benefits
–
–
–

Improved Exchange Cluster setup
Traditional clustering used today
Failovers use the same data copy
Disadvantages
–
–
–
–
–
Requires expensive hardware with shared storage
Can be complicated for admins to learn
Doesn’t protect from storage/data issues
Servers must be on same IP subnet
Data redundancy provided through partners
SCC Diagrammed
Server 1
Server 2
Shared Storage
Upgrading to Exchange Server
2007
Upgrade Paths

Can upgrade organization from:
–
–

Exchange 2000 Server
Exchange Server 2003
Cannot upgrade org from Exchange 5.5
 No in-place server upgrades
 Move all existing mailboxes and services
 Consolidate
 Most new mailbox features require mailbox to
be homed on Exchange 2007
 Many new features require Outlook 2007
Keeping Older Exchange Versions

Exchange 2000
–
Microsoft Mobile Information Server
– Instant Messaging Service
– Exchange Chat Service
– Exchange 2000 Conferencing Server
– Key Management Service
– cc:Mail Connector
– MS Mail Connector

Exchange 2003
–
–
Novell GroupWise Connector
Public folder access over OWA
Extending Exchange 2007

Agent API
–
–

Management API
–
–
–
–

Transport agents
Managed code
Built on Exchange Management Shell
Complete access to all functionality
Scripts can integrate .NET objects
Can be called from managed code
Web Services API
–
–
Consistent remote interface into the store
Replaces WebDAV
De-emphasized APIs
Old API
Replaced by
CDOSYS
SMTP Transport Events
Agent API
CDO 1.2.1
CDOEx
EXOLEDB
OWA URL commands
Store Events
WebDAV
Web Services for
Exchange
Cut APIs
Old API
CDOExM
ESEdbcli2
Exchange WMI classes
Queue Viewer API
EDK Gateway
Routing Objects
CDO for Workflow
Workflow Designer
5.5 Event Service
ExIFS
WSS Forms
Replaced by
Management API
Agent API
Windows Workflow
Foundation
ASP.NET
Infrastructure Requirements



Schema Master DC requires Windows 2003 SP1
GCs used by Exchange 2007 require Windows 2003 SP1
AD domain functional level must be Windows 2000 native or
higher for:
–
Each domain that will host Exchange 2007 servers
– Each domain that will host mail-enabled users

Multi forest topologies and forest trusts
–




Minimum forest functional level is Windows Server 2003.
No Exchange Server 5.5 servers in the organization; organization
must be in native mode
DNS is correctly configured for the Active Directory forest
Active Directory is prepared
Note: WINS is no longer required
The Typical Upgrade






Prepare Active Directory
Deploy Edge Transport servers - Optional
Deploy CAS servers
Deploy Hub Transport servers
Deploy Mailbox servers
Move resources from Exchange 2000/2003
servers
 Uninstall Exchange 2000/2003 servers from
the Exchange organization
 Remove connectors between RGs
 Remove RGs
Summary
 64
bit architecture provides scalability
and consolidation wins
 Improved installation with role-based
deployment
 More High Availability options
 Closer integration with Windows and
Active Directory for consistent, flexible
administration
 New and improved management tools
For more information

Visit TechNet
–


Visit the Exchange 2007 home page
–
http://www.microsoft.com/exchange/preview/default.mspx
–
Get signed up for Beta 2!
Exchange Team blog
–

http://msexchangeteam.com
Exchange 2007 Documentation
–

http://www.microsoft.com/technet
http://go.microsoft.com/fwlink/?LinkId=69434
Requirements
–
http://www.microsoft.com/technet/prodtechnol/exchange/2007/
productevaluation/sysreqs.mspx
Questions?