Exchange Server 2010 Paradigm Shifts Scott Schnoll Blog: http://blogs.technet.com/scottschnoll Twitter: @schnoll Email: [email protected] Overview • Exchange 2010 Vision • Enable customers to deploy large, fast, low-cost mailboxes.
Download ReportTranscript Exchange Server 2010 Paradigm Shifts Scott Schnoll Blog: http://blogs.technet.com/scottschnoll Twitter: @schnoll Email: [email protected] Overview • Exchange 2010 Vision • Enable customers to deploy large, fast, low-cost mailboxes.
Exchange Server 2010 Paradigm Shifts Scott Schnoll Blog: http://blogs.technet.com/scottschnoll Twitter: @schnoll Email: [email protected] Overview • Exchange 2010 Vision • Enable customers to deploy large, fast, low-cost mailboxes onpremises and/or in the cloud, while ensuring email is secure • To achieve this vision, several paradigm shifts have occurred, most notably in the areas of: • Storage • High Availability • Disaster Recovery • Long-term Data Storage • Information Protection Control Email Trends Email is still business critical “Business users report that they currently spend 19 percent of their work days, or close to two hours per day, on email.” – Messaging & Collaboration – Business User Survey 2007, Radicati Email volume is still growing “The average corporate user, today, can expect to send and receive about 156 messages a day, and this number is expected to grow to about 233 messages a day by 2012. An increase of 33 percent over the four-year period.” – Messaging & Collaboration – Business User Survey 2008, Radicati Users expect larger corporate mailboxes Large Mailbox Benefits • Improve user productivity • Access to all email from all clients • Less time spent managing mailbox quota • Eliminate PST files and associated issues with them • Reduce IT operations costs • Simplify email discovery and retention management • Eliminate proliferation of PST files stored outside of IT control • Utilize high-capacity disk drives efficiently • Remove need for third-party quota management software Large Mailbox Challenges & Solutions (Client Experiences) Risk / Issue Mitigation Outlook 2007 Performance (Cached Mode) • • • Outlook 2007 (Online)/OWA Performance • • Performance Improvements: Office 2007 SP2 (KB953195) Updated OST sizing guidance (10GB) • Utilize the Archive Mailbox to reduce data cached to OST Exchange 2010 Store/ESE changes • Exchange 2010 Store/ESE changes • Exchange 2010 Search Performance Improvements Items/folder Limitations View Creation Performance Client Search Performance • • • Real-time result views 2x increase in indexing performance Exchange 2010 Store/ESE changes Large Mailbox Challenges & Solutions (Deployment/Ops) Risk / Issue Mitigation Long Backup Times • Backup architecture changes • • • Backup off passive copies Weekly or Bi-monthly full backups Exchange Native Data Protection features • DPM Express Full Backups Fast Recovery Requirements (RTO) • Mailbox Resiliency (multiple database copies) High Storage Costs • Exchange 2010 Store/ESE changes Move Mailbox Downtime • Exchange 2010 Online Move Mailbox Database Maintenance • Exchange 2010 Store/ESE changes • • • • • IOPS RAID overhead Online Maintenance Duration (OLD) DB corruption (-1018) pain point DB re-seed performance hit on active copy Storage Improvements Choose from a range of storage technologies to reduce costs without sacrificing system availability Storage Area Network (SAN) Direct Attached w/ SAS Disks SATA Disks JBOD (RAID-less) DB IOPS/Mailbox Exchange 2010 storage enhancements E2003 E2007 E2010 Read IOPS Write IOPS • 91.5% reduction in IOPS over Exchange Server 2003 • Smoother IO patterns • Resilience against corruption What disks should I deploy? • IO workload has changed from many, small, random IOs, to larger, fewer, more sequential IOs • You can deploy mailboxes on slower disks • IO reduction enables deployment of large, low-cost mailboxes • You can deploy on high capacity disks • You can design your solution to balance both the IO and capacity aspects of a disk • 7.2K RPM SATA/SAS disks are the sweet spot when deploying large mailboxes Exchange 2010 Architectural Changes AD site: Dallas Clients connect via CAS servers Client DB1 DB3 DB5 AD site: San Jose Easy to extend across AD sites Failover managed within/by Exchange DB1 DB4 DB2 DB5 DB3 DB2 DB5 DB3 DB1 DB4 DB3 DB1 DB4 DB2 DB5 Database-centric failover Mailbox Resiliency • Enables deployment of large, low-cost mailboxes due to fast recovery mechanism • Single solution for High Availability, Disaster Recovery, and Site Resilience • Simplified administration reduces complexity • Same automated database failover process used for a range for failures— disk, server, network • Built-in features for mailbox recovery • Improved availability and fast recovery • 30 second database activation events • Native replication features that include log inspection and page patching • SP1 adds Continuous Replication - Block Mode JBOD – Now an Option • Just a Bunch of Disks (JBOD) configuration • One disk per database/log • Database copies provide resilience from disk failures • Self-healing! • Automatic page repair improves resiliency DB1-Active DB1-CopyA DB1-CopyB Log Log Log Page1 Page1 Page1 Page2 Page2 Page2 Page3 Page3 Page3 Database Database Database Multi-Role and Virtualized Servers Options • Today’s processors are extremely fast • Newest processors are achieving 5000-6000+ megacycles per core when compared with our baseline • The only way to scale Exchange to utilize these processors is to: • Scale up # mailboxes • Virtualize • Multi-role • Use a combination of the above methodologies to find the sweet spot that utilizes the hardware as effectively as possible • Remember to size the servers for the worst case scenario • 40% mailbox CPU usage for multi-role • 80% mailbox CPU usage for single-role Disaster Recovery Scenarios Reason for Backup Legacy Exchange Feature Exchange 2010 Feature E2003 – SAN Replication E2007 – CCR+SCR Point-in-Time (PIT) Backup Isolated PIT (iPIT) Backup iPIT Backup and/or 3rd Party Solution iPIT Backup and/or 3rd Party Solution Traditional Backup Support • Traditional point-in-time backups useful for: • • • • Point-in-time mailbox snapshots Offsite disaster recovery with a single datacenter deployment Public folder backups Compliance scenarios • VSS backup and restore supported at database level • Backup from active and passive copies • VSS Restore to Active only • Exchange 2010 plug-in for Windows Server® Backup • Volume level backup • Application (Exchange) level restore Exchange Native Data Protection • Relies on Exchange to protect your data, without traditional backups (no WSB or third-party backups) • Requires • Mailbox resiliency (recommendation is a minimum of 3 HA database copies) • Single Item Recovery • A lagged copy can be deployed, but is not required Why Archive Your Email? Storage Management • Balance mailbox size demands with available storage resources • Reduce the proliferation of .PST files stored outside of IT control • Improve overall application and network performance Data Retention • Meet industry and regulatory email data retention requirements • Support ongoing compliance, litigation, or personnel matters • Preserve valuable intellectual property and corporate assets Discovery • Respond to strict timelines for legal discovery orders • Reduce costs involved in searching for and retrieving email data • Report on email communications as part of auditing procedures Potential Barriers to Archiving A Poor User Experience • • • Unfamiliar experience for your users Separate tools for searching and accessing archived email Loss of full fidelity of Exchange user productivity features Complex Administrative Experience • • • Difficulty deploying add-ins and impact to Outlook® performance Different methods for conducting multi-mailbox searches Complexity managing high availability and access to the archive High Costs and Overhead • • • Separate archive infrastructure investment Additional archive management overhead User training and education costs A Familiar Personal Archive • Archive Primary Mailbox • • • A specialized Exchange mailbox configured and associated with the user’s primary mailbox Delivers a familiar experience by seamlessly surfacing in both Outlook and Outlook Web App Users can use the same methods they already use today to interact with archive email: − − − − “Drag and Drop” email to folders Create folders and categorize Conduct searches and filter results Reply to messages and set flags Separate quotas may be set for archive and primary mailboxes Exchange 2010 Archive Autodiscover (4) OLK connects to the Archive (1) OLK does Autodiscover (3) OLK receives Archive props in Autodiscover response AD Exchange 2010 CAS User Object (2) Autodiscover reads Archive properties Mailbox Props Archive Props MRM Props No Outlook Restart! A Seamless User Experience Read, reply, and navigate archived email same as live email Conversation view scoped to archived email Primary mailbox folder hierarchy maintained One User Search Experience Same search steps with option to search across archived email When to deploy the Personal Archive • Exchange 2010 enables data segregation • You can deploy a single mailbox per user or have two mailboxes per user • The choice really breaks down to data size and user experience • Personal archive data cannot be cached to the Outlook client • With 5400/7200 RPM client hard drives, 10GB is the recommended OST size • Enables data segregation at the mailbox store level Tiered Storage Support • Users primary and archive mailboxes can be located on the same or separate databases • Mailboxes can be moved together or separately • Allows for different storage hardware, DAGs, RPOs, RTOs, etc. • Exchange 2010 SP1 supports: • • • • Primary and Archive On-Premises (Same DB) Primary and Archive On-Premises (Different DBs) Primary and Archive in the Cloud Primary On-Premises and Archive in the Cloud Mailbox Moves • In previous releases, mailbox moves could prohibit large mailbox adoption • 1GB mailbox could take 90 minutes or more to move which impacts service availability • Exchange 2010 introduces new capabilities • Mailbox moves no longer performed through administrative machine • Asynchronous mailbox moves carried out by the Microsoft Exchange Mailbox Replication service • Mailboxes are kept online during the move process (E2007 SP2->E2010, E2010->E2010) • Dumpster data is retained Migrate Primary and/or Archive (6) Outlook connects to target CAS server (5) Autodiscover finds new database (4) OLK does autodiscover AD User Object CAS for Source DB Move Request Service (1) MRS starts move request E2010 Source DB Primary Mailbox CAS for Target DB Archive Mailbox Mailbox Props Archive Props MRM Props (3) MRS updates AD with new target database (2) MRS moves data to target E2010 Target DB Primary Mailbox Archive Mailbox Compliance Policy in Exchange 2010 Integrated e-mail archiving capabilities offer tools to preserve and discover e-mail data, without changing the user or IT professional experience • Secondary mailbox with separate quota • Appears in Outlook and OWA • Managed through EMC or PowerShell • Automated and time-based criteria • Set policies at item or folder level • Expiry date shown in e-mail message • Capture deleted and edited e-mail messages • Offers single item restore • Notify user on hold • Configuration Audit logged to regular mailbox • Web-based UI • Search primary, archive, and recoverable items • Delegate through rolesbased admin • Audit Log Reports Compliance Policy in Exchange 2010 SP1 Provide a richer feature set incorporating customer feedback and take archive and discovery to the cloud • • • • • • Archive on a separate DB Archive in the cloud Outlook 2007 Support PST Import into Archive Admin Delegation EWS Support • Managed through EMC • EWS Support for Archive • Support for Tasks, Calendar and Voicemail • Automatically move content from the Primary to Archive dumpster • Managed through ECP • Mailbox audit • Manage through ECP, cmdlets • Report and exports results • • • • • • • Search Preview De-duplication Search and Destroy Annotations Cross Premise Search Cmdlet Auditing Non-Owner Auditing Retention Management Set policies that allow you to define, deploy, and automate the expiry and archiving of email • Archive Policy • • Automatically move content to personal archive Time-based criteria (such as email older than 2 years) Preserves primary mailbox folder hierarchy Retention Policy • • • Automatically delete content Time-based criteria (such as email older than 2 years) Retention policies travel with archived messages • Automatically move message to archive after ‘x’ months, then delete from archive after ‘y’ months More specific policies override generic defaults Combined Policies • Move and Delete Concepts • Retention Tag • Name, Action, Time period • Action is Move or Delete • Admin mandated or User applied • All Items in Inbox are deleted in 3 years • Items and Folders may have a 2 year Archive Policy • Retention Policies • Retention tags • Policies span to groups of users like ‘Accounting’ • User has one policy and many tags applied Granular Yet Flexible Policies Allow your users to select policies for items or folders in Outlook and Outlook Web App Apply Retention and Archive policies to individual messages Policies assigned to all email within a folder Retention policy and expiry details Retention Policy Framework Primary Mailbox Message moved to Project X folder Inbox RE:Contract Messages moved 2 years after receipt Deleted Items Project X • • Archive Mailbox Inbox RE:Contract Deleted Items Messages moved 5 years after receipt Project X Admin created − Default Move Policy of 2 years, Delete Policy of 10 years − Optional Move Policy of 5 years, Delete Policy of Never User applied − Optional Policy of 5 years applied to Project X folder − Optional Policy of Never applied to Item “Contract” Message Never Deleted Messages deleted 10 years after receipt Hold Policies – Single Item Recovery (1) Message delivered Mailbox • 1-2 yrs of E-mail • Size 2-10GB • Online and Offline Inbox (2) Message moved to Deleted Items (3) Message deleted … Deleted Items Recoverable Items Deletions (4) Message “purged” by user Versions Purges (6) Messages purged by 14 day (or custom DIRW) policy • Single Item Recovery is disabled by default • Can be enabled via set-mailbox (5) Message Edited Hold Policies – Litigation Hold (1) Message delivered Mailbox • 1-2 yrs of E-mail • Size 2-10GB • Online and Offline Inbox (2) Message moved to Deleted Items (3) Message deleted … (5) Message Edited Deleted Items Recoverable Items Deletions (4) Message “purged” by user • Versions Purges Litigation Hold is disabled by default • Can be enabled via set-mailbox (6) Messages are moved to Purges folder (based on DIR Window), but are not purged from the system Web-Based Multi-Mailbox Search Empower compliance officers to conduct multi-mailbox searches with ease Delegate capability to specialist users Rich search criteria and targeting options Results stored in specialized discovery mailbox Improved Workflow in SP1 • • • Search preview provides info on estimated number of results with keyword statistics before copying result set to designated discovery mailbox De-duplication of search results copies only one instance of a message Searchable annotation offers tagging of reviewed items Simplified e-Discovery Results Mailbox searches include results from primary and archive mailboxes, as well as recoverable items Use built-in search and filtering to conduct additional investigation One query searches all possible locations Attachments included with search results The High Cost of Data Leakage “Public-relations firm faces PR nightmare after unintentionally emailing journalists about one of its clients.” “College staff member accidentally emails attachment containing personal information of 15,794 graduates.” “Secret Service agent sends unencrypted email revealing details of vice presidential tour.” Information Protection and Control Exchange Server 2010 can automatically inspect messages and apply appropriate policies to protect data and control unauthorized or accidental distribution • Alert sender about possible risks or policy violations • Option of customized MailTips • Inspect both messages and attachments • Apply controls to all email sent and received • Delegate through rolesbased admin • Apply IRM automatically • Access messages in OWA, EAS • Decrypt protected messages to enable search, filtering, journaling, transport rules • Protect sensitive voicemail • Extend access to partners Protection and Control Scenarios Ethical Wall Restrict email between analysts and brokers • Transport rules to block mail between specific users or groups Supervision Manager required to signoff on mail to sensitive partner • Send to manager for approval • MailTips for moderated recipients Inappropriate content • Filter for keywords and block, redirect, modify HR Policy Privacy HIPAA (health data) GLBA (financial data) PIPEDA (Canada) PCI (Worldwide) • Apply MailTips to alerts for external recipients • Apply IRM protection to control access • Monitor for credit card numbers and other personally identifiable information (PII) Signatures EUDPD 2003/58/EC • Append disclaimer that includes name, title, department, etc. MailTips Protect sensitive data from accidental distribution Create custom MailTips to prompt policy reminders Apply multiple alerts MailTips Architecture 1. Site A 2. Site B Client queries EWS for MailTips. CAS gathers MailTip data: a. b. Mail Client GC MBX c. d. MBX CAS CAS 3. CAS queries AD and reads group metrics data. If the recipient is local, CAS queries the MBX server to gather the Automatic Replies and Mailbox Full MailTips. If the recipient is remote, CAS requests the MailTips information from the CAS in the remote site. CAS in the remote site queries the local Mailbox server for MailTip data. The remote CAS proxies the results back to the requesting Client Access server. CAS returns MailTip data back to the client. Transport Rules If the message... Is from a member of the group ‘Executives’ And is sent to recipients that are 'Outside the organization' And contains the keyword ‘Merger’ Do the following... Redirect message to: [email protected] Except if the message... Is sent to ‘[email protected] • • • • Executed on the Hub Transport Server Structured like Inbox rules Apply to all messages sent inside and outside the organization Configured with simple GUI in Exchange Management Console IRM Support Information Rights Management (IRM) provides persistent protection to control who can access, forward, print, or copy sensitive data within an email. • Persistent protection – Protects your sensitive information no matter where it is sent – Usage rights locked within the document itself – Protects online and offline, inside and outside of the firewall • Granular control – Users apply IRM protection directly within an email – Organizations can create custom usage policy templates such as "Confidential—Read Only" – Limit file access to only authorized users Transport Protection Rules Apply RMS policies automatically using Transport Rules Apply “Do Not Forward” or custom RMS templates • IRM protection can be triggered based on sender, recipient, content and other conditions • Office 2003, 2007, and 2010 attachments also protected How IRM Transport Rules works Active Directory® Domain Services (AD DS) SCP: Service Connection Point RAC: RMS Account Certificate CLC: Client Licensor Certificate 2. On first use, Exchange does an SCP lookup for the RMS server. AD DS RMS 3. Exchange requests a RAC and CLC for the “shared identity” account. These are saved and re-used. * Super user not required. Hub Transport 1. Mail marked for protection. 4. Message is protected using the CLC. The owner of the message is the original sender. 5. Message is delivered to the recipient with RMS protection applied. Outlook Protection Rules Adding recipient (department, identity, scope) or distribution list can trigger IRM protection automatically before sending IRM protection can still be applied manually User can be granted option to turn off rule for non-sensitive email How Outlook Protection Rules work AD DS RMS 1. Administrator defines a set of Outlook Protection Rules. These are exposed via a web service to clients. Client Access Server 2. When the user connects to Exchange via CAS, the rules are automatically downloaded. They are then frequently updated on the client based on administrator changes. 3. The first time a rule triggers the user is asked to get a RAC and CLC from RMS. 4. The message is protected before the user sends. User can override (if rule allows). IRM Decryption Infected messages and spam can be filtered Protected messages sent to transport server Messages are reencrypted and delivered Messages and attachments decrypted to enable content filtering, transport rules Journaled messages include decrypted cleartext copy Summary • Exchange 2010 is designed to be deployed by scaling out with cheap commodity servers and cheap disks which can result in a cheaper, better admin and client experiences • You can deploy 10GB+ mailboxes on slow, high capacity spindles and quickly recover from failure using built-in high availability features • You can leverage the archiving functionality to manage shortterm and long-term data • You can remove or reduce your dependence on traditional backups • You can leverage transport rules to encrypt and prevent data leakage Questions? Stay up to date with TechNet Belux Register for our newsletters and stay up to date: http://www.technet-newsletters.be • Technical updates • Event announcements and registration • Top downloads Join us on Facebook Download MSDN/TechNet Desktop Gadget http://www.facebook.com/technetbe http://bit.ly/msdntngadget http://www.facebook.com/technetbelux LinkedIn: http://linkd.in/technetbelux/ Twitter: @technetbelux TechDays 2011 On-Demand • Watch this session on-demand via TechNet Edge http://technet.microsoft.com/fr-be/edge/ http://technet.microsoft.com/nl-be/edge/ • Download to your favorite MP3 or video player • Get access to slides and recommended resources by the speakers THANK YOU