350 likes | 518 Views
Module 7 Implementing High Availability. Module Overview. Overview of High Availability Options Configuring Highly Available Mailbox Databases Deploying Highly Available Non-Mailbox Servers Deploying High Availability with Site Resilience. Lesson 1: Overview of High Availability Options .
E N D
Module 7 Implementing High Availability
Module Overview Overview of High Availability Options Configuring Highly Available Mailbox Databases Deploying Highly Available Non-Mailbox Servers Deploying High Availability with Site Resilience
Lesson 1: Overview of High Availability Options • What Is High Availability? • Discussion: Components of a High Availability Solution
What Is High Availability? High availability: • Implements system design that ensures a high level of operational continuity • Is measured by the percentage of time the application is available
Discussion: Components of a High Availability Solution • Which components are important for running a high availability solution? • What are some single points of failure in a messaging solution?
Lesson 2: Configuring Highly Available Mailbox Databases What Is a Database Availability Group? What is Quorum? What Is Active Manager? What Is Continuous Replication? How Are Databases Protected in a DAG? Configuring a Database Availability Group Configuring Databases for High Availability Demonstration: How to Create and Configure a DAG What Is the Transport Dumpster? Understanding the Failover Process Designing Monitoring and Management for a DAG Demonstration: How to Monitor Replication Health
What Is a Database Availability Group? A DAG is a collection of servers that provides the infrastructure for replicating and activating database copies. DAGs: • Require the failover clustering feature, although all installation and configuration is done with the Exchange Server management tools • Use Active Manager to control failover • Use an enhanced version of the continuous replication technology that Exchange Server 2007 introduced • Can be created after the Mailbox server is installed • Allow a single database to be activated on another server in the group without affecting other databases • Allow up to 16 copies of a single database on separate servers • Define the boundary for replication
What Is Quorum? Quorum defines consensus that enough cluster members are available to provide services Exchange Server 2010 DAG quorums: • Are based on votes in Windows Server 2008 • Allow nodes, file shares, and shared disks to have votes, depending on the quorum mode • Use node majority with a witness server for quorum: • DAGs with an even number of Mailbox servers use the witness server • DAGs with an odd number of Mailbox servers use node majority
What Is Active Manager? Active Manager: • Runs a process on each server in the DAG • One node is the PAM • Remaining nodes are SAM • Manages which database copies are active and which are passive • Stores database state information • Manages database switchover and failover processes • Does not require direct administration configuration
What Is Continuous Replication? Database Availability Group DB1 DB1 DB1 File Mode Block Mode Replication Log Buffer ESE Log Buffer Replication Log Buffer
How Are Databases Protected in a DAG? DB2 DB1 DB2 DB4 DB4 DB4 DB3 DB2 DB3 Continuous replication protects databases across servers in the DAG
Configuring Database Availability Group To configure DAGs you must define the following: Additionally consider these settings for larger or multi-site implementations: • Witness Server – Server used to store witness information • Witness Directory – directory used on the witness server to store witness information • Database availability group IP addresses – IP address(es) used by DAG • DAG Networks including replication • DAG Network Compression • DAG Network Encryption • Third-Party Replication Mode • Alternative Witness Server • Alternative Witness Directory
Configuring Databases for High Availability • Create database copies • Set truncation lag time • Set replay lag time • Set preferred list sequence number After creating a DAG, adding Mailbox servers to the DAG, and configuring the DAG, you must still do the following:
Demonstration: How to Create and Configure a DAG In this demonstration, you will see how to create and configure a DAG
What Is the Transport Dumpster? The transport dumpster: • Protects against Mailbox server failures when transaction logs have been lost • Keeps copies of all messages delivered in the transport queue (mail.que) until the transaction logs have replicated to all servers in the DAG, or until the maximum dumpster size is reached • Redelivers missing email messages when a failure occurs
Understanding the Failover Process If a failure occurs, the following steps occur for the failed database: Active Manager determines the best copy to activate • The replication service on the target server attempts to copy missing log files from the best “source”: • If successful, the database mounts with zero data loss • If unsuccessful (failover), the database mounts based on the AutoDatabaseMountDial setting The mounted database generates new log files (using the same log generation sequence) Transport dumpster requests are initiated for the mounted database to recover lost messages When original server or database recovers, it determines if any logs are missing or corrupt, and fixes them if possible
Designing Monitoring and Management for a DAG • Allocate the necessary permissions for managing a DAG • Organization Management • DAGs • Database copies • Failure may not be noticed • Exchange Server 2010 SP1 or newer includes several scripts and commands for DAG monitoring and management • Consider using System Center Operations Manager 2012
Demonstration: How to Monitor Replication Health • In this demonstration, you will see how to: • Monitor replication health using the Exchange Management Console and the Exchange Management Shell • View various status messages • View available statistics
Lesson 3: Deploying Highly Available Non-Mailbox Servers How High Availability Works for Client Access Servers How Shadow Redundancy Provides High Availability for Hub Transport Servers How High Availability Works for Edge Transport Servers
How High Availability Works for Client Access Servers A client access array is created with multiple Client Access servers. You can achieve high availability and load balancing by using one of these methods: • Software-based NLB • Hardware-based NLB • Round-robin DNS To configure a client access array: • Use the New-ClientAccessArray cmdlet • Configure existing databases using the Set-MailboxDatabase cmdlet with the RpcClientAccess parameter • Configure internal URIs for Exchange services
How Shadow Redundancy Provides High Availability for Hub Transport Servers Edge1 Hub External SMTP Mail Server Edge2 Transport server delays message deletion until it verifies that the message has been delivered past the next hop 3. Query discard status 2. Deliver to next hop 1. Deliver to Edge1 4. If failure, resubmit
How High Availability Works for Edge Transport Servers Load balancing and high availability methods for Edge Transport include: Load balancing and high availability methods for Edge Transport include: • Multiple DNS MX records that are created to specify multiple authoritative SMTP servers for the domain. • Hardware-based load balancing that is used to load balance inbound SMTP connections to any available Edge Transport server. • Multiple DNS MX records that are created to specify multiple authoritative SMTP servers for the domain • Hardware-based load balancing that is used to load balance inbound SMTP connections to any available Edge Transport server
Lesson 4: Deploying High Availability with Site Resilience Requirements for Creating a Multiple Site DAG What Is Datacenter Activation Coordination Mode? Deploying Exchange 2010 for Site Resilience Switchover and Switchback Process with Site Resilience Best Practices for Site Resilient Solutions
Requirements for Creating a Multiple Site DAG Requirements include: • At least one Mailbox server in each site • Round-trip network latency time of maximum 500 milliseconds between DAG members • Other server roles must be available in each site • DAC mode for DAGs that span multiple locations • Prevents split-brain syndrome
What Is Datacenter Activation Coordination Mode? DAC mode: • Prevents split-brain syndrome • Uses the DACP Protocol to decide if a database can be mounted • 0 : Database cannot be mounted • 1 : Database can be mounted No DACP=1, no database mounted Mount database DACP=1 DACP=1 DACP=0 DACP=1 DACP=0 Data center 2 DAG in DAC Mode Data center 1 DACP=1 DACP=1 DACP=1 Data center 2 DAG in DAC Mode Data center 1
Deploying Exchange 2010 for Site Resilience Site resiliency: • Requires the following server roles to be available in each site (besides the Mailbox role): • Active Directory Domain Controller • Hub Transport server • Client Access server • Does not require any special configuration for Hub Transport and Client Access servers • The Edge Transport server: • Requires Internet connectivity for the alternate data center • Requires multiple MX records for incoming messages
Switchover and Switchback Process with Site Resilience Site B Site A Hub Transport Client Access Hub Transport (FSW) Client Access (Alt FSW) DAG
Best Practices for Site Resilient Solutions Best practices include: • Reduce failover time by using low TTL on DNS records for the Client Access server array, Client Access server URLs, and SMTP records • Verify failover functionality with periodic testing • Closely monitor replication health and other system components to ensure failover health • Follow proper change-management procedures • Prevent cluster network cross-talk
Lab: Implementing High Availability Exercise 1: Deploying a DAG Exercise 2: Deploying Highly Available Hub Transport and Client Access Servers Exercise 3: Testing the High Availability Configuration Logon information Estimated time: 60 minutes
Lab Scenario You are the messaging administrator for A. Datum Corporation. You have completed the basic installation for three Exchange servers. Now you must complete the configuration so that they are highly available.
Lab Review When might you choose to initiate a database switchover? If you deploy only two Hub Transport servers in an Active Directory site, would shadow redundancy protect messages between mailboxes in the same site?
Module Review and Takeaways Review Questions Common Issues and Troubleshooting Tips Real-World Issues and Scenarios Best Practices