Whitepaper Exchange 2007 Changes, Resilience And Storage Management

  • 749 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
749
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
9
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Exchange 2007 Changes, Resilience and Storage Management Designing Exchange 2007 Mail Systems for Resilience Alan McSweeney
  • 2. Exchange 2007, Resilience and Storage Management Contents Mail Systems....................................................................................................3 Exchange 2007 Notes .......................................................................................4 Exchange Configuration ...............................................................................4 Resilient Clustered Exchange Configuration .................................................5 Local Continuous Replication.......................................................................5 Cluster Continuous Replication ....................................................................6 Storage I/O...................................................................................................6 Ideal Exchange Mail Architecture ....................................................................7 Mail Data Management....................................................................................8 IBM N Series and Exchange Mail Management ................................................9 Overview......................................................................................................9 IBM N Series SnapMirror ........................................................................... 11 IBM N Series SnapManager for Microsoft Exchange................................... 12 IBM N Series Single Mailbox Recovery for Microsoft Exchange.................. 12 Data Deduplication .................................................................................... 13 Exchange Mail Data Security and Data Encryption ................................... 13 Page 2
  • 3. Exchange 2007, Resilience and Storage Management Mail Systems This article discusses changes in Exchange 2007, how they affect Exchange configurations and how efficient and effective data storage systems can deliver real benefits to Exchange users. Today's organisation depends heavily on Microsoft Exchange systems to enable communications such as e-mail, scheduling, and calendaring. The databases and information stores supporting these mission-critical applications are growing in both size and importance. An unavailable Exchange system can stop or seriously affect business operations. E-mail’s pervasive nature, simplicity and ease of use, speed, convenience, and low cost means it has become as an essential communications and collaboration tool for organisations of all sizes. E-mail management can represent a challenge to many organisations. E-mail systems have grown imperceptibly from a minor business tool to a major business application. E-mail information can represent both a major asset to an organisation as well as imposing management and compliance overheads and obligations. E-mail is a double-edged sword that can lead to overlooked costs, vulnerabilities and exposures. Some of the major concerns with e-mails include • E-mail is becoming the first target in most litigation • The cost of searching e-mail is overwhelming • Copying and forwarding makes e-mail difficult to control and destroy • Most electronic records are being kept for very long intervals in an uncontrolled manner This whitepaper makes reference to one storage subsystem from NetApp and also sold by IBM as the N Series. Page 3
  • 4. Exchange 2007, Resilience and Storage Management Exchange 2007 Notes Exchange Configuration In Exchange Server 2007, role-based deployment has been expanded, allowing Element Six to assign defined roles to specific servers. This approach allows organisations control mail flow, increase security, and distribute services. The roles are: • Client Access role (CAS) • Mailbox role (MBX) • Hub Transport role (HT) • Unified Messaging role (UM) • Edge Transport role (ET) A very common Exchange configuration consists of: 1. Hub Transport Servers – The Hub Transport server role acts as a mail bridgehead for all mail flow inside the organisation, applies transport rules, applies journaling policies, and delivers messages to recipients’ mailboxes. Messages that are sent to the internet are relayed by the Hub Transport server directly if an Edge transport server is not implemented. Anti-spam and antivirus filtering can be performed by the edge Transport Server. For redundancy we can utilise multiple Hub Transport servers to provide for redundancy and load balancing. 2. Client Access Servers – The Client Access Server Role in Exchange is the role that controls the access to mailboxes from all clients that are not Microsoft Outlook and that do not utilise MAPI connections. It controls access to mailboxes via Outlook Web Access (OWA) Exchange Activesync, Outlook Anywhere (formerly RPC over HTTP), POP3 and IMAP4 protocols. 3. Mailbox Servers - The Exchange Mailbox servers host user and public folder mailboxes. The Exchange Mailbox servers will be clustered. Note that Active/Active clustering is not available with Exchange Server 2007. Three servers will be needed to have two active mailbox servers. With the exception of the Edge Transport role, multiple roles or all roles can be installed on a single physical server. There are some architectural limitations that have affected the Exchange 2007 design: • Clustering can only be configured with the Mailbox server role • If clustering is configured with the Mailbox server role then it cannot share other roles Active/Active clustering is no longer available in Exchange 2007. So a cluster with two active nodes must have three physical nodes: Active/Active/Passive. Page 4
  • 5. Exchange 2007, Resilience and Storage Management Resilient Clustered Exchange Configuration Schematically, a clustered Exchange 2007 configuration will look like: There are several new features in Exchange Server 2007 that will affect storage environments: • Local Continuous Replication (LCR) • Cluster Continuous Replication (CCR) • Database I/O changes The LCR and CCR increase Exchange availability but there is still a real need for Exchange backups and other forms of basic data protection such as off-site backups and compliance. Exchange database verification is another critical component to a healthy mail environment. While the new features of with Exchange Server 2007 help provide high availability, they do not ensure that Exchange is always up. A complete business continuity and disaster recovery plan is still required and, depending on requirements, a mirroring solution may be needed. The decision that impacts the length of downtime and the data loss that is acceptable will be influenced by the level of acceptable risk and the amount of money available for the solution. Local Continuous Replication Local Continuous Replication replicates Exchange databases to another set of disks on the same physical server. Page 5
  • 6. Exchange 2007, Resilience and Storage Management The objective of LCR is not backup; it is high availability (HA). LCR creates a copy of the Exchange database which provides two sets of the same data. The LCR copy is slightly behind the primary. Data is written to the primary Exchange log file first, and then, slightly later, that log file is replicated to the LCR copy or target. The trigger for replication is the closing of the log file. The log file is 1MB in size, so after 1MB is written to the primary, it is replicated to the LCR target, and then played into the target database. If something goes wrong with the primary data store, there is another copy available for use (although slightly behind), but that copy is not a replacement for backups. For example, if there is a logical corruption in the primary database, when the log fills, the secondary database copy becomes corrupted as well. Similarly, if something is deleted from the primary database, a short time later it is deleted from the secondary. The deleted item is stored in the database (dumpster) by default for 14 days before being deleted. Recovering deleted data more than 2 weeks old requires a backup. Cluster Continuous Replication Cluster Continuous Replication (CCR) provides Exchange server resiliency by keeping a copy of the Exchange database on another server. The second server that stores the Exchange database copy is deployed as part of a Microsoft Cluster. To be in a cluster, network latency must be below 500ms to ensure that the cluster nodes can communicate with each other. With CCR, latency and throughput must keep up with the log generation. This is bandwidth-dependent, so the infrastructure may support a distance of anywhere from 1 to 100 miles. If the primary cluster node fails, the system automatically uses the secondary node running against the replica of the Exchange database. In a controlled failover, where the primary node is still available, all log files are copied to the target, and no data is at risk. In the event of a catastrophic failure of the primary node, CCR attempts to recover all mail sent through transport from the hub transport server, which may not have been replicated at the time of failure. Storage I/O With Exchange Server 2007, the amount of disk I/O is reduced in comparison to prior versions of Exchange. This change is due to a number of factors: on 64-bit hardware, additional memory is available to use for database caching, thus reducing I/O; and changes to the Exchange database and the internal I/O activities of Exchange further reduce I/O. Page 6
  • 7. Exchange 2007, Resilience and Storage Management Ideal Exchange Mail Architecture Schematically, the idealised mail architecture of most organisations will consist of the some or all of the following functional components: The key elements of this are: 1. Facility to Identify and Delete Unwanted Mails – this includes removal of spam mail as well as apply organisation policies on items such as unapproved attachments 2. Resilient Main Mail Servers – the primary mail server or servers should include resilience that tolerates some component failures while continuing to operate. 3. Backup Mail Server for Business Continuity – there will be a second mail server that is physically separate from the main mail servers and that can continue to operate in the event of problems with the main servers. 4. Secure Remote and Mobile Access – mobile and remote users can access mail securely. Page 7
  • 8. Exchange 2007, Resilience and Storage Management 5. Main Mail Data Storage – the main mail database will be stored on resilient and high-performing data storage. 6. Online Real-time Copy of Mail Data – the main mail store will be replicated in real-time to a storage facility that is physically separate from the main mail storage and that can continue to operate in the event of problems with the main system. 7. Mail Database Snapshots to Protect Against Data Corruption – snapshots of the mail database are taken regularly to protect against database corruption. In the event of database corruption that may have spread to backups and replicas, the mail database can be restored from the last good snapshot. 8. Archived Old/Large Mails – old and large mails can be archived from the main mail database. This improves mail database performance and enforces mail management. 9. Mail Archive for Compliance – all incoming and outgoing mails can be retained for some or all users for compliance purposes. 10. Long-Term Backup – tape backup can be used for long-term backup of mail data. 11. Monitoring of Status of Components of Overall System – this will monitor the status of all the components including hardware and software and generate predictive alerts on impending failures. This will allow pre-emptive action to be taken. The objectives of implementing a mail system with some or all of these components are • To ensure availability of the mail system • To reduce the need to use the backup for recovery • To ensure that if a problem occurs, the mail system can be restored to full operation as soon as possible • To ensure that there is no or very limited data loss • To meet compliance requirements • To reduce management, administration and control overhead • To protect against data corruption as well as infrastructure failure A mail system that implements all of these components will be truly resilient. Mail Data Management As shown above, storage and data management are key aspects of the overall Exchange management solution. In summary, as with all business systems, the key elements are the data and its storage and the application to provide data access. The application (Exchange 2007) and its associated infrastructure is quite simple to design and implement. Data management is the more complex and problematic component. Page 8
  • 9. Exchange 2007, Resilience and Storage Management Planning a mail architecture that incorporates management makes sense and delivers benefits in terms of improved operation, reduced management and administration. Mail management begins with defining and agreeing the mail lifecycle and the associated processes to be applied. The mail architecture can then be implemented with appropriate technologies. The first step is to interpret any mail management, retention and compliance rules that may apply. Then review the current policies and procedures and how they have been implemented. Evaluate and understand the risks. Then agree policies on data collection, retention and accessibility and implement associated processes. Then design the architecture that will deliver on the agreed policies. This will allow the costs and the benefits of implementing specific features to be assessed and fully evaluated. You will then be making decisions based on complete information. IBM N Series and Exchange Mail Management Overview IBM offers a range of storage solutions that allow you to implement a complete e-mail management solution to implement Exchange resilience, disaster recovery and business continuity. The IBM N-Series storage system includes both storage hardware and software that provides complete management of you Exchange environment. Page 9
  • 10. Exchange 2007, Resilience and Storage Management • Tiered Storage – you can store the main data database on high-performing fibre-attached disks and use lower-performing higher-capacity disks for archive and snapshot data, all within the one storage system. • SnapMirror – Exchange databases can be mirrored synchronously, semi- synchronously or asynchronously to a backup facility that can be thousands of miles from the primary system. The replicated database is directly recoverable without having to run the ESEUTIL utility in recovery mode with all the associated potentially long delays. • SnapManager – you can take near-instantaneous hot backups of Exchange databases without affecting the performance of Exchange or the underlying storage system. You can perform very rapid restores. You can store up to 255 online copies of Exchange database. This reduces backup times to seconds and restore times from hours or days to just minutes. The database snapshots are directly recoverable without having to run the ESEUTIL utility in recovery mode with all the associated potentially long delays. • Single Mailbox Recovery – you can perform quick and granular retrievals of individual mailboxes, email messages and even attachments. • SnapLock Compliance – this provides disk-based data-permanence solutions for regulated and reference data. • Data Deduplication – this searches for duplicate data objects such as mail attachments and discards those duplicates. • NearStore Virtual Tape Library - this us a disk-to-disk backup appliance that appears like a tape library to a backup software application but provides the superior speed and reliability of disk technologies. Developed specifically to address the requirements of backup administrators, NearStore VTL solutions increase the performance and reliability of backups, simplify backup management, and reduce disk-to-disk storage costs by up to 67% through the use of high-performance disk compression. • Exchange Mail Data Security and Data Encryption - this work seamlessly with Exchange and other applications offering enhanced protection for sensitive application data. Page 10
  • 11. Exchange 2007, Resilience and Storage Management The IBM N Series and its unique integrated Exchange management software sits at the heart of your Exchange system and will provide complete and seamless Exchange data management. IBM N Series SnapMirror SnapMirror provides simple, flexible, and cost-effective replication software for disaster recovery and data distribution. Exceptionally powerful, yet easy to implement and manage, IBM N Series SnapMirror software combines disaster recovery and data distribution in a streamlined solution that supports today's global enterprises. SnapMirror is a very cost-effective solution with efficient storage and network bandwidth utilisation, and provides additional value by enabling you to put the DR site to active business use. SnapMirror offers a straightforward set-up that you can easily replicate across all your IBM N Series storage systems. Once installed, SnapMirror requires minimal management, and SnapManager software ensures effortless replication of application-consistent snapshots. SnapMirror can mirror data from FC storage to ATA storage, reducing storage costs. To reduce network usage, SnapMirror works with Snapshots to send only changed data blocks to the disaster recovery storage. SnapMirror enables space-efficient copies to be created on the disaster recovery storage for other uses such as testing, development, and quality assurance, Page 11
  • 12. Exchange 2007, Resilience and Storage Management without affecting the production system. SnapMirror also enables centralised backup of data to tape from multiple data centres, reducing investment in tape infrastructure as well as offloading the production system from tape backups. IBM N Series SnapManager for Microsoft Exchange SnapManager for Microsoft Exchange speeds and simplifies application data management. It allows Exchange administrators to utilise the capabilities of IBM N Series storage systems from an Exchange-centric approach. It automates and simplifies the complex, manual and time-consuming processes associated with the backup, recovery and verification of Exchange databases. It is integrated with native Microsoft technology and frameworks. Using SnapManager with FC or IP SANs, you can: • Scale your storage infrastructure • Meet your Tier1 SLA commitments • Improve the productivity of both email and storage administrators The N Series shapshot model is extremely efficient, both in terms of storage overhead and in terms of the I/O impact. Unlike other storage subsystems, where snapshots cause a serious degradation in I/O performance, IBM N Series snapshots do not affect performance. This makes using snapshots as a means of taking online real-time backups to protect against data corruption a real option. Industry Standard Snapshot Model IBM N Series Snapshot Model IBM N Series Single Mailbox Recovery for Microsoft Exchange Single Mailbox Recovery for Microsoft Exchange (SMBR) enables Microsoft Exchange administrators to easily sift through copies of their Microsoft Exchange databases and execute quick and granular retrievals that can take hours or even days of manual effort today. SMBR integrates with both IBM N Series and third-party technology to allow administrators to quickly and accurately retrieve individual mailboxes, email messages, and even attachments using a powerful set of advanced search criteria. Page 12
  • 13. Exchange 2007, Resilience and Storage Management SMBR is a powerful tool that can save significant administrator time and effort related to requests for specific Exchange information. It is especially useful in specific situations such as: • Legal Searches - SMBR can be used to establish/verify email evidence around compliance requests. It can be used by legal firms to quickly and easily sift through any given set of Exchange email records based on specific search criteria • Human Resources - SMBR allows companies to quickly retrieve just the relevant emails/attachments when investigating HR-related issues With SMBR, there is no extra storage required and there are no pre-requisites. SMBR does not have to be installed prior to its first use and it works with existing copies of your Exchange Server databases. Data Deduplication A good data deduplication architecture includes the following: 1. The deduplication process should be granular. The smaller the data object examined, the more likely it is that a duplicate object will be found. 2. The deduplication process should be designed with minimal overhead when de-duplicating (storing) and un-deduplicating (retrieving) data. 3. The deduplication process should provide resiliency to insure that all data can be reliably stored and retrieved, even in the event of catastrophic system failure. IBM N Series deduplication operates with a high degree of granularity. Newly stored data is divided into small blocks. Each block of data has a digital "signature," which is compared to all other signatures in the volume. If an exact block match exists on the disk volume, the duplicate block is discarded and its disk space is reclaimed. This is of particular benefit to e-mail data where the same attachment is often forwarded multiple times throughout the organisation. IBM N Series deduplication does not require any external software or additional appliances. IBM N Series deduplication can be implemented seamlessly across a wide variety of applications and file types. Exchange Mail Data Security and Data Encryption IBM N Series security solutions work seamlessly with major database, file services and business, and e-mail and technical applications, offering enhanced protection for sensitive application data. IBM N Series security does not require application-level or server-level integration. One IBM N Series security solution can encrypt data from multiple hosts and applications, significantly decreasing TCO and administrative headaches over time. IBM N Series security offers AES–256 encryption, integrated key management, and policy enforcement with negligible performance degradation. Page 13
  • 14. Exchange 2007, Resilience and Storage Management For more information, please contact: alan@alanmcsweeney.com Page 14