Exchange 2007

Changes,
Resilience and
Storage
Management

Designing Exchange 2007 Mail Systems for

Resilience

Alan McSweeney
 Exchange 2007, Resilience and Storage Management

Contents

Mail Systems....................................................................................................3
Exchange 2007 Notes .......................................................................................4
Exchange Configuration ...............................................................................4
Resilient Clustered Exchange Configuration .................................................5
Local Continuous Replication.......................................................................5
Cluster Continuous Replication ....................................................................6
Storage I/O...................................................................................................6
Ideal Exchange Mail Architecture ....................................................................7
Mail Data Management....................................................................................8
IBM N Series and Exchange Mail Management ................................................9
Overview......................................................................................................9
IBM N Series SnapMirror ........................................................................... 11
IBM N Series SnapManager for Microsoft Exchange................................... 12
IBM N Series Single Mailbox Recovery for Microsoft Exchange.................. 12
Data Deduplication .................................................................................... 13
Exchange Mail Data Security and Data Encryption ................................... 13

Page 2
 Exchange 2007, Resilience and Storage Management

Mail Systems

This article discusses changes in Exchange 2007, how they affect Exchange
configurations and how efficient and effective data storage systems can deliver
real benefits to Exchange users.

Today's organisation depends heavily on Microsoft Exchange systems to enable

communications such as e-mail, scheduling, and calendaring. The databases and
information stores supporting these mission-critical applications are growing in
both size and importance. An unavailable Exchange system can stop or
seriously affect business operations.

E-mail’s pervasive nature, simplicity and ease of use, speed, convenience, and
low cost means it has become as an essential communications and collaboration
tool for organisations of all sizes.

E-mail management can represent a challenge to many organisations. E-mail

systems have grown imperceptibly from a minor business tool to a major
business application.

E-mail information can represent both a major asset to an organisation as well

as imposing management and compliance overheads and obligations. E-mail is a
double-edged sword that can lead to overlooked costs, vulnerabilities and
exposures.

Some of the major concerns with e-mails include

• E-mail is becoming the first target in most litigation

• The cost of searching e-mail is overwhelming
• Copying and forwarding makes e-mail difficult to control and destroy
• Most electronic records are being kept for very long intervals in an
uncontrolled manner

This whitepaper makes reference to one storage subsystem from NetApp and
also sold by IBM as the N Series.

Page 3
 Exchange 2007, Resilience and Storage Management

Exchange 2007 Notes

Exchange Configuration

In Exchange Server 2007, role-based deployment has been expanded, allowing

Element Six to assign defined roles to specific servers. This approach allows
organisations control mail flow, increase security, and distribute services. The
roles are:

• Client Access role (CAS)

• Mailbox role (MBX)
• Hub Transport role (HT)
• Unified Messaging role (UM)
• Edge Transport role (ET)

A very common Exchange configuration consists of:

1. Hub Transport Servers – The Hub Transport server role acts as a mail
bridgehead for all mail flow inside the organisation, applies transport rules,
applies journaling policies, and delivers messages to recipients’ mailboxes.
Messages that are sent to the internet are relayed by the Hub Transport
server directly if an Edge transport server is not implemented. Anti-spam
and antivirus filtering can be performed by the edge Transport Server. For
redundancy we can utilise multiple Hub Transport servers to provide for
redundancy and load balancing.

2. Client Access Servers – The Client Access Server Role in Exchange is the role
that controls the access to mailboxes from all clients that are not Microsoft
Outlook and that do not utilise MAPI connections. It controls access to
mailboxes via Outlook Web Access (OWA) Exchange Activesync, Outlook
Anywhere (formerly RPC over HTTP), POP3 and IMAP4 protocols.

3. Mailbox Servers - The Exchange Mailbox servers host user and public folder
mailboxes. The Exchange Mailbox servers will be clustered. Note that
Active/Active clustering is not available with Exchange Server 2007. Three
servers will be needed to have two active mailbox servers.

With the exception of the Edge Transport role, multiple roles or all roles can be
installed on a single physical server.

There are some architectural limitations that have affected the Exchange 2007
design:

• Clustering can only be configured with the Mailbox server role

• If clustering is configured with the Mailbox server role then it cannot share
other roles

Active/Active clustering is no longer available in Exchange 2007. So a cluster

with two active nodes must have three physical nodes: Active/Active/Passive.

Page 4
 Exchange 2007, Resilience and Storage Management

Resilient Clustered Exchange Configuration

Schematically, a clustered Exchange 2007 configuration will look like:

There are several new features in Exchange Server 2007 that will affect storage
environments:

• Local Continuous Replication (LCR)

• Cluster Continuous Replication (CCR)
• Database I/O changes

The LCR and CCR increase Exchange availability but there is still a real need
for Exchange backups and other forms of basic data protection such as off-site
backups and compliance. Exchange database verification is another critical
component to a healthy mail environment.

While the new features of with Exchange Server 2007 help provide high
availability, they do not ensure that Exchange is always up. A complete
business continuity and disaster recovery plan is still required and, depending
on requirements, a mirroring solution may be needed. The decision that impacts
the length of downtime and the data loss that is acceptable will be influenced by
the level of acceptable risk and the amount of money available for the solution.

Local Continuous Replication

Local Continuous Replication replicates Exchange databases to another set of

disks on the same physical server.

Page 5
 Exchange 2007, Resilience and Storage Management

The objective of LCR is not backup; it is high availability (HA). LCR creates a
copy of the Exchange database which provides two sets of the same data. The
LCR copy is slightly behind the primary. Data is written to the primary
Exchange log file first, and then, slightly later, that log file is replicated to the
LCR copy or target. The trigger for replication is the closing of the log file. The
log file is 1MB in size, so after 1MB is written to the primary, it is replicated to
the LCR target, and then played into the target database.

If something goes wrong with the primary data store, there is another copy
available for use (although slightly behind), but that copy is not a replacement
for backups. For example, if there is a logical corruption in the primary
database, when the log fills, the secondary database copy becomes corrupted as
well. Similarly, if something is deleted from the primary database, a short time
later it is deleted from the secondary. The deleted item is stored in the database
(dumpster) by default for 14 days before being deleted. Recovering deleted data
more than 2 weeks old requires a backup.

Cluster Continuous Replication

Cluster Continuous Replication (CCR) provides Exchange server resiliency by

keeping a copy of the Exchange database on another server.

The second server that stores the Exchange database copy is deployed as part of
a Microsoft Cluster. To be in a cluster, network latency must be below 500ms to
ensure that the cluster nodes can communicate with each other. With CCR,
latency and throughput must keep up with the log generation. This is
bandwidth-dependent, so the infrastructure may support a distance of
anywhere from 1 to 100 miles.

If the primary cluster node fails, the system automatically uses the secondary
node running against the replica of the Exchange database. In a controlled
failover, where the primary node is still available, all log files are copied to the
target, and no data is at risk. In the event of a catastrophic failure of the
primary node, CCR attempts to recover all mail sent through transport from
the hub transport server, which may not have been replicated at the time of
failure.

Storage I/O

With Exchange Server 2007, the amount of disk I/O is reduced in comparison to
prior versions of Exchange. This change is due to a number of factors: on 64-bit
hardware, additional memory is available to use for database caching, thus
reducing I/O; and changes to the Exchange database and the internal I/O
activities of Exchange further reduce I/O.

Page 6
 Exchange 2007, Resilience and Storage Management

Ideal Exchange Mail Architecture

Schematically, the idealised mail architecture of most organisations will consist

of the some or all of the following functional components:

The key elements of this are:

1. Facility to Identify and Delete Unwanted Mails – this includes removal of

spam mail as well as apply organisation policies on items such as
unapproved attachments

2. Resilient Main Mail Servers – the primary mail server or servers should
include resilience that tolerates some component failures while continuing to
operate.

3. Backup Mail Server for Business Continuity – there will be a second mail
server that is physically separate from the main mail servers and that can
continue to operate in the event of problems with the main servers.

4. Secure Remote and Mobile Access – mobile and remote users can access mail
securely.

Page 7
 Exchange 2007, Resilience and Storage Management

5. Main Mail Data Storage – the main mail database will be stored on resilient
and high-performing data storage.

6. Online Real-time Copy of Mail Data – the main mail store will be replicated
in real-time to a storage facility that is physically separate from the main
mail storage and that can continue to operate in the event of problems with
the main system.

7. Mail Database Snapshots to Protect Against Data Corruption – snapshots of

the mail database are taken regularly to protect against database
corruption. In the event of database corruption that may have spread to
backups and replicas, the mail database can be restored from the last good
snapshot.

8. Archived Old/Large Mails – old and large mails can be archived from the
main mail database. This improves mail database performance and enforces
mail management.

9. Mail Archive for Compliance – all incoming and outgoing mails can be
retained for some or all users for compliance purposes.

10. Long-Term Backup – tape backup can be used for long-term backup of mail
data.

11. Monitoring of Status of Components of Overall System – this will monitor the
status of all the components including hardware and software and generate
predictive alerts on impending failures. This will allow pre-emptive action
to be taken.

The objectives of implementing a mail system with some or all of these

components are

• To ensure availability of the mail system

• To reduce the need to use the backup for recovery
• To ensure that if a problem occurs, the mail system can be restored to full
operation as soon as possible
• To ensure that there is no or very limited data loss
• To meet compliance requirements
• To reduce management, administration and control overhead
• To protect against data corruption as well as infrastructure failure

A mail system that implements all of these components will be truly resilient.

Mail Data Management

As shown above, storage and data management are key aspects of the overall
Exchange management solution.

In summary, as with all business systems, the key elements are the data and its
storage and the application to provide data access. The application (Exchange
2007) and its associated infrastructure is quite simple to design and implement.
Data management is the more complex and problematic component.

Page 8
 Exchange 2007, Resilience and Storage Management

Planning a mail architecture that incorporates management makes sense and

delivers benefits in terms of improved operation, reduced management and
administration.

Mail management begins with defining and agreeing the mail lifecycle and the
associated processes to be applied. The mail architecture can then be
implemented with appropriate technologies.

The first step is to interpret any mail management, retention and compliance
rules that may apply. Then review the current policies and procedures and how
they have been implemented. Evaluate and understand the risks. Then agree
policies on data collection, retention and accessibility and implement associated
processes.

Then design the architecture that will deliver on the agreed policies.

This will allow the costs and the benefits of implementing specific features to be
assessed and fully evaluated. You will then be making decisions based on
complete information.

IBM N Series and Exchange Mail Management

Overview

IBM offers a range of storage solutions that allow you to implement a complete
e-mail management solution to implement Exchange resilience, disaster
recovery and business continuity.

The IBM N-Series storage system includes both storage hardware and software
that provides complete management of you Exchange environment.

Page 9
 Exchange 2007, Resilience and Storage Management

• Tiered Storage – you can store the main data database on high-performing
fibre-attached disks and use lower-performing higher-capacity disks for
archive and snapshot data, all within the one storage system.

• SnapMirror – Exchange databases can be mirrored synchronously, semi-

synchronously or asynchronously to a backup facility that can be thousands
of miles from the primary system. The replicated database is directly
recoverable without having to run the ESEUTIL utility in recovery mode
with all the associated potentially long delays.

• SnapManager – you can take near-instantaneous hot backups of Exchange

databases without affecting the performance of Exchange or the underlying
storage system. You can perform very rapid restores. You can store up to
255 online copies of Exchange database. This reduces backup times to
seconds and restore times from hours or days to just minutes. The database
snapshots are directly recoverable without having to run the ESEUTIL
utility in recovery mode with all the associated potentially long delays.

• Single Mailbox Recovery – you can perform quick and granular retrievals of
individual mailboxes, email messages and even attachments.

• SnapLock Compliance – this provides disk-based data-permanence solutions

for regulated and reference data.

• Data Deduplication – this searches for duplicate data objects such as mail
attachments and discards those duplicates.

• NearStore Virtual Tape Library - this us a disk-to-disk backup appliance that

appears like a tape library to a backup software application but provides
the superior speed and reliability of disk technologies. Developed
specifically to address the requirements of backup administrators,
NearStore VTL solutions increase the performance and reliability of
backups, simplify backup management, and reduce disk-to-disk storage
costs by up to 67% through the use of high-performance disk compression.

• Exchange Mail Data Security and Data Encryption - this work seamlessly
with Exchange and other applications offering enhanced protection for
sensitive application data.

Page 10
 Exchange 2007, Resilience and Storage Management

The IBM N Series and its unique integrated Exchange management software
sits at the heart of your Exchange system and will provide complete and
seamless Exchange data management.

IBM N Series SnapMirror

SnapMirror provides simple, flexible, and cost-effective replication software for

disaster recovery and data distribution.

Exceptionally powerful, yet easy to implement and manage, IBM N Series

SnapMirror software combines disaster recovery and data distribution in a
streamlined solution that supports today's global enterprises. SnapMirror is a
very cost-effective solution with efficient storage and network bandwidth
utilisation, and provides additional value by enabling you to put the DR site to
active business use.

SnapMirror offers a straightforward set-up that you can easily replicate across
all your IBM N Series storage systems. Once installed, SnapMirror requires
minimal management, and SnapManager software ensures effortless replication
of application-consistent snapshots.

SnapMirror can mirror data from FC storage to ATA storage, reducing storage
costs. To reduce network usage, SnapMirror works with Snapshots to send only
changed data blocks to the disaster recovery storage.

SnapMirror enables space-efficient copies to be created on the disaster recovery

storage for other uses such as testing, development, and quality assurance,

Page 11
 Exchange 2007, Resilience and Storage Management

without affecting the production system. SnapMirror also enables centralised

backup of data to tape from multiple data centres, reducing investment in tape
infrastructure as well as offloading the production system from tape backups.

IBM N Series SnapManager for Microsoft Exchange

SnapManager for Microsoft Exchange speeds and simplifies application data

management. It allows Exchange administrators to utilise the capabilities of
IBM N Series storage systems from an Exchange-centric approach. It
automates and simplifies the complex, manual and time-consuming processes
associated with the backup, recovery and verification of Exchange databases. It
is integrated with native Microsoft technology and frameworks. Using
SnapManager with FC or IP SANs, you can:

• Scale your storage infrastructure

• Meet your Tier1 SLA commitments
• Improve the productivity of both email and storage administrators

The N Series shapshot model is extremely efficient, both in terms of storage

overhead and in terms of the I/O impact.

Unlike other storage subsystems, where snapshots cause a serious degradation

in I/O performance, IBM N Series snapshots do not affect performance.

This makes using snapshots as a means of taking online real-time backups to

protect against data corruption a real option.

Industry Standard Snapshot Model IBM N Series Snapshot Model

IBM N Series Single Mailbox Recovery for Microsoft Exchange

Single Mailbox Recovery for Microsoft Exchange (SMBR) enables Microsoft

Exchange administrators to easily sift through copies of their Microsoft
Exchange databases and execute quick and granular retrievals that can take
hours or even days of manual effort today. SMBR integrates with both IBM N
Series and third-party technology to allow administrators to quickly and
accurately retrieve individual mailboxes, email messages, and even attachments
using a powerful set of advanced search criteria.

Page 12
 Exchange 2007, Resilience and Storage Management

SMBR is a powerful tool that can save significant administrator time and effort
related to requests for specific Exchange information. It is especially useful in
specific situations such as:

• Legal Searches - SMBR can be used to establish/verify email evidence

around compliance requests. It can be used by legal firms to quickly and
easily sift through any given set of Exchange email records based on specific
search criteria
• Human Resources - SMBR allows companies to quickly retrieve just the
relevant emails/attachments when investigating HR-related issues

With SMBR, there is no extra storage required and there are no pre-requisites.
SMBR does not have to be installed prior to its first use and it works with
existing copies of your Exchange Server databases.

Data Deduplication

A good data deduplication architecture includes the following:

1. The deduplication process should be granular. The smaller the data object
examined, the more likely it is that a duplicate object will be found.
2. The deduplication process should be designed with minimal overhead when
de-duplicating (storing) and un-deduplicating (retrieving) data.
3. The deduplication process should provide resiliency to insure that all data
can be reliably stored and retrieved, even in the event of catastrophic
system failure.

IBM N Series deduplication operates with a high degree of granularity. Newly

stored data is divided into small blocks. Each block of data has a digital
"signature," which is compared to all other signatures in the volume. If an exact
block match exists on the disk volume, the duplicate block is discarded and its
disk space is reclaimed. This is of particular benefit to e-mail data where the
same attachment is often forwarded multiple times throughout the organisation.

IBM N Series deduplication does not require any external software or additional
appliances.

IBM N Series deduplication can be implemented seamlessly across a wide

variety of applications and file types.

Exchange Mail Data Security and Data Encryption

IBM N Series security solutions work seamlessly with major database, file
services and business, and e-mail and technical applications, offering enhanced
protection for sensitive application data.

IBM N Series security does not require application-level or server-level

integration. One IBM N Series security solution can encrypt data from multiple
hosts and applications, significantly decreasing TCO and administrative
headaches over time.

IBM N Series security offers AES–256 encryption, integrated key management,

and policy enforcement with negligible performance degradation.

Page 13
Exchange 2007, Resilience and Storage Management

For more information, please contact:

alan@alanmcsweeney.com

Page 14