Académique Documents
Professionnel Documents
Culture Documents
Changes,
Resilience and
Storage
Management
Alan McSweeney
Exchange 2007, Resilience and Storage Management
Contents
Mail Systems....................................................................................................3
Exchange 2007 Notes .......................................................................................4
Exchange Configuration ...............................................................................4
Resilient Clustered Exchange Configuration .................................................5
Local Continuous Replication.......................................................................5
Cluster Continuous Replication ....................................................................6
Storage I/O...................................................................................................6
Ideal Exchange Mail Architecture ....................................................................7
Mail Data Management....................................................................................8
IBM N Series and Exchange Mail Management ................................................9
Overview......................................................................................................9
IBM N Series SnapMirror ........................................................................... 11
IBM N Series SnapManager for Microsoft Exchange................................... 12
IBM N Series Single Mailbox Recovery for Microsoft Exchange.................. 12
Data Deduplication .................................................................................... 13
Exchange Mail Data Security and Data Encryption ................................... 13
Page 2
Exchange 2007, Resilience and Storage Management
Mail Systems
This article discusses changes in Exchange 2007, how they affect Exchange
configurations and how efficient and effective data storage systems can deliver
real benefits to Exchange users.
E-mail’s pervasive nature, simplicity and ease of use, speed, convenience, and
low cost means it has become as an essential communications and collaboration
tool for organisations of all sizes.
This whitepaper makes reference to one storage subsystem from NetApp and
also sold by IBM as the N Series.
Page 3
Exchange 2007, Resilience and Storage Management
Exchange Configuration
1. Hub Transport Servers – The Hub Transport server role acts as a mail
bridgehead for all mail flow inside the organisation, applies transport rules,
applies journaling policies, and delivers messages to recipients’ mailboxes.
Messages that are sent to the internet are relayed by the Hub Transport
server directly if an Edge transport server is not implemented. Anti-spam
and antivirus filtering can be performed by the edge Transport Server. For
redundancy we can utilise multiple Hub Transport servers to provide for
redundancy and load balancing.
2. Client Access Servers – The Client Access Server Role in Exchange is the role
that controls the access to mailboxes from all clients that are not Microsoft
Outlook and that do not utilise MAPI connections. It controls access to
mailboxes via Outlook Web Access (OWA) Exchange Activesync, Outlook
Anywhere (formerly RPC over HTTP), POP3 and IMAP4 protocols.
3. Mailbox Servers - The Exchange Mailbox servers host user and public folder
mailboxes. The Exchange Mailbox servers will be clustered. Note that
Active/Active clustering is not available with Exchange Server 2007. Three
servers will be needed to have two active mailbox servers.
With the exception of the Edge Transport role, multiple roles or all roles can be
installed on a single physical server.
There are some architectural limitations that have affected the Exchange 2007
design:
Page 4
Exchange 2007, Resilience and Storage Management
There are several new features in Exchange Server 2007 that will affect storage
environments:
The LCR and CCR increase Exchange availability but there is still a real need
for Exchange backups and other forms of basic data protection such as off-site
backups and compliance. Exchange database verification is another critical
component to a healthy mail environment.
While the new features of with Exchange Server 2007 help provide high
availability, they do not ensure that Exchange is always up. A complete
business continuity and disaster recovery plan is still required and, depending
on requirements, a mirroring solution may be needed. The decision that impacts
the length of downtime and the data loss that is acceptable will be influenced by
the level of acceptable risk and the amount of money available for the solution.
Page 5
Exchange 2007, Resilience and Storage Management
The objective of LCR is not backup; it is high availability (HA). LCR creates a
copy of the Exchange database which provides two sets of the same data. The
LCR copy is slightly behind the primary. Data is written to the primary
Exchange log file first, and then, slightly later, that log file is replicated to the
LCR copy or target. The trigger for replication is the closing of the log file. The
log file is 1MB in size, so after 1MB is written to the primary, it is replicated to
the LCR target, and then played into the target database.
If something goes wrong with the primary data store, there is another copy
available for use (although slightly behind), but that copy is not a replacement
for backups. For example, if there is a logical corruption in the primary
database, when the log fills, the secondary database copy becomes corrupted as
well. Similarly, if something is deleted from the primary database, a short time
later it is deleted from the secondary. The deleted item is stored in the database
(dumpster) by default for 14 days before being deleted. Recovering deleted data
more than 2 weeks old requires a backup.
The second server that stores the Exchange database copy is deployed as part of
a Microsoft Cluster. To be in a cluster, network latency must be below 500ms to
ensure that the cluster nodes can communicate with each other. With CCR,
latency and throughput must keep up with the log generation. This is
bandwidth-dependent, so the infrastructure may support a distance of
anywhere from 1 to 100 miles.
If the primary cluster node fails, the system automatically uses the secondary
node running against the replica of the Exchange database. In a controlled
failover, where the primary node is still available, all log files are copied to the
target, and no data is at risk. In the event of a catastrophic failure of the
primary node, CCR attempts to recover all mail sent through transport from
the hub transport server, which may not have been replicated at the time of
failure.
Storage I/O
With Exchange Server 2007, the amount of disk I/O is reduced in comparison to
prior versions of Exchange. This change is due to a number of factors: on 64-bit
hardware, additional memory is available to use for database caching, thus
reducing I/O; and changes to the Exchange database and the internal I/O
activities of Exchange further reduce I/O.
Page 6
Exchange 2007, Resilience and Storage Management
2. Resilient Main Mail Servers – the primary mail server or servers should
include resilience that tolerates some component failures while continuing to
operate.
3. Backup Mail Server for Business Continuity – there will be a second mail
server that is physically separate from the main mail servers and that can
continue to operate in the event of problems with the main servers.
4. Secure Remote and Mobile Access – mobile and remote users can access mail
securely.
Page 7
Exchange 2007, Resilience and Storage Management
5. Main Mail Data Storage – the main mail database will be stored on resilient
and high-performing data storage.
6. Online Real-time Copy of Mail Data – the main mail store will be replicated
in real-time to a storage facility that is physically separate from the main
mail storage and that can continue to operate in the event of problems with
the main system.
8. Archived Old/Large Mails – old and large mails can be archived from the
main mail database. This improves mail database performance and enforces
mail management.
9. Mail Archive for Compliance – all incoming and outgoing mails can be
retained for some or all users for compliance purposes.
10. Long-Term Backup – tape backup can be used for long-term backup of mail
data.
11. Monitoring of Status of Components of Overall System – this will monitor the
status of all the components including hardware and software and generate
predictive alerts on impending failures. This will allow pre-emptive action
to be taken.
A mail system that implements all of these components will be truly resilient.
As shown above, storage and data management are key aspects of the overall
Exchange management solution.
In summary, as with all business systems, the key elements are the data and its
storage and the application to provide data access. The application (Exchange
2007) and its associated infrastructure is quite simple to design and implement.
Data management is the more complex and problematic component.
Page 8
Exchange 2007, Resilience and Storage Management
Mail management begins with defining and agreeing the mail lifecycle and the
associated processes to be applied. The mail architecture can then be
implemented with appropriate technologies.
The first step is to interpret any mail management, retention and compliance
rules that may apply. Then review the current policies and procedures and how
they have been implemented. Evaluate and understand the risks. Then agree
policies on data collection, retention and accessibility and implement associated
processes.
Then design the architecture that will deliver on the agreed policies.
This will allow the costs and the benefits of implementing specific features to be
assessed and fully evaluated. You will then be making decisions based on
complete information.
Overview
IBM offers a range of storage solutions that allow you to implement a complete
e-mail management solution to implement Exchange resilience, disaster
recovery and business continuity.
The IBM N-Series storage system includes both storage hardware and software
that provides complete management of you Exchange environment.
Page 9
Exchange 2007, Resilience and Storage Management
• Tiered Storage – you can store the main data database on high-performing
fibre-attached disks and use lower-performing higher-capacity disks for
archive and snapshot data, all within the one storage system.
• Single Mailbox Recovery – you can perform quick and granular retrievals of
individual mailboxes, email messages and even attachments.
• Data Deduplication – this searches for duplicate data objects such as mail
attachments and discards those duplicates.
• Exchange Mail Data Security and Data Encryption - this work seamlessly
with Exchange and other applications offering enhanced protection for
sensitive application data.
Page 10
Exchange 2007, Resilience and Storage Management
The IBM N Series and its unique integrated Exchange management software
sits at the heart of your Exchange system and will provide complete and
seamless Exchange data management.
SnapMirror offers a straightforward set-up that you can easily replicate across
all your IBM N Series storage systems. Once installed, SnapMirror requires
minimal management, and SnapManager software ensures effortless replication
of application-consistent snapshots.
SnapMirror can mirror data from FC storage to ATA storage, reducing storage
costs. To reduce network usage, SnapMirror works with Snapshots to send only
changed data blocks to the disaster recovery storage.
Page 11
Exchange 2007, Resilience and Storage Management
Page 12
Exchange 2007, Resilience and Storage Management
SMBR is a powerful tool that can save significant administrator time and effort
related to requests for specific Exchange information. It is especially useful in
specific situations such as:
With SMBR, there is no extra storage required and there are no pre-requisites.
SMBR does not have to be installed prior to its first use and it works with
existing copies of your Exchange Server databases.
Data Deduplication
1. The deduplication process should be granular. The smaller the data object
examined, the more likely it is that a duplicate object will be found.
2. The deduplication process should be designed with minimal overhead when
de-duplicating (storing) and un-deduplicating (retrieving) data.
3. The deduplication process should provide resiliency to insure that all data
can be reliably stored and retrieved, even in the event of catastrophic
system failure.
IBM N Series deduplication does not require any external software or additional
appliances.
IBM N Series security solutions work seamlessly with major database, file
services and business, and e-mail and technical applications, offering enhanced
protection for sensitive application data.
Page 13
Exchange 2007, Resilience and Storage Management
alan@alanmcsweeney.com
Page 14