active directory lookupreplay rpc server wrappertpr api manager copy status lookupremote data...
TRANSCRIPT
Exchange server 2013Storage | High Availability | Site ResilienceOctober 2013
StorageDatabases per volumeAutoreseedSelf-recovery behaviorsLagged copy innovations
High availabilityManaged availabilityDatabase failover changesBest copy selection changesDAG network innovations
Site resilience
Agendahttp://aka.ms/E15HATechEdAUhttp://aka.ms/E15HATechEdNZhttp://aka.ms/E15HATechDaysNLhttp://aka.ms/E15HATechEdNAhttp://aka.ms/E15HATechEdEU
2
DAG architectureMSExchangeReplMSExchangeDAGMgmtClusterCrimson Channel
Witness server placement
Dynamic quorum
DAG member maintenance
Agenda
3
DAG architecture
DAG replication serviceIntroduced in Exchange 2007 RTMMicrosoft exchange replication service | MSExchangeReplMSExchangeRepl.exeRuns on all Mailbox servers (not just DAG members)Communicates with Active Directory and other DAG members
Includes 16 componentsActive Directory lookup Replay RPC server wrapper TPR API manager
Copy status lookup Remote data provider wrapper Support API manager
Replay core manager VssWriter Server locator manager
Seed manager Active manager Health state tracker
Autoreseed manager Active manager RPC server wrapper
Disk reclaimer manager Failure item manager
5
Introduced in RTM CU2Microsoft Exchange DAG management service | MSExchangeDagMgmtMSExchangeDagMgmt.exeRuns on all Mailbox servers (not just DAG members)Communicates with Active Directory and other DAG members
Includes 4 componentsActive Directory lookupCopy status lookupMonitoringTracer instance
DAG management service
6
Writes events to same place as replication serviceMicrosoft Exchange DAG management service | MSExchangeDagMgmtMSExchangeDagMgmt.exeRuns on all mailbox servers (not just DAG members)Communicates with Active Directory and other DAG members
Created for two primary reasons:Active Directory lookupCopy status lookup
As we refactor more, other functions will move to this serviceAutoReseedDisk reclaimerDynamic replay lag playdownFuture AutoDAG copy layout and mobility features
DAG management service
7
Introduced in NT Server enterprise edition (1997)Cluster Service | ClusSvcClussvc.exe
Exchange DAGs use several cluster componentsQuorumMembership and node managementNetworks and heartbeatingCluster registry
Cluster service
8
Quorum is required in order to mount databases
Quorum is based on votes, not membership
Voting can be riggedVotes can be taken away manually or dynamically
Exchange manages quorum model, not quorumExchange management of quorum model based on nodes, not votesRemoving votes requires manual configuration of quorum modelExchange will make incorrect quorum model management decisions if votes are manually removed at the cluster level
Cluster service
9
Active manager stores database / server information in the cluster registry for DAG membersRegistry changes are replicated immediately to all DAG members
Stored information is used as part of BCSS
Cluster registry
10
IsEntryExist?True*ActiveServer?ex2*LastMountedServer?ex2*LastMountedTime?2013-07-15T22:29:39*MountStatus?Mounted*IsAdminDismounted?False*IsAutomaticActionsAllowed?True*
ActiveServerName of the server where the database is currently mounted or is expected to be mounted when mount operations complete
LastMountServerThe name of the server where the database was last successfully mounted
LastMountedTimeThe date and time stamp of the last time the database was mounted
Cluster registry
11
IsEntryExist?True*ActiveServer?ex2*LastMountedServer?ex2*LastMountedTime?2013-07-15T22:29:39*MountStatus?Mounted*IsAdminDismounted?False*IsAutomaticActionsAllowed?True*
MountStatusThe current mount status for the databasePossible values are mounted / dismounted
IsAdminDismountedDesignates whether the current dismounted status of the database is the result of administrator actionPossible values are true / false
IsAutomaticActionsAllowedDesignates whether the database can be automatically activated by AMPossible values are true / false
Cluster registry
12
Applications andslogsArea of Windows Server event log used by applications for logging and internal communicationThese logs store events from a single application or component rather than events that might have system-wide impactThis is referred to as an application's crimson channel
Exchange 2013 has multiple channelsActiveMonitoringHighAvailabilityMailboxDatabaseFailureItemsManagedAvailabilityPushNotificationsTroubleshooters
Crimson channel
13
Crimson channel
14
Witness server placement
Basic guidance for placement of witness server in Exchange 2010“We recommend that you use a Hub Transport server running on Microsoft Exchange Server 2010 in the Active Directory site containing the DAG. This allows the witness server and directory to remain under the control of an Exchange administrator.”
“If your DAG is extended to multiple datacenters, we recommend deploying the witness server in the datacenter that is considered to be the primary datacenter.”
Witness server placement
16
Exchange 2013 guidance more complicated due to new options introduced by architectural changes
Exchange 2013 includes support for new DAG configuration options that are not recommended or possible in previous versions of ExchangeA third location, such as a third physical datacenter or branch office
Witness server placement
17
Ultimately, the placement of a DAG’s witness server depends on business requirements and the options available to the organization
Witness server placement
Deployment scenario
Recommendations
Single DAG deployed in a single datacenter Locate witness server in the same datacenter as DAG members
Single DAG deployed across two datacenters; no additional locations available
Locate witness server in primary datacenter
Multiple DAGs deployed in a single datacenter
Locate witness server in the same datacenter as DAG members. Additional options include:Using the same witness server for multiple DAGsUsing a DAG member to act as a witness server for a different DAG
Multiple DAGs deployed across two datacenters
Locate witness server in the same datacenter as DAG members. Additional options include:Using the same witness server for multiple DAGsUsing a DAG member to act as a witness server for a different DAG
Single or Multiple DAGs deployed across more than two datacenters
Locate the witness server in the datacenter where you want the majority of quorum votes to exist
18
If the organization has a third location, then the DAG’s witness server can be deployed there for automatic siteThe witness server location must have network infrastructure and connectivity that is isolated from network failures that affect the two datacenters with Exchange
For all DAGs, the availability of the witness server should be on the Exchange administrator’s radar
Witness server placement
19
Azure is not supported for use as a Witness Server for Exchange DAGs
Investigation into using Azure to host witness server ran into dead endAzure does not yet support the required underlying network configuration to enable an Azure file server VM to act as a witness server
More info at http://aka.ms/DAGAzure
Witness server placement
20
Dynamic quorum
Windows Server 2012 Cluster (and later) feature
Cluster quorum majority is determined by the set of nodes that are active members of the cluster at a given time
This is an important distinction from the cluster quorum in Windows Server 2008 R2, where the quorum majority is fixed, based on the initial cluster configuration
Enabled for all clusters by default
Dynamic quorum
22
Cluster dynamically manages the vote assignment to nodes, based on the state of each nodeWhen a node shuts down or crashes, the node loses its quorum voteWhen a node successfully rejoins the cluster, it regains its quorum voteBy dynamically adjusting the assignment of quorum votes, the cluster can increase or decrease the number of quorum votes that are required to keep runningThis enables the cluster to maintain availability during sequential node failures or shutdowns
Dynamic quorum
23
With dynamic quorum management, it is also possible for a cluster to run on the last surviving cluster nodeBy dynamically adjusting the quorum majority requirement, the cluster can sustain sequential node shutdowns to a single nodeThis is referred to as “Last Man Standing” scenario
Dynamic quorum
24
Dynamic quorum management does not allow the cluster to sustain a simultaneous failure of a majority of voting members
To continue running, the cluster must always have a quorum majority at the time of a node shutdown or failure
If you explicitly remove the vote of a node, the cluster cannot dynamically add or remove that vote
Dynamic quorum
25
Dynamic quorumDQ = 7
Dynamic quorumDQ = 4
XX
X
Dynamic quorumDQ = 3
XX
XX
Dynamic quorumDQ = 2
XX
XXX
Use Get-ClusterNode to verify DynamicWeight common property of Node0 = does not have quorum vote1 = has quorum vote
Get-ClusterNode <Name> | ft name, *weight, state
Vote assignment for all cluster nodes can be verified by using the Validate Cluster Quorum test
Dynamic quorum
Name DynamicWeight NodeWeight State---- ------------- ---------- -----EX1 1 1 Up
30
Dynamic quorum does not change quorum requirements for DAGs
Dynamic quorum does work with DAGs
All internal DAG testing is performed with dynamic quorum enabled
Dynamic quorum is enabled in Office 365 for DAG members on Windows Server 2012
Exchange is not dynamic quorum-aware
Dynamic quorum and DAGs
31
Cluster team guidance on dynamic quorum:“Selecting this option generally increases the availability of the cluster. By default the option is enabled, and it is strongly recommended to not disable this option. This option allows the cluster to continue running in failure scenarios that are not possible when this option is disabled.”
Exchange team guidance on dynamic quorum:Leave it enabled for majority of DAG membersDon’t factor it into availability plansThe advantage is that, in some cases where 2008 R2 would have lost quorum, 2012 can maintain quorum; this only applies to a few cases, and should not be relied upon when planning a DAG
Dynamic quorum and DAGs
32
DAG member maintenance
Basic guidance for DAG member maintenance in Exchange 2010Run StartDagServerMaintenance.ps1 to put DAG member in maintenance modePerform the maintenance (e.g., install the update rollup)Run StopDagServerMaintenance.ps1 to take DAG member out of maintenance mode and put it back into productionOptionally rebalance the DAG by using RedistributeActiveDatabases.ps1
DAG member maintenance
34
DAG member maintenanceExchange 2013 guidance more complicated due to Managed Availability
Go into maintenance modeSet-ServerComponentState <Server> -Component HubTransport -State Draining -Requester MaintenanceSet-ServerComponentState <Server> -Component UMCallRouter –State Draining –Requestor MaintenanceRedirect-Message -Server <Server> -Target <FQDNTarget>Suspend-ClusterNode <Server>Set-MailboxServer <Server> -DatabaseCopyActivationDisabledAndMoveNow $TrueSet-MailboxServer <Server> -DatabaseCopyAutoActivationPolicy BlockedSet-ServerComponentState <Server> -Component ServerWideOffline -State Inactive -Requester Maintenance
Verify production modeGet-ServerComponentState <Server> | ft Component,State -AutosizeGet-MailboxServer <Server> | ft DatabaseCopy* -AutosizeGet-ClusterNode <Server> | flGet-Queue
DAG member maintenanceExchange 2013 guidance more complicated due to Managed Availability
Go into maintenance modeSet-ServerComponentState <Server> -Component ServerWideOffline -State Active -Requester MaintenanceSet-ServerComponentState <Server> -Component UMCallRouter –State Active –Requestor MaintenanceResume-ClusterNode <Server>Set-MailboxServer <Server> -DatabaseCopyActivationDisabledAndMoveNow $FalseSet-MailboxServer <Server> -DatabaseCopyAutoActivationPolicy UnrestrictedSet-ServerComponentState <Server> -Component HubTransport -State Active -Requester Maintenance
Verify production modeGet-ServerComponentState <Server> | ft Component,State -AutosizeGet-MailboxServer <Server> | ft DatabaseCopy* -AutosizeGet-ClusterNode <Server> | flGet-Queue
Q&A
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.