| |
|
Tuesday, February 2, 2010
Dude, Where's my Backup?
By Mahmoud Magdy
When I started writing this post, I couldn’t get the movie “Dude, Where’s My Car?” and its events out of my head for two reasons. The first reason is that the conundrum the film’s characters find themselves in reminds me of a similar event in which one of my customers experienced an Exchange disaster and I was brought in to assist. I realized straightaway the client needed to perform a backup, and when I informed the Exchange Administrator of this he frantically turned to his Backup Administrator and asked him, ‘Dude, where’s my backup?!’
The second reason this movie reminded me of that incident is because the same clueless looks that the film’s starring actors had on their faces when they awoke after a crazy night to find their car missing were identical to the looks on the faces of the Exchange and Backup Admin when I asked them to perform a backup. In fact, I see that look on many of my customers’ faces when I ask them to restore an Exchange backup set for me! Those days of panic-stricken looks and long hours spent worrying over data loss, log deletion, and mailbox restoration are now over. Join me as we explore one of the undocumented features of Exchange 2010: the backup-less deployment.
Backups in Exchange have always been a point of concern for me due to my experiences while working as an Infrastructure Manager. In one instance I thought I had done everything I should have: I had everything in place, our Exchange was up and running and I had assigned a team to backup Exchange, AD, SQL and most of our critical systems. We tested the restore steps and everything ran smoothly, but when we had a disaster you can already predict what happened – we experienced another backup set failure which cost us two hours of downtime.
The secret to successfully restoring Exchange has always been a mystery. A successful restore even for an Exchange guru is a tedious task! We are fortunate that today we have assistance in the form of DB portability, power shells, and wizards for backups and restores; but even with this help, the task of restoring Exchange remains tedious.
Other issues that arose with the introduction of Exchange 2007 were the single item and single mailbox restoration. It is now possible to restore a single mailbox, or better yet a single item, but clever software is needed to perform the task. You must also properly train and prepare your IT staff, and remember that the software and hardware requirements for either type of restoration are expensive. You must carefully compare your options when purchasing decent backup software since their prices can be high.
You say you want a revolution…
Well you know, when Microsoft introduced Exchange 2010 that’s exactly what they brought. For the first time, Microsoft is recommending that administrators perform backup-less deployments. When I heard that I laughed out loud, as I am sure many of you are, since for years as consultants and as customers we have always been told to backup everything, most importantly our Exchange data, so just exactly how will this revolution of backup-less Exchange deployments change the world?
So Microsoft has a real solution…
Would you like to hear the plan? If you are shocked by this new recommendation then let me set your mind at ease: ‘it’s gonna be alright.’ If you feel like it will take awhile for you to trust Microsoft’s recommendation then you are not alone. It took me, a technically savvy (and extremely humble) guy nearly 3 months to accept this fact, but what it really took was for me to design a backup-less configuration for the first time. After designing this configuration I have learned the benefits of going backup-less, so please join me as I explain them to you.
Backups’ Background:
Historically, I have always considered Exchange backups to be more important than Exchange itself. ‘Why?’ you might ask. My answer is multi-fold: because it guarantees that I will be back online in the blink of an eye if the system goes down. Plus , it will enable me to recover items for users that have been hard deleted, and more importantly this is the only way to flush and delete the logs of the mailbox database (previously this was tied to the Storage Group.) The other not-so-popular method of deleting such logs is known as circular logging.
Backup in Exchange 2003 was straight forward, but with Exchange 2007 Microsoft introduced the concept of database copies which provided a new way to backup your Exchange data.
Now you can perform a backup from the passive copy, which provides enough data to help you discern what the online copy is suffering from (i.e. IOPs, users’ access, AV Scan.) When you back up the passive copy, and the backup to the passive copy is complete, then the database is marked as backed up and logs are deleted from passive and active copy.
As mentioned previously, doing Exchange backups historically required costly backup software as well as hardware, including storage, backup tapes, tapes libraries, and backup hustle.
Microsoft made a bold decision to change the Exchange world by introducing backup-less configuration, which I will now discuss in more detail.
Less is more, don’t you agree?
What does backup-less really mean? It simply means that you do not have to backup your Exchange data, or at the very least it gives you the ability for the first time to not have to back it up.
I can completely understand many of you doubting that this is in fact a possibility, to never have to backup your Exchange data, but before you make your decision let us explore backup-less architectures and learn how they really work.
Backup-less Architecture:
As stated above, backup in E12 could be done to the passive copy but this is only true for CCR or LCR. At the time, this was a viable option: to backup the passive node and then once backup is done the passive copy updates the database header, notifies the active node, and the active node deletes the logs.
Issues to consider before designing or deploying a Backup-less configuration:
- Data protection, Database health, Database recovery.
- What to do when you lose data.
- How to delete your logs.
- How to restore items and mailboxes like before.
In order to address these issues, you must understand how Backup-less Configurations work:
When you want to configure your Exchange in backup-less, you should have at least two copies of the data (Active/Passive.) Microsoft recommends doing backup-less in more than 3 copies (Active/Passive/Passive) configuration. In order to configure your infrastructure to be backup-less, you must obtain three copies of the data and configure circular logging on the mailbox database.
I can hear you saying, ‘Circular logging?! No way!’ And I understand your reaction, but keep in mind we never do circular logging unless we have strong reason to, so let us see how circular logging works with the backup-less.
Real World Example:
To illustrate how circular logging works with backup-less, let us consider the following example:
You have a mailbox store called MB1 that has 3 copies of it on Servers 1, 2 and 3. MB1 is active on Server 1 and has two copies on Servers 2 and 3. Now you want to configure it in Backup-less. All you have to do is configure the mailbox database to do circular logging, and once you do so Exchange will change its architecture slightly and perform circular logging in another way.
When circular logging is enabled on the database, the logs are written to the Hard disk. Once the data is committed to the database, logs will be flushed. In Backup-less (DAG environment only) this changes the Exchange behavior: logs are written but never get flushed until logs are replicated and marked as checked at the other database copies.
To understand this, let us go back to our example: MB1 has log E01 that is waiting to be written. E01 is written to the DB and now it gets held in Server 1 when before it would have gotten flushed.
Server 1 replicates E01 to Server 2, Server 2 copies the log and it remains in Server 1 where it checks the logs and marks it as healthy/inspected and notifies Server 1. Server 1 does the same with Server 3 and once Server 3 verifies its logs and reports to Server 1 that its copy of E01 is healthy/inspected, then Server 1 deletes and flushes the logs.
There are 2 questions that might arise at this point:
- Why didn’t Exchange wait until the log is replayed at Server 2 and Sever 3?
- Does Server 1 wait until it replicates the data to all of its adjacent servers? (In our example server 2 and server 3)
The answer to the first question is Exchange will not wait for the log replay because you might have a lagged replay configured on your DB copy. This means that you might replay the logs 48 hours later which translates into huge numbers of logs for Exchange.
I do not have a confirmed answer to the second question yet, but if you attended an Exchange 2010 Advanced storage session you would know that an Exchange server can recover and resend the logs, and even better, the specific bits in case of database corruption. But if Server 1 deletes its logs and the same for Server 2, then where does Server 3 get its logs from?
Hopefully by now the answer to that question is a little bit clearer. Exchange now has a self-based mechanism to flush its logs, but Backup-less configuration is not a specific setting that you assign to Exchange. By that I mean you don’t go to the options page and check the box stating this is a Backup-less organization; rather, this is a group of configurations that you apply to Exchange so you can deploy a Backup-less configuration. It is important to remember that this behavior is the same if you have 2 copies and do circular logging, even if you do backup.
There are several pertinent questions that we should answer one at a time:
- What about the health of my Database, Database availability, and uptime?
Exchange 2010 has a self-healing mechanism. What that means is that if page No. 485950 gets written to a bad block, or gets corrupted logically or physically, then Exchange 2010 can replicate this page from another server by copying only the required page with the next replication cycle. This keeps the Exchange database healthy and minimizes the replication requirements.
If Exchange cannot make the active database healthy then we have DAGs that pick the best available copy and make it an active copy. Typically if a physical server failed, a Hard disk failed, or a database failed physically or logically, you would not need your backup since you already have two copies. This means you don’t need your backup! (Are you becoming a backup-less fan yet?)
Now the other dimension is minimizing the storage cost. Since you have three copies of the database, and since Exchange 2010 has 70% less IOPs, you no longer need expensive SCSI disks, or even a SAN. I recommend using a JBOD configuration which is much more cost effective than any other storage option. Thus, in a backupless configuration, you can have three copies of your data and reduce both the backup software and hardware cost. (Considering jumping on the backup-less bandwagon now?)
- What should I do if I want to replace a single item or a mailbox?
Before answering that, first ask yourself how many times as an Exchange admin you had to do that (restore an item or mailbox for a user). In my career, I only had to do it at most three to five times. It might be different in your organization, but in general most Exchange administrators do not need to do that on regular basis.
Since we have cheaper storage we can increase the mailbox store dumpster. It is set at 14 days by default, but now you can increase it and ask the users to recover their mailbox store. You can also use the new RBAC (role-based access control) model and give helpdesk personnel the permission to search the Exchange dumpster and perform discovery within it using PowerShell in order to recover items for users…..meaning you as the Exchange Admin does not have to!
- Don’t I need a backup at all?
I will not say that you don’t need to backup the Exchange system at all, but you might want to consider backing it up as a second layer of protection. If you do perform a backup-less configuration, then your first line of defense is not the backup sets any more, it is your Exchange 2010 Backup-less configuration,. In other words, it is done automatically.
I know after being told for years to backup everything, most especially Exchange data, that it will be difficult to change your thinking radically with a single article. You probably have legislations that make you comply with 3 years’ restore SLA. But if you are one of the Exchange admins that do not have to abide by such legislations, then you should consider Backup-less Configuration.
Hopefully you now understand the architecture change of the circular logging, DAGs, and how to do backup-less configurations. Backup-less configuration is still an un-documented feature of Exchange 2010 and you will not find much information about it. My recommendation is that you open your mind to the idea and take care in calculating the total cost required for backup gear as compared to the B-less cost, without forgetting their technical and operational requirements as well. I cannot say that backup-less is for everyone, but it is a great option that can save you money, and one you should give decent thought to.
I look forward to bringing you another thought-provoking article within a month, and until that time I wish you the best uptimes and the fastest Exchange servers!
Labels: Exchange 2010
Tuesday, January 19, 2010
Understanding Exchange 2010 Storage Architecture: Part 2
By Mahmoud Magdy
In Part 1 of our series on the Exchange 2010 storage architecture, we went back to the basics by reviewing Microsoft’s ESE (Extensible Storage Engine), then moved on to discuss the new enhancements that further reduce IOPS (Input/Output operations per Second.)
In Part 2, we will continue our journey through the Exchange 2010 storage enhancements by exploring the concepts of logical and physical changes to the Microsoft ESE database. But first I would like to revisit a few important topics that deserve elaboration--namely, the SIS (Single Instance Storage) removal and the Lazy View Updates. SIS (Single Instance Storage) Removal:
SIS, or single instance storage, was introduced to the Exchange server product suite in Version 4.0 and remained there until the release of Exchange 2007 (Version 12). The role of SIS was to store a single copy of an email or attachment in a Mailbox database, thus allowing any recipients within that database who received the message to be able to access it via a single instance. The greatest asset of SIS was its ability to prevent attachments from being duplicated, engendering huge space savings on the disks.
SIS in Action:
Consider the following example:
When User A sends a message with a 1 MB attachment to a DL (Distribution List) or a group of 100 users, SIS steps in and delivers only 1 copy of the attachment to the mailbox store on which this particular group of users is located. Thus, instead of User A forcing that database to store all 100 MB, or 100 copies of the attachment, he or she saves approximately 99 MB of space on the Mailbox store.
Many people were concerned when they heard SIS was being removed from Exchange Server 2007, but one must trust that Microsoft has their reasons. In 1996 when Exchange 4.0 was released, disks were bigger, slower and more expensive in comparison to current storage prices. Since SIS is only effective when used within a single database, SIS was the perfect solution to reducing the size of mailbox stores in a time when many companies only had one database. The trend in storage architecture shifted as disks became smaller, faster, and cheaper, meaning that most companies now have multiple databases storing more users on fewer disks.
As disk storage became less expensive and the database engine itself evolved from the mid 1990s through the turn of the century, Microsoft admitted that the benefits of SIS were no longer as beneficial as they used to be. In fact, studies have indicated that the 20% database reduction savings were never fully realized, and that the more accurate figure was closer to 10% and in some cases as low as 5%. If you recall from Part 1 of our series, Microsoft decided to make a dramatic change to the ESE, but in order to do so they had to make a choice: keep SIS or provide better performance? To provide better performance meant Microsoft had to increase the IO size to 32KB and force the ESE to make larger IOs and reduce the frequency of read/writes. Incorporating these changes for the sake of better performance required bidding the SIS farewell.
After implementing these changes, however, Microsoft found that space hints and the new B+ tree architecture added approximately 20% space to the Exchange 2010 database, so Microsoft introduced a new feature called the Database Compression or LV (long value) Compression.
Before we dive into Long Value Compression, let’s first answer the question of what is a long value (LV)? As many of you know, in Exchange 2010 the boundary of a page size was increased to 32 KB, and to understand why you must first understand the basics of how data is stored in Exchange databases. In Exchange, all data stored in databases is held in B+ trees which are further divided into pages. The unit size used for caching in databases is the page size, which is the minimum size required for reading and writing to the database. Since performing operations by memory is much faster than reading directly from the disk, by increasing the page size to 32 KB it allowed the ESE to reduce IOPS. The result of the reduction in IOPS is improved performance since the larger page size is cached in the memory.
Now back to the explanation of Long Values. Since the page size in Exchange 2010 is 32 KB, the emails larger than this value end up consuming extra pages and space within the database. LV Compression is the solution to this problem: it defines another table to be used by those emails, and then they are compressed to provide better space saving.
The above figure illustrates the database file analysis and comparison between E12 and E14. E12 wins in the analysis for RTF files; however, as you all know most of the emails are text or HTML-based, so using the LV compression technique renders a better space saving. Even with the removal of the SIS, the Exchange 2010 DB file is reduced by about 12% less than the E12 database size.
Lazy View Update:
Another dramatic change to the ESE brought about by Exchange 2010 is the Lazy View Update. To examine this in further detail, let’s consider the following example:
In E12, if a User (who is using OWA or Outlook Web Access) has 5 views in his inbox, then the next time the User gets an email Exchange instantly updates all of the 5 views. While this improved the end-user experience, it forced Exchange to do 2 things:
1. Perform unnecessary IOPs. (i.e. The user might be out of office, or the email might have been received in the middle of the night, thus forcing Exchange to pay for IOPs that are not necessary.)
2. Since the update is done per email, it made Exchange create excessive small IOPs to update the views.
Microsoft has solved this problem with the introduction of Lazy View updates. Going back to our example, if the above User is using OWA or Outlook Online, the view will not be updated until that User opens the view. Although this might be slower on the backend than in previous versions, the larger and now sequential IOs that are performed prevent the User from noticing any performance impacts during viewing or opening the views.
ESE Logical Contiguity:
Microsoft has made dramatic changes to the ESE storage in order to allow better IO utilization using sequential IO; a single hard disk cannot exceed 200 random IOs, while a regular SATA disk can do 300+ sequential IOs easily.
Now to better reflex the changes in the ESE architecture, try to envision the following scenario in your head. (I recommend this approach as it has greatly helped me during my own Exchange sessions.)
Imagine that you are looking at the ESE database through two transparent films: one is a logical film and one is a physical film.
The logical film is how data is structured in the ESE database, and includes tables, indexes, LV (Long Value) tables, etc. Once data is located, you must go in and find its reflex and physical location within the ESE database. (Remember this is where the pages, which are stored directly on the hard disk, are stored inside the ESE database file.)
In Part 1 of this series, we introduced the concept of logical contiguity. Let us complete our exploration of this topic by looking at the following diagram:
Microsoft has changed the table architecture in the mailbox store from a table per database to a table per mailbox. This allows fewer yet larger size sequential IOs to be committed against the ESE database, and thus optimizes the IO operations at the logical layer.
SIS removal, table architecture change, LV Compressions and Lazy View Updates are all fundamental components of the logical architecture changes to the ESE engine.
ESE Physical Contiguity:
Now that we have explored logical contiguity, let us take a look at the physical structure inside the ESE Database. Recall from Part 1 that the ESE data is stored based on the B+ tree model, which consists of properties which are stored in records which are in turn placed in a node that is stored in a page.
In the previous versions of Exchange (E14 and below), data was stored inside the database in a random matter, which was the reasoning behind having to place logs in separate disks or spindles apart from the database files. This was done because logs used to commit sequential IO while Exchange used to commit Random IOs.
This behavior negatively impacted the Exchange storage design and performance, and over time the database became fragmented and offline defragmentation of the database was necessary. In order to improve this behavior, Microsoft has changed the ESE writing behavior so that it stores the ESE pages in a contiguous manner.
To understand it better, one must visualize the design. Take a look at the following diagram:
 The above diagram compares the B+ tree in the previous version of Exchange to the current Exchange 2010 version. As you can see, in Exchange 2007 pages are committed to the database in a random manner, causing the database to become fragmented over time and forcing Exchange to commit IOs in small random orders.
In Exchange 2010, the B+ tree design has been modified: pages are now stored in a contiguous manner where they are written and read in a sequential manner, thus improving the physical contiguity of the ESE file. There remain some missing pieces to the puzzle. For instance, what happens if a read/write IO has to be committed and it cannot be done sequentially? This mystery, along with others, will be discussed in Part 3 of this series.
Labels: Exchange 2010, Exchange Information Stores
Tuesday, January 5, 2010
Understanding Exchange 2010 Storage Architecture: Part 1
By Mahmoud Magdy
In this article, we will take a close look at the Exchange 2010 Storage architecture, but first let us go back to the basics by reviewing the ESE engine storage and then delve into the new enhancements that were introduced with Exchange 2010. First, a brief review of the ESE basics: Microsoft’s Extensible Storage Engine (ESE) is an ISAM (Indexed Sequential Access Method) data storage technology. The purpose of the ESE is to allow applications to store and retrieve data via indexed and sequential access. The ESE is suitable for server applications since its transactions are highly concurrent; but at the same time it is lightweight enough that it also works well for auxiliary applications. Worried about losing stored data in the event of a system crashing? The ESE provides transacted data update and retrieval, meaning that data consistency is maintained should your system crash via the ESE’s crash recovery mechanism.
As you all know, ESE relies on the B+ tree in order to store data. The following diagram features a simple tree that illustrates how information is stored in the data tree:
 Since sorting and searching through mounds of data is time-consuming, ESE stores data in trees in order to optimize their sorting and searching behavior. In addition, the regular tree model has been updated using the B+ tree to allow for faster, more efficient sorting of data.
There are 2 types of data sorting: either internal or external. Internal data sorting means that the system can store and sort the data in the memory. However, since it is impossible for each system to sort its data within the memory, the system is forced to store data on the disk and then begin using the B+ Tree.
Data in the ESE is stored based on the following hierarchy:
- A property is created, generated and placed in table record. Keep in mind that MAPI uses properties in order to define data and their structure at the lowest level.
- Multiple properties are placed in a record.
- The record is stored on a node, and a corresponding key is used to both index and vastly access the record. One thing to remember is that the leaf nodes (the end nodes) are logically linked together to allow the horizontal crawling and movement of data within the B+ Tree.
- A record is placed into lines which are then stored on a page, with the page being the smallest element of the hard disk. Storage sizes in previous versions of Exchange: In Exchange 2003 the hard disk size was 4 KB. That number doubled to 8 KB in Exchange 2007, and then quadrupled to 32 KB in Exchange 2010.
How did Microsoft improve the storage engine in Exchange 2010?
Exchange 2007 introduced significant enhancements for the storage usage and optimization, however Microsoft wanted to further improve these enhancements with the release of Exchange 2010. While doing preliminary research to determine the most pertinent areas in storage use and optimization that need attention, Microsoft found that enterprises suffer from several challenges with the current storage technologies, including but not limited to:
- Random IO and disk limits: The current technologies provide limited random IOs throughput; however, most of the current systems can perform several hundred requests on sequential IOs.
- Storage Design flexibility: As email communication increases, enterprises are continually demanding improved and flexible options for storing users’ growing amounts of data.
- Using SATA Disks and JBOD technologies: Enterprises were limited to their capacity limits by the SAS/SCSI disks; however, there are currently 2 TB SATA disks (even though Exchange should be able to work with the limited throughput of the SATA disk.)
Task 1: change the ESE storage scheme:
In previous versions of Exchange, as illustrated in the first diagram, there were multiple tables per database that contained the users’ data. In figure 2 (and in Exchange 2007) there were multiple tables (for example: mailbox table, folders table, messages table, etc) per mailbox database. Thus, in order to open a user’s mailbox, Exchange required multiple small IOs to be performed.
In Exchange 2010, Microsoft moved to a table per mailbox, making it faster and easier to open a user’s mailbox. With Exchange 2010, opening a mailbox requires fewer and larger IOs in order to open a user’s mailbox and read specific email messages stored inside. This is due to the fact that the underlying architecture of the storage design was modified in Exchange 2010 in order to reduce IOPS (input/output operations per second). Microsoft dramatically reduced IOPS with Exchange 2010 to a full 70% reduction over 2007 and a 90% reduction over Exchange 2003.
In addition to the aforementioned features introduced in Exchange 2010, other enhancements have also been made to further reduce IOPS, including the Lazy View update and the usage of the ‘pay to play’ method. Remember that in previous versions of Exchange, custom views were updated as soon as the store received an email. Although this technique provided the end users with a better experience, it had a negative impact on Exchange, forcing the Exchange system to continuously update the view and create random small IOs in order to keep the store with the most updated view. With the Lazy View update, the email store is only updated when requested by the end user.
Exchange 2010 utilizes Lazy View technology in which the views are updated when the user attempts to access them. Although this increased the time it takes to open the view, it dramatically enhanced the Exchange IO performance by using the notion that it is faster for the disk to read data stored in larger, sequential pieces versus the disk head having to gather smaller chunks of data spread out across the disk.
In order for Microsoft to create a table per mailbox, they had to remove SIS (Single Instance storage). Some of you may complain about this initially, but never fear: Microsoft provided a work-around known as Database compression. This technology is used to compress the content of the database (especially text and html files), and provides an alternative to the SIS removal issue.
Now take another look at the Exchange 2010 ESE and compare it to Exchange 2007’s ESE. In Exchange 2007, in order to open a message in Joe’s mailbox, Exchange had to open the mailbox table, read the message header, open the message and read the attachment (examples of small random IOs.)
In Exchange 2010, the Exchange system can open the mailbox table, read the message header, and open the message directly. It is important to note that since these tables are now logically connected it is more convenient for Exchange to access them, and thanks to the new page size in Exchange 2010, E14 can read the entire message body in a single IO. If additional IOs are needed they can be done, but in order to streamline the data gathering process, these commands are now grouped in larger, sequential IOs.
Let us pause at this point and revisit our discussion of Microsoft’s enhancements to the ESE in Exchange 2010 in Part 2, at which time we will delve deeper into the topics of physical and logical contiguity.Labels: Exchange 2010, Exchange Information Stores
Tuesday, December 22, 2009
To virtualize Exchange or not to virtualize Exchange?
By Lasse Pettersson, Exchange MVP
A very common question I hear when talking to customers is whether or not they should run Exchange in a virtualized environment. The answer I give them is multifold: yes, there are benefits to running Exchange virtually, but you must carefully think first about the prerequisites and make sure it is the best move for your environment.
Virtualization is not magical. Some people have the misunderstanding that because you run virtualized, you don’t need to size your servers. This line of thinking will quickly get you in trouble. You still need to figure out how much RAM, CPU and storage you need, both for volume and for performance reasons. The rules are simple: scale your server in the same way you would if you were using physical hardware, and then apply it to your virtual server.
If you figure out that your server is going to need 16GB of RAM and 1000 IOPS, then make sure that the virtualized server has the same resources available; otherwise, your Exchange servers will have performance issues.
Performance. Think about what virtualization environments look like today when considering your hardware’s performance, you should take into account how virtualized environments are deployed. Most companies deploy one or more physical servers, possibly in a clustered configuration, hosting several virtualized servers on each physical server. This means that each physical server must be able to handle the load for every virtual server instance running on the physical one.
With today’s hardware, this is most likely not a problem if you think about CPU or memory (CPU and RAM are not that expensive and can be added later if needed); but when it comes to storage, that is another story. Every server needs disks, both for booting from and for saving the application data to. If running 5 servers on one physical, then the physical server must have 5 times the disk volume—always keep in mind the importance of performance.
For example, let’s consider the following configuration:
Imagine that you have 5 virtualized servers, each having a 50GB disk for OS and a 100GB disk for storing data, which is 150GB times 5 servers and you end up with 750GB. This is no problem for modern disks since a single disk can easily hold 750GB of data. But if you would have run those 5 servers on physical hardware, then you might have put in 4 spindles and created 2 mirrors with 2 disks each. This would render you a fairly good performance on disk. Then if you also have 5 servers with this configuration, that results in 20 disks.
Now compare that disk performance to the single disk performance. Exchange designers have for a long time been used to and forced to think in number of spindles instead of volume because of the disk performance, but this knowledge isn’t that widespread and there is a chance that the people who maintain the virtualization platforms don’t have this knowledge. With this being said, you most likely end up with your virtualized environment connected to a pretty beefy storage containing a lot of disks to withstand the IO performance need.
Virtual hosts affect each other. With several virtual machines running on a single hardware, one virtual machine that is running very high on CPU can drain the physical server on CPU resources, leaving the other virtual machines with little to no CPU resources, causing them to perform slowly. Virtual platforms have configuration settings to limit this behavior, both from draining resources and for maintaining some amount of resources for virtual machines.
This applies to not just CPU resources, but to all other resources also shared by the physical server.
Virtualization adds complexity. By now you’ve gathered that virtualization adds complexity. The most likely scenario is that you end up with a bunch of virtualized servers with disk files located on a SAN. There is also a good chance that you need some more education to maintain not just the ordinary Exchange server environment, but also to manage the virtualization platform as well as the SAN infrastructure.
There is always going to be a time when something happens to the environment for unknown reasons, which inevitably leads to really complex troubleshooting. In smaller companies there is often one person maintaining everything in IT; but in larger companies there are several departments maintaining one piece of the puzzle, making troubleshooting even more complex! Situations might arise that involve several people blaming each other, saying things like ‘There is nothing wrong with my SAN!’ I’m sure many of you have taken part of such conversations.
Virtualization is not free. The complexity mentioned above is not free, unfortunately. Education costs money and time. If you also add the time spent on maintaining multiple systems and most likely some troubleshooting to get them working together, you can easily see that it will cost more money than a standard windows server with Exchange on it. An ordinary windows technician should be able to maintain a standard windows box with perhaps some local attached disk drives.
On the other hand, what can be free under some circumstances is the software license for the virtualization platform. Keep in mind, however, that this is often a small amount of money compared to all the labor and education costs that will be incurred. Plus, there might be costs associated with putting the environment in a SAN.
Flexibility. Virtualization technology is great for flexibility. It is often very simple to add resources such as disk or memory to a virtualized server, and if done correctly it is easy to add servers as they are needed. With the easy provisioning of servers, virtualization is great for lab environment where you often need to add or restore servers quickly. In a lab you can also test things and don’t need to be afraid of breaking your system since it is easy to restore them.
There is always the element of patching a running system. The process for patching a virtualized server is the same as for a physical one. Some people argue with this and say that they can do a snapshot of the server before patching and if something breaks they will just roll back the snapshot. This, however, is not feasible with Exchange since it relies on the configuration being in Active Directory.
Consider this scenario:
There is a patch for Exchange available that you want to install, so you do a snapshot of your virtualized Exchange server and apply the patch. After the reboot or restart of services you notice that the patch doesn’t work in your environment. ‘No problem,’ you think, ‘I will just go back to my snapshot.’ This is not the best course of action, however. Not only because you will “go back in time”, making people lose mail between the time when your snapshot was taken up to the present time, but also because this patch wrote or changed something in Active Directory. By going back, the installation before the snapshot doesn’t like the information being present in Active Directory, causing Exchange to fail. I don’t think this will be a common problem with Exchange, but it is something to be aware of. My recommendation is to do a snapshot of AD and Exchange at the same time as the rollback, not separate.
Exchange supportability Running virtualized is not limited to use of Microsoft technology with Hyper-V. Microsoft has a program called Microsoft Server Virtualization Validation Program (SVVP) http://www.windowsservercatalog.com/svvp. This program allows other vendors to go through tests so that their virtualization technology can be validated and approved by Microsoft. Being a vendor that is a member of SVVP makes it supportable by Microsoft to run Exchange on; therefore you are not limited to Hyper-V.
Microsoft has published a document with policies and recommendations for running Exchange 2007 and Exchange 2003 virtualized, and can be found here: http://go.microsoft.com/fwlink/?LinkId=124624
Information about Exchange 2010 will be published shortly, but in essence it will be very much the same as for Exchange 2007.
This document should be read carefully by the people doing Exchange design work, otherwise you may be out of support from Microsoft. Most important point to remember is that your storage and high availability are designed correctly.
Security is of course something to think about, and the virtual servers we treat the same way as if they were physical. Those servers must be protected and patched just like any other server. There is also the challenge of who can access and manage the virtualized environment? Running Exchange in a virtualization environment adds complexity in terms of security, and is definitely something to consider carefully.
Ask yourself some questions:
What if someone could get access to the physical servers and simply copy the disk file? That person could then sit quietly and try to withdraw data from the file. Thus, it is important to think about permission on files, servers and management tools.
What about if you move a virtualized Exchange server to a physical server that is not located inside a locked computer room, or to a hardware that doesn’t have the needed resources? As you can see, security around virtualization involves many components.
Now that you have all the information, let’s return to the original question about running Exchange in a virtualized environment. Ready for my final answer? Yes, it can be done and many benefits will be incurred as a result, but you must play close attention to the design outside of Exchange and keep in mind all the prerequisites, pitfalls, and misconceptions that you could face.
Tuesday, December 8, 2009
Granting Granular Administrative Permissions in Exchange 2010
By ESE Contributing Author Hans Willi Kremer
Exchange 2010 provides a role-based administration architecture, and consequently permissions can be granted on a very granular level. Built-In groups are available, but a question that might arise in your organization is, How can I grant permissions to a Help Desk colleague so that s/he is only able to modify the SMTP address of a user? What tasks must I perform in Exchange 2010 to accomplish this? To answer these questions, I would like to share with you the below example which demonstrates a very unique requirement and its solution. The example is based on Exchange 2010 RC with a help-desk user called Garry 1. Create a new management role, wich is derived from role „Mail Recipients" New-ManagementRole -Parent "Mail Recipients" -Name "MgmtRole SMTP Modifcation"The object is stored in "/Configuration/Schema/ms-Exch-Role" Note: Remove roleRemove-ManagementRole "MgmtRole SMTP Modifcation" -confirm:$False 2. Check which cmdlets are allowed in this roleGet-ManagementRoleEntry "MgmtRole SMTP Modifcation\*" Format-List
3. Remove all RoleEntries from this role except „Set-Mailbox" Get-ManagementRoleEntry "MgmtRole SMTP Modifcation\*" Where-Object {$_.identity -ne "MgmtRole SMTP Modifcation\Set-Mailbox"} Remove-ManagementRoleEntry -confirm:$False
4. Check if all cmdlets in this role are removed except „Set-Mailbox" – additionally check the paramertersGet-ManagementRoleEntry "MgmtRole SMTP Modifcation\*" Format-List
5. Remove all parametersSet-ManagementRoleEntry "MgmtRole SMTP Modifcation\Set-Mailbox" -Parameters $Null
6. Check, which parameters of cmdlet „Set-Mailbox" are allowed in this role(Get-ManagementRoleEntry "MgmtRole SMTP Modifcation\Set-Mailbox").Parameters
7. Add the parameters which can be used by members of role group when they execute cmdlet Set-Mailbox Set-ManagementRoleEntry "MgmtRole SMTP Modifcation\Set-Mailbox" -Parameters Identity, PrimarySMTPAddress, EmailAddresses -AddParameterHinweis: Entfernen eines ParametersSet-ManagementRoleEntry "MgmtRole SMTP Modifcation\Set-Mailbox" -Parameters Identity -RemoveParameter
8. Check that only granted parameters of cmdlet can be used(Get-ManagementRoleEntry "MgmtRole SMTP Modifcation\Set-Mailbox").Parameters
9. Create a new role group and link it with roles and membersNew-RoleGroup -Name "MgmtRoleGroup SMTP Modifcation" -Roles "MgmtRole SMTP Modifcation" -Members Garry Note: remove a rolegroupRemove-RoleGroup -Name "MgmtRoleGroup SMTP Modifcation" 10. Link a user with a rolegroupAdd-RoleGroupMember "View-Only Organization Management" -Member Garry Note: removemember from rolegroupremove-RoleGroupMember "View-Only Organization Management" -Member Garry 11. Note: behind the scene a linkobject MgmtRole SMTP Modifcation-MgmtRoleGroup SMTP Modifcation" has been created to link the rolegroup with the role.Get-ManagementRoleAssignment -Role "MgmtRole SMTP Modifcation" fl identityremove-ManagementRoleAssignment "MgmtRole SMTP Modifcation-MgmtRoleGroup SMTP Modifcation" 12. Final test: user Garry executes these cmdlets to try if he can modify some attributes of user be01 in domain xchg10.com Set-Mailbox be01@xchg10.com -alias "bbbb"expected result: A positional parameter cannot be found that accepts argument '-alias'. Set-Mailbox be01@xchg10.com -ForwardingAddress administrator@xchg10.com expected result: A positional parameter cannot be found that accepts argument . . Set-Mailbox be01@xchg10.com -CustomAttribute1 "Text"expected result: A positional parameter cannot be found that accepts argument . . Set-Mailbox be01@xchg10.com -EmailAddresses "SMTP:bbb@xchg10.com" expected result: this works!
Labels: Exchange 2010
|
|
|
Previous Posts
Browse Monthly Archives
Suggest a Topic
Hire Us
Subscribe to
Posts [Atom]
|
|
