2.1. Cross-site Switchover
Deploying a DAG across
two sites can allow database copies to exist in two locations and
provide site resiliency. This allows a single mailbox database to fail
over and switch over to the secondary site. The client software will
react to the changes in one of two possible ways when the active mailbox
database is moved from one site to another. Understanding these
reactions is important to ensuring that you perform the correct type of
failover for your needs:
The Client Access server will directly connect to the Mailbox server.
The client will be redirected to connect to the second site, as shown in Figure 1.
Exchange 2010 SP1 includes
functionality to control the connection behavior of Outlook when a
cross-site database failover or switchover occurs. By default, Outlook
will connect across from the primary Client Access server to the
activated Mailbox server for temporary cross-site situations.
Alternatively, the administrator can prevent all cross-site connections.
Temporary and permanent cross-site moves are differentiated by the
administrator explicitly resetting the database copy activation
preference.
In the initial release
of Exchange 2010, the default behavior is to perform a direct connect
from the Client Access server array in the first datacenter to the
mailbox hosting the active copy in the second datacenter. Redirection will only occur when the RPCClientAccessServer
property is changed on the mailbox database. In SP1, you can choose to
enable or disable cross-site direct connect and define an activation
preference for a database.
The new SP1 behavior is based on the following three properties:
Cross-site direct connect happens in the following scenarios:
If the Outlook profile home server value, preferred database site, and
mounted database site are the same, Outlook will connect (or stay
connected) to the Client Access server array and that will connect to
the Mailbox server cross-site.
If
the Outlook profile array site is the same as the preferred database
site, and the mounted database site is different and cross-site
connections are allowed, Outlook will connect (or stay connected) to the
Client Access server array and will connect to the Mailbox server
cross-site.
If
the Outlook profile home server property value is the same as the
mounted database site, and different than the preferred database site,
Outlook will connect (or stay connected) directly through the to the
Client Access server array to the Mailbox server cross-site. This
happens when you change the activation preference.
Redirection happens in the following scenarios:
If the Outlook profile
home server property value is different, and the preferred and mounted
database sites are the same, the RPC Client Access service must redirect
Outlook to the preferred and mounted database site and update the
Outlook profile.
If
the Outlook profile home server property value is the same as the
preferred database site, and the mounted database site is different, the
Client Access server will redirect Outlook to the mounted database site
if cross-site connections are not allowed.
Using cross-site direct
connect is often suitable when a single mailbox server is undergoing
maintenance or there are other temporary issues that will be resolved in
a short period of time. Redirection may be needed when multiple systems
or the entire datacenter
will undergo maintenance. Performing a redirection switchover will
force the clients to reconnect to the secondary site and allow
maintenance to be completed. If redirection is used to switch over, it
will also be done to perform the switchback to allow the clients to
reconnect to the primary site. To enable cross-site direct connect, run Set-DatabaseAvailabilityGroup -AllowCrossSiteRpcClientAccess: $true from the EMS. Conversely, to disable cross-site direct connect, run Set-DatabaseAvailabilityGroup -AllowCrossSiteRpcClientAccess: $false from the EMS. To determine whether cross-site direct connect is enabled, run Get-DatabaseAvailabilityGroup | Format-List as shown in Figure 2.
11.5.2.3. Cross-site Best Practices
You can use the best
practices described in this section to ensure a successful, highly
available, multiple-site configuration. First, you can reduce failover
times by lowering the Time to Live (TTL) on DNS records for the Client
Access server array, Client Access server URLs, and SMTP records. A low
TTL reduces the time it takes DNS clients to discover the DNS entries
that point to the secondary site. If any client computers that use DNS
services are outside of your control, such as a regional ISP, be sure to
verify that these services will honor any TTLs set—this will impact
service availability for these users. By default a DAG is configured to
only compress and
encrypt transaction log shipping across different subnets. To take
advantage of network compression between sites, you must manually enable
intersubnet compressing and encryption.
Never wait until a failure
occurs to ensure that everything works as designed. You should
continually monitor and verify that all messaging-system components are
functioning properly. This is done by monitoring all aspects of the
Exchange Server environment to ensure that it is functioning normally,
and that mailbox data is successfully replicating to the secondary site
in a timely manner. You should also schedule periodic switchover tests
to provide an additional level of preparation and to validate the
configuration and operation of the cross-site
switchover process. Switchover tests are usually coordinated events
where the primary servers are shut down cleanly to reduce the
possibility of data loss. When performing these drills be sure to verify
that you are not missing steps that would be required in a real
switchover scenario where the primary datacenter becomes unavailable.
You should also follow a
change management process to ensure that each Mailbox server in the DAG,
each Client Access server, and each Hub Transport server are configured
identically with the same updates applied. Doing so reduces the
possibility of incompatibilities and unexpected behavior if a *over
occurs.
Provide adequate
bandwidth for replication traffic. Replication is always from source to
target; therefore, multiple copies in the remote site means more
bandwidth is required. To reduce the amount of bandwidth needed you
should be sure that compression is enabled on the log shipping traffic
for the DAG. The Exchange 2010 Mailbox calculator can be used to help
estimate the bandwidth required.
Finally, you should have each
DAG node connected to multiple networks. These multiple networks provide
communication redundancy between DAG nodes and segregate MAPI and
replication communications. To reduce network congestion and potential
communications problems, you should not allow the DAG networks to route
between each other. For example, you would not allow the replication
network to communicate with the MAPI network or vice versa. This
communication should be blocked by the network equipment, with a router
or a firewall.
11.5.2.4. Multi-Site Storage Architecture
You must consider a
number of factors when determining the hardware needed to support your
highly available Exchange deployment. Having multiple database copies requires storing data on multiple
disks; this reduces the requirement for having RAID-protected storage
because the data is redundantly stored. Deployment decisions for RAID
or JBOD should be based on cost, performance, IT operational maturity,
and required resilience. To provide for storage failures, redundancy is
either provided by having additional database copies or by using RAID on
the storage. Table 1 summarizes instances when RAID or JBOD should be considered.
Table 1. Choosing Between RAID and JBOD
| 2 HIGH-AVAILABILITY COPIES | 3 + HIGH-AVAILABILITY COPIES | 2 + HIGH-AVAILABILITY COPIES / DATACENTER | 1 LAGGED COPY | 2 + HIGH-AVAILABILITY COPIES AND 1 + LAGGED COPIES / DATACENTER |
---|
Primary Datacenter | RAID | RAID or JBOD | RAID or JBOD | RAID | RAID or JBOD |
Secondary Datacenter | RAID | RAID or JBOD | RAID or JBOD | RAID | RAID or JBOD |