Exchange Server TechCenter >
Exchange Server 2010 Forums
>
Exchange Server 2010
>
Exchange 2010 HA Questions
Exchange 2010 HA Questions
Its my understanding that for 100% redundancy of an exchange 2010 environment you need a redundant cas array on independent servers, a redundant HT array on separate servers and your mailbox servers on separate servers. So in other words 6 separate servers not counting edge and unified messaging (if that is part of your environment).
My question is, is it possible to combine the cas and hub servers in a cluster to eliminate 2 servers while still retaining 100% HA? What about combining the cas, HT and mailbox roles (with the dag’s)? Is that possible? If doing so are you able to provide 100% availability to the cas and HT roles in this configuration? Im thinking not due to a shared hostname.
We want to provide the most high availability possible but are also concerned about the amount of hardware and of course licenses required. Looking for some suggestions.
Thanks
All Replies
- Greetings,
Ok, let's see if I can hit some of your questions and maybe others will pick up where I miss something.
DAG groups will require 2 MB servers and a separate HT server. That is three. Now, here is the thing. Even though you can install CAS/HT on the same server as the MB server roles with 2010, you still need a third server for the file witness. The DAG wont setup without one.
Ok, so you are at 3 servers (and they could be virtual servers too mind you... nothing says you cannot use VMs... although some debate the value of that with MB servers).
With 2007 (and I believe it is the same with 2010... somebody correct me if I'm wrong) you put your CAS servers into an NLB for redundancy and your HT servers are already redundant. So, you might put CAS/HT on one server (file witness), and then CAS/HT on one of your MB servers if you like.
Let's see what others say here... but I think 3 servers (physical or virtual) should do it.
J. Peter Bruzzese
www.exclusivelyexchange.com
(MCT/Triple-MCSE/MCITP) - Based on what I've been seeing you can virtualize all of the Exchange 2010 server roles except the UM role.
When deploying a DAG you need to have a server that has the exchange security accounts configured to that server. So I'm wondering if you don't necessarly need to have an actualy HT server in the mix for the Witness but rather a server that has proper permissions configured to allow the share to be created. I haven't tested this yet but it was something Iw as thinking about when deploying DAG in my lab.
As for the CAS server roles MS is actually recommending that the CAS servers be load balanced. Both External and Internal CAS servers. This is mainly due to ActiveSync. When ActiveSync establishes a connection with a CAS it will be static and stick to that CAS. if that CAS goes down activesync will not work on the mobile until the CAS is brought back on line.
also, HT Servers do not support NLB at this time.
Granted, this info is based on Beta and may change but who knows.
SF - MCITP:EMA, MCTS: MOSS 2007, OCS 2007, Exchange 2007 -- http://www.scottfeltmann.com Based on what I've been seeing you can virtualize all of the Exchange 2010 server roles except the UM role.
You don't *need* to put the FSW on a HT server, but it is easy to do. As long as Exchange has the proper permissions on whatever server you put it on, it'll work.
When deploying a DAG you need to have a server that has the exchange security accounts configured to that server. So I'm wondering if you don't necessarly need to have an actualy HT server in the mix for the Witness but rather a server that has proper permissions configured to allow the share to be created. I haven't tested this yet but it was something Iw as thinking about when deploying DAG in my lab.
As for the CAS server roles MS is actually recommending that the CAS servers be load balanced. Both External and Internal CAS servers. This is mainly due to ActiveSync. When ActiveSync establishes a connection with a CAS it will be static and stick to that CAS. if that CAS goes down activesync will not work on the mobile until the CAS is brought back on line.
also, HT Servers do not support NLB at this time.
Granted, this info is based on Beta and may change but who knows.
CAS should be load balanced for more than just EAS. With CAS now being the MAPI endpoint for E14 you want to 'hide' multiple CAS servers behind a unified name (one internally for RPC, one externally for HTTPS) to ensure during CAS failure or maintenance your end users will be able to continue connecting.
Brian Day: MCSA 2000/2003, CCNA, MCTS: Microsoft Exchange Server 2010 Configuration, Overall Exchange/AD Geek.- Some additions are here Scott/Peter...
- 2 MB/DAG servers can have HT/CAS server roles and the third server, for witness, is recommended an Exchange HT so it can be under control of Exchange Admin otherwise it can be non-Exchange server too...
Managing Database Availability Groups-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-Database Availability Group Witness Server and Witness DirectoryWhen creating a DAG, you will need to specify a name for the DAG no longer than 15 characters that is unique within the Active Directory forest. In addition, each DAG is configured with a witness server and witness directory. The witness server and its directory are used only for quorum purposes where there is an even number of members in the DAG. You do not need to create the witness directory ahead of time. Exchange will automatically create and secure the directory for you on the witness server. The directory should not be used for any purpose other than for the DAG witness.
The requirements for the witness server are as follows:
- The witness server cannot be a member of the DAG.
- The witness server must be in the same Active Directory forest as the DAG.
- The witness server must be running Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, or Windows Server 2008 R2.
- A single server can serve as a witness for multiple DAGs; however, each DAG requires its own witness directory.
We recommend that you use an Exchange 2010 Hub Transport server in the Active Directory site containing the DAG. This allows the witness server and directory to remain under the control of an Exchange administrator.
.gif)
Important:If the witness server you specify isn't an Exchange 2010 server, you must add the Exchange Trusted Subsystem universal security group to the local Administrators group on the witness server prior to creating the DAG. These security permissions are necessary to ensure that Exchange can create a directory and share on the witness server as needed. -==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-==-- Next about CAS + Hub, that's correct we can have both roles on the same boxes under NLB and Hub are load balanced by default...
- A point to keep in mind while planning DAG + load balanced CAS/Hub on the same boxes (planning just 2 servers HA design), since we can't have WFC and NLB together we need to have external load balancer for the HA of CAS/Hub.
Amit Tank
MVP: Exchange Server | MCTS: Microsoft Exchange Server 2010, Configuration
MCITP: EMA | MCSA: M | Blog: http://ExchangeShare.WordPress.com - Greetings,
Thanks Amit! You are correct (of course). When I set up the DAG I went with the Hub Transport role because it was 'recommended' but I forgot that it wasn't required.
As a side note, Scott menioned UM role not being supported in VM. This is currently true but I think that will change soon enough. I deloy it in VM, as do a ton of other guys, and it works great. Just a support issue, not a funtionailty one that I know of.
J.Peter Just a support issue, not a funtionailty one that I know of.
The problem with UM is it is so latency dependent. Throwing it into a hypervisor of any kind is going to another layer of complexity and latency (even though it may be miniscule).
Brian Day: MCSA 2000/2003, CCNA, MCTS: Microsoft Exchange Server 2010 Configuration, Overall Exchange/AD Geek.- Brian is correct, it is fine to deploy UM in a VM for your lab or test environment, but that additional overhead that causes latency really plays a factor when you scale up. When you deal with 1000s of users, you are going to get unreliable results. This holds true for any real-time application.
Sean | http://seanv.wordpress.com - Thanks for the info guys. We might take the VM approach on this new install but I was hoping to go physical with the expectation that when we implement exchange 2010 it will be around for likely the next 5 years and will remain relatively static from an additional configuration standpoint (minus the addition of services such as um or communications server). Currently I have our cas role virtualized on esx but was intending on physical machines if I was able to run the cas and ht on the mbx servers in a load balanced and ha configuration. It just made more sense. Now I am starting to wonder if its more advantageous to seperate each role in vm's minus perhaps the mailbox role, and cough up the additional expenses in licenses.
Thoughts? - Well, guess it depends. How many VM Hosts do you have? I'm going to ramble now.....
For HA you're looking at two to three mailbox servers. Two in production and a third for running backups against (helps with performance) not to mention any DR sites you may have.
then you will want to load balance your CAS. If you have internet facing ones you will want a NLB in front of them, or an ISA server then your HT servers. ISA can load balance....
I combine the CAS/HT in exchange 2007 and have redundant mailbox servers. In 2010 you can have all roles on one box and still leverage DAG. I think the concern I would have is what is on the internet for OWA, you want that to be secure. Not to mention availability. Lets face it, servers can crash, or need to have maintenece performed. how are we going to keep our environment up if we have only one or two servers?
It really comes down to budget. I know companies like to save money but email is becoming so critical in business communications that you need the redundancy and the DR portion up. I have clients today who can literally lose a datacenter and still send and receive email.
SF - MCITP:EMA, MCTS: MOSS 2007, OCS 2007, Exchange 2007 -- http://www.scottfeltmann.com - We have about 280 VM's in our environment and about 300 physical servers left. I think it might be advantegous to keep the keep the CAS servers virtual since they are internet facing, as you stated. I am concerned about the ability to load balance requests to cas servers which are running on a physical ht/mbx server, but I guess there wouldnt be any issues?! I would be load balancing the CAS servers behind a barracuda. So that leaves the Hub Transport and Mailbox servers on their own physical servers - if I went that route, plus a server in our remote data center that would host the cas, ht and mbx roles and be part of the same dag's so we have a remote failover site.
I have been considering putting the mailbox stores on our SAN and using virtualization for all the servers but I think at the end of the day the company would feel better having all or the majority of the exchange infrastructure physical servers since our intention is this environment will be in place as our messaging infrastructure for the next 5 years or so.
