MEC Day 3

After 3 ½ days it’s all over. As I write this I’m sitting in Orlando International Airport trying to lose a couple of hours before my flight boards!

Todays interactive sessions have been varied and interesting, here is a brief overview:-

Exchange 2013 Load Balancing

This is a topic that comes up regularly when I am deploying Exchange 2010. The general reaction when discussing LB is that it’s either Expensive or unreliable.

Exchange 2010 had no active concept of an array, it was essentially just multiple, individual servers with no awareness of each other, this has changed in 2013.

The Exchange 2013 CAS role is essentially an intelligent proxy, all the client rendering technology is now located in the Mailbox role, meaning that the CAS servers could, in theory, be load balanced by Round Robin DNS or Windows Network Load Balancing with no problem, until there is a service failure. This is where true “Service Aware” Load Balancers come in, with WNLB or RRDNS the request would still be sent to a server that was responding to TCP requests but Exchange services had failed. Intelligent load balancing would detect the service failure and not pass any traffic to that node until the issue is resolved.

Another challenge with WNLB is that if using client affinity, it will see an entire remote IP subnet as a single client, routing all traffic from that subnet to a single CAS server – not an optimal solution in a large estate but still valid for small farms (e.g. 4 servers).

The use of Layer 7 load balancers is no longer necessary but is still supported.

The 2013 CAS role, when used in a co-existence environment with 2010 will perform service monitoring of all discovered 2010 CAS servers every 60 seconds to enable it to effectively proxy traffic to the most appropriate host.

Another discussion broke out around TMG and options moving forward, but nothing more came out of this then from the day 2 discussions other than that SSL offloading is not supported in 2013 RTM.

Public Folder Migration

Much has been made of the “Modern Public folders” in Exchange 2013, especially as 5 years ago Microsoft stated that Public Folders wouldn’t be in the next version of Exchange (2010).

From a client perspective, the Modern Public Folders will appear and behave exactly as the old ones they currently use. Any LoB applications using Public Folders should still work, although some MAPI calls have changed slightly.

From an Admin perspective, things have changed.

Modern Public Folders are now stored in Mailboxes and, as such, can be protected by a Database Availability Group.

As they are stored in a Mailbox Database the old Multi-Master replication model has gone. Only one copy of a database can be active at any time (standard DAG behaviour), so this might introduce performance challenges for some clients.

Migration from 2010 to 2013 needs to be performed as a Cutover – it is not supported to have old & Modern Public Folders co-existing.

A number of PowerShell scripts are included to ease the migration to Modern Public Folders to ensure that all attributes, permissions, etc get migrated to the new hierarchy.

Ironically, the permissions model is “the same as before”!

Exchange 2013 Site resiliency

As this was another interactive session it didn’t cover many of the planning aspects it promised but being run by Greg Theil & Scott Scnoll it was a good session to attend anyway.

A lot of discussion around Datacentre RTO, such as “Does the clock start ticking before or after the operator gets called?”, “It’s far easier to have success with a 3 hour RTO that a 1 Hour RTO”

Greg was very persistent that until you have done multiple test failovers you cannot be confident that your failover plan works – ideally test monthly or at least quarterly.

Discussions around DAC mode (datacentre activation coordination) highlighted that when performing recovery the primary DC servers must be shut down to avoid the risk of “Split Brain”

Finally some product detail around DAG’s in 2013:-

  • The setup will automatically setup the Networks
  • Multiple subnets will be consolidated automatically
  • Additional NIC’s (e.g. iSCSI) will be shown as cluster networks and will need to be manually removed
  • The “Enable manual control” option allows the naming of networks & enable/disable replication etc
  • DAG member Exchange versions cannot be mixed – create a new 2013 DAG & use mailbox move.
  • There is no database portability between versions

Virtualisation in Exchange 2013

This was a little bit dry – not the best session to end on!

All two roles (!) in 2013 are fully supported in a virtual environment

Availability is built into Exchange (with DAG’s) so clustering of the virtual platform is just a mechanism for dealing with hardware failure and bringing servers back into service again.

Live Migration is supported, Quick Migration requires the server to be shut down before & cold booted after the migration.

Virtual machine Snapshots are not supported by Exchange (including Hyper-V replica)

Windows Server 2012 adds new functionality:-

  • Removed the 4 CPU limit – a problem in larger Exchange implementations
  • Allows the use of SMB 3.0 storage for Hyper-V, but still not directly for Exchange
  • Deduplication – not supported by Exchange
  • ODX (using intelligent SAN storage to move data natively) – not supported by Exchange (wouldn’t want multiple DAG nodes using the same storage/controller anyway)

That’s it for now. Once I get back to the UK and gather my thoughts and notes I may add some further detail.

Thanks for reading!

Advertisements

MEC Day Two

OK, so another day of Exchangeness has been and gone, here are my highlights.

Keynote

The keynote this morning was “Geek out with Perry!” with Microsoft’s Perry Clarke.

The format of this was intended to start the “interactive” element of MEC with Perry responding to (scripted) questions from members of the audience, unfortunately it was a little slow and lacking energy, especial as it was the first session after a night at Universal Islands of Adventure with all the food & drink you could ask for!

The presentation was performed on an 87″ Perceptive Pixel (recently purchased by Microsoft) touch screen where Perry was using OneNote to illustrate his answers.

Topics covered were

  • The use of “cheap” drives rather than “enterprise disk” (only a 5% difference in failure rate)
  • SSD (Not a good fit for Exchange from usage patterns or ROI perspective)
  • Will MS’ focus on the cloud reduce the emphasis of on-premise products (No!, experience from cloud service will add features and functions to on-prem)
  • Lowering of IOPS (99% over the last 10 years)

And finally, what is the upgrade story from Exchange 2003 to Exchange 2013. “It’s at least as good as the 5.5 to 2007 story!”. “These organisations are obviously risk averse as they are still running 13 year old technology”.

Two options:-

  1. Move to the cloud, there will not need to be any ROI justification for future upgrades
  2. Move to Exchange 2010 now, then migrate to Exchange 2013 SP1 when you are ready.

 

Exchange 2013 High Availability

This session was interactive (a unique feature of MEC, encouraging 2-way communication between the experts and delegates), so discussion were a little “off-topic” at times.

The Experts leading the session were Greg Thiel & Scott Schnoll, both very experienced and knowledgeable with a good sense of humour.

Key information from the session

  • Automatic site failover requires the Witness server to be on a separate, 3rd, site.
  • With only 2 sites available site failover performs like 2010 BUT can fail roles only if wanted (e.g. just CAS role).
  • If a DAG node drops out of a cluster for 5 minutes, but can still be contacted via RPC then it won’t be failed over.
  • The new Auto re-seed capability in 2013 DAG’s requires the use of volume mount points.
  • Windows Server 2012 Storage Spaces will be supported in 2013, Deduplication won’t.
  • Datacentre failover will prompt a client redirect (HTTP) using Geo-DNS, this may not work on some ‘phones as their redirect behaviour varies from device to device.
  • If a server is put into Maintenance mode by SCOM it won’t affect Managed Availability.

An interesting conversation occurred around DR sites, Greg suggesting the DR site DAG member(s) should be used actively all the time in production as this proves the site & service rather than hoping it will all work in a disaster.

Exchange 2013 Database and Store Enhancements

A rather heavy interactive session full of stats and specs

  • 50% IOPS reduction from 2010 to 2013.
  • By supporting multiple databases per volume IOPS are maximised.
  • Isolation of individual store issues is achieved by having a store process per database.
  • A single, badly behaving, mailbox cannot impact the entire database.
  • Database Schema elements are optimised for Sequential I/O
  • All Exchange virtual machines should use Fixed RAM not dynamic.

Exchange 2013 Upgrade for Exchange 2007 and Exchange 2010

A very interesting session, for more than one reason!

Some key points:-

  • Co-existence will require 2010 SP3 or a 2007 rollup, both to be available early next year
  • Outlook 2003 is not supported with Exchange 2013
  • New & old Public folders cannot co-exist (I may need to get further clarification on this)
  • Active Directory will need a 2008R2 DC but only needs 2003 Functional Level

Pretty much for any protocol the process is to move the namespace to point to the Exchange 2013 CAS and that will deal with proxying requests to the legacy servers.

One less appealing fact was highlighted – OWA redirecting to 2007 via a 2013 CAS will prompt a second time for authentication – not ideal. This may be resolved in the released product.

An interesting discussion then broke out around the discontinuation of TMG, over 75% of delegates in the room raised their hands when asked who used TMG with Exchange currently. The Microsoft line is “you have options”, stick with TMG, use UAG, have no Reverse Proxy. The current Exchange 2010 rules in TMG will need slight modifications to support 2013.

 

Oh, and I got to play with the 87″ touch screen in the exhibition hall – I need one of those!

Final day tomorrow and the trip home, watch this space for my updates

 

MEC Day One Breakouts

Just a quick overview of my findings from yesterdays breakout sessions before I start day two.

Managed Availability

This session gave an overview of this great sounding new feature in Exchange 2013. As mentioned in the Keynotes, this has come from the Office 365 support team who need to monitor & maintain all the servers but don’t like getting a call at 2am just to restart a service!

The focus of this service is End User SLA, which as we all know is what really matters in the real world.

The expertise has come from System Centre and Exchange teams so the added benefit is better focused reporting in SCOM.

The whole concept is to monitor the service and react appropriately if something goes wrong, as an example:-

An OWA user experiences a crash, the system will initially perform a reset of the IIS APP Pool, this could resolve the problem. If the problem occurs again, or is not resolved then the next step might be to perform a failover to another server (User focus remember) this should resolve the problem for the user. The Server Admin will now be alerted but only has to resolve a problem on a passive server, not a live one, and once resolved the service will become available again on all servers.

Sounds good – can’t wait to try it out!

Security & Protection

This session highlighted the security features added to Exchange 2013.

Some stats to start, 30% of Exchange servers have no AV installed (better in some countries than others). More than 90% of mail is spam, only 5% is important.

Following the recent announcement that Forefront for Exchange will be discontinued, a “Basic” anti-malware engine will ship with Exchange 2013. This is based on the same engine as SCEP & Security Essentials.

It is recommended to use an external product such as Exchange Online Protection (I’m personally a big fan of Mimecast or Websense). By using EOP you would be able to get consistent protection & reporting for hybrid environments.

The new engine is built into the transport service so can be configured using transport rules.

The other Security feature was DLP. This is becoming very important and the feature looked pretty good.

A number of standard templates are included (e.g. Credit card numbers, social security, etc) to allow you to create protection rules.

These rules are displayed to Outlook users by “Policy Tips”, just like mail-tips, to explain to the user that they cannot send this content, with a possible override if permitted on that particular rule (all overrides are logged).

Once again, something to look at and test.

Exchange Hybrid Deployments

This final session of the day covered an area that I feel will be more & more significant in the coming months, so I was surprised that the room was fairly empty.

A quick overview of the possible migration options from on-premise to Office 365 was given:-

  • IMAP
  • Cutover
  • Staged
  • Hybrid

Key takeaway here is that Exchange 2010 is not supported for Staged migration.

The appeal on the Hybrid environment is that the two worlds are synchronised to the point that mailbox migrations work just like on premise – a migrated user will just have to restart Outlook to connect to the new service (as long as the environment has been correctly configured)

When using Exchange 2013 for Hybrid deployments, the oldest on-premise server you can have is Exchange 2007 and the Office 365 service must be the new wave 15.

Exchange 2010 will need Service Pack 3 installed to co-exist – this will be released early next year (I assume to tie in with the 2013 launch).

The Hybrid configuration Wizard has been greatly improved to make the deployment simpler, but I get the impression that it still relies on having a number of prerequisites in-place before you begin.

 

So a good day yesterday, now to go and grab some breakfast and see what today has to offer….

 

MEC Day One Keynotes

So, day one, a celebration of our “Exchangeness”! Apparently were all a little bit zany and think outside the box.

This innovation is what drives the Exchange team to create new technologies like ActiveSync that is now the standard for mobile device mail in a world where 1 in 7 people own a smart-phone.

To capitalise on this spirit a new community website has been launched – www.IamMec.com

One of the key themes repeated through the day is that of product feedback from the Cloud services, such as Office 365, into the on-premise server products, to make products more manageable and give a better experience to the Information Worker.

A good example of this feedback is Managed Availability – built into Exchange 2013 to deal with the majority of server failures without intervention by an operator. Other features include the Exchange Admin Console (EAC) designed to scale (Including Multi-Forest support) without adding complexity.

Hybrid co-existence between Exchange 2013 and Office 365 was also discussed, including the detail that Microsoft themselves run multiple versions of Exchange in-house, hosted and on-premise.

The new Outlook was discussed, key points being the simplified experience and integration of Apps into the interface (that will also work in OWA as the code is the same). This version of OWA is the closest in look and feel to the full Outlook client ever, it will even work offline and across all devices from PC’s to tablets & ‘phones (not just Microsoft).

Other key details mentioned in the Opening keynote were that DLP is now present in Exchange 2013 as well as “basic” AV & Anti-Spam technology.

The Technical Keynote followed with Ross Smith from the Exchange Group.

A discussion of Server Roles followed, explaining that the 5 split roles were introduced for Exchange 2007, partly as a means of working around the CPU constraints at that time. It has since become clear that the minimum 3 roles always have to be installed, maintained & upgraded together and within the local AD site as a closely coupled unit. This also has issues such as Load Balancing and too many certificate namespaces to manage.

The new split of just CAS & Mailbox roles removes these dependencies, allowing geo-splitting CAS & Mailbox roles and no constraints on upgrading individual servers. All communication is now between Protocol services and not directly to the Store Process.

All communication is now over HTTPS, RPC over TCP in no longer used. ALL client access is now via the CAS role, even Public Folders.

IOPS have been reduced again, now 99% reduced over Exchange 2003 – creating the opportunity to use cheap 7200RPM disks to allow larger mailboxes of 100GB – I think we might need more convincing about that!

Finally Public Folders – they are now stored in the Mailbox Database which means they can be protected by a DAG, but that also means they can only have one active copy, unlike in the past, so there may be a performance impact over slower links.

Overall, a lot of interesting information that will be drilled down into over the breakouts following these keynotes.

Are we all Zany? – Probably a little. Do we think outside the box? – Definitely!

MEC

As those of you who follow me on Twitter will have realised, I am in Orlando this week to attend the Microsoft Exchange Conference for my employer – EACS Ltd.

This used to be a yearly conference until 10 years ago when it was discontinued, but now it’s back and with a new Exchange product just around the corner it seemed to be a good time get maximum value from the event.

I arrived last night after dealing with 45 minute delays on the M25 getting to Gatwick (fortunately I had given myself plenty of time for just such a problem) and a 9 hour flight – with a 15 minute wait for a stubborn alligator to move off the taxiway before we could get to the terminal at Orlando!

I have today been down to the conference centre (all part of the hotel I am staying in) and registered to receive the obligatory bag & goodies

Although I have spotted and talked to a number of other delegates (yes – geeks are easy to spot, especially when wearing their badges already!!), tonight is the first Networking event where all the delegates get the opportunity to meet and have a look around the exhibition hall for the first time, then tomorrow the sessions start in anger with a full agenda all day kicked off by two keynote sessions.

Watch this space (and my Twitter feed) for updates on what is announced and information I learn….