1 / 53

Exchange Server 2010 Paradigm Shifts

Exchange Server 2010 Paradigm Shifts. Scott Schnoll Blog: http://blogs.technet.com/scottschnoll Twitter: @schnoll Email: scott.schnoll@microsoft.com. Overview. Exchange 2010 Vision

edward
Download Presentation

Exchange Server 2010 Paradigm Shifts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Exchange Server 2010 Paradigm Shifts Scott Schnoll Blog: http://blogs.technet.com/scottschnoll Twitter: @schnoll Email: scott.schnoll@microsoft.com

  2. Overview • Exchange 2010 Vision • Enable customers to deploy large, fast, low-cost mailboxes on-premises and/or in the cloud, while ensuring email is secure • To achieve this vision, several paradigm shifts have occurred, most notably in the areas of: • Storage • High Availability • Disaster Recovery • Long-term Data Storage • Information Protection Control

  3. Email Trends Email is still business critical “Business users report that they currently spend 19 percent of their work days, or close to two hours per day, on email.” – Messaging & Collaboration – Business User Survey 2007, Radicati Email volume is still growing • “The average corporate user, today, can expect to send and receive about 156 messages a day, and this number is expected to grow to about 233 messages a day by 2012. An increase of 33 percent over the four-year period.” • – Messaging & Collaboration – Business User Survey 2008, Radicati Users expect larger corporate mailboxes

  4. Large Mailbox Benefits • Improve user productivity • Access to all email from all clients • Less time spent managing mailbox quota • Eliminate PST files and associated issues with them • Reduce IT operations costs • Simplify email discovery and retention management • Eliminate proliferation of PST files stored outside of IT control • Utilize high-capacity disk drives efficiently • Remove need for third-party quota management software

  5. Large Mailbox Challenges & Solutions (Client Experiences)

  6. Large Mailbox Challenges & Solutions (Deployment/Ops)

  7. 91.5% reduction in IOPS over Exchange Server 2003 Smoother IO patterns Resilience against corruption Storage Improvements Choose from a range of storage technologies to reduce costs without sacrificing system availability SATA Disks Storage Area Network (SAN) Direct Attached w/ SAS Disks JBOD (RAID-less) Exchange 2010 storage enhancements

  8. What disks should I deploy? • IO workload has changed from many, small, random IOs, to larger, fewer, more sequential IOs • You can deploy mailboxes on slower disks • IO reduction enables deployment of large, low-cost mailboxes • You can deploy on high capacity disks • You can design your solution to balance both the IO and capacity aspects of a disk • 7.2K RPM SATA/SAS disks are the sweet spot when deploying large mailboxes

  9. Exchange 2010 Architectural Changes AD site: Dallas DB1 Clients connect via CAS servers Client Access Server Client DB3 Mailbox Server 6 DB5 Client Access Server AD site: San Jose Easy to extend across AD sites Database Availability Group Failover managed within/by Exchange Mailbox Server 1 Mailbox Server 2 Mailbox Server 3 Mailbox Server 4 Mailbox Server 5 DB1 DB1 DB1 DB4 DB2 DB5 DB3 Database-centric failover DB2 DB5 DB3 DB1 DB4 DB1 DB3 DB2 DB5 DB4

  10. Mailbox Resiliency • Enables deployment of large, low-cost mailboxes due to fast recovery mechanism • Single solution for High Availability, Disaster Recovery, and Site Resilience • Simplified administration reduces complexity • Same automated database failover process used for a range for failures—disk, server, network • Built-in features for mailbox recovery • Improved availability and fast recovery • 30 second database activation events • Native replication features that include log inspection and page patching • SP1 adds Continuous Replication - Block Mode

  11. JBOD – Now an Option • Just a Bunch of Disks (JBOD) configuration • One disk per database/log • Database copies provide resilience from disk failures • Self-healing! • Automatic page repair improves resiliency DB1-Active DB1-CopyB DB1-CopyA Log Log Log Page1 Page1 Page1 Page2 Page2 Page2 Page3 Page3 Page3 Database Database Database

  12. Multi-Roleand Virtualized Servers Options • Today’s processors are extremely fast • Newest processors are achieving 5000-6000+ megacycles per core when compared with our baseline • The only way to scale Exchange to utilize these processors is to: • Scale up # mailboxes • Virtualize • Multi-role • Use a combination of the above methodologies to find the sweet spot that utilizes the hardware as effectively as possible • Remember to size the servers for the worst case scenario • 40% mailbox CPU usage for multi-role • 80% mailbox CPU usage for single-role

  13. Disaster Recovery Scenarios Legacy Exchange Feature Exchange 2010 Feature Reason for Backup Mailbox Resiliency Software / Hardware / Datacenter Failures E2003 – SAN Replication E2007 – CCR+SCR Accidental / Malicious Item Deletion Point-in-Time (PIT) Backup Single Item Recovery • Physical Corruption Single Page Restore • Single Item Recovery • Calendar Repair • Mailbox Moves • New-MailboxRepairRequest • and/or • PIT Backup Logical Corruption Administrative / Automation Errors RBAC or iPIT Backup • Rogue Administrators Isolated PIT (iPIT) Backup iPIT Backup and/or 3rd Party Solution Corporate/Regulatory Compliance Requirements iPIT Backup and/or 3rd Party Solution Long-term Data Retention Personal Archive

  14. Traditional Backup Support • Traditional point-in-time backups useful for: • Point-in-time mailbox snapshots • Offsite disaster recovery with a single datacenter deployment • Public folder backups • Compliance scenarios • VSS backup and restore supported at database level • Backup from active and passive copies • VSS Restore to Active only • Exchange 2010 plug-in for Windows Server®Backup • Volume level backup • Application (Exchange) level restore

  15. Exchange Native Data Protection • Relies on Exchange to protect your data, without traditional backups (no WSB or third-party backups) • Requires • Mailbox resiliency (recommendation is a minimum of 3 HA database copies) • Single Item Recovery • A lagged copy can be deployed, but is not required

  16. Why Archive Your Email? Storage Management • Balance mailbox size demands with available storage resources • Reduce the proliferation of .PST files stored outside of IT control • Improve overall application and network performance Data Retention • Meet industry and regulatory email data retention requirements • Support ongoing compliance, litigation, or personnel matters • Preserve valuable intellectual property and corporate assets Discovery • Respond to strict timelines for legal discovery orders • Reduce costs involved in searching for and retrieving email data • Report on email communications as part of auditing procedures

  17. Potential Barriers to Archiving • A Poor User Experience • Unfamiliar experience for your users • Separate tools for searching and accessing archived email • Loss of full fidelity of Exchange user productivity features • Complex Administrative Experience • Difficulty deploying add-ins and impact to Outlook® performance • Different methods for conducting multi-mailbox searches • Complexity managing high availability and access to the archive • High Costs and Overhead • Separate archive infrastructure investment • Additional archive management overhead • User training and education costs

  18. A Familiar Personal Archive • A specialized Exchange mailbox configured and associated with the user’s primary mailbox • Delivers a familiar experience by seamlessly surfacing in both Outlook and Outlook Web App • Users can use the same methods they already use today to interact with archive email: • “Drag and Drop” email to folders • Create folders and categorize • Conduct searches and filter results • Reply to messages and set flags • Separate quotas may be set for archive and primary mailboxes Primary Mailbox Archive

  19. Exchange 2010 Archive Autodiscover (4) OLK connects to the Archive (3) OLK receives Archive props in Autodiscover response (1) OLK does Autodiscover AD No Outlook Restart! Exchange 2010 CAS User Object Mailbox Props Archive Props MRM Props (2) Autodiscover reads Archive properties

  20. A Seamless User Experience Read, reply, and navigate archived email same as live email Conversation view scoped to archived email Primary mailbox folder hierarchy maintained

  21. One User Search Experience Same search steps with option to search across archived email

  22. When to deploy the Personal Archive • Exchange 2010 enables data segregation • You can deploy a single mailbox per user or have two mailboxes per user • The choice really breaks down to data size and user experience • Personal archive data cannot be cached to the Outlook client • With 5400/7200 RPM client hard drives, 10GB is the recommended OST size • Enables data segregation at the mailbox store level

  23. Tiered Storage Support • Users primary and archive mailboxes can be located on the same or separate databases • Mailboxes can be moved together or separately • Allows for different storage hardware, DAGs, RPOs, RTOs, etc. • Exchange 2010 SP1 supports: • Primary and Archive On-Premises (Same DB) • Primary and Archive On-Premises (Different DBs) • Primary and Archive in the Cloud • Primary On-Premises and Archive in the Cloud

  24. Mailbox Moves • In previous releases, mailbox moves could prohibit large mailbox adoption • 1GB mailbox could take 90 minutes or more to move which impacts service availability • Exchange 2010 introduces new capabilities • Mailbox moves no longer performed through administrative machine • Asynchronous mailbox moves carried out by the Microsoft Exchange Mailbox Replication service • Mailboxes are kept online during the move process (E2007 SP2->E2010, E2010->E2010) • Dumpster data is retained

  25. Migrate Primary and/or Archive (6) Outlook connects to target CAS server CAS for Target DB (5) Autodiscover finds new database AD (4) OLK does autodiscover E2010 Target DB E2010 Source DB User Object Mailbox Props Archive Props MRM Props CAS for Source DB Move Request Service (3) MRS updates AD with new target database • MRS starts move request Archive Mailbox Archive Mailbox Primary Mailbox Primary Mailbox (2) MRS moves data to target

  26. Compliance Policy in Exchange 2010 Integrated e-mail archiving capabilities offer tools to preserve and discover e-mail data, without changing the user or IT professional experience Preserve Discover Personal Archive Hold Policy Audit Policy Multi-Mailbox Search Move/Delete Policy • Secondary mailbox with separate quota • Appears in Outlook and OWA • Managed through EMC or PowerShell • Automated and time-based criteria • Set policies at item or folder level • Expiry date shown in e-mail message • Configuration Audit logged to regular mailbox • Web-based UI • Search primary, archive, and recoverable items • Delegate through roles-based admin • Audit Log Reports • Capture deleted and edited e-mail messages • Offers single item restore • Notify user on hold

  27. Compliance Policy in Exchange 2010 SP1 Provide a richer feature set incorporating customer feedback and take archive and discovery to the cloud Preserve Discover Personal Archive Hold Policy Audit Policy Multi-Mailbox Search Move/Delete Policy • Archive on a separate DB • Archive in the cloud • Outlook 2007 Support • PST Import into Archive • Admin Delegation • EWS Support • Managed through EMC • EWS Support for Archive • Support for Tasks, Calendar and Voicemail • Mailbox audit • Manage through ECP, cmdlets • Report and exports results • Search Preview • De-duplication • Search and Destroy • Annotations • Cross Premise Search • Cmdlet Auditing • Non-Owner Auditing • Automatically move content from the Primary to Archive dumpster • Managed through ECP

  28. Retention Management Set policies that allow you to define, deploy, and automate the expiry and archiving of email Archive Policy • Automatically move content to personal archive • Time-based criteria (such as email older than 2 years) • Preserves primary mailbox folder hierarchy Retention Policy • Automatically delete content • Time-based criteria (such as email older than 2 years) • Retention policies travel with archived messages Combined Policies • Automatically move message to archive after ‘x’ months, then delete from archive after ‘y’ months • More specific policies override generic defaults

  29. Move and Delete Concepts • Retention Tag • Name, Action, Time period • Action is Move or Delete • Admin mandated or User applied • All Items in Inbox are deleted in 3 years • Items and Folders may have a 2 year Archive Policy • Retention Policies • Retention tags • Policies span to groups of users like ‘Accounting’ • User has one policy and many tags applied

  30. Granular Yet Flexible Policies Allow your users to select policies for items or folders in Outlook and Outlook Web App Apply Retention and Archive policies to individual messages Policies assigned to all email within a folder Retention policy and expiry details

  31. Retention Policy Framework • Admin created • Default Move Policy of 2 years, Delete Policy of 10 years • Optional Move Policy of 5 years, Delete Policy of Never • User applied • Optional Policy of 5 years applied to Project X folder • Optional Policy of Never applied to Item “Contract” Message Never Deleted Archive Mailbox Primary Mailbox Messages moved 2 years after receipt Message moved to Project X folder Inbox Inbox RE:Contract RE:Contract Messages deleted 10 years after receipt Deleted Items Deleted Items Messages moved 5 years after receipt Project X Project X

  32. Hold Policies – Single Item Recovery • Single Item Recovery is disabled by default • Can be enabled via set-mailbox (1) Message delivered Mailbox • 1-2 yrs of E-mail • Size 2-10GB • Online and Offline Inbox … (2) Message moved to Deleted Items (5) Message Edited Deleted Items Recoverable Items (3) Message deleted Deletions Versions (4) Message “purged” by user Purges (6) Messages purged by 14 day (or custom DIRW) policy

  33. Hold Policies – Litigation Hold • Litigation Hold is disabled by default • Can be enabled via set-mailbox (1) Message delivered Mailbox • 1-2 yrs of E-mail • Size 2-10GB • Online and Offline Inbox … (2) Message moved to Deleted Items (5) Message Edited Deleted Items Recoverable Items (3) Message deleted Deletions Versions (4) Message “purged” by user (6) Messages are moved to Purges folder (based on DIR Window), but are not purged from the system Purges

  34. Web-Based Multi-Mailbox Search Empower compliance officers to conduct multi-mailbox searches with ease Delegate capability to specialist users Rich search criteria and targeting options Results stored in specialized discovery mailbox

  35. Improved Workflow in SP1 • Search preview provides info on estimated number of results with keyword statistics before copying result set to designated discovery mailbox • De-duplication of search results copies only one instance of a message • Searchable annotation offers tagging of reviewed items

  36. Simplified e-Discovery Results Mailbox searches include results from primary and archive mailboxes, as well as recoverable items Use built-in search and filtering to conduct additional investigation One query searches all possible locations Attachments included with search results

  37. The High Cost of Data Leakage “Public-relations firm faces PR nightmare after unintentionally emailing journalists about one of its clients.” “HR executive accidentallyemails lay-off plan to entire organization.” “College staff member accidentally emails attachment containing personal information of 15,794 graduates.” “Secret Service agent sends unencrypted email revealing details of vice presidential tour.”

  38. Information Protection and Control Exchange Server 2010 can automatically inspect messages and apply appropriate policies to protect data and control unauthorized or accidental distribution Control Protect IRM Support MailTips Transport Rules • Apply IRM automatically • Access messages in OWA, EAS • Decrypt protected messages to enable search, filtering, journaling, transport rules • Protect sensitive voicemail • Extend access to partners • Inspect both messages and attachments • Apply controls to all email sent and received • Delegate through roles-based admin • Alert sender about possible risks or policy violations • Option of customized MailTips

  39. Protection and Control Scenarios • Scenarios Examples Supporting Exchange 2010 Features

  40. MailTips Protect sensitive data from accidental distribution Create custom MailTips to prompt policy reminders Apply multiple alerts

  41. MailTips Architecture • Client queries EWS for MailTips. • CAS gathers MailTip data: • CAS queries AD and reads group metrics data. • If the recipient is local, CAS queries the MBX server to gather the Automatic Replies and Mailbox Full MailTips. If the recipient is remote, CAS requests the MailTips information from the CAS in the remote site. • CAS in the remote site queries the local Mailbox server for MailTip data. • The remote CAS proxies the results back to the requesting Client Access server. • CAS returns MailTip data back to the client.

  42. Transport Rules • Executed on the Hub Transport Server • Structured like Inbox rules • Apply to all messages sent inside and outside the organization • Configured with simple GUI in Exchange Management Console If the message... Is from a member of the group ‘Executives’ • And is sent to recipients that are 'Outside the organization' And contains the keyword ‘Merger’ Do the following... Redirect message to: arleneh@contoso.com Except if the message... Is sent to ‘shanek@contoso.com • Conditions Actions • Exceptions

  43. IRM Support Information Rights Management (IRM) provides persistent protection to control who can access, forward, print, or copy sensitive data within an email. • Persistent protection • Protects your sensitive information no matter where it is sent • Usage rights locked within the document itself • Protects online and offline, inside and outside of the firewall • Granular control • Users apply IRM protection directly within an email • Organizations can create custom usage policy templates such as "Confidential—Read Only" • Limit file access to only authorized users

  44. Transport Protection Rules Apply RMS policies automatically using Transport Rules • IRM protection can be triggered based on sender, recipient, content and other conditions • Office 2003, 2007, and 2010 attachments also protected Apply “Do Not Forward” or custom RMS templates

  45. How IRM Transport Rules works Active Directory® Domain Services (AD DS) AD DS RMS SCP: Service Connection Point RAC: RMS Account Certificate CLC: Client Licensor Certificate 2. On first use, Exchange does an SCP lookup for the RMS server. 3. Exchange requests a RAC and CLC for the “shared identity” account. These are saved and re-used. * Super user not required. Hub Transport 1. Mail marked for protection. 5. Message is delivered to the recipient with RMS protection applied. 4. Message is protected using the CLC. The owner of the message is the original sender.

  46. Outlook Protection Rules Adding recipient (department, identity, scope) or distribution list can trigger IRM protection automatically before sending User can be granted option to turn off rule for non-sensitive email IRM protection can still be applied manually

  47. How Outlook Protection Rules work AD DS RMS 1. Administrator defines a set of Outlook Protection Rules. These are exposed via a web service to clients. 3. The first time a rule triggers the user is asked to get a RAC and CLC from RMS. Client Access Server 4. The message is protected before the user sends. User can override (if rule allows). 2. When the user connects to Exchange via CAS, the rules are automatically downloaded. They are then frequently updated on the client based on administrator changes.

  48. IRM Decryption Infected messages and spam can be filtered Protected messages sent to transport server Messages are re-encrypted and delivered Messages and attachments decrypted to enable content filtering, transport rules Journaled messages include decrypted clear-text copy

  49. Summary • Exchange 2010 is designed to be deployed by scaling out with cheap commodity servers and cheap disks which can result in a cheaper, better admin and client experiences • You can deploy 10GB+ mailboxes on slow, high capacity spindles and quickly recover from failure using built-in high availability features • You can leverage the archiving functionality to manage short-term and long-term data • You can remove or reduce your dependence on traditional backups • You can leverage transport rules to encrypt and prevent data leakage

  50. Questions?

More Related