pre-release programs be first in line! exchange & sharepoint on-premises programs customers get:...
TRANSCRIPT
Pre-Release Programs Be first in line!
Exchange & SharePoint On-Premises Programs
Customers get:Early access to new featuresOpportunity to shape featuresClose relationship with the product teamsOpportunity to provide feedbackTechnical conference calls with members of the product teamsOpportunity to review and comment on documentation
Get selected to be in a program:Sign-up at Ignite at the Preview Program desk
ORFill out a nomination: http://aka.ms/joinoffice
Questions:Visit the Preview Program desk in the Expo HallContact us at: [email protected]
Exchange 2016 server role architecture
AD
WebbrowserOutlook (remote user)
Mobile phone
Office Web Apps Server farmOutlook (local
user)
ExternalSMTP servers
Exchange Online Protection
ENTERPRISE NETWORK
Phone system (PBX or VOIP)
Edge TransportRouting and AV/AS
Single building blockClient access proxy components
Includes core server protocols
Database availability group
Loosely coupledFunctionality
Versioning
User partitioning
Geo affinity
MBX
MBX
MBX
MBX
MBX
DAG
Load B
ala
nce
r
Every server is an island
E2010Banned
Server1 (Vn)
Server2 (Vn+1)
PROTOCOLS, SERVER AGENTS
EWS
RPC CA
Transport
Assistants
MRS MRSProxy Transport
Assistants
EWS
RPC CA
MRS MRSProxy
BUSINESS LOGICXSO Mail item
Other APICTS
XSO Mail item
Other APICTS
STORAGEStore Content
index
File systemESE
Store Content index
File systemESE
SMTP
MRS proxy protocol
EWS protocol
Custom WS
The key to enlightenment…
For a given mailbox’s connectivity, the protocol being used is always served by the protocol instance that is local to the active database copyEach MBX determines the right end point for the traffic, and so all sessions—regardless of where they started—end up in the same place
This means that the rendering for clients like OWA occurs on the mailbox server, transport transcoding is occurring on the mailbox server, etc.
MBX CAS COMPONENTS
USER
DAG1
MBX-A MBX-B
Topology requirementsExchange 2016 supports coexistence withExchange 2010 SP3 RU11 and later*Exchange 2013 CU10 and later*
Exchange 2016 is supported onWindows Server 2012 R2Windows Server 10
Exchange 2016 requiresWindows Server 2008 R2 FFM/DFM and laterWindows Server 2008 R2 AD servers and later
Desktop Outlook client requirementsOutlook 2010 SP2 (with KB2956191 and KB2965295)* or laterOutlook 2013 SP1 (with KB3020812)* or laterOutlook 2016
* Subject to change
What is the Mailbox server role?A server that houses the logic to route a specific protocol request to the “correct” destination end pointA server that hosts all the components that process, render, and store the data Clients do not connect directly to MBX2016 back-end end points; connectivity is through client access servicesEvolution of E2010 DAGCollection of servers that form a HA unitDatabases are replicated between servers in a given DAGServers can be in different locations, for site resiliencyMaximum of 16 mailbox servers100 database copies/serverDatabase failovers are 33% faster
Announcing…The Exchange storage engine moves to…
Just Kidding.Remember kiddos, SQL squeals like a pig, while our storage engine is both ESE and roars like a JET engine
SQ ueaL
Search architecture improvements
MBX2016
Transport
Mailbox
DB Idx
ExSearch CTSStore Index node
Transport Content transformation
Service
Local delivery
Log
Reliableevent
Readcontent
MBX2016
Mailbox
DB Idx
Passive
Log
Lagged copy enhancementsWhen ReplayLagManager is enabled, lagged copies play down under the following condition:Copy health status
Lagged copies also play down under the following conditions:Capacity concernsPhysical corruption detected
In Exchange 2016, play down is now tied to the health of the disk (IO latency)Enabled by defaultEnsures active copies on the same disk are not impacted by play downDelay is enacted if latency is above 20msDelay is deactivated when latency is 20ms or less, or if capacity is a concern
What is the Office Web Apps Server role?Exchange server now leverages the Office web appsUsers get rich browser based viewing in Word, Excel, PowerPoint, and OneNote web apps
Delivered via Office Web Apps infrastructureCannot coexist on Exchange servers
Enables side-by-side viewing and edit & reply capabilities for OWAAccess to the document is authorized by Exchange via an OAuth token
The extensibility future: REST APIsREST APIs simplify programming against Exchange 2016 and Office 365Mail API provides ability to read, compose, and send messages, as well as, manage folders and attachmentsCalendar API provides access to calendar dataContacts API provides access to contacts
Enables access from solutions across all mobile, web, and development platformsBased on open standards (JSON, OAUTH 2.0, ODATA 4.0)Development platforms: .NET, iOS, Android, NodeJS, Ruby, Python, Cordova, etc.
Provides granular, tightly scoped permission to access user dataDoes not break existing apps that use EWS
Where art thou, MAPI/CDO?The MAPI/CDO library has enjoyed a long life, but all good things must come to an endExchange 2016 will not support connectivity via the MAPI/CDO libraryTold you at MEC 2012, did I. Yes, hmmm.
App development should utilize either:REST APIsExchange Web Services
Client protocol architecture
MBX16
TelephonyIMAP SMTP
OWA EAS EACOutlook PowerShell
Load balancer
Redirect
SIP + RTP
RPC CA
IIS
RPSOWA, EAS, EWS, ECP, OAB,
MAPI
POP IMAPTranspo
rtUM
RpcProxy
MDB MailQ
HTTP Proxy
IIS POPIMAP
SMTP UM
HTTP POP IMAP
SMTP
MAPI/HTTP baby!The default connectivity mechanismNo longer uses intermediary RPC components (on client or server)ROPs are still used, just sent to Exchange directly over HTTPStandard HTTP pattern instead of two long-lived HTTP connections
Advertised via AutodiscoverClient advertises support and server returns configuration settings
Enabled by default (E2016)Per-user settings control
RequiresExchange 2013/2016 mailboxSupported Outlook versionClient restart (delayed)
Provides more reliable connection80% of users connect in 5s or less
Removes RPC stack dependency
Better diagnosticsHeader information
Common authentication scheme across protocol stack
Outlook MAPI/HTTP connections
MBX2016
HTTP Proxy
IIS
LB
HTTP
MAPI
Only one wrapper: yay!
MAPI HTTP Handler
IISMDB
HTTP
Outlook
HTTPSReq/Response
HTTPSReq/Response
HTTPSReq/Response
HTTPSHanging Notification
MBX2016
LOAD BALANCER
HTTP proxy
IIS
DB
Protocol head
HTTP
Legacy proxy request Cross-site legacy proxy request
CAS2010
IIS
Middle tier layer
LOAD BALANCER
Cross-site OWA redirect request
CAS2010
IIS
MBX2010
LOAD BALANCER
DB
Middle tier layer
Client protocol connectivity flowExchange 2010 coexistence
MBX2010
DB
IIS
Site
b
ou
nd
ary
Site
b
ou
nd
ary
MBX2013
CAS2013
LOAD BALANCER
HTTP proxy
IIS
DB
Protocol head
HTTP
Proxy Request
MBX2016
DB
Cross-site proxy request
IIS
HTTP proxy
LOAD BALANCER
Cross-site OWA redirect request
MBX2016
LOAD BALANCER
DB
HTTP proxy
IIS
Protocol head Protocol head
Client protocol connectivity flowExchange 2013 coexistence (phase 1)
Site
b
ou
nd
ary
MBX2016
LOAD BALANCER
HTTP proxy
IIS
DB
Protocol head
HTTP
Legacy proxy request
MBX2013
DB
Cross-site legacy proxy request
CAS2013
IIS
HTTP proxy
LOAD BALANCER
Cross-site OWA redirect request
MBX2013
CAS2013
LOAD BALANCER
DB
HTTP proxy
IIS
Protocol head Protocol head
Client protocol connectivity flowExchange 2013 coexistence (phase 2)
Outlook Web Apps Server connectivity flow1. Exchange uses discovery URL to ask
OWAS which files types it can view and edit
2. OWAS returns table of supported file types
3. User opens mail with attachment that matches one of the file types OWAS supports and OWA requests document URLs for supported types
4. Exchange builds URL with Auth token, app URL, and Attachment ID and returns it to OWA
5. User clicks attachment within OWA and spawns an iFrame on client to load the URL returned by Exchange
6. OWAS retrieves document content from Exchange
7. OWAS renders content in OWAS client (e.g., Word Web App)
Exchange 2016
Office Web Apps Server
OWA
3
4
5
7
1 2 6
Exchange namespace planningExchange 2016 no longer needs all the namespaces that Exchange 2010 requiredTwo namespace models you can deployBound modelUnbound model
Can still deploy regional namespaces to control trafficCan still have specific namespaces for protocolsLeverage split-DNS to minimize namespaces and control connectivityDeploy separate namespaces for internal and external Outlook (OA, MAPI/HTTP) host names
Bound model
DAG1
DAG2
Passive
Active
Active
Passive
DNS Resolution
east VIP
DNS Resolution
east.contoso.comwest.contoso.com
Sue (somewhere in NA)
Jane(somewhere in NA)
west VIP
Unbound model
Round robin between # of VIPs
DNS resolution
DAG
Sue (somewhere in NA)
VIP #1 VIP #2
DAG
mail.contoso.com
Load balancing ExchangeLike 2013, Exchange 2016 does not require session affinity at the load balancing layerFor a given protocol session, MBX now maintains a 1:1 relationship with the server hosting the user’s data
Remember to configure health probes to monitor healthcheck.htm, otherwise LB and MA will be out of syncLoad balancer configuration and health probes will factor into namespace designSingle Namespace / Layer 7 (No Session Affinity) is the preferred approach
Exchange connection managementRecommendation is to use one of two typesRound robinLeast connections
Least connections has fast convergence timeLeast connections can lead to server instability if “least” server in the pool is inundated with requestsUse “slow start” feature to mitigate this
Round robin has slow convergence time with long-lived connections (RPC/HTTP)MAPI/HTTP is not affected
Single namespace/layer 4
MBX
OWA
ECP
EWS
EAS
OAB
MAPI
RPC
AutoD
autodiscover.contoso.com
USER
Layer
4LB
mail.contoso.com
health check
Single namespace/layer 7 (no session affinity)
MBX
OWA
ECP
EWS
EAS
OAB
MAPI
RPC
AutoD
autodiscover.contoso.com
USER
Layer
7LB
mail.contoso.com
health check
Health check executes against each virtual directory
Multiple namespaces/layer 4
mapi.contoso.com
USER
Layer
4LB
mail.contoso.com
ecp.contoso.com
ews.contoso.com
eas.contoso.com
oab.contoso.com
oa.contoso.com
MBX
OWA
ECP
EWS
EAS
OAB
MAPI
RPC
AutoD
autodiscover.contoso.com
Exchange load balancing options
Generalist IT admin Those with increased network flexibility
Those who want to maximize server availability
Plus(es):+ Simple, fast, no
affinity LB+ Single, unified
namespace+ Minimal networking
skillset
Minus(es):– Per server availability
Plus(es):+ Per protocol
availability+ Single, unified
namespace
Minus(es):– SSL termination at LB– Requires increase
networking skillset
Plus(es):+ Simple, fast, no affinity
LB+ Per protocol availability
Minus(es):– One namespace per
app protocol– One VIP per protocol
SIMPLICITY
FUNCTIONALITY
WHO’S IT FOR?
TRADE-OFFS
OWAS namespace planning and load balancingAlways deploy a separate namespace for OWAS
For site resilience, follow a bound namespace model for OWASEven when Exchange leverages an unbound namespace
Namespace manipulation during datacenter activation is not required
Requires persistence at the load balancer
DAG
OWAS
owas-east.contoso.com
owas-west.contoso.com
mail.contoso.com
OWAS
mail VIP mail VIPWest
East
Preferred architectureNamespace designFor a site resilient datacenter pair, a single namespace / protocol is deployed across both datacentersautodiscover.contoso.comHTTP: mail.contoso.comIMAP: imap.contoso.comSMTP: smtp.contoso.com
For Outlook Web Apps Server, a namespace is deployed per datacenter
Load balancer configuration
For Exchange VIPs: no session affinity, one VIP/datacenter, per-protocol health checking
For OWAS VIPs: session affinity
Round robin, geo-DNS, or other solutions are used to distribute Exchange traffic equally across both datacenters
DC2DC1mail VIP
mail VIP
DC2DC1mail VIP
mail VIP
Preferred architectureDAG design
DAG
DC3/Azure
Witness Server
Each datacenter should be its own Active Directory site
Increase DAG size density before creating new DAGs
DAG configurationUnbound, symmetrical DAG model spanning across datacenters
No administrative access point
Single network for replication and client traffic
Utilize a third datacenter or Azure for Witness server placement, if possible
Database configurationDeploy four copies, two copies in each datacenter
Distribute active copies across all servers in the DAG
One copy is a lagged copy (seven days) with automatic play down enabled
Native Data Protection is utilized
Preferred architectureServer designServers are deployed on commodity hardwareDual-socket systems only (20-24 cores total, mid-range processors)Up to 196GB of memory
All servers handle both client connectivity and mailbox dataJBOD storageLarge capacity 7.2k SAS disksBattery-backed cache controller (75/25)Multiple databases/volumeAutoReseed with hot spareData volumes are formatted with ReFSData volumes are encrypted with BitLocker
DAG
mail VIP
Preferred architecture
Sue(somewhere in NA) DNS Resolution
DAG
na VIP na VIP
DNS Resolution
DAG
eur VIP eur VIP
Jane(somewherein Europe)
mail.contoso.com
na.contoso.comeur.contoso.com
Large mailboxes for the win!Large mailbox size 100 GB+Aggregate mailbox = primary mailbox + archive mailbox + recoverable items1–2 years of mail (minimum)1 million items/folder
Increased knowledge worker productivity
Eliminate or reduce PST reliance
Eliminate or reduce third-party archive solutions
Outlook 2013+ allows you to control OST size!Gives more options around mailbox deployments
TIME ITEMS MAILBOX SIZE
1 day 150 11 MB
1 month 3300 242 MB
1 year 39000 2.8 GB
2 years 78000 5.6 GB
4 years 156000 11.2 GB
SummaryBuilding block architecture provides flexibility in load balancing, namespace planning, and high availabilityExchange 2016 coexistence rocksTake advantage of large, low-cost mailboxes by utilizing large capacity 7.2k RPM disksSimpler is better!
Sessions to attendBRK2189 - Desktop Outlook: Evolved and RedefinedBRK3102 - Experts Unplugged: Exchange Server High Availability and Site ResilienceBRK3125 - High Availability and Site Resilience: Learning from the Cloud and FieldBRK3129 - Deploying Exchange Server 2016BRK3138 - Exchange Design Concepts and Best PracticesBRK3147 - Meeting Complex Security Requirements for Publishing ExchangeBRK3160 - Mail Flow and Transport Deep DiveBRK3163 - Making Managed Availability Easier to Monitor and TroubleshootBRK3173 - Experts Unplugged: Exchange Server Deployment and ArchitectureBRK3178 - Exchange on IaaS: Concerns, Tradeoffs, and Best PracticesBRK3180 - Tools and Techniques for Exchange Performance TroubleshootingBRK3186 - Behind the Curtain: Running Exchange OnlineBRK3206 - Exchange Storage for Insiders: It’s ESEBRK4105 - Under the hood with DAGsBRK4115 - Advanced Exchange Hybrid Topologies
Visit Myignite at http://myignite.microsoft.com or download and use the Ignite Mobile App with the QR code above.
Please evaluate this sessionYour feedback is important to us!