Lesson 2: Highly Available Public Folders Chapter 13 709 FIGURE 13-7 Public folder replication MORE INFO PUBLIC FOLDER REPLICATION To learn more about public folder replication, consult the following TechNet article: http://technet.microsoft.com/en-us/library/bb691120.aspx. Quick Check n Which cmdlet should you use to congure a public folder’s replication schedule without modifying the replication schedule of the public folder database that hosts the public folder? Quick Check Answer n The Set-PublicFolder cmdlet allows you to modify the replication schedule of a public folder without modifying the replication schedule of the public folder database. Public Folder Backup and Restore You can back up public folders as a part of the normal Windows Server Backup process. You will learn more about the backup and restore process in Chapter 14, “Exchange Disaster Recovery.” Performing a full server backup with Windows Server Backup backs up all public folder database and transaction log les. 710 Chapter 13 Exchange High-Availability Solutions Performing public folder database recovery is different from performing mailbox database recovery. When you recover a public folder, you can use recovery mode to mount the folder, extracting items from the mounted recovery database and merging them back into the appropriate mailbox database. You cannot mount public folder databases as recovery databases, and you need to overwrite the existing database with the contents of the public folder database that you are recovering from backup. You accomplish this by enabling the This Database Can Be Overwritten By A Restore option for the public folder database prior to overwriting it with the restored les. You can congure this option by editing the database properties, as shown in Figure 13-8, or by using the Set-PublicFolderDatabase cmdlet with the AllowFileRestore parameter set to $true. FIGURE 13-8 Overwrite database with restore The most common form of public folder recovery is the recovery of individual public folders that have been deleted where that deletion has replicated to other public folder databases. You can recover specic deleted public folders using Outlook as long as the deleted public folder is within the retention period. You can congure the retention period for a public folder database using the Set-PublicFolderDatabase cmdlet or through the EMC by editing the properties of the public folder database and conguring the setting on the Limits tab, as shown in Figure 13-9. The default deleted item retention period for public folder databases is 14 days. To recover a deleted public folder using Outlook, perform the following general steps: 1. Log on using an account that has full control over the public folders to be recovered. 2. Access the Public Folders node in Outlook. Select the parent node of the node that contained the deleted public folder. 3. On the Tools menu, select Recover Deleted Items. This launches the Recover Deleted Items dialog box. 4. Select the public folders that you wish to recover and then click the Recover Selected Items button. Lesson 2: Highly Available Public Folders Chapter 13 711 FIGURE 13-9 Public folder database limits EXAM TIP Remember that you cannot use DAGs to ensure that public folders are highly available. Lesson Summary n A public folder replica is a copy of a public folder hosted on another public folder database. n Use the Set-PublicFolder cmdlet to congure the public folder databases to which public folder replica replicates. You can use this method to add and remove replicas. n You can congure public folder schedules using the Set-PublicFolder cmdlet. n You cannot create a new public folder database and set them to recovery mode as you can with mailbox databases. n You can recover recently deleted public folders using Outlook as long as the public folder was deleted within the congured retention period. n You can congure a public folder database to be overwritten by a restore operation if you wish to overwrite the contents of the public folder database with a backup. Lesson Review You can use the following questions to test your knowledge of the information in Lesson 2, “Highly Available Public Folders.” The questions are also available on the companion CD if you prefer to review them in electronic form. 712 Chapter 13 Exchange High-Availability Solutions NOTE ANSWERS Answers to these questions and explanations of why each answer choice is correct or incorrect are located in the “Answers” section at the end of the book. 1. Which of the following EMS cmdlets can you use to congure an existing public folder so that replicates to two other public folder databases within your organization? A. Get-PublicFolder B. New-PublicFolder C. Set-PublicFolder D. Remove-PublicFolder 2. Which of the following EMS cmdlets can you use to remove a replica of a mail-enabled public folder from a specic public folder database? A. Set-PublicFolder B. Remove-PublicFolder C. Set-MailPublicFolder D. Disable-MailPublicFolder 3. Which of the following cmdlets can you use to congure a public folder’s replication schedule? A. Update-PublicFolder B. Update-PublicFolderHierarchy C. Set-PublicFolder D. Set-MailPublicFolder 4. You have deployed a new public folder database on a Mailbox server. Which of the following cmdlets can you use to update the list of folders that will be available on this new public folder database? A. Set-PublicFolderDatabase B. Update-PublicFolderHierarchy C. Get-PublicFolder D. Update-PublicFolder 5. Which EMS cmdlet can you use to congure an existing public folder database so that it can be overwritten by a restore operation? A. Set-PublicFolderDatabase B. Set-PublicFolder C. New-PublicFolderDatabase D. New-PublicFolder Lesson 3: High Availability for Other Exchange Roles Chapter 13 713 Lesson 3: High Availability for Other Exchange Roles Although DAGs are the headline feature for Exchange, you need to take steps to ensure that servers offering other Exchange roles, such as the Hub Transport, Client Access, and Edge Transport servers, will also be available to the Exchange organization in the event that a server suffers complete failure. As you will remember from reading earlier chapters, having a Mailbox server in a site also requires that you have a Client Access server and a Hub Transport server in the same site. Even if you have a DAG deployed, you will still need other server roles to be highly available if you want to ensure that messages ow in the event of server failure. In this lesson, you will learn what steps you need to take to make Client Access servers, Hub Transport servers, and Edge Transport servers highly available. After this lesson, you will be able to: n Congure a client access server array. n Ensure that Hub Transport servers are highly available. n Congure Edge Transport server redundancy. Estimated lesson time: 15 minutes Conguring Network Load Balancing Client Access servers and Edge Transport servers can leverage network load balancing (NLB) as a part of their high-availability strategy. NLB distributes trafc between multiple hosts based on each host’s current load. Each new client is directed to the host under the least load. It is also possible to congure NLB to send trafc proportionally to hosts within the cluster. For example, in a cluster with four hosts, you could congure an NLB cluster to send 40 percent of incoming trafc to one host and split the remaining 60 percent across the other three hosts. When considering high availability for Client Access servers and Edge Transport servers, you have the option of using the NLB feature available in Windows Server 2008 and Windows Server 2008 R2. All editions of Windows Server 2008 and Windows Server 2008 R2 support NLB. You can add and remove nodes to NLB clusters easily by using the Network Load Balancing Manager console. NLB clusters recongure themselves automatically when you add a new node or remove a node or a node in the cluster fails. Each node in an NLB cluster sends a message to all other nodes after a second, informing them of its status. The term for this message is “heartbeat.” When a node fails to transmit ve consecutive heartbeat messages, the other nodes in the cluster alter the conguration of the cluster, excluding the failed node. The term for the reconguration process is “convergence.” Convergence also occurs when the heartbeat of a previously absent node is again detected by other nodes in the cluster. You can take an existing node in an NLB cluster ofine for maintenance and then return it to service without having to recongure the cluster manually because the removal and addition process occurs automatically. 714 Chapter 13 Exchange High-Availability Solutions You cannot congure a Client Access server that also hosts a DAG to be a part of a Windows NLB cluster, as you cannot use both NLB and Windows Failover Clustering concurrently. You must install the NLB feature on each node before creating an NLB cluster. NLB detects server failure but not application failure, so it is possible that clients can be directed to a node on which a Client Access server component has failed. Conguring NLB Cluster Operation Mode The cluster operation mode determines how you congure the cluster’s network address and how that address relates to the existing network adapter addresses. You can congure the operation mode of an NLB cluster by editing the cluster properties, as shown in Figure 13-10. All nodes within a cluster must use the same cluster operations mode. This tab also displays the virtual MAC address assigned to the cluster by using this dialog box. FIGURE 13-10 Cluster operation mode The cluster operations modes—and the differences between them—are as follows: n Unicast Mode When an NLB cluster is congured to work in the unicast cluster operation mode, all nodes in the cluster use the MAC address assigned to the virtual network adapter. NLB substitutes the cluster MAC address for the physical MAC address of a network card. If your network adapter does not support this substitution, you must replace it. When nodes in a cluster have only a single network card, this limits communication between nodes but does not pose a problem for hosts outside the cluster. Unicast mode works better when each node in the NLB cluster has two network adapters. The network adapter assigned the virtual MAC address is used with the cluster; the second network adapter facilitates management and internode communication. Use two network adapters if you choose unicast mode and use one node to manage others. Lesson 3: High Availability for Other Exchange Roles Chapter 13 715 n Multicast Mode Multicast mode is a suitable solution when each node in the cluster has a single network adapter. The cluster MAC address is a multicast address. The cluster IP address resolves to the multicast MAC address. Each node in the cluster can use its network adapter’s MAC address for management and internode communication. You can use multicast mode only if your network hardware supports multicast MAC addressing. n IGMP Multicast Mode This version of multicast uses Internet Group Membership Protocol (IGMP) for communication, which improves network trafc because trafc for an NLB cluster passes only to those switch ports the cluster uses, not to all switch ports. The properties of IGMP multicast mode are otherwise identical to those of multicast mode. Conguring NLB Port Rules Port rules, shown in Figure 13-11, control, on a port-by-port basis, how network trafc is treated by an NLB cluster. By default, the cluster balances all trafc received on the cluster IP address across all nodes. You can modify this so that only specic trafc, designated by port, received on the cluster IP address is balanced. The cluster drops any trafc that does not match a port rule. You can also congure the cluster to forward trafc to a specic node rather than to all nodes, enabling the cluster to balance some trafc but not all trafc. You accomplish this by conguring the port rule’s ltering mode. The options are multiple host or single host. FIGURE 13-11 Port rules When you congure a rule to use the multiple host ltering mode, you can also congure the rule’s afnity property. The afnity property determines where the cluster will send subsequent client trafc after the initial client request. If you set the afnity property to Single, the cluster will tie all client trafc during a session to a single node. The default port rule, shown in Figure 13-12, uses the Single afnity setting. When you set a rule’s afnity property to None, the cluster will not bind a client session to any particular node. When you 716 Chapter 13 Exchange High-Availability Solutions set a rule’s afnity property to Network, a client session will be directed to cluster nodes located on a specic TCP/IP subnet. It is not necessary to congure the afnity for a single host rule because that rule already ties trafc to a single node in the cluster. FIGURE 13-12 Port rules You can edit the load placed on each node by editing port rules on each node of the cluster. Editing the load changes the load from balanced between all nodes to preferring one node or several nodes over other nodes. Do this when the hardware or one or more nodes have greater capacity than other nodes. You congure port rules in the practice at the end of this lesson. When you need to perform maintenance on a node in an NLB cluster, you can use the Drain function to stop new connections to the node without disrupting existing connections. When all existing connections have nished, you can then take the cluster ofine for maintenance. You can drain a node by right-clicking it from within Network Load Balancing Manager, clicking Control Ports, and then clicking Drain. MORE INFO NLB To learn more about NLB on Windows Server 2008 R2, consult the following document on TechNet: http://technet.microsoft.com/en-us/library/cc770558.aspx. Client Access Arrays Client access arrays, sometimes called client access server arrays, are collections of load-balanced Client Access servers. If one Client Access server in a client access array fails, client trafc will automatically be redirected to other Client Access servers in the array. Client access arrays work on a per-site basis. A single client access array cannot span multiple sites. Client access arrays can use Windows NLB or a hardware NLB solution. If you are using a Windows NLB, you will be limited to eight nodes in the array and will not be able to also congure the server hosting the Client Access server role as a part of a DAG. Lesson 3: High Availability for Other Exchange Roles Chapter 13 717 To create a client access array, perform the following general steps: 1. Congure load balancing for your Client Access servers. You can use Windows NLB or a hardware NLB solution. Ensure that your load-balancing array balances TCP port 135 and UDP and TCP ports 6005 through 65535. 2. Congure a new DNS record that points to the virtual IP address that you will use for the client access array. 3. Use the New-ClientAccessArray cmdlet to create the client access array. For example, if you created a DNS record for casarray.adatum.com and you have congured load balancing for Client Access servers in the Wangaratta site, use the following command to create a client access array: New-ClientAccessArray –Name 'Wangaratta Array' –Fqdn 'casarray.adatum.com' –Site 'Wangaratta' 4. Congure existing mailbox databases in the site to use the new CAS array with the Set-MailboxDatabase cmdlet and the RpcClientAccessServer parameter. For example, to congure MBX-DB-1 to use casarray.adatum.com, issue the following command: Set-MailboxDatabase MBX-DB-1 –RpcClientAccessServer 'casarray.adatum.com' MORE INFO CLIENT ACCESS ARRAYS To learn more about client access arrays, consult the following document on TechNet: http://technet.microsoft.com/en-us/library/dd351149.aspx. Quick Check n What type of load balancing must you use if you want to create a client access array using two servers that also host the mailbox role? Quick Check Answer n You will need to use a hardware NLB solution, as Windows Network Load Balancing cannot be used on the same server as Windows Failover Clustering. Transport Server High Availability To ensure that Hub Transport servers are highly available, deploy multiple Hub Transport servers in each site. Deploying multiple Hub Transport servers provides server redundancy, as messages will automatically reroute in the event that a Hub Transport server fails. When you deploy an extra Hub Transport server on a site, you do not need to perform any additional conguration, as conguration data automatically replicates through Active Directory. There are two methods through which you can make Edge Transport servers highly available. You can load-balance Edge Transport servers using NLB, or you can congure multiple MX records in the external DNS namespace. 718 Chapter 13 Exchange High-Availability Solutions As Windows NLB requires that hosts be members of the same Active Directory domain and that you deploy Edge Transport servers on perimeter networks, most Edge Transport server load-balancing solutions use hardware load balancing. You may need to use a NLB solution if you have multiple Edge Transport servers but have only one public IPv4 address available for incoming Simple Mail Transfer Protocol (SMTP) trafc. In this situation, you would assign the public IPv4 address as the NLB virtual address, allowing requests to be spread across Edge Transport servers with private IP addresses on the perimeter network. Conguring multiple MX records in the external DNS zone uses the SMTP protocol’s natural high-availability features. When an external SMTP server needs to send a message to a specic mail domain, it runs a query against the target domain’s zone looking for MX records. If the SMTP server is unable to deliver mail to the rst address returned by the MX record query, the SMTP server then attempts delivery to other addresses returned by the query. MORE INFO HIGH AVAILABILITY AND SITE RESILIENCE To learn more about high availability for non–Mailbox server roles, consult the following document on TechNet: http://technet.microsoft.com/en-us/library/dd638137.aspx. EXAM TIP Remember that you need to add additional Hub Transport servers to a site only to provide high availability; it is not necessary to congure NLB. Lesson Summary n Windows Network Load Balancing can be used to load-balance Client Access servers and Edge Transport servers. n You need to congure NLB before creating a client access array. n A client access array is a collection of load-balanced Client Access servers that are located in the same Active Directory site. n You can make Hub Transport servers highly available by adding additional Hub Transport servers to a site. n You can make Edge Transport servers highly available either by using a NLB solution or by conguring multiple MX records. Lesson Review You can use the following questions to test your knowledge of the information in Lesson 3, “High Availability for Other Exchange Roles.” The questions are also available on the companion CD if you prefer to review them in electronic form. NOTE ANSWERS Answers to these questions and explanations of why each answer choice is correct or incorrect are located in the “Answers” section at the end of the book. [...]... backups of Exchange data To back up and restore Exchange Server 2010, you must use an Exchange- aware a ­ pplication that supports the VSS writer for Exchange 2010, such as Windows Server Backup (with the VSS plug-in), Microsoft System Center Data Protection Manager, or a third-party Exchange- aware VSS-based application Lesson 1: Backup and Recover Exchange Data Chapter 14 731 You can use the VSS plug-in... by Exchange Server 2010 Unlike Exchange Server 2007 and Exchange Server 2003, Exchange Server 2010 does not s ­ upport the Extensible Storage Engine streaming Application Programming Interfaces for backup and restore of program files or data Exchange Server 2010 supports only Volume Shadow Copy Service (VSS)–based backups and includes a plug-in for Windows Server Backup that enables you to make VSS-based... Windows Server 2008 R2 domain controller VAN-DC1 and the Windows Exchange 2010 Enterprise Mailbox, Hub Transport, and Client Access server VAN-EX1, as described in the Appendix, “Setup Instructions for Exchange Server 2010. ” n Optionally installed the Windows Exchange 2010 Enterprise server VAN-EX2 as a member server in the Adatum.com domain as described in the Appendix and ­ onfigured this server with... system The VSS plug-in is implemented by an executable file named WSBExchange.exe and runs as a service named Microsoft Exchange Server Extension for Windows Server Backup ­ WSBExchange) It is automatically installed on all Exchange 2010 Mailbox servers ( and ­ onfigured by default for manual startup To use the plug-in, you must have the Windows c Server Backup feature installed The command-line tool WBAdmin.exe... prompt Using Windows Server Backup to Perform an Exchange Backup You can use Windows Server Backup on an Exchange Server 2010 server running the W ­ indows Server 2008 or Windows Server 2008 R2 operating system to back up and restore your Exchange databases During the backup operation, the Exchange data files are checked for consistency to ensure that they can be used for recovery Windows Server Backup runs... from their existing Exchange high-availability solution to a solution based on Exchange Server 2010 DAGs 7 26 Chapter 13 Exchange High-Availability Solutions You want to configure mailbox databases on server VAN-LAG With these facts in mind, answer the following questions: 1 Which EMS cmdlet should be used to create a new DAG? 2 Which EMS cmdlet should you use to add server VAN-LAG to the DAG? 3 Which... the EMS for this purpose For example, the following command creates the recovery database RecoverDB on the Mailbox server VAN-EX1: New-MailboxDatabase -Recovery -Name RecoverDB -Server VAN-EX1 7 42 Chapter 14 Exchange Disaster Recovery Figure 1 4-8 shows the output from this command FIGURE 1 4-8   Creating a recovery database You need to bear the following information in mind when working with RDBs: n You... use the VSS plug-in that ships with Exchange Server 2010 to back up volumes c ­ ontaining active mailbox database copies or stand-alone (nonreplicated) mailbox ­ atabases d You cannot use this plug-in to back up volumes that contain passive mailbox database copies You need either Microsoft System Center Data Protection Manager or a third-party Exchange- aware VSS-based application to back up passive... Availability Group Wizard Enter the Database Availability Group name as DAG-ONE Enter the Witness Server as VAN-DC and enter the Witness Directory as c:\DAG-WIT, as shown in Figure 1 3-1 4 Click New and then click Finish If you are presented with a warning about VAN-DC not being part of the Exchange Server security group, click OK FIGURE 1 3-1 4  New Database Availability Group 8 Click on the Organization Configuration\Mailbox... account Shut down the server 3 Verify that the status of database EPSILON on Mailbox server VAN-EX1 is set to Mounted and that the status of database EPSILON on Mailbox server VAN-EX2 is set to ServiceDown 4 Start server VAN-EX2 When the server has started, verify that the status of mailbox database EPSILON on server VAN-EX2 returns to Healthy E XERCISE 4  Configure Highly Available Public Folders In . Set-MailboxDatabase cmdlet and the RpcClientAccessServer parameter. For example, to congure MBX-DB-1 to use casarray.adatum.com, issue the following command: Set-MailboxDatabase MBX-DB-1 –RpcClientAccessServer. add servers VAN-EX1 and VAN-EX2 to this group. You will use VAN-DC as the witness for the DAG. In real-life situations, you would choose to use an existing Hub Transport server as a witness server. . EPSILON on Mailbox server VAN-EX1 is set to Mounted and that the status of database EPSILON on Mailbox server VAN-EX2 is set to ServiceDown. 4. Start server VAN-EX2. When the server has started,