Architecting a Multi-host Architecting a Multi-host Environment With Environment With Exchange 2000Exchange 2000

Andres SanabriaAndres SanabriaNetwork SpecialistNetwork SpecialistMicrosoft CorporationMicrosoft Corporation

What Is An ASPWhat Is An ASP

Defining Characteristics:Defining Characteristics: Applications-centric Applications-centric

Deploy, host, manage and rentDeploy, host, manage and rent Applications license ownershipApplications license ownership One-to-manyOne-to-many Delivers on contractDelivers on contract Centrally managedCentrally managed

TopicsTopics

Hosting scenarios and modelsHosting scenarios and models Active DirectoryActive Directory™™ design design Messaging configurationMessaging configuration Scalability and reliabilityScalability and reliability ClientsClients ManagementManagement

Hosting Scenarios And ModelsHosting Scenarios And Models

Centralized (shared server hosting)Centralized (shared server hosting) All software components, hardware live All software components, hardware live

at ASP data centerat ASP data center ISP-like configurationISP-like configuration Vast scale services (messaging, conf, wireless)Vast scale services (messaging, conf, wireless)

De-centralized De-centralized Co-located and/or off-site CPECo-located and/or off-site CPE Remotely managed by MSPRemotely managed by MSP Tied into ASP directory in some casesTied into ASP directory in some cases

Fully distributed (dedicated server hosting)Fully distributed (dedicated server hosting) Complete data/config isolationComplete data/config isolation Management, monitoring and recoveringManagement, monitoring and recovering Highest SLA, costsHighest SLA, costs

Active Directory DesignActive Directory Design

Customer RequirementsCustomer Requirements Single point of management for any Single point of management for any

resource (applications, users, email,..etc)resource (applications, users, email,..etc) Totally secure and isolated environment Totally secure and isolated environment Share the same infrastructure for Share the same infrastructure for

multiple companiesmultiple companies Delegate Configuration to ASP personnelDelegate Configuration to ASP personnel Delegate user mgmt to customerDelegate user mgmt to customer Automate most of my workAutomate most of my work

Scripts, schedule task, applicationScripts, schedule task, application Increase the availabilityIncrease the availability

Active Directory DesignActive Directory Design

Name Space Partition Name Space Partition Organization Unit - OU ModelOrganization Unit - OU Model

Each OU will host a CompanyEach OU will host a Company Administrative containersAdministrative containers Unit of delegate administrationUnit of delegate administration

User Principal Name- UPN Model User Principal Name- UPN Model (Same as pre-Windows 2000) = (Same as pre-Windows 2000) =

OU name //UsabilityOU name //Usability Set security ACL in groups created in the OUSet security ACL in groups created in the OU

AllUsers@customer1AllUsers@customer1 , , AdminOu@customer1AdminOu@customer1 Remove Authenticate UsersRemove Authenticate Users

Single forestSingle forest Keep it simple, “Less Is Better”Keep it simple, “Less Is Better” Security – top design prioritySecurity – top design priority

Active Directory DesignActive Directory Design

MyAsp.Com

Company1.com

Admin@company1.c

om

allUSers@company1.com

myFirstUSer1@company1.c

om

Company2.com

Admin@company2

.com

allUSers@company1.com

myFirstUSer1@company1.c

om

Active Directory – Active Directory – Shared Hosting Architecture Shared Hosting Architecture

WTSWTS

Offi

ce O

nlin

eO

ffice

On

line

Oth

er T

S A

pps

Oth

er T

S A

pps

Active Directory DesignActive Directory Design

Exchange 2000Exchange 2000

Me

ssa

gin

gM

ess

ag

ing

Inst

ant M

ess

agi

ng

Inst

ant M

ess

agi

ng

Co

nfe

ren

cing

Co

nfe

ren

cing

Un

ifie

d M

essa

gin

gU

nifi

ed

Mes

sag

ing

Wir

ele

ssW

irel

ess

Oth

er IS

V A

pp

sO

ther

ISV

Ap

ps

Ma

na

ged

PC

Ma

na

ged

PC

Benefits of a single platform (Windows 2000) Benefits of a single platform (Windows 2000) and integration of productsand integration of products

Active Directory DesignActive Directory Design

Configure the AD to be GC Configure the AD to be GC to improve performanceto improve performance

At least one GC per geographical At least one GC per geographical locationlocation Replicated to two servers for RedundancyReplicated to two servers for Redundancy

Build in a “Round Robin” type Build in a “Round Robin” type of solutionof solution

Easy to integrated via ADSI, Easy to integrated via ADSI, or LDAP callor LDAP call

Messaging ConfigurationMessaging Configuration

Recipient PoliciesRecipient Policies Automatically create SMTP address Automatically create SMTP address

base on rulesbase on rules Users/LogonName ends with <OU Name> Users/LogonName ends with <OU Name>

= @<SMTP Address>= @<SMTP Address> Groups/DisplayName end with <OU Groups/DisplayName end with <OU

Name> = @<SMTP Address>Name> = @<SMTP Address> Multiple SMTP Address per userMultiple SMTP Address per user

Messaging ConfigurationMessaging Configuration

Global address List and Offline Address listGlobal address List and Offline Address list Support Multiple GAL and ADLSupport Multiple GAL and ADL Have a common place for all the user to look up Have a common place for all the user to look up

other usersother users Users/e-mail ends with <OU Name>Users/e-mail ends with <OU Name>

SecuritySecurity AllUsersAllUsers@customer1@customer1 , ,

Allow = read, execute, read permissions, list Allow = read, execute, read permissions, list content, read properties, open address listcontent, read properties, open address list

AdminOuAdminOu@customer1@customer1 Full administrative privilegeFull administrative privilege

For MAPI usersFor MAPI users

Messaging ConfigurationMessaging Configuration

Outlook Web AccessOutlook Web Access Limiting MAPI/RPC lookup via ADLimiting MAPI/RPC lookup via AD

msExchQueryBaseDNmsExchQueryBaseDN Using ADSIEdit.exeUsing ADSIEdit.exe

ou=<ou name>, dc=<domain_name>, ou=<ou name>, dc=<domain_name>, dc=<root_domain>dc=<root_domain>

ExEx ou=Customer1, dc=myAsp, dc= comou=Customer1, dc=myAsp, dc= com

Per userPer user Scriptable via ADSIScriptable via ADSI

Messaging ConfigurationMessaging Configuration External DNSExternal DNS

Primary zones per customerPrimary zones per customer IN A IN A pointing to the Virtual IP addresspointing to the Virtual IP address WWW WWW for the OWAfor the OWA MXMX for the SMTP addressfor the SMTP address

Integrated to the AD Integrated to the AD For redundancy and replication For redundancy and replication

EX.EX. Customer1.comCustomer1.com

@ MX@ MX 1010 mail.Customer1.com.mail.Customer1.com.MAIL MAIL AA 208.217.184.2208.217.184.2 ;SMTP;SMTPwww www AA 208.217.184.3 208.217.184.3 ;OWA;OWA

AD and FE server will resolve the mailbox location AD and FE server will resolve the mailbox location and alias for the userand alias for the user

Scalability Scalability And ReliabilityAnd Reliability

Exchange 5.5Exchange 5.5 Designed for enterprises and SMORGsDesigned for enterprises and SMORGs Thousand usersThousand users

MCISMCIS Designed for hosted configurations Designed for hosted configurations Million UsersMillion Users

High-performance POP/IMAP/NNTP servicesHigh-performance POP/IMAP/NNTP services Chat ServerChat Server

Provisioning built-inProvisioning built-in Scales to the massesScales to the masses

Scalability Scalability And ReliabilityAnd Reliability

Scalability and reliability through Scalability and reliability through partitioning and redundancypartitioning and redundancy

Partition separate servers for:Partition separate servers for: ProtocolsProtocols StorageStorage DirectoryDirectory

Add redundancy with:Add redundancy with: Clustering Clustering Load BalancingLoad Balancing

Scalability Scalability And ReliabilityAnd Reliability Scaling VerticalScaling VerticalVersionVersion ProcessorProcessor RAMRAM

Windows 2000 ServerWindows 2000 Server 4 Way SMP4 Way SMP 4 GB RAM4 GB RAM

Windows 2000 Advance Windows 2000 Advance ServerServer

8 way SMP8 way SMP 8 GB RAM8 GB RAM

Windows 2000 Data centerWindows 2000 Data center 32 way SMP32 way SMP 64 GB RAM64 GB RAM

Scaling HorizontalScaling HorizontalVersionVersion Net Load BalNet Load Bal Cluster servCluster serv

Windows 2000 ServerWindows 2000 Server N/AN/A N/AN/A

Windows 2000 Advance Windows 2000 Advance ServerServer

Up to 32 nodes Up to 32 nodes 2 node2 node

Windows 2000 Data centerWindows 2000 Data center Up to 32 nodes Up to 32 nodes 4 Node Cluster4 Node Cluster

Scalability Scalability And ReliabilityAnd Reliability

Network Load BalancingNetwork Load Balancing TCP/IP Load BalancingTCP/IP Load Balancing 32 nodes could be view as a single server32 nodes could be view as a single server Great for front-end servers Great for front-end servers

Used by TCP/UDP Protocols, app. Used by TCP/UDP Protocols, app. HTTP, IMAP, POP3, smtpHTTP, IMAP, POP3, smtp

dynamically adjusts, distributing requestsdynamically adjusts, distributing requests

Scalability Scalability And ReliabilityAnd Reliability FE/BE ConfigurationsFE/BE Configurations

Front-end servers are important for hosting Front-end servers are important for hosting configurationsconfigurations Provides unified namespace across the farmProvides unified namespace across the farm Offloads SSL processing from back-endsOffloads SSL processing from back-ends Provides an additional security layerProvides an additional security layer Allows for seamless server consolidationAllows for seamless server consolidation Allows seamless distribution of user data across Allows seamless distribution of user data across

multiple servers without having to re-authenticatemultiple servers without having to re-authenticate IMAP/POP/HTTP/WebDAVIMAP/POP/HTTP/WebDAV

Scalability Scalability And ReliabilityAnd Reliability

Cluster ServerCluster Server Application . Application . state full, back-end serversstate full, back-end servers Fail Over in the case that the application failFail Over in the case that the application fail Fail Back when the server is back on lineFail Back when the server is back on line Active || Passive applicationActive || Passive application Exchange is a Cluster aware applicationExchange is a Cluster aware application

Resource.dll: Exchange wrote its own // EXCHRES.DLLResource.dll: Exchange wrote its own // EXCHRES.DLL A resource group is an atomic unit of fail over/A resource group is an atomic unit of fail over/

fail backfail back Exchange Virtual ServerExchange Virtual Server

Let the back end do the heavy liftingLet the back end do the heavy lifting ProcessingProcessing Accessing storageAccessing storage SecuritySecurity

Failover/User ExperienceFailover/User Experience

EVS2EVS2

EVS1

EVS1EVS1

XXHTTP,POP, HTTP,POP, IMAP,MAPIIMAP,MAPI

Scalability Scalability And Reliability And Reliability Partition separate serversPartition separate servers

Router /DNS Router /DNS service service resolverresolver

Router /DNS Router /DNS service service resolverresolver

ProtocolProtocol ProtocolProtocol ProtocolProtocol ProtocolProtocol ProtocolProtocol

StoreStoreStoreStore StoreStoreStoreStore

Cluster ACluster A Cluster BCluster B

Windows Windows 2000 2000 DirectoryDirectory

Scalability Scalability And ReliabilityAnd ReliabilityStorageStorage

Shared StorageShared Storage

Machine Machine BB

Machine Machine AA

Local Attach StorageLocal Attach Storage SupportedSupported

Scalability Scalability And ReliabilityAnd ReliabilityStorageStorage

4 Server Cluster4 Server Cluster 3 Servers Running3 Servers Running

Nodes = 15 Nodes = 15 storagesstorages

60 storage60 storage 2 Servers Running2 Servers Running

Nodes = 10 Nodes = 10 storagesstorages

40 storages40 storages 1 Server Running1 Server Running

Nodes = 5 StorageNodes = 5 Storage 20 storages20 storages

2 Node Cluster 2 Node Cluster 1 Server Running1 Server Running

Nodes = 10 Storage Nodes = 10 Storage 20 Storage20 Storage

3 Node Cluster3 Node Cluster 2 Servers Running2 Servers Running

Nodes = 10 storage Nodes = 10 storage 30 storage30 storage

1 Server Running1 Server Running Nodes = 6 storageNodes = 6 storage 18 Storage18 Storage

Always plan for 20 Storages at most per single serverAlways plan for 20 Storages at most per single server

Scalability Scalability And ReliabilityAnd Reliability

Scalability is priority one for most Scalability is priority one for most hosting scenarioshosting scenarios

Current scenarios:Current scenarios: 1 million user test1 million user test FE/BE scalabilityFE/BE scalability SAN testingSAN testing

Large scalability labs in Large scalability labs in Bldg 43 + MPSCBldg 43 + MPSC

Client ScenariosClient Scenarios

DigitalDigital tabletstablets

PC - Desktop PC - Desktop PC - Laptop PC - Laptop Windows TerminalWindows Terminal

Win CE - Palm PCWin CE - Palm PCWin CE – HH ProWin CE – HH ProSmart PhonesSmart PhonesCellular PhonesCellular Phones

ClientClient AuthenticationAuthentication ProtocolProtocol AdvantagesAdvantages DisadvantagesDisadvantages

OWAOWA BasicBasic

Basic + SSLBasic + SSL

NTLMNTLM

DigestDigest

httphttp

httpshttps

Basic& DigestBasic& Digestbrowser independentbrowser independent

HTML 3.2+HTML 3.2+ No client updatesNo client updates With SSL entire With SSL entire

session is encryptedsession is encrypted

No offline No offline capabilitiescapabilities

Secure Secure connection connection requires SSLrequires SSL

SSL slows down SSL slows down performanceperformance

O2KO2K NTNT

BasicBasic

MAPI MAPI POP3POP3

IMAP4IMAP4

Rich functionalityRich functionality

large installed baselarge installed base

MAPI clients only MAPI clients only connect to the connect to the backendbackend

VPN required for VPN required for MAPIMAPI

Network Traffic loadNetwork Traffic load

OEOE BasicBasic

Basic over Basic over SSLSSL

NTNT

POP3POP3

IMAP4 IMAP4 LDAPLDAP

large installed baselarge installed base

little overhead, good little overhead, good performanceperformance

SSL slows down SSL slows down performanceperformance

NT requires VPNNT requires VPN

POP3IPOP3IMAP4MAP4

BasicBasic POP3POP3

IMAP4IMAP4

Light and good to just Light and good to just connectconnect

Lack of featuresLack of features

ManagementManagement

Remote ManagementRemote Management Windows Terminal ServerWindows Terminal Server MMCMMC Lights Out OperationLights Out Operation

Automatic tasks Automatic tasks CDO / CDO EXMCDO / CDO EXM ADSIADSI OLE DBOLE DB Objects : Objects :

Interfaces, methods, propertiesInterfaces, methods, properties Dual interfacedDual interfaced

C++, Visual Basic, VB Scripting Edition, JscriptC++, Visual Basic, VB Scripting Edition, Jscript

Call To ActionCall To Action

Follow the next session Follow the next session Check the Architecture White PaperCheck the Architecture White Paper Use the “Deployment guide”Use the “Deployment guide”

Saturday we will build the ASP Saturday we will build the ASP environmentenvironment

Send feedback and comments to Send feedback and comments to ASPTech@Microsoft.comASPTech@Microsoft.com