Presentation on theme: "1EMC CONFIDENTIAL—INTERNAL USE ONLY EMC PROTECTION FOR MICROSOFT EXCHANGE SERVER 2010 EMC VNX5700, EMC RecoverPoint, EMC Replication Manager, EMC Data."— Presentation transcript:
1EMC CONFIDENTIAL—INTERNAL USE ONLY EMC PROTECTION FOR MICROSOFT EXCHANGE SERVER 2010 EMC VNX5700, EMC RecoverPoint, EMC Replication Manager, EMC Data Protection Advisor, VMware vSphere, and VMware vCenter Site Recovery Manager Fully automated recovery for Microsoft Exchange Server 2010 Unlimited snapshots to protect from logical database corruption In-depth monitoring and reporting EMC Solutions Group — Strategic Solutions Engineering
2EMC CONFIDENTIAL—INTERNAL USE ONLY Solution Offering and Options Full end-to-end Protection for Exchange 2010 environment in a virtualized infrastructure – Local application protection with Exchange deployed in DAG – Local continuous data protection (CDP) with RecoverPoint (unlimited snaps) – Remote continuous replication (CRR) with RecoverPoint for DR – Automated failover and failback with vCenter SRM 5 Database protection and instant restore with Replication Manager In-depth monitoring and reporting with DPA Flexible deployment options White paper for this solution is published here: http://www.emc.com/collateral/hardware/white-papers/h8891-emc-protection-fr-microsoft-exchng-servr2010.pdf http://www.emc.com/collateral/hardware/white-papers/h8891-emc-protection-fr-microsoft-exchng-servr2010.pdf
3EMC CONFIDENTIAL—INTERNAL USE ONLY Exchange 2010 DR Options Replication Method DescriptionReference Material Cross-site (stretch) DAG Exchange Continuous Replication (DAG) Built in to Exchange 2010 for HA and DR Co-branded White Paper: Business Continuity for Microsoft Exchange 2010 Enabled by EMC Unified Storage, Cisco UCS and Microsoft Hyper-VBusiness Continuity for Microsoft Exchange 2010 Enabled by EMC Unified Storage, Cisco UCS and Microsoft Hyper-V Database Portability RecoverPointJust the Exchange data is replicated. The users are re- homed at the second site to a different server White Paper: Exchange 2010 Disaster Recovery Options with Cross-Site Exchange DAG and EMC RecoverPointExchange 2010 Disaster Recovery Options with Cross-Site Exchange DAG and EMC RecoverPoint Replication Enabler for Exchange (REE) RecoverPointSynchronous solution today. Integrated with Exchange 2010 3 rd Party Replication API. Replaces native DAG replication Co-branded White Paper: Zero Data Loss Disaster Recovery for Microsoft Exchange 2010 Enabled by EMC Unified Storage, EMC Replication Enabler for Exchange 2010 and Microsoft Hyper-VZero Data Loss Disaster Recovery for Microsoft Exchange 2010 Enabled by EMC Unified Storage, EMC Replication Enabler for Exchange 2010 and Microsoft Hyper-V Server/Site Move SRDF, RecoverPoint Both the OS and Exchange data is replicated. Failover includes bringing the servers up, changing IP & updating DNS (automated with SRM 5) White Paper – SRDF Solution: Virtualized Exchange 2010 DR Enabled by EMC Symmetrix VMAX and VMware vCenter SRMVirtualized Exchange 2010 DR Enabled by EMC Symmetrix VMAX and VMware vCenter SRM White Paper – RecoverPoint Solution: EMC Protection For Microsoft Exchange Server 2010EMC Protection For Microsoft Exchange Server 2010
4EMC CONFIDENTIAL—INTERNAL USE ONLY Solution Architecture Two active-active Sites 10,000 Exchange 2010 users per site (20,000 total) 1 DAG per site with 2 local copies 4 Mailbox Server VMs per DAG (each VM configured to run 5,000 users during local switchovers — 2,500 active/2,500 passive) Exchange user profile 2 GB mailbox per user 0.15 IOPS per user
5EMC CONFIDENTIAL—INTERNAL USE ONLY Data Site Protection with RecoverPoint and Automated Failover with SRM RecoverPoint Site A Site B WAN Link Data SRM
6EMC CONFIDENTIAL—INTERNAL USE ONLY Parameters Used to Test and Validate the Solution ParametersLocal DAG with RecoverPoint CRR environment Number of sites Two active-active Number of users per site 10,000 users (20,000 total during site failover) Exchange 2010 user profile 150 messages sent/received/day (0.15 IOPS), 2 GB mailbox Database read/write ratio 3:2 in Mailbox Resiliency configuration Test Environment 4 mailbox servers per DAG (local site) 3 copies (2 local with DAG and 1 remote with RecoverPoint) Connectivity between sites 1 Gbps Ethernet Storage connectivity to physical host FC Storage design 1 VNX5700 storage array per site 2 TB NL-SAS (7.2k rpm) disks for Exchange database and logs (RDM/P) 2 TB NL-SAS (7.2k rpm) disks for virtual machine OS (VMFS) 600 GB SAS (10k rpm) disks for RecoverPoint journals vSphere host design 4 Intel-based servers with 4 six-core Xeon X7460 processors @ 2.66 GHz (24 CPUs) and 128 GB RAM. 2 servers per site, each supports 4 Exchange Mailbox Role virtual machines. 4 Intel based servers with 4 six-core Xeon X7350 Processors @ 2.93 GHz (16 CPUs) and 64 GB RAM. 2 servers per site, each supports 4 Exchange Client Access and Hub Transport Role virtual machines. Virtualization Platform vSphere 5.0 Data protection Daily full backups (hardware VSS) 24 application-consistent snapshots per day (24 hours) Unlimited crash-consistent snapshots per day (24 hours)
7EMC CONFIDENTIAL—INTERNAL USE ONLY ESXi Host & VM Design Exchange 2010 RoleCPUMemory Mailbox Server632 Client Access and Hub Transport Combo416 NOTE: CPU and memory requirements are based on Microsoft Guidelines. See http://technet.microsoft.com/en-us/library/ee712771.aspx for additional details. http://technet.microsoft.com/en-us/library/ee712771.aspx
8EMC CONFIDENTIAL—INTERNAL USE ONLY Mailbox Server Role Design
9EMC CONFIDENTIAL—INTERNAL USE ONLY Exchange 2010 Mailbox Server VM Design ESX Server 1 ESX Server 2 MBX1MBX2 MBX3MBX4 DB1C1 C2 DB2C1 C2 DB3C1 C2 DB4C1 C2 DB5C1 C2 DB6C2 C1 DB7C2 C1 DB8C2 C1 DB9C2 C1 DB10C2 C1 DB11 C1 C2 DB12 C1 C2 DB13 C1 C2 DB14 C1 C2 DB15 C1 C2 DB16 C2 C1 DB17 C2 C1 DB18 C2 C1 DB19 C2 C1 DB20 C2 C1 Design Attributes 5,000 users during local switchovers (2500 active/2500 passive) 10 DBs per server 500 users per DB 1.6 TB DB LUNs 100 GB Log LUNs VNX pools Physical isolation of DAG copies Active Copies Passive Copies Domains protected against failure Mailbox server Hypervisor host Storage Network
10EMC CONFIDENTIAL—INTERNAL USE ONLY Mailbox Server Building Block Design Users per Exchange Mailbox server virtual machine Disks per Exchange Mailbox server virtual machine vCPUs per Exchange Mailbox server virtual machine Memory per Exchange Mailbox server virtual machine 5,00020 (16 + 4): 16 x 2 TB NL-SAS disks in RAID 1/0 for databases 4 x 2 TB NL-SAS disks in RAID 1/0 for logs 6 CPUs32 GB
11EMC CONFIDENTIAL—INTERNAL USE ONLY Storage Design Details for a 5,000-User Mailbox Server Building Block AttributeDetails Number of users5,000 (in a switchover condition) User profile150 messages sent/received (0.15 IOPS), 2 GB Mailbox Disk type2 TB NL-SAS, 7.2k rpm Storage configuration/RAID type20 disks per building block for Exchange data: 16 disks in a RAID 1/0 storage pool for databases 4 disks in a RAID 1/0 RAID group for logs Databases per server/users per database10 databases per server, 500 users per database LUNs/LUN sizes21 LUNs per Mailbox server virtual machine: 10 database LUNs (1.6 TB) (RDM/P) 10 log LUNs (100 GB) (RDM/P) 1 LUN for virtual machine OS (200 GB) (VMFS)
12EMC CONFIDENTIAL—INTERNAL USE ONLY ESX/VMs Storage Design
13EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint Design In this solution, EMC RecoverPoint provides protection from Exchange logical database corruption and DR protection in the case of a site failure. Native Exchange replication does not protect from logical corruption. Corruption can potentially replicate to other Exchange database copies within the DAG locally and remotely. In this solution, RecoverPoint is configured as follows: The replication method is Concurrent Local and Remote Replication (CLR) (combines both CDP and CRR). Each Mailbox server VM is placed into its own CG with all replicated database and log LUNs, including the LUN containing the guest OS. Ensures full consistency across all volumes used by the Mailbox Server Role virtual machines.
14EMC CONFIDENTIAL—INTERNAL USE ONLY Consistency Group (CG) Design for Active/Active Data Centers Ensures consistency across production and targets – one Exchange Mailbox server per CG Application recovery can be independent from SLAs Enables independent replication of various applications Utilizes Consistency Groups to organize data MBX3 CG MBX1 CG CDP CRR CDP MBX2 CG MBX1 MBX2 CRR MBX3 CDP MBX4 CG CRR MBX4 CDP MBX1 MBX2 MBX3 CDP MBX4 CDP CRR MBX5 CG MBX6 CG MBX7 CG MBX8 CG Site A Site B
15EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint Consistency Group Configuration One Consistency Group per Mailbox Server VM 21 Replication Sets per Consistency Group
16EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint Group Sets A Group Set is a set of consistency groups to which the system applies parallel bookmarks at a user-defined frequency. Allows for automatic, periodic bookmarking Provides same RPO for multiple Consistency Groups distributed across multiple RPAs Useful for consistency groups that depend on each other or must work together as a single unit Four Mailbox servers in a DAG at each site – combined into one Group Set to meet 15-minute RPO requirement
17EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint CG Policy Settings for SRM
18EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint Journal Sizing RecoverPoint journal volumes store consistent point-in-time snapshots (or bookmarks) to enable point-in-time recovery of Exchange data. Journal size will dictate how much protection you will have (how many snaps you can keep). For each CG in the RecoverPoint CLR configuration, three journals are set up: Two at the local site One at the remote site The two most important considerations when sizing storage for journal volumes: Performance Protection window
19EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint Journal Sizing (cont.) Formula to calculate journal volume size based on the expected change rate and required rollback time period: Example Protection requirements: 3 days (72 hours) Change rate: 5 Mbps Journal size = 5 Mbps x 259,200 seconds / 0.8 x 1.05 = 1,701,000 Mb (~213 GB)
20EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint Journal Sizing (cont.) Journals deployed in this solution
21EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint Storage Design Summary Volume typeSite A and BComments Repository3 GBOne volume per storage array/RPA cluster per site Journal40 x 100 GB 32 x 5 GB Journal LUNs configured from RAID 1/0 groups. 500 GB journal per consistency group: 5 x 100 GB volumes for each local and remote copy. 20 GB journal per consistency group: 4 x 5 GB volumes for each production copy. Replication80 x 1.6 TB for database volumes 80 x 100 GB for log volumes RAID 1/0 pools Replication volume sizes must be equal or larger than production volumes
22EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint Integration with Replication Manager RM leverages RP replication technology to automate and schedule VSS copies of Exchange, both locally and remotely RM automates Exchange 2010 tasks such as: Create Exchange database application sets Create and manage multiple-site, application-consistent replicas of Exchange databases Run a full Exchange job to create a VSS bookmark, run the Microsoft Exchange utility eseutil, and then truncate the Exchange logs Run an Exchange copy job that creates a VSS bookmark Start an on-demand mount and dismount of an Exchange database Restore Exchange databases from either local or remote bookmarks to the production Exchange server in seconds
23EMC CONFIDENTIAL—INTERNAL USE ONLY How this solution uses RM RM automates RecoverPoint application-consistent replicas and performs Exchange log truncation 24 application-consistent (VSS) snapshots in a 24-hour cycle In addition to maintaining hourly application-consistent snapshots initiated by RM, RP journal maintains many more crash-consistent snapshots from which Exchange databases can easily be recovered RM application set is created for each Exchange Mailbox server virtual machine. Application set includes all ten databases configured on the server This design aligns with the RP CG design, where each consistency group contains all of the Exchange databases and logs for a specific Mailbox server
24EMC CONFIDENTIAL—INTERNAL USE ONLY Replication Manager Design RM Application Set configuration –Created for each Mailbox VM –Includes 10 DB’s per Mailbox Server –Design aligned with RecoverPoint
25EMC CONFIDENTIAL—INTERNAL USE ONLY Special Environment Variable for RM In this solution each RecoverPoint consistency group is configured with an additional replication set for the Mailbox server OS LUN that resides on the VMware VMFS datastore volume This configuration creates a potential conflict between Replication Manager and RecoverPoint, because the Microsoft VSS framework does not support VMFS data stores To resolve this conflict, environment variable is created on each Exchange Mailbox server virtual machine with Replication Manager Agent installed: ERM_RP_EXTRA_DEVS_ALLOWED=1 With this environment setting in place RecoverPoint continues to provide crash-consistent replicas of all LUNs attached to the Exchange Mailbox server virtual machine (including the OS VMFS volume) Replication Manager continues to provide application-consistent replicas of all Exchange RDM volumes
26EMC CONFIDENTIAL—INTERNAL USE ONLY RM Replication options In this solution, RM jobs are configured with two Replica Type options to protect the Exchange Server 2010 databases: –Online Full –Online Copy Online Full jobs are set up for daily backups Online Copy jobs are set up to run at hourly intervals during business hours to provide application-consistent recovery (24 snapshots per 24 hours)
27EMC CONFIDENTIAL—INTERNAL USE ONLY Replication Manager server thaws application RecoverPoint + RM = Integrated Local/Remote Protection Local CDP Copy Exchange Production Exchange Mount Host Local CDP Journal Production LUN Replication Manager Server Replication Manager server freezes application Replication Manager server requests VSS-compliant bookmark Remote CRR Journal WAN RecoverPoint SAN Remote CRR Copy LUN BOOKMARK
28EMC CONFIDENTIAL—INTERNAL USE ONLY Site Recovery Manager Core Capabilities Virtual Center Virtual Machines ESX Server ESX Server ESX Server ESX Server Servers Storage Site Recovery Manager Centralized management for DR Create, test, update and execute recovery plans from a single point of management Seamless integration with Virtual Center Disaster recovery automation Build recovery process in advance Automate testing of recovery plans Automate execution of recovery process Simplified setup and integration Allocate and manage recovery resources Easy integration with leading vendors’ storage replication systems
30EMC CONFIDENTIAL—INTERNAL USE ONLY vCenter SRM Requirements SRM requirements for the vSphere configuration at each site: Each site must include a vCenter server containing at least one vSphere data center. The recovery site must support array ‐ based replication with the protected site, and the recovery site must have hardware and network resources that can support the same virtual machines and workloads as the protected site. At least one virtual machine must be located on a data store that is replicated by RecoverPoint at the protected site. The protected and recovery sites must be connected by a reliable IP network. Storage arrays may have additional network requirements. The recovery site must have access to the same public and private networks as the protected site, although the recovery site does not necessarily require access to the same range of network addresses. VMware tools must be installed on all virtual machines.
31EMC CONFIDENTIAL—INTERNAL USE ONLY SRM Configuration Steps 1.Install and configure SRM with the RecoverPoint SRA adapter. 2.Configure the connection between the protected and recovery sites. 3.Configure RecoverPoint array managers. 4.Configure resource inventory mappings. 5.Configure protection groups. 6.Create the recovery plan. 7.Customize virtual machine recovery options, including IP customization.
32EMC CONFIDENTIAL—INTERNAL USE ONLY SRM Protection Groups An SRM protection group is a collection of virtual machines that all use the same datastore group (the same set of replicated LUNs) and that all fail over together. For this solution, an SRM protection group is created for each Exchange Mailbox VM.
33EMC CONFIDENTIAL—INTERNAL USE ONLY SRM Protection Groups (cont.) After a protection group is created, shadow VMs are automatically created in the recovery site vCenter inventory. They act as placeholders for the virtual machines that can be failed over with SRM. The shadow VMs cannot be started independently from SRM and are removed if their protection group is deleted.
34EMC CONFIDENTIAL—INTERNAL USE ONLY SRM Configuration — Recovery Plans
35EMC CONFIDENTIAL—INTERNAL USE ONLY SRM 5 Features for Multi-subnet Data Centers Recovery and Reprotect options IP customization Power-on priority and dependencies
36EMC CONFIDENTIAL—INTERNAL USE ONLY Changing the DAG IP address at the Recovery Site Set-DatabaseAvailabilityGroup -Identity -DatabaseAvailabilityGroupIPAddresses
37EMC CONFIDENTIAL—INTERNAL USE ONLY Testing an SRM Recovery Plan Recovery plans can be tested at any time without interrupting replication or the business’s RPO. Predict how much time the recovery of the virtual environment is likely to take. Administrators can quickly access a replica of the entire protected environment for testing purposes. Automatically generated summary reports can be used to demonstrate compliance with regulatory requirements. SRM Recovery PlanTime elapsed (minutes)RTO Met? Single Mailbox server17Yes Four Mailbox servers in a DAG25Yes
38EMC CONFIDENTIAL—INTERNAL USE ONLY Testing an SRM Recovery Plan (cont.)
39EMC CONFIDENTIAL—INTERNAL USE ONLY SRM Site Failover Test Results Failover of all Mailbox Servers from Site A to Site B Results include DNS name change and IP changes SRM recovery planTime elapsed (min)RTO met? Four Mailbox servers in a DAG38Yes
40EMC CONFIDENTIAL—INTERNAL USE ONLY Site Failback with SRM SRM 5 provides automatic failback functionality RecoverPoint SRA version 2.0 integrates with SRM 5 This functionality enables you to perform an automated failback operation after a planned or unplanned failover
41EMC CONFIDENTIAL—INTERNAL USE ONLY SRM Failback Process 1.Verify all network communications between the recovery site and the original protected site. 2.Verify connectivity between vCenter servers. 3.Ensure all resource mappings are in place. 4.Ensure no changes need to be made to SRM protection groups or protected virtual machines. 5.Modify the recovery plan to update any custom scripts. For example, update Exchange DAG IP addresses that have changed. Also update CAS array IP addresses if the CAS array was previously replicated. 6.To perform failback: Incrementally—Use the RecoverPoint or Unisphere management console to replicate data and resynchronize configuration settings from the recovery site back to the originally protected site. Automatically—Initiate “Reprotect” from the SRM management interface. 7.When failback process completed, ensure that all Microsoft Exchange services are started and the databases are mounted. 8.Verify email flow and user access.
42EMC CONFIDENTIAL—INTERNAL USE ONLY Recovery with Replication Manager
43EMC CONFIDENTIAL—INTERNAL USE ONLY RecoverPoint Journal Usage With Exchange Server 2010 Under Load Test timelineJournal usage (GB) Journal usage per user (MB) Journal usage (percentage)* Start0.20----0.05 4 hrs. (day time)11323 MB30.1 8 hrs. (day time)17436 MB46.4 12 hrs. (night time)18438 MB49.0 16 hrs. (night time)22847 MB60.8 20 hrs. (day time)27957 MB74.4 24 hrs. (day time)34571 MB92.0 LoadGen workload for 5,000 users per server with 150 sent/received messages per user Hourly application-consistent (VSS) bookmarks for a RecoverPoint consistency group with all of the LUNs for a single Mailbox server with 10 databases Automatic crash-consistent (VSS) bookmarks for a RecoverPoint consistency group with all of the LUNs for a single Mailbox server with 10 databases Nightly scheduled backup job initiated by Replication Manager *Percentages are based on a 375 GB usable journal space (500 GB minus 25 percent reserved by RecoverPoint) provisioned for each consistency group and 13.6 TB of replicated Exchange data (80 percent of 17 TB provisioned storage).
44EMC CONFIDENTIAL—INTERNAL USE ONLY DPA Reporting — RP Journal Utilization
45EMC CONFIDENTIAL—INTERNAL USE ONLY Summary Rapid Automate disaster recovery process Eliminate complexities of traditional recovery Reliable Ensure proper execution of recovery plans Enable easier, more frequent tests Manageable Centrally manage recovery plans Make plans dynamic to match environment Affordable Utilize recovery site infrastructure Reduce management costs VMware vCenter Site Recovery Manager and EMC RecoverPoint make Exchange 2010 Disaster Recovery… White paper for this solution is published here: http://www.emc.com/collateral/hardware/white-papers/h8891-emc-protection-fr-microsoft-exchng- servr2010.pdf