454 CHAPTER 11 CLUSTERING AND OTHER STORIES OF

454 CHAPTER 11 CLUSTERING AND OTHER STORIES OF HIGH AVAILABILITY Logical Components A cluster also has some logical components that are provided by or configured through the Windows 2003 Cluster Administrator (cluadmin.exe) console. Cluster Services are installed by default. Windows 2003 Cluster Services manages all of the cluster resources and applications, failover and failback (discussed in the next section), and communication both inside the cluster and between the cluster nodes and the public network. Cluster Services needs to keep track of which cluster node owns a cluster resource at any given time; it does so on a logical drive on the shared external drive array called the quorum drive. Typically, the quorum drive is given the drive label Q:. In Disk Administrator and Windows Explorer, it appears as the Q: drive. Although this disk does not require more than a few megabytes of space, you should give it a dedicated physical disk (mirrored or duplexed) and format the disk using NTFS. Cluster resources are logical and physical objects that, when combined in a resource group, define a unit of failover within the cluster. For example, the cluster itself is composed of a network name (NetBIOS) to which network calls are made, an IP address that maps to the network name, and the quorum drive. Figure 11.3 shows some of the resources that are found on a Windows 2003 cluster that is supporting Exchange 2003 in active/passive mode. This is a two-node cluster and therefore has one Exchange virtual server. The cluster s name is BURNS, it has one EVS named GOODNIGHT, and it has two nodes called GEORGE and GRACIE. All services are currently running on node GEORGE. Figure 11.3 Cluster resources on an Exchange 2003 server Exchange 2003 Cluster Basics The most important part of getting an Exchange 2003 cluster operational is to make sure you have planned the server configuration properly. Planning Exchange 2003 clusters starts with deciding how many Exchange virtual servers are going to be supported in the cluster. Dependency Architecture Improvements The most significant improvement for Windows 2003 and Exchange 2003 is the improvement in the dependency architecture. This has allowed for improved failover times. With Exchange 2000, mail protocols were all dependent on the store service starting before they could start. Where protocols

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services

MAJOR EXCHANGE 2003 COMPONENTS 11 TIP For optimal

MAJOR EXCHANGE 2003 COMPONENTS 13 Message Categorizer Provides features specific to Exchange, such as checking recipient home servers, checking recipient limits, checking sender limits, and expanding distribution lists. This is an enhancement to the Advanced Queuing Engine. The IIS SMTP component has a basic Message Categorizer ( cat.dll ) that is disabled by default. When Exchange 2003 is installed, the Exchange categorizer ( phatcat.dll and phatq.dll ) replaces the IIS categorizer. Routing Engine Maintains the Link State Table, which is used by the Advanced Queuing Engine to determine the next hop through which a message needs to be routed. The Routing Engine also maintains information about whether a link is currently available. SMTP service Handles transmission of messages between Exchange 2000/2003 hosts and to the Internet using SMTP. The Message Transfer Agent Stacks The Message Transfer Agent (MTA) Stacks service performs two functions. It allows for backward compatibility with Exchange 5.5 servers, and it performs X.400 message delivery functions. All messages between Exchange 2003 and Exchange 5.5 servers are delivered by the MTA using the Microsoft RPC protocol. Additionally, the MTA supports delivery of messages to foreign X.400 systems as well as internal message routing when the X.400 connector is used. The MTA will be an important component if you are managing an Exchange-based U.S. Department of Defense (DOD) Defense Messaging System (DMS). For more information about DMS, visit www.lmcdms.com. TIP If you have no Exchange 5.5 servers or X.400 connectors, then the Exchange Message Transfer Agent service does not need to be started. There are no dependencies in a pure Exchange 2003 environment. See the Exchange team s blog about this at http://blogs.technet.com/ exchange/search.aspx?q=MTA&p=1. How Messages Are Routed in Exchange 2003 The Advanced Queuing Engine is central to message routing in Exchange 2003. When a message is transferred to the Advanced Queuing Engine, each component has specific functions it performs to move the message to its next hop. Figure 1.2 shows a basic diagram of the Advanced Queuing Engine. If you follow the message through its path as it travels through the Information Store and Advanced Queuing Engine, it looks something like this: 1. A MAPI client submits a message through the Information Store s MAPI interface. 2. The Information Store determines the message is a MAPI message and stores the entire message in the EDB portion of the mailbox store. 3. The Information Store creates an object that represents the message called the MailMsg object (also called the IMsg or IMailMsg object). This object is merely a small chunk of memory that identifies information such as the To, From, Subject, Date, Size, and other message properties, as well as where the actual message content is stored. In this case, the message content is stored in the EDB portion of the mailbox store. Only the MailMsg object, not the entire message content, is passed to the SMTP memory stub in the Information Store. The SMTP memory stub is a queuing location provided by the ExIPC queuing layer between IIS and the Information Store. 4. The Information Store s SMTP stub passes the MailMsg object through the ExIPC shared memory layer to the SMTP stub in IIS.

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Low Cost Web Hosting services

MAJOR EXCHANGE 2003 COMPONENTS 11 TIP For optimal

12 CHAPTER 1 INTRODUCING EXCHANGE 2003 AND EXCHANGE ADMINISTRATION However, if you choose to have more than one private mailbox store on a single server, you should be careful of the following: . Each additional store that you mount consumes at least another 10MB of RAM. . Single-instance storage is preserved only within a single store. Recipients across multiple stores will cause multiple copies of a message to be created. . Backup and recovery scenarios require more diligence and testing in this more complicated environment. The Message Transport System In Exchange 2003 all message transfer is the responsibility of the Message Transport System. One of the design goals for the Exchange 2003 message transport system was to ensure that all messages were processed exactly the same. To that end, all messages are delivered through the Advanced Queuing Engine even those destined for local delivery. To do this without affecting performance and scalability is something of a monumental task. Further, all message transport in a native Exchange 2003 organization is via SMTP rather than RPC, so all Exchange 2003 servers must have the capability to transfer SMTP messages between servers in the same routing group. In 1996, when Exchange 5.5 was released, Microsoft had three separate teams of developers working with SMTP: the Exchange team, the IIS team, and the Microsoft Commercial Internet System team. When Windows 2000 was being developed, Microsoft decided to combine these three teams into one group that would develop a single SMTP transport system to be used by all Microsoft components requiring SMTP transport. NOTE All messages, including those destined for local delivery, are handled by the Advanced Queuing Engine. Windows and Exchange 2003 carry forward the concept of a single SMTP-based message transport system. This system depends extensively on IIS and its SMTP service. The Exchange MTA Stacks service is brought into play when messages must be delivered or received from Exchange 5.5 or X.400 systems. Exchange Server SMTP Enhancements The IIS SMTP component is required prior to the installation of Exchange 2003. When Exchange 2003 is installed, it enhances (not replaces) several of the existing SMTP components so that they can work with Exchange 2003 more effectively. The SMTP transport components include the following: Exchange Interprocess Communication (ExIPC) layer Provides the queuing layer that transfers message header information quickly and efficiently between IIS and the Information Store. Advanced Queuing Engine Creates and manages the queues through which a message passes when it is being delivered. These queues include per-domain queues, the Messages Pending Submission queue, the Messages Awaiting Directory Lookup (Pre-Categorizer) queue, the Messages Waiting to be Routed (Post-Categorizer) queue, and the local delivery queue. The SMTP service in Windows 2003 uses Aqueue.dll to implement the Advanced Queuing Engine. Exchange 2003 replaces this component with Phatq.dll to support the Exchange Advanced Queuing Engine.

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Low Cost Web Hosting services

MAJOR EXCHANGE 2003 COMPONENTS 11 TIP For optimal

MAJOR EXCHANGE 2003 COMPONENTS 11 TIP For optimal performance, each storage group s transaction log files should be placed on a separate physical hard disk. The transaction logs should not share this hard disk with any other application or data. When the first database in a storage group is mounted, a new instance of the ESE database engine is started. All instances of ESE run as part of the store.exe process. Multiple Stores What possible uses can there be for additional mailbox stores? These are some possible advantages to using more than one mailbox store: . Company executives or VIPs can be placed in a separate mailbox store to allow for quicker backup and restoration times. . Departments, divisions, business units, or hosted companies can be split between different mailbox stores. . The overall size of any specific mailbox store can be reduced by splitting up the storage load between two stores. . You can specify separately which stores need to be full-text indexed and which do not. . Separate system policies can be applied to separate mailbox stores. . Additional public folder stores can be used to store data that is accessed exclusively via OWA or the ExIFS driver. Increasing the Default Database Size of Exchange 2003 Standard Edition Once you are using Exchange 2003 SP2, you can increase the maximum size of the mailbox store from 18GB to 75GB using a Registry key. Locate the following Registry key: HKLMSystemCurrentControlSetServicesMSExchangeIS{ServerName}Private-{GUID} The Private-{GUID} is a number that uniquely identifies the mailbox store. If you are looking for the public Information Store, look for the key Public-{GUID} . In either the private or public, create a REG_ DWORD Registry value called Database Size Limit in GB . Set this value from 18 to 75. Make sure you change the radio button from hexadecimal to decimal. This works for the Enterprise Edition, also, if you want to limit the size of the databases for Exchange Server 2003 Enterprise Edition with Service Pack 2 loaded. The total size restriction of the database file size is calculated by a process running within the store service, so it does not actually look at the size of the file but rather at the amount of data in the EDB and STM files. This means it does not consider the amount of white space in the file, and therefore the actual size of the file may be somewhat larger. Upon dismounting and remounting the store, you should see an informational event entry in the Application event log from source MSExchangeIS Mailbox, event ID 1216, that will confirm the maximum size of the database file.

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Low Cost Web Hosting services

448 CHAPTER 11 CLUSTERING AND OTHER STORIES OF

450 CHAPTER 11 CLUSTERING AND OTHER STORIES OF HIGH AVAILABILITY node. After a couple of years of practical implementations, people realized that this architecture was not well suited for Exchange. This holds true for Exchange 2003, too. There were and still are issues associated with running active/active clusters. No active Exchange node should ever be pushed past about 40 percent capacity, or 1,900 users per node. This is to prevent an active Exchange node from becoming overburdened if it has to assume another node s services. In addition, memory fragmentation, stability, and performance have been issues on large active/active clusters. Because active/active clustering restricts the number of users on each node, active/active clustering also reduces the total number of mailboxes a cluster can support. For more information, see Microsoft Knowledge Base article 815180, XADM: Considerations When Deploying Exchange 2000 on an Active/Active Cluster ; this article was written for Exchange 2000, but it also applies to Exchange 2003. WARNING Do not let yourself be drawn into choosing a cluster configuration where all nodes are active. Although this may change with a future version of Exchange, active/active clustering is a bad idea for Exchange 2003. Although having more than two nodes in a single cluster was possible with Windows 2000 Datacenter Edition, it was not always practical from a financial perspective. Windows 2003 Enterprise Edition allows a single cluster to have up to eight nodes. In a four-node cluster, three of the nodes could be active while the fourth node is passive. The fourth node of the cluster is available if any of the other three nodes fail. Although it seems attractive from a financial perceptive, I still recommend two or more passive nodes in any cluster implementation with more than four nodes. This will provide the redundancy expected of clusters. The combinations include a six-node cluster with four active and two passive nodes and includes an eight-node cluster with six active and two passive nodes. Exchange 2003 in a Cluster When you install Exchange 2003 and configure Exchange to run on the cluster, a virtual instance of a server is created. This is called an Exchange virtual server (EVS) ; the EVS is a collection of resources and services required to provide all the functionality of an Exchange server. The EVS services may be running on any physical node of the cluster. When configuring the cluster, you must manually define a few resources through the Cluster Administrator console: . The cluster group name . The IP address for the EVS (not the IP address of the computer) . The network name for the EVS (not the name of the network name computer) Microsoft s Own Clusters In Microsoft s largest data centers, Microsoft s IT group is implementing Windows 2003 and Exchange 2003 on eight-node clusters. In these clusters, five of the nodes are active and running Exchange virtual servers, two nodes are considered passive and can be used for failover, and the remaining node is used for maintenance (backup and restore operations).

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services

448 CHAPTER 11 CLUSTERING AND OTHER STORIES OF

CLUSTERING 101 449 Figure 11.1 Typical two-node Windows 2003 cluster Cluster technology deals with accessing the external cluster resources in two ways. One way is that each node can have full access to all resources at all times. This can allow for load balancing across the cluster nodes. This type of cluster architecture is called a shared-all architecture . The other approach, and the one supported by Windows 2003 Cluster Services, is called a shared-nothing architecture , in which only one cluster node can access (own) any given cluster resource at a time. The ability to cluster Exchange has been available since the introduction of Microsoft Windows NT 4 Enterprise Edition and Exchange 5.5 Enterprise Edition. In the Windows NT 4 time frame, the service was called Microsoft Cluster Services (MSCS) but was often referred to by its code name Wolfpack. With the release of Windows 2003 Cluster Services and Exchange 2003, Microsoft built in the ability to configure Exchange 2003 in multiple ways. Windows 2003 and Exchange 2003 can support up to eight cluster nodes. NOTE For general information about clustering, an excellent book is Gregory F. Pfister s In Search of Clusters: The Ongoing Battle in Lowly Parallel Computing (Prentice Hall, 1998). Active/Active versus Active/Passive Clustering When configuring a clustered application, you can have two varieties of clustering configurations. The first of these is active/passive. In a two-node cluster, the application (such as Exchange) is running on only one node at a time. The other node of the cluster is merely waiting for the first node to fail. In the early days of Exchange clustering, active/passive clustering was the only way you could configure an Exchange cluster. This meant in each two-node Exchange cluster, one node was actively running Exchange, and the other node was sitting idle. Some companies found it difficult to justify the cost of clustering, because half of the hardware resources were just burning idle CPU cycles. With Windows 2000 and Exchange 2000, you could configure an Exchange cluster in an active/ active fashion. Active/active meant that each node of the cluster could run Exchange services (for a different set of users). This configuration seemed to better utilize an organization s hardware investment. In the event of a failure, both Exchange virtual servers would run on the same clustered Storage Area Network or Shared Storage Local Disk Local Disk Exchange 2003 Server Exchange 2003 Server Corporate Network Private Network

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services

448 CHAPTER 11 CLUSTERING AND OTHER STORIES OF

448 CHAPTER 11 CLUSTERING AND OTHER STORIES OF HIGH AVAILABILITY along with its limitations with respect to Exchange 2003 will help you decide whether clustering is for you. If you do decide to use clustering, understanding the basics will help you operate your cluster more effectively. Each node in the cluster is given access to the same physical external storage devices and has a network connection to a private cluster network. Each node in the cluster has its own local disks and operating system, but the shared data or cluster-aware applications are installed on the external storage devices. The shared data is accessible by any node of the cluster and made available on the network. Figure 11.1 shows a two-node cluster. Internal to the cluster is the ability for one node to pick up another node s processes if the first node fails. This failover ability is what allows clusters to provide high availability for applications and services that can be failed over from one node to another. Common Mistakes Even though Exchange 2003 clusters are much more common than Exchange 5.5 and 2000 clusters combined, there are still a lot of misconceptions about clustering, and I still see the same mistakes being made over and over again: . Poor planning with respect to allocating disk space or LUNs (if SAN or NAS connected). Disk planning includes not enough LUNs for growth or performance reasons or not allocating large enough volumes. . Not following the Microsoft cluster configuration guidelines and checklists (you d be surprised how many people don t follow Microsoft s easily accessible documentation). . Not following the clustering hardware compatibility list. . Not following vendors recommendations for hardware, device drivers, firmware, and SAN configurations. . Managing clustered services using the Services console, IIS Admin, or Disk Administrator tools rather than the Cluster Administrator ( cluadmin.exe ) program. . Thinking that clusters eliminate all single points of failure. . Getting a sense of overconfidence with clusters and not following good operational practices including good backup procedures. . Not getting enough training for IT staff in order to manage the additional storage and clustering complexity. . Unrealistic expectations. Probably one of the most dangerous mistakes is the unrealistic expectations. I have already stated that you can t consider clustering to be a magic solution to your service availability problems. However, that seems to often be the case; management assumes that since they have invested so much additional money in a clustered solution that the solution will automatically be so much better. Other misconceptions are that failover is instantaneous and that operating a cluster is just like operating a stand-alone server.

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Inexpensive Web Hosting services

SPAM! SPAM! SPAM! 677 Bayesian Methods Bayesian logic

SPAM! SPAM! SPAM! 679 subject; the words are weighted so that some words (such as viagra) increase the probability that the message is spam. Figure 16.19 Using an outsourced or managed provider to inspect e-mail Other checks that are performed on the message include the difference between the time the message was sent and when it was received, the day of the week it was received, the hour of the day when it was received, the number of words in uppercase, duplicate characters, symbols used within a word, and words in the subject that are in uppercase. Each of these checks can increase or decrease the Spam Confidence Level of the message. To enable Outlook 2003 s junk e-mail features, select Tools Options, and click the Junk E-mail button. You will see the Junk E-mail Options dialog box. In the Junk E-mail Options dialog box, select your level of tolerance for spam. I usually keep mine set to High, and I find a reasonably low occurrence of false positives. You could click the Safe Lists Only radio button, but that will allow you to accept mail only from senders in your safe senders or recipients list. If you are truly confident that the antispam feature is working perfectly for you, you can check the Permanently Delete Suspected Junk E-mail Instead of Moving It to the Junk E-mail Folder box. Internet Exchange Outsourced Spam 2003 server Inspection Firewall Mail is inspected, rejected, quarantined, or forwarded on to customer Internet MX records point to outsourced provider

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Discount Web Hosting services

SPAM! SPAM! SPAM! 677 Bayesian Methods Bayesian logic

678 CHAPTER 16 INTERNET CONNECTIVITY Figure 16.18 A multilayer antispam system Client-Side Solutions A number of solutions help fight spam from the Desktop. These solutions are usually plug-ins or extensions for the e-mail client. You can find many of these Outlook add-ins at Slipstick Systems (www.slipstick.com) and MAPI Lab (www.mapilab.com). One of my favorites is from Cloudmark (www.cloudmark.com), which I used until I started using Outlook 2003. Microsoft Outlook 2003 Microsoft has finally gotten serious about providing a client-side antispam solution with Outlook 2003. Their junk mail feature that is integrated into Outlook 2003 provides a pervasive argument for upgrading to this client. Although better add-on solutions are debatably available for Outlook, I am an avid supporter of features that are integrated and included directly with the product. The Outlook 2003 feature catches almost all the spam that I receive. The Outlook 2003 Junk E-mail Filter is continually updated, so make sure you have the most recent version. The magic of the Outlook 2003 Junk E-mail Filter is buried in a file called OUTLFLTR.DAT. The Outlook 2003 Junk E-mail Filter uses a number of different checks to determine whether a message is spam. This includes checking the words found in the message body and in the message SMTP Scanner or Exchange Event Sinks Allow and denied host lists Real-time block lists Third party scanner Exchange 2003 Server User s Trusted Sender List User s Junk Sender List Spam confidence level assigned Spam or not? Outlook filters applied Spam or not? Inbound E-mail User s Inbox User s Junk Mail Folder

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Discount Web Hosting services

SPAM! SPAM! SPAM! 677 Bayesian Methods Bayesian logic

SPAM! SPAM! SPAM! 677 Bayesian Methods Bayesian logic is a branch of logic that applies to decision making and inferential statistics. It was named for an English mathematician named Thomas Bayes. Bayesian logic is based on probability theory and defines rules for refining a hypothesis by factoring in additional evidence and background information. Analysis using the Bayes theorem can help automate processes for defining uncertainty. By now, you may be wondering what sort of tangent I have gone off on. What does probability theory have to do with spam? Many of the newer and better antispam solutions use Bayesian methods to determine with a reasonable degree of accuracy whether an e-mail message is spam. Newer antispam software packages will analyze the junk mail that an organization receives. This is usually done when users or the administrator mark their junk mail as such and allow the Bayesian-based software to analyze it. Based on this analysis, the software can make more accurate determinations as to which messages are spam and which are not. The better you train the software, the more accurate it becomes. Some third-party vendors using Bayesian-based methods of analysis report that they can detect 99 percent of all inbound spam with less than a .1 percent false-positive rate. NOTE See www.paulgraham.com/better.html for more information about Bayesian logic and spam filtering. You Got Problems? We Got Solutions! As I mentioned earlier, the worldwide outbreak of spam has spawned a cottage industry consisting of dozens of antispam vendors and many different approaches to detecting, isolating, and minimizing the effect of spam on the user s daily activities. Some of these solutions are implemented exclusively at the client, others are implemented on either the Exchange server or an SMTP gateway, and others are implemented as external solutions. These solutions have gotten better and better. Solutions that I tested even two years ago had high false-positive rates and required a good deal of daily administrative time. Vendors are getting smarter at fighting spam; like antivirus vendors, many include product or signature updates that reflect current trends in spam. Like antivirus-based solutions, generally antispam solutions are most effective when there is both a server component and a client-side component. Figure 16.18 shows a multilayer approach where either a third-party SMTP scanner or Exchange 2003 event sink inspects the message prior to delivering it to the Information Store. The spam inspection system will assign a Spam Confidence Level based on the message content, message characteristics, message header, and source of the message. The message is then moved on to the store. The store can be extended to examine the user s trusted and blocked sender lists and put the message in the Junk Mail folder. Once the Outlook 2003 client sees the message, the client-side antispam filters are applied, and once again the message can be moved to the Junk Mail folder (or deleted entirely). At the client, the message is processed based on the user s tolerance for junk mail, which they have configured into the client. The downside to catching spam internally is that by the time you catch it, it has already used up your bandwidth and disk resources, at least for some period of time. An idea that is gaining popularity is to rely on an outsourced or managed service provider for inspecting and passing along your mail. Figure 16.19 shows how this might work for an organization. The company s MX record points to the service provider s SMTP servers. The service provider inspects the mail and may quarantine it, tag it, reject it, or forward it to the company paying for the services.

Note: If you are looking for good and high quality web space to host and run your application check Lunarwebhost Discount Web Hosting services