Deploying Disaster Recovery for Exchange 2010 Part 1
Deploying Disaster Recovery for Exchange 2010 – Part1
-Authored by Achinta Chatterjee (link to Linkedin Profile)
The document will go through how you can setup Exchange 2010 Disaster Recovery in your organization. Most organizations already have High Availability setup for Exchange 2010 as they most likely will be using DAG. But you need to have a separate plan for Disaster Recovery for your organization.
Usually organizations will require not only a fully functional DR setup but also a DR drill just to prove to the organization that if disaster strikes what the organization needs to plan for and execute at that moment. This document will go through both the scenarios what the administrators will need to plan for and implement to make their infrastructure DR ready.
Disaster recovery architecture in Exchange
Overview of the Exchange architecture for Primary and DR Site
The above figure is the entire architecture of Exchange in Primary and DR site. In the Primary site we have 2 Client Access Servers (CAS) and Hub Servers, 2 Mailbox servers (MBX) and 2 Threat Management Gateway (TMG) Servers. The Threat Management Gateway servers are in the DMZ.
The CASHUB servers are configured in a CAS Array, and the array name is temcaarray01.thdm.local
There are 2 Mailbox servers and they are in DAG configuration.
The TMG servers act as firewall allows HTTPS (443) traffic from the Internet to the CAS servers. The OWA URL https://myemail.com.sg is published through the TMG servers to the internet. Others services like Active Sync, also use the TMG to authenticate Exchange traffic to the CAS servers.
You can also see an External Internal SMTP Mail Relay Gateway. This is generally a unix box that faces the Internet to route Incoming and Outgoing SMTP email traffic from Exchange.
In the DR Site you have a single Mailbox Server, CAS HUB server, TMG server and Internet Mail Relay Server.
The third mailbox server MBX3 is configured in the same DAG as the Primary site. This ensures that all data is replicated across the 3 DAG members.
The CASHUB3 server in the DR is not in the same array as the Primary site. Take note this is done on purpose. DR Clients connect to the DR CAS server directly
The TMG server in the DR Site routes HTTPS (443) traffic for the domain registered for DR https://dr.myemail.com.sg . This is the DR OWA URL.
The DR External Internal SMTP Mail Relay Gateway is generally unix box that faces the Internet to route Incoming and Outgoing SMTP email traffic from Exchange in the DR site.
Disaster Recovery Planning & Considerations
When you are implementing a Disaster Recovery for your Exchange you need to consider two important factors:-
i. Client Connections to the Exchange Server
ii. Mail Routing
i. Client Connections to Exchange server
Before we go deep dive into how the Outlook client will connect to the Exchange server when a disaster happens we need to first understand how the client connects to the Exchange server in the Primary Site.
Outlook Client Connections to Primary Site
When a Mailbox Database is created on the Exchange 2010 server a field is automatically created in the database called RPCClientAccessServer. This field actually determines how a client connection request connects to a particular mailbox hosted on a particular mailbox database. Figure below shows the properties of a production database showing what the RPCClientAccessServer reflects.
Command: Get-MailboxDatabase -identity DB01| fl
From Outlook 2007/2010 the client uses a service called Autodiscovery to locate its Exchange server. When a client connects to a Exchange 2010 server the autodiscovery service connects to the CAS Array name (in the above eg it is temcaarray01.thdm.local). This array then uses the RPCClientAccessService running on the CAS server to connect to the actual active database hosted on a Mailbox server.
Above you can see from the Outlook client configuration that it connects to the Microsoft Exchange Server as the array name Temcaarray01.thdm.local.
As the user Achinta’s database is on a Mailbox database whose RPC clientaccess server is Temcaarray01.thdm.local the Outlook client automatically connects to the Database hosted on the Primary site Mailbox servers.
Also note under connection settings in Outlook client the Outlook Anywhere URL is pointed to the OWA URL : https://myemail.com.sg
Outlook Client Connections to DR Site
Now with the above knowledge let’s discuss how the Outlook client would connect to the DR site.
Again the RPCClientAccessserver plays a part to determine how to the Outlook client will connect to the DR site. When you want the Outlook client to connect to the DR site you need to ensure that the user’s database is hosted on a database whose RPCClientAccessserver is the CAS server on the DR site.
For DR purposes when the actual disaster occurs you need to manually run the command below to make the RPCClientAccessserver for the database as the CAS server name in Dr ie.temexgcasr01.thdm.local .
Set-MailboxDatabase -identity DB01 – RpcClientAccessServer temexgcasr01.thdm.local
Once the above command is executed we will have the below for the database that is now hosted on the DR Mailbox server
This makes database to listen RPCClientAccess service connections to the name temexgcasr01.thdm.local.
When the same Outlook2007/2010 client now connects for the user’s email , the autodiscovery service will automatically point to the DR CAS Array as the user’s database is hosted in the DR site.
From Outlook client what we see is the below. Note the new CAS array name and the URL pointing to the DR site.
OWA connections to Primary Site
The OWA connection is directly to the URL https://myemail.com.sg. When a user logs with this URL which is pointing to the primary site the TMG redirects the traffic to the primary CAS Array temcaarray01.thdm.local., which in turn directs to the Primary site mailbox database for the user. The same concept of RPCclientaccessserver works here as mentioned in the context of Outlook Clients.
OWA connections to DR Site
For DR the user keys in a separate URL https://dr.myemail.com.sg. The external DNS redirects the URL to the DR site and the DR TMG redirects the traffic to the DR CAS Server. Now only if your database is pointing to a DR hosted database whose RPCclientaccessserver is pointing to the DR CAS Server, you will be able to open your emails in OWA.
This completes the Client connections portion of the DR site Planning and Considerations and the end of Part1. In the next part look for how Mail Routing is setup for DR and what are the steps necessary to activate DR and the DR drill.