MSExchangeGuru.com

Learn Exchange the Guru way !!!

 

Exchange Server 2016: All You Need to know Part 2

In the previous blog we learned about what is coming new in Exchange 2016. In this blog we will review the Exchange 2016 architecture.

Exchange Server 2016: All You Need to know Part 1

Exchange Server 2016: All You Need to know Part 3

 

Exchange 2016 Architecture

These are the declarations from Ignite and subject to change at the time of RTM release.

    -Primary Changes

  • Edge Transport is coming with RTM – So yes most of you guessed correct in the NY Exchange User Group on our Exchange Edge Session.
  • Client Access Server merged with mailbox role server so it’s just mailbox server role and Edge Transport Role.
  • New Office Web Apps Server coming up: It is a new server which allows attachment editing in OWA. This is optional server and not a necessity.
  • Data rendering and client connection will occur locally on the server where mailbox exist. In other words connection will be proxy or redirect to the mailbox owner server.


 

-Topology Requirement

  • Exchange 2007 will not be supported in the co-existence. So we can say bye to Exchange 2007
  • Exchange 2010 SP3 RU11 or later and Exchange 2013 CU10/11 or later will be supported in co-existence.
  • Exchange 2016 should be installed on Windows 2012 R2 and windows server 10 because DAG should be able to support IPLess DAG.
  • Forest and Domain functional level should be windows 2008 R2 or later. This means domain controllers should be higher than windows 2008 R2.
  • No windows 2003 or 2008 domain controllers can exist. You need to upgrade them or demote them.
  • Outlook clients should be the following or higher
    • Outlook 2010 SP2 or later with KB2956191 and KB2965295 (These patches provides Mapi/http)
    • Outlook 2013 SP1 or later with KB3020812 (This patch fixes shared mailbox and legacy Public Folders)
    • Outlook 2016

       

-Mailbox Server Role will do the following

  • Authenticate Clients
  • Do a directory look up
  • Determine the mailbox version
  • Location of the mailbox database
  • Decision on proxy or redirect
  • Also determine how store process and data rendering.

-Mailbox Server Role Changes

  • Only IP Less DAG
  • Still 16 mailbox servers
  • Still 100 DB copies per server
  • Still ESE Database engine
  • Replay lag manager will be enabled by default which means if we have 2 passive database copies then 3rd passive database copy will be Lag copy which will not require to be enabled. Similar in case of losing one database copy lag copy will automatically commit the logs and become 2nd passive copy.
  • New IO latency monitor will be monitoring disk IO and don’t replay the logs in case lag copy requires to replay the logs.
  • Database failovers will be 33% faster
  • Indexing Improvement: Indexing search for the passive database copy will be done locally through passive database copy. Before Exchange 2016 passive database index used to go to active database copy to do Index which has consumed lot of CPU and network bandwidth. 40% network bandwidth should be saved by this. Have a look into the indexing architecture.


 

-Office Web Apps Server Role provides the following:

  • Content rendering for MS office attachment files
  • Rich browser viewing
  • Side by side viewing and editing of attachment in OWA.
  • Pulling the attachments from share point.

 

-MAPI/CDO

  • Time to say bye to MAPI/CDO.
  • Blackberry 5x will not work
  • Any app uses MAPI/CDO would needed to be updated

 

-Client Protocol Architecture


 

    -MAPI/HTTP

  • Microsoft introduced in Exchange 2013 SP1
  • In Exchange 2013 SP1 it used to be disabled
  • In Exchange 2016 it will be enabled by default
  • In Exchange 2013 it was enabled or disabled for the whole org
  • In Exchange 2016 it will be configurable at per user level same as protocol.
  • We will also be able to control if autodiscover should expose Mapi/http configuration or not.
  • Pop up “administrator has made some changes so restart outlook” will not come. It will wait for the user to restart outlook
  • Remove RPC stack dependency which means no RPC over http.
  • More reliable connection and faster connection with hibernation feature
  • Improved diagnostics.
  • Mapi/Http connectivity architecture will be following

     


 

-Connectivity Flow in Exchange 2010 Co-existence with 2 AD Sites

  • It will be same as Exchange 2013.
  • Exchange 2010 in the same AD site – Proxy


     

  • Exchange 2010 in the different AD site – Proxy


     

  • Exchange 2010 in the different AD site – Redirect


     

     

     

-Connectivity Flow in Exchange 2013 Co-existence with 2 AD Sites – same flow either Exchange 2013 or 2016 is the front end.

  • Exchange 2013 in the same AD site

 

  • Exchange 2013 in the different AD site – Proxy

 

  • Exchange 2013 in the different AD site – Silent Redirect- Use Form based Authentication on both source and destination

     

 

-Outlook Web Apps Server Connectivity Flow – Optional Server

  • Exchange will use discovery URL(similar to autodiscover url) to query Outlook Web Apps Server what are the file types it can view and edit
  • Outlook Web Apps Server replies table of supported file types like MSword, MSExcel, MSOneNote, etc
  • User opens email with attachment that matches one of the file types Outlook Web Apps Server supports and OWA requests document URLs for supported types
  • Exchange builds URL with Authentication token, app URL, and Attachment ID then reply it to OWA
  • User clicks attachment within Outlook Web App and responds an iframe to load the URL returned by Exchange
  • Outlook Web Apps Server pulls document content from Exchange
  • Outlook Web Apps Server renders content in Outlook Web Apps Server client

 

-Exchange Namespace

  • Microsoft has recommended to have separate namespace internalurl and externalurl for outlook anywhere and mapi/http so that separate authentication can be used for intranet (Kerberos) and internet (NTLM or Basic) connection. But it is only useful when we have internalurl which in not available on Public DNS. I have explained namespace requirement here. https://msexchangeguru.com/2015/06/09/e2013_2010_2007-casurls/
  • Unbound namespace can be used to provide CAS connection high availability to avoid internet outage by configuring DNS round robin for 2 datacenter IPs for the same CAS URL which is same as Exchange 2013.
  • Exchange 2007 does not support unbound namespace in 2 AD sites but Exchange 2007 is out of picture now because Exchange 2013 can’t be install in an ORG with Exchange 2007.
  • Unbound Model is a preferred model.

     

-Exchange Load Balancing

  • No Session affinity required at Load Balancer Layer because it is taken care by mailbox server hosting the mailbox
  • Ensure Load Balancer and Managed availability should be knowing what they are doing to each other. Healthcheck.htm is helping in identifying if protocol is up or down
  • It is recommended to use 2 Load balancer type Round Robin (mapi/http does not see any issue but RPC over http might have issue with long connections) or Least Connections (should use slow start feature). Preferred is Least connections with “slow start” feature
  • Single namespace Layer 7 is preferred (no session affinity) and recommended because one protocol will allow remaining protocols. SSL termination at LB would be required


  • If you need to use layer 4 then you should use multiple namespace. LB will not stop other protocol connections if one protocol fails. This will increase SAN names in the cert and its cost will go high. This is not recommended.


-Outlook Web App Server Namespace and Load Balancing

  • Deploy separate namespace
  • Follow a bound namespace model for site resilience
  • Load Balancer Persistence is required
  • Exchange will connect to the local AD site Outlook Web App Server

     

-Exchange 2016 Preferred Architecture

  • 2 datacenters + 1 datacenter/azure should be used to deploy preferred architecture.


  • Namespace Design
    • For Exchange Single namespace for both datacenters should be used.
      • Autodiscover.domain.com
      • Mail.domain.com
    • For OWAS deploy 1 namespace per datacenter.
    • Load Balancer Configuration
      • For Exchange VIP: One VIP Layer 7 per datacenter with no session affinity and per protocol health check.
      • For OWAS VIP: Session Affinity
    • 2 DNS host entries in the Public DNS for round robin connectivity and equally distribution of clients to both the datacenters.

       

  • DAG Design
    • Every datacenter should be a separate AD site so DAG should expended to 3 AD Sites
    • Don’t stretch AD site because safety net keep shadow copy on a mailbox server in the 2nd AD site.
    • Unbound namespace
    • Symmetric DAG model with same number of servers in each datacenter and same number of database copies in each datacenter
    • IP less DAG (No Administrative Access Point)
    • Replication and Client connectivity through single network.
    • File share witness in the 3rd Datacenter/Azure

       

  • DAG Database Design
    • 4 database copies, 2 in each datacenter
    • Distribute active copies to all DAG nodes
    • Passive datacenter with 1 lag copy(7 days) with automatic log play down
    • 7 days safety net
    • Use Native Data Protection which will eliminate the need of 3rd party backup.

       

  • Server Design
    • Dual-socket systems only (Total 20-24 cores mid-range processors)
    • Up to 196GB of RAM (Memory)
    • JBOD Disks
    • Large size 7.2K SAS disks
    • Battery-backed cache controller must be deployed (75/25)
    • AutoReseed with 1 or 2 hot spare
    • Data Volumes should be formatted with ReFS (Resilient File System)
    • Data Volumes should encrypted with BitLocker

     

  • Large Mailboxes
    • Keep archive mailbox in the same database as primary mailbox.
    • Increase knowledge worker productivity
    • Eliminate PST
    • Eliminate 3rd party archive solutions
    • Control OST size.

     

  • SMTP Design
    • Edge Transport or Exchange Online Protection should be used to send and receive the emails as front-end.
    • 3rd party SMTP gateway can be used as 2nd option.

This blog ends here.

Feel free to watch here the Exchange 2016 Architecture session of Ross Smith IV’s ignite session at channel 9 . You can also check his blog here

Exchange Server 2016: All You Need to know Part 1

Exchange Server 2016: All You Need to know Part 3

 

Prabhat Nigam

Microsoft MVP | Exchange Server

Team@MSExchangeGuru


15 Responses to “Exchange Server 2016: All You Need to know Part 2”

  1. Exchange Server 2016: All You Need Part 1 « MSExchangeGuru.com Says:

    […] Exchange Server 2016: All You Need to know Part 2 […]

  2. NeWay Technologies – Weekly Newsletter #156 – July 17, 2015 | NeWay Says:

    […] Exchange Server 2016: All You Need to know Part 2 – 14-July-2015 […]

  3. NeWay Technologies – Weekly Newsletter #156 – July 16, 2015 | NeWay Says:

    […] Exchange Server 2016: All You Need to know Part 2 – 14-July-2015 […]

  4. Exchange Server 2016: All You Need to know Part 3 « MSExchangeGuru.com Says:

    […]   « Exchange Server 2016: All You Need to know Part 2 […]

  5. ilRobby Says:

    Hello Prabhat,

    Thanks for this article!

    But, I’m confused now! I’ve read on Technet library (Exchange 2016 system requirements):

    https://technet.microsoft.com/it-IT/library/aa996719%28v=exchg.160%29.aspx

    that Exchange 2016 can be deployed in an AD forest with a 2008 domain controller (no R2)…

    Who is telling the truth?

    🙂

  6. Prabhat Nigam Says:

    Both are correct. This blog is based on what was discussed during the Ignite conference in May.

    Well I requested MS to change to windows 2008 and they did.

    We posted 2 updates after this.
    This is the update to Ignite: https://msexchangeguru.com/2015/08/26/e2016-ad-os-update/

    And after the Release of RTM we posted this. https://msexchangeguru.com/2015/10/09/e2016-srandpre/

  7. ilRobby Says:

    Many thanks Prabhat!

  8. DDog80sRock Says:

    Hello Prabhat

    I noticed under Client requirements you stated Outlook 2013 SP1 or later with KB3020812. I don’t see that referenced on the TechNet page for Exchange 2016. When I review the updates in that KB, it doesn’t mention anything about fixing shared mailboxes or legacy public folder issues. Is there a different hotfix or is it just not referenced in the December updates? Thanks.

  9. DDog80sRock Says:

    Hello Prabhat

    I noticed under Client requirements you stated Outlook 2013 SP1 or later with KB3020812. I don’t see that referenced on the TechNet page for Exchange 2016. When I review the updates in that KB, it doesn’t mention anything about fixing shared mailboxes or legacy public folder issues. Is there a different hotfix or is it just not referenced in the December updates? Thanks.

  10. Prabhat Nigam Says:

    It is not referenced in December update.

  11. DDog80sRock Says:

    Are there KB articles about the shared mailbox and legacy public folder issues fixed by KB3020812? I’m trying to determine if this applies to our issues. Thanks.

  12. Chandan Says:

    Hi Nigam,

    I have a quick question, We are setting up a co-existence wtih 2013 to 2016, We gonna Publish 2016 for namespaces. my query is
    do we need to change any URLs in 2013 or set null value in virtual directory on 2013 for proxy from external connection.

    Example. Mail.domain.com we are publishing on 2016. Earlier we were using this on 2013. Now pointing has change to exchange 2016. How does exchange 2016 proxy for 2013.

    Can we set null url on 2013 for porxy? or can we go with the same urls for external connections

    Regards,
    Chandan

  13. Prabhat Nigam Says:

    Hi Chandan,

    Externalurl should be made empty on 2nd AD site but single AD site does not matter.

  14. Chandan Says:

    Thanks a lot for your help, What about internal URls for diffrent AD sites & same AD site.

  15. Prabhat Nigam Says:

    You can keep internalurl same and it should be present.

Leave a Reply

Categories

Archives

MSExchangeGuru.com