Appendix B

Advanced Topics in Exchange Server 2010

Module Overview

• Deploying Highly Available Solutions for Multiple Sites

• Implementing Federated Sharing

Lesson 1: Deploying Highly Available Solutions for Multiple Sites

• Discussion: High Availability for Multiple Sites

• Using Cross-Site DAGs

• Challenges of Implementing Cross-Site, Nonmailbox Servers

• Failover Process for Data Centers

• Best Practices for Multisite Failover

Discussion: High Availability for Multiple Sites

• What are some of the common multisite high-availability scenarios?

• Does your company have a warm disaster-recovery site or is it planning to have one?

• After mail services successfully fail over to the second site, what other issues might you still need to address?

Using Cross-Site DAGs

Cross-site DAGs do not require:

• Special network hardware

• A single shared subnet

• A single Active Directory site

Cross-site DAGs do require:

• Less than 250 ms latency between all DAG nodes

• Reestablishment of cluster quorum after site failure

• Administrative intervention to complete datacenter failover

• Support for nonmailbox roles in each site

• At least one domain controller in each site

Challenges of Implementing Cross-Site, Nonmailbox Servers

Challenges of implementing cross-site, nonmailbox servers are:

• External DNS records name must point to secondary site

• Clients must reconnect to the new RPC client access array

• Inbound e-mail must be redirected

Failover Process for Data Centers

Site ASite A Site BSite B

DAG

Hub Transport(FSW)

Hub Transport(FSW)

Hub TransportHub TransportClient AccessClient Access Client AccessClient Access

(Alt FSW)(Alt FSW)

Best Practices for Multisite Failover

• Verify failover functionality with periodic testing

• Reduce failover time by using low TTL on DNS records for the Client Access server array, Client Access server URLs, and SMTP records

• Closely monitor replication health and other system components to ensure failover health

• Follow proper change-management procedures

• Prevent cluster network cross-talk

Lesson 2: Implementing Federated Sharing

• What Is Federated Sharing?

• Components of Federated Sharing

• How Federated Sharing Works for Availability Information Access

• How Federated Message Delivery Works

• Configuring a Federation Trust

• Configuring Organizational Relationships and Sharing Policies

What Is Federated Sharing?

Federated sharing:

• Requires Microsoft Federation Gateway as a trust broker

• Uses standard federation technologies to establish trusted relationships

• Enables secure Internet communications between organizations

• Is supported for all messaging clients

• Requires each organization to establish and manage its trust

Components of Federated Sharing

Federated Sharing requires:

• Organization identifier that identifies which domains areavailable for federation

• Federation Trust with Microsoft Federation Gateway

• Establishment of a federated sharing relationship with another federated organization to enable sharing of availability information, or Federated Delivery of e-mail

• Sharing relationships that define the organizations withwhich your users will share data, and the type of data theycan share

Adatum.com Contoso.com

How Federated Sharing Works for Availability Information Access

Client AccessServer

Client AccessServer

MicrosoftFederationGateway

MicrosoftFederationGateway

Client AccessServer

Client AccessServer

DomainControllerDomain

Controller

DomainControllerDomain

Controller22

33

44

77

88

MailboxServer

MailboxServer

6611 55

Adatum.com Contoso.com

How Federated Message Delivery WorksMicrosoft

FederationGateway

MicrosoftFederationGateway

DomainControllerDomain

Controller

DomainControllerDomain

Controller22

33

44

MailboxServer

MailboxServer

Hub TransportServer

Hub TransportServer

6655

Hub TransportServer

Hub TransportServer

MailboxServer

MailboxServer

11

Configuring a Federation Trust

Before configuring a federation trust:

When configuring the federation trust:

• Obtain a trusted certificate

• Configure the authoritative domains

• Configure external DNS records

• Ensure the server has Internet access

• Ensure that the server has the certificate installed

• Provide the certificate thumbprint

Configuring Organizational Relationships and Sharing Policies

Organizational relationships determine the organizations you want to share information with, and what types of information you will share

Organizational relationships determine the organizations you want to share information with, and what types of information you will share

Sharing policies define which users can share information with other organizations, and what types of information those users can share

Sharing policies define which users can share information with other organizations, and what types of information those users can share