Active Passive DAG seperate DNS namespace

  • Thread starter skipster
  • Start date Views 2,139
Status
Not open for further replies.
S

skipster

Hello all

I have read many Microsoft KB articles on the requiremnet for having a dual namespace, when a DAG stretches across 2 or more AD sites. If i am running in an Active\Passive DAG design and the datacenter that contains the passive copies is for DR purposes only, then i dont see the requirement for having a seperate namespace for the DR site, because in the event of a failover to the DR site, all i need to do is update the ip address for the following below DNS records, (internal and external DNS) and point these records to the WNLB vip in the DR site, we will use split DNS. Again in the event of a datacenter swithcover, if i can move the DNS records so they point to the WNLB vip thats located in the DR site, then i dont understand the need for a seperate DNS namespace for the DR site? Again the DR site will be used for DR purposes only. I think per my settings having to have a seperate DNS namespace just over complicates the environment.

mail.mydomain.com (internal and external DNS)

Autodiscover.mydomain.com (external DNS)

Outlook.mydomain.com (casarray, internal DNS)

Bulls on Parade
 
B

Brian Day MCITP

Do you have a plan in place to deal with partial datacenter switchovers? What I mean by that is what if only one or two datbases have to be activated in the secondary datacenter and not all of hem?Microsoft Premier Field Engineer, Exchange
MCSA 2000/2003, CCNA
MCITP: Enterprise Messaging Administrator 2010
Former Microsoft MVP, Exchange Server
My posts are provided "AS IS" with no guarantees, no warranties, and they confer no rights.
 
S

skipster

I cant think of any reason why i would need to activate one or two databases in the DR datacenter. I will have 4 mailbox servers in a single DAG stretched across two AD sites. the FSW wintess will be located in the primary DC. With this configuration i could lose two servers and still maintain quorum. The mailbox servers have been sized and speced out to acomodate 100% of the databases in the event one of the mailbox servers went down. If i am udnerstanding you correctly it sounds like per my setup, i would only need a seperate namespace if i wanted to plan for a partial datacenter switchover where one of two databases become active in the DR site? I can understand needing a seperate namespace to suppor this, but this is not in our plan.

Bulls on Parade
 
B

Brian Day MCITP

I cant think of any reason why i would need to activate one or two databases in the DR datacenter. I will have 4 mailbox servers in a single DAG stretched across two AD sites.

Do you have 4 copies of each DB? If so, let's say you have copies 1/2 in Site-A and copies 3/4 in Site-B

Playing devil's advocate here...

Perhaps the content index becomes corrupt on copy 2 and Murphy's Law kicks in and at the same time copy 1 suffers from something else which causes it to dismount. You now have to rely on copy 3 or 4 to mount while you repair copies 1/2. Depending on DB and CI size, and WAN speed between sites this could take a while.

Microsoft Premier Field Engineer, Exchange
MCSA 2000/2003, CCNA
MCITP: Enterprise Messaging Administrator 2010
Former Microsoft MVP, Exchange Server
My posts are provided "AS IS" with no guarantees, no warranties, and they confer no rights.
 
S

skipster

It shouldt take a while to mount, the 3/4 copies in the DR site, should be pretty much up to date with log file replication. In the event i have to activate copies 3/4, the users who now access there mailbox in the DR site, would still use the primary sites CAS servers for internal and exeternal access and these CAS servers will proxy the connection to the CAS servers in the DR site that contain the 3/4 active database copies in the DR site. As long as the internalurl for the EAS, OAB, OWA and EWS virtual directories are configured and the external url is null, then proxying will work, so again i really dont see the need for a seperate namespace for the DR site? With Exchange 2010 sp1 the CAS servers can do cross site connections, for outlook 2010 across datacenters to the mailbox sever that now has the 3/4 database active. Basically the outlook 2010 client will connect to the CASarray in the primary DC, at this time the CAS array located in the primary DC will do a direct connect to the mailbox server located in the DR site. This is the default behavior in SP1

What i am still having a hard time understanding is, if i will be using WNLB in both datacenters, and in order for proxying to work for OWA, and ECP the internalurl property for these virtual directories must be set to the the FQDN name of the server, if this is true and i have 2 cas servers configured in a WNLB array, then how can i load balance this type of traffic? The CAS servers in the primary site, will proxy the connection to the value configured for the internalurl for the CAS servers in the DR site, if i have more than 1 CAS server, then what CAS server should i use?

http://technet.microsoft.com/en-us/library/bb310763.aspx

Bulls on Parade
 
B

Brian Day MCITP

Mounting 3/4 will (hopefully) be almost instantaneous. I was trying to point out out it may take a while to reseed the content index or EDB in Site-A if something like that were to happen and without dedicated namspaces it can make datacenter switchovers move involved as the steps to switchover can be more. It also depends a lot on what version of clients you're using.

If you're comfortable with utilizing proxying (don't forget to enable WIA on the vDirs as well) then you can run in that configuration. It isn't optimal from a performance point of view (RPC over the WAN is more costly and latency depdendent than HTTPS over the Internet), but if you are willing to accept it for partial datacenter activations then there's nothing inherently wrong with it. You'll have to back out the proxying config to a normal config during a full datacenter switchover scenario, so make sure those are part of the switchover documentation.

In SP1 the cross-datacenter RPC connections feature you're thinking of didn't make the SP1 RTM cut. It was unfortunately removed from SP1 before the bits were release to the world, but it hasn't yet been removed from the documentation. Hopefully it comes back later, but there is no way to prevent cross-datacenter RPC connections at this time short of activation blocking DB copies in the remote datacenter.

Yes, FQDNs for proxy sites is one of the drawbacks to proxying and where dedicated namespaces would be more valuable as we could simply redirect the user to the more approprate ExternalURL value. Without a FQDN on the InternalURL value for a proxy situation we wouldn't be able to utilize Kereros and authenticate between the CAS servers. You have to rely on Exchange itself not always choosing the same CAS server when it does a lookup, but that isn't guaranteed not to happen.
Microsoft Premier Field Engineer, Exchange
MCSA 2000/2003, CCNA
MCITP: Enterprise Messaging Administrator 2010
Former Microsoft MVP, Exchange Server
My posts are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
 
S

skipster

Makes sense, and thank you for the help and information. I must confess this topic of needing two separate DNS namespaces, when a DAG is stretched across separate AD sites is a bit convoluted and confusing. The main point to consider with this is knowing understanding and preparing for a datacenter switch over and or a database switch over. With an active\passive DAG that spans two AD sites, the main reason or purpose for the separate namespace for the DR site when a database switch over occurs, is to be able to support OWA, and EAS clients as the externalurl value for these virtual directories would be configured with the DR sites namespace i.e DR.mydomain.com. This DNS record would be in external DNS and internal DNS. Outlook 2010 clients that are configured for outlook anywhere would also use these values in order to find the exchange web services. Basically they would perform an autodiscover lookup the DNS record for this in external DNS is still pointing to the CAS servers located in the primary AD site. Because there mailbox is now in the DR site, the Outlook anywere clients will receive new connection settings per the DR site (DR.mydomain.com) and connect.

When a datacenter switch over occurs, the external DNS records for autodiscover.mydomain.com and mail.mydomain.com need to move to the DR datacenter. EAS, OWA and outlook anywhere now connect to the DR Datacenter, and because all the url's in the DR datacenter have been configured with the DR.mydomain.com namespace, these clients continue to connect without issue. A few things need to be done to support this configuration

#1 configure one SAN cert.

Principal name = mail.mydomain.com

Subject alternative names = autodiscover.mydomain.com,dr.mydomain.com,mail.mydomain.com. this cert gets imported to all CAS servers across the org

#2 Configure the outlook provider on all CAS servers across the org, so it points to msstd:mail.mydomain.com

This design assumes the following configuration

1Pure Ecxhange 2010 org

2consists of two DC both with internet connectivity

3No proxy sites

4uses split DNS

5an AD site in each Datacenter

6the DAG includes member servers from each datacenter

7WNLB or HLB is used is deployed each DC

8SAN certs are used

Bulls on Parade
 
Status
Not open for further replies.
Top