Symantec reference architectures for the
virtualization of Microsoft® SQL Server®,
Microsoft® SharePoint®, and Microsoft®
Exchange Server®
Who should read this paper
Who should read this paper
C-level IT executives, Database Administrators, and Application Owners
APER:
TING VIRTU
ALIZA
TION OF TIER 1
Content
Business overview . . . 1
Goals and objectives. . . 1
Stakeholders and their concerns. . . 5
Role of a reference architecture . . . 5
Principles guiding this architecture . . . 6
Assumptions guiding this architecture . . . 7
Components of a reference architecture . . . 7
Summary of the technical scope . . . 8
1.8 Microsoft SQL Server Virtualization Reference Architecture . . . 11
1.9 Microsoft SharePoint Virtualization Reference Architecture . . . 14
1.10 Microsoft Exchange Server Virtualization Reference Architecture . . . 17
1.11 Comprehensive business-critical application environment . . . 20
1.12 Technology components . . . 21
Conclusions . . . 22
Business overview
Organizations strive to leverage the benefits of virtualization to help drive down cost, improve business agility through greater consolidation, improve utilization of resources, and benefit from increased automation and efficiency.
Today, enterprise businesses commonly deploy virtualization for non-critical environments only, due to the perception of obstacles that prevent further virtualization in the data center. Projects stall when applications are considered too large, too complex, or too high risk to virtualize.
To help organizations implement proven and repeatable enterprise-class IT solutions in virtual environments, Symantec has created a series of reference architectures. The focus of the reference architectures is to accelerate the virtualized deployments of Microsoft applications on VMware® platforms, enhanced by Symantec software. The reference architectures demonstrate how organizations can meet the demands for application performance, availability, security, and cost, as well as increase the business value and return on investment from Symantec software.
Goals and objectives
The goal of the Symantec reference architectures is to remove the barriers to virtualization, and provide proven capabilities to help businesses migrate their critical Microsoft applications safely to virtual environments, while managing complexity and risk.
Objective Description Provide capacity-on-demand capability
for storage.
Scale to support large multi-terabyte databases without any disruption to critical business services.
Provide scalable performance. Support high transaction rates by enabling the data to be load balanced across multiple I/O paths and storage devices, with the ability to increase or decrease bandwidth online.
Objective Description
Respond to application-level failures. Extend the capabilities of VMware to deliver business-critical levels of availability through enhanced monitoring and recovery of failed application components running on a virtual machine.
Respond to virtual machine failures. Restart virtual machines when faults are detected. Start the virtual machine on another server if it cannot be restarted successfully.
Respond to server hardware failures. Migrate virtual machines to a different server when a server fault or stability issue is detected. The reference architectures within this series include:
• Symantec Reference Architecture for Microsoft® SQL Server® • Symantec Reference Architecture for Microsoft® SharePoint® • Symantec Reference Architecture for Microsoft® Exchange Server®
The documents provide assistance and guidance with the validation, design, and implementation of enterprise-class virtualization of Microsoft applications, leveraging the power of Symantec technology to accelerate the deployment of virtualization.
Objectives derived from the goals
The major barriers to deployment of virtualized business-critical services common among organizations include: • I/O performance
• Availability and recovery • Virtualized server security • Cost
• Operational efficiency
These key attributes form the core focus of the business and technical objectives presented in the reference architectures, as detailed in the following series of tables.
Op
Optimiz
timize I/O perf
e I/O performance
ormance
Provide business-critical levels of a
Objective Description
Respond to site failures or outages. Integrate with VMware high availability (HA), VMware Site Recovery Manager (SRM) and replication technologies to provide a cost-effective disaster recovery solution.
Enable live migration of running virtual machines.
Fully support VMware VMotion technology to enable live migration of servers and minimize planned downtime.
Enable instant recovery of data using snapshots.
Provide instant point-in-time recovery from snapshot copies of the data with ability to roll the database forward using transaction logs to recover quickly from data corruption or loss.
Enable recovery of individual objects. Enable granular recovery of SQL Server database objects including user, system, full text catalogs, and file streams while database is online.
Ensure I/O path resiliency. Deploy multipathing technology to eliminate single points of failure in the I/O data path.
Objective Description
Protect against network-based security threats.
Use VMware vShield to enforce firewall security policies that stay with a virtual server even after live migration or site failover, to protect applications from network-based threats.
Provide intrusion protection and prevention for virtualized environments.
Implement intrusion protection and prevention to further improve the security of virtual machines.
Objective Description
Use physical resources more efficiently.
Make more efficient use of physical server resources through virtualization, reducing both management and operating costs through consolidation.
Reduce the physical server footprint. Reduce physical server footprint through virtualization to reduce IT spending on data center capacity, power and cooling, and to reduce the environmental impact of data center sprawl.
Provide thin provisioning and storage reclamation.
Combine thin provisioning with storage reclamation capabilities to achieve cost savings through greater utilization of storage.
Perform off-host backups and data deduplication.
Enable efficient off-host backups, with data deduplication, to achieve cost savings by reducing storage requirements for offline data retention.
Pro
Protect critical ser
tect critical servers from securit
vers from security threats
y threats
Reduce infras
Objective Description Deploy or decommission components
quickly.
Enable new applications to be deployed or decommissioned quickly without involving the lengthy processes associated with physical hardware, thereby removing complexity and improving business agility.
Eliminate physical silos. Eliminate silos, where applications underutilize dedicated resources, through virtualization; resources can be shared, improving business efficiency.
Reduce the risk of application failures impacting other functions.
Remove the cascading effect of one failing application bringing down another application, or an entire operating system, by limiting each virtual machine to running one application, reducing operational risk.
Provide high availability without hot standby servers.
Achieve high availability without requiring hot standby servers, to help realize the cost savings expected through virtualization of business-critical applications.
Remove complexity from data center failover procedures.
Use VMware SRM to reduce risk and to remove complexity from data center failovers and planned migrations.
Automate operational procedures. Automate operational procedures to improve efficiency and reduce risk.
Centralize management. Centralize management for an application-centric view of virtual servers, helping to optimize data center assets, scale operations, and centralize visibility and control.
Constraint Description
Preserve or enhance VMware capabilities
VMware capabilities will either be preserved or built upon, but they must not be removed or broken. For example, VMware VMotion and SRM are features that will be used within the solution.
Hardware agnostic Hardware vendor tie-in must be eliminated. Although specific hardware vendors may be recommended or referred to by the reference architecture, the design will not preclude the use of other hardware vendors. This may come with a caveat; for example, if certain features are not available from a particular vendor, those features will be missing in the final solution.
Compatibility with existing hardware solutions
Compatibility will be maintained with standard hardware solutions in the virtualization space, such as Vblock and FlexPod.
Improve operations efficienc
Improve operations efficiencyy
Constraints
Constraint Description
64-bit architecture Solution is for 64-bit Intel or AMD processor architectures only.
Security architecture The security architecture in this release relies upon Symantec Critical System Protection.
Assisted site failover Due to the design of VMware SRM and its lack of external arbitration services, it will not be possible to fully automate site failover within this architecture. Instead, site failover must be
triggered manually, after which the process is automatic.
Stakeholder Abbrev. Summary of Concerns
Chief Information and Technology Officers CIO/CTO IT budgets, demonstrable benefits
Chief Financial Officer CFO Cost transparency and recovery (chargeback)
Chief Security Officer CSO Security and compliance
Chief Operations Officer and Database Administrators COO/DBA Performance and scalability, resource and capacity management
Application Owners App Cost, time to provision, reliability, performance and scalability
IT Infrastructure Operations Ops Cost, time to provision, reliability and availability, performance and scalability, resource and capacity management
IT Service Management ITSM Usability, service delivery, visibility, compliance
Stakeholders and their concerns
A number of stakeholder views have been considered for the creation of the reference architectures, including: • Senior IT managers
• Chief Information Officers • Chief Technology Officers
The stakeholders consulted for these reference architectures have a range of concerns relating to virtualization, which are summarized in the following table.
Role of a reference architecture
A reference architecture is a framework for defining a solution, including components, relationships between components, and the principles governing the design of the architecture. It provides a set of consistent architecture best practices that can be used by a variety of
The intent of the Symantec reference architectures is to short-cut the design process for organizations interested in virtualizing critical business services. The aim is to reduce or eliminate errors in technology decisions and increase the likelihood of successful implementation of blended Microsoft, VMware, and Symantec solutions in a virtual environment.
Using a reference architecture as a guide for designing solutions with similar capabilities enables organizations to derive several benefits, including:
• Reducing complexity
• Reducing resources requirements and cost • Minimizing design and implementation timeframes
While a reference architecture provides a basis for creating real-world solutions, it is not intended as an implementation blueprint. Each organization can apply the principles and goals appropriate for their requirements, and modify design criteria as needed for their purposes. For example, the Symantec reference architectures describe collections of technology, along with the capabilities and configuration options used in the solution. An organization may choose different capabilities or configuration options in their implementations.
Principles guiding this architecture
The following core principles have been identified to guide the design of the solutions presented in the reference architectures.
Business principles
Business principles
• Information management decisions are made to provide maximum benefit to the enterprise as a whole. • Enterprise operations are maintained in spite of system interruptions.
• Enterprise operations are performed within the time constraints set by pre-defined service levels. • Enterprise processes are automated where appropriate to reduce manual effort.
• Development of applications used across the enterprise is preferred over the development of similar or duplicative applications which are only provided to a particular organization.
• Enterprise information management processes comply with all relevant laws, policies, and regulations.
• The IT organization is responsible for owning and implementing IT processes and infrastructure that enable solutions to meet user-defined requirements for functionality, service levels, cost, and delivery timing.
• Effectively align expectations with capabilities and costs so that all projects are cost-effective. Efficient and effective solutions have reasonable costs and clear benefits.
Data principles
Data principles
• Information is central to the successful running of an organization.
• Data is an asset that has value to the enterprise and is managed accordingly. • Data is shared between applications across the enterprise.
• Data is accessible for users to perform their functions. • Each data element has a trustee accountable for data quality.
• Data is defined consistently throughout the enterprise, and the definitions are understandable and available to all users.
Application principles
Application principles
• Applications are independent of specific technology choices and therefore can operate on a variety of technology platforms. • Applications are easy to use. The underlying technology is transparent to users, so they can concentrate on tasks at hand. • Only in response to business needs are changes to applications and technology made.
TTechnolog
echnology principles
y principles
• Changes to the enterprise information environment are implemented in a timely manner.
• Technological diversity is controlled to minimize the non-trivial cost of maintaining expertise in and connectivity between multiple processing environments.
• Software and hardware should conform to defined standards that promote interoperability for data, applications, and technology.
Assumptions guiding this architecture
The solutions identified in the reference architectures define optimum configurations that ensure VMware, Microsoft, and Symantec technologies work together for maximum combined benefit. They do not seek to optimize a single component within the stack to the detriment of the others.
While the reference architectures are targeted to medium and large enterprises deploying business-critical applications with high transaction rates, the scope is limited to single-instance application environments with no database mirroring or availability groups.
Minimizing cost of implementation is the highest priority goal of the Reference Architecture. Organizations can expand the scope of a specific implementation of the Symantec reference architecture to include multi-instance applications.
The versions of software used in an implementation based on the reference architectures must be equal to, or later than, those versions specified in the physical view of each technical architecture. For example, vSphere 4.1 cannot be used in the solution; VMware version 5.0 software is the minimum requirement.
Virtualization is maturing considerably within enterprise class organizations, and accordingly the reference architectures do not aim to cover these areas in detail:
• Business benefits of virtualization • Transition to a cloud technology
• Design and build instructions for Microsoft applications, VMware, or the Symantec products
Components of a reference architecture
The reference architecture documents are structured in a manner which can be leveraged by each type of stakeholder.
Business architecture
The business architecture focuses on how the solutions meet business goals.
Application architecture
Because these are well-known applications with a large existing collection of documentation detailing all aspects of their architecture and design, the application architecture section provides a higher-level discussion regarding how these products fit into the overall Symantec reference architectures.
Technology architecture
The core focus of each reference architecture document is the technology architecture, which highlights the attributes considered essential for deploying Microsoft SQL Server, Exchange, or SharePoint, virtualized on VMware as an enterprise-class application. Practical and real-world experience from Symantec subject matter experts provides an understanding of how to design solutions that leverage Symantec products.
The technology architecture is organized into conceptual, logical, and physical views.
Concep
Conceptual view
tual view
The conceptual view represents the business “owner” point of view, describing how the solution aligns with business needs. This view is an implementation-independent view of all infrastructure services. The conceptual view provides an abstract or high-level design of only the most important business components and entities; its main goal is to provide an understanding of the overall purpose of the proposed solution in direct relation to business need. Components include major technology systems, relevant business processes, external systems required for integration or overall functionality, high-level data flow, and system functionality.
LLogical view
ogical view
The logical view represents the “designer” point of view, identifying the significant components and showing how they fit together to deliver the solution. This view includes realizable elements of the infrastructure, interaction models, principles for use, and product capabilities. The logical view includes a more detailed design for all major components and entities, as well as relationships, data flows, and connections. The target audience is typically developers or other systems architects. The logical view includes business services, application names and capabilities, and other relevant information needed for development purposes, and it intentionally omits physical server names or addresses.
Ph
Physical view
ysical view
The physical view is the “builder” view, showing how the solution is created and configured. This includes implementation models,
technology patterns, and templates. The physical view has all major components and entities identified within specific physical servers and locations, as well as specific software services, objects, and solutions. This view includes known details such as operating systems, version numbers, and patches that are relevant. Any physical constraints or limitations are also identified within the server components, data flows, or connections. The physical view references resources such as product documentation, white papers, and websites to augment the architecture content. The design presented in the physical view may be included and extended by the final implementation team into an implementation design.
Summary of the technical scope
The Symantec reference architectures are designed to help businesses transform critical applications from a silo model, in which applications are islands that under-utilize enterprise IT resources, to a virtualized model, in which IT resources are pooled together and shared.
requirements spiral out of control; and dedicated and intrusive on-host backups take longer to complete while application owners demand smaller and smaller maintenance windows.
Figure 2 - Traditional data center model
Figure 3 – Symantec reference architecture
While databases and data-intensive applications have often been considered poor candidates for virtualization due to their heavy I/O demands, complex recovery processes, and high availability requirements, this reference architecture illustrates that these business-critical applications—commonly among the most over-provisioned environments in the data center—are actually very good candidates for
virtualization.
Virtualization also enables organizations to respond more quickly to business demands, whether for provisioning new application
environments, rolling out applications from development into production, or migrating applications quickly and efficiently to more powerful computers. Visit the Symantec Virtualization microsite, located athttp://www.symantec.com/virtualization, for further information about Symantec solutions for virtualization.
1.8 Microsoft SQL Server Virtualization Reference Architecture
Microsoft SQL Server 2008 R2 provides a data platform that delivers a low TCO and is equipped to handle the needs of even the most demanding mission-critical applications. In a fast-evolving business environment, this platform helps enable businesses to quickly adapt to changing requirements, promotes the reliability to maintain highly available service provisioning at scale, and provides a comprehensive range of tools, features, and functionality to increase IT efficiency and reduce management overhead. The platform is tightly integrated with Microsoft’s directory services to help enable a secure and scalable security model.
A typical configuration for SQL Server in a VMware virtual environment is shown in Figure 4.
Figure 4 - Typical SQL Server configuration for VMware
This uniquely named instance has a database engine, an agent that handles inbound client connection requests, an analysis service for handling online analytical processing (OLAP) type of requests, and a Filestream agent for keeping track of database objects stored outside of the database in a file system. Each instance includes one or more associated databases—a collection of related tables, indexes, and other objects that store and manage access to data records. While it is possible to have multiple instances running on the same Windows guest operating system, this reference architecture maps each instance to its own virtual machine for ease of configuration and management. Figure 5 depicts how the individual SQL Server virtual configurations fit within an example virtualized data center. The management servers are virtualized in this case, but in any particular implementation of the Reference Architecture, management services could be provided using a combination of physical and virtual servers, depending on existing infrastructure and specific requirements of an organization.
Figure 5 - SQL Server in a virtual data center
The components of the SQL Server solution are summarized below. For complete details, see the Symantec Reference Architecture for
Virtualization of Microsoft SQL Server.
Storage architecture
Storage architecture
High a
High avvailabilit
ailability and disas
y and disaster recover
ter recoveryy
VMware HA manages local failover and live migration of virtual machines. In this example environment, the application virtual machines are configured on a two-node VMware HA cluster, with each node functioning as the failover node in the event an ESXi host becomes unstable or faults. In this case, VMware HA restarts the virtual machines on the remaining cluster node. A Symantec ApplicationHA agent is installed on all application virtual machines to provide application monitoring, because VMware HA has no visibility into the applications running on the guest host. Without ApplicationHA, application failures go undetected. ApplicationHA detects when an application faults and can be
configured to restart the application automatically, or signal to VM to restart the virtual machine. The ApplicationHA Console integrates with vCenter Server to provide centralized management of high availability. Veritas Operations Manager integrates with ApplicationHA to manage relationships between applications to ensure that dependent applications are started, stopped, and failed over in a coordinated fashion. Disaster recovery is provided by VMware Site Recovery Manager (SRM). SRM is integrated with data replication technologies to present replicated storage to the correct ESXi servers, enabling virtual machines to be started at different sites. Symantec ApplicationHA integrates with SRM to ensure continuity of application monitoring when a failover has occurred.
Data pro
Data protection
tection
The data protection solution for this reference architecture leverages Symantec NetBackup to provide a full spectrum of backup and recovery options, for both VMDK and RDM storage used in this architecture.
To protect VMDK storage, NetBackup for VMware provides comprehensive protection for virtual machines by integrating with VMware vStorage APIs for Data Protection (VADP) and VM snapshots. NetBackup uses VMware to take VM snapshots of VMDK storage without any disruption to the running guest operating systems and applications. These snapshots can then be backed up without involving the guest operating system in the data transfer. NetBackup V-Ray technology enables recovery of individual Windows files from a VM backup. The NetBackup client is installed on each virtual machine to receive data during a file-level restore. The NetBackup media and master servers handle data transfer and job management, respectively. Although shown in the diagram as running on a single virtual machine, these servers are often run on existing physical, off-host backup servers to further minimize any impact to the VMs and ESXi host.
If SQL Server databases are deployed in VMDK storage, then NetBackup for VMware will include those databases in the VM backup, and optionally manage SQL Server log truncation. Furthermore, NetBackup V-Ray technology can again be used to recover individual databases from the same VM backup.
If SQL Server databases are deployed in RDM storage, then the NetBackup for SQL Server agent in the guest provides database backup and recovery, and log truncation management. This approach is necessary because RDM storage is external to VMware, and the contents are not included in VM snapshots. Therefore, RDM data must be backed up via the guest operating system. Alternatively, if the RDM storage is shared storage with an array-based snapshot provider, then the NetBackup media server can directly backup a snapshot of the RDM storage for optimal performance and minimal impact.
OpsCenter provides centralized management of data backup and archive operations across products and platforms, and a central portal for all file-level recoveries of both physical and virtual machine backups.
Securit
Securityy
on the vCenter server to further protect the virtual environment. Both the agents and the management console connect to the management server to exchange data. The management server in turn acts as a liaison to the internal SCSP SQL data store, which is where all policies, configuration data, and event information are stored. Many management servers within a given environment can report to the same internal SQL data store, providing for centralized management and control of systems across the enterprise. This also allows customers flexibility in determining how to distribute their SCSP infrastructure, as both agents and consoles can then connect to any of the available management servers.
For network-related security, VMware vShield App resides within the security architecture. vShield protects applications and data in the virtual data center from network-based threats and gives organizations the ability to create and manage business-relevant policies that adapt to dynamic environments. vShield also provides deep visibility into network communications between virtual machines and granular
enforcement through security groups.
1.9 Microsoft SharePoint Virtualization Reference Architecture
Microsoft SharePoint is a central application platform for common enterprise Web requirements. The multipurpose design of SharePoint enables management, scaling, and provisioning of a broad variety of business applications. SharePoint provides a layer of management and abstraction from the Web server, with the ultimate goal of enabling business users to leverage Web features without having to understand technical aspects of Web development. SharePoint also contains pre-defined applications for commonly requested functionality, such as intranet portals, extranets, websites, document and file management services, collaboration spaces, social tools, enterprise search, and business intelligence.
A medium-scale SharePoint farm running in a VMware virtual environment is shown in Figure 6.
Figure 6 - Medium SharePoint farm in a virtual environment
depicted by the Web Front-End 1 and 2 virtual machines. New SharePoint servers can easily be provisioned to expand server farms to accommodate growth and meet performance objectives.
Figure 7 depicts how the SharePoint virtual configurations fit within the Symantec virtualization reference architecture for SharePoint. As with the SQL Server solution, the management servers are virtualized in this case, but in any particular implementation of the reference architecture, management services could be provided using a combination of physical and virtual servers, depending on existing infrastructure and specific requirements of an organization.
Figure 7 - SharePoint in a virtual data center
Depending on an organization’s needs, the SharePoint architecture can be customized to meet scalability, performance, and high availability requirements. Because no one single solution suits all environments, Microsoft provides numerous resources and documents, such as the
Capacity Planning for Microsoft SharePoint 2010document, used for planning and deployment of SharePoint 2010. For the Symantec reference architecture, a single server farm is implemented. The SharePoint roles, as well as the SQL Servers, are distributed across four virtual machines.
The reference architecture components of the SharePoint solution are similar to those used in the SQL Server solution, summarized in Section 1.8. An overview of differences for SharePoint is provided below. For complete details, see the Symantec Reference Architecture for
Storage architecture
Storage architecture
SharePoint uses a SQL Server database to store data; therefore, the storage architecture is essentially the same as the SQL Server Storage Architecture. A key aspect of the storage solution for SharePoint is capacity-on-demand, enabling the easy addition of new content databases to accommodate growth in storage usage. Yet storage planning is still critical for ensuring a successful SharePoint deployment. See the
Planning and Architecture for SharePoint Server 2010article from Microsoft for details.
High a
High avvailabilit
ailability and disas
y and disaster recover
ter recoveryy
The high availability and disaster recovery (HA/DR) architecture is similar to SQL Server. Each application virtual machine has an ApplicationHA agent for SharePoint installed. The virtual machines running the SQL Server for SharePoint data have the SQL Server ApplicationHA agent installed as well. ApplicationHA monitors the SharePoint and SQL Server, and automatically takes action if a fault is detected. The Symantec Reference Architecture for Microsoft SharePoint Architecture Definition document focuses on a single farm with a single service application group. Organizations can evolve this design to accommodate a more complex configuration based on experience and the opportunities for change.
Data pro
Data protection
tection
The data protection architecture for SharePoint is very similar to the previous one for SQL Server, again leveraging NetBackup to protect VMDK and RDM storage. To protect VMDK storage, NetBackup for VMware is used to backup a VM snapshot, and provides both VM-level and file-level recovery from the same backup.
If SharePoint databases reside in VMDK storage, then NetBackup for VMware will include those databases in the VM backup. NetBackup V-Ray technology can be used to recover individual databases and SharePoint content, like documents, calendars, and other granular items from the same VM backup.
If SharePoint databases reside in RDM storage, then the NetBackup for SharePoint agent in the guest provides database backup and recovery. This approach is necessary because RDM storage is external to VMware, and the contents are not included in VM snapshots. Alternatively, if the RDM storage is shared storage with an array-based snapshot provider, then the NetBackup media server can directly backup snapshot of the RDM storage for optimal performance and minimal impact. Granular recovery of SharePoint content is supported as well.
Archiving and eDiscover
Archiving and eDiscoveryy
The archiving and eDiscovery architecture for SharePoint is based on Symantec Enterprise Vault, which enables organizations to store, manage, and discover unstructured information across the enterprise. A standalone software-based solution, Enterprise Vault integrates with SharePoint environments to enable organizations to control the explosive growth of vital business content both inside the enterprise on intranets, and outside of the firewall on extranets or the Internet.
Securit
Securityy
The security architecture for SharePoint is also based on the same technologies as the SQL Server architecture. A Symantec Critical System Protection (SCSP) agent is installed on all physical and virtual systems to be protected. VMware vShield is deployed in the virtual data center to handle network-related security.
1.10 Microsoft Exchange Server Virtualization Reference Architecture
Microsoft Exchange Server is the industry-leading collaborative platform for email, calendaring, and unified messaging. These services are accessible through personal computer (PC), Web, and mobile devices so employees can stay connected, and have become an increasing important tool for supporting businesses, whether large or small.
Microsoft Exchange 2010 is closely aligned with the Microsoft® Office® suite of products, and provides trusted communication within an organization’s domain, enables greater collaboration and improved productivity for employees, and offers the ability reduce storage costs while allowing larger mailbox sizes.
An Exchange Server configuration for a virtual environment is shown in Figure 8.
As with SharePoint, the various server roles of an Exchange environment can be deployed on any number of virtual machines. In this example, the client access server (CAS) role is performed by three virtual machines to provide access to Exchange mailboxes by clients. The virtual environment is ideally suited to Exchange Server to enable new virtual machines to be provisioned and client load to be balanced across an increasing number of servers.
The Exchange Mailbox servers running on three virtual machines host the mailbox and public folder databases by providing the storage for the Exchange environment. In addition, the mailbox server hosts advance scheduling services for employees using Microsoft® Outlook® and Microsoft® Outlook Web Access®. Other virtual machines can be used for edge transport servers, unified messaging servers, and hub transport servers.
Figure 9 depicts how the Exchange Server virtual configurations fit within the Symantec reference architecture for Exchange Server. The various server roles are distributed among four virtual machines. As with the SQL and SharePoint solutions, the management servers are virtualized in this case, but in any particular implementation of the Reference Architecture, management services can be provided using a combination of physical and virtual servers (depending on existing infrastructure and specific requirements of an organization).
Figure 9 – Exchange Server in a data center
The components of the Exchange Server solution are similar to those used in the SQL and SharePoint solutions. Differences for Exchange Server are summarized below. For complete details, see the Symantec Reference Architecture for Microsoft SharePoint Architecture Definition document.
Storage architecture
Storage architecture
High a
High avvailabilit
ailability and disas
y and disaster recover
ter recoveryy
The HA/DR architecture is similar to SQL Server and SharePoint. Each application virtual machine has an ApplicationHA agent for Exchange installed to monitor the Exchange Server components and automatically take action if a fault is detected.
Data pro
Data protection
tection
The data protection architecture for Exchange is very similar to the previous one for SQL Server, again leveraging NetBackup to protect VMDK and RDM storage. To protect VMDK storage, NetBackup for VMware is used to backup a VM snapshot, and provides both VM-level and file-level recovery from the same backup.
If Exchange databases reside in VMDK storage, then NetBackup for VMware will include those databases in the VM backup. NetBackup V-Ray technology can be used to recover individual databases and Exchange content, like mailboxes, calendars, and other granular items from the same VM backup.
If Exchange databases reside in RDM storage, then the NetBackup for Exchange agent in the guest provides database backup and recovery. This approach is necessary because RDM storage is external to VMware, and the contents are not included in VM snapshots. Granular
Archiving and eDiscover
Archiving and eDiscoveryy
The archiving and eDiscovery architecture for Exchange Server is based on Enterprise Vault from Symantec and is similar to the archiving architecture for SharePoint. Enterprise Vault can connect to an Exchange Server using the MAPI protocol and can then move individual emails into Enterprise Vault. A short cut pointing to the original archived item can optionally be left behind.
Securit
Securityy
1.11 Comprehensive business-critical application environment
The diagram in Figure 10 shows how the three business-critical Microsoft applications—SQL Server, Exchange Server, and SharePoint—can be deployed together in a virtualized environment, protected from security threats, data loss, hardware failures, and site outages.
Technology architecture Component Product name Version Vendor Dynamic multipathing, capacity on demand,
volume management
Storage Foundation for Windows
6.0 Symantec Storage
Storage management VOM Advanced 4.0 Symantec
Virtual machines, virtual disks, high availability, live migration
VMware vSphere 5.0 VMware
Disaster recovery orchestration VMware vCenter Site Recovery Manager
5.0 VMware
File system NTFS Win
2008
Microsoft
Storage management console Veritas Operations Manager (VOM)
4.1 Symantec Availability and disaster
recovery
Application monitoring inside virtual machines ApplicationHA 6.0 Symantec
Backup software Symantec NetBackup 7.5 Symantec
vStorage API VMware ESXi 5.0 VMware
Volume copy shadow service VSS (Windows OS component) - Microsoft Data protection
OpsCenter OpsCenter Analytics 7.5 Symantec
Email and message archive Enterprise Vault 10.0 Symantec Archiving
eDiscovery Discovery Accelerator Symantec
Intrusion protection Critical System Protection 5.2.8 MP3
Symantec
Network security vShield App 5.0 VMware
Security
Security administration vShield Manager 5.0 VMware
1.12 Technology components
Conclusions
The Symantec reference architecture demonstrates how technologies from Symantec can be deployed to complement the capabilities of VMware to deliver enterprise-class levels of performance, availability, and protection for Microsoft SQL Server, SharePoint, and Exchange Server applications, while at the same time enabling organizations to fully exploit the benefits of virtualization to increase business agility, improve IT efficiency, and drive down costs.
Performance is often a key area of concern for organizations seeking to migrate business-critical applications onto virtual platforms, due to the heavy demands these transaction-intensive applications place on the I/O subsystems. The Symantec reference architecture addresses these concerns by exploring how Storage Foundation from Symantec can be deployed to enable I/O performance and capacity to scale beyond a single LUN or virtual disk, and through expert guidance in selecting the type of storage and virtual devices to deliver optimum performance.
In addition to performance, the reference architecture also addresses storage management and infrastructure costs to deliver additional value—enabling standardized storage management processes across physical and virtual environments, centralized reporting and
chargeback of storage resources, and support for advanced storage management capabilities such as thin provisioning and reclamation, and online storage migration.
Implementing high availability, disaster recovery, and data protection in a virtual environment requires new thinking. Traditional solutions often do not translate well to the virtual environment, and, in some cases, can prevent organizations from realizing the full value of
virtualization. The Symantec solution integrates ApplicationHA closely with VMware to deliver business-critical levels of availability, disaster recovery, and data protection, without compromising the capabilities and benefits of virtualization.
The reference architecture offers a comprehensive solution for backing up guest operating system and application data online, without disruption to services, while minimizing impact on virtual machine resources. NetBackup for VMware offers complete protection of Windows VMs, including Exchange, SharePoint, and SQL Server VMs. For RDM storage, NetBackup agents protect the application contents external to VMware. In both cases, V-Ray technologies provide any-level of recovery of VMs, files, databases, and application content from the same backup image.
Migrating applications to virtual environments introduces new security concerns that must be addressed—in particular, threats to virtual machines through the VMware hypervisor. The reference architecture addresses these risks with SCSP software, which deploys agents to protect the Sphere vCenter console, ESXi Server, and the guest operating systems.
Organizations are expected to adapt the solution to meet their specific needs. For example, if an organization has standardized on Veritas Cluster Server (VCS) for high availability across their physical and virtual environments, VCS can be deployed as an alternative to ApplicationHA. Similarly, the security architecture can be further expanded to include Symantec end-point protection, encryption, authentication, and antivirus solutions.
Hardware Version/Type QTY Source BL460 (or equivalent) 6 x BL460c G6 with:
• 2P/8C 2.93GHz (Xeon X5570) • 48GB RAM
• 2 x 300GB 10K SAS disks
• 4 x BL460c G6 installed with ESXi 5.0 (2 x BL460c G6 Management and RDP Server)
6 HP
DL580 (or equivalent) 1 x DL580 G7 with:
• 4P/32C 2.27GHz (Xeon X7560) • 256GB RAM
• 8 x 146GB 15K SAS disks Installed with ESXi 5.0.
1 HP HP P6300 1 x P6300 with: • 10 x 300GB 15K SAS (3TB) • 8Gb FC 2 HP HP 6500 • 48 x 300GB 15K SAS (14.4TB) • 8Gb FC 1 HP
HP V Series 3PAR 3 TB RAID 5 1 HP
HP B6200 StoreOnce 1 HP
Appendix A: Test infrastructure
TTes
est infras
t infrastructure utiliz
tructure utilized
ed
The following table describes the hardware used in the Symantec virtualization reference architectures testing. Equivalent hardware from alternate suppliers is acceptable. See hardware compatibility listings (HCLs) for the software products involved.
Notes:
