Saturday, May 27, 2017

Monday, August 19, 2013

Sending and Receiving Messages from Multiple Locations in Exchange

 2013

 

Most organizations are spread across multiple locations in today’s business world. Exchange being such a critical application, it’s essential to make sure that it is up and running around the clock without any downtime. Regarding High Availability and Disaster Recovery, Exchange 2013 has many features due to new improvements and some changes with DAGs as compared to Exchange 2010. How would you provide a redundant path to send and receive emails from the Internet if an entire primary site goes down and exchange is running from the DR site?  Of course we can add additional servers in the DMZ to take up the load if one or more server goes down. What though could you do if the complete Datacenter goes down?
Let’s consider an example where we have two datacenters where Exchange servers are hosted.  The primary datacenter is in New York and has internet access to send and receive external emails through the internet and the other datacenter in Dallas. Both are interconnected by a high speed WAN network.
Figure 1 (seen below) is a visual representation of the above scenario:
Krishna1
Figure 1. Email flow between primary, secondary datacenter and internet.
In the above example the first datacenter (New York) has Exchange servers with DAG configurations and provides the site resiliency option using the alternative datacenter at Dallas. It also has the internet connectivity to send and receive internet email. The second datacenter in Dallas hosts only the Exchange server. If the Exchange servers in the primary datacenter are lost, the DAG will activate the passive copies of a mailbox database in Dallas and users will be able to connect to Dallas Exchange servers to access their email.
With the loss of the primary datacenter in New York, we also loose the DMZ. This will impact the internet mail flow to the organization. Users will not be able to send and receive email over the internet. This can cause a huge data loss (not to mention revenue loss). Let us work on a solution by providing a redundant path to send and receive email over the internet.
In our design example Exchange is configured in both AD sites. The primary site in New York hosts the Active copies while the secondary site in Dallas hosts the passive copies.  New York is the only AD site which is connected to internet.  To provide alternative internet mail flow we need to connect the Dallas AD site to the internet through the Dallas DMZ.  Figure 2, shows these details.  Just a connection to the internet at Dallas will not serve the purpose though.

Krishna2
Figure 2. New internet mail flow configuration through Dallas datacenter.

Let’s list down the simple steps to configure Dallas to send and receive mail over internet. 
Configuring Dallas Site to Accept Messages via Internet
  • Create and configure a new DMZ in Dallas
  • Connect Dallas DMZ to internet through a different ISP (Internet Service Provider) than the New York AD site.
  • Add and configure new Sendmail servers and other gateway servers(Iron port etc.) at Dallas DMZ
  • Configure Sendmail servers to accept email from Internet and forward to internal Dallas Exchange 2013 CAS server
  • Configure Dallas Exchange 2013 CAS server’s to accept email from DMZ through receive connector on SMTP port 25.
  • Finally last but not least, the most important task is to configure Internet DNS with a new DNS MX record entry, but with higher preference than New York Sendmail DNS MX record

All email from internet will be sent to the DNS MX record with lowest preference and if lowest preference is not reachable/available, then the email will be send to next highest preference. It is recommended to keep higher preference for MX record in different regions. This provides the alternative path to accept email, if the primary site goes down.

Configuring Dallas Site to Send Messages to Internet. (some steps already defined above)
  • Dallas is already connected to internet, now you just configure Sendmail and other servers (DLP etc.) to accept email from Dallas Exchange 2013 CAS servers only and forward it to Internet
  • Create and configure new Send connector to send email to Internet. We need to make sure that the source servers are Exchange 2013 Dallas CAS servers only and destination servers are Sendmail/Iron port servers in DMZ
  • Finally, configure SPF (Sender Frame work Policy) and Sender ID at the DNS with Public/External IP address of the Dallas Sendmail servers.  This is to certify that new Sendmail in Dallas DMZ is a trusted sender and email can be safely accepted at the target

It’s important to configure SPF and Sender ID correctly. Any misconfigurations can lead to non-delivery of messages to the target recipient. Most organizations accept email from the internet only if the message is from a trusted source.

Configuring alternative paths to send and receive internet messages are expensive. You would need similar number of servers, overall network infrastructure (DMZ and Exchange 2013 servers), configuration, and even the network bandwidth at Secondary site. This would be in case it must take up the complete internet email load in the event of primary datacenter failure. 

Wednesday, August 14, 2013

Windows Hyper-V VM Licensing (Standard, Enterprise, Datacenter)


Like a physical machine, a virtual machine running any version of Microsoft Windows requires a valid license. Microsoft has provided a mechanism by which your organization can benefit from virtualization and save substantially on licensing costs. These rules are dependent on the hardware, not the hypervisor. Therefore, you are allowed to exploit Microsoft’s virtualization licensing rights on any hypervisor that you choose, including Microsoft’s Hyper-V, VMWare’s ESXi, Citrix’s XenServer, or any other.

OEM Licensing

OEM (original equipment manufacturer) licensing deserves its own section because it has one critical difference from all other types of licensing. An OEM license is a special type of license that can only be issued by a company that sells hardware. The license is permanently bound to whatever piece of hardware it was sold with. This type is most commonly sold by system builders such as Dell or Hewlett-Packard, but they are also sometimes sold by component vendors as well. Terms vary, but in general, an OEM license is permanently bound to the motherboard of the system the license was shipped with. If your hardware came with a Windows license sticker affixed, that represents an OEM license. All other types of licenses (retail, volume, academic, etc.) are transferable. They can only be used on a specific number of systems concurrently.

Microsoft Windows Server Virtualization Rights

Each different edition of Windows Server provides unique virtualization rights.
  • Standard Edition: 1 physical machine, 1 virtualized machine
  • Enterprise Edition: 1 physical machine, 4 virtualized machines
  • Datacenter Edition: 1 physical CPU socket, unlimited virtualized machines
In a single physical host environment, these rights are very straightforward. You assign the physical license to the physical machine, and you can then install as many virtual machines running Windows Server as you are granted licenses for. If you need more licenses, you just acquire the necessary additional virtualized licenses.
Hyper-V-VM Licensing
Things get a little more complicated in multi-server and cluster environments. The physical licenses are assigned to a particular piece of hardware and their virtualization rights are bound to the license. Therefore, you cannot split them across different pieces of hardware.
Hyper-V-Cluster Licensing
However, if all of the above virtual machines are only running one on physical server and both physical servers are connected in a cluster, then the deployment can be covered by a single license. This presumes that if the physical servers are running Windows as their base operating system that the server with no virtual machines is not providing any other Windows services. If it is not, or if it is running a different operating system, then there is no cause for concern. The only other potential restriction is that the license cannot be OEM, since that type of license is never transferable under any circumstances. If the physical server running the virtual machines should fail, the cluster service will bring all of the virtual machines up automatically. Since there is no time in which the virtual machines are split across the two physical servers, this is a completely valid use of your license.
Hyper-V NON OEM Licensing-3
Note that in the above scenario, if you spot the impending failure and transition the virtual machines by LiveMigration, you are out of license compliance for the entire time that any active virtual machine is running on a different physical server than the others.

Assigning and Tracking Licenses

There is no real mechanism by which you assign the licenses in the above scenario. If you install Windows Server directly to the physical hardware, it will need to be activated but it will only take one license key. If you use native Hyper-V or a different hypervisor, the physical licenses are not tracked at all. Similarly, the virtual machines will each need to activate as well, but they will be completely oblivious as to whether or not they are running on a physical host that is in compliance. It is up to you to ensure that you are properly licensed for all possible scenarios.

Downgrade Rights

Depending on the license that you purchase, you may have “downgrade” rights. These are most commonly found in volume licensing, so if you have Open or Select then you probably qualify. For information on retail, OEM, and other license types, consult your license agreement or vendor for more information. With downgrade rights, you are allowed to use older Windows operating systems and lower editions. So, if you have a pair of dual core physical servers in a cluster and you’ve purchased Windows Server 2008 R2 Datacenter Edition for four CPUs, you are allowed to install any edition of Windows Server from 2008 R2 back to 2003 R2 and in any edition. If you’ve acquired a single Windows Server 2008 R2 Enterprise Edition license, the four virtual machines can be Standard Edition or Enterprise Edition and can also be any version back to 2003 R2.

Microsoft Windows Client Virtualization Rights

Microsoft does not offer a comparable program for desktop operating systems such as Windows 7. However, if you have Software Assurance for your desktop operating system, it allows you to connect to virtualized desktops within a Virtual Desktop Infrastructure (VDI) environment. If you don’t have Software Assurance, you may purchase a Virtual Desktop Access (VDA) license, which allows the licensed device to connect to and use a virtualized instance of a Windows desktop operating system. The virtualized instance of the Windows guest must have its own license and any desktop used to access it must also be properly licensed.
We’re working on a free calculator to help demystify licensing, if you’d like us to contact you when we release it, subscribe to our RSS feed or Email feed below.

Backup Hyper-V

We hope you found this article useful, if you’re interested in backing up your Hyper-V environment, check out our free Hyper-V Backup which backs up 2 VMs for free, or try our unlimited Hyper-v backup version for 30 days.


Read more: http://www.altaro.com/hyper-v/windows-hyper-v-virtual-machine-licensing-standard-enterprise-datacenter/#ixzz2bvo06fMT

Tuesday, August 13, 2013

Implementing Windows Server 2012 Hyper-V Failover Clustering



A failover cluster is a group of two or more computers working together to increase the availability of a clustered services or applications. To make virtual machines highly available in Hyper-V environment, we must implement failover clustering on the Hyper-V host servers. Windows Server 2012 Hyper-V comes with a number of new features and improvements for Hyper-V high availability and virtual machine mobility. In this article, I will walk you through everything we need to do to build Hyper-V failover cluster including how to validate, create, manage and test our high availability VMs via Failover Cluster Manager. In this article, we will build a two-node failover cluster using iSCSI QNAP storage, using three Networks for failover cluster network. Thanks to Sky Nepal Pvt. Ltd. (http://www.skynepal.com.np) for providing servers and QNAP storage for this lab setup.
KTM HA Fig
fig.
Prerequisites:
  • Make sure both Hyper-V servers are joined to the same Active Directory Domain
    AD Joined
  • Configure the Network Card for a Failover ClusterRename Network
  • Rename all the Network Cards
    •  Configure the Public NetworkHere we have defined Public Network as Production. Deselect any unnecessary protocols or features that will not be used or is not necessary.
      1
       2 
    • Configure the Private Cluster Network:
      1. Here we have defined Private Cluster Network as Cluster Heartbeat Network.
      2. Complete the following TCP/IP settings for Cluster Heartbeat Network.
        1 
    • Configure the Storage Network:
      1. For the storage connection, we have renamed as Storage Network.
      2.  Do the same as the Private Cluster Network TCP/IP settings.
  • Set the Network Priority (arrange binding order)
As for the best practice, network need to be prioritized properly.
Network Connections 2
Network Connections 3 Advanced Settings

Lab Environment:
  • One Domain Controller, named KTM-DC01, for “msserverpro.com” domain.
  • Two Hyper-V Hosts, named “KTM-HOST1” and “KTM-HOST2” are joined “msserverpro.com”.
  • Both Hyper-V Hosts contain 3 network cards as shown in figure.
    • Production network – 192.168.10.0 /24
    • Cluster Heartbeat Network – 192.168.12.0/24
    • Storage Network – 192.168.11.0/24
  • One virtual switch, name “Production” on each Hyper-V Hosts.
  • Few VMs are located on KTM-HOST1 and KTM-HOST2.
Steps to Implementing Windows Server 2012 Hyper-V Failover Clustering:
Step 1: Configure Shared Storage (iSCSI Target)
Step 2: Connect to iSCSI target from both host machines
Step 3: Initializing Disks
Step 4: Install Hyper-V Roles on both host machines
Step 5: Install Failover Cluster Features on both host machines
Step 6: Create a Virtual Switch (Production) on both host machines
Step 7: Validate the cluster configuration
Step 8: Creating a Hyper-V Failover Cluster
Step 9: Rename Cluster Networks
Step 10: Enabling Cluster Shared Volumes
Step 11: Create a VM and Configure for High Availability
Step 12: Making an existing VM Highly Available
Step 13: Testing the Failover Cluster

Step 1: Configure Shared Storage (iSCSI Target)
Here we are using QNAP shared storage
2
3
4
5
6

7

8
9
10
11
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
17
18
19
20
21

Step 2: Connect to iSCSI target from both Hyper-V HOSTS
1. On the KTM-HOST1, Open Server Manager, click Tools, and then click iSCSI Initiator. At the Microsoft iSCSI prompt, click Yes.
1
1B
2. On the iSCSI Initiator Properties dialog box, click Discovery tab and then click Discover Portal.
2

On the Discover Target Portal, In the IP address or DNS name box, 192.168.11.1, which is the IP Address ofiSCSI target server and then click OK.
3
3b
4. Click Targets tab. Click Refresh. The previously created targets are listed in the Discovered targets section. Select each of the targets list and click Connect to add them.
4
5. On the Connect To Target dialog box, select Add this connection to the list of Favorite Targets, and then click OK.
5
5b
6. Click OK to close iSCSI Initiator Properties.
7. Do the same process on KTM-HOST2.
Step 3: Initializing Disks
1. On the KTM-HOST1, Open Server Manager, click Tools, and then click Computer Management.
2. On the Computer Management, go to Storage and then click Disk Management.
3. Right-click on Disk 3, and then click Online.
3
4. Right-click on Disk 3, and then click Initialize Disk. In the Initialize Disk dialog box, click OK.
4
4b
5. On Disk 3Right-clickon the unallocated space, and then click New Simple Volume.
5i
6. On the Welcome to the New Simple Volume Wizard page, click Next.
6

7.
 On the Specify Volume Size page, click Next.
7
8. On the Assign Drive Letter or Path page, click Next.
8
9. On the Format Partition page, in the Volume label box, type QuorumSelect the Perform a quick format check box, and then click Next.
9
10. On the Completing the New Simple Volume Wizard page, click Finish.
10
11. Do the same process on remaining Disk1 and Disk2.
11
12. Log on KTM-HOST2, Open Server Manager, and then Open Computer Management.
13. On Computer Management page, expand Storage, and then click Disk Management.
14. Right-click on Disk Management, and then click Refresh.
15. Right-click on Disk3, and then click Online.
16. Do the same process on Disk1 and Disk2.
Step 4: Install Hyper-V Server Roles on both Hyper-V Server
1. On the KTM-HOST1, Open Server Manager, click on the Manage Menu, and then click Add Roles and Features.
1
2. On the Before you begin page of Add Roles and Features Wizard page, click Next.
2
3. On the Select installation type, select Role-based or feature-based installation, click Next.
3
4.On the Select destination server, ensure that KTM-HOST1.msserverpro.comis selected and click Next.
4
5. On the Select server roles page, select Hyper-V, In the Add Roles and Features Wizard dialog box, clickAdd Features and then click Next.
5
5a
5b
6. On the Select features page, click Next.
6
7. On the Hyper-V page, click Next.
7
8.  On the Create Virtual Switches page, make sure no selection have been made, and click Next.
8
9. On the Virtual Machine Migration page, click Next.
9
10. On the Default Stores page, click Next.
10
11. On the Confirm installation selections page, select Restart the destination server automatically if required, In the Add Roles and Features Wizard dialog box, click Yes and then click Install.
11
11a
12. Then the Installation progress begins, and verify Installation succeeded and then click Close.
12
12a
13. Do the same process on KTM-HOST2.

Step 5: Create a Virtual Switch (Production)
1. On the KTM-HOST1, Open Server Manager, Click Tools menu, and click Hyper-V Manager.
1
2. On the Hyper-V Manager console, from the Action menu, click Virtual Switch Manager.
2
3. Under Create virtual switch, select External and then click Create Virtual Switch.
3
4. On the New Virtual Switch page, type Production in Name box, make sure you use exactly the same name on both Hyper-V Host server (KTM-HOST1, KTM-HOST2). In Connection type, click External network  and then select the physical network adapter. Click Apply.
4
5. In the Apply Networking Changes dialog box, click Yes.
5
5a
6.Do the same process on KTM-HOST2.

Step 6: Install Failover Cluster Features on both Hyper-V Server
1. On the KTM-HOST1, Open Server Manager
2. From the Dashboard, click Manage menu, and then click Add Roles and Features.
2
3. On the Before you begin page, click Next.
3
4. On the Select installation type page, select Role-based or feature-based installation and then click Next.
4
5. On the Select destination server page, make sure KTM-HOST1.mserverpro.com is selected underServer Pool and click Next.
5
6. On the Select server roles page, click Next.
6
7. On the Select features page, select Failover Clustering. In the Add Roles and Features Wizard dialog box, click Add Features and then click Next.
7
7a
8. On the Confirm installation selections page, select Restart the destination server automatically if required. In the Add Roles and Features Wizard dialog box, Click Yes and then click Install.
8
8a
8b
9. On the Installation progress page, Installation started and verify Installation succeeded and then clickClose.
9
10. Do the same process on KTM-HOST2.

Step 7:  Performing Cluster Validation Tests
1. On the KTM-HOST1, Open Server Manager, click Tools menu and then click Failover Cluster Manager.
2. In the Failover Cluster Manager, in the center pane, click Validate Configuration under Managementpane.
2
3. On the Before You Begin page, click Next.
3
4. On the Select Servers or a Cluster page, type KTM-HOST1,KTM-HOST2 in Enter name box , click Addand verify in Selected servers list and then click Next.
4
4b
5. On the Testing Options page, select Run all tests (recommended) and click Next.
5
6. On the Confirmation page, confirm the Servers to Test and click Next.
6
7. On the Validating page, the following validation tests are running..
7
7a
8. On the Summary page, verify Testing has completed successfully and the configuration is suitable for clustering, then click View Report for Failover Cluster Validation Report.
8i
8cFailover Cluster Report
10. Click Finish.
8b

Step 8: Creating a Hyper-V Failover Cluster
1. On the KTM-HOST1, Open Server Manager, click Tools menu and then click Failover Cluster Manager.
2. In the Failover Cluster Manager, in the center pane, click Create Cluster under Management pane.
2
3. On the first Before You Begin page, click Next.
3
4. On the Select Server page, type KTM-HOST1, KTM-HOST2 in Enter server name box and click Add. Verify that servers are in Selected servers list and click Next.
4
4a
5. On the Access Point for Administering the Cluster page, in the Cluster name box, type KTMVMCluster. Under Address, in the IP address name box, type 192.168.10.5 and then click Next.
5
6. On the Confirmation page, verify the information and click Next.
6
7. After this confirmation, Creating New Cluster process begins.
7
7a
8. On the Summary page, verify that You have successfully completed the Create Cluster Wizard, clickView Report for more details.
8
8a
9. On the Summary page, click Finish.
9

Step 9: Rename Cluster Networks:
1. Open Failover Cluster Manager, expand Networks and then rename the Cluster Networks. By default it is name as Cluster Network 1, Cluster Network 2, Cluster Network 3 and so on..
1 KTMHVCluster
2 Cluster Heartbeat Network
2aCluster Heartbeat Network Properties
3 Production
3a Production Properties
4 Storage Network
4aStorage Network Properties

Step 10: Enabling Cluster Shared Volumes
1. Open Failover Cluster Manager.
2. Expand Storage and select Disks.
2

3. Right-click on Cluster Disk 1 and select Add to Cluster Shared Volumes and verify that Cluster Disk1 will be changed to Cluster Shared Volume.
3
3a
4. Do the same process for Cluster Disk 3.
4
4a
Step 11: Configuring a Highly Available Virtual Machine
1. Open Failover Cluster Manager.
2. In the Failover Cluster Manager, Right-click on Roles, select Virtual Machines and then click New Virtual Machine…
2
3. On the New Virtual Machine wizard page, select Cluster Hyper-V nodes and click OK.
3
4. On the Before You Begin page, click Next.
4
5. On the Specify Name and Location page, type KTM-WEB for the Name: and then click Store the virtual machine in a different location and then click Browse. And select C:\ClusterStorage\Volume1 and clickNext.
5
6. On the Assign Memory page, type 4096 and select Use Dynamic Memory for this virtual machine and click Next.
6
7. On the Configure Networking page, select Production in Connection drop-down menu and click Next.
7
8. On the Connect Virtual Hard Disk page, click Create a virtual hard disk and then click Next.
8
9. On the Installation Options page, click Install operating system from a boot CD/DVD-ROM, selectPhysical CD/DVD drive:G. Here G is the drive letter of DVD Drive and Click Next.
9
10. On the Completing the New Virtual Machine Wizard page, verify description and click Finish.
10
10a
11. On the Summary page of High Availability Wizard page, click Finish.
11
12. Right-Click On KTM-WEB virtual machine and then click Start.
12
13. Verify that the virtual machine successfully Running. And follows the Setup Instruction…
13

Step 12: Making an Existing VM Highly Available
1. On KTM-HOST1, Open Hyper-V Manager, Right-click on the virtual machine, KTM-DC01, and chooseMove.
1
2. On the Before You Begin page, click Next.
2
3. On the Choose Move Type page, select Move the virtual machine’s storage, and click Next.
3
4. On the Choose Options for Moving Storage page, select Move all of the virtual machine’s data to a single location and then click Next.
4
5. On the Choose a new location for virtual machine page, click Browse. Open Windows Explorer and navigate to C:\ClusterStorage\Volume1\KTM-DC01 in New location Folder and click Next.
5
5a
6. On Completing Move Wizard page, review the description and Click Finish.
6
6a
6b
7. Verify the storage location to ClusterStorage Volume.
7
8. Open Failover Cluster Manager console, Right-click on Roles and select Configure Role..
8
9. On the Before You Begin page, click Next.
9
10. On the Select Role page, select Virtual Machine and click Next.
10
11. On the Select Virtual Machine page, select the virtual machine, KTM-DC01, that you want to configure for High availability and click Next.
11
12. On the Confirmation page, verify the virtual machine and click Next.
12
13. On the Configure High Availability page, virtual machine configuration has changed…
13
14. On the Summary page, verify the success result and click Finish.
14

Step 13: Testing the Failover Cluster
There are three ways to see failover in action on a Hyper-V failover cluster. The first is to perform the Live Migration, which is called Planned Failover. The second is to simulate a failure and is called an Unplanned Failover. The third is to experience an actual failure. That said, I would not recommend you that power cables be unplugged during test of the cluster. This might be the actual scenario when the power fails but that can also be tested by physically shutting down one of the cluster nodes gracefully.
Simulation a Planned Failover
To test planned failover, we can move the HA virtual machine from one node to another node. Here KTM-HOST1 to KTM-HOST2 or reverse. Here, we are using Live Migration option for Test a Planned Failover.
1. To perform the Live Migration, in Failover Cluster Manager, Expand NodesRight-Click on the HA VM, click Move and select to Live Migration and click Select Node..
1
2.  In the Move Virtual Machine dialog box, select the other Cluster nodes and then click OK.
2
3. Live Migration process started and keep track of the migration status in Failover Cluster Manager.
3
3a
Simulating an Unplanned Failover
To test an unplanned failover of the HA virtual machine, we can stop the Cluster service on the node that owns the HA virtual machines.
1. In the Failover Cluster Manager console, expand NodesRight-click on one of the node to test Unplanned Failoverpoint to More Actions and then click Stop Cluster Service.
1
1b
1c
2. Verify that the virtual machine moves to the other mode. This might take a short delay while this process.
2
2a

2b
2c
3. After finished the testing of an unplanned failover, start the Start Cluster Service of KTM-HOST1..
3i


Summary:
Failover clustering with Hyper-V is essential to high availability and resilient systems that are at the heart of your business. Windows Server 2012 Hyper-V provides interesting and friendly options for adding Hyper-V high availability and virtual machine mobility to your virtual machines. This exercise will help IT professionals get their experience for the failover scenario that they may encounter during their career.