Microsoft Exchange Server on VMware vSphere Exchange Server 2016 / vSphere 6 BEST PRACTICES GUIDE Microsoft Exchange Server on VMware vSphere Table of Contents 1. 2. Introduction ........................................................................................................................................... 5 1.1 Purpose........................................................................................................................................ 5 1.2 Target Audience .......................................................................................................................... 5 1.3 Scope ........................................................................................................................................... 6 1.4 External References .................................................................................................................... 6 ESXi Host Best Practices for Exchange ............................................................................................... 7 2.1 2.1.1 Physical and Virtual CPUs ...................................................................................................... 7 2.1.2 Architectural Limitations in Exchange Server.......................................................................... 7 2.1.3 vSphere Virtual Symmetric Multiprocessing ............................................................................ 7 2.1.4 CPU Reservations ................................................................................................................... 9 2.1.5 Virtual Cores and Virtual Sockets............................................................................................ 9 2.1.6 Hyper-threading ..................................................................................................................... 10 2.1.7 Non-Uniform Memory Access ............................................................................................... 11 2.1.8 vNUMA and CPU Hot Plug.................................................................................................... 12 2.2 Memory Configuration Guidelines ............................................................................................. 12 2.2.1 ESXi Memory Management Concepts .................................................................................. 13 2.2.2 Virtual Machine Memory Concepts ....................................................................................... 13 2.2.3 Allocating Memory to Exchange Virtual Machines ................................................................ 13 2.2.4 Memory Hot Add, Over-subscription, and Dynamic Memory ................................................ 15 2.3 Storage Virtualization................................................................................................................. 16 2.3.1 Raw Device Mapping ............................................................................................................ 17 2.3.2 In-Guest iSCSI and Network-Attached Storage .................................................................... 19 2.3.3 Virtual SCSI Adapters ........................................................................................................... 19 2.3.4 Virtual SCSI Queue Depth .................................................................................................... 20 2.3.5 Exchange Server 2016 on All-Flash Storage Array .............................................................. 21 2.4 Networking Configuration Guidelines ........................................................................................ 24 2.4.1 Virtual Networking Concepts ................................................................................................. 24 2.4.2 Virtual Networking Best Practices ......................................................................................... 26 2.4.3 Sample Exchange Virtual Network Configuration ................................................................. 26 2.5 3. CPU Configuration Guidelines ..................................................................................................... 7 Power Management................................................................................................................... 27 2.5.1 Server Hardware BIOS Settings............................................................................................ 28 2.5.2 ESXi Host Power Settings ..................................................................................................... 29 2.5.3 Windows Guest Power Settings ............................................................................................ 30 Using vSphere Technologies with Exchange Server 2016 ................................................................ 32 3.1 Overview of vSphere Technologies ........................................................................................... 32 BEST PRACTICES GUIDE / PAGE 2 OF 58 Microsoft Exchange Server on VMware vSphere 3.1.1 vSphere HA ........................................................................................................................... 32 3.1.2 DRS ....................................................................................................................................... 32 3.1.3 vSphere vMotion ................................................................................................................... 33 3.2 3.2.1 Enable DRS in Fully Automated Mode .................................................................................. 36 3.2.2 Use Anti-Affinity Rules for Exchange Virtual Machines......................................................... 37 3.2.3 DRS Groups and Group-Based Rules .................................................................................. 39 3.3 4. vSphere High Availability ........................................................................................................... 40 3.3.1 Admission Control ................................................................................................................. 41 3.3.2 Virtual Machine Monitoring .................................................................................................... 41 3.3.3 Using vSphere HA with Database Availability Groups .......................................................... 41 Exchange Performance on vSphere .................................................................................................. 43 4.1 Key Performance Considerations .............................................................................................. 44 4.2 Performance Testing ................................................................................................................. 44 4.2.1 Internal Performance Testing ................................................................................................ 44 4.2.2 Partner Performance Testing ................................................................................................ 45 4.3 5. vSphere Distributed Resource Scheduler ................................................................................. 36 Ongoing Performance Monitoring and Tuning........................................................................... 45 VMware Enhancements for Deployment and Operations .................................................................. 48 5.1 VMware NSX for vSphere.......................................................................................................... 48 5.1.1 VMware NSX Edge ............................................................................................................... 48 5.1.2 VMware NSX Distributed Firewall ......................................................................................... 50 5.2 VMware vRealize Operations Manager ..................................................................................... 51 5.3 Site Recovery Manager ............................................................................................................. 52 BEST PRACTICES GUIDE / PAGE 3 OF 58 Microsoft Exchange Server on VMware vSphere List of Figures Figure 1. New Virtual Machine CPU Configuration 10 Figure 2. NUMA Architecture Sizing 12 Figure 3. Virtual Machine Memory Settings 13 Figure 4. VMware Storage Virtualization 16 Figure 5. Storage Multi-pathing Requirements for vSphere 17 Figure 6. Storage Distribution with Multiple vSCSI Adapters 20 Figure 7 Common Points of Storage IO Queues 21 Figure 8. Cost of Ownership Comparison 23 Figure 9 - Data Reduction Ration on XtremIO 24 Figure 10. vSphere Virtual Networking Overview 25 Figure 11. Sample Virtual Network Configuration 27 Figure 12- Default ESXi 6.0 Power Management Setting 28 Figure 13 - Recommended ESXi Host Power Management Setting 30 Figure 14. Windows CPU Core Parking 31 Figure 15. Recommended Windows Guest Power Scheme 31 Figure 16. vSphere Distributed Resource Scheduler Anti-Affinity Rule 37 Figure 17. HA Advanced Configuration Option for DRS Anti-Affinity Rules 38 Figure 18. Improved vSphere HA and DRS Interoperability in vSphere 6.0 38 Figure 19. Must Run on Rule Example 39 Figure 20. Should Run on Rule Example 40 Figure 21. Virtual Machine Perfmon Counters 46 Figure 22. Load-Balancing Exchange Server 2016 with NSX Edge Error! Bookmark not defined. Figure 23. NSX Distributed Firewall Capability 51 Figure 24. vRealize Operations 52 Figure 25. VMware Site Recovery Manager – Logical Components 54 Figure 26. Challenges with Exchange Server DAG as a DR Solution 55 Figure 27. Faster Exchange Service Recovery with Site Recovery Manager Automated DR Workflows 56 Figure 28. Failover Scenarios with Site Recovery Manager 57 BEST PRACTICES GUIDE / PAGE 4 OF 58 Microsoft Exchange Server on VMware vSphere 1. Introduction Microsoft Exchange Server is the dominant enterprise-class electronic messaging and collaboration application in the industry today. Given the multitude of technical and operational enhancements in the latest released version of Microsoft Exchange Server (2016), customers are expected to continue using Exchange Server, which should retain its dominant position in the enterprise. While VMware® has historically supported Exchange Server virtualization, Exchange Server 2016 is the first version in which all the components and roles are officially supported for virtualization. See Exchange Server 2016 (https://technet.microsoft.com/en-us/library/mt170645%28v=exchg.160%29.aspx). Concurrent usage of the Exchange Server 2016 native high availability feature (Database Availability Group or DAG) with VMware vSphere® native high availability features is also supported. Because the vSphere hypervisor is part of the Microsoft SVVP program, virtualizing an Exchange Server 2016 instance on vSphere is fully supported (see https://www.windowsservercatalog.com/results.aspx?&bCatID=1521&cpID=11779&avc=0&ava=0&avq=0 &OR=1&PGS=25&ready=0). This document provides technical guidance for VMware customers who are considering virtualizing their Exchange Server on the vSphere virtualization platform. Enterprise communication and collaboration is now so integral to an organization’s operations that applications such as Exchange Server are now routinely classified as mission-critical. Organizations expect measurable and optimal performance, scalability, reliability, and recoverability from this class of applications. The main objective of this guide is to provide the information required to help a customer satisfy the operational requirements of running an Exchange Server 2016 on vSphere. 1.1 Purpose This guide provides best practice guidelines for deploying Exchange Server 2016 on vSphere. The recommendations in this guide are not specific to any particular hardware nor to the size and scope of any particular Exchange implementation. The examples and considerations in this document provide guidance but do not represent strict design requirements, because the flexibility of Exchange Server 2016 on vSphere allows for a wide variety of valid configurations. 1.2 Target Audience This guide assumes a basic knowledge and understanding of vSphere and Exchange Server 2016. • Architectural staff can use this document to gain an understanding of how the system will work as a whole as they design and implement various components. • Engineers and administrators can use this document as a catalog of technical capabilities. • Messaging staff can use this document to gain an understanding of how Exchange might fit into a virtual infrastructure. • Management staff and process owners can use this document to help model business processes to take advantage of the savings and operational efficiencies achieved with virtualization. BEST PRACTICES GUIDE / PAGE 5 OF 58 Microsoft Exchange Server on VMware vSphere 1.3 Scope The scope of this document is limited to the following topics: • VMware ESXi™ Host Best Practices for Exchange – Best practice guidelines for preparing the vSphere platform for running Exchange Server 2016. Guidance is included for CPU, memory, storage, and networking. • Using VMware vSphere vMotion®, VMware vSphere Distributed Resource Scheduler™ (DRS), and VMware vSphere High Availability (HA) with Exchange Server 2016 – Overview of vSphere vMotion, vSphere HA, and DRS, and guidance for usage of these vSphere features with Exchange Server 2016 virtual machines. • Exchange Performance on vSphere – Background information on Exchange Server performance in a virtual machine. This section also provides information on official VMware partner testing and guidelines for conducting and measuring internal performance tests. • VMware Enhancements for Deployment and Operations – Brief look at vSphere features and add-ons that enhance deployment and management of Exchange Server 2016. The following topics are out of scope for this document but are addressed in other documentation in the Microsoft Exchange Server 2016 on VMware Solution Sales Enablement Toolkit. • Design and Sizing Guidance – This information is available in the Microsoft Exchange Server 2016 on VMware Design and Sizing Guide. This document details the capacity planning process and provides sizing examples for split-role, multi-role, and real-world customer configurations. • Availability and Recovery Options – This document briefly covers VMware features that can enhance availability and recovery. An in-depth discussion of this subject is included in Microsoft Exchange Server 2016 on VMware Availability and Recovery Options. This and other guides are limited in focus to deploying Exchange on vSphere. Exchange deployments cover a wide subject area, and Exchange-specific design principles should always follow Microsoft guidelines for best results. 1.4 External References This document includes references to external links on third-party websites for the purposes of clarifying statements, where necessary. The statements are accurate as at the time of this writing. However, these third-party websites are not under the control of VMware, and the content available at those sites might change. BEST PRACTICES GUIDE / PAGE 6 OF 58 Microsoft Exchange Server on VMware vSphere 2. ESXi Host Best Practices for Exchange A well-designed VMware vSphere hypervisor platform is crucial to the successful implementation of virtualized enterprise applications such as Exchange Server. The following sections outline general best practices for designing vSphere for Exchange Server 2016. 2.1 CPU Configuration Guidelines The latest release of vSphere (vSphere 6.0) has dramatically increased the scalability of virtual machines, enabling configurations of up to 128 virtual processors for a single virtual machine. With this increase, one option to increase performance is simply to create larger virtual machines. But additional factors are involved in deciding how much processing power goes into a virtual machine. This section reviews features that are available in vSphere with regard to virtualizing CPUs. Where relevant, this document discusses the impact of those features to Exchange Server 2016 and the recommended practices for using those features. 2.1.1 Physical and Virtual CPUs VMware uses the terms virtual CPU (vCPU) and physical CPU (pCPU) to distinguish between the processors within the virtual machine and the underlying physical processor cores. Virtual machines with more than one virtual CPUs are also called symmetric multiprocessing (SMP) virtual machines. The virtual machine monitor (VMM) is responsible for virtualizing the CPUs. When a virtual machine begins running, control transfers to the VMM, which is responsible for virtualizing guest operating system instructions. 2.1.2 Architectural Limitations in Exchange Server Microsoft provides guidelines to calculate the required compute resources for a single instance of Exchange Server (as an application) so that Exchange Servers do not experience unintended performance degradation due to incorrect sizing. These maximums are the same whether the Exchange Server is virtualized or installed on physical servers. See the following table. Table 1. Exchange Server Maximum Supported Compute Resource Configuration Item Maximum Supported Memory Per Exchange Server Instance 96 GB Number of CPUs per Exchange Server Instance 24 2.1.3 vSphere Virtual Symmetric Multiprocessing VMware Virtual Symmetric Multiprocessing enhances virtual machine performance by enabling a single virtual machine to use multiple physical processor cores simultaneously. The most recent version of vSphere (version 6.1 as of the time of this writing) supports allocating up to 128 virtual CPUs per virtual machine. The biggest advantage of an SMP system is the ability to use multiple processors to execute multiple tasks concurrently, thereby increasing throughput (for example, the number of transactions per second). Only workloads that support parallelization (including multiple processes or multiple threads that can run in parallel) can benefit from SMP. BEST PRACTICES GUIDE / PAGE 7 OF 58 Microsoft Exchange Server on VMware vSphere Be aware of the maximum 24-vCPU requirement for Exchange Server 2016 when making your sizing decision. The fact that you could allocate up to 128 vCPUs to a VM should of less importance in this consideration. VMware strongly recommends that you allocate resources to a VM based on the actual needs of the applications hosted on the VM. The ESXi scheduler uses a mechanism called relaxed co-scheduling to schedule processors. Strict coscheduling requires all vCPUs to be scheduled on physical cores simultaneously, whereas relaxed coscheduling monitors time skew between vCPUs to make scheduling or co-stopping decisions. A leading vCPU might decide to co-stop itself to allow for a lagging vCPU to catch up. Consider the following points when using multiple vCPUs: • Virtual machines with multiple vCPUs perform well in the latest versions of vSphere, as compared with older versions where strict co-scheduling was used. • Regardless of relaxed co-scheduling, the ESXi scheduler prefers to schedule vCPUs together, when possible, to keep them in synch. Deploying virtual machines with multiple vCPUs that are not used wastes resources and might result in reduced performance of other virtual machines. For detailed information regarding the CPU scheduler and considerations for optimal vCPU allocation, please see the section on ESXi CPU considerations in Performance Best Practices for VMware vSphere 6.0 (http://www.vmware.com/files/pdf/techpaper/VMware-PerfBest-Practices-vSphere60.pdf?vmw_so_vex_mande_12%20-%20G6.1006951). • VMware recommends allocating multiple vCPUs to a virtual machine only if the anticipated Exchange workload can truly take advantage of all the vCPUs. • Use the Microsoft-provided Exchange Server role calculator sizing tool to aid in your sizing exercise (http://blogs.technet.com/b/exchange/archive/2013/05/14/released-exchange-2013-server-rolerequirements-calculator.aspx). Note the following: o The Exchange calculator is intentionally generous in its recommendation and limits. The recommendations might not be optimal for a virtualized workload. o The calculator does not factor in the Non-Uniform Memory Access (NUMA) topology of a given hardware when making compute resource recommendations. While Exchange Server (as an application) is unaware of NUMA optimization, VMware still recommends sizing a VM with the physical NUMA topology in mind. See Section 2.1.7, Non-Uniform Memory Access. o The calculator assumes a 10% hypervisor overhead in its computation. Although VMware testing indicates a variation of 3%-5% in a worst-case performance scenario, VMware recommends not changing this value in the calculator when modelling Exchange Server 2016 VMs for capacity. Given the relative age of Exchange Server 2016, the true impact of the hypervisor on Exchange Server 2016 is currently unknown. Leaving this value unchanged helps customers remain as compliant as possible with the Microsoft requirements. • If the exact workload is not known, size the virtual machine with a smaller number of vCPUs initially, and increase the number later if necessary. • Microsoft supports up to 2:1 virtual-to-physical CPU allocation for Exchange Server 2016 in a virtual environment. VMware recommends that, for the initial sizing of performance-critical Exchange virtual machines (production systems), the total number of vCPUs assigned to all the virtual machines be no more than the total number of physical cores on the ESXi host machine, not hyper-threaded cores. By following this guideline, you can gauge performance and utilization within the environment until you are able to identify potential excess capacity that could be used for additional workloads. BEST PRACTICES GUIDE / PAGE 8 OF 58 Microsoft Exchange Server on VMware vSphere • Although larger virtual machines are possible in vSphere, VMware recommends reducing the number of virtual CPUs for a VM if monitoring of the actual workload shows that the Exchange application is not benefitting from the increased virtual CPUs. 2.1.4 CPU Reservations Setting a CPU reservation sets a guaranteed CPU allocation for the virtual machine. This practice is generally not recommended because reserved resources are not available to other virtual machines, and flexibility is often required to manage changing workloads. However, SLAs and multitenancy might require a guaranteed amount of compute resource to be available. In these cases, reservations can be used to meet these requirements. VMware has conducted tests on virtual CPU over-commitment with SAP and SQL, showing that the performance degradation inside the virtual machines is linearly reciprocal to the over-commitment. Because the performance degradation is graceful, any virtual CPU over-commitment can be effectively managed by using DRS and vSphere vMotion to move virtual machines to other ESXi hosts to obtain more processing power. 2.1.5 Virtual Cores and Virtual Sockets vSphere now supports configuration of the number of virtual cores per virtual socket in the VMware vSphere Web Client. This feature provides two functions: • When used with virtual Non-Uniform Memory Access (vNUMA)-enabled virtual machines, this setting can be used to present specific NUMA topologies to the guest operating system. • More commonly, this feature allows a guest operating system to utilize all of its assigned vCPUs in the case of an operating system that is limited to a certain number of CPUs. On vSphere, virtual CPUs can be allocated to a virtual machine by socket, or by number of cores per socket. Controlling vCPUs by number of cores can help you overcome the limitations in previous versions of the Windows operating system. As an example, Windows Server 2008 R2 Standard Edition is limited to seeing four CPUs. In a physical environment, physical servers with more than four sockets utilize only the total cores in four of those sockets. In previous versions of vSphere, configuring a Windows Server 2008 R2 Standard virtual machine with more than four vCPUs resulted in the virtual machine seeing only four vCPUs. This was configurable within the virtual machine VMX file and is now configurable in the GUI. By configuring multiple cores per socket, the guest operating system can see and utilize all configured vCPUs. While controlling vCPU allocation through cores per socket helps overcome this limitation, the configuration also impedes the efficiency of the vSphere CPU scheduler’s resource optimization algorithms. The configuration can also present an incorrect NUMA topology to the underlying operating system, leading to performance penalty and impaired VM mobility within an ESXi cluster. Because Exchange Server 2016 requires a minimum OS version of Windows Server 2012 and the operating system does not suffer from the same socket limitations of prior Windows versions, VMware recommends that customers allocated virtual CPUs to an Exchange Server 2016 VM using the “Socket” option. VMware recommends that customers leave the cores per socket count at one at all times. BEST PRACTICES GUIDE / PAGE 9 OF 58 Microsoft Exchange Server on VMware vSphere The following figure shows the configuration interface. Figure 1. New Virtual Machine CPU Configuration Virtual machines, including those running Exchange Server 2016, should be configured with multiple virtual sockets/CPUs. Use the Cores per Socket option only if the guest operating system requires the change to make all vCPUs visible. Virtual machines using vNUMA might benefit from this option, but the recommendation for these virtual machines is to use virtual sockets (CPUs in the web client). Although Exchange Server 2016 is not a NUMA-aware application and performance tests have not shown any significant performance improvements by enabling vNUMA, the Windows Server 2012 OS is NUMAaware and Exchange Server 2016 (as an application) does not experience any performance, reliability, or stability issue attributable to vNUMA. 2.1.6 Hyper-threading Hyper-threading technology (recent versions are called symmetric multithreading, or SMT) allows a single physical processor core to behave like two logical processors, so that two independent threads are able to run simultaneously. Unlike having twice as many processor cores that can roughly double performance, Hyper-threading can provide anywhere from a slight to a significant increase in system performance by keeping the processor pipeline busier. For example, an ESXi host system enabled for SMT on an 8-core server sees 16 threads that appear as 16 logical processors. Previous guidance provided by Microsoft regarding Exchange sizing and the use of Hyper-threading led to some confusion among those looking at virtualizing Exchange Server. Microsoft has since updated all the applicable documents to clarify that statements relating to Hyper-threading and Exchange Server do not apply to the virtualization platforms. The Microsoft guidance in this respect is expected to complement Microsoft’s “Preferred Architecture” design option, which does not incorporate any virtualization design choices, options or considerations. See Ask The Perf Guy: What’s The Story With Hyper-threading and Virtualization? for the most recent guidance from Microsoft (http://blogs.technet.com/b/exchange/archive/2015/09/15/ask-the-perf-guy-what-s-the-story-with-Hyperthreading-and-virtualization.aspx). BEST PRACTICES GUIDE / PAGE 10 OF 58 Microsoft Exchange Server on VMware vSphere vSphere uses hyper-threads to provide more scheduling choices for the hypervisor. Hyper-threads provide additional targets for worlds, a schedulable CPU context that can include a virtual CPU or hypervisor management process. For workloads that are not CPU bound, scheduling multiple vCPUs onto a physical core’s logical cores can provide increased throughput by increasing the work in the pipeline. The CPU scheduler schedules to a whole core over a hyper-thread, or partial core, if CPU time is lost due to hyper-thread contention. Consequently, VMware recommends enabling Hyper-threading on the ESXi host if the underlying hardware supports the configuration. 2.1.7 Non-Uniform Memory Access In Non-Uniform Memory Access (NUMA) systems, a processor or set of processor cores have memory that they can access with very little latency. The memory and its associated processor or processor cores are referred to as a NUMA node. Operating systems and applications designed to be NUMA-aware can make decisions as to where a process might run relative to the NUMA architecture. This allows processes to access memory local to the NUMA node rather than having to traverse an interconnect, incurring additional latency. Exchange Server 2016 is not NUMA-aware, but both ESXi and Windows Server 2012 are NUMA-aware. vSphere ESXi provides mechanisms for letting virtual machines take advantage of NUMA. The first mechanism is transparently managed by ESXi while it schedules a virtual machine’s virtual CPUs on NUMA nodes. By attempting to keep all of a virtual machine’s virtual CPUs scheduled on a single NUMA node, memory access can remain local. For this to work effectively, size the virtual machine to fit within a single NUMA node. This placement is not a guarantee because the scheduler migrates a virtual machine between NUMA nodes based on the demand. The second mechanism for providing virtual machines with NUMA capabilities is vNUMA. When enabled for vNUMA, a virtual machine is presented with the NUMA architecture of the underlying hardware. This allows NUMA-aware operating systems and applications to make intelligent decisions based on the underlying host’s capabilities. By default, vNUMA is automatically enabled for virtual machines with nine or more vCPUs on vSphere. Because Exchange Server 2016 is not NUMA aware, enabling vNUMA for an Exchange virtual machine does not provide any additional performance benefit nor does doing so induce any performance degradation. Consider sizing Exchange Server 2016 virtual machines to fit within the size of the physical NUMA node for best performance. The following figure depicts an ESXi host with two NUMA nodes, each comprising four physical cores and 32GB of memory. The virtual machine allocated with four vCPUs and 24GB of memory can be scheduled by ESXi onto a single NUMA node. BEST PRACTICES GUIDE / PAGE 11 OF 58 Microsoft Exchange Server on VMware vSphere Figure 2. NUMA Architecture Sizing A virtual machine allocated with 6 vCPUs and 24 GB of memory must span NUMA nodes and might incur some memory access latency. The associated latency can be minimized or avoided through the use of the appropriate combination of vNUMA control options in the VM’s Advanced Configuration options. See “Specifying NUMA Control” (http://pubs.vmware.com/vsphere-60/topic/com.vmware.ICbase/PDF/vsphereesxi-vcenter-server-601-resource-managementguide.pdf#_OPENTOPIC_TOC_PROCESSING_d172e22169) in the VMware vSphere Resource Management Guide. While a virtual machine allocated with 8 vCPUs and 64GB can evenly span NUMA nodes and not incur the memory access latency issues described earlier, such configuration is neither recommended nor supported because the allocated memory size exceeds Microsoft’s recommendations for Exchange Server 2016 sizing. For large environments, you can test each configuration to determine whether additional latency associated with remote memory addressing warrants creating additional, smaller virtual machines. Verify that all ESXi hosts have NUMA enabled in the system BIOS. In some systems NUMA is enabled by disabling node interleaving. 2.1.8 vNUMA and CPU Hot Plug Enabling CPU hot add for a VM on vSphere disables vNUMA for the VM. Because Exchange Server does not benefit for either vNUMA or CPU hot add, VMware recommends that you do not enable CPU hot add for an Exchange Server 2016 VM. 2.2 Memory Configuration Guidelines This section provides guidelines for memory allocation to Exchange Server 2016 virtual machines. These guidelines consider vSphere memory overhead and the virtual machine memory settings. BEST PRACTICES GUIDE / PAGE 12 OF 58 Microsoft Exchange Server on VMware vSphere 2.2.1 ESXi Memory Management Concepts vSphere virtualizes guest physical memory by adding an extra level of address translation. Shadow page tables make it possible to provide this additional translation with little or no overhead. Managing memory in the hypervisor enables the following: • Memory sharing across virtual machines that have similar data – Same guest operating systems. • Memory over-commitment – Allocating more memory to virtual machines than is physically available on the ESXi host. • A memory balloon technique – Virtual machines that do not need all the memory they have been allocated give memory to virtual machines that require additional allocated memory. For a more detailed discussion of vSphere memory management concepts, see the “Memory Virtualization Basics” and “Administering Memory Resources” sections in the vSphere Resource Management guide (http://pubs.vmware.com/vsphere-60/topic/com.vmware.ICbase/PDF/vsphere-esxivcenter-server-601-resource-management-guide.pdf) for more detailed information. 2.2.2 Virtual Machine Memory Concepts The following figure illustrates the use of memory settings parameters in the virtual machine. Figure 3. Virtual Machine Memory Settings The vSphere memory settings for a virtual machine include the following parameters: • Configured memory – Memory size of virtual machine assigned at creation. • Touched memory – Memory used by the virtual machine. vSphere allocates guest operating system memory on demand. • Swappable – Virtual machine memory that can be reclaimed by the balloon driver or by vSphere swapping. Ballooning occurs before vSphere swapping. If this memory is in use by the virtual machine (touched and in use), the balloon driver causes the guest operating system to swap. Also, this value is the size of the per virtual machine swap file that is created on the VMware vSphere Virtual Machine File System (VMFS) file system. • If the balloon driver is unable to reclaim memory quickly enough or is disabled or not installed, vSphere forcibly reclaims memory from the virtual machine using the VMkernel swap file. 2.2.3 Allocating Memory to Exchange Virtual Machines Microsoft has developed a thorough sizing methodology for Exchange Server that has matured with recent versions of Exchange Server. VMware recommends using the memory sizing guidelines set by Microsoft. The amount of memory required for an Exchange Server 2016 is driven by the expected amount of loads that will be generated AND the total number of Exchange Servers that will be supporting the loads in the environment. Load characteristics include (but are not limited to) the following: BEST PRACTICES GUIDE / PAGE 13 OF 58 Microsoft Exchange Server on VMware vSphere • Number of mailbox users • Profile of mailbox usage pattern (size and number of emails sent and received) • Type and number of devices used for accessing emails • Anti-virus and other messaging security and hygiene solutions deployed on the server • Type and frequency of backup solution in use • High availability and resilience requirements As Exchange Servers are memory-intensive, and performance is a key factor, such as in production environments, VMware recommends the following practices: • Do not overcommit memory on ESXi hosts running Exchange workloads. If memory over-commitment cannot be avoided, use vSphere memory allocation options to guarantee required memory size to the Exchange Server, or to limit memory access for other, non-essential VMs in the vSphere cluster. • For production systems, it is possible to achieve this objective by setting a memory reservation to the configured size of the Exchange Server virtual machine. Note the following: o Setting memory reservations might limit vSphere vMotion. A virtual machine can be migrated only if the target ESXi host has free physical memory equal to or greater than the size of the reservation. o Setting the memory reservation to the configured size of the virtual machine results in a pervirtual machine VMkernel swap file of near-zero bytes that consumes less storage and eliminates ESXi host-level swapping. The guest operating system within the virtual machine still requires its own page file. o Reservations are recommended only when it is possible that memory might become overcommitted on hosts running Exchange virtual machines, when SLAs dictate that memory be guaranteed, or when there is a desire to reclaim space used by a virtual machine swap file. o There is a slight, appreciable performance benefit to enabling memory reservation even if you do not expect memory to be overcommitted in the vSphere cluster. • It is important to right-size the configured memory of a virtual machine. This might be difficult to determine in an Exchange environment because the Exchange JET cache is allocated based on memory present during service start-up. Understand the expected mailbox profile and recommended mailbox cache allocation to determine the best starting point for memory allocation. • Do not disable the balloon driver (which is installed with VMware Tools™) or any other ESXi memory management mechanism. Note the following: o Transparent Page Sharing (TPS): Page sharing enables ESXi hosts to more efficiently utilize it available physical memory to support more workloads. TPS is useful in scenarios where multiple VM siblings share the same characteristics (such as same OS and applications). In this configuration, vSphere is able to avoid redundancy by sharing similar pages among the different Exchange Server VMs. This sharing is transparent to the applications and processes inside the VM. o For security reasons, inter-VM page sharing is disabled by default on current versions of vSphere. While a VM continues to benefit from TPS in this configuration (the VM is able to share pages internally among its own processes and components), a greater benefit can be realized by enabling inter-VM page sharing. See “Sharing Memory Across Virtual Machine” in the vSphere BEST PRACTICES GUIDE / PAGE 14 OF 58 Microsoft Exchange Server on VMware vSphere Resource Management guide (http://pubs.vmware.com/vsphere60/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-601-resource-managementguide.pdf). Enable DRS to balance workloads in the ESXi host cluster. DRS and reservations can give critical workloads the resources they require to operate optimally. More recommendations for using DRS with Exchange Server 2016 are available in the “Using vSphere Technologies with Exchange Server 2016” section below. 2.2.4 Memory Hot Add, Over-subscription, and Dynamic Memory vSphere exposes the ability to add memory to a VM while the VM is powered on. Modern operating systems (including Windows) support this feature and are able to instantaneously detect and use the hotadded memory. While vSphere also enables the ability to hot remove memory from a VM, this capability is not supported by current versions of Windows, so it is unavailable to a Windows VM on vSphere. vSphere enables an administrator to allocate virtual memory to VMs beyond the physically available memory size of the ESXi host. This condition is called over-allocation, or over-subscription. Oversubscription is possible and non-intrusive and it is an essential core benefit of virtualization, because repeated testing has shown that VMs do not all fully utilize their allocated resources at the same time. If all VMs request their resources at the same time at any point in time, this creates resource overcommitment on the ESXi or cluster. Transient resource over-commitment is possible within a virtual environment. Frequent or sustained occurrence of such incidents is problematic for critical applications such as Exchange Server. Dynamic memory is a Microsoft Hyper-V construct that does not have a direct equivalence on vSphere. Even in an over-commitment scenario, the VM on vSphere is never induced to believe that its allocated amount of memory has been physically reduced. vSphere uses other memory management techniques for arbitrating contentions during a resource over-commitment condition In Exchange Server 2016, the JET cache is allocated based on the amount of memory available to the operating system at the time of service start-up. After being allocated, the JET cache is distributed among active and passive databases. With this model of memory pre-allocation for use by Exchange databases, adding memory to a running Exchange virtual machine provides no additional benefit unless the virtual machine was rebooted or Exchange services were restarted. Consequently, memory hot add is neither useable by nor beneficial to an Exchange Server VM and is, therefore neither recommended nor supported. In contrast, removing memory that JET had allocated for database consumption impacts performance of the store worker and indexing processes by increasing processing and storage I/O. Microsoft support for the virtualization of Exchange Server 2016 states that the over-subscription and dynamic allocation of memory for Exchange virtual machines is not supported. For the avoidance of confusion, refer to the preceding paragraphs to understand why these requirements are not relevant to Exchange Servers virtualized on the vSphere platform. Over-subscription is different from over-commitment. Over-subscription is benign and does not impact the VMs. Over-commitment is the adverse extension of over-subscription and should be avoided in all cases. However, if you expect that your ESXi cluster might occasionally experience resource contention as a result of memory over-commitment, VMware recommends that you judiciously reserve all of the memory that you have allocated to your Exchange Server VMs Because ESXi does not support hot unplug (hot removal) of memory from a Windows VM, the only way (outside of unsupported programmatic interference) to reduce the amount of memory presented to a VM running Exchange Server 2016 is by powering off the VM and changing the memory allocation. When the BEST PRACTICES GUIDE / PAGE 15 OF 58 Microsoft Exchange Server on VMware vSphere VM powers on again, the OS will see the new memory size, and Exchange Server will re-allocate the available memory to its worker processes. This is not dynamic memory. 2.3 Storage Virtualization VMFS is a cluster file system that provides storage virtualization optimized for virtual machines. Each virtual machine is encapsulated in a small set of files, and VMFS is the default storage system for these files on physical SCSI disks and partitions. VMware supports Fiber Channel, iSCSI, and network-attached storage (NAS) shared-storage protocols. It is preferable to deploy virtual machine files on shared storage to take advantage of vSphere vMotion, vSphere HA, and DRS. This is considered a best practice for mission-critical Exchange Server deployments that are often installed on third-party, shared-storage management solutions. VMware storage virtualization can be categorized into three pillars of storage technology, as illustrated in the following figure. The storage array is the physical storage pillar, comprising physical disks presented as logical storage volumes in the next pillar. Storage volumes, presented from physical storage, are formatted as VMFS datastores or with native file systems when mounted as raw device mappings. Virtual machines consist of virtual disks or raw device mappings that are presented to the guest operating system as SCSI disks that can be partitioned and formatted using any supported file system. Figure 4. VMware Storage Virtualization Exchange Server has improved significantly in the last couple of releases, and Exchange Server 2016 continues these improvements. The improvements have made Exchange Server less storage I/O intensive than before. This reality informs Microsoft’s preference for commodity-class direct-attached storage (DAS) for Exchange Server. While the case for DAS and JBOD storage for Exchange appears reasonable from the /O perspective, the associated operational and administrative overhead for an enterprise-level production Exchange Server infrastructure do not justify the guidance. BEST PRACTICES GUIDE / PAGE 16 OF 58 Microsoft Exchange Server on VMware vSphere To overcome the increased failure rate and shorter lifespan of commodity storage, Microsoft routinely recommends multiple copies of the Exchange data across larger sets of storage and Exchange Servers than operationally necessary. While VMware supports the use of converged storage solutions for virtualizing Exchange Server on vSphere, VMware recommends that customers using such solutions (VMware Virtual SAN™) thoroughly benchmark and validate the suitability of such solutions and engage directly with the applicable vendors for configuration, sizing, performance and availability guidance. Even with the reduced I/O requirements of an Exchange Server instance, without careful planning, storage access, availability and latencies can still manifest in an Exchange server infrastructure. VMware recommends that you set up a minimum of four paths from an ESXi host to a storage array. To accomplish this, the host requires at least two host bus adapter (HBA) ports. Figure 5. Storage Multi-pathing Requirements for vSphere The terms used in the preceding figure are: • HBA – A device that connects one or more peripheral units to a computer and manages data storage and I/O processing. • Fibre Channel (FC) – A gigabit-speed networking technology used to build storage area networks (SANs) and to transmit data. • Storage Processor (SP) – A SAN component that processes HBA requests routed through an FC switch and handles the RAID/volume functionality of the disk array. 2.3.1 Raw Device Mapping VMFS also supports Raw Device Mapping (RDM). RDM allows a virtual machine to directly access a volume on the physical storage subsystem and can be used only with Fiber Channel or iSCSI. RDM BEST PRACTICES GUIDE / PAGE 17 OF 58 Microsoft Exchange Server on VMware vSphere provides a symbolic link or mount point from a VMFS volume to a raw volume. The mapping makes volumes appear as files in a VMFS volume. The mapping file, rather than the raw volume, is referenced in the virtual machine configuration. Connectivity from the virtual machine to the raw volume is direct, and all data is stored using the native file system, NTFS. In the case of a failure of the VMFS datastore holding the RDM mapping file, a new mapping file can be created. Access to the raw volume and its data is restored, and no data loss occurs. There is no performance difference between a VMFS datastore and an RDM. The following are the only conditions that impose a requirement for RDM disks for VMs in current versions of vSphere: • If the backup solution performs hardware-based VSS snapshots of VMs (or otherwise requires direct storage access). • When the VM will be participating in a Windows Server Failover Clustering configuration that requires the clustered VMs to share the same disks. Because Exchange Server clustering option does not require sharing disks among the nodes, the only scenario for RDM disks for a virtualized Exchange Server on vSphere is where the backup solution vendor requires such configuration. The decision to use VMFS or RDM for Exchange data should be based on technical requirements. The following table summarizes the considerations when making a decision between the two. Table 2. VMFS and Raw Disk Mapping Considerations for Exchange Server 2016 VMFS RDM • Volume can contain many virtual machine disk files, reducing management overhead. • Ideal if disks must be dedicated to a single virtual machine. • Increases storage utilization and provides better flexibility and easier administration and management. • Requires more LUNs, making it is easier to reach the limit of 255 LUNs that might be presented to an ESXi host. • Supports existing and future vSphere storage virtualization features. • • Fully supports VMware vCenter™ Site Recovery Manager™. Might be required to leverage array-level backup and replication tools (VSS) integrated with Exchange databases. • Facilitates data migration between physical and virtual machines using the LUN swing method. • Fully supports vCenter Site Recovery Manager. • Supports vSphere vMotion, vSphere HA, and DRS. • Supports presenting volumes of up to 64TB to the guest operating system – Physical-mode RDM only. • Supports the use of vSphere vMotion, vSphere HA, and DRS. • Supports VMFS volumes up to 64TB and virtual disks/VMDK files up to 2TB. • Has open virtual disk capacity of up to 25TB per host (8TB by default) – More information is available at http://kb.vmware.com/kb/1004424. BEST PRACTICES GUIDE / PAGE 18 OF 58 Microsoft Exchange Server on VMware vSphere 2.3.2 In-Guest iSCSI and Network-Attached Storage Similar to RDM, in-guest iSCSI initiator-attached LUNs provide dedicated storage to a virtual machine. Storage presented using in-guest iSCSI is formatted natively using NTFS within the Windows guest operating system and bypasses the storage management of the ESXi host. Presenting storage in this way requires that additional attention be provided to the networking infrastructure and configuration at the vSphere level and the physical level. Some of the benefits from using in-guest iSCSI attached storage include the ability to allocate more than 256 LUNs to virtual machines on a single ESXi host and retaining the ability to use array-level backup and replication tools. Although VMware testing has shown that NAS-attached virtual disks perform well for Exchange workloads, Microsoft does not currently support accessing Exchange data (mailbox databases, transport queue, and logs) stored on network-attached storage. This includes accessing Exchange data using a UNC path from within the guest operating system, as well as virtual machines with VMDK files located on NFS-attached storage. When using in-guest iSCSI to present storage to an Exchange Server VM, confirm that the iSCSI NIC is exempted from Windows Server failover clustering or any other non-storage-related processes or components. Similarly, VMware recommends that customers use jumbo frames or 10 GB networks to support such storage configuration option. 2.3.3 Virtual SCSI Adapters VMware provides two commonly used virtual SCSI adapters for Windows Server 2012: LSI Logic SAS and VMware Paravirtual SCSI (PVSCSI). The default adapter when creating new virtual machines running Windows on vSphere is LSI Logic SAS, and this adapter can satisfy the requirements of most workloads with no additional drivers. The Paravirtual SCSI adapter is a high-performance vSCSI adapter developed by VMware to provide optimal performance for virtualized business critical applications. The advantage of the PVSCSI adapter is that the added performance is delivered while minimizing the use of hypervisor CPU resources. This leads to lower hypervisor overhead required to run storage I/O-intensive applications. Note For environments running ESXi versions prior to 5.0 Update 1 consider using PVSCSI. Refer to Windows 2008 R2 virtual machine using a paravirtual SCSI adapter reports the error: Operating system error 1117 encountered (http://kb.vmware.com/kb/2004578). Exchange Server 2016 has greatly reduced the amount of I/O generated to access mailbox data. However, storage latency is still a factor. In environments supporting thousands of users per Mailbox server, PVSCSI might prove beneficial. The decision on whether to use LSI Logic SAS or PVSCSI should be made based on Jetstress testing of the predicted workload using both adapters. Additionally, organizations must consider any management overhead an implementation of PVSCSI might introduce. Because many organizations have standardized on LSI Logic SAS, if the latency and throughput difference is negligible with the proposed configuration, the best option might be the one with the least impact to the current environment. Virtual machines can be deployed with up to four virtual SCSI adapters. Each vSCSI adapter can accommodate up to 15 storage devices for a total of 60 storage devices per virtual machine. During allocation of storage devices, each device is assigned to a vSCSI adapter in sequential order. Not until a vSCSI adapter reaches its fifteenth device will a new vSCSI adapter be created. To provide better parallelism of storage I/O, equally distribute storage devices among the four available vSCSI adapters, as shown in the following figure. BEST PRACTICES GUIDE / PAGE 19 OF 58 Microsoft Exchange Server on VMware vSphere Figure 6. Storage Distribution with Multiple vSCSI Adapters 2.3.4 Virtual SCSI Queue Depth Queue depth denotes the number of I/Os that can pass through a storage path at one time. All other I/Os beyond this number are queued until the path has more room to accommodate them. Because there are multiple points through which an I/O will pass from within a Guest Operating System before it reaches the physical storage device, customers should pay special attention to their storage configuration to avoid unnecessary and undesirable I/O queuing for their Exchange Server VMs. When presenting storage to a VM, the virtual disk is connected to one virtual SCSI controller. Each SCSI controller has a finite (and configurable) queue depth, which varies among the virtual SCSI controllers available in vSphere. The PVSCSI Controller is the optimal SCSI controller for an I/O-intensive application on vSphere. This Controller has a queue depth of 64 (Per Device) and 254 (Per Controller) by default (double the size of an LSI Logic SAS controller). The PVSCSI controller’s per-device and per-controller queue depths can also be increased to 254 and 1024 respectively, providing even more increased I/O bandwidth for the virtualized workload. Because of these increased performance and throughput benefits, VMware recommends that customers choose PVSCSI as the virtual SCSI controllers for their Exchange Server data, databases and logs volumes. Note the following: • Using PVSCSI for Exchange Server and Exchange DAG is officially supported on vSphere 6.0, although such configurations have been in common use since vSphere 5.1 BEST PRACTICES GUIDE / PAGE 20 OF 58 Microsoft Exchange Server on VMware vSphere • The PVSCSI drivers is not native to the Windows, therefore customers using PVSCSI controllers must keep the VMware Tools instances on their VMs updated on a regular basis. VMware Tools is the vehicle for delivering the PVSCSI drivers to the OS. Figure 7 Common Points of Storage IO Queues While increasing the default queue depth of a virtual SCSI controller can be beneficial to an Exchange Server VM, the configuration can also introduce unintended adverse effects in overall performance if not done properly. VMware highly recommends that customers consult and work with the appropriate storage vendor’s support personnel to evaluate the impact of such changes and obtain recommendations for other adjustments that may be required to support the increase in queue depth of a virtual SCSI controller. See Large-scale workloads with intensive I/O patterns might require queue depths significantly greater than Paravirtual SCSI default values (http://kb.vmware.com/kb/2053145) and Changing the queue depth for QLogic, Emulex, and Brocade HBAs (http://kb.vmware.com/kb/1267) for further information. 2.3.5 Exchange Server 2016 on All-Flash Storage Array As all-flash storage is gaining increasing popularity in corporate data centers, many people are examining the value of deploying Exchange Server on all-flash storage arrays. Exchange Server is generally perceived as a workload which requires lots of capacity, but relatively less demanding on performance when compared to other database workloads. All-flash storage arrays are viewed as more expensive than the traditional storage arrays when it comes to physical capacity cost per GB. Why would customers be interested in an all-flash storage option for Exchange Server 2016? While people are well aware of the performance benefits of all-flash storage, the latest generation of allflash storage also offers: • Built-in data services, such as, always-on thin provisioning, inline data deduplication, and inline data compression that provide compelling data reduction ratio. BEST PRACTICES GUIDE / PAGE 21 OF 58 Microsoft Exchange Server on VMware vSphere • Flash optimized data protection that replaces traditional RAID methodologies can simplify the Exchange Server sizing and capacity planning efforts while minimizing protection overhead and performance penalty. • Instant space efficient copies via VSS integration that significantly increases efficiency and operational agility for Database Availability Groups (DAGs) and can be used for local data protection and potentially replace lagged copies. Exchange Server administrators are constantly facing a number of challenges when upgrading: • The architecture for Exchange Server is rigid by nature; the design is intended to be built once and maintained with minor changes until decommission. Exchange Server admins are tasked with predicting projected mailbox growth and usage patterns for the upcoming 4- to 5-year period. Storage is over-provisioned to avoid the potentially costlier mistake of under-sizing. The nature of SSD allows modern all-flash vendors to support 100% storage on demand with always-on thin provisioning without any performance impacts. The initial acquisition cost of storage is significantly driven down. • Exchange Server has long ago moved away from single instance storage. Exchange Server Continuous Replication (Database Availability Groups / DAG) consumes between 2x and 6x the capacity required to store the production copy of databases. Most companies report that capacity requirements have multiplied by a factor of 6x after migrating from Exchange Server 2003/2007 to version 2010/2013. The Exchange Server data that used to consume 12TB of space in an Exchange Server 2003 single copy cluster, now consumes 72TB in a three-copy DAG. With the right all-flash storage, initial database copies can be reduced in capacity. Passive DAG copies can be created in seconds via VSS integrated copy technology, and consume no additional space. • Distribution Groups (DLs) is a de facto method for transmitting messages within organizations. Coupled with the fact that nearly 70% of all email messages contain attachments and the fact that every attachment is stored repeatedly in every DL member's inbox, mailboxes and mailbox databases are larger than ever before. There are massive opportunities to increase storage efficiency with all-flash storage solutions that offer inline data deduplication and compression. • Many organizations are forced to run their Exchange Server in Online Mode for several reasons, including VDI, Security/Governance (cannot use OSTs), Workflow applications (cannot tolerate cached versions of mailbox items, and HIPPA regulations. Online Mode increases the IO requirements compared to Cached Mode by 270%. Performance can still be a critical consideration for Exchange Server deployment in many cases. During a study of Exchange Server on EMC XtremIO, EMC found incredible efficiencies resulting in reducing the total disk required to manage an Exchange Server environment. The efficiencies generated significant opportunities to reduce costs over a five-year period. So much so that when compared to alternative solutions such as a VNX solution or Microsoft’s preferred architecture which included a direct attached storage solution, the XtremIO solution total cost of ownership (TCO) was fairly similar while offering tangibly improved performance and simpler storage management. BEST PRACTICES GUIDE / PAGE 22 OF 58 Microsoft Exchange Server on VMware vSphere Figure 8. Cost of Ownership Comparison The study was conducted as a "straw man TCO" based on 10,000 seats, 2GB average mailbox size, with 150 messages sent/received per user, per day. The TCO includes all of the various aspects of installing, managing, cooling, supporting, and paying for facilities costs that you would typically find in any other TCO model. The "Comparative Costs of XtremIO" graph shows three Exchange 2010 implementations based on three different storage devices. All other aspects of the Exchange implementation are held as constant as possible. For example, same number of servers, Ethernet ports, admins, mailboxes, databases and database copies -- everything is the same except the storage and costs associated with the storage such as maintenance, installation, facilities costs, power and cooling. The result, all three storage configurations resulted in average mailbox costs that were within 25-cents of each other. And, based on the "deal" you might get from your hardware vendor, could actually be the same price. The prices used in this TCO are the typical "street" prices seen in the open marketplace. There are no special discounts, no list prices, no one-time offers. These are real prices of real configurations obtained in April of 2015. The data reduction ratio for EMC XtremIO from the combinations of thin provisioning, deduplication, compression, and space efficient copies with XtremIO Virtual Copies was 7:1. The data reduction ratio increases when more mailboxes and DAG copies are placed onto the array, making XtremIO even more attractive for larger deployments. BEST PRACTICES GUIDE / PAGE 23 OF 58 Microsoft Exchange Server on VMware vSphere Figure 9 - Data Reduction Ration on XtremIO All-flash array is typically more expensive than the traditional storage array or DAS, once you get past the initial hardware acquisition cost and start to look at the efficiencies and operational agility aspects, it may offer attractive TCO, and can be a compelling storage platform for Exchange deployments. References: • http://www.emc.com/collateral/technical-documentation/h14246-xtremio-exchange-ra.pdf • https://community.emc.com/community/connect/everything_microsoft/blog/2015/05/20/preliminary -testing-of-exchange-on-xtremio 2.4 Networking Configuration Guidelines This section covers design guidelines for the virtual networking environment and provides configuration examples at the ESXi host level for Exchange Server 2016 installations. Note The examples do not reflect design requirements and do not cover all possible Exchange network design scenarios. 2.4.1 Virtual Networking Concepts The virtual networking layer comprises the virtual network devices through which virtual machines and the ESXi host interface with the rest of the network and users. In addition, ESXi hosts use the virtual networking layer to communicate with iSCSI SANs and NAS storage. The virtual networking layer includes virtual network adapters and the virtual switches. Virtual switches are the key networking components in vSphere. The following figure provides an overview of virtual networking in vSphere. BEST PRACTICES GUIDE / PAGE 24 OF 58 Microsoft Exchange Server on VMware vSphere Figure 10. vSphere Virtual Networking Overview As shown in the preceding figure, the following components make up the virtual network: • Physical switch – vSphere host-facing edge of the physical local area network. • NIC team – Group of physical NICs connected to the same physical/logical networks to provide redundancy. • Physical network interface (pnic/vmnic/uplink) – Provides connectivity between the ESXi host and the local area network. • vSphere switch (standard and distributed) – The virtual switch is created in software and provides connectivity between virtual machines. Virtual switches must uplink to a physical NIC (also known as vmnic) to provide virtual machines with connectivity to the LAN, otherwise virtual machine traffic is contained within the virtual switch. • Port group – Used to create a logical boundary within a virtual switch. This boundary can provide VLAN segmentation when 802.1q trunking is passed from the physical switch, or it can create a boundary for policy settings. • Virtual NIC (vNIC) – Provides connectivity between the virtual machine and the virtual switch. BEST PRACTICES GUIDE / PAGE 25 OF 58 Microsoft Exchange Server on VMware vSphere • VMkernel (vmknic) – Interface for hypervisor functions, such as connectivity for NFS, iSCSI, vSphere vMotion, and VMware vSphere Fault Tolerance logging. • Virtual port – Provides connectivity between a vmknic and a virtual switch. 2.4.2 Virtual Networking Best Practices The standard VMware networking best practices apply to running Exchange on vSphere: • The choice between standard and distributed switches should be made outside of the Exchange design. Standard switches provide a straightforward configuration on a per-host level. For reduced management overhead and increased functionality, the distributed virtual switch should be considered. Both virtual switch types provide the functionality needed by Exchange Server 2016. • Traffic types should be separated to keep like traffic contained to designated networks. vSphere can use separate interfaces for management, vSphere vMotion, and network-based storage traffic. Additional interfaces can be used for virtual machine traffic. Within virtual machines, different interfaces can be used to keep certain traffic separated. Use 802.1q VLAN tagging and virtual switch port groups to logically separate traffic. Use separate physical interfaces and dedicated port groups or virtual switches to physically separate traffic. This is shown in Figure 11. • Leverage network interface teaming capabilities to provide redundant uplinks for virtual switches. To use this capability, assign at least two physical network interfaces per virtual switch. • Use the VMXNET3 network adapter – This is a paravirtualized network device that provides better throughput with reduced hypervisor CPU utilization. It is imperative that customers regularly update VMware Tools on VMs using VMXNet3 virtual adapters. • Previous Microsoft clustering configuration guidance recommends that, for Exchange Server 2016 virtual machines participating in a Database Availability Group (DAG), customers should configure at least two virtual network interfaces, connected to different VLANs or networks. These interfaces provide access for client access and replication traffic. This guidance is no longer operative in recent versions of Windows clustering. Consequently, VMware recommends that customer adheres to the latest guidance from Microsoft regarding whether or not to separate client access traffic and replication traffic onto different network adapters. • Where possible, consider enabling jumbo frames on the virtual switches where you have enabled vSphere vMotion traffic. This is to improve vSphere vMotion operations, especially for Exchange Server VMs participating in a DAG configuration. You must ensure that jumbo frames are also enabled on your physical network infrastructure before making this configuration on the virtual switches • Follow the guidelines on guest operating system networking considerations and hardware networking consideration in the Performance Best Practices for VMware vSphere 6.0 guide (http://www.vmware.com/files/pdf/techpaper/VMware-PerfBest-Practices-vSphere60.pdf?vmw_so_vex_mande_12). 2.4.3 Sample Exchange Virtual Network Configuration Because of the flexibility of virtual networking, the topology can take many different forms. There is no single recommended practice because each provides its own sets of benefits. The following figure shows two examples of host-level configuration based on the most common configurations, which are single and multiple virtual switches. BEST PRACTICES GUIDE / PAGE 26 OF 58 Microsoft Exchange Server on VMware vSphere Figure 11. Sample Virtual Network Configuration There is no requirement to separate client access and DAG replication traffic onto different network adapters. However, this configuration is still a general practice among many customers. Although VMware encourages customers to validate this configuration with their Microsoft support representatives, the diagram depicts a configuration for completeness. In the vSphere environment, traffic separation can be established using virtual or physical networks. The preceding figure provides examples of these two scenarios. • The scenario on the left depicts an ESXi host with two network interfaces, teamed for redundancy and using virtual networks and port groups to provide the traffic separation for client access and DAG replication traffic. This scenario can also utilize VMware vSphere Network I/O Control for dynamic traffic prioritization. • The scenario on the right depicts an ESXi host with multiple network interfaces. Physical traffic separation is accomplished by allocating two vmnics on one network to a virtual switch. These vmnics are teamed and dedicated to client access network traffic. DAG replication traffic uses a third vmnic on a separate virtual switch. In both scenarios, the DAG member virtual machine is connected to both networks, according to best practice. 2.5 Power Management The vSphere ESXi hypervisor provides a high performance and competitive platform that effectively runs many Tier 1 application workloads in virtual machines. By default, ESXi has been heavily tuned for driving high I/O throughput efficiently by utilizing fewer CPU cycles and conserving power, as required by a wide range of workloads. However, many applications require I/O latency to be minimized, even at the expense of higher CPU utilization and greater power consumption. VMware defines latency-sensitive applications as workloads that require optimizing for a few microseconds to a few tens of microseconds end-to-end latencies. This does not apply to applications or workloads in the hundreds of microseconds to tens of milliseconds end-to-end-latencies. Microsoft Exchange Server is not considered a “latency sensitive” application. However, given the adverse impact BEST PRACTICES GUIDE / PAGE 27 OF 58 Microsoft Exchange Server on VMware vSphere of incorrect power settings in a Windows Operating System, customers should pay special attention to power management on an Exchange Server VM on the vSphere platform. See Best Practices for Performance Tuning of Latency-Sensitive Workloads in vSphere VMs (http://www.vmware.com/files/pdf/techpaper/VMW-Tuning-Latency-Sensitive-Workloads.pdf). Keep in mind that many of the prescriptions provided in this document do not apply to Exchange Server workloads and might induce sub-optimal performance if applied to Exchange Server VMs. Server hardware and operating systems are engineered to minimize power consumption. Windows and vSphere ESXi hypervisor both favor minimized power consumption over performance. While previous versions of ESXi default to a “high performance” power schemes, vSphere 6.0 defaults a “balanced” power scheme. For critical applications such as Exchange Server, the default power scheme in vSphere 6.0 is not recommended. Figure 12- Default ESXi 6.0 Power Management Setting There are three distinct areas of power management in a vSphere hypervisor virtual environment: Server hardware, Hypervisor and Guest OS. The following section provides power management and power setting recommendations covering all of these areas. 2.5.1 Server Hardware BIOS Settings Most servers with new Intel and AMD processors provide power savings features that use several techniques to dynamically detect the load on a system and put various components of the server, including the CPU, chipsets and peripheral devices into low power states when the system is mostly idle. Hardware-level power management adds latency to the path where an idle system (in one of several power savings modes) responds to an external event. Consequently, VMware recommends the following BIOS-level power management settings for Exchange Server 2016 on vSphere: • Set Power Management (or its vendor-specific equivalent label) to “OS controlled”. This will enable the ESXi hypervisor to make the most judicious power management decision based on actual utilization and the condition of the running virtual machines. • Disable all processor C-states (including the C1E halt State). These enhanced power management schemes can introduce memory latency and sub-optimal CPU state changes (Halt-to-Full), resulting in reduced performance for the virtual machine. • Enable Turbo Boost, if available. BEST PRACTICES GUIDE / PAGE 28 OF 58 Microsoft Exchange Server on VMware vSphere 2.5.2 ESXi Host Power Settings ESXi can take advantage of several power management features that the host hardware provides to adjust the trade-off between performance and power use. You can control how ESXi uses these features by selecting a power management policy. In general, selecting a high performance policy provides more absolute performance, but at lower efficiency (performance per watt). Lower-power policies provide lower absolute performance, but at higher efficiency. ESXi provides five power management policies. If the host does not support power management, or if the BIOS settings specify that the host operating system is not allowed to manage power, only the “Not Supported” policy is available. Table 3. CPU Power Management Policies Power Management Policy Description High Performance The VMkernel detects certain power management features, but will not use them unless the BIOS requests them for power capping or thermal events. This is the recommended power policy for an Exchange Server running on ESXi. Balanced (Default) The VMkernel uses the available power management features conservatively to reduce host energy consumption with minimal compromise to performance. Low Power The VMkernel aggressively uses available power management features to reduce host energy consumption at the risk of lower performance. Custom The VMkernel bases its power management policy on the values of several advanced configuration parameters. You can set these parameters in the vSphere Web Client Advanced Settings dialog box. Not supported The host does not support any power management features or power management is not enabled in the BIOS. VMware recommends setting the high performance ESXi host power policy for Exchange Server virtual machines. You select a policy for a host using the vSphere Web Client. If you do not select a policy, ESXi uses Balanced by default. BEST PRACTICES GUIDE / PAGE 29 OF 58 Microsoft Exchange Server on VMware vSphere Figure 13 - Recommended ESXi Host Power Management Setting When a CPU runs at lower frequency, it can also run at lower voltage, which saves power. This type of power management is called dynamic voltage and frequency scaling (DVFS). ESXi attempts to adjust CPU frequencies so that virtual machine performance is not affected. When a CPU is idle, ESXi can take advantage of deep halt states (known as C-states). The deeper the Cstate, the less power the CPU uses, but the longer it takes for the CPU to resume running. When a CPU becomes idle, ESXi applies an algorithm to predict how long it will be in an idle state and chooses an appropriate C state to enter. In power management policies that do not use deep C-states, ESXi uses only the shallowest halt state (C1) for idle CPUs. 2.5.3 Windows Guest Power Settings The default power policy option in Windows Server 2012 is “Balanced”. This configuration allows Windows OS to save power consumption by periodically throttling power to the CPU and turning off devices such as the network cards in the guest when Windows determines that they are idle or unused. This capability is inefficient for an Exchange Server workload due to the latency and disruption introduced by the act of powering-off and powering-on CPUs and devices. Allowing Windows to throttling CPUs can result in what Microsoft describes as core parking. See the “Power Management” section of Troubleshooting High CPU utilization issues in Exchange 2013 (http://blogs.technet.com/b/exchange/archive/2015/04/30/troubleshooting-high-cpu-utilization-issues-inexchange-2013.aspx) for more information. BEST PRACTICES GUIDE / PAGE 30 OF 58 Microsoft Exchange Server on VMware vSphere Figure 14. Windows CPU Core Parking Microsoft recommends the high performance power management policy for applications requiring stability and performance. VMware supports this recommendation and encourages customers to incorporate it into their server tuning and administration practices for virtualized Exchange Server VMs. Figure 15. Recommended Windows Guest Power Scheme BEST PRACTICES GUIDE / PAGE 31 OF 58 Microsoft Exchange Server on VMware vSphere 3. Using vSphere Technologies with Exchange Server 2016 The Microsoft Exchange 2013 on VMware Availability and Recovery Options guide (http://www.vmware.com/files/pdf/Exchange_2013_on_VMware_Availability_and_Recovery_Options.pdf) takes an in-depth look at the options available for building a highly available and site-resilient Exchange Server 2013 environment on vSphere. Note The 2016 version of this guide is not yet available. This section explores the technologies that make those options possible, mainly vSphere HA, vSphere Distributed Resource Scheduler, and vSphere vMotion. This also includes proven best practices for using these technologies with critical applications such as Exchange Server 2016. Although all of the Exchange Server roles have been capable of taking advantage of these advanced vSphere features, official support by Microsoft for their use with DAG members was not available until Exchange 2010 SP1. Exchange Server 2016 was released with the same support for these features as Exchange 2010 SP1, validating the continued effort by both VMware and Microsoft to provide support for the features customers believe are valuable for virtualized Exchange Server environments. 3.1 Overview of vSphere Technologies vSphere vMotion technology enables the migration of virtual machines from one ESXi host to another without service interruption. This migration allows you to move Exchange Server virtual machines from a heavily loaded ESXi host to one that is lightly loaded or to offload them to allow for hardware maintenance without any downtime. 3.1.1 vSphere HA With vSphere HA, Exchange Server virtual machines on a failed ESXi host can be restarted on another ESXi host. This feature provides a cost-effective failover alternative to third-party clustering and replication solutions. If you use vSphere HA, be aware of the following: • vSphere HA handles ESXi host hardware failure and does not monitor the status of the Exchange services. These must be monitored separately. • A vSphere HA heartbeat is sent using the vSphere VMkernel network, so optimal uplink bandwidth and redundancy in this network are strongly recommended. • Allowing two nodes from the same DAG to run on the same ESXi host for an extended period is not recommended when using symmetrical mailbox database distribution. This condition will create a single-point-of-failure scenario if the two nodes have the only copies of one or more mailbox databases. DRS anti-affinity or guest-to-host affinity rules should be used to mitigate the risk of running active and passive mailbox databases on the same ESXi host. 3.1.2 DRS DRS takes vSphere vMotion a step further by adding an intelligent scheduler. DRS allows you to set resource assignment policies that reflect business needs. DRS does the calculations and automatically handles the details of physical resource assignments. It dynamically monitors the workload of the running virtual machines and the resource utilization of the physical servers within a vSphere cluster. vSphere vMotion and DRS perform best under the following conditions: BEST PRACTICES GUIDE / PAGE 32 OF 58 Microsoft Exchange Server on VMware vSphere • The source and target ESXi hosts must be connected to the same network and the same shared storage. • A dedicated gigabit (or higher) network for vSphere vMotion is recommended. • The vSphere vMotion or DRS target host must have enough resources to accommodate the VM that will be migrated. • The virtual machine must not have physical devices such as a CD-ROM or floppy disk attached during the vSphere vMotion operation. • The source and destination hosts must have compatible CPU models, otherwise migration with vSphere vMotion fails. If the vSphere cluster contains hosts with different CPU generations, then Enhance vSphere vMotion Compatibility (EVC) must be enabled in the cluster to allow vSphere vMotion operations to succeed. See EVC and CPU Compatibility FAQ (http://kb.vmware.com/kb/1005764) for more information on EVC. • Virtual machines with smaller memory sizes are better candidates for migration than larger ones. • Persistent resource over-commitment in a vSphere cluster can impede the efficiency of vSphere vMotion operations 3.1.3 vSphere vMotion Support for using vSphere vMotion with Exchange virtual machines with Exchange DAG members has existed since early 2011 when Exchange 2010 SP1 was released. A well-designed and purpose-built vSphere infrastructure can provide seamless migration of running workloads with no special configuration. In the case of Exchange Server 2016 DAG members, this is essential for utilizing vSphere vMotion with no interference to the cluster services. Even with ideal conditions, the heavy load of Exchange workloads and memory usage can cause a vSphere vMotion operation to trigger a database failover. Database failovers are not necessarily a problem if the environment is designed to properly distribute the load and can help to validate the cluster health by activating databases that might normally go for weeks or months without accepting a user load. However, many administrators prefer that database activations be a planned activity or only done in the case of a failure. For this reason, VMware has studied the effect of vSphere vMotion on Exchange DAG members and provided the following best practice recommendations. 184.108.40.206. Cluster Heartbeat Settings Exchange Server’s Database Availability Group (DAG) relies on the Windows Server Failover Clustering (WSFC) Service. By default, each clustered Exchange Server node exchanges heartbeat packets with its partners every second. If the node does not receive a response from any partner after five consecutive probes, the probing node considers the partner to be non-responsive (unavailable). The WSFC service on the probing node then initiates corrective actions, including taking ownership of clustered resources previously owned by the non-responsive partner. A clustered node considers its partner unavailable if it is unable to exchange heartbeat packets with that partner after five attempts (five seconds), which triggers actions necessary to provide continued availability of the resources located on that partner. This is what happens when there is an unintended and unplanned cluster resource failover. An aggressive cluster failover threshold can be problematic and disruptive. For example, a failover might not have been required because the non-responsiveness was a transient issue that went away after six seconds. During a vSphere vMotion operation, a virtual machine’s memory pages are gradually copied from its current parent host to its target parent host and the virtual machine is subsequently switched over to the BEST PRACTICES GUIDE / PAGE 33 OF 58 Microsoft Exchange Server on VMware vSphere target host. During this copy and transition procedure, the virtual machine is quiesced (VMware refers to this as stunning). Under normal operating condition, the stun period is very brief and not noticeable. However, the quiescing period might last longer than the five-second threshold under some operating conditions, including the following: • Size of the VM (CPU and RAM). • Current outstanding operations, threads, and processes on the VM. • Total CPU subscription ratio in the vSphere cluster. • Network bandwidth or congestion state. The net effect of a stun operation is that the stunned VM is unable to exchange heartbeat for the duration of the stun operation. If that lasts longer than five seconds and the VM is in a cluster relationship, then its cluster partners consider it unavailable. This behavior is not peculiar to vSphere vMotion, or even virtualization in general. If your backup solution takes VSS-based snapshots of your server, it is also likely quiescing the server. This is a known behavior. See Tuning Failover Cluster Network Thresholds (http://blogs.msdn.com/b/clustering/archive/2012/11/21/10370765.aspx) for a detailed discussion that includes avoiding an unintended cluster failover incident (and its associated disruptive effects) when performing a vSphere vMotion operation on a DAG node. There are several configuration options described in the following sections that you can use to overcome these disruptive effects. Two Windows Server Failover Cluster settings control the behavior of the cluster service to missed heartbeat probes. These are: • SameSubnetDelay – Controls how often a node sends heartbeat probe packets. • SameSubnetThreshold – Controls how many probe misses the node must tolerate before taking actions. If the clustered nodes are in different subnets, the corresponding settings are: • CrossSubnetDelay • CrossSubnetThreshold The following are the default values for these settings: A SubnetDelay value of 1000ms and a SubnetThreshold of 5 denotes that heartbeat probes are sent every second with a tolerance for a maximum of 5 missed heartbeats. These are the settings that enabled the unexpected failover described in the preceding section. Adjusting either of these parameters to 10 seconds (for cluster nodes in the same subnet) or 20 seconds (for cluster nodes in different subnets) is the most effective way to prevent the unintended cluster failover BEST PRACTICES GUIDE / PAGE 34 OF 58 Microsoft Exchange Server on VMware vSphere issue described in the preceding section. The following are the settings to accomplish each of the recommendations: (get-cluster).SameSubnetThreshold = 10 (get-cluster).CrossSubnetThreshold = 20 Windows Server 2012 includes an additional cluster service logging component that tracks dropped heartbeat packets. The RouteHistoryLength setting and its default value (10) must also be modified so that it remains useful when investigating heartbeat-related issues. According to Microsoft, the recommended value for this setting must be double that of the SubnetThreshold setting. If the value SameSubnetThrshold and CrossSubnetThreshold follow the VMware recommendations, the value of RouteHistoryLength must be double the value of the CrossSubnetThreshold value. Therefore, the VMware recommended value for RouteHistoryLength setting is 40. (get-cluster).RouteHistoryLength = 40 There is no need to restart the cluster service for these changes to take effect. The unintended database failover during vSphere vMotion is a direct result of the default heartbeat timeout threshold in Windows Server Failover Cluster. 220.127.116.11. Multiple vSphere vMotion Interfaces Database failover due to vSphere vMotion operations can be mitigated by using multiple dedicated vSphere vMotion network interfaces. In most cases, the interfaces that are used for vSphere vMotion are also used for management traffic. Because management traffic is relatively light, this does not add significant overhead. vSphere provides the ability to use multiple vmnic interfaces for vSphere vMotion traffic to effectively load balance the vSphere vMotion traffic. Testing has shown up to a 25% increase in throughput achieved when multiple vSphere vMotion interfaces are used. In the test case with two 2 Gbps interfaces configured for vSphere vMotion and no cluster heartbeat modifications, vSphere vMotion operations succeeded with no database failover. BEST PRACTICES GUIDE / PAGE 35 OF 58 Microsoft Exchange Server on VMware vSphere Enabling multiple interfaces for vSphere vMotion requires configuring multiple VMkernel ports on different port groups. Each port group is assigned multiple vmnic interfaces as either active or standby. See Multiple-NIC vMotion in vSphere (http://kb.vmware.com/kb/2007467) for detailed configuration procedures. Before deciding on using this configuration option, see vMotion migrations fail when using multiple VMkernel ports for vMotion in different IP subnets (http://kb.vmware.com/kb/2052092). 18.104.22.168. Enable Jumbo Frames for vSphere vMotion Interfaces Standard Ethernet frames are limited to a length of approximately 1500 bytes. Jumbo frames can contain a payload of up to 9000 bytes. Support for jumbo frames on VMkernel ports was added to vSphere 4.0 for both ESX and ESXi. This added feature means that large frames can be used for all VMkernel traffic, including vSphere vMotion. Using jumbo frames reduces the processing overhead to provide the best possible performance by reducing the number of frames that must be generated and transmitted by the system. During testing, VMware had an opportunity to test vSphere vMotion migration of DAG nodes with and without jumbo frames enabled. Results showed that, with jumbo frames enabled for all VMkernel ports and on the VMware vNetwork Distributed Switch, vSphere vMotion migrations of DAG member virtual machines completed successfully. During these migrations, no database failovers occurred, and there was no need to modify the cluster heartbeat setting. The use of jumbo frames requires that all network hops between the vSphere hosts support the larger frame size. This includes the systems and all network equipment in between. Switches that do not support (or are not configured to accept) large frames will drop them. Routers and Layer 3 switches might fragment the large frames into smaller frames that must then be reassembled and this can cause both performance degradation and a pronounced incidence of unintended database failovers during a vSphere vMotion operation. Do not enable jumbo frames within a vSphere infrastructure unless the underlying physical network devices are configured to support this setting. 3.2 vSphere Distributed Resource Scheduler Distributed resource scheduling provides active load balancing of virtual machine workloads within a vSphere cluster. Aside from the active monitoring and load balancing functions, DRS provides the following features: • Virtual machine placement during power on, based on resource requirements and availability. • Virtual machine evacuation during ESXi host maintenance mode. • Virtual machine and host groups for grouping like objects. • Rules to keep virtual machines together or apart and on or off of a set of hosts. DRS helps make a virtualized Exchange Server 2016 environment more agile. The following sections provide recommendations for using DRS with Exchange Server 2016. 3.2.1 Enable DRS in Fully Automated Mode DRS provides the following levels of automation: • Manual – Migration recommendations are provided by DRS. No migrations are performed by DRS. • Partially automated – Virtual machines are automatically placed on hosts during power-on, migration recommendations are provided by DRS, and no migrations are performed by DRS. BEST PRACTICES GUIDE / PAGE 36 OF 58 Microsoft Exchange Server on VMware vSphere • Fully automated – Virtual machines are automatically placed on hosts during power on and are automatically migrated between hosts to optimize resource usage. When designed according to VMware recommendations, vSphere clusters that have been purpose built for Exchange Server 2016 possess sufficient resources and do not experience many DRS migrations. However, when an ESXi host is placed in maintenance mode, DRS makes recommendations on placement of virtual machines running on that host. To leverage automatic host evacuation, the DRS automation level must be set to Fully Automated. If the vSphere cluster hosting Exchange Server 2016 is a shared environment, DRS in fully automated mode helps to maintain resource optimization among the multiple workloads. 3.2.2 Use Anti-Affinity Rules for Exchange Virtual Machines DRS provides rules for keeping virtual machines apart or together on the same ESXi host or group of hosts. In an Exchange environment, the common use case for anti-affinity rules is to keep Exchange virtual machines with the same roles installed separated from each other. Microsoft recommends symmetrically distributing mailbox databases among DAG members. Unlike traditional active/passive configurations, this design allows all DAG members to support active users as well as reserve a portion of compute power for failover capacity. In the case of failure of a single DAG member, all remaining members might take part in supporting the failed databases. Because of this, it is recommended that no two members of the same DAG run on the same ESXi host for an extended period. Figure 16. vSphere Distributed Resource Scheduler Anti-Affinity Rule Anti-affinity rules enforce virtual machine separation during power on operations and vSphere vMotion migrations due to a DRS recommendation, including a host entering maintenance mode. Prior to vSphere 5.5, if a virtual machine is enabled for vSphere HA and a host experiences a failure, vSphere HA might power on a virtual machine and violate a DRS anti-affinity rule. This is because vSphere HA does not inspect DRS rules during a recovery task. However, during the next DRS evaluation (every 5 minutes), the virtual machine is migrated to fix the violation. BEST PRACTICES GUIDE / PAGE 37 OF 58 Microsoft Exchange Server on VMware vSphere To avoid this condition when utilizing DRS with vSphere 5.5, VMware encourages customers to apply the following vSphere HA Advanced Configuration option to their vSphere Clusters: das.respectVmVmAntiAffinityRules = TRUE This setting instructs vSphere HA to inspect and respect vm-vm anti-affinity rules when restarting virtual machines after a host failure. The Exchange Server VMs separated by an anti-affinity will not be colocated on the same ESXi host. Figure 17. HA Advanced Configuration Option for DRS Anti-Affinity Rules As shown in the following figure, vSphere 6.0 includes an improved, GUI-based configuration option to control how vSphere HA responds to all DRS rules in a cluster. It is no longer required to configure the Advanced Configuration parameter manually. Figure 18. Improved vSphere HA and DRS Interoperability in vSphere 6.0 BEST PRACTICES GUIDE / PAGE 38 OF 58 Microsoft Exchange Server on VMware vSphere 3.2.3 DRS Groups and Group-Based Rules Defining DRS groups helps enforce virtual machine placement in a way that is not possible with affinity and anti-affinity rules only. Host groups can contain hosts licensed to run an application or hosts in a blade chassis or rack. Virtual machine groups can contain virtual machines with a similar purpose. With groups defined, the virtual machines to hosts-type rule is available for use. Virtual machines to hosts rules can be created with four variations: • VM group must run on hosts in group. • VM group should run on hosts in group. • VM group must not run on hosts in group. • VM group should not run on hosts in group. Must run on rules provide hard enforcement of virtual machine placement. If a rule stipulates that a group of virtual machines must run on a group of ESXi hosts, both DRS and vSphere HA obey these rules. If all hosts in the group are down, the virtual machines are unable to run on any other host in the vSphere cluster. In the following figure, two virtual machine groups and two host groups are defined. Two must run on rules, shown in the solid black ovals, keep the virtual machines in each group running on their respective host group. The virtual machine in the middle is not tied to a group or a rule and might roam. In the case of a failure of all hosts in the group, all virtual machines bound to those hosts by a must run on rule stay offline until a host from that group is brought back online. Figure 19. Must Run on Rule Example Should run on rules provide soft enforcement of virtual machine placement. If a rule stipulates that a group of virtual machines should run on a group of ESXi hosts, those virtual machines will always be preferentially placed on hosts in the host group. They can still run on other hosts in the vSphere cluster outside of the host group, if needed (for example, if all the hosts in the host group are unavailable or otherwise unsuitable for the VM. In the following figure two virtual machine groups and two host groups are defined. Two should run on rules, shown in the broken green ovals, keep the virtual machines in each group running on their respective host group. The virtual machine in the middle is not tied to a group or a rule and might roam. In the case of a failure of all hosts in the group, virtual machines bound to those hosts by a should run on rule can be brought back online by vSphere HA. BEST PRACTICES GUIDE / PAGE 39 OF 58 Microsoft Exchange Server on VMware vSphere Figure 20. Should Run on Rule Example In an Exchange Server 2016 environment, virtual machine to host rules can be used to provide soft or hard enforcement of virtual machine placement. As an example, consider creating groups of ESXi hosts based on a failure domain, such as a blade chassis or server rack. Create two virtual machine groups with each containing half of the Exchange Server virtual machines, and create rules to link each virtual machine group to a host group. In the case of a complete chassis or rack failure, any virtual machines that have failed can be powered back on by vSphere HA. 3.3 vSphere High Availability By providing a higher level of availability than is possible out-of-the-box for most applications, vSphere HA has become the default HA solution for vSphere virtual machines. Regardless of operating system or application, vSphere HA can provide protection from ESXi host failures, guest operating system failures, and, with the help of third-party add-ons, application failures. Exchange Server 2016 environments are built for high availability. Mailbox servers are deployed in DAGs for mailbox database high availability. Theoretically, this provides all of the availability required by an Exchange Server. However, in the case of a hardware failure, utilization of the remaining Exchange servers rises as new connections are established, and DAG protection is compromised as passive databases are activated. In a physical deployment, an administrator needs to address the problem quickly to restore availability levels and mitigate any further outages. This condition informs Microsoft’s recommendation at least four (4) DAG copies in a production Exchange Server infrastructure, increasing cost of ownership (storage, licensing, etc) as well as administrative and management overhead. With a vSphere infrastructure, a hardware failure results in virtual machines being powered back on by vSphere HA, restoring availability levels quickly and keeping utilization balanced. With increased availability, customers are able to reduce the number of DAG copies required to efficiently run their Exchange Server infrastructure. The following sections provide recommendations for using vSphere HA with Exchange Server 2016. BEST PRACTICES GUIDE / PAGE 40 OF 58 Microsoft Exchange Server on VMware vSphere 3.3.1 Admission Control The amount of failover capacity provided by hosts in a vSphere cluster determines how many host failures can be tolerated. For example, in a four-host cluster, each host needs to reserve at least 25% of its resources to accommodate the workloads of one host in the event of a failure. Reserving this capacity is a manual task without admission control. vSphere Admission Control allows administrators to define policies that are used by vCenter to manage failover capacity. How vCenter failover capacity is calculated and reserved is determined by the following policies: • The number of host failures a cluster can tolerate. • A percentage of the cluster resources that are reserved as failover spare capacity. • Dedicated failover hosts. • Sizes of the VMs in the cluster. Surviving a physical host failure without compromising performance or availability is a major driver for virtualizing business critical applications. By configuring admission control, VMware vCenter Server™ monitors utilization and manages failover capacity. To provide sufficient resources in the case of a hardware failure, or even during maintenance, enable and configure admission control. For more information on admission control and the policies see vSphere HA Admission Control in the vSphere Availability Guide (http://pubs.vmware.com/vsphere-60/topic/com.vmware.ICbase/PDF/vsphereesxi-vcenter-server-601-availability-guide.pdf). 3.3.2 Virtual Machine Monitoring Along with ESXi host monitoring, vSphere HA can also provide monitoring at the virtual machine level. Virtual machine monitoring can detect guest operating system failures and, with the help of third-party software, application failures. vSphere HA establishes a heartbeat with VMware Tools, installed within the guest operating system, and monitors this heartbeat. If heartbeat communication fails between VMware Tools and vSphere HA, a secondary check is made against network and storage I/O activity. If both network and storage I/O activity has halted, vSphere HA triggers a virtual machine restart. Enable virtual machine monitoring if there is a desire to reduce downtime due to guest operating system failures that would otherwise require manual intervention. This monitoring feature cannot detect Exchange processes, database health or failures. It is, therefore, not a replacement for Exchange DAG. 3.3.3 Using vSphere HA with Database Availability Groups In a physical environment, DAGs are often deployed with three or more database copies to protect from hardware and disk failures. In these environments, when a physical server or storage component fails, the DAG is still protected due to the multiple database copies. This comes at the expense of managing multiple database copies, and other administrative overhead. Exchange environments built on vSphere are typically designed with two database copies and utilize vSphere HA and RAID to protect from hardware and storage failures. vSphere HA restarts a DAG member if the host where it was running experiences a hardware failure or becomes otherwise unavailable, and RAID protects databases from storage failure at the array level. BEST PRACTICES GUIDE / PAGE 41 OF 58 Microsoft Exchange Server on VMware vSphere When enabling a vSphere cluster for HA with the intention of protecting DAG members, consider the following: • Members of the same DAG should not reside on the same vSphere host for an extended period of time when databases are symmetrically distributed between members. Allowing two members to run on the same host for a short period of time (for instance, after a vSphere HA event), even if doing so may violate resource availability constraints and DRS rule, allows the Exchange server VM to become operational and for database replication and protection to resume quicker. DAG members should be separated as soon as operationally feasible (for example, as soon as the ESXi host becomes available or additional capacity has been added to the vSphere cluster. • To adequately protect from an extended server outage, vSphere clusters should be designed in an N+1 configuration, where N is the number of DAG members. If a hardware failure occurs causing vSphere HA to power on a failed DAG member, Exchange servers and DAG maintain the same levels of performance and protection as during normal runtime. • Use anti-affinity rules to keep DAG members separated. vSphere HA might violate this rule during a power-on operation (one caused by a host failure), but DRS fixes the violation during the next interval. To eliminate the possibility of DAG members running on the same host (even for a short period), “must not run on virtual machine to host” anti-affinity rules must be used. BEST PRACTICES GUIDE / PAGE 42 OF 58 Microsoft Exchange Server on VMware vSphere 4. Exchange Performance on vSphere Since 2006, VMware and its partners have used testing to successfully demonstrate the viability of running Exchange on the VMware Infrastructure platform. This testing has been confirmed by organizations that have deployed Exchange 2003, 2007, 2010, and 2013 in virtualized production environments and now benefit from the considerable operational advantages and cost savings. The ease of virtualizing an Exchange Server infrastructure and the demonstrable parity in performance, reliability, availability and recoverability of a virtualized Exchange Server workload over the years have combined to dispel the fear that many organizations had about virtualizing Exchange Server. As previously mentioned, improvements in Exchange Server 2016 and the unambiguous support statement by Microsoft both make the decision about virtualizing Exchange Server a less onerous one. Even customers who have not adopted the new normal “Virtualize First” policy can expect the same optimal performance and reliability that they are familiar on their physical-hardware Exchange Server instances when they virtualize those servers. Server hardware compute resources continue to expand on a regular basis. It is now quite uncommon to purchase a modern server that has fewer than 40 CPUs and 512GB of RAM. These modern-class servers are unsuitable for directly running Exchange Server 2016, due to the technical limitations in compute resources addressable by Exchange Server. Since an Exchange Server has an upper limit of 96GB RAM and 24 CPUs, directly installing Exchange Server on them not only becomes cost-ineffective, it can also induce performance degradation. This makes virtualization the most optimal and cost-effective configuration option for Exchange Server 2016. Virtualization helps customers overcome these limitations by efficiently partitioning and maximizing the compute resources and allocating them to the Exchange Server VMs as required, without inducing performance bottleneck. Many enterprises have adopted virtualization as their default design choice for new workloads. This choice is logical for an Exchange Server infrastructure for the following reasons: • The Exchange information store (the Managed Store) has been rewritten to further optimize resource consumption. This update to the Managed Store has also led to further reduction in storage I/O requirements. • Advances in server hardware such as multicore processors, higher memory density, and advances in storage technology are far outpacing the performance requirements for applications, including Exchange Server 2016. Virtualization becomes an effective way to leverage the full power of these systems. • The advances in Exchange Server 2016 and server hardware technology have coincided with advances in vSphere. On vSphere 6.0, Virtual machines support up to 4 TB RAM and 128 vCPUs, both of which are significantly higher than the maximum recommended compute resources for a single Exchange Server. The question of whether or not virtualization can support the performance requirements of an Exchange server is, therefore, moot. VMware conducts baseline performance testing of every release of Exchange Server in order to be able to understand compute requirements and to provide the applicable guidance to our customers. Because of the continued improvements carried over into Exchange Server 2016 storage IO requirements, our validation tests (using the Microsoft Jetstress tool) revealed that, even under the most strenuous conditions, storage is not a significant cause of performance bottleneck for Exchange Server 2016 if the storage architecture adheres to VMware’s recommended configuration practices. With concerns over relative storage IOs and performance eliminated, many more Exchange administrators are finding the flexibility, enhanced availability, and lower costs associated with virtualization very attractive in supporting an Exchange infrastructure. BEST PRACTICES GUIDE / PAGE 43 OF 58 Microsoft Exchange Server on VMware vSphere 4.1 Key Performance Considerations A variety of factors can affect Exchange Server 2016 performance on vSphere, including processor and memory allocation to the guest virtual machine, storage layout and design, virtual machine placement, and high availability methods. The following are tips for achieving the best possible performance: • Fully understand your organization’s business and technical requirements for implementing Exchange Server 2016. • Fully understand the Exchange workload requirements. • Although I/O is reduced in Exchange Server 2016 compared with prior versions of Exchange Server, Exchange 2010, there is still a requirement to provide adequate throughput and low latency. Dedicate physical storage for Exchange to avoid compromising I/O by having other workloads running on the same physical disks. • Use the correct Microsoft sizing tools to obtain the appropriate configuration guidelines for your Exchange Server 2016 virtual machines. The two primary tools for sizing an Exchange Server 2016 infrastructure are as follows: o Exchange Server Role Requirements Calculator (https://gallery.technet.microsoft.com/Exchange2013-Server-Role-f8a61780) - Obtain the correct version of this tools for your sizing exercise. For example, using the Exchange Server 2010 version of the tool to size an Exchange Server 2016 implementation will result in sizing recommendations that will result in noticeable performance bottleneck. o The Role Calculator requires some input parameters that can result in under- or over-sizing if the supplied information is inaccurate. One of the most important of these parameters is what Microsoft describes as the megacycle. The megacycle is a computed value derived from the publicly published SPECInt Ratings Values (http://www.spec.org/cgibin/osgresults?conf=rint2006) of the processor architecture of a given physical server. Manually calculating the correct “megacycle” value to use is your sizing exercise is not a trivial exercise. To help overcome this challenge, Microsoft has provided the Exchange Processor Query Tool (https://gallery.technet.microsoft.com/Exchange-Processor-Query-b06748a5), which automates the retrieval of the appropriate rating value for a specified hardware and enables a less cumbersome derivation of the correct “megacycle” value. VMware strongly encourages customers to utilize these tools when sizing their Exchange Server 2016 workloads. • Follow the best practices in Section 2, ESXi Host Best Practices for Exchange, to optimize the ESXi host environment for enterprise applications such as Exchange Server. 4.2 Performance Testing Every Exchange environment is different, with varying business and technical requirements, many server and storage options, and requirements for integrating with third-party software solutions such as antivirus, anti-spam, and smartphones. Due to the many variables, VMware strongly recommends that organizations test performance on their particular mix of server, storage, and software to determine the best design for their Exchange environment. In addition, several VMware server and storage partners have performed testing to validate Exchange performance on vSphere. Both of these options are discussed in this section. 4.2.1 Internal Performance Testing Microsoft provides tools to measure the performance of Microsoft Exchange Server architectures. The Microsoft Jetstress tool is used for qualifying and validating the underlying storage architecture for BEST PRACTICES GUIDE / PAGE 44 OF 58 Microsoft Exchange Server on VMware vSphere Exchange Server workloads. The main purpose of the Jetstress tool is to measure the IO throughput of the disk subsystem supporting the Exchange Servers at the database level. Although the Jetstress tool has not been specifically updated for Exchange Server 2016, the current version (2013) is suitable for baselining an Exchange Server 2016 storage requirements and configurations. The Microsoft Exchange Server Load Generator (LoadGen) simulates client access to an Exchange infrastructure for the purpose of measuring and analyzing Exchange Server performance under heavy client activities. At the time of this writing, Microsoft does not plan to update Loadgen specifically for Exchange Server 2016. Note The reduction in storage I/O in Exchange Server 2016 might lead to an oversized proposed configuration when using the Exchange Server 2013 sizing tools. It is important to address a concern with the collection of performance metrics from within virtual machines. Early in the virtualization of high-performance applications, the validity of in-guest performance metrics came into question because of a time skew that can be possible in highly overcommitted environments. With the advancements in hypervisor technology and server hardware, this issue has mostly been addressed, especially when testing is performed on under-committed hardware. This is validated by Microsoft support for running Jetstress within virtual machines. More information on virtual machine support for Jetstress is available in the Jetstress 2013 Field Guide (https://gallery.technet.microsoft.com/Jetstress-2013-Field-Guide-2438bc12) 4.2.2 Partner Performance Testing VMware and its OEM partners have been working together for years to characterize Exchange performance. This testing helps to understand the performance of Exchange in a virtualized environment, qualify best practice recommendations, and better understand any virtualization overhead impact on Exchange Server. At this time, Exchange Server 2016 is still a new product, and it is unclear whether Microsoft will be releasing an updated version of LoadGen for Exchange Server 2016, so there are currently no published Loadgen-based benchmarking studies or references for Exchange Server 2016 from our partners. Even in the absence of the Loadgen tool for Exchange Server 2016, a similarly-sized Exchange Server 2016 is expected to have better performance characteristics than Exchange Server 2013. 4.3 Ongoing Performance Monitoring and Tuning Traditional Exchange Server performance monitoring leverages the Microsoft Windows performance monitor tool (Perfmon) to collect statistics. Exchange integrates with Perfmon to provide familiar counters that indicate system performance. Exchange administrators should continue to use familiar tools to monitor performance, especially for Exchange specific counters such as RPC averaged latency. In addition to the standard counters familiar to an Exchange administrator, VMware Tools adds two additional Perfmon counters that can be monitored—VM Memory and VM Processor. These counters provide ESXi host-level insight into the resource allocation and usage of the virtual machine. BEST PRACTICES GUIDE / PAGE 45 OF 58 Microsoft Exchange Server on VMware vSphere Figure 21. Virtual Machine Perfmon Counters Many of the counters available can be used to help confirm allocations have been set properly when vCenter Server access is not available or for configuration monitoring. The following table lists counters that can be actively monitored. Table 4. Virtual Machine Perfmon Counters of Interest Object Counter Description VM Processor % Processor Time Processor usage across all vCPUs. VM Memory Memory Ballooned Amount of memory in MB reclaimed by balloon driver. Memory Swapped Amount of memory in MB forcibly swapped to ESXi host swap. Memory Used Physical memory in use by the virtual machine. vSphere and Exchange administrators can also use the counters listed in the following table to monitor performance at the ESXi host level. Those metrics can then be correlated with metrics from Exchange virtual machines. See the section on performance monitoring utilities in section in vSphere Monitoring and Performance (http://pubs.vmware.com/vsphere-60/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenterserver-601-monitoring-performance-guide.pdf) for a comprehensive list of performance counters and metrics in vSphere and for information on using vSphere native tools to monitor an ESXi host and virtual machine performance. Table 5. VMware Performance Counters of Interest to Exchange Administrators Subsystem esxtop Counters vCenter Counter BEST PRACTICES GUIDE / PAGE 46 OF 58 Microsoft Exchange Server on VMware vSphere CPU Memory Storage Network %RDY Ready – milliseconds in a 20,000ms window %USED Usage %ACTV Active SWW/s Swapin Rate SWR/s Swapout Rate ACTV Commands DAVG/cmd Device Latency KAVG/cmd Kernel Latency MbRX/s packetsRx MbTX/s packetsTx The preceding table indicates a few key counters that should be added to the list of inspection points for Exchange administrators. Of the CPU counters, the total used time indicates system load. Ready time indicates overloaded CPU resources. A significant swap rate in the memory counters is a clear indication of a shortage of memory, and high device latencies in the storage section point to an overloaded or misconfigured array. Network traffic is not frequently the cause of most Exchange performance problems, except when large amounts of iSCSI storage traffic are using a single network line. Check total throughput on the NICs to see whether the network is saturated. BEST PRACTICES GUIDE / PAGE 47 OF 58 Microsoft Exchange Server on VMware vSphere 5. VMware Enhancements for Deployment and Operations VMware vSphere provides core virtualization functionality. The extensive software portfolio offered by VMware is designed to help customers to achieve the ultimate goal of 100% virtualization and the software-defined data center. This section reviews some of the VMware products that can be used in an Exchange Server 2016 environment virtualized on vSphere. 5.1 VMware NSX for vSphere Although virtualization has allowed organizations to optimize their compute and storage investments, the network has mostly remained physical. VMware NSX for vSphere solves datacenter challenges found in physical network environments by delivering software-defined network and security. Using existing vSphere compute resources, network services can be delivered quickly to respond to business challenges. VMware NSX is the network virtualization platform for the Software-Defined Data Center (SDDC). By bringing the operational model of a virtual machine to your data center network, you can transform the economics of network and security operations. NSX lets you treat your physical network as a pool of transport capacity, with network and security services attached to VMs with a policy-driven approach. 5.1.1 VMware NSX Edge Although the Client Access Servers (CAS) role has been coupled with the Mailbox Server role in Exchange Server 2016, client access to the Exchange infrastructure still requires efficient load balancing to provide a highly available and well-performing experience for end users. To provide this functionality, hardware load balancers are deployed in front of the Mailbox servers. If the load balancer solution must be highly available, this can double the hardware investment required. In multisite deployments, this can mean up to four hardware load balancers to provide a highly available load balancing solution. VMware NSX Edge™ provides load balancing for virtual machines through a virtual appliance. NSX Edge can be deployed in a high availability pair, providing better protection than hardware load balancing solutions without the additional hardware or management overhead. The NSX Edge load balancer enables application or service requests to be distributed across multiple back-end servers in a pool. NSX Edge Load Balancer includes the following functions: • Virtual IP (VIP) Address: An IP address and service port number used by the user to access the service. • Server Pool: The pool of back-end servers that need to be load balanced. A VIP address is associated with the server pool. • Service Monitor: Defines the health-check parameters for a particular type of network traffic. A service monitor is associated with the server pool to monitor the pool members. • Application Profile: Defines the behaviour of a particular type of network traffic. Examples: the session persistence parameter and SSL parameters. VMware NSX 6.2 introduces support for more VIPs, from 64 to 1024 per edge. This reduces the number of edges that need to be deployed, thereby reducing the data center footprint and improving scalability in terms of manageability. VMware NSX 6.2 also introduces new improvements in terms of monitoring and failure reporting, support for port range when creating VIPs as well as tighter integration with third party load balancers. VMware NSX 6.2 also adds support for F5 integration. Prior to VMware NSX 6.2, health monitoring checks were configured with intervals and retries. Probes were sent at configured intervals to test the connectivity with the specific application. The default interval was 5 seconds and the default settings for retries was 3. This type of configuration cannot detect intermittent failures in the load balancer pool, making troubleshooting difficult. BEST PRACTICES GUIDE / PAGE 48 OF 58 Microsoft Exchange Server on VMware vSphere With VMware NSX 6.2, health monitoring is more granular. The edge can immediately report specific probe failures. The system can also track last health check and status changes that a pool has experienced. It can also report the reason for the failures. All these improvements simplify troubleshooting. Prior to VMware NSX 6.2, a VIP was a combination of the VIP IP address and a port. Applications required to listen on multiple ports or port ranges need the creation of multiple VIPs, one for every port. This significantly affects the scalability of the solution in terms of operations and troubleshooting and increases the number of edges that need to be deployed. VMware NSX 6.2 adds support for listening on multiple port ranges. A VIP can be associated with multiple ports or port ranges, thereby improving the scalability and reducing the number of edges that need to be deployed. NSX Edge supports both Layer 7 (the recommended load-balancing option without session affinity requirements in Exchange Server 2016) and Layer 4 load balancing of HTTP and HTTPS protocols. It supports multiple load balancing methods, such as round robin and least connection. Layer 7 HTTP/HTTPS VIP address are processed after the NSX Edge firewall. NSX Edge uses the faster Layer 4 load-balancer engine. The Layer 4 VIP address is processed before NSX Edge firewall. The NSX Edge services gateway supports the following deployment models for load-balancer functionality: • One-arm load balancer • Inline load balancer 22.214.171.124. One Arm Load Balancer The advantage of the one arm load balancer model is that it is simpler to deploy and flexible. It allows deployment of load balancer services (VMware NSX Edge appliances) directly on the logical segments where they are needed without requiring any modification on the centralized VMware NSX Edge that provides routing communication to the physical network. On the downside, this option requires provisioning of more VMware NSX Edge instances and mandates the deployment of source NAT that does not allow the servers in the DC to have visibility into the original client IP address. The load balancer can insert the original IP address of the client into the HTTP header before performing source NAT (a function named Insert X-Forwarded-For HTTP header). This provides the servers visibility into the client IP address, but it is limited to HTTP traffic. 126.96.36.199. Inline Load Balancer The inline load balancer model is also simple and allows the servers to have full visibility into the original client IP address. It is less flexible from a design perspective, as it usually forces using the load balancer as default gateway for the logical segments where the server farms are deployed and this implies that only centralized (and not distributed) routing must be adopted for those segments. The load balancer is another logical service added to the NSX Edge that is already providing routing services between the logical and the physical networks. Therefore, VMware recommends increasing the form factor of the NSX Edge to X-Large before enabling load balancing services. BEST PRACTICES GUIDE / PAGE 49 OF 58 Microsoft Exchange Server on VMware vSphere Figure 22 - Load-Balancing Exchange Server 2016 with NSX Edge 5.1.2 VMware NSX Distributed Firewall Exchange 2013 can leverage VMware NSX for vSphere to provide application layer isolation against unauthorized access. Isolation at this level typically requires hardware firewalls and multiple VLANs in a physical networking environment. With NSX Distributed Firewall, this capability is delivered in software through in kernel module. The distributed firewall provides security filtering and service chaining functions on every host prepared for VMware NSX. The throughput scales as hypervisors are added. The distributed firewall kernel module is embedded in the VMkernel. It is deployed as a VMware infrastructure bundle (VIB) during the host preparation process. The firewall rules are configured by the administrator using the vSphere Web Client or REST APIs. The NSX Manager stores the rules in its database and pushes the policies to the ESXi hosts through the message bus agent. You can create different types of firewall rules with VMware NSX. Application-aware policies can use dynamic tagging and user identity. Infrastructure-aware policies can use vCenter inventory objects as the basis for rules. Network-based policies are the most common (and traditional) types of policies that use Layer 2 and Layer 3 data for the rules. Note If you have vShield App version 5.5, you can upgrade to NSX. If you have a prior version of vShield App in your infrastructure, you must upgrade to version 5.5 before upgrading to version 6.0. BEST PRACTICES GUIDE / PAGE 50 OF 58 Microsoft Exchange Server on VMware vSphere After you upgrade firewall to NSX, move the grouping objects used by firewall rules to global scope. To do this, use NSX APIs to create new grouping objects with the same members and then update the relevant firewall rules with the new IDs. Figure 23. NSX Distributed Firewall Capability 5.2 VMware vRealize Operations Manager VMware vRealize® Operations Manager™ can provide a holistic approach to performance, capacity, and configuration management. By using patented analytics, service levels can be proactively monitored and maintained. When performance or capacity problems arise in your Exchange environment, vRealize Operations Manager is able to analyze metrics from the application all the way through to the infrastructure to provide insight into problematic components, whether they are compute (physical or virtual), storage, networking, OS, or application related. By establishing trends over time, vRealize Operations Manager can minimize false alerts and proactively alert on the potential root cause of increasing performance problems before end users are impacted. In an Exchange environment, constant monitoring is required to maintain acceptable service levels, not only for end users, but also for the Exchange components. vRealize Operations Manager includes patented capacity analytics that can eliminate the need for spreadsheets, scripts, or rules of thumb. Quickly run through “what if” capacity scenarios to understand growth trends and identify upcoming compute power shortages or over-provisioned resources. As an application comprising multiple components, Exchange performance and functionality can be affected by changes made at many levels. vRealize Operations Manager monitors configurations across virtual machines and detects unwanted changes to help maintain continuous compliance with operational best practices. BEST PRACTICES GUIDE / PAGE 51 OF 58 Microsoft Exchange Server on VMware vSphere Figure 24. vRealize Operations 5.3 Site Recovery Manager Site Recovery Manager takes advantage of virtual machine encapsulation to make testing, validating and initiating disaster recovery (DR) failover a straightforward, integrated vCenter process. Site Recovery Manager runs alongside vCenter Server to provide planning, testing, and automated recovery in the case of a disaster. By using VMware vSphere Replication or storage-based replication technology, Site Recovery Manager eliminates the manual steps required during a failover scenario to provide consistent and predictable results. The following is a high-level overview of steps that can be performed with Site Recovery Manager during a test or actual failover. • Shut down production virtual machines, if the production site is still reachable (actual failover). • Promote recovery storage to primary (actual failover). • Take and mount a snapshot of recovery storage in read/write mode (test failover). • Rescan recovery site ESXi hosts to make storage visible. BEST PRACTICES GUIDE / PAGE 52 OF 58 Microsoft Exchange Server on VMware vSphere • Register recovery virtual machines, using placeholder (VMX) files representing protect VMs at DR site. • Power on registered virtual machines at the recovery site, in the exact order specified in the recovery plan. • Using information contained in recovery plan, reconfigure VM IP addresses, if required. • If configured, recovery step pauses for external administrator’s tasks. • Continue with recovery steps upon completion of administrator’s actions. • Verify that VMware Tools starts successfully on recovered virtual machines. • Execute any in-guest (or SRM server-hosted) scripts and commands specified in the recovery plan. • Notify administrators about completion. • Power off recovered virtual machines (test failover). • Unregister virtual machines (test failover). • Remove storage snapshot from the recovery side (test failover). • Provide option to configure protection for recovered VMs, as soon as failed site becomes operational, or to another surviving site. Exchange Server’s native high availability feature (DAGs) can provide high availability by implementing database-level intra- and inter-site database replication for all (or some) Exchange Server databases. Although DAG is an excellent choice for data center high availability, the application-centric nature of a DAG might not be in line with a company’s disaster recovery plans. In addition, configuring DAG for the purposes of timely and optimal recovery of Exchange services in the event of a catastrophic data center failure is complex, costly and less reliable than leveraging the features and capabilities of the VMware Site Recovery Manager. Site Recovery Manager is not a replacement for application-aware clustering solutions (such as DAG) that might be deployed within the guest operating system. Site Recovery Manager provides integration of the replication solution, vSphere, and optionally customer-developed scripts to provide a simple, repeatable, and reportable process for disaster recovery of the entire virtual environment, regardless of the application. Site Recovery Manager complements and enhances Exchange DAG capabilities by streamlining, automating and optimizing recovery operations in the event of a site-level disaster. BEST PRACTICES GUIDE / PAGE 53 OF 58 Microsoft Exchange Server on VMware vSphere Figure 25. VMware Site Recovery Manager – Logical Components The Exchange 2016 Preferred Architecture (http://blogs.technet.com/b/exchange/archive/2015/10/12/theexchange-2016-preferred-architecture.aspx) prescribes a minimum of four DAG copies AND three geographically-dispersed data centers to achieve a semblance of site resilience and disaster recovery with DAG. Even with these requirements, the following impediments still make Site Recovery Manager a superior DR solution over DAG: • No testing capability – Numerous changes happen over the life of a given IT infrastructure. Some of these changes invalidate previous configurations, scripts and processes, requiring iterative updates and testing. A disaster recovery plan requires reliability and assurance because an actual disaster event is not the best time to discover that a previously-configured recovery plan has been invalidated by later infrastructure changes. Site Recovery Manager enables continuous, periodic testing and reconfiguration of recovery plans without inducing interruption or service outage in the Exchange Server infrastructure. Simulating recovery from a site disaster event with Exchange DAG requires service interruption for the duration of the simulation exercise. Post-simulation, returning the Exchange infrastructure to its prior state – a one-click operation with Site Recovery Manager – is also a complex undertaking, requiring multiple steps and a lengthy database reseeding operation. • Cost efficiency – Site Recovery Manager is more cost-efficient, both in terms of administrative efforts and financial costs. Each of the four Exchange Servers required to satisfy the preferred architecture design requirements needs its own server hardware, OS, Exchange, antivirus and other application licenses, in addition to the storage to support the configuration. Even when configured with DAG as prescribed, the associated administrative, management and maintenance efforts required to support the design can become quickly overwhelming and prohibitive. With Site Recovery Manager, you can achieve a better DR solution with just a two-member DAG configuration, providing a better and less costly alternative to the preferred architecture design. • Unified DR Solution – Exchange DAG is a high availability solution for Exchange Servers and only Exchange Servers. An Exchange Server instance has multiple dependencies (Active Directory, backup and other messaging hygiene and security components, and so on), which are required to be BEST PRACTICES GUIDE / PAGE 54 OF 58 Microsoft Exchange Server on VMware vSphere available before Exchange Server services can be successfully recovered in the event of a site disaster. Recovering Exchange Servers alone in this configuration does not add much value unless the dependencies themselves are recovered as well. Site Recovery Manager is application-agnostic and suitable for protecting and recovering any server, including the dependencies that DAG cannot protect. The unification of a disaster recovery solution improves efficiency and reduces costs. Administrators do not have to manage multiple DR solutions, removing confusion, complexity and stress in an otherwise stressful situation such as a DR event. As stated by Microsoft: “The specific prescriptive nature of the PA means of course that not every customer will be able to deploy it (for example, customers without multiple data centers). And some of our customers have different business requirements or other needs which necessitate a different architecture. If you fall into those categories, and you want to deploy Exchange on-premises, there are still advantages to adhering as closely as possible to the PA, and deviate only where your requirements widely differ”. Disaster recovery for a production, enterprise-level Exchange Server infrastructure is a critical design consideration that requires deviation from Microsoft’s prescriptive guidance. The following is a high-level overview of Site Recovery Manager as a DR solution for an Exchange Server infrastructure. See the Exchange Server High Availability and Disaster Recovery on VMware vSphere Guide (http://www.vmware.com/files/pdf/Exchange_2013_on_VMware_Availability_and_Recovery_Options.pdf) for a detailed discussion of this topic. Figure 26. Challenges with Exchange Server DAG as a DR Solution Using Site Recovery Manager to protect Exchange Server components (including DAG) and infrastructure is a fully supported configuration. Because Site Recovery Manager is application-agnostic, it does not interfere with, modify or otherwise affect Exchange Servers. Site Recovery Manager is not involved in the replication of the VM files and data from a protected site to a recovery site. This function is performed by the applicable storage replication components of the customer’s choosing. Site Recovery BEST PRACTICES GUIDE / PAGE 55 OF 58 Microsoft Exchange Server on VMware vSphere Manager provides the necessary storage API (storage replication adapter) required for to interact with the underlying storage infrastructure. Site Recovery Manager does not need to install any agent or components on the virtual machine. Site Recovery Manager adds automation and orchestration capabilities to a virtual infrastructure, affording customers the ability to configure a comprehensive recovery plan that includes every facet of the recovery steps and actions required to restore services to an Exchange infrastructure in a DR scenario. Site Recovery Manager includes the capability to pause a recovery operation to allow for manual administrative intervention where required (for example, reconfigure DNS records or load balancer configuration in a non-stretched network) as well as script callouts. Figure 27. Faster Exchange Service Recovery with Site Recovery Manager Automated DR Workflows Site Recovery Manager supports all the features of a vSphere infrastructure, including, DRS, vSphere HA, Fault Tolerance, and Virtual SAN. vMotion support includes storage and cross-data center vSphere vMotion operations. While Site Recovery Manager supports configuring an isolated test network for testing disaster recovery plan, it does not require such configuration – a test failover operation autogenerates the fenced network that is required to isolate the recovered Exchange infrastructure from the production environment. Site Recovery Manager provides – multiple topologies and recovery options for protecting an organization’s Exchange Server infrastructure: • Active-Passive – Site Recovery Manager supports the traditional active-passive DR scenario, where a production site running applications is recovered at a second site that is idle until failover is required. Although the most common configuration, this scenario also means that you are paying a lot of money for a DR site that is idle most of the time. • Active-Active – To make better use of the recovery site, Site Recovery Manager also enables you to leverage your recovery site for other workloads when you aren’t using it for DR. Site Recovery Manager can be configured to automatically shut down or suspend VMs at the recovery site as part of the failover process so that you can easily free up compute capacity for the workloads being recovered. • Bidirectional – Site Recovery Manager can also provide bidirectional failover protection so that you can run active production workloads at both sites and failover to the other site in either direction. The spare capacity at the other site will be used to run the VMs that are failed over. BEST PRACTICES GUIDE / PAGE 56 OF 58 Microsoft Exchange Server on VMware vSphere • Shared Recovery Sites – Although less common, some of customers need to be able to failover within a given site or campus, for example when a storage array failure occurs or when building maintenance forces movement of workloads to a different campus building. • Active-Active Datacenters – This is a new topology supported with metro-distance stretched storage solutions. Production apps run at both sites, and the stretched storage provides synchronous reads and writes on storage when sites are within a metro distance (less than 100 km). Site Recovery Manager is used to orchestrate recover or even live migration of VMs between sites. Figure 28. Failover Scenarios with Site Recovery Manager BEST PRACTICES GUIDE / PAGE 57 OF 58 Microsoft Exchange Server on VMware vSphere VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright © 2016 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.