mfg1
asked on
Exchange 2010 DAG Site to Site Configuration
Hi I have a client who currently has 2 Windows Server 2008 Ent machines and we have setup a site to site VPN connection which works perfect, however they are currently only running exchange 2010 Std on the server in there main office the other server is just currently being used for DFS-R.
Basically what they want is a failover site as they are out on the road a lot so incase of the internet going down at the main site the passive copy would come online at the second site.
Now from what what I understand I would need either a witness server or another hub transport server in place so each server know whats going on?
Basically I need to know do I need the witness server at a 3rd site or is there a better way of doing this maybe not even using DAG's?
I look forward to your comments, thank you.
Basically what they want is a failover site as they are out on the road a lot so incase of the internet going down at the main site the passive copy would come online at the second site.
Now from what what I understand I would need either a witness server or another hub transport server in place so each server know whats going on?
Basically I need to know do I need the witness server at a 3rd site or is there a better way of doing this maybe not even using DAG's?
I look forward to your comments, thank you.
you will need an extra server in the main site to act as a share witness (no need for it to be an exchange server) to implement your DAG that's it
ASKER
I understand that but its the internet line going down which I feel is the issue as where should the witness server be as both servers need to see it to bring the DB online?
if the internet goes down the server not being able to see the sharewitness will go down...
so maybe i miss understood your question
so maybe i miss understood your question
ASKER
yes so i need to make sure they can both see the witness server at all times is a third site the answer?
both being able to see the witness at all times will drag you into a split brain scenario
suppose
suppose
server 1 sees the witness so it thinks server 2 is down and keep the db up
server 2 sees the witness so it thinks server 1 is down and brings the db up
ASKER
where should the witness server be? main site or site 2?
in the site you want to go down if the connection between the 2 is down
ASKER
but what if the 2nd site internet connection goes down does this mean that site1 DB will fail?
first let me fix a typo i did in my previous post the share witness should be in the site you DON'T want to go down if the wan link between both goes down.
the idea is that you have 3 voters node1 node2 and the SW. at anytime any node should be able to see 2 out of 3 to decide he is not down but the other node.
going back to your original idea of a 3rd site it would be possible assuming that node1 and node2 can communicate together thru this 3rd site also
the idea is that you have 3 voters node1 node2 and the SW. at anytime any node should be able to see 2 out of 3 to decide he is not down but the other node.
going back to your original idea of a 3rd site it would be possible assuming that node1 and node2 can communicate together thru this 3rd site also
ASKER
i understand but both of the servers are in different locations, which means if the internet goes down at the site with 1 exchange and witness server surly this means the DB wont mount?
If internet goes down at the site with file share witness the db in the other site will not mount.
Nothing we can do about it this is by design
Nothing we can do about it this is by design
ASKER
so my idea of the third site is a good idea or not?
again the problem with the 3rd site is that you might end up with a split brain as we discussed before
ASKER
ok, I assume you understand my problem here I need the email system to be up all the time and if any site goes down they can point to the other and continue working.
is this not the norm? is there not a better solution? my client wants the exchange system to be virtually bomb proof as he is always travelling and sometimes there is no one in the office for weeks.
is this not the norm? is there not a better solution? my client wants the exchange system to be virtually bomb proof as he is always travelling and sometimes there is no one in the office for weeks.
> is this not the norm
no it is not, the problem is DAG across sites was designed to be Active / Passive and not Active/Active so you cannot have live databases at the same time in 2 different sites and be able to accommodate link failures. I know it is kind of hard to believe but this is the way it is. sorry
> there not a better solution?
The solution is to have 4 exchange servers (2 in each sites) configured in 2 DAGs each one acting as active / passive
from a technical perspective you can hack the system by putting your share witness in a 3rd site as you previously said and blocking the databases to auto-mount each in a different site.
In that case we are taking manually care of the split brain syndrome but I can't say it is a fool proof solution since the slightest error would lead to split brain and huge problems and that is why i never mentioned the "solution" till now
no it is not, the problem is DAG across sites was designed to be Active / Passive and not Active/Active so you cannot have live databases at the same time in 2 different sites and be able to accommodate link failures. I know it is kind of hard to believe but this is the way it is. sorry
> there not a better solution?
The solution is to have 4 exchange servers (2 in each sites) configured in 2 DAGs each one acting as active / passive
from a technical perspective you can hack the system by putting your share witness in a 3rd site as you previously said and blocking the databases to auto-mount each in a different site.
In that case we are taking manually care of the split brain syndrome but I can't say it is a fool proof solution since the slightest error would lead to split brain and huge problems and that is why i never mentioned the "solution" till now
ASKER
I have been doing some more research would the SP1 update with DAC not help?
No, again DAC, has nothing to do with this, it is to avoid split brain if the main site is back online before the network .
ASKER
This is what we have read:-
DAC mode is configured to avoid a “split brain syndrome”. I will explain with an example. Let’s say we have a four member DAG, with two servers in each datacenter. The primary datacenter hosts the witness server and hence will always be in quorum. Now, let’s say that a power outage occurs in the primary datacenter and the exchange admin activates the secondary datacenter with an alternate file share witness.
When the power is restored in the primary site, servers come online quicker than the WAN links. Hence, when the two DAG members and witness server comes online, it has a quorum (majority) and will try to activate the databases. This will cause a “split brain syndrome” where both datacenters think that they are hosting the active databases.
DAC mode was introduced to avoid this situation. When DAC mode is enabled and the DAG members come back online, they will leverage a protocol called Datacenter Activation Coordination Protocol (DACP) before trying to mount the databases. The DACP is used to determine the current state of the DAG and whether Active Manager should try to mount the databases or not.
Now for the technical bit as to how DAC works!
Active Manager stores a bit in memory (either a 0 or 1) that tells the DAG whether it's allowed to mount local databases that are assigned as active on the server. When a DAG is running in DAC mode, each time Active Manager starts up, the bit is set to 0, which means that it isn't allowed to mount databases. When in DAC mode, the server must try to communicate with all other members of the DAG that it knows to get another DAG member to give it an answer as to whether it can mount local databases that are assigned as active to it. The answer comes in the form of the bit setting for other Active Managers in the DAG. If another server responds that it’s bit is set to 1, it means that servers are allowed to mount databases. Hence, the server starting up sets its bit to 1 and mounts its databases.
DAC mode is configured to avoid a “split brain syndrome”. I will explain with an example. Let’s say we have a four member DAG, with two servers in each datacenter. The primary datacenter hosts the witness server and hence will always be in quorum. Now, let’s say that a power outage occurs in the primary datacenter and the exchange admin activates the secondary datacenter with an alternate file share witness.
When the power is restored in the primary site, servers come online quicker than the WAN links. Hence, when the two DAG members and witness server comes online, it has a quorum (majority) and will try to activate the databases. This will cause a “split brain syndrome” where both datacenters think that they are hosting the active databases.
DAC mode was introduced to avoid this situation. When DAC mode is enabled and the DAG members come back online, they will leverage a protocol called Datacenter Activation Coordination Protocol (DACP) before trying to mount the databases. The DACP is used to determine the current state of the DAG and whether Active Manager should try to mount the databases or not.
Now for the technical bit as to how DAC works!
Active Manager stores a bit in memory (either a 0 or 1) that tells the DAG whether it's allowed to mount local databases that are assigned as active on the server. When a DAG is running in DAC mode, each time Active Manager starts up, the bit is set to 0, which means that it isn't allowed to mount databases. When in DAC mode, the server must try to communicate with all other members of the DAG that it knows to get another DAG member to give it an answer as to whether it can mount local databases that are assigned as active to it. The answer comes in the form of the bit setting for other Active Managers in the DAG. If another server responds that it’s bit is set to 1, it means that servers are allowed to mount databases. Hence, the server starting up sets its bit to 1 and mounts its databases.
this is exactly what I said in my previous answer... please explain what are you trying to say
well it seems you might be lucky Shudown says it will work on 1 ip
http://www.shudnow.net/2008/08/21/how-anonymous-relay-works-in-exchange-2007/
http://www.shudnow.net/2008/08/21/how-anonymous-relay-works-in-exchange-2007/
kindly ignore my last post I was trying to answer another thread...
this is exactly what I told you about DAC what is your question ?
this is exactly what I told you about DAC what is your question ?
ASKER
Hi Akhater
2 sites over WAN VPN link both on server 2008 Ent with Exchange 2010. We want to failover to the second exchange if the main site goes down or internet goes offline.
Were getting so confused and can't believe this is not an option or easy to do.
Is this an option with 4 exchange servers 2 at each site?
Regards
MFG
2 sites over WAN VPN link both on server 2008 Ent with Exchange 2010. We want to failover to the second exchange if the main site goes down or internet goes offline.
Were getting so confused and can't believe this is not an option or easy to do.
Is this an option with 4 exchange servers 2 at each site?
Regards
MFG
the only way to accommodate for link failures (i.e. internet going down) is having 2 DAGs
so 4 servers would surely work Server1 active site1 passive site1 and Server2 active stie2 and passive site1
so 4 servers would surely work Server1 active site1 passive site1 and Server2 active stie2 and passive site1
ASKER
Thanks, is there anything else we should think about.
yes use exchange 2010 sp1 and put both dags in DAC mode
ASKER
I presume this is what data centres have to do?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.