Export (0) Print
Expand All
Expand Minimize

Microsoft Exchange Server 2003 Clustering Improvements

 

Topic Last Modified: 2006-03-08

Compiled by Nino Bilic

This article provides an overview of the major improvements that were made to Microsoft® Exchange Server 2003 clustering from clustering in earlier versions of Exchange Server, namely Exchange 2000 Server.

Exchange Server 2003 enhances clustering capabilities by support for eight-node Exchange clusters. Eight-node clusters are supported only when running the Microsoft Windows Server™ 2003, Enterprise Edition or Windows Server 2003, Datacenter Edition operating system. Another requirement for eight-node clusters is that at least one node must be passive.

Volume mount points are supported on shared disks when the nodes of your cluster are running Window Server 2003, Enterprise Edition or Datacenter Edition with four or more nodes. Volume mount points are directories that point to specified disk volumes in a persistent manner. For example, you can configure C:\Data to point to a disk volume. Mount points bypass the need to associate each disk volume with a drive letter, thereby surpassing the 26 drive letter limitation.

For more information about mounted drives, see the Windows Server 2003 documentation.

For clustering in Exchange Server 2003, the amount of time it takes to fail over to another node is reduced, thereby improving overall performance. This section provides information about these improvements to failover times.

To decrease the amount of time it takes to fail over a server, Exchange Server 2003 provides an improved dependency hierarchy for Exchange services. Specifically, the Exchange protocol services, which were previously dependent on the Microsoft Exchange Information Store service, are now dependent on the Microsoft Exchange System Attendant service.

The following figure shows the hierarchy of Exchange dependencies in Exchange 2000 Server.

c93a76b1-f25b-497b-a416-caf2b99d74d2

The following figure shows the hierarchy of Exchange dependencies in Exchange Server 2003.

34714516-6877-475d-897a-50e0ab4735b4
noteNote:
In Exchange Server 2003, the IMAP4 and Post Office Protocol version 3 (POP3) resources are not created automatically when you create a new Exchange virtual server.

If a failover occurs, this improved hierarchy allows the Exchange mailbox stores, public folder stores, and Exchange protocol services to start simultaneously. As a result, all Exchange resources, except the System Attendant service, can now start and stop simultaneously, thereby improving failover time. Additionally, if the Exchange store stops, it is no longer dependent on other services to restart.

Another benefit is the reduction of downtime resulting from an Exchange virtual server failover. This reduction can save several minutes, which is significant when you consider that the average failover time for an Exchange virtual server running on Windows® 2000 Server was only three to eight minutes, depending on the number of users hosted by the Exchange virtual server.

When running Exchange Server 2003 on Windows Server 2003, the speed at which Exchange detects an available node, and then fails over to that node is reduced. Therefore, for both planned and unplanned failovers, downtime is reduced.

Exchange Server 2003 provides the following security improvements.

The permissions needed to create, delete, or modify an Exchange virtual server are modified in Exchange Server 2003. The best way to understand these modifications is to compare the Exchange 2000 Server permissions model with the new Exchange Server 2003 permissions model.

  • Exchange 2000 Server permissions model   For an Exchange 2000 Server Cluster Administrator to create, delete, or modify an Exchange virtual server, the cluster administrator's account and Cluster service requires the following permissions::

    • If the Exchange virtual server is the first Exchange virtual server in the organization, you must have Exchange Full Administrator permissions at the organizational level.

    • If the Exchange virtual server is not the first Exchange virtual server in the organization, you must have Exchange Full Administrator permissions at the administrative group level.

  • Exchange Server 2003 permissions model   In Exchange Server 2003, the permissions model has changed. The Windows Cluster Service account no longer requires Exchange -specific permissions. Specifically, Windows Cluster service account no longer requires Exchange-specific permissions. Specifically, the Windows Cluster service account no longer requires that the Exchange Full Administrator role be applied to it, neither at the Exchange organization level nor at the administrative group level. Its default permissions in the forest are sufficient for it to function in Exchange Server 2003.

    As with Exchange 2000 Server, the cluster administrator requires the following permissions::

    • If the Exchange Virtual Server is the first Exchange Virtual Server in the organization, the cluster administrator must be a member of a group that has the Exchange Full Administrator role applied at the organization level.

    • If the Exchange Virtual Server is not the first Exchange Virtual Server in the organization, you must use an account that is a member of a group that has the Exchange Full Administrator role applied at the administrative group level. Depending on the mode in which your Exchange organization is running (native mode or mixed mode), and depending on your topology configuration, your cluster administrators must have the following additional permissions:

    When your Exchange organization is in native mode, if the Exchange Virtual Server is in a routing group that spans multiple administrative groups, the cluster administrator must be a member of a group that has the Exchange Full Administrator role applied at all the administrative group levels that the routing group spans. For example, if the Exchange Virtual Server is in a routing group that spans the First Administrative Group and Second Administrative Group, the cluster administrator must use an account that is a member of a group that has the Exchange Full Administrator role applied at First Administrative Group and must also be a member of a group that has the Exchange Full Administrator role applied at Second Administrative Group

    noteNote:
    Routing groups in Exchange organizations running in native mode can span multiple administrative groups. Routing groups in Exchange organizations running in mixed mode cannot span multiple administrative groups
    noteNote:
    When your Exchange organization is in native mode, if the Exchange virtual server is in a routing group that spans multiple administrative groups, you will need Exchange Full Administrator permissions on that administrative group as well.
    noteNote:
    In topologies such as parent or child domains where the cluster server is the first Exchange server in the child domain, you must have Exchange Administrator Only permissions at the organizational level to specify the server responsible for the Recipient Update Service in the child domain.

Essentially, the primary change to the permissions model for Exchange Server 2003 is that the Cluster service no longer requires Exchange Full Administrator rights to create, delete, or modify an Exchange virtual server.

The Kerberos authentication protocol is a security protocol that verifies identification data to help ensure that both user and network services are safe. In Exchange 2000 Server, the default authentication for Exchange virtual servers was the NTLM protocol. This is because the Cluster service did not support Kerberos enablement of a cluster group until Windows 2000 Server Service Pack 3 (SP3).

In Exchange Server 2003, the Kerberos authentication protocol is enabled by default when you create an Exchange virtual server on a server running Windows Server 2003 or Windows 2000 Server SP3.

You can use Internet Protocol security (IPsec) if a secure channel is required between front-end and back-end cluster servers. This configuration is fully supported when both the front-end servers and back-end servers are running Exchange Server 2003 on Windows Server 2003.

Because IMAP4 and POP3 protocols are not needed on all Exchange servers, the IMAP4 and POP3 protocol resources are no longer created when you create an Exchange virtual server.

Exchange Server 2003 performs more prerequisite checks on clusters than previous versions of Exchange. For example, Exchange performs more installation checks to help ensure that Exchange is installed on your cluster nodes correctly. Similarly, Exchange Server 2003 performs more virtual server checks to help ensure that Exchange virtual servers are configured correctly.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft