Transcription
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster EnvironmentMailMarshal Exchange in aWindows ServerActive/Passive ClusterNovember, 2006ContentsIntroduction2Preparation3Generic Resource Creation4Cluster MailMarshal Install4Antivirus Software8Known issues9Further Information10This document is a step-by-step guide to help implementers of MailMarshal Exchange to effectively install MailMarshal Exchangein a Microsoft Windows 2000 Advanced Server Cluster as an Active/Passive cluster environment.MailMarshal Exchange implemented in this environment will support fail-over from one node within the cluster to another node inthe cluster with minimal loss of service availability in the event of a node failure, or the requirement for node maintenance. Thisimplementation includes support for Antivirus software configured within MailMarshal Exchange.Although this document specifically refers to Windows 2000, the same general steps can be followed to install MailMarshalExchange in Windows Server 2003 Cluster environments.1
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster EnvironmentIntroductionThis White Paper provides an overview of how to install and configure MailMarshal Exchange (hereafter referred toas MailMarshal) in a Windows 2000 Advanced Server Cluster. Each step is developed in detail.Target AudienceFor the purpose of this document it is assumed that the reader is familiar with Windows 2000 Advanced Server,Microsoft Exchange Server, and Microsoft Cluster configurations. The reader should also have a good understandingof messaging systems, networking architecture and database technology and terminology.It is also assumed that the reader has an understanding of MailMarshal. The steps required to perform the basicinstallation of MailMarshal onto any node are not explained here. The process is the same as that for anyMailMarshal installation and is covered in the MailMarshal User Guide.Document PurposeThe intended purpose of this document is to provide information to organizations that intend to implementMailMarshal in a Windows 2000 Advanced Server Cluster. The intent of this installation could be to provideautomatic fail-over for redundancy and continuance of service in the event of a system failure, or scheduledmaintenance tasks.This document does not describe every possible scenario in detail. Those familiar with Microsoft Cluster Servicesshould be able to use the concepts described in this document and apply them to differing cluster environments.Note: In particular, MailMarshal Exchange can also be installed in Windows Server 2003 Cluster environments.PreparationUse the latest available version of MailMarshal. Ensure that the prerequisites needed for MailMarshal are installedon both nodes of the Cluster. For a basic MailMarshal configuration Windows 2000 Advanced Server has allnecessary prerequisites installed by default. Microsoft Exchange Server 2000 SP2 or greater must have already beeninstalled, configured into the cluster and tested.Plan the EnvironmentMailMarshal requires a Microsoft SQL 7.0, SQL 2000, or SQL 2005 Database server to log reporting informationrelated to email traffic and content. In smaller environments MSDE or SQL 2005 Express can be used for this purpose.Therefore two general scenarios exist:1.MailMarshal and Microsoft Exchange Server can reside on one node of the cluster, and Microsoft SQL Server onthe other node. Both will reside on a single node in the event of a fail-over.2.MailMarshal and Microsoft Exchange Server can reside on one node of the cluster, with another businessapplication on the other node. In this case the SQL Server will reside on an entirely different server in thenetwork.Note: Most environments where a Cluster Server is required for service continuance will be large enough towarrant a full Microsoft SQL Server database server for logging/reporting purposesIt is important that the sizing of the hardware used for the cluster be done with care. In the event of a node failure orthe requirement for system maintenance, a single node in the cluster may be required to run all applications that aresupported by the cluster. The system should be sized to adequately support this eventuality without unnecessarilydelaying message processing.In the event that assistance is required to plan and size the environment Marshal or your Marshal Partner will be ableto assist.2
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster EnvironmentExample EnvironmentIn the example environment presented in this white paper we have used the second scenario described above. Thisenvironment is illustrated in Figure 1. The Cluster Server is a dual node Compaq CL850 Server, with 4 GB SystemDisks in each node and a 9 GB Shared Disk for MailMarshal and MSDE. Each node has 512MB of RAM. The ReportLogging is to a Microsoft SQL 7.0 Server on a Compaq ProLiant 8500. This server has two sets of mirrored disks, onefor system and SQL logs, and the other for the SQL 7.0 database.MailMarshal Example Cluster EnvironmentCompaq CL850 Cluster ServerCompaq Proliant 8500 ServerPL8500CLUSTER01MailMarshalExchange sourceCLUSTER02Shared SCSI Bus10.1.100.1010.1.100.20Cluster 20Local Area Network 30Figure 1This environment is fairly typical.PreparationThe following section gives step-by-step instructions for implementation of the example environment. Following thisexample the general concepts employed can be used to implement a similar scenario.Install prerequisitesApart from Microsoft Exchange Server, all other prerequisites for MailMarshal are bundled and installed withWindows 2000 or Windows 2003. The full list of prerequisites is: Microsoft Exchange Server 2000 or 2003 Microsoft Management Console (MMC) 1.2 Internet Explorer 5.x or aboveIt is recommended (but not required) that Windows 2000 Service Pack 4 (SP4) at least be installed.Install Reporting Database SoftwareIf the Reporting Database is to be on a Microsoft SQL Server not in the Cluster and this has yet to be installed, thenthis install should be completed prior to the MailMarshal installation. The instructions for performing this installationare supplied with Microsoft SQL Server.3
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster EnvironmentGeneric Resource CreationShared resources within the Cluster will have already been created as part of the Microsoft Exchange installation.These will include the Shared Storage (Disk), IP address and Network Name that will be used.Cluster Resource GroupIn the example illustrated here the default Resource group used by the Microsoft Exchange installation will be used.This was named Cluster Group. This group will house the elements required to host MailMarshal Exchange in theCluster.Shared StorageShared Storage should be created that is adequate for MailMarshal Exchange and any quarantine and Archivemessage storage. These items should ideally be stored on the same disk as that used by Microsoft Exchange Server.You may choose to house the quarantine and archive folders on a separate shared disk. MailMarshal will requireabout 500MB of disk. However if message archiving is to be employed, or quarantined data is to be retained forextended periods, the available disk will obviously need to be larger. A separate exercise should be conducted toestimate this disk requirement based on the number of users, volume and type of email and retention days requiredfor message archives and quarantine.IP AddressThere should already be a Shared IP Address resource for Microsoft Exchange Server in the cluster. This resource willbe used to reference the machine by IP address from the network no matter which node in the cluster is hostingMicrosoft Exchange Server and MailMarshal.Note: In our example configuration this IP Address is 192.168.72.30.Network NameA Shared Network Name resource for Microsoft Exchange Server should also already be present in the cluster. Thisresource will be used to reference the machine by Name from the network no matter which node in the cluster ishosting Microsoft Exchange Server and MailMarshal.Note: In our example configuration this network name is DEMOCLUSTER.Once these resources are created they should all be visible located within the Cluster Group Resource Group.Cluster MailMarshal InstallThe following steps detail how to install MailMarshal Exchange onto the Windows 2000 Advanced Server Cluster.MailMarshal will be installed onto the same Shared Disk resource used for Microsoft Exchange Server and configuredinto the Cluster Group Resource group created previously.Installing MailMarshal into the Cluster1. Take the Microsoft Exchange Server and IIS services offline on all nodes of the cluster.2.Install MailMarshal Exchange onto Node 1 (CLUSTER01) of the Cluster ensuring that the Shared Disk resource isused as the install destination. When prompted for an installation type, choose MailMarshal Server. Do notlaunch the Configurator at the end of the initial set-up.3.Once MailMarshal is installed, go to the Windows 2000 Service Control applet and stop the MailMarshalExchange Controller Service. Open the Service details and set the Startup type to Manual for both MailMarshalExchange Services. These Services are: MailMarshal Exchange Controller MailMarshal Exchange Engine4
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster Environment4.Move the Cluster Group Resource group in the Cluster Manager to Node 2 (CLUSTER02).5.Install MailMarshal Exchange onto Node 2 (CLUSTER02) of the Cluster ensuring that the Shared Disk resource isused as the install destination. When prompted choose the same values and options chosen in step 2. Do notlaunch the Configurator at the end of the initial set-up.6.Once MailMarshal is installed, go to the Windows 2000 Service Control applet and stop the MailMarshalExchange Controller Service. Open the Service details and set the Startup type to Manual for both MailMarshalExchange Services. These Services are:7. MailMarshal Exchange Controller MailMarshal Exchange EngineMove the MailMarshal Resource group in the Cluster Manager to Node 1 (CLUSTER01).Configuring Cluster Resources for MailMarshal1.Create a new Generic Service Resource called MailMarshal Exchange Controller.2.Add both nodes as Possible owners.5
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster Environment3.In the Resource dependencies add the Shared Disk, IP Address, and Network Name as dependant Resources.4.Use MMEController for the Service name.5.Specify that the MailMarshal Exchange Registry key should be replicated. The key is:\Software\Marshal Software\MailMarshal for Exchange6
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster Environment6.Create new Generic Service resources for the MailMarshal Exchange Engine Service.7.Ensure that both nodes are Possible owners.8.Make the MailMarshal Exchange Controller Service the only Resource dependency.9.Use MMEEngine as the Service Name.10. No Registry Keys need to be replicated for this resource.11. Bring the MailMarshal Controller resource online on Node 1 (CLUSTER01).7
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster Environment12. Start the MailMarshal Configurator on Node 1 (CLUSTER01) and perform the basic configuration of the gateway.Once configuration is completed, close the MailMarshal Configurator and choose No to the Reload Services nowprompt.13. Open the Cluster Manager and take the MailMarshal Exchange Controller resource offline.14. Bring the MailMarshal Exchange Controller resource online and then bring the MailMarshal Exchange Engineresource online.15. Move the Cluster Group Group to Node 2 (CLUSTER02).16. Now testing can be performed to ensure that MailMarshal Exchange and Microsoft Exchange Server movebetween nodes correctly when servers fail or have been shut down.This concludes the installation and configuration of MailMarshal Exchange into a Windows 2000 Cluster.Antivirus SoftwareWhen installing Antivirus software onto a Windows Server with Clustering it is recommended that you follow theadvice of the Antivirus vendor with respect to this environment. However general guidelines and suggestions forinstalling generic Antivirus software are given here.Install the Antivirus software separately on each node of the cluster and to the disk on which the Windows 2000Advanced Server system software is installed (Not a shared resource). Do not configure the Antivirus software as aCluster resource. In this environment the MailMarshal group can be moved to an alternate node while Antivirussoftware is upgraded.Three Antivirus packages have been validated in this environment and found to perform well. They are MarshalIntegrated McAfee Antivirus, Sophos AntiVirus and Norman Virus Control.8
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster EnvironmentNote: Additional Antivirus packages have been validated for use with MailMarshal. They have not been tested inthis specific environment, but there is no evidence to suggest they will not work equally well.Marshal Integrated McAfee AntivirusIt is recommended that Marshal Integrated McAfee Antivirus be installed on each node individually in the samemanner as for MailMarshal itself. The “Marshal Integrated McAfee Updater” Service (McAfeeDATUpdater) controlsthe updating. This service should be created as a Generic Service that fails over between the nodes in the same wayas the other MailMarshal Services. This service should only have the Name and IP addresses as dependencies.More information on Marshal Integrated McAfee Updater can be found at http://www.marshal.com and genericinformation on the McAfee Antivirus solution can be found at http://www.nai.com.Sophos AntiVirusIt is recommended that Sophos be installed onto the Cluster Nodes from a Central Installation Directory so thatupdates can be automatically applied to Sophos installed in the Cluster when the Central Installation Directory isupdated.More information on Sophos can be found at http://www.sophos.com.Norman Virus ControlNorman Virus Control should be installed as described above and then the Antivirus rules in MailMarshal enabled.More information on Norman can be found at http://www.norman.com.Known issues MailMarshal Services should not be stopped from within the MailMarshal Configurator application. If afterchanges to the configuration are made MailMarshal prompts you to restart the services, choose No. Openthe Cluster Manager and restart the services by taking the MailMarshal Controller offline, and then bringingthe MailMarshal Controller and other MailMarshal services online. The default installation of the MailMarshal Configurator on each node of the Cluster connects to the localMailMarshal server.To use the MailMarshal Configurator tool to connect to the shared Network name from a Cluster Node, youmust create a MMC snap-in definition file on a machine other than a Cluster Node. This is due toconfiguration locking logic in the Configurator.To create a new snap-in file:1.On a workstation that has the MailMarshal Configurator tool installed, start the MicrosoftManagement Console (MMC). Choose Console New from the menu.2.Choose Console Add/Remove Snap-in from the Menu, and click Add.3.Select MailMarshal Configurator and click Add and then Close.4.Click Close. When prompted, enter the Network Name Resource allocated to MailMarshal on thecluster (in the above example, DEMOCLUSTER).5.Choose Console Save As from the Menu and save the .MSC file to disk.6.Copy the .MSC file to the Nodes of the cluster.7.On each Node, create appropriate shortcuts to the .MSC file. When the file is opened, it will start aMailMarshal Configurator connected to the Shared Network Name resource.9
TECHNICAL WHITEPAPER – MailMarshal Exchange – Windows Cluster Environment When changes are made to the MailMarshal Configuration it is recommended that the MailMarshalController be taken offline and then the Controller and other MailMarshal resources brought back online toensure that the replication of registry information is completed.Further InformationFurther information can be obtained by contacting Marshal Technical Support: http://www.marshal.com/support.Support is also available through your local Marshal Partner.10
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THETERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSEAGREEMENT OR NON-DISCLOSURE AGREEMENT, MARSHAL LIMITED PROVIDES THIS DOCUMENT AND THE SOFTWAREDESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUTNOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOMEJURISDICTIONS DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS;THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.This document and the software described in this document may not be lent, sold, or given away without the prior writtenpermission of Marshal, except as otherwise permitted by law. Except as expressly set forth in such license agreement or nondisclosure agreement, no part of this document or the software described in this document may be reproduced, stored in aretrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior writtenconsent of Marshal. Some companies, names, and data in this document are used for illustration purposes and may not representreal companies, individuals, or data. This document could include technical inaccuracies or typographical errors. Changes areperiodically made to the information herein. These changes may be incorporated in new editions of this document. Marshal maymake improvements in or changes to the software described in this document at any time. 2006 Marshal Limited, all rights reserved.U.S. Government Restricted Rights: The software and the documentation are commercial computer software and documentationdeveloped at private expense. Use, duplication, or disclosure by the U.S. Government is subject to the terms of the Marshalstandard commercial license for the software, and where applicable, the restrictions set forth in the Rights in Technical Data andComputer Software clauses and any successor rules or regulations.Marshal, MailMarshal, the Marshal logo, WebMarshal, Security Reporting Center and Firewall Suite are trademarks or registeredtrademarks of Marshal Limited or its subsidiaries in the United Kingdom and other jurisdictions. All other company and productnames mentioned are used only for identification purposes and may be trademarks or registered trademarks of their respectivecompanies.Marshal’s Worldwide and EMEA HQMarshal Limited,Renaissance 2200,Basing View,Basingstoke,Hampshire RG21 4EQUnited KingdomAmericasMarshal Inc.5909 Peachtree Dunwoody Road NE,Suite 770,Atlanta,GA 30328USAAsia-PacificMarshal Software (NZ) LtdSuite 1, Level 1, Building CMillennium Centre600 Great South RoadGreenlane, AucklandNew ZealandPhone:Fax:Phone:FaxPhone:Fax: 44 (0) 1256 848080 44 (0) 1256 848060Email:emea.sales@marshal.com 1 404 564-5800 1 404 564-5801Email: americas.sales@marshal.com 64 9 984 5700 64 9 984 5720Email: apac.sales@marshal.cominfo@marshal.com www.marshal.com11
environment is illustrated in Figure 1. The Cluster Server is a dual node Compaq CL850 Server, with 4 GB System Disks in each node and a 9 GB Shared Disk for MailMarshal and MSDE. Each node has 512MB of RAM. The Report Logging is to a Microsoft SQL 7.0 Server on a Compaq ProLiant 8500. This server has two sets of mirrored disks, one
