Tuesday, 30 August 2011

Notes for Citrix XenDesktop 5 Administration Exam 1Y0-A19: Part 3/3 – Ports and Policies

Ports
2598 : Session Reliability
3389 : Allow to permit shadowing through Desktop Director
5985 : Allow for collection of Windows metrics using Windows Remote Management 2.0 service

Policies

The HDX Multimedia for Flash (server side) section contains policy settings for handling Flash content on session hosts. The setting is: Flash quality adjustment.

Enabling client clipboard redirection policy prevents copying and pasting between user sessions and the local machine
"Client clipboard redirection: Control cut-and-paste data transfer between the server and the local clipboard"

To ensure that end users can only access their client's default printer during sessions, set the 'Auto-create client printers' policy setting to 'Auto-create the client's default printer only' and 'Client printer redirection' set to 'Allowed'
Note: By default, all client printers are auto-created

When a Citrix policy contradicts an Active Directory GPO policy, the Active Directory GPO policy takes precendence ( precedence: AD GPO > Citrix Policy > Local Security Policy )

To modify policy settings in a XenDesktop environment, can use →
i: Desktop Studio
ii: Group Policy Editor

Use Flash (client-side) HDX MediaStream policy to configure a Flash URL blacklist.
"The HDX MediaStream for Flash (client side) section contains policy settings for handling Flash content in user sessions."
"When adding this setting to a policy, make sure the Flash acceleration setting is present and set to Enabled. Otherwise, web sites listed in the URL blacklist are ignored."

Troubleshooting

Unable to connect to a desktop through the Citrix online plug-in “the connection was unsuccessful” → Port 2598 (Session Reliability) closed
 
Unable to map and access fixed drives on client device →
i: The client drive redirection policy setting is NOT enabled
ii: The auto connect client drives policy setting is NOT enabled

USB icon remains dimmed after USB device is plugged into client device →
i: XenDesktop policy does NOT allow USB device redirection
ii: Specific client user preferences for USB redirection NOT set

"Unavailable" when attempting to connect to a third pooled desktop → User policy only grants a maximum of two desktops



Related posts:

Notes for Citrix XenDesktop 5 Administration Exam 1Y0-A19: Part 2/3 – Provisioning Services

Setup, Configure, Administer

For best experience when launching a virtual desktop and with fault tolerance in the event of Provisioning Services server failure, consider →
Cache on the target device and redirect the cache to a share within a shared storage repository

Note: redirect cache to RAM – general estimate of file cache for a provisioned workstation running only text-based applications (like Word, Outlook,) and which is rebooted daily, is around 300 to 500 MB.

In a Provisioning Services environment, the default location of the write cache is a subdirectory of the vDisk location.

To install provisioning service and connect to an SQL database the host name and instance name must be supplied

To configure a target device to start up from a vDisk
i: Add target device to a collection
ii: Assign a vDisk to the device
iii: Set the device to start up from vDisk

Machine type to be used when creating catalog with provisioning services based virtual machines = streamed

Two components to be installed on the master image that will be used for streamed machines →
i: Virtual Desktop Agent
ii: Provisioning services target device

After changes to the vDisk, to use the original image instead of the updated image →
Copy the rollback file to the updates folder, use the 'Schedule Automatic Disk Updates' option and select 'Check for incremental updates' on the server

If the vDisk assigned to the target devices are in 'private image mode' then automatic disk image update changes to vDisks are not replicated automatically.

Needed to create a streamed machine catalog for a XenDesktop environment →
i: Device collections configured to load the vDisk over the network
ii: Active Directory computer accounts managed by Provisioning services for each target device in the device collections
iii: A Provisioning service deployment with a vDisk imaged from the master virtual machine and assigned to the target device

When using Image Builder, the default behaviour when converting a master image to a vDisk, is that all files and folders in the destination path will be deleted.

Three requirements when using Provisioning services to manage an Active Directory machine account of a device →
i: Machine account password changes must be disabled for the target devices
ii: The 'Enable automatic password support' option must be enabled on the Provisioning services host
iii: The 'Active Directory machine account password management' option must be enabled on the vDisks

The following hardware configuration for a single Provisioning services host, can support a single standard-mode vDisk image to 2500 targets →
Physical machine with 2 hex-core processors, 8 GB RAM and two 1 Gbps network adapters
Note: PVS host must be physical as per best practice; more 1 Gbps network adapters is better than one 10 Gbps one, and the more processing power and RAM the better

To protect against failure of Provisioning services host, one solution is to have the write cache located at the read-write shared storage location

For desktops hosted on blade servers with SSDs in each, a good solution for write cache location is on the RAM of the target

Correct startup order for creating a template for a streamed catalog → Network > floppy drive > hard drive

Components to be installed on a master image that will be used for streamed machines →
Hypervisor integration tools, Virtual Desktop Agent, Provisioning services target device

Troubleshooting

If target devices using a particular vDisk are experiencing a large number of retries, this suggests TCP task offload is enabled

Virtual desktop became unresponsive while the target device was starting up to the operation system → Citrix PVS Stream Service is NOT running

Desktop unresponsive with message 'Connecting to Provisioning services. Please wait....' → The Stream Service is stopped on the Provisioning services host

When troubleshooting intermittent PXE boot timeout failures in a XenDesktop environment →
i: Switch the vDisk from standard to private image mode
ii: Disable TCP large Send Offload on both the server and target devices

When the master target device starts up, the system tray icon displays a red X →
i: The master target device started up from the local hard disk instead of starting from the PXE compliant network card
ii: The Windows firewall on the Provisioning services host is preventing inbound communication from the master target device


Related posts:

Notes for Citrix XenDesktop 5 Administration Exam 1Y0-A19: Part 1/3 - General

Introduction: These notes were compiled while researching information pertinent to the 1Y0-A19 exam. These exam notes would normally get consigned to the recycle bin in the fullness of time, but in the hope that they may be useful to others who stumble across this blog, and to aid my recollection, they survive here. Cheers!

Setup, Configure, Administer

To demonstrate superior end user experience when planning a XenDesktop 5 Quick Deploy → consider first installing and configuring SQL Server 2008 R2 on the server that will run the controller.

Citrix best practice: recommended storage type to use when setting up a XenDesktop environment using XenServer = NFS

SQL Database Setups listed beginning with least amount of database downtime in the event of a failure →
Best: SQL Server Mirroring
2nd: VM based HA using Hypervisors and shared storage
3rd: SQL Server Clustering
Worst: Rebuild the database from backup

To update the image pool to include additional software for pooled desktops with the least amount of administrative effort → install the software on the master virtual machine, take a snapshot of the virtual machine, and assign the snapshot to the catalog

XenDesktop 5 Quick Deploy → all of the components must be installed on the same server

To remotely access a Controller to assign a dedicated desktop → install Desktop Studio on the server being used to access the Controller and point Desktop Studio to the appropriate controller


Configure XenApp Services site in order to allow users access to applications, virtual desktops and online content by clicking icons on their desktops or start menus.

For calculating the number of desktops that will be in standby mode → default buffer settings is 10% of 'number of desktops in desktop group' minus 'number of desktops currently being used'

To ensure desktops are added back into the idle pool → set behaviour 'when disconnected' after five minutes to suspend, under 'During peak hours'


To implement HDX MediaStream Flash redirection → Install Flash Player on the user device

Steps to share the master sites configuration →
i: Set up file sharing permission to allow access over the network to the configuration folder of the master site
ii: Change the setting of the configuration location parameter of the other sites to point to the absolute network path of the master site's configuration

For an administrator to create a catalog for existing machines, this requires →
i: Virtual machines available in the datacenter
ii: Active Directory computer accounts for the machines

Steps to create a desktop group with 2 desktops per user
i: Select the catalog from which the desktop group will be created
ii: Add the users to the desktop group
iii: Change number of desktops for each user to 2
iv: Select the help desk administrator who will manage the desktop group

Citrix recommends installing the 'Online plug-in' and 'Offline plug-in' on the master image for optimal application access

To reallocate an assigned virtual desktop a new employee → Find the appropriate desktop in the desktop group, click on 'Change user' and add the new employee


Desktop Director: to see number of end users connected → View the desktop group in the usage panel


Machine administrator can manage catalogs and build virtual desktops

Read-only administrator is the minimum permission necessary to allow monitoring of a XenDesktop environment

To enable logging for registration issues, modify →
i: WorkstationAgent.exe.config on the VDA and
ii: CdsController.exe.config on the Controller

Three Citrix services needed to be running on the Controller to create virtual machines using Machine Creation Services →
i: AD Identity
ii: Machine Identity
iii: Machine Creation

XDPing can resolve
i: Time difference between the Virtual Desktop Agent and the Controller
ii: The forward and reverse lookup on the DNS server of the Virtual Desktop Agent and Controller

If a Controller A is removed from a site → The VDA will re-query Active Directory and register with Controller B

To integrate a Web Interface with Access Gateway
i: Configure a web resource for the site in Access Gateway
ii: Assign the Web Interface site to an Access Gateway virtual server

To monitor data from Windows XP machines,
Windows Remote Management 2.0 is required to be installed

If the XenDesktop database goes down in a non-highly available SQL environment → existing connections to virtual desktops will continue to function until the user either logs off or disconnects from their virtual desktop; new connections cannot be established if the database server is unavailable.

Storage technologies that can be used with a XenDesktop environment using Hyper-V → Local Disks and Block Storage

To create a Microsoft Windows 7 template on XenServer for a XenDesktop environment →
i: Create a virtual machine
ii: Install Microsoft Windows 7 and join it to the domain
iii: Install the Virtual Desktop Agent
iv: Shut down the virtual machine and then convert it to a template

Use HTTPS instead of HTTP → Change the host details in Desktop Studio and replace the default SSL certificate on the host with one from a trusted certificate authority.

Recommend install Microsoft Outlook on the master image locally.

Three Active Directory environments supported in a XenDesktop implementation →
i: User accounts and computer accounts exist in domains in the same Active Directory forest
ii: User accounts exist in an Active Directory forest that is different from the Active Directory forest containing the computer accounts
iii: Computer accounts for Controllers exist in an Active Directory forest that is different from one or more additional Active Directory forests that contain the computer accounts of the virtual desktops

Troubleshooting

Time on the desktops is incorrect → Edit the desktop group and change the time zone in 'Edit user settings'


The Virtual Desktop Agent (VDA) is not able to register with the Controller, to resolve the issue validate →
i: Errors are found within the Event Viewer of the VDA and the Controller
ii: The location of the Controller is specified correctly in the registry
iii: The forward and reverse lookup on the DNS server of the VDA and Controller
iv: Ensure the time is in sync between the VDA and the Controller
v: Confirm that the firewall is open for port 80 between the VDA and Controller

To troubleshoot an issue with DNS lookup between the Virtual Desktop Agent and the Controller, use the XDPing tool.

If end users CANNOT access their virtual desktops, monitor the unregistered Virtual Desktop Agent session state.

If not able to create virtual machines using the Machine Creation Services →
i: No Machine Creation Identity Services are running

Thursday, 25 August 2011

Walkthrough: Windows Server 2008 R2 DFS – Setting up a DFS Namespace and Replicated Folders


This walkthrough assumes there are at least two servers with the File Services server role installed; and the Distributed File System, DFS Namespaces and DFS Replication components installed.

Below is an example of what this walkthrough sets out to achieve – a DFS namespace, with replicated folder, spanning two DFS servers


DFS Management Console (dfsmgmt.msc)

1: DFS Management → Right-click Namespaces and New Namespace

New Namespace Wizard

2: Browse for namespace server (this will host the namespace) → Next
3: Give the namespace a name → Next

Note: You can leave the default settings. The referenced C:\DFSRoot\ will later contain shortcuts

4: Choose Domain-based or Stand-alone namespace – we'll proceed from having chosen Domain-based → Next

5: Review Settings → Create

6: Close the wizard

DFS Management Console

7: Right-click the newly created namespace and choose 'Add Namespace Server' → OK

8: Right-click Replication and choose 'New Replication Group...'

New Replication Group Wizard

9: Choose 'Multipurpose replication group' or 'Replication group for data collection' – we'll proceed from having chosen 'Multipurpose replication group' → Next

10: Provide 'Name of replication group' → Next

11: Add the 'Replication Group Members' → Next

12: Choose Topology – we'll proceed from having chosen 'Full mesh' → Next

13: Choose Replication Group Schedule and Bandwidth – we'll proceed from having chosen 'Replicate continuously using the specified bandwidth' → Next

14: Choose the Primary member → Next

15: Choose the Folder(s) to Replicate → Next

16: Choose Local Path for replicated folder on Other Members → Next

17: Review Settings and Create Replication Group → Create

18: Close the wizard

DFS Management Console

19: Selected the newly created replication group → 'Replicated Folders' Tab → Right-click the Replicated Folder → Share and Publish in Namespace...

Share and Publish Replicated Folder Wizard

20: Select a Publishing Method – we'll proceed with 'Share and publish the replicated folder in a namespace' → Next

21: Share Replicated Folders - Review the Actions → Next

22: Namespace Path – Browse for the 'Parent folder in namespace:' → Next

23: Review Settings and Share Replicated Folder → Share

And we're done - the namespace is available, replicated folders available via the namespace, and the replicated folders are highly available across two DFS servers.

Wednesday, 24 August 2011

vSphere 4.1 vCenter VIM_VCDB database has hit the 10GB SQL Server 2008 R2 Express Max Database Size Limit & Other VIM_VCDB fixes

1: Scenario

vSphere 4.1 vCenter using Microsoft SQL Server 2008 R2 Express, and the VIM_VCDB database has hit the 10GB limit causing the 'VMware VirtualCenter Server' service to terminate unexpectedly with error Event ID 7031.

Walkthrough to resolve:

1: Log in to vCenter → open 'Microsoft SQL Server Management Studio' and connect → Expand the Databases folder

Note: Everything that follows is done via the 'Microsoft SQL Server Management Studio'

2: (Best practice) Right-click 'VIM_VCDB' → Tasks → Back Up...

3: (Optional interesting step to see which table is utilizing the most space) Right-click 'VIM_VCDB' → Reports → Standard Reports → 'Disk Usage by Top Tables

The main culprit is usually one of the vpx_hist_STAT? tables.

4: Before commencing step 5, make sure that any services or process that access that VIM_VCDB database are shutdown, such as the 'VMware VirtualCenter Server' service

5: Right-click 'VIM_VCDB' → New Query
and in the SQL Query interface enter these lines

truncate table vpx_hist_STAT
truncate table vpx_hist_STAT1
truncate table vpx_hist_STAT2
truncate table vpx_hist_STAT3
truncate table vpx_hist_STAT4
truncate table vpx_sample_time1
truncate table vpx_sample_time2
truncate table vpx_sample_time3
truncate table vpx_sample_time4

6: Click the '! Execute' button

7: (If the database is not already set to simple) Right-click 'VIM_VCDB' → Properties → Options → Set the 'Recovery model:' to Simple → Click OK

8: Right-click 'VIM_VCDB' → Tasks → Shrink → Database → Click OK and wait

Wait time example: shrinking a VIM_VCDB down from 10GB to 3GB took around 20 minutes.

9: (Best practice) Right-click 'VIM_VCDB' → Tasks → Back Up...

10: Start any services that were shutdown in step 4 and we're done!

2: Additional Database Size Reduction (vpx_event_arg & vpx_event)

*See http://www.sqlteam.com/forums/topic.asp?TOPIC_ID=61762 for useful script to identify table sizes in SQL Server 2005
To shink down vpx_event_arg and vpx_event (does not need to have vCenter service shutdown – is recommended though,) run the following queries:

use vcdb
truncate table vpx_event_arg
delete from vpx_event

*Cannot truncate vpx_event due to the presence of foreign keys inside
If vpx_event table is very large and getting problems running the delete due to the process increasing transcation log size (vim_vcdb.ldf) whilst the cleanup runs, and hitting a limit, use this query and delete in batches:

delete from vpx_event where create_time < getdate() - DAYS
*Substitute DAYS with number of days in the past from which want to start the delete
*Note some articles mention using sysdate instead of getdate() but sysdate does not work with SQL Server 2005 or 2008 and is the equivalent command of getdate() when used in Oracle database queries

Finally run a shrink operation on the VIM_VCDB database.

3: Fix for Suspect VIM_VCDB

*Credits to Ammesiah @ www.vmdude.fr - http://www.vmdude.fr/en/tips-tricks-en/suspect-vcenter-database-on-sql-express/
If the VIM_VCDB database is showing as suspect in Microsoft SQL Server Management Studio Express, execute these SQL queries

1:
DBCC CHECKDB (‘VIM_VCDB’) WITH NO_INFOMSGS, ALL_ERRORMSGS
*If the query above fails, not a major issue, this is just to obtain information, skip to step 2

2:
EXEC sp_resetstatus 'VIM_VCDB'
ALTER DATABASE VIM_VCDB SET EMERGENCY
ALTER DATABASE VIM_VCDB SET SINGLE_USER WITH ROLLBACK IMMEDIATE

3:
DBCC CheckDB ('VIM_VCDB', REPAIR_ALLOW_DATA_LOSS)

4:
ALTER DATABASE VIM_VCDB SET MULTI_USER

Sunday, 21 August 2011

How to Reattach a Snapshotted vmdk

Scenario: A server is in snapshot mode and a snapshotted drive is removed from the virtual machine. When try to reattach the DISKNAME-00000X.vmdk drive, the error “An internal error occurred in the vSphere Client. Details: Object reference not set to an instance of an object.” appears as below:


Solution:

1: View the contents of the vmdk disk descriptor file of the base disk using a tool like Veeam FastSCP

Example:

# Disk DescriptorFile
version=1
encoding="UTF-8"
CID=ca56789b
parentCID=ffffffff
isNativeSnapshot="no"
createType="vmfs"

# Extent description
RW 6291456 VMFS "W7WS00 Test II_1-flat.vmdk"

# The Disk Data Base
#DDB

ddb.adapterType = "lsilogic"
ddb.thinProvisioned = "1"
ddb.geometry.sectors = "63"
ddb.geometry.heads = "255"
ddb.geometry.cylinders = "391"
ddb.uuid = "60 00 C2 97 b0 04 94 f1-ff 58 92 07 08 21 bf 10"
ddb.longContentID = "15d423fa3c6839a450300859ca56789b"
ddb.deletable = "true"
ddb.virtualHWVersion = "7"

2: View the contents of the vmdk disk descriptor file for the latest snapshot

Example:

# Disk DescriptorFile
version=1
encoding="UTF-8"
CID=32ddb9ae
parentCID=ca56789b
isNativeSnapshot="no"
createType="vmfsSparse"
parentFileNameHint="W7WS00 Test II_1.vmdk"
# Extent description
RW 6291456 VMFSSPARSE "W7WS00 Test II_1-000001-delta.vmdk"

# The Disk Data Base
#DDB

ddb.longContentID = "5861ab1403fcff3e472f2b0732ddb9ae"

- and edit the file by entering the below lines from the original, and then save -

ddb.adapterType = ?
ddb.thinProvisioned = ?
ddb.geometry.sectors = ?
ddb.geometry.heads = ?
ddb.geometry.cylinders = ?
ddb.uuid = ?
ddb.deletable = ?
ddb.virtualHWVersion = ?

Example:

ddb.adapterType = "lsilogic"
ddb.thinProvisioned = "1"
ddb.geometry.sectors = "63"
ddb.geometry.heads = "255"
ddb.geometry.cylinders = "391"
ddb.uuid = "60 00 C2 97 b0 04 94 f1-ff 58 92 07 08 21 bf 10"
ddb.deletable = "true"
ddb.virtualHWVersion = "7"

Now the DISKNAME-00000X.vmdk file can now be reattached!

For Google search: Can you reattach a vmdk which is / was in snapshot mode / snapshotted - yes you can!

Friday, 19 August 2011

UPDATE: Custom VMware Tools Install for Windows 7 Citrix XenDesktop VDI

Following on from the posting of Tuesday 28th June 2011 ( http://cosonok.blogspot.com/2011/06/custom-vmware-tools-install-for-windows.html ), my current preferred custom VMware Tools Install is as below:

Note: when troubleshooting perfomance issues with VDIs - storage, networking, VMhost utilization, memory, CPU, applications and processes running, all need to be taken into account.

Custom VMware tools setup:

YES – Toolbox

VMware Device Drivers
YES – Memory Control Driver
NO – Thin Print
NO – Paravirtual SCSI
NO – Mouse Driver
NO – Shared Folders
NO – SCSI Driver
NO – SVGA Driver
NO – Audio Driver
NO – VMXNet3 NIC Driver
NO – VMCI Driver
NO – Volume Shadow Copy Service
NO – Wyse Multimedia Support

Guest SDK
NO – WMI Performance Logging

Note: this is using the E1000 adapter and not the VMXNet3 adapter.

The above configuration is quite a departure from the original post of 28th June, and was reached at from various debates with colleagues and experiences in the past. With 2.5GB memory given to the machine, this performs very well for a heavy user (Office apps running, vSphere client, call logging systems, 10+ internet browser tabs open {including java based monitoring systems}, task manager, process explorer, ...) on a highly utilized VMhost server.

Regarding increasing the priority given to Citrix processes; after max-ing out the CPU on a test Windows 7 VDI using prime95.exe (a freely available to download prime number generator,) with VMware tools installed as above, and then reducing the priorities of various 'Citrix Systems, Inc.' processes to below prime95, it was found that the priority given to the Citrix processes does not adversely influence user experience, and even with 2 max-ed out vCPUs and no above normal priority given to any 'Citrix Systems, Inc.' process, the Citrix VDI remained nice and responsive.

Caveat: The above is just one permutation from many.

Tip: Some applications performance is improved by adjusting the executable or shortcut Compatibility settings; ticking options like 'Disable desktop composition,' 'Disable visual themes,' 'Run in 256 colors,' and 'Disable display scaling on high DPI settings' (example below.)


Sunday, 14 August 2011

Converting an Existing HP P4000 Storage Cluster into a Multi-Site Cluster


1: Review http://cosonok.blogspot.com/2011/08/hp-p4000-multi-site-san-notes.html to check all prerequisites are in place and networking best practices are being followed

Note: The lab demo used here to demonstrate the process, is configured as one Cluster with two Storage Systems, a Virtual Manager, one Server object connected to 2 volumes, and there are no Sites configured.


2: Add the secondary site Storage Systems to the management group as standalone nodes

Example: The image below shows the management group with the two standalone Storage Systems (VSA03 and VSA04) added


3: From 'Getting Started' choose option 2 – 'Management Groups, Clusters, and Volumes Wizard'


4: Choose a Management Group -> select 'Existing Management Group'


and choose the 'Existing Management Group' to be changed


5: Create a Cluster -> select the option 'Existing Cluster' → 'Convert a Standard Cluster to a Multi-Site Cluster'


- and choose the 'Existing Cluster' to be changed -


6: Set up Sites to be Used in Your Multi-Site Cluster → Configure as desired

Example: The image below shows SITEA and SITEB with 2 Storage Systems each (VSA01 and VSA02 in SITEA, VSA03 and VSA04 in SITEB)


7: Assign Virtual IPs and Subnet Masks → Configure as desired

Example: The image below shows the one Virtual IP being used by this Multi-Site Cluster, in different scenarios more Virtual IPs may be used


8: Create Volume → Tick 'Skip Volume Creation' and Finish


Wait a bit and the process of converting to Multi-Site Cluster is nearly complete!


9: (Final step) Right-click the existing Cluster → choose 'Edit Cluster' → click on 'Add Systems...' and add the standalone Storage Systems into the Multi-Site Cluster



Adding Storage Systems to the cluster will cause volumes to restripe but will remain available whilst this is in process.

10: (Optional recommended step) Create a 3rd site object (can be logical) and add a Failover Manager to maintain quorum in the event of a site failure.

Note: in this example of 2 storage systems per site (4 storage systems,) resilience is as below:

Resilient to a system failure in one site
Network-RAID 10, Network-RAID 10+1, Network-RAID 10+2
Resilient to one system failure in each site (two systems)
Network-RAID 10+1, Network RAID 10+2
Resilient to a site failure (two systems)
Network-RAID 10, Network-RAID 10+1, Network-RAID 10+2
Resilient to 3 systems failing
Network-RAID 10+2 (the cluster will lose quorum when 3 nodes are down)

HP P4000 Multi-Site SAN Notes

*Edited information from P4000 Multi-Site HA/DR Solution Pack user guide

The Multi-Site SAN features enable synchronously and automatically mirroring data between geographic sites.

1: Designing a Multi-Site SAN

Multi-Site clusters can:
Span up to three sites
Span multiple subnets
Have multiple VIPs
Geographical awareness enabled by designating storage systems as members of a particular site.
Synchronously replicated (mirrored) data between sites, based on volume data protection level.
Site information that ensures that data is mirrored between sites for high availability and disaster recovery.
I/O path preferencing, so that application servers connect to storage systems located in the same site.
Failover Manager support for automatic failover/failback in three-site configurations without requiring a physical storage system in the third site.
Failover Manager for quorum management if the network connection between the two sites becomes unavailable.

2: Requirements

A feature key for each storage system in the management group that is also participating in a Multi-Site cluster
All sites must have the same number of storage systems

3: Protection Offered

Common types of data center failures a Multi-Site SAN protects against include:
Site power outage
Site network outage
Site disaster

Data protection level Number of sites supported:
Network RAID-10 → 2 sites supported
Network RAID–10+1 → 3 sites supported
Network RAID–10+2 → 2 sites supported

Network RAID-10+2 offers a level of data protection that enables the Multi-Site SAN to sustain a complete failure at one site and still maintain replicated data at the other site. With Network RAID-10+2 there are four copies of data for the volume on the SAN.

Table → Common configurations of Multi-Site SANs and managers


4: Designing the network for the Multi-Site SAN

Best practices:

Adequate bandwidth – plan for 50 MB/sec of bandwidth for each storage system in each site (example – if each site contains 4 storage systems, then need 200 MB/sec throughput which translates into two Gigabit Ethernet links (125MB/sec) or more.)
Low round-trip latency – in order to not impact disk I/O to the application server, the round-trip latency between the sites must be no more than 2 ms (which implies a theoretical maximum distance between sites of 299km)
Redundant links – have multiple physical connections (media) between the sites for redundancy (the network should be configured so that a link failure does not cause the Multi-Site SAN to go offline.)
Assign servers to sites – avoid high-latency connections by assigning application servers to the site where the server is

Commonly used designs:
Dual redundant links between the sites
Full-mesh triangular (three) redundant links between sites
Hub and spoke central network core with redundant links out to each site
Combination full-mesh core network with triangular (three) links between sites

Using multiple subnets:

Can use multiple subnets with a Multi-Site SAN. Multiple subnets let you have multiple VIPs, one VIP per subnet. The advantage of using multiple VIPs is that you can connect to a volume without having to leave the local subnet. Alternatively, you can assign an application server to a site.

If using multiple subnets within the iSCSI cluster and implementing one subnet per site, can take advantage of the following Multi-Site SAN features:
One Virtual IP address per site – iSCSI discovery sessions are terminated on a storage system that is local to the application server in that site.
Virtual IP addresses are hosted only on storage systems that reside in the same subnet as the VIP
Read and Write I/O requests are forwarded from the application server to a storage system that is in the same site as the server. This ensures that the I/O path is optimal and multiple network hops across the network link between the sites are eliminated.


5: Other considerations

1: Stretched vSphere HA clustering
2: Stretched subnets spanning the sites

Saturday, 6 August 2011

Steps to Enhance the Customer Experience of Exchange 2010 OWA

This post covers 3 additional steps to enhance the customer experience of Exchange 2010 OWA:

1) Set the default domain removing the need for DOMAIN\ in the username field
2) Set the external OWA URL and make it available internally
3) Make the default website redirect to OWA, and http redirect to https


1) Set the default domain in Exchange 2010 OWA so customers do not need to put DOMAIN\ before username

Either from the Exchange Management Console:

Exchange Management Console → Server Configuration → Client Access → Select your CAS → 'Outlook Web App' tab → owa (Default Web Site) Properties → 'Authentication' tab → Under 'Use forms-based authentication' select 'User name only' and browse for the internal domain → OK

Or from the Exchange Management Shell:

Set-owavirtualdirectory -identity “owa (default web site)” -Sign-inFormat UserName -DefaultDomain “yourinternaldomain.priv”

Finally restart IIS from command prompt:

iisreset

Note: Using DOMAIN\username will continue to work after this change


2) Set the external OWA URL and make this available internally

Exchange Management Console → Server Configuration → Client Access → Select your CAS → 'Outlook Web App' tab → owa (Default Web Site) Properties → 'General' tab → In the 'External URL' box enter the external URL (e.g https://owa.test.co.uk/owa) → OK


On an internal DNS server - if not already created - create a new Forward Lookup Zone → Primary zone for the external domain (e.g test.co.uk,) and in that zone create an A record for OWA (e.g owa.test.co.uk) pointing to the internal IP of the CAS hosting OWA.

Finally on an external DNS server create an A record for the external URL (e.g owa.test.co.uk)


3) Make the default website redirect to owa (e.g https://owa.test.com redirect https://owa.test.com/owa ) and http redirect to https

If not already installed – install HTTP Redirection component from:
Server Manager → Roles → Web Server (IIS) → Add Role Services

From 'Administrative Tools' open 'Internet Information Services (IIS) Manager' (or InetMgr.exe from Run / Command Prompt)

Select 'Default Web Site' → Double-click 'HTTP Redirect' icon under IIS
Tick 'Redirect requests to this destination' and enter external URL for OWA (example: https://owa.yourdomain.com/owa )
Tick 'Only redirect requests to content in this directory (not subdirectories)
Under Actions in the right-hand pane, click Apply

Now to remove the enforced redirect from each of the virtual directories under the Default Web Site. Select each virtual directory individually and open the HTTP Redirect property and uncheck the 'Redirect requests to this destination' checkbox. This needs to be done on:
→ aspnet_client
→ Autodiscover
→ ecp
→ EWS
→ Microsoft-Server-ActiveSync
→ OAB
→ PowerShell
→ Rpc

Note 1: the Exchange, Exchweb, and Public virtual directories should redirect to /owa)
Note 2: If the Rpc virtual directory is not showing in the console, this is most likely because the RPC over HTTP Proxy feature has not been installed; install this, reboot, and - hey presto - it now shows

At this point the redirect https://owa.test.com to https://owa.test.com/owa should be working

Select the Default Web Site → open SSL Settings properties → uncheck the 'Require SSL' checkbox
The change will be inherited down the tree for any virtual directory which does not explicitly set the setting independently, ensure that SSL is required for the following virtual directories:
→ Autodiscover
→ ecp
→ EWS
→ Microsoft-Server-ActiveSync
→ OAB
→ owa
→ Rpc

Note: if SSL is required for the PowerShell virtual directory, this will render Remote PowerShell inoperable!

Run iisreset


Credits