Symantec White Paper - Symantec reference architectures for the ...

WHITE PAPER: ACCELERATING VIRTUALIZATION OF TIER 1 APPLICATIONS ........................................

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Who should read this paper C-level IT executives, Database Administrators, and Application Owners

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Content Business overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Goals and objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Stakeholders and their concerns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Role of a reference architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Principles guiding this architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Assumptions guiding this architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Components of a reference architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Summary of the technical scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.8 Microsoft SQL Server Virtualization Reference Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.9 Microsoft SharePoint Virtualization Reference Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 1.10 Microsoft Exchange Server Virtualization Reference Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 1.11 Comprehensive business-critical application environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 1.12 Technology components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Appendix A: Test infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Business overview Organizations strive to leverage the benefits of virtualization to help drive down cost, improve business agility through greater consolidation, improve utilization of resources, and benefit from increased automation and efficiency. Today, enterprise businesses commonly deploy virtualization for non-critical environments only, due to the perception of obstacles that prevent further virtualization in the data center. Projects stall when applications are considered too large, too complex, or too high risk to virtualize. To help organizations implement proven and repeatable enterprise-class IT solutions in virtual environments, Symantec has created a series of reference architectures. The focus of the reference architectures is to accelerate the virtualized deployments of Microsoft applications on VMware® platforms, enhanced by Symantec software. The reference architectures demonstrate how organizations can meet the demands for application performance, availability, security, and cost, as well as increase the business value and return on investment from Symantec software.

Goals and objectives The goal of the Symantec reference architectures is to remove the barriers to virtualization, and provide proven capabilities to help businesses migrate their critical Microsoft applications safely to virtual environments, while managing complexity and risk.

Figure 1 - Business transformation

1

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® The reference architectures within this series include: • Symantec Reference Architecture for Microsoft® SQL Server® • Symantec Reference Architecture for Microsoft® SharePoint® • Symantec Reference Architecture for Microsoft® Exchange Server® The documents provide assistance and guidance with the validation, design, and implementation of enterprise-class virtualization of Microsoft applications, leveraging the power of Symantec technology to accelerate the deployment of virtualization.

Objectives derived from the goals The major barriers to deployment of virtualized business-critical services common among organizations include: • I/O performance • Availability and recovery • Virtualized server security • Cost • Operational efficiency These key attributes form the core focus of the business and technical objectives presented in the reference architectures, as detailed in the following series of tables.

Op Optimiz timize e I/O perf performance ormance Objective

Description

Provide capacity-on-demand capability

Scale to support large multi-terabyte databases without any disruption to critical business

for storage.

services.

Provide scalable performance.

Support high transaction rates by enabling the data to be load balanced across multiple I/O paths and storage devices, with the ability to increase or decrease bandwidth online.

Provide business-critical levels of a avvailabilit ailabilityy Objective

Description

Respond to application-level failures.

Extend the capabilities of VMware to deliver business-critical levels of availability through enhanced monitoring and recovery of failed application components running on a virtual machine.

Respond to virtual machine failures.

Restart virtual machines when faults are detected. Start the virtual machine on another server if it cannot be restarted successfully.

Respond to server hardware failures.

Migrate virtual machines to a different server when a server fault or stability issue is detected.

2

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Objective

Description

Respond to site failures or outages.

Integrate with VMware high availability (HA), VMware Site Recovery Manager (SRM) and replication technologies to provide a cost-effective disaster recovery solution.

Enable live migration of running virtual

Fully support VMware VMotion technology to enable live migration of servers and minimize

machines.

planned downtime.

Enable instant recovery of data using

Provide instant point-in-time recovery from snapshot copies of the data with ability to roll the

snapshots.

database forward using transaction logs to recover quickly from data corruption or loss.

Enable recovery of individual objects.

Enable granular recovery of SQL Server database objects including user, system, full text catalogs, and file streams while database is online.

Ensure I/O path resiliency.

Deploy multipathing technology to eliminate single points of failure in the I/O data path.

Pro Protect tect critical ser servers vers from securit securityy threats Objective

Description

Protect against network-based security

Use VMware vShield to enforce firewall security policies that stay with a virtual server even

threats.

after live migration or site failover, to protect applications from network-based threats.

Provide intrusion protection and

Implement intrusion protection and prevention to further improve the security of virtual

prevention for virtualized

machines.

environments.

Reduce infras infrastructure tructure co cossts Objective

Description

Use physical resources more

Make more efficient use of physical server resources through virtualization, reducing both

efficiently.

management and operating costs through consolidation.

Reduce the physical server footprint.

Reduce physical server footprint through virtualization to reduce IT spending on data center capacity, power and cooling, and to reduce the environmental impact of data center sprawl.

3

Provide thin provisioning and storage

Combine thin provisioning with storage reclamation capabilities to achieve cost savings

reclamation.

through greater utilization of storage.

Perform off-host backups and data

Enable efficient off-host backups, with data deduplication, to achieve cost savings by reducing

deduplication.

storage requirements for offline data retention.

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Improve operations efficienc efficiencyy Objective

Description

Deploy or decommission components

Enable new applications to be deployed or decommissioned quickly without involving the

quickly.

lengthy processes associated with physical hardware, thereby removing complexity and improving business agility.

Eliminate physical silos.

Eliminate silos, where applications underutilize dedicated resources, through virtualization; resources can be shared, improving business efficiency.

Reduce the risk of application failures

Remove the cascading effect of one failing application bringing down another application, or

impacting other functions.

an entire operating system, by limiting each virtual machine to running one application, reducing operational risk.

Provide high availability without hot

Achieve high availability without requiring hot standby servers, to help realize the cost savings

standby servers.

expected through virtualization of business-critical applications.

Remove complexity from data center

Use VMware SRM to reduce risk and to remove complexity from data center failovers and

failover procedures.

planned migrations.

Automate operational procedures.

Automate operational procedures to improve efficiency and reduce risk.

Centralize management.

Centralize management for an application-centric view of virtual servers, helping to optimize data center assets, scale operations, and centralize visibility and control.

Constraints The reference architectures are limited by the constraints described in the table. Constraint

Description

Preserve or enhance VMware

VMware capabilities will either be preserved or built upon, but they must not be removed or

capabilities

broken. For example, VMware VMotion and SRM are features that will be used within the solution.

Hardware agnostic

Hardware vendor tie-in must be eliminated. Although specific hardware vendors may be recommended or referred to by the reference architecture, the design will not preclude the use of other hardware vendors. This may come with a caveat; for example, if certain features are not available from a particular vendor, those features will be missing in the final solution.

Compatibility with existing hardware

Compatibility will be maintained with standard hardware solutions in the virtualization space,

solutions

such as Vblock and FlexPod.

4

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Constraint

Description

64-bit architecture

Solution is for 64-bit Intel or AMD processor architectures only.

Security architecture

The security architecture in this release relies upon Symantec Critical System Protection.

Assisted site failover

Due to the design of VMware SRM and its lack of external arbitration services, it will not be possible to fully automate site failover within this architecture. Instead, site failover must be triggered manually, after which the process is automatic.

Stakeholders and their concerns A number of stakeholder views have been considered for the creation of the reference architectures, including: • Senior IT managers • Chief Information Officers • Chief Technology Officers The stakeholders consulted for these reference architectures have a range of concerns relating to virtualization, which are summarized in the following table. Stakeholder

Abbrev.

Summary of Concerns

Chief Information and Technology Officers

CIO/CTO

IT budgets, demonstrable benefits

Chief Financial Officer

CFO

Cost transparency and recovery (chargeback)

Chief Security Officer

CSO

Security and compliance

Chief Operations Officer and Database Administrators

COO/DBA

Performance and scalability, resource and capacity management

Application Owners

App

Cost, time to provision, reliability, performance and scalability

IT Infrastructure Operations

Ops

Cost, time to provision, reliability and availability, performance and scalability, resource and capacity management

IT Service Management

ITSM

Usability, service delivery, visibility, compliance

Role of a reference architecture A reference architecture is a framework for defining a solution, including components, relationships between components, and the principles governing the design of the architecture. It provides a set of consistent architecture best practices that can be used by a variety of organizations to design their own solutions for their specific goals.

5

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® The intent of the Symantec reference architectures is to short-cut the design process for organizations interested in virtualizing critical business services. The aim is to reduce or eliminate errors in technology decisions and increase the likelihood of successful implementation of blended Microsoft, VMware, and Symantec solutions in a virtual environment. Using a reference architecture as a guide for designing solutions with similar capabilities enables organizations to derive several benefits, including: • Reducing complexity • Reducing resources requirements and cost • Minimizing design and implementation timeframes While a reference architecture provides a basis for creating real-world solutions, it is not intended as an implementation blueprint. Each organization can apply the principles and goals appropriate for their requirements, and modify design criteria as needed for their purposes. For example, the Symantec reference architectures describe collections of technology, along with the capabilities and configuration options used in the solution. An organization may choose different capabilities or configuration options in their implementations.

Principles guiding this architecture The following core principles have been identified to guide the design of the solutions presented in the reference architectures.

Business principles • Information management decisions are made to provide maximum benefit to the enterprise as a whole. • Enterprise operations are maintained in spite of system interruptions. • Enterprise operations are performed within the time constraints set by pre-defined service levels. • Enterprise processes are automated where appropriate to reduce manual effort. • Development of applications used across the enterprise is preferred over the development of similar or duplicative applications which are only provided to a particular organization. • Enterprise information management processes comply with all relevant laws, policies, and regulations. • The IT organization is responsible for owning and implementing IT processes and infrastructure that enable solutions to meet userdefined requirements for functionality, service levels, cost, and delivery timing. • Effectively align expectations with capabilities and costs so that all projects are cost-effective. Efficient and effective solutions have reasonable costs and clear benefits.

Data principles • Information is central to the successful running of an organization. • Data is an asset that has value to the enterprise and is managed accordingly. • Data is shared between applications across the enterprise. • Data is accessible for users to perform their functions. • Each data element has a trustee accountable for data quality. • Data is defined consistently throughout the enterprise, and the definitions are understandable and available to all users. • Data is protected from unauthorized use and disclosure. In addition to the traditional aspects of national security classification, this includes, but is not limited to, protection of pre-decisional, sensitive, source selection sensitive, and proprietary information.

6

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Application principles • Applications are independent of specific technology choices and therefore can operate on a variety of technology platforms. • Applications are easy to use. The underlying technology is transparent to users, so they can concentrate on tasks at hand. • Only in response to business needs are changes to applications and technology made.

Technolog echnologyy principles • Changes to the enterprise information environment are implemented in a timely manner. • Technological diversity is controlled to minimize the non-trivial cost of maintaining expertise in and connectivity between multiple processing environments. • Software and hardware should conform to defined standards that promote interoperability for data, applications, and technology.

Assumptions guiding this architecture The solutions identified in the reference architectures define optimum configurations that ensure VMware, Microsoft, and Symantec technologies work together for maximum combined benefit. They do not seek to optimize a single component within the stack to the detriment of the others. While the reference architectures are targeted to medium and large enterprises deploying business-critical applications with high transaction rates, the scope is limited to single-instance application environments with no database mirroring or availability groups. Minimizing cost of implementation is the highest priority goal of the Reference Architecture. Organizations can expand the scope of a specific implementation of the Symantec reference architecture to include multi-instance applications. The versions of software used in an implementation based on the reference architectures must be equal to, or later than, those versions specified in the physical view of each technical architecture. For example, vSphere 4.1 cannot be used in the solution; VMware version 5.0 software is the minimum requirement. Virtualization is maturing considerably within enterprise class organizations, and accordingly the reference architectures do not aim to cover these areas in detail: • Business benefits of virtualization • Transition to a cloud technology • Design and build instructions for Microsoft applications, VMware, or the Symantec products

Components of a reference architecture The reference architecture documents are structured in a manner which can be leveraged by each type of stakeholder.

Business architecture The business architecture focuses on how the solutions meet business goals.

Application architecture The application architecture provides a general overview of the Microsoft applications that are the subject of the three reference architectures: SQL Server, Exchange Server, and SharePoint Server.

7

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Because these are well-known applications with a large existing collection of documentation detailing all aspects of their architecture and design, the application architecture section provides a higher-level discussion regarding how these products fit into the overall Symantec reference architectures.

Technology architecture The core focus of each reference architecture document is the technology architecture, which highlights the attributes considered essential for deploying Microsoft SQL Server, Exchange, or SharePoint, virtualized on VMware as an enterprise-class application. Practical and realworld experience from Symantec subject matter experts provides an understanding of how to design solutions that leverage Symantec products. The technology architecture is organized into conceptual, logical, and physical views.

Concep Conceptual tual view The conceptual view represents the business “owner” point of view, describing how the solution aligns with business needs. This view is an implementation-independent view of all infrastructure services. The conceptual view provides an abstract or high-level design of only the most important business components and entities; its main goal is to provide an understanding of the overall purpose of the proposed solution in direct relation to business need. Components include major technology systems, relevant business processes, external systems required for integration or overall functionality, high-level data flow, and system functionality.

Logical view The logical view represents the “designer” point of view, identifying the significant components and showing how they fit together to deliver the solution. This view includes realizable elements of the infrastructure, interaction models, principles for use, and product capabilities. The logical view includes a more detailed design for all major components and entities, as well as relationships, data flows, and connections. The target audience is typically developers or other systems architects. The logical view includes business services, application names and capabilities, and other relevant information needed for development purposes, and it intentionally omits physical server names or addresses.

Ph Physical ysical view The physical view is the “builder” view, showing how the solution is created and configured. This includes implementation models, technology patterns, and templates. The physical view has all major components and entities identified within specific physical servers and locations, as well as specific software services, objects, and solutions. This view includes known details such as operating systems, version numbers, and patches that are relevant. Any physical constraints or limitations are also identified within the server components, data flows, or connections. The physical view references resources such as product documentation, white papers, and websites to augment the architecture content. The design presented in the physical view may be included and extended by the final implementation team into an implementation design.

Summary of the technical scope The Symantec reference architectures are designed to help businesses transform critical applications from a silo model, in which applications are islands that under-utilize enterprise IT resources, to a virtualized model, in which IT resources are pooled together and shared. In a traditional data center model (illustrated in Figure 2), applications use dedicated infrastructure and a variety of incompatible data replication schemes; clusters typically employ hot standby servers that are under-utilized or not utilized at all; infrastructure and storage

8

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® requirements spiral out of control; and dedicated and intrusive on-host backups take longer to complete while application owners demand smaller and smaller maintenance windows.

Figure 2 - Traditional data center model

The Symantec reference architecture (illustrated in Figure 3) presents a model to address these problems in each tier of the data center, providing a secure, scalable, and heterogeneous solution. This model enables an enterprise to cost-effectively deploy business-critical applications while employing various measures to curb growing storage and backup requirements, and introduces improved operational efficiencies with a goal of reducing total cost of ownership (TCO) and lowering risk.

9

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server®

Figure 3 – Symantec reference architecture

While databases and data-intensive applications have often been considered poor candidates for virtualization due to their heavy I/O demands, complex recovery processes, and high availability requirements, this reference architecture illustrates that these business-critical applications—commonly among the most over-provisioned environments in the data center—are actually very good candidates for virtualization. Virtualization also enables organizations to respond more quickly to business demands, whether for provisioning new application environments, rolling out applications from development into production, or migrating applications quickly and efficiently to more powerful computers. Visit the Symantec Virtualization microsite, located at http://www.symantec.com/virtualization, for further information about Symantec solutions for virtualization. The next three sections summarize the specific virtualization solutions for Microsoft SQL, SharePoint, and Exchange Servers implemented for the Symantec reference architectures.

10

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® 1.8 Microsoft SQL Server Virtualization Reference Architecture Microsoft SQL Server 2008 R2 provides a data platform that delivers a low TCO and is equipped to handle the needs of even the most demanding mission-critical applications. In a fast-evolving business environment, this platform helps enable businesses to quickly adapt to changing requirements, promotes the reliability to maintain highly available service provisioning at scale, and provides a comprehensive range of tools, features, and functionality to increase IT efficiency and reduce management overhead. The platform is tightly integrated with Microsoft’s directory services to help enable a secure and scalable security model. A typical configuration for SQL Server in a VMware virtual environment is shown in Figure 4.

Figure 4 - Typical SQL Server configuration for VMware

In this configuration, an instance of Microsoft SQL Server is running on a Windows® guest operating system in a virtual machine. Each instance, running in its own virtual machine, consists of a distinct set of services that have specific settings for collations and other options. The directory structure, registry structure, and service names all reflect the instance name and a specific instance ID created during SQL Server setup.

11

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® This uniquely named instance has a database engine, an agent that handles inbound client connection requests, an analysis service for handling online analytical processing (OLAP) type of requests, and a Filestream agent for keeping track of database objects stored outside of the database in a file system. Each instance includes one or more associated databases—a collection of related tables, indexes, and other objects that store and manage access to data records. While it is possible to have multiple instances running on the same Windows guest operating system, this reference architecture maps each instance to its own virtual machine for ease of configuration and management. Figure 5 depicts how the individual SQL Server virtual configurations fit within an example virtualized data center. The management servers are virtualized in this case, but in any particular implementation of the Reference Architecture, management services could be provided using a combination of physical and virtual servers, depending on existing infrastructure and specific requirements of an organization.

Figure 5 - SQL Server in a virtual data center

The components of the SQL Server solution are summarized below. For complete details, see the Symantec Reference Architecture for Virtualization of Microsoft SQL Server.

Storage architecture VMware ESXi presents the storage to the guest operating system either as Virtual Machine Disks (VMDK) or using raw device mapping (RDM). The SQL Server can use both types of storage for database data and log files; however, this reference architecture utilizes RDM devices for optimum I/O performance and scalability. Storage Foundation for Windows is installed on all application virtual machines and all storage is managed from the Veritas Operations Management (VOM) Advanced server. Storage Foundation provides capacity-on-demand, taking full advantages of pool storage resources in a virtual environment.

12

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® High a avvailabilit ailabilityy and disas disaster ter recover recoveryy VMware HA manages local failover and live migration of virtual machines. In this example environment, the application virtual machines are configured on a two-node VMware HA cluster, with each node functioning as the failover node in the event an ESXi host becomes unstable or faults. In this case, VMware HA restarts the virtual machines on the remaining cluster node. A Symantec ApplicationHA agent is installed on all application virtual machines to provide application monitoring, because VMware HA has no visibility into the applications running on the guest host. Without ApplicationHA, application failures go undetected. ApplicationHA detects when an application faults and can be configured to restart the application automatically, or signal to VM to restart the virtual machine. The ApplicationHA Console integrates with vCenter Server to provide centralized management of high availability. Veritas Operations Manager integrates with ApplicationHA to manage relationships between applications to ensure that dependent applications are started, stopped, and failed over in a coordinated fashion. Disaster recovery is provided by VMware Site Recovery Manager (SRM). SRM is integrated with data replication technologies to present replicated storage to the correct ESXi servers, enabling virtual machines to be started at different sites. Symantec ApplicationHA integrates with SRM to ensure continuity of application monitoring when a failover has occurred.

Data pro protection tection The data protection solution for this reference architecture leverages Symantec NetBackup to provide a full spectrum of backup and recovery options, for both VMDK and RDM storage used in this architecture. To protect VMDK storage, NetBackup for VMware provides comprehensive protection for virtual machines by integrating with VMware vStorage APIs for Data Protection (VADP) and VM snapshots. NetBackup uses VMware to take VM snapshots of VMDK storage without any disruption to the running guest operating systems and applications. These snapshots can then be backed up without involving the guest operating system in the data transfer. NetBackup V-Ray technology enables recovery of individual Windows files from a VM backup. The NetBackup client is installed on each virtual machine to receive data during a file-level restore. The NetBackup media and master servers handle data transfer and job management, respectively. Although shown in the diagram as running on a single virtual machine, these servers are often run on existing physical, off-host backup servers to further minimize any impact to the VMs and ESXi host. If SQL Server databases are deployed in VMDK storage, then NetBackup for VMware will include those databases in the VM backup, and optionally manage SQL Server log truncation. Furthermore, NetBackup V-Ray technology can again be used to recover individual databases from the same VM backup. If SQL Server databases are deployed in RDM storage, then the NetBackup for SQL Server agent in the guest provides database backup and recovery, and log truncation management. This approach is necessary because RDM storage is external to VMware, and the contents are not included in VM snapshots. Therefore, RDM data must be backed up via the guest operating system. Alternatively, if the RDM storage is shared storage with an array-based snapshot provider, then the NetBackup media server can directly backup a snapshot of the RDM storage for optimal performance and minimal impact. OpsCenter provides centralized management of data backup and archive operations across products and platforms, and a central portal for all file-level recoveries of both physical and virtual machine backups.

Securit Securityy Symantec Critical System Protection (SCSP) is implemented throughout the virtual data center to provide a both resilient and scalable security infrastructure. SCSP agents are installed on all physical and virtual systems to be protected. Additionally, an SCSP agent is placed

13

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® on the vCenter server to further protect the virtual environment. Both the agents and the management console connect to the management server to exchange data. The management server in turn acts as a liaison to the internal SCSP SQL data store, which is where all policies, configuration data, and event information are stored. Many management servers within a given environment can report to the same internal SQL data store, providing for centralized management and control of systems across the enterprise. This also allows customers flexibility in determining how to distribute their SCSP infrastructure, as both agents and consoles can then connect to any of the available management servers. For network-related security, VMware vShield App resides within the security architecture. vShield protects applications and data in the virtual data center from network-based threats and gives organizations the ability to create and manage business-relevant policies that adapt to dynamic environments. vShield also provides deep visibility into network communications between virtual machines and granular enforcement through security groups.

1.9 Microsoft SharePoint Virtualization Reference Architecture Microsoft SharePoint is a central application platform for common enterprise Web requirements. The multipurpose design of SharePoint enables management, scaling, and provisioning of a broad variety of business applications. SharePoint provides a layer of management and abstraction from the Web server, with the ultimate goal of enabling business users to leverage Web features without having to understand technical aspects of Web development. SharePoint also contains pre-defined applications for commonly requested functionality, such as intranet portals, extranets, websites, document and file management services, collaboration spaces, social tools, enterprise search, and business intelligence. A medium-scale SharePoint farm running in a VMware virtual environment is shown in Figure 6.

Figure 6 - Medium SharePoint farm in a virtual environment

In this configuration, the SharePoint server roles are spread across eight virtual machines. Two SQL Server databases manage SharePoint content and each run on their own virtual machine, hosted on separate ESXi systems. Certain server roles can be split among virtual machines or combined, as needed. For example, the Application 1 virtual machine can run the Query server while Application 2 runs the Crawl server, with other roles split among the Application 3 and 4 virtual machines. Other virtual machines can be used for Web services, as

14

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® depicted by the Web Front-End 1 and 2 virtual machines. New SharePoint servers can easily be provisioned to expand server farms to accommodate growth and meet performance objectives. Figure 7 depicts how the SharePoint virtual configurations fit within the Symantec virtualization reference architecture for SharePoint. As with the SQL Server solution, the management servers are virtualized in this case, but in any particular implementation of the reference architecture, management services could be provided using a combination of physical and virtual servers, depending on existing infrastructure and specific requirements of an organization.

Figure 7 - SharePoint in a virtual data center

Depending on an organization’s needs, the SharePoint architecture can be customized to meet scalability, performance, and high availability requirements. Because no one single solution suits all environments, Microsoft provides numerous resources and documents, such as the Capacity Planning for Microsoft SharePoint 2010 document, used for planning and deployment of SharePoint 2010. For the Symantec reference architecture, a single server farm is implemented. The SharePoint roles, as well as the SQL Servers, are distributed across four virtual machines. The reference architecture components of the SharePoint solution are similar to those used in the SQL Server solution, summarized in Section 1.8. An overview of differences for SharePoint is provided below. For complete details, see the Symantec Reference Architecture for Microsoft SharePoint Architecture Definition document.

15

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Storage architecture SharePoint uses a SQL Server database to store data; therefore, the storage architecture is essentially the same as the SQL Server Storage Architecture. A key aspect of the storage solution for SharePoint is capacity-on-demand, enabling the easy addition of new content databases to accommodate growth in storage usage. Yet storage planning is still critical for ensuring a successful SharePoint deployment. See the Planning and Architecture for SharePoint Server 2010 article from Microsoft for details.

High a avvailabilit ailabilityy and disas disaster ter recover recoveryy The high availability and disaster recovery (HA/DR) architecture is similar to SQL Server. Each application virtual machine has an ApplicationHA agent for SharePoint installed. The virtual machines running the SQL Server for SharePoint data have the SQL Server ApplicationHA agent installed as well. ApplicationHA monitors the SharePoint and SQL Server, and automatically takes action if a fault is detected. The Symantec Reference Architecture for Microsoft SharePoint Architecture Definition document focuses on a single farm with a single service application group. Organizations can evolve this design to accommodate a more complex configuration based on experience and the opportunities for change.

Data pro protection tection The data protection architecture for SharePoint is very similar to the previous one for SQL Server, again leveraging NetBackup to protect VMDK and RDM storage. To protect VMDK storage, NetBackup for VMware is used to backup a VM snapshot, and provides both VM-level and file-level recovery from the same backup. If SharePoint databases reside in VMDK storage, then NetBackup for VMware will include those databases in the VM backup. NetBackup VRay technology can be used to recover individual databases and SharePoint content, like documents, calendars, and other granular items from the same VM backup. If SharePoint databases reside in RDM storage, then the NetBackup for SharePoint agent in the guest provides database backup and recovery. This approach is necessary because RDM storage is external to VMware, and the contents are not included in VM snapshots. Alternatively, if the RDM storage is shared storage with an array-based snapshot provider, then the NetBackup media server can directly backup snapshot of the RDM storage for optimal performance and minimal impact. Granular recovery of SharePoint content is supported as well.

Archiving and eDiscover eDiscoveryy The archiving and eDiscovery architecture for SharePoint is based on Symantec Enterprise Vault, which enables organizations to store, manage, and discover unstructured information across the enterprise. A standalone software-based solution, Enterprise Vault integrates with SharePoint environments to enable organizations to control the explosive growth of vital business content both inside the enterprise on intranets, and outside of the firewall on extranets or the Internet. Both Discovery Accelerator and the Clearwell eDiscovery Platform are integrated with Enterprise Vault to provide eDiscovery of SharePoint data, used for compliance with corporate policy and regulatory bodies.

16

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® Securit Securityy The security architecture for SharePoint is also based on the same technologies as the SQL Server architecture. A Symantec Critical System Protection (SCSP) agent is installed on all physical and virtual systems to be protected. VMware vShield is deployed in the virtual data center to handle network-related security.

1.10 Microsoft Exchange Server Virtualization Reference Architecture Microsoft Exchange Server is the industry-leading collaborative platform for email, calendaring, and unified messaging. These services are accessible through personal computer (PC), Web, and mobile devices so employees can stay connected, and have become an increasing important tool for supporting businesses, whether large or small. Microsoft Exchange 2010 is closely aligned with the Microsoft® Office® suite of products, and provides trusted communication within an organization’s domain, enables greater collaboration and improved productivity for employees, and offers the ability reduce storage costs while allowing larger mailbox sizes. An Exchange Server configuration for a virtual environment is shown in Figure 8.

Figure 8 - Exchange Server in a virtual data center

17

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® As with SharePoint, the various server roles of an Exchange environment can be deployed on any number of virtual machines. In this example, the client access server (CAS) role is performed by three virtual machines to provide access to Exchange mailboxes by clients. The virtual environment is ideally suited to Exchange Server to enable new virtual machines to be provisioned and client load to be balanced across an increasing number of servers. The Exchange Mailbox servers running on three virtual machines host the mailbox and public folder databases by providing the storage for the Exchange environment. In addition, the mailbox server hosts advance scheduling services for employees using Microsoft® Outlook® and Microsoft® Outlook Web Access®. Other virtual machines can be used for edge transport servers, unified messaging servers, and hub transport servers. Figure 9 depicts how the Exchange Server virtual configurations fit within the Symantec reference architecture for Exchange Server. The various server roles are distributed among four virtual machines. As with the SQL and SharePoint solutions, the management servers are virtualized in this case, but in any particular implementation of the Reference Architecture, management services can be provided using a combination of physical and virtual servers (depending on existing infrastructure and specific requirements of an organization).

Figure 9 – Exchange Server in a data center

The components of the Exchange Server solution are similar to those used in the SQL and SharePoint solutions. Differences for Exchange Server are summarized below. For complete details, see the Symantec Reference Architecture for Microsoft SharePoint Architecture Definition document.

Storage architecture Exchange databases are based on a proprietary database system developed specifically for Microsoft Exchange Server. These databases are deployed on storage managed by Storage Foundation to ensure data is protected from hardware failures and to enable online reconfiguration for performance and expansion purposes.

18

Symantec reference architectures for the virtualization of Microsoft® SQL Server®, Microsoft® SharePoint®, and Microsoft® Exchange Server® High a avvailabilit ailabilityy and disas disaster ter recover recoveryy The HA/DR architecture is similar to SQL Server and SharePoint. Each application virtual machine has an ApplicationHA agent for Exchange installed to monitor the Exchange Server components and automatically take action if a fault is detected.

Data pro protection tection The data protection architecture for Exchange is very similar to the previous one for SQL Server, again leveraging NetBackup to protect VMDK and RDM storage. To protect VMDK storage, NetBackup for VMware is used to backup a VM snapshot, and provides both VM-level and filelevel recovery from the same backup. If Exchange databases reside in VMDK storage, then NetBackup for VMware will include those databases in the VM backup. NetBackup V-Ray technology can be used to recover individual databases and Exchange content, like mailboxes, calendars, and other granular items from the same VM backup. If Exchange databases reside in RDM storage, then the NetBackup for Exchange agent in the guest provides database backup and recovery. This approach is necessary because RDM storage is external to VMware, and the contents are not included in VM snapshots. Granular

Archiving and eDiscover eDiscoveryy The archiving and eDiscovery architecture for Exchange Server is based on Enterprise Vault from Symantec and is similar to the archiving architecture for SharePoint. Enterprise Vault can connect to an Exchange Server using the MAPI protocol and can then move individual emails into Enterprise Vault. A short cut pointing to the original archived item can optionally be left behind.

Securit Securityy The Security Architecture for Exchange Server is also based on the same technologies as the SQL Server and SharePoint architectures. Symantec Critical System Protection (SCSP) agent is installed on all physical and virtual systems to be protected. It is also strongly recommended that an antivirus solution be deployed with the Exchange Server to protect against incoming email viruses. VMware vShield was deployed in the virtual data center to handle network-related security.

19


1.11 Comprehensive business-critical application environment The diagram in Figure 10 shows how the three business-critical Microsoft applications—SQL Server, Exchange Server, and SharePoint—can be deployed together in a virtualized environment, protected from security threats, data loss, hardware failures, and site outages.

Figure 10 – Business critical applications in the VMware data center

20


1.12 Technology components The following table describes the technology used in the Symantec virtualization reference architectures. Technology architecture

Storage

Component

Product name

Version

Vendor

Dynamic multipathing, capacity on demand,

Storage Foundation for

6.0

Symantec

volume management

Windows

Storage management

VOM Advanced

4.0

Symantec

Virtual machines, virtual disks, high availability,

VMware vSphere

5.0

VMware

VMware vCenter Site Recovery

5.0

VMware

Win

Microsoft

live migration Disaster recovery orchestration

Manager Availability and disaster recovery

File system

NTFS

2008 Storage management console

Veritas Operations Manager

4.1

Symantec

(VOM) Application monitoring inside virtual machines

ApplicationHA

6.0

Symantec

Backup software

Symantec NetBackup

7.5

Symantec

vStorage API

VMware ESXi

5.0

VMware

Volume copy shadow service

VSS (Windows OS component)

-

Microsoft

OpsCenter

OpsCenter Analytics

7.5

Symantec

Email and message archive

Enterprise Vault

10.0

Symantec

eDiscovery

Discovery Accelerator

Intrusion protection

Critical System Protection

Data protection

Archiving Symantec 5.2.8

Symantec

MP3 Security

21

Network security

vShield App

5.0

VMware

Security administration

vShield Manager

5.0

VMware


Conclusions The Symantec reference architecture demonstrates how technologies from Symantec can be deployed to complement the capabilities of VMware to deliver enterprise-class levels of performance, availability, and protection for Microsoft SQL Server, SharePoint, and Exchange Server applications, while at the same time enabling organizations to fully exploit the benefits of virtualization to increase business agility, improve IT efficiency, and drive down costs. Performance is often a key area of concern for organizations seeking to migrate business-critical applications onto virtual platforms, due to the heavy demands these transaction-intensive applications place on the I/O subsystems. The Symantec reference architecture addresses these concerns by exploring how Storage Foundation from Symantec can be deployed to enable I/O performance and capacity to scale beyond a single LUN or virtual disk, and through expert guidance in selecting the type of storage and virtual devices to deliver optimum performance. In addition to performance, the reference architecture also addresses storage management and infrastructure costs to deliver additional value—enabling standardized storage management processes across physical and virtual environments, centralized reporting and chargeback of storage resources, and support for advanced storage management capabilities such as thin provisioning and reclamation, and online storage migration. Implementing high availability, disaster recovery, and data protection in a virtual environment requires new thinking. Traditional solutions often do not translate well to the virtual environment, and, in some cases, can prevent organizations from realizing the full value of virtualization. The Symantec solution integrates ApplicationHA closely with VMware to deliver business-critical levels of availability, disaster recovery, and data protection, without compromising the capabilities and benefits of virtualization. The reference architecture offers a comprehensive solution for backing up guest operating system and application data online, without disruption to services, while minimizing impact on virtual machine resources. NetBackup for VMware offers complete protection of Windows VMs, including Exchange, SharePoint, and SQL Server VMs. For RDM storage, NetBackup agents protect the application contents external to VMware. In both cases, V-Ray technologies provide any-level of recovery of VMs, files, databases, and application content from the same backup image. Migrating applications to virtual environments introduces new security concerns that must be addressed—in particular, threats to virtual machines through the VMware hypervisor. The reference architecture addresses these risks with SCSP software, which deploys agents to protect the Sphere vCenter console, ESXi Server, and the guest operating systems. Organizations are expected to adapt the solution to meet their specific needs. For example, if an organization has standardized on Veritas Cluster Server (VCS) for high availability across their physical and virtual environments, VCS can be deployed as an alternative to ApplicationHA. Similarly, the security architecture can be further expanded to include Symantec end-point protection, encryption, authentication, and antivirus solutions. When developing new architectures, organizations should first perform a capabilities assessment to compare the capabilities provided by the current infrastructure against those needed to support the businesses. Doing so ensures that the Symantec reference rrchitecture can be deployed pragmatically and cost-effectively to address any gaps.

22


Appendix A: Test infrastructure Tes estt infras infrastructure tructure utiliz utilized ed The following table describes the hardware used in the Symantec virtualization reference architectures testing. Equivalent hardware from alternate suppliers is acceptable. See hardware compatibility listings (HCLs) for the software products involved. Hardware

Version/Type

QTY

Source

BL460 (or equivalent)

6 x BL460c G6 with:

6

HP

1

HP

2

HP

1

HP

1

HP

1

HP

• 2P/8C 2.93GHz (Xeon X5570) • 48GB RAM • 2 x 300GB 10K SAS disks • 4 x BL460c G6 installed with ESXi 5.0 (2 x BL460c G6 Management and RDP Server) DL580 (or equivalent)

1 x DL580 G7 with: • 4P/32C 2.27GHz (Xeon X7560) • 256GB RAM • 8 x 146GB 15K SAS disks Installed with ESXi 5.0.

HP P6300

1 x P6300 with: • 10 x 300GB 15K SAS (3TB) • 8Gb FC

HP 6500

• 48 x 300GB 15K SAS (14.4TB) • 8Gb FC

HP V Series 3PAR HP B6200 StoreOnce

3 TB RAID 5

Notes: For testing thin provisioning and storage reclamation testing, HP V-Series 3PAR storage was utilized. StorageFoundation for Windows provided the mapping and thin provisioning management while VOM provided the reporting and tracking of storage space utilization. To accomplish testing of NetBackup OST (OpenStorage Technology), HP B6200 StoreOnce device was utilized. Backups were performed to the B6200 via NetBackup and OST.

23


About Symantec Symantec is a global leader in providing security, storage, and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. Headquartered in Mountain View, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com.

For specific country offices

Symantec World Headquarters

and contact numbers, please

350 Ellis St.

visit our website.

Mountain View, CA 94043 USA +1 (650) 527 8000 1 (800) 721 3934 www.symantec.com

Copyright © 2012 Symantec Corporation, All rights reserved. This document is subject to and governed by the terms and conditions outlined in the Symantec Partner Program and Master Specialization Program Member Terms and Conditions. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Microsoft, Windows, SQL Server, SharePoint, Outlook, Outlook Web Access, and Exchange Server are registered trademarks of Microsoft Corporation in the United States and other countries. Other names may be trademarks of their respective owners. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions 5/2012 21245275