Professional Documents
Culture Documents
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Content
Business overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Goals and objectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Stakeholders and their concerns. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Role of a reference architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Principles guiding this architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Assumptions guiding this architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Components of a reference architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Summary of the technical scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
1.8 Microsoft SQL Server Virtualization Reference Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.9 Microsoft SharePoint Virtualization Reference Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.10 Microsoft Exchange Server Virtualization Reference Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1.11 Comprehensive business-critical application environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
1.12 Technology components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Appendix A: Test infrastructure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Business overview
Organizations strive to leverage the benefits of virtualization to help drive down cost, improve business agility through greater consolidation,
improve utilization of resources, and benefit from increased automation and efficiency.
Today, enterprise businesses commonly deploy virtualization for non-critical environments only, due to the perception of obstacles that
prevent further virtualization in the data center. Projects stall when applications are considered too large, too complex, or too high risk to
virtualize.
To help organizations implement proven and repeatable enterprise-class IT solutions in virtual environments, Symantec has created a series
of reference architectures. The focus of the reference architectures is to accelerate the virtualized deployments of Microsoft applications on
VMware platforms, enhanced by Symantec software. The reference architectures demonstrate how organizations can meet the demands for
application performance, availability, security, and cost, as well as increase the business value and return on investment from Symantec
software.
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
The reference architectures within this series include:
Symantec Reference Architecture for Microsoft SQL Server
Symantec Reference Architecture for Microsoft SharePoint
Symantec Reference Architecture for Microsoft Exchange Server
The documents provide assistance and guidance with the validation, design, and implementation of enterprise-class virtualization of
Microsoft applications, leveraging the power of Symantec technology to accelerate the deployment of virtualization.
Op
Optimiz
timize
e I/O perf
performance
ormance
Objective
Description
Scale to support large multi-terabyte databases without any disruption to critical business
for storage.
services.
Support high transaction rates by enabling the data to be load balanced across multiple I/O
paths and storage devices, with the ability to increase or decrease bandwidth online.
Description
Restart virtual machines when faults are detected. Start the virtual machine on another server
if it cannot be restarted successfully.
Migrate virtual machines to a different server when a server fault or stability issue is detected.
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Objective
Description
Integrate with VMware high availability (HA), VMware Site Recovery Manager (SRM) and
replication technologies to provide a cost-effective disaster recovery solution.
Fully support VMware VMotion technology to enable live migration of servers and minimize
machines.
planned downtime.
Provide instant point-in-time recovery from snapshot copies of the data with ability to roll the
snapshots.
database forward using transaction logs to recover quickly from data corruption or loss.
Enable granular recovery of SQL Server database objects including user, system, full text
catalogs, and file streams while database is online.
Deploy multipathing technology to eliminate single points of failure in the I/O data path.
Pro
Protect
tect critical ser
servers
vers from securit
securityy threats
Objective
Description
Use VMware vShield to enforce firewall security policies that stay with a virtual server even
threats.
after live migration or site failover, to protect applications from network-based threats.
Implement intrusion protection and prevention to further improve the security of virtual
machines.
environments.
Reduce infras
infrastructure
tructure co
cossts
Objective
Description
Make more efficient use of physical server resources through virtualization, reducing both
efficiently.
Reduce physical server footprint through virtualization to reduce IT spending on data center
capacity, power and cooling, and to reduce the environmental impact of data center sprawl.
Combine thin provisioning with storage reclamation capabilities to achieve cost savings
reclamation.
Enable efficient off-host backups, with data deduplication, to achieve cost savings by reducing
deduplication.
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Improve operations efficienc
efficiencyy
Objective
Description
quickly.
lengthy processes associated with physical hardware, thereby removing complexity and
improving business agility.
Remove the cascading effect of one failing application bringing down another application, or
an entire operating system, by limiting each virtual machine to running one application,
reducing operational risk.
Achieve high availability without requiring hot standby servers, to help realize the cost savings
standby servers.
Use VMware SRM to reduce risk and to remove complexity from data center failovers and
failover procedures.
planned migrations.
Centralize management.
Constraints
The reference architectures are limited by the constraints described in the table.
Constraint
Description
VMware capabilities will either be preserved or built upon, but they must not be removed or
capabilities
broken. For example, VMware VMotion and SRM are features that will be used within the
solution.
Hardware agnostic
Hardware vendor tie-in must be eliminated. Although specific hardware vendors may be
recommended or referred to by the reference architecture, the design will not preclude the use
of other hardware vendors. This may come with a caveat; for example, if certain features are
not available from a particular vendor, those features will be missing in the final solution.
Compatibility will be maintained with standard hardware solutions in the virtualization space,
solutions
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Constraint
Description
64-bit architecture
Security architecture
The security architecture in this release relies upon Symantec Critical System Protection.
Due to the design of VMware SRM and its lack of external arbitration services, it will not be
possible to fully automate site failover within this architecture. Instead, site failover must be
triggered manually, after which the process is automatic.
Abbrev.
Summary of Concerns
CIO/CTO
CFO
CSO
COO/DBA
Application Owners
App
IT Infrastructure Operations
Ops
IT Service Management
ITSM
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
The intent of the Symantec reference architectures is to short-cut the design process for organizations interested in virtualizing critical
business services. The aim is to reduce or eliminate errors in technology decisions and increase the likelihood of successful implementation
of blended Microsoft, VMware, and Symantec solutions in a virtual environment.
Using a reference architecture as a guide for designing solutions with similar capabilities enables organizations to derive several benefits,
including:
Reducing complexity
Reducing resources requirements and cost
Minimizing design and implementation timeframes
While a reference architecture provides a basis for creating real-world solutions, it is not intended as an implementation blueprint. Each
organization can apply the principles and goals appropriate for their requirements, and modify design criteria as needed for their purposes.
For example, the Symantec reference architectures describe collections of technology, along with the capabilities and configuration options
used in the solution. An organization may choose different capabilities or configuration options in their implementations.
Business principles
Information management decisions are made to provide maximum benefit to the enterprise as a whole.
Enterprise operations are maintained in spite of system interruptions.
Enterprise operations are performed within the time constraints set by pre-defined service levels.
Enterprise processes are automated where appropriate to reduce manual effort.
Development of applications used across the enterprise is preferred over the development of similar or duplicative applications which are
only provided to a particular organization.
Enterprise information management processes comply with all relevant laws, policies, and regulations.
The IT organization is responsible for owning and implementing IT processes and infrastructure that enable solutions to meet userdefined requirements for functionality, service levels, cost, and delivery timing.
Effectively align expectations with capabilities and costs so that all projects are cost-effective. Efficient and effective solutions have
reasonable costs and clear benefits.
Data principles
Information is central to the successful running of an organization.
Data is an asset that has value to the enterprise and is managed accordingly.
Data is shared between applications across the enterprise.
Data is accessible for users to perform their functions.
Each data element has a trustee accountable for data quality.
Data is defined consistently throughout the enterprise, and the definitions are understandable and available to all users.
Data is protected from unauthorized use and disclosure. In addition to the traditional aspects of national security classification, this
includes, but is not limited to, protection of pre-decisional, sensitive, source selection sensitive, and proprietary information.
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Application principles
Applications are independent of specific technology choices and therefore can operate on a variety of technology platforms.
Applications are easy to use. The underlying technology is transparent to users, so they can concentrate on tasks at hand.
Only in response to business needs are changes to applications and technology made.
Technolog
echnologyy principles
Changes to the enterprise information environment are implemented in a timely manner.
Technological diversity is controlled to minimize the non-trivial cost of maintaining expertise in and connectivity between multiple
processing environments.
Software and hardware should conform to defined standards that promote interoperability for data, applications, and technology.
Business architecture
The business architecture focuses on how the solutions meet business goals.
Application architecture
The application architecture provides a general overview of the Microsoft applications that are the subject of the three reference
architectures: SQL Server, Exchange Server, and SharePoint Server.
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Because these are well-known applications with a large existing collection of documentation detailing all aspects of their architecture and
design, the application architecture section provides a higher-level discussion regarding how these products fit into the overall Symantec
reference architectures.
Technology architecture
The core focus of each reference architecture document is the technology architecture, which highlights the attributes considered essential
for deploying Microsoft SQL Server, Exchange, or SharePoint, virtualized on VMware as an enterprise-class application. Practical and realworld experience from Symantec subject matter experts provides an understanding of how to design solutions that leverage Symantec
products.
The technology architecture is organized into conceptual, logical, and physical views.
Concep
Conceptual
tual view
The conceptual view represents the business owner point of view, describing how the solution aligns with business needs. This view is an
implementation-independent view of all infrastructure services. The conceptual view provides an abstract or high-level design of only the
most important business components and entities; its main goal is to provide an understanding of the overall purpose of the proposed
solution in direct relation to business need. Components include major technology systems, relevant business processes, external systems
required for integration or overall functionality, high-level data flow, and system functionality.
Logical view
The logical view represents the designer point of view, identifying the significant components and showing how they fit together to deliver
the solution. This view includes realizable elements of the infrastructure, interaction models, principles for use, and product capabilities. The
logical view includes a more detailed design for all major components and entities, as well as relationships, data flows, and connections. The
target audience is typically developers or other systems architects. The logical view includes business services, application names and
capabilities, and other relevant information needed for development purposes, and it intentionally omits physical server names or addresses.
Ph
Physical
ysical view
The physical view is the builder view, showing how the solution is created and configured. This includes implementation models,
technology patterns, and templates. The physical view has all major components and entities identified within specific physical servers and
locations, as well as specific software services, objects, and solutions. This view includes known details such as operating systems, version
numbers, and patches that are relevant. Any physical constraints or limitations are also identified within the server components, data flows,
or connections. The physical view references resources such as product documentation, white papers, and websites to augment the
architecture content. The design presented in the physical view may be included and extended by the final implementation team into an
implementation design.
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
requirements spiral out of control; and dedicated and intrusive on-host backups take longer to complete while application owners demand
smaller and smaller maintenance windows.
The Symantec reference architecture (illustrated in Figure 3) presents a model to address these problems in each tier of the data center,
providing a secure, scalable, and heterogeneous solution. This model enables an enterprise to cost-effectively deploy business-critical
applications while employing various measures to curb growing storage and backup requirements, and introduces improved operational
efficiencies with a goal of reducing total cost of ownership (TCO) and lowering risk.
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
While databases and data-intensive applications have often been considered poor candidates for virtualization due to their heavy I/O
demands, complex recovery processes, and high availability requirements, this reference architecture illustrates that these business-critical
applicationscommonly among the most over-provisioned environments in the data centerare actually very good candidates for
virtualization.
Virtualization also enables organizations to respond more quickly to business demands, whether for provisioning new application
environments, rolling out applications from development into production, or migrating applications quickly and efficiently to more powerful
computers. Visit the Symantec Virtualization microsite, located at http://www.symantec.com/virtualization, for further information about
Symantec solutions for virtualization.
The next three sections summarize the specific virtualization solutions for Microsoft SQL, SharePoint, and Exchange Servers implemented for
the Symantec reference architectures.
10
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
1.8 Microsoft SQL Server Virtualization Reference Architecture
Microsoft SQL Server 2008 R2 provides a data platform that delivers a low TCO and is equipped to handle the needs of even the most
demanding mission-critical applications. In a fast-evolving business environment, this platform helps enable businesses to quickly adapt to
changing requirements, promotes the reliability to maintain highly available service provisioning at scale, and provides a comprehensive
range of tools, features, and functionality to increase IT efficiency and reduce management overhead. The platform is tightly integrated with
Microsofts directory services to help enable a secure and scalable security model.
A typical configuration for SQL Server in a VMware virtual environment is shown in Figure 4.
In this configuration, an instance of Microsoft SQL Server is running on a Windows guest operating system in a virtual machine. Each
instance, running in its own virtual machine, consists of a distinct set of services that have specific settings for collations and other options.
The directory structure, registry structure, and service names all reflect the instance name and a specific instance ID created during SQL
Server setup.
11
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
This uniquely named instance has a database engine, an agent that handles inbound client connection requests, an analysis service for
handling online analytical processing (OLAP) type of requests, and a Filestream agent for keeping track of database objects stored outside of
the database in a file system. Each instance includes one or more associated databasesa collection of related tables, indexes, and other
objects that store and manage access to data records. While it is possible to have multiple instances running on the same Windows guest
operating system, this reference architecture maps each instance to its own virtual machine for ease of configuration and management.
Figure 5 depicts how the individual SQL Server virtual configurations fit within an example virtualized data center. The management servers
are virtualized in this case, but in any particular implementation of the Reference Architecture, management services could be provided using
a combination of physical and virtual servers, depending on existing infrastructure and specific requirements of an organization.
The components of the SQL Server solution are summarized below. For complete details, see the Symantec Reference Architecture for
Virtualization of Microsoft SQL Server.
Storage architecture
VMware ESXi presents the storage to the guest operating system either as Virtual Machine Disks (VMDK) or using raw device mapping (RDM).
The SQL Server can use both types of storage for database data and log files; however, this reference architecture utilizes RDM devices for
optimum I/O performance and scalability. Storage Foundation for Windows is installed on all application virtual machines and all storage is
managed from the Veritas Operations Management (VOM) Advanced server. Storage Foundation provides capacity-on-demand, taking full
advantages of pool storage resources in a virtual environment.
12
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
High a
avvailabilit
ailabilityy and disas
disaster
ter recover
recoveryy
VMware HA manages local failover and live migration of virtual machines. In this example environment, the application virtual machines are
configured on a two-node VMware HA cluster, with each node functioning as the failover node in the event an ESXi host becomes unstable or
faults. In this case, VMware HA restarts the virtual machines on the remaining cluster node. A Symantec ApplicationHA agent is installed on
all application virtual machines to provide application monitoring, because VMware HA has no visibility into the applications running on the
guest host. Without ApplicationHA, application failures go undetected. ApplicationHA detects when an application faults and can be
configured to restart the application automatically, or signal to VM to restart the virtual machine. The ApplicationHA Console integrates with
vCenter Server to provide centralized management of high availability. Veritas Operations Manager integrates with ApplicationHA to manage
relationships between applications to ensure that dependent applications are started, stopped, and failed over in a coordinated fashion.
Disaster recovery is provided by VMware Site Recovery Manager (SRM). SRM is integrated with data replication technologies to present
replicated storage to the correct ESXi servers, enabling virtual machines to be started at different sites. Symantec ApplicationHA integrates
with SRM to ensure continuity of application monitoring when a failover has occurred.
Data pro
protection
tection
The data protection solution for this reference architecture leverages Symantec NetBackup to provide a full spectrum of backup and recovery
options, for both VMDK and RDM storage used in this architecture.
To protect VMDK storage, NetBackup for VMware provides comprehensive protection for virtual machines by integrating with VMware
vStorage APIs for Data Protection (VADP) and VM snapshots. NetBackup uses VMware to take VM snapshots of VMDK storage without any
disruption to the running guest operating systems and applications. These snapshots can then be backed up without involving the guest
operating system in the data transfer. NetBackup V-Ray technology enables recovery of individual Windows files from a VM backup. The
NetBackup client is installed on each virtual machine to receive data during a file-level restore. The NetBackup media and master servers
handle data transfer and job management, respectively. Although shown in the diagram as running on a single virtual machine, these servers
are often run on existing physical, off-host backup servers to further minimize any impact to the VMs and ESXi host.
If SQL Server databases are deployed in VMDK storage, then NetBackup for VMware will include those databases in the VM backup, and
optionally manage SQL Server log truncation. Furthermore, NetBackup V-Ray technology can again be used to recover individual databases
from the same VM backup.
If SQL Server databases are deployed in RDM storage, then the NetBackup for SQL Server agent in the guest provides database backup and
recovery, and log truncation management. This approach is necessary because RDM storage is external to VMware, and the contents are not
included in VM snapshots. Therefore, RDM data must be backed up via the guest operating system. Alternatively, if the RDM storage is
shared storage with an array-based snapshot provider, then the NetBackup media server can directly backup a snapshot of the RDM storage
for optimal performance and minimal impact.
OpsCenter provides centralized management of data backup and archive operations across products and platforms, and a central portal for
all file-level recoveries of both physical and virtual machine backups.
Securit
Securityy
Symantec Critical System Protection (SCSP) is implemented throughout the virtual data center to provide a both resilient and scalable
security infrastructure. SCSP agents are installed on all physical and virtual systems to be protected. Additionally, an SCSP agent is placed
13
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
on the vCenter server to further protect the virtual environment. Both the agents and the management console connect to the management
server to exchange data. The management server in turn acts as a liaison to the internal SCSP SQL data store, which is where all policies,
configuration data, and event information are stored. Many management servers within a given environment can report to the same internal
SQL data store, providing for centralized management and control of systems across the enterprise. This also allows customers flexibility in
determining how to distribute their SCSP infrastructure, as both agents and consoles can then connect to any of the available management
servers.
For network-related security, VMware vShield App resides within the security architecture. vShield protects applications and data in the
virtual data center from network-based threats and gives organizations the ability to create and manage business-relevant policies that adapt
to dynamic environments. vShield also provides deep visibility into network communications between virtual machines and granular
enforcement through security groups.
In this configuration, the SharePoint server roles are spread across eight virtual machines. Two SQL Server databases manage SharePoint
content and each run on their own virtual machine, hosted on separate ESXi systems. Certain server roles can be split among virtual
machines or combined, as needed. For example, the Application 1 virtual machine can run the Query server while Application 2 runs the
Crawl server, with other roles split among the Application 3 and 4 virtual machines. Other virtual machines can be used for Web services, as
14
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
depicted by the Web Front-End 1 and 2 virtual machines. New SharePoint servers can easily be provisioned to expand server farms to
accommodate growth and meet performance objectives.
Figure 7 depicts how the SharePoint virtual configurations fit within the Symantec virtualization reference architecture for SharePoint. As
with the SQL Server solution, the management servers are virtualized in this case, but in any particular implementation of the reference
architecture, management services could be provided using a combination of physical and virtual servers, depending on existing
infrastructure and specific requirements of an organization.
Depending on an organizations needs, the SharePoint architecture can be customized to meet scalability, performance, and high availability
requirements. Because no one single solution suits all environments, Microsoft provides numerous resources and documents, such as the
Capacity Planning for Microsoft SharePoint 2010 document, used for planning and deployment of SharePoint 2010. For the Symantec
reference architecture, a single server farm is implemented. The SharePoint roles, as well as the SQL Servers, are distributed across four
virtual machines.
The reference architecture components of the SharePoint solution are similar to those used in the SQL Server solution, summarized in
Section 1.8. An overview of differences for SharePoint is provided below. For complete details, see the Symantec Reference Architecture for
Microsoft SharePoint Architecture Definition document.
15
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Storage architecture
SharePoint uses a SQL Server database to store data; therefore, the storage architecture is essentially the same as the SQL Server Storage
Architecture. A key aspect of the storage solution for SharePoint is capacity-on-demand, enabling the easy addition of new content databases
to accommodate growth in storage usage. Yet storage planning is still critical for ensuring a successful SharePoint deployment. See the
Planning and Architecture for SharePoint Server 2010 article from Microsoft for details.
High a
avvailabilit
ailabilityy and disas
disaster
ter recover
recoveryy
The high availability and disaster recovery (HA/DR) architecture is similar to SQL Server. Each application virtual machine has an
ApplicationHA agent for SharePoint installed. The virtual machines running the SQL Server for SharePoint data have the SQL Server
ApplicationHA agent installed as well. ApplicationHA monitors the SharePoint and SQL Server, and automatically takes action if a fault is
detected. The Symantec Reference Architecture for Microsoft SharePoint Architecture Definition document focuses on a single farm with a
single service application group. Organizations can evolve this design to accommodate a more complex configuration based on experience
and the opportunities for change.
Data pro
protection
tection
The data protection architecture for SharePoint is very similar to the previous one for SQL Server, again leveraging NetBackup to protect
VMDK and RDM storage. To protect VMDK storage, NetBackup for VMware is used to backup a VM snapshot, and provides both VM-level and
file-level recovery from the same backup.
If SharePoint databases reside in VMDK storage, then NetBackup for VMware will include those databases in the VM backup. NetBackup VRay technology can be used to recover individual databases and SharePoint content, like documents, calendars, and other granular items
from the same VM backup.
If SharePoint databases reside in RDM storage, then the NetBackup for SharePoint agent in the guest provides database backup and
recovery. This approach is necessary because RDM storage is external to VMware, and the contents are not included in VM snapshots.
Alternatively, if the RDM storage is shared storage with an array-based snapshot provider, then the NetBackup media server can directly
backup snapshot of the RDM storage for optimal performance and minimal impact. Granular recovery of SharePoint content is supported as
well.
16
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Securit
Securityy
The security architecture for SharePoint is also based on the same technologies as the SQL Server architecture. A Symantec Critical System
Protection (SCSP) agent is installed on all physical and virtual systems to be protected. VMware vShield is deployed in the virtual data center
to handle network-related security.
17
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
As with SharePoint, the various server roles of an Exchange environment can be deployed on any number of virtual machines. In this
example, the client access server (CAS) role is performed by three virtual machines to provide access to Exchange mailboxes by clients. The
virtual environment is ideally suited to Exchange Server to enable new virtual machines to be provisioned and client load to be balanced
across an increasing number of servers.
The Exchange Mailbox servers running on three virtual machines host the mailbox and public folder databases by providing the storage for
the Exchange environment. In addition, the mailbox server hosts advance scheduling services for employees using Microsoft Outlook and
Microsoft Outlook Web Access. Other virtual machines can be used for edge transport servers, unified messaging servers, and hub
transport servers.
Figure 9 depicts how the Exchange Server virtual configurations fit within the Symantec reference architecture for Exchange Server. The
various server roles are distributed among four virtual machines. As with the SQL and SharePoint solutions, the management servers are
virtualized in this case, but in any particular implementation of the Reference Architecture, management services can be provided using a
combination of physical and virtual servers (depending on existing infrastructure and specific requirements of an organization).
The components of the Exchange Server solution are similar to those used in the SQL and SharePoint solutions. Differences for Exchange
Server are summarized below. For complete details, see the Symantec Reference Architecture for Microsoft SharePoint Architecture Definition
document.
Storage architecture
Exchange databases are based on a proprietary database system developed specifically for Microsoft Exchange Server. These databases are
deployed on storage managed by Storage Foundation to ensure data is protected from hardware failures and to enable online reconfiguration
for performance and expansion purposes.
18
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
High a
avvailabilit
ailabilityy and disas
disaster
ter recover
recoveryy
The HA/DR architecture is similar to SQL Server and SharePoint. Each application virtual machine has an ApplicationHA agent for Exchange
installed to monitor the Exchange Server components and automatically take action if a fault is detected.
Data pro
protection
tection
The data protection architecture for Exchange is very similar to the previous one for SQL Server, again leveraging NetBackup to protect VMDK
and RDM storage. To protect VMDK storage, NetBackup for VMware is used to backup a VM snapshot, and provides both VM-level and filelevel recovery from the same backup.
If Exchange databases reside in VMDK storage, then NetBackup for VMware will include those databases in the VM backup. NetBackup V-Ray
technology can be used to recover individual databases and Exchange content, like mailboxes, calendars, and other granular items from the
same VM backup.
If Exchange databases reside in RDM storage, then the NetBackup for Exchange agent in the guest provides database backup and recovery.
This approach is necessary because RDM storage is external to VMware, and the contents are not included in VM snapshots. Granular
Securit
Securityy
The Security Architecture for Exchange Server is also based on the same technologies as the SQL Server and SharePoint architectures.
Symantec Critical System Protection (SCSP) agent is installed on all physical and virtual systems to be protected. It is also strongly
recommended that an antivirus solution be deployed with the Exchange Server to protect against incoming email viruses. VMware vShield
was deployed in the virtual data center to handle network-related security.
19
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
20
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Storage
Component
Product name
Version
Vendor
6.0
Symantec
volume management
Windows
Storage management
VOM Advanced
4.0
Symantec
VMware vSphere
5.0
VMware
5.0
VMware
Win
Microsoft
live migration
Disaster recovery orchestration
Manager
Availability and disaster
recovery
File system
NTFS
2008
Storage management console
4.1
Symantec
(VOM)
Application monitoring inside virtual machines
ApplicationHA
6.0
Symantec
Backup software
Symantec NetBackup
7.5
Symantec
vStorage API
VMware ESXi
5.0
VMware
Microsoft
OpsCenter
OpsCenter Analytics
7.5
Symantec
Enterprise Vault
10.0
Symantec
eDiscovery
Discovery Accelerator
Intrusion protection
Data protection
Archiving
Symantec
5.2.8
Symantec
MP3
Security
21
Network security
vShield App
5.0
VMware
Security administration
vShield Manager
5.0
VMware
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Conclusions
The Symantec reference architecture demonstrates how technologies from Symantec can be deployed to complement the capabilities of
VMware to deliver enterprise-class levels of performance, availability, and protection for Microsoft SQL Server, SharePoint, and Exchange
Server applications, while at the same time enabling organizations to fully exploit the benefits of virtualization to increase business agility,
improve IT efficiency, and drive down costs.
Performance is often a key area of concern for organizations seeking to migrate business-critical applications onto virtual platforms, due to
the heavy demands these transaction-intensive applications place on the I/O subsystems. The Symantec reference architecture addresses
these concerns by exploring how Storage Foundation from Symantec can be deployed to enable I/O performance and capacity to scale
beyond a single LUN or virtual disk, and through expert guidance in selecting the type of storage and virtual devices to deliver optimum
performance.
In addition to performance, the reference architecture also addresses storage management and infrastructure costs to deliver additional
valueenabling standardized storage management processes across physical and virtual environments, centralized reporting and
chargeback of storage resources, and support for advanced storage management capabilities such as thin provisioning and reclamation, and
online storage migration.
Implementing high availability, disaster recovery, and data protection in a virtual environment requires new thinking. Traditional solutions
often do not translate well to the virtual environment, and, in some cases, can prevent organizations from realizing the full value of
virtualization. The Symantec solution integrates ApplicationHA closely with VMware to deliver business-critical levels of availability, disaster
recovery, and data protection, without compromising the capabilities and benefits of virtualization.
The reference architecture offers a comprehensive solution for backing up guest operating system and application data online, without
disruption to services, while minimizing impact on virtual machine resources. NetBackup for VMware offers complete protection of Windows
VMs, including Exchange, SharePoint, and SQL Server VMs. For RDM storage, NetBackup agents protect the application contents external to
VMware. In both cases, V-Ray technologies provide any-level of recovery of VMs, files, databases, and application content from the same
backup image.
Migrating applications to virtual environments introduces new security concerns that must be addressedin particular, threats to virtual
machines through the VMware hypervisor. The reference architecture addresses these risks with SCSP software, which deploys agents to
protect the Sphere vCenter console, ESXi Server, and the guest operating systems.
Organizations are expected to adapt the solution to meet their specific needs. For example, if an organization has standardized on Veritas
Cluster Server (VCS) for high availability across their physical and virtual environments, VCS can be deployed as an alternative to
ApplicationHA. Similarly, the security architecture can be further expanded to include Symantec end-point protection, encryption,
authentication, and antivirus solutions.
When developing new architectures, organizations should first perform a capabilities assessment to compare the capabilities provided by the
current infrastructure against those needed to support the businesses. Doing so ensures that the Symantec reference rrchitecture can be
deployed pragmatically and cost-effectively to address any gaps.
22
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
Version/Type
QTY
Source
6 x BL460c G6 with:
HP
HP
HP
HP
HP
HP
1 x DL580 G7 with:
4P/32C 2.27GHz (Xeon X7560)
256GB RAM
8 x 146GB 15K SAS disks
Installed with ESXi 5.0.
HP P6300
1 x P6300 with:
10 x 300GB 15K SAS (3TB)
8Gb FC
HP 6500
HP V Series 3PAR
HP B6200 StoreOnce
3 TB RAID 5
Notes:
For testing thin provisioning and storage reclamation testing, HP V-Series 3PAR storage was utilized. StorageFoundation for Windows
provided the mapping and thin provisioning management while VOM provided the reporting and tracking of storage space utilization.
To accomplish testing of NetBackup OST (OpenStorage Technology), HP B6200 StoreOnce device was utilized. Backups were performed to
the B6200 via NetBackup and OST.
23
Symantec reference architectures for the virtualization of Microsoft SQL Server, Microsoft
SharePoint, and Microsoft Exchange Server
About Symantec
Symantec is a global leader in providing security,
storage, and systems management solutions to help
consumers and organizations secure and manage
their information-driven world. Our software and
services protect against more risks at more points,
more completely and efficiently, enabling
confidence wherever information is used or stored.
Headquartered in Mountain View, Calif., Symantec
has operations in 40 countries. More information is
available at www.symantec.com.