Application Manager user s guide

Transcription

1 Application Manager user s guide Part number: T Ninth edition: March 2009

2 Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company makes no warranty of any kind with regard to this material, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material. This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard. The information contained in this document is subject to change without notice. Microsoft, Windows, and Windows NT are U.S. registered trademarks of Microsoft Corporation. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for Hewlett-Packard Company products are set forth in the express limited warranty statements for such products. Nothing herein should be construed as constituting an additional warranty. HP StorageWorks Storage Mirroring Application Manager User s Guide Ninth Edition (March 2009) Part Number: T

3 Table of Contents Chapter 1 Introduction About the Storage Mirroring Application Manager Supported configurations Exchange SQL SharePoint File server BlackBerry Requirements Exchange requirements SQL requirements File server requirements SharePoint requirements BlackBerry requirements Related documentation User s guide Application notes Readme files Chapter 2 Navigating the user interface Install the Application Manager Start the Application Manager Menu options Change Application Manager preferences Using the online help Chapter 3 Protecting an Exchange Server Verify the Exchange environment (recommended) Select a task Select a domain Select source and target servers Enter server login information Using clustered Exchange servers Configure protection settings Failover settings Failover type Services Resources (cluster only) Monitor settings Application Monitoring (BETA) Snapshot settings

4 Connection settings Route Protected Storage Groups Mirror type Enable compression Advanced settings Replication set rules Failover/failback scripts Force AD replication Target(ed) domain controller Advanced settings Saving configuration changes Chapter 4 Protecting an Exchange Cluster with a Like-Named Cluster Prerequisites Permissions Multiple EVS Configuring a standby cluster Enabling protection Dealing with a failure Graceful failover Site failure failover Differences in failback Chapter 5 Protecting a SQL Server Select a task Select a domain Select source and target servers Add or manage servers Enter server login information Using clustered SQL servers Configure protection settings Select SQL instances Failover settings Failover type Services Resources (cluster only) Monitor settings Application Monitoring (BETA) Snapshot settings Connection settings Route Protected Databases Mirror type Enable compression ii

5 Advanced settings Replication set rules Failover/failback scripts Items to failover Advanced settings Saving configuration changes Chapter 6 Protecting a File Server Select a task Select a domain Select source and target servers Add or manage servers Enter server login information Configure protection settings Failover settings Failover type Services Monitor settings Snapshot settings Connection settings Route File Shares Mirror type Enable compression Advanced settings Replication set rules Failover/failback scripts Items to failover Advanced settings Saving configuration changes Chapter 7 Protecting a SharePoint Server Select a task Select a domain Select SharePoint front end Select source and target servers Add or manage servers Enter server login information Configure protection settings Failover settings Failover type Services Add/remove SharePoint services Monitor settings Application Monitoring (BETA) Snapshot settings iii

6 Connection settings Route Protected Databases Mirror type Enable compression Advanced settings Replication set rules Failover/failback scripts Items to failover Advanced settings SharePoint settings Saving configuration changes Chapter 8 Protecting a BlackBerry Server Select a task Select a domain Select source and target servers Add or manage servers Enter server login information Configure protection settings Failover settings Failover type Services Monitor settings Snapshot settings Connection settings Route Protected Databases Mirror type Enable compression BlackBerry settings Advanced settings Replication set rules Failover/failback scripts Advanced settings Saving configuration changes Complete BlackBerry protection Chapter 9 Validate the Configuration Chapter 10 Enabling Protection for a Server Enable protection Disable protection Monitor protection status Protection status states Protection detail states iv

7 Verify target data viability Relocating the MTA and SMTP pickup path and queues Managing snapshots Chapter 11 Failover, Failback, and Restoration DNS failover, failback, and restoration Initiating automatic failover Initiating manual failover Failback and restoration Identity failover, failback, and restoration Initiating a failover Failback and restoration Recovering to the original source Rehoming the Exchange objects to the source Re-enabling protection Appendix A Recommended Credentials...A-1 Application Manager credentials... A-1 Assigning the user to the Power Users group... A-1 Assigning the user to the Storage Mirroring Admin group... A-1 Assigning the user to the local servers Administrators group... A-2 Assigning the user to the DnsAdmins group... A-2 Manually set SPN update permissions... A-6 Exchange credentials... A-6 Assigning Exchange 2003 Full Administrator permission... A-7 Assigning Exchange 2007 Full Administrator permission... A-7 Delegating Exchange administrative rights... A-8 SQL credentials... A-8 Assigning SQL Server System Administrators permission... A-9 SharePoint credentials... A-9 BlackBerry credentials... A-9 Appendix B Rebuilding the Source...B-1 Rebuilding the original Exchange source... B-1 Rebuilding the original SQL source... B-3 Appendix C Exchange and SQL Failover with BlackBerry...C-1 Appendix D Using a non-microsoft DNS Server... D-1 Using /altdns...d-1 Appendix E Using the Target Data Verification (TDV) Utility Appendix F Using the DNS Failover (DFO) Utility Appendix G Using the Exchange Failover (EFO) Utility... G-1 v

8 Introduction This document describes how to use the Storage Mirroring Application Manager to create and validate your application configuration. The Application Manager lets you quickly configure protection for an application without requiring you to have advanced knowledge of either Storage Mirroring or your application. The Application Manager works by gathering information about your source andtarget environments, then configuring Storage Mirroring to protect the source. About the Storage Mirroring Application Manager The Application Manager is used to simplify the setup of standard Storage Mirroring connections. The Application Manager discovers all servers running a designated application in your environment so that you can determine which servers are not protected. It gathers information about the environment from various sources (including Storage Mirroring, Active Directory, and DNS) and automatically configures Storage Mirroring to protect that environment. It also performs a health check to make sure that your configuration is correct. This check not only helps to reduce configuration errors, but it also simplifies the setup process. Supported configurations Blackberry Server and Exchange cannot be protected on the same machine. Exchange Exchange 2003 Exchange 2007 Source to target topology One to one Yes Yes Many to one No No One to many No No Cascaded (chained) No No Cluster support Cluster to cluster Yes Mailbox role only Cluster to standalone Yes Mailbox role only Standalone to cluster No No Application configurations 2000/2003 front-end server No N/A 2000/2003 back-end server Yes N/A 2007 consolidated roles N/A Mailbox role only 2007 distributed roles N/A Mailbox role only Domain topology Single forest Yes Yes Multiple forest No No 1-1

9 Exchange 2003 Exchange 2007 Parent/child Yes Yes Child/child Yes Yes For Exchange 2007, in a consolidated role environment only the mailbox role is protected. The Hub Transport and Client Access roles are not protected or failed over because they are already installed on the target. For Exchange 2007, replication and failover between a distributed role source configuration to a consolidated role target configuration is permitted, provided that the systems are configured as follows: The source Mailbox Server role is installed on a standalone server or MSCS cluster with the other roles residing on different servers. The target configuration is a stand-alone server with the Mailbox, Hub Transport, and Client Access roles installed. In these configurations, Storage Mirroring will not replicate any data associated with the Hub Transport/Client Access data; however, the target Hub Transport/Client Access roles function properly when failing over the source Mailbox role, allowing necessary operations to resume. Using the Application Manager with Exchange in clustered environments The Application Manager can be used in the following cluster configurations with Exchange 2003: Clustered source to standalone target Multi-node cluster to another multi-node cluster Multi-node cluster to a single-node cluster (requires GeoCluster PLUS) Single-node cluster to a multi-node cluster (requires GeoCluster PLUS) The Application Manager does not support configurations where Exchange and the domain controller are on the same node of a cluster. When using Exchange on a cluster, Exchange must be installed in its own uniquely named group and not in the cluster group. Like-named cluster support is only available for clusters running Exchange It is not available for Exchange SQL SQL Server 2000 SQL Server 2005 SQL Server 2008 SQL Express Source to target topology One to one Yes Yes Yes Yes Many to one Database mode only Database mode only Database mode only Database mode only One to many No No No No Cascaded (chained) No No No No Cluster support Cluster to cluster No Yes Yes No 1-2

10 Cluster to standalone Standalone to cluster SQL Server 2000 SQL Server 2005 No No No No No No No No Application configurations Named instance Yes Yes Yes Yes Database only Yes Yes (standalone only) SQL Server 2008 Yes (standalone only) Domain topology Single forest Yes Yes Yes Yes Multiple forest No No No No Parent/child Yes Yes Yes Yes Child/child Yes Yes Yes Yes SQL Express Yes Using the Application Manager with SQL in clustered environments The Application Manager can be used with SQL Server 2005 or SQL Server 2008 in a cluster-to-cluster environment. If you want to use SQL 2000 in a clustered environment, or if you have a cluster-to-standalone configuration, refer to one of the following application notes, available from Guidelines for using Microsoft SQL Server 2000 with Storage Mirroring Guidelines for using Microsoft SQL Server 2005 with Storage Mirroring SharePoint SQL 2000 SQL 2005 SQL 2008 Source to target topology One to one Yes Yes Yes Many to one No No No One to many No No No Cascaded (chained) No No No Cluster support Cluster to cluster No No No Cluster to standalone No No No Standalone to cluster No No No Application configurations WSS Yes Yes Yes MOSS 2007 Yes Yes Yes Domain topology 1-3

11 SQL 2000 SQL 2005 SQL 2008 Single forest Yes Yes Yes Multiple forest No No No Parent/child Yes Yes Yes Child/child Yes Yes Yes Application Manager for SharePoint supports only SQL instance mode protection. Database-only protection mode is not available. By default, Application Manager for SharePoint displays the Advanced options and automatically selects to failover Server Name and Hostname (SPNs). These two options are required to make SharePoint failover work correctly. Application Manager for SharePoint does not support graceful/soft failover. Only target web servers running a version of SharePoint that is identical to what is installed on the source web front-end can be extended into the source SharePoint configuration. The SharePoint Admin account used to install WSS 3 or MOSS 2007 on the source web front-end is required to extend a target web server into the SharePoint configuration. File server Windows 2003 Windows 2008 Source to target topology One to one Yes Yes Many to one No No One to many No No Cascaded (chained) No No Cluster support Cluster to cluster No No Cluster to standalone No No Standalone to cluster No No Domain topology Single forest Yes Yes Multiple forest No No Parent/child No No Child/child Yes, as long as the child domain has a DNS server. If the DNS server resides in the parent domain, then validation will fail. Yes, as long as the child domain has a DNS server. If the DNS server resides in the parent domain, then validation will fail. Application Manager for file severs does not support graceful/soft failover. 1-4

12 BlackBerry The Application Manager can be used to configure Storage Mirroring to provide high availability for BlackBerry Enterprise Server using a Microsoft SQL Server database back end. This allows a secondary server to assume the identity and role of a failed server while maintaining the availability of BlackBerry Enterprise Server and/or SQL Server services with minimal disruption or data loss. All versions Consolidated to consolidated Distributed to distributed Distributed to consolidated Supported Not supported Not supported Requirements The Application Manager will run from any client (or server) on any Microsoft Windows operating system that has access to the domain in which the servers are located. Storage Mirroring Application Manager should be run on a machine that is not a domain controller. Hewlett-Packard recommends that you run Application Manager from either a third administrative client that is running a supported operating system or from the Storage Mirroring target. If you attempt to run Application Manager on a domain controller, the following errors may occur: Application Manager could not verify credentials when connecting to the server x.x.x.x. Due to technical restrictions, credentials cannot be verified when used to connect to a local machine. GetWbemScope: Attempting connection to WBEM server (using specified credentials): x.x.x.x: <domain>\<user>: root\microsoftdns The Application Manager requires the following minimum system configuration: Two servers that meet one of the following operating system requirements: Microsoft Windows 2003 with Service Pack 1 or later Microsoft Windows XP with Service Pack 2 or later Microsoft Windows Vista Microsoft Windows 2008 Windows 2008 Server Core installation option is not supported. Microsoft Windows 2008 can only be used with the following application versions: Exchange 2007 SQL 2005 and SQL 2008 File Server SharePoint Two licensed copies of Storage Mirroring with the most recent Windows Server 2008 feature pack Storage Mirroring must be installed and running on the source and target servers. If the Storage Mirroring service is not installed or not running on source or target server, an error will appear. 1-5

13 A copy of the most recent version of the Storage Mirroring Application Manager The version of Storage Mirroring and Storage Mirroring Application Manager must be the same. See the Hewlett-Packard support website to obtain the most recent version of the Application Manager..NET Framework version 3.5 with service pack 1 or later. If you do not have.net Framework version 3.5 SP 1 installed, Application Manager will prompt you to install it Microsoft Installer version 3.0 or later (as required by the.net Framework version 3.5 SP 1) An active internet connection (required only during the Application Manager installation to download the Microsoft Admin Pack,.NET Framework, and/or SQL Server 2005 Backward Compatibility components containing the SQLDMO libraries) Alternatively, these packages are available on the Hewlett-Packard support website and can be downloaded to a different server, from which you can use an internal file share or removable media to copy the files to the Application Manager client. If you are using the Target Data Verification feature, you will need to install thevolume Shadow Copy Service SDK (Vshadow.exe) in the windows\system32 directory on the target server. This tool is available for download from the Windows Download Center on the Microsoft website ( The target must have drive letters that match the drive letters where the protected application stores data Application Manager does not support single-label DNS domain names (that is, domain names that do not include a suffix such as.com,.corp,.net, and so on) The program files for your application must be installed in the same location on the target and the source In addition, your environment must adhere to requirements specific to the application you are protecting. For additional requirements, see: Exchange requirements on page 1-6 SQL requirements on page 1-7 File server requirements on page 1-8 SharePoint requirements on page 1-8 BlackBerry requirements on page 1-9 Exchange requirements If you are using the Application Manager for Exchange, your system must meet the following requirements. Two licensed copies of Microsoft Exchange Server that meet one of the following requirements: Exchange Server

14 Exchange 2007 Hewlett-Packard recommends that the Exchange version be the same as the operating system version (for example, Windows Server 2003 running Exchange 2003). Only Exchange 2007 is supported with Windows Server The source and target servers must both be running a Microsoft-supported operating system/exchange combination. Both source and target Exchange versions must be identical. To perform target data verification, you must be using Exchange 2003 with service pack 1 or later. For Exchange 2007, Application Manager may be run on a workstation, provided that the Exchange 2007 Management Tools are installed prior to installing the Application Manager. To use the Application Manager for Exchange, Storage Mirroring must be running under the localsystem account. The client or server that is running the Application Manager must have access to the domain in which the Exchange servers are located. The source and target Exchange servers must be in the same root forest domain. The source and target servers must be part of the same Exchange Administrative Group. The target Exchange server cannot be a domain controller. The Exchange configurations on the source and target servers must be identical for the following components: Storage groups Location of storage groups (log and data files) Log file prefixes Database locations (log and data files) Message Transfer Agent (MTA) location Queue paths This requirement does not apply to like-named clusters. In a parent\child domain, at least one domain controller in the child domain must designated as a global catalog server. The Application Manager does not support configurations where Exchange and the domain controller are on the same node of a cluster. While installing Exchange Server 2003 on a domain controller is a supported operation, it is not generally recommended. Hewlett-Packard also does not recommend this configuration. If you must use Exchange Server 2003 on a domain controller, review the following Microsoft Knowledge Base articles: SQL requirements If you are using the Application Manager for SQL, your system must meet the following requirements. Two licensed copies of Microsoft SQL Server that meet one of the following requirements: SQL Server 2000 with Service Pack 4 or later 1-7

15 SQL Server 2005 SQL Server 2008 SQL Sever Express If you are using SQL Server, you will be prompted to download and install the Microsoft SQL Server 2005 backward compatibility components. This package includes the SQLDMO library, which is required to run the Application Manager. You should use the same version and service pack of SQL Server on both the source and target servers. Exceptions would be that in Database Only protection mode you may use a newer version of SQL Server on the target server or have a 32-bit source and a 64-bit target to perform a failover (for instance, when using Application Manager to facilitate a migration from SQL Server 2000 on the source to SQL Server 2005 on the target, or to migrate data from a 32-bit source to a 64-bit target). You cannot failback when using different versions of SQL Server on the source and target. To enable the Application Manager to work with MSDE (SQL Express 2000) and SQL Server 2005 Express, Named Pipes and TCP/IP need to be added to the Enabled Protocols. By default, these are disabled. They must be enabled to accept remote connections. For MSDE, you must run the svrnetcn.exe command, which is located in the C:\Program Files\Microsoft SQL Server\80\Tools\Binn directory. For SQL Server 2005 Express, you must launch the SQL Server Configuration Manager, expand SQL Server 2005 Network Configuration, and for Protocols for MSSQLSERVER enable Named Pipes and TCP/IP. To use the Application Manager for SQL, the user logged on to Windows must be a member of the SQL Server sysadmin role on the source and target servers. The source and target SQL servers must be in the same domain; otherwise, the SQL Server service on both the source and target servers must be configured to start with the same domain user account. In order to protect SQL named instances, both the source and target SQL Servers must have named instances with the exact same name installed prior to configuring protection. File server requirements If you are using the Application Manager for file servers, your system must meet the following requirement. Two licensed copies of Storage Mirroring 5.0 with the latest service pack Hewlett-Packard strongly recommends that the target server be a dedicated standby server which does not host any critical applications. During failback for file servers, the Server service is re-started, which could also re-start any dependent services. File server protection is currently only supported in a flat domain. SharePoint requirements If you are using the Application Manager for SharePoint, your system must meet the following requirements. Windows SharePoint Services (WSS) version 3 WSS 3.0 service pack 1 is required for Windows Microsoft Office SharePoint Server (MOSS) 2007 MOSS 2007 service pack 1 is required for Windows

16 SQL Server 2000, SQL Server 2005, or SQL Server 2008 back-end SharePoint protection is currently only supported in a flat domain. Windows Firewall You will need to open port 6350 for Sharepoint communication. BlackBerry requirements If you are using the Application Manager for BlackBerry, your system must meet the following requirements. Licensed copies of Microsoft SQL Server that meet one of the following requirements: SQL Server 2000 with Service Pack 4 or later SQL Server 2005 SQL Express If you are using SQL Server, you will be prompted to download and install the Microsoft SQL Server 2005 backward compatibility components. This package includes the SQLDMO library, which is required to run the Application Manager. You should use the same version and service pack of SQL Server on both the source and target servers. The only exception would be that you may use a newer version of SQL Server on the target server to perform a failover while in Database Only protection mode (for instance, when using Application Manager to facilitate a migration from SQL Server 2000 on the source to SQL Server 2005 on the target). You can NOT failback when using different versions of SQL Server on the source and target. Licensed copies of BlackBerry Enterprise Server for Microsoft Exchange versions through Licensed copies of Microsoft Exchange Server that meet one of the following requirements: Hewlett-Packard recommends that the Exchange version be the same as the operating system version (for example, Windows Server 2003 running Exchange 2003). The source and target servers must both be running a Microsoft-supported operating system/exchange combination. Both source and target Exchange versions must be identical. To perform target data verification, you must be using Exchange 2003 with service pack 1 or later. Related documentation Before you begin to configure your solution, make sure that you have complete documentation for your operating system, application, and Storage Mirroring. User s guide The following document(s) contain additional information that you may need while setting up this solution: Storage Mirroring User s Guide or online documentation The Storage Mirroring User s Guide contains a list of Storage Mirroring error codes. This reference is useful for troubleshooting. 1-9

17 Application notes While the Application Manager greatly simplifies the process of configuring your application for use with Storage Mirroring, Hewlett-Packard recognizes that in some environments a manual process for application configuration is more desirable. However, the manual process is much more time consuming and labor intensive. Hewlett-Packard has application notes which provide guidelines on using manual processes to configure your application with Storage Mirroring. To obtain application notes for the manual process for Exchange configurations, you must contact Hewlett-Packard technical support. Current contact information for technical support is available at Application notes for other applications are available for download from the Application Notes page of the Hewlett-Packard support web site ( Readme files The following readme files contain additional reference information related to the Application Manager: Readme_Application_Manager.htm The readme file contains information about known issues and workarounds in the current release of the Application Manager. Readme_DFO.htm The DNS failover utility (DFO.exe), which is called in the failover scripts, automatically updates DNS resource records in order to seamlessly redirect network clients. The DFO readme file documents DFO syntax, known issues, and workarounds. The readme files can be found in the folder where the Application Manager is installed (the default installation location is either \Program Files\Storage Mirroring\ or \Program files\application Manager). 1-10

18 Navigating the user interface The Application Manager interface is designed to guide you through the process of configuring protection for your servers. The default configuration parameters have been selected to be appropriate for most configurations; however, you may need to modify them for your specific environment. Any changes you make to non-machine specific configuration settings (such as Missed Packets) will become the default the next time you run the Application Manager. When you launch the Application Manager and select an application to protect, you will see the main Application Manager window. The Setup tab of the Application Manager window leads you through the steps to configure protection for a server using standard Windows-style controls. Enter information in fields, select options from drop-down menus, click buttons, and use menu options to configure protection. After protection has been set up, use the Monitor tab to view information about the current source/target pair. Based on the current protection status and/or failover state, the Failover, Monitoring, and Protection button text on the Monitor tab will be updated to display the available command. If the Application Manager is not in a state that will allow any of these options to be executed, the corresponding button(s) will be grayed out (disabled). The interface provides tooltip-style online help. When you place the pointer over a field in the Application Manager, a tooltip will appear to provide additional information about the field. Install the Application Manager If you have not done so already, install the Application Manager by running the Application Manager installation file downloaded from the Hewlett-Packard support website or from your installation media. If you install.net during the Application Manager installation, you may be required to reboot your system prior to the installation of Application Manager. After the reboot, the installation should continue. When the installation autorun file is launched, the Application Manager will detect the platform that the server is running on (that is, whether it is on 32-bit or 64-bit). When you select Install Application Manager, the correct version of Application Manager will be installed automatically. On 32-bit systems, if Storage Mirroring is installed before the Application Manager is installed, then the Application Manager will be installed to the same location as Storage Mirroring. If the Application Manager is installed before Storage Mirroring, then the Application Manager will be installed to the \Application Manager directory that is created. On 64-bit systems, Storage Mirroring is installed to the Program Files directory (not \Program Files <x86>). When the Application Manager is installed, the Application Manager will be installed to the \Program Files folder where Storage Mirroring resides. If the Application Manager is installed before Storage Mirroring, then the Application Manager will be installed to \Program Files\Application Manager. If Storage Mirroring is subsequently installed, it will be in a separate directory (that is, the Application Manager will be installed to \Program Files\Application Manager and Storage Mirroring will be installed to \Program Files\Storage Mirroring). For the initial setup, the Application Manager only needs to be installed on one system. For managing failover and failback, the Application Manager should be run from either the target server or an administrative workstation. 2-1

19 The Application Manager installation uses an active internet connection to download the Microsoft Admin Pack and SQL server backward compatibility (SQLDMO) files. In addition, if you do not have.net Framework version 3.5 SP1 installed, you will be prompted to install it. Microsoft Installer version 3.0 or later is required to install the.net Framework. Alternatively, these packages are available on the Hewlett-Packard support website and can be downloaded to a different server, from which you can use an internal file share or removable media to copy the files to the Application Manager client. Start the Application Manager Launch the Application Manager by selecting Start, Programs, Storage Mirroring, Application Manager. The Application Manager will open. If you have not yet set up protection, the window will show the Welcome screen. You can protect servers for a different application by selecting one of the following options in the Tasks area on the left pane: Protect Exchange Server To protect an Exchange server, click this option. The right pane will display the Manage Exchange page, which will lead you through the steps to protect an Exchange server. Continue with Protecting an Exchange Server on page 3-1. Protect SQL Server To protect a SQL server, click this option. The right pane will display the Manage SQL page, which will lead you through the steps to protect a SQL server. Continue with Protecting a SQL Server on page 5-1. Protect File Server To protect a file server, click this option. The right pane will display the Manage File Server page, which will lead you through the steps to protect a File server. Continue with Protecting a File Server on page 6-1. Protect SharePoint Server To protect a SharePoint server, click this option. The right pane will display the Manage SharePoint Server page, which will lead you through the steps to protect a SharePoint server. Continue with Protecting a SharePoint Server on page 7-1. Protect BlackBerry Server To protect a BlackBerry server, click this option. The right pane will display the Manage BlackBerry Server page, which will lead you through the steps to protect a BlackBerry server. Continue with Protecting a BlackBerry Server on page

20 Menu options Based on the current protection status and/or failover state, the Protection, Monitoring, and Failover/Failback menu options will be updated to display the available commands. If the Application Manager is not in a state that will allow any of these options to be executed, the corresponding menu option(s) will be grayed out (disabled). The following menu options are available on the main Application Manager window: File menu New Start a new application server protection Exit Exit the Application Manager Tools menu Options Modify Application Manager preferences and clear cached credentials Delegate Rights (Exchange Only) Assign Exchange administrative rights to an account Actions menu Configure Protection Launch the Configure Protection dialog box Validate Validate the source/target configuration Enable/Disable Protection Enable or disable protection for the source server Enable/Disable Monitoring Enable or disable failover monitoring for the source server Failover/Failback Initiate manual failover or failback View source DFO log Launch a viewer to examine the log file generated by the dfo.exe utility on the source server View source ExchFailover log (Exchange only) Launch a viewer to examine the log file generated by the exchfailover.exe utility on the source server View target DFO log Launch a viewer to examine the log file generated by the dfo.exe utility on the target server View target ExchFailover log (Exchange only) Launch a viewer to examine the log file generated by the exchfailover.exe utility on the target server Manage SQL Servers (SQL and SharePoint only) Extended options for selecting SQL servers and testing SQL services on those servers. This is the same window that is displayed when you click the Advanced Find button on the SQL Manager or Sharepoint Manager main page. Verify Target Data (Exchange and SQL only) Verify that the target stores (for Exchange) or databases (for SQL) will mount with the replicated data without forcing a re-mirror Restore PF Tree (Exchange only) Add the target back to the PF list to which the source belongs This option is only available when Application Manager is running in the Advanced context. Manage Snapshots Launch the Snapshot Manager. Help menu View Welcome Page Return to the initial Application Manager screen, from which you can check for product updates or access the Hewlett-Packard website View Online Help Launch the Application Manager online help View User s Guide Launch the Application Manager User s Guide PDF About View the Application Manager revision number and copyright information 2-3

21 Change Application Manager preferences To change display preferences for the Application Manager, select Tools, Options. The Options dialog box will appear. 1. In the Service Listen Port field, enter the value for the Storage Mirroring port to be used for Application Manager communication. The default port is The Storage Mirroring Application Manager Service Listen Port must be the same as the Storage Mirroring Service Listen Port on both the source and target servers. You can also change the port through the Storage Mirroring Management Console. 2. To specify the rate at which the Application Manager updates the protection status, clear the Enable automatic adjustment of refresh interval checkbox, then enter the desired Refresh Interval. You can enter a value between 1 and 30,000 seconds. 3. If you want the refresh interval to be updated automatically, select the Enable automatic adjustment of refresh interval checkbox. If the Application Manager appears to be running slowly, it may be because the refresh interval is set to a long interval. Set a shorter refresh interval and make sure that the automatic adjustment option is not selected. 4. In the Maximum log file size field, enter the maximum size for the dtam.verbose.log file. When the maximum size is reached, the dtam.verbose.log file is renamed to dtam.verbose.prev.log and subsequent actions are logged to a new dtam.verbose.log file (Default = 1 MB). 5. Select the Enable verbose logging checkbox to have all user interactions with Application Manager logged to the dtam.verbose.log file (Default = selected). 6. Select the Always show protection details checkbox to have the Protection Details section on the Monitor tab expanded by default. 7. Select the Display statistics values in bytes checkbox if you always want to show the values on the Protection Details section on the Monitor tab values in bytes, rather than in MB, GB, or TB. 8. Select the Load last selected server upon startup checkbox to automatically reconnect to the last protected source/target pair when Application Manager is re-started. 2-4

22 9. Select the Enable Alternative DNS checkbox to launch Application Manager in \Altdns mode the next time it is opened. For more information, see Using a non-microsoft DNS Server on page D Select the Display Advanced Options checkbox to launch Application Manager in \Advanced mode the next time it is opened. 11. Click the Clear Cached Credentials button to clear the cached user name and password. 12. Click OK to save your changes, or Cancel to discard your changes and exit the Options dialog box. Using the online help To view additional information about a task in the Application Manager interface, from the Help menu, click View Online Help. This will launch the online help file in your internet browser. To search for information about a topic, use tabs on the left pane: The Contents tab provides a table of contents for the help file. Click a topic to view the topic in the right pane. The Index tab provides a list of terms. Click on a term to view the help topic(s) that include that term. The Search tab allows you to enter a word or words. When you click the Search button, a list of all topics that include that term appears. Click on the topic title to view the topic. While viewing the online help and readme (.htm) files in Internet Explorer, a message may appear stating that Internet Explorer has restricted the file from showing active content. You can disable this setting by modifying your Internet Explorer security settings. 1. In Internet Explorer, select Tools, Internet Options. 2. On the Advanced tab, scroll down to the Security section. 3. Enable Allow active content to run in files on My Computer. 2-5

23 Protecting an Exchange Server To configure protection for your Exchange servers, you will complete the following steps: 1. Install Exchange on the source server and apply any Exchange service packs or patches. Use the default installation options for Exchange. 2. Install Exchange on the target, placing it in the same Exchange organization as the source and verifying that the installation location for the target is the same as the source. Apply any Exchange service packs or patches. Use the default installation options for Exchange with the following considerations: The target must be a unique installation (that is, two Exchange servers must be available for a protection pair) Logical drive mapping must be the same on the source and target, and must assigned prior to running the Application Manager 3. Install Storage Mirroring on the source and target Exchange servers. See the Storage Mirroring Getting Started guide for more information. 4. Install the Application Manager on page Verify the Exchange environment (recommended) on page Select a task on page Select a domain on page Select source and target servers on page (Optional) Configure protection settings on page Validate the Configuration on page 9-1 To protect your Exchange server, you will complete the following steps: 1. Enable protection on page Monitor protection status on page 10-2 In the event of a failure, you will need to perform some additional tasks. These tasks are described in Failover, Failback, and Restoration on page If you need to protect any data that is stored on a non-mailbox server role (for example, SMTP queue data), you will need to configure protection for that data separately. In addition, you may need to manually update the DNS setting for the client access server to point to the target site. Verify the Exchange environment (recommended) Before you use Application Manager, complete the following tasks to verify that the environment is properly set up. 1. With both Exchange servers online, use Active Directory Users and Computers to move an existing user from the source to the target and then back to the original source. 2. Verify that you can create a new user on the target. 3. To verify connectivity, create an Outlook profile for the new user on a client machine and connect to the target. 3-1

24 Select a task To protect an Exchange server, open the Application Manager (Start, Programs, Storage Mirroring, Application Manager), then on the Tasks area on the left pane, select Protect Exchange Server. The Manage Exchange page will appear in the right pane. Make sure that the Setup tab is in view. You can also launch Application Manager for Exchange by using the command line /exchange option (dtam /exchange). Select a domain The Domain Name on the main window will be populated automatically with the root domain where the Application Manager client resides. This is necessary for Application Manager to gather Exchange information from the Configuration container. If you want to change the domain, type in a domain name for a trusted root domain that the Application Manager client can connect to, then press Tab or click on another field. If the domain you entered doesn t exist or you do not have the credentials to modify Active Directory for the new domain, the Domain Login window will appear. You will be prompted to enter the domain name, user name, and password to use for logging in to the domain. Domain names must include a suffix, such as.com,.corp, or.net. The user account should have administrator permissions. For more information about configuring permissions, see Recommended Credentials on page A

25 You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format NetBIOS domain name\username or username. If you enter a non-qualified name, the default domain will be used. When the Application Manager launches, it selects the forest root automatically. The domain that is entered MUST be the root of the forest domain, since this is where all Exchange server objects reside (even if the Exchange server is a member of a child domain). Select source and target servers The Application Manager will automatically attempt to populate the Source Server and Target Server lists with any servers in the specified domain that are running Exchange. If you select a source/target pair for which you have previously enabled and disabled protection, you may use the existing configuration settings (provided that the source/target connection is not currently active, in which case the existing settings will always be used). When you select Configure or Validate, a prompt wil appear asking if you want to re-use the previous configuration information. Click Yes to re-use the previous information, or click No to revert to the Application Manager default settings. If the IP address(es) for the source or target server have changed since you originally configured protection (for example, if you configure the source or target in a staging area and then send it to a production location), you must re-configure the protection settings. When you are prompted to re-use the previous protection configuration, click No, then click the Configure Protection button. 1. In the Source Server field, select the Exchange server that you want to protect. If this is your first time to log in to the selected server, you will be prompted to enter server login information. For more information about logging in to servers, see Enter server login information on page 3-4. You cannot protect a server if it is already functioning as a target server. If you attempt to select a source that is currently unavailable, a prompt will appear stating that the source is not available and that if the source is failed over, you should first select the target. If you select the target, then select the source (as recommended in the prompt), the same prompt appears (though you would expect to get a prompt to failover). The ability to failover using the Application Manager will not be available until a failover condition has been met in accordance with the failover monitor settings set on the Monitoring tab. 2. In the Target Server field, select the backup Exchange server that will protect the source server in the event of a failure. The target must be in the same Exchange admin group as the source. 3-3

26 Notice that after the source and target servers are selected, the Protection Status on the Monitor tab changes to Unprotected. If you select a target that is monitoring a connection that has met a failover condition and requires manual intervention, a prompt will appear asking if you want to initiate failover. Enter server login information After you select a server for the first time, you will be prompted to enter a user name and password to use for logging in to the selected server. The login account MUST be a member of the Storage Mirroring Admin local security group for the selected server. For more information about permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used. Entering the credentials for the logged-on user may be valid. The Application Manager will attempt to use the same user name and password the next time you select a server. Using clustered Exchange servers Exchange virtual servers (EVS) are selectable in the same way as physical servers; however, physical servers that are members of a cluster (called a node ) are not shown in the server drop-down list. For more information about setting up protection for a cluster with a like-named cluster, see Protecting an Exchange Cluster with a Like-Named Cluster on page 4-1. Configure protection settings If you do not need to change the configuration settings, continue with Validate the Configuration on page 9-1. If you have already enabled protection for a connection and need to change the configuration parameters, you will first need to disable protection as described in Disable protection on page To change the default configuration parameters, click Configure from the main Application Manager window, or select Actions, Configure Protection from the menu. The Configure Protection window will appear. The Configure Protection window has tabs for configuring failover, connection, and advanced settings. The following sections describe the options on each of these tabs. 3-4

27 Failover settings The Failover tab includes options that will be applied during Exchange failover. Failover type Failover Type indicates what name resolution method will be used to redirect users to the target Exchange server in the event of a source failure. By default, DNS Failover is selected. For clustered environments, only DNS failover is supported. DNS failover DNS Failover is the recommended method for failover. Use this option if you want to failover by updating the DNS records associated with the source. This will modify all source server A, MX, and PTR-type DNS resource records to point to the target. In DNS Failover, the DNS records for the source server are modified to point to the target server s IP address. This allows clients to resolve the source Exchange server name to the target server s network name and IP address atfailover time. DNS Failover eliminates duplicate server name and IP addresses on your network. 3-5

28 After you select the DNS Failover option, click Configure. The Configure DNS Failover window will appear. Configure the following information for DNS failover: 1. To add additional DNS server IP addresses, type the IP address into the DNS Server field, then click Add. 2. The list box under the DNS Server field contains all DNS IP addresses for the source and target servers. The label after the DNS IP address indicates whether the DNS IP address belongs to the source, target, or both. To remove an IP address from the DNS server list, select the IP address, then click the Delete button. 3. In the Source IP column, select the checkbox next to the source IP address(es) to be monitored for failover. 4. In the Target IP column, select the target IP address to be used when failover occurs. If one or more IP addresses are configured for the SMTP virtual server on the target, the first IP address will be the default target IP address for all source IP addresses. If the target is monitoring multiple source IP addresses for failover, each monitored source IP address must be mapped to a unique target IP address. 5. To specify the value the Application Manager will establish for Time to Live (TTL) on the source s affected DNS records, select the Update TTL checkbox, then enter the desired update interval (in seconds). The default is the current TTL of the source s A records. The recommended value is 300 seconds (5 minutes) or less. 6. In the Username field, enter the user name that will be used to access/modify DNS records. The login account MUST be a member of the DNSAdmins group for the domain in which the DNS server resides. For more information about permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used by default. The domain name is obtained from the DNS server name, provided that reverse lookup in DNS is enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. 3-6

29 7. In the Password field, enter the password that will be used to access/modify DNS records. 8. Click the Test button to validate that DNS failover is configured correctly for the selected DNS server(s) and that the specified credentials are sufficient to update DNS. 9. When the DNS configuration is complete, click OK to save your entries and return to the Configure Protection window. If you are running Windows Server 2000 on the primary DNS server hosting zones or domains that contain source and/or target resource records, you must have the DNS WMI Provider installed on that DNS server. The Dynamic updates setting for the DNS zone should be set to Secure only. Otherwise, you must disable dynamic registration on the source server in order to prevent the source from reclaiming its DNS record. If a hosts file entry for the source server exists on the client machine, errors may occur during a failover and failback. Reverse lookup in DNS should be enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. DNS registration for the private (devoted to Storage Mirroring) NIC IP should be disabled. If your Exchange server is using a public IP address to receive , you will have to change the public advertised DNS MX record to reflect the target IP. Consult your service provider for instructions. To allow external to be delivered to the target server when the source is unavailable, you should create an additional external MX record for the target server. The target MX record should have a lower priority than the source. Refer to your router or firewall documentation for more information. For more information about using the DNS Failover utility, access the dfo.exe help by typing dfo.exe /? from a command prompt. In order to set the primary DNS server with which the Application Manager will communicate during failover, you must launch Application Manager using the command line /exchange /advanced option (dtam /exchange /advanced). When launched in the Advanced context, the Client DNS Server field will appear on the Configure DNS Failover window. Use the Client DNS Server field to select the primary DNS server. Identity failover Select this option if you want to failover by transferring the source IP address and name to the target. When using identity failover, it is possible that a name and/or IP address conflict can occur either during failover or when the original source server comes back online. To avoid this conflict, use DNS Failover. Identity failover is not supported in clustered environments. Application Manager cannot be used for failover or failback when the Identity failover method is selected. However, the Failover Control Center can still be used to initiate failover. DNS failover reduces downtime and provides other benefits. It is recommended for most environments. In Identity Failover, the target s physical identity is modified to match the source during a failover. This includes the target adopting the source server s name, primary IP address, and drive shares during a failover. Identity failover may be required in the following situations: Access to the domain controller or DNS server is not available (for example, due to permissions) from the account that Storage Mirroring runs under on the source/target servers. If you determine that the time it takes to propagate the necessary DNS or Active Directory changes to the rest of your environment is not acceptable. The time needed to propagate these changes depends on your Active Directory Replication and DNS server settings. If you have client applications that are configured to connect to an IP address rather than a server name. 3-7

30 After you select the Identity Failover option, click Configure. The Configure Identity Failover window will appear. Enter the following information for Identity failover: 1. In the Source IP column, select the source IP address(es) to be monitored for failover. 2. In the Target NIC column, select the target NIC to be used when failover occurs. 3. The Target IP Addresses area displays the IP address(es) of the selected target NIC. 4. Select the IP Address checkbox if you want the specified source IP address to be monitored (Default = selected). If your source and target servers are on different subnets, you should NOT failover the IP address. Instead, if the server name is required you should choose DNS failover with the Advanced switch and select the Server Name. For more information, see Advanced settings on page Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = NOT selected). 6. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = NOT selected). 7. Select the Active Directory Hostname (SPNs) checkbox to remove the host SPN (Service Principle Name) from Active Directory for the source automatically and add it to Active Directory for the target during failover (Default = NOT selected). You should NOT select this option when using Exchange. 8. Click OK to save your entries and return to the Configure Protection window. Services Application Manager will determine the appropriate Exchange services to start/stop based on your operating system/exchange configuration. You should only modify this selection if there are additional services that need to be started along with Exchange during the failover/failback process. 3-8

31 Modifying the default configuration for services may affect whether data can be successfully replicated. Do not modify the services to start/stop unless you are very familiar with Storage Mirroring and Exchange. 1. To add a service, click Add. The Add Service window will appear. 2. Select the Service name from the drop-down box, then click Add; or, type the name of a service, then press Enter. 3. If available, select the Service must be stopped on target checkbox. Most services must be stopped on the target for replication to occur properly. 4. When you are finished entering services, click Close to return to the Failover configuration window. 5. To remove a service, select one or more services, then click Remove. You can only remove services that you added manually using the Application Manager. 6. Services will be started in the displayed order (top-to-bottom starting with the left column) and shutdown in reverse order (bottom-to-top starting with the right column). To re-arrange the order in which services are started/stopped: a. Add any additional services. b. Select a service in the list, then use the up and down arrow buttons to move the service to the appropriate position in startup/shutdown order. Resources (cluster only) If you are using clustered Exchange servers, you will select resources instead of services to bring online and offline during failover. The Resource selection works exactly like the service selection functionality. If you are using Exchange in a cluster-to-standalone configuration and have selected a source cluster server, a button will appear in the Services/Resources area, allowing you to toggle between services to start/stop on the target, and Resources to start/stop on the source. 3-9

32 Monitor settings The Monitoring tab includes options for configuring how you want to monitor the source server for failure. Configure how you want to monitor the source server for failure. 1. Select the Active Monitoring Enabled option to enable or disable failover for the selected source/target pair. 2. By default, Manual Intervention Required is selected. Manual intervention allows you to control when failover occurs. When a failure occurs, a prompt appears and waits for you to initiate the failover process manually. Disable Manual Intervention Required only if you want failover to occur immediately when a failure condition is met. 3. In the Method to monitor for Failover field, select the ping method to use when monitoring source IP addresses. Network Access (ICMP) Storage Mirroring failover uses ICMP pings to determine if the source server is online. If a network device, such as a firewall or router, between the source and target is blocking ICMP traffic, failover monitors cannot be created or used. Replication Service (UDP) The Storage Mirroring service on the target server sends a ping-like UDP request to the source Storage Mirroring service, which replies immediately to confirm it is running. This method is useful when ICMP is blocked on routers between the source and target. 4. Configure how long to wait after a source failure to initiate failover. The amount of time before failover begins is calculated by multiplying the Monitor Interval by the Missed Packets. For example, if the Monitor Interval is set to 5 seconds and the Missed Packets setting is 5, a failover condition will be identified after 25 seconds of missed source activity. In a cluster environment, make sure to include a cushion to account for the time it takes for the EVS to failover between nodes. Setting values too low will cause the Application Manager to assume the source cluster has failed and will indicate that a failover condition has been met. a. In the Monitor Interval field, select how often the monitor should check the source machine availability (Default = 5 seconds). b. In the Missed Packets field, select how many monitor replies can be missed before assuming the source machine has failed (Default = 5 missed replies). 5. If you are monitoring multiple IP addresses, select one of the Failover Trigger options. All Monitored IP Addresses Fail Failover begins when all monitored IP addresses fail. One Monitored IP Address Fails Failover begins when any of the monitored IP addresses fail. 3-10

33 Application Monitoring (BETA) By default, application monitor settings are not available in this release of the Storage Mirroring Application Manager. Application monitoring is only available when you launch Application Manager using the command line /exchange /advanced option (dtam /exchange /advanced) WARNING: This feature is currently BETA and should not be used in production environments. 1. If you select the Enable Application Monitoring checkbox, the remaining fields in Application Monitor Settings area will be enabled. A message box will appear, asking you to confirm that you want to use this BETA feature. To continue, click OK. Application monitoring is not available when dealing with a cluster. 2. In the Monitor Interval field, enter the interval (in seconds) at which you want to check application health. 3. In the Error Threshold field, enter the number of consecutive errors that can be received before an error alert appears. 4. In the Type of Monitoring area, select one of the following options. Built-in Monitoring Points Use the default monitoring options. Custom Script Launch a batch file to check application health. Either type the name of the script, or click Browse to locate a script. If you select Custom Script, you will also need to designate whether to use.ps1 (PowerShell) or.vb (VisualBasic) as the Script Engine. Make sure you select the appropriate engine for your script type. An example script that you can use as a basis for creating your custom script is included in the \Samples subfolder where the Application Manager is installed. 5. In the Username field, enter the fully-qualified user name that will be used to run WMI scripts. The fully-qualified user name must be in the format domain\username or username@domain. The required credentials for running WMI scripts is full WMI access to the CIMV2 namespace. Under Windows 2008, the supplied credentials must also be allowed through DCOM and User Access Control. It is recommended that a group be created for running scripts, and that the required permissions be given to the group. By default, the administrative group of a Windows 2008 machine has full WMI access. However, DCOM and User Access Control settings may need to be adjusted. 6. In the Password field, enter the password for the specified user account. 7. Click the Test button to validate that the specified credentials are sufficient to run WMI scripts. 3-11

34 8. (Optional) Click the Clear Cached Credentials button to clear the cached user name and password. Snapshot settings The following allow you to set up snapshots of your target data that can be used when failing over. By default, snapshots are not enabled in the Application Manager. 1. To enable snapshots, select the Enable periodic snapshots checkbox. This will enable the remaining controls. 2. In the Snapshot interval field, select the interval at which you want to perform snapshots (in minutes). The minimum interval is 15 minutes. 3. Select one of the following options for when to begin collecting snapshots: Start now Select this option to take the first snapshot as soon as protection is enabled. Start at Select this option to start taking snapshots at a future time. If you select this option, you will also need to enter a date and time. 4. When you are finished, click OK. 3-12

35 Connection settings The Connection tab includes options that will be applied to the specified source/target connection. Route This setting identifies the Target IP Address that the Storage Mirroring data will be transmitted through. You should only change this setting if you want to select a different route for Storage Mirroring traffic. On a machine with more than one NIC, this increases the flexibility of configuring Storage Mirroring activity. For example, you can separate regular network traffic and Storage Mirroring traffic on a machine. The default ports will be used. In a cluster, the route should be set to the name of the Exchange virtual server (EVS) dependent IP address. Protected Storage Groups The Protected Storage Groups area displays the storage groups, mailbox, and public folder stores. Select the Exchange storage groups that you want to protect. By selecting individual storage groups to protect, you can reduce the amount of data being replicated and filter out storage groups that do not need to be protected or failed over. Only the users associated with the selected storage groups will be failed over. By default, all storage groups are selected for an Exchange source. The replication set that the Application Manager generates will include the directories and files needed to protect the selected storage groups. It is recommended that you protect all storage groups. If you do not select all storage groups, you should make sure that other backups are available from which to recover the storage groups that are not failed over. Hewlett-Packard recommends that you place all query-based distribution groups in a single organization container and give the target server full control rights to the container and all child objects. You can also select non-application specific data under the Volumes folder. If Override Generated Rules is selected on the Advanced tab, this control will be disabled. 3-13

36 To refresh the tree view to show new source directories or files that may have been added or removed, select the logical node, then click the Refresh button. If a node in the volumes branch is selected, then the items under that node will be refreshed. Mirror type The following options specify what files you want sent from the source to the target during a mirror. Full Copies all of the directories and files in the replication set to the target machine. If a mirror has already been completed, another full mirror will overwrite the data on the target. Checksum (Default) This option performs a checksum comparison calculation. A checksum calculation is a formula applied to blocks of data to determine if the binary make-up of the block is identical. If the checksums on the source and target machine are the same, the block is skipped. If the checksums on the source and target machine are not the same, the block on the source is sent to the target. With this option, the entire file is not overwritten; only the block that is received from the source is overwritten. The Mirror type setting also applies to the restoration connection. Enable compression This setting enables compression of data that is transmitted from the source to the target. Significant improvements in bandwidth utilization have been seen in Wide Area Network (WAN) configurations or in any case where network bandwidth is a constraint. Compression may be used in LocalArea Network (LAN) configurations, though it may not provide any significant network improvements. You can specify compression for different source/target connections, but all connections to the same target will have the same compression settings. By default, compression is disabled. To enable it, select Enable Compression, then set the level from minimum to maximum compression. Advanced settings The Advanced tab includes advanced configuration options. 3-14

37 Replication set rules A replication set defines what directories/files are to be protected by Storage Mirroring. By default, Application Manager selects all of the necessary directories/files to protect Exchange based on your source server configuration. These include all storage groups (system and log files), each database store (mailbox and public folder system and log files), Message Transfer Agent (MTA) files, and SMTP queues (pickup path and queuepath). By default, the Application Manager-generated replication set will be named xdag01_<source server name>_<target server name>. You should only modify the replication set rules if there are additional directories/files specific to your configuration that must also be protected with Exchange. Modifying the default configuration for replication set rules may affect whether data can be successfully replicated. Do not modify the replication set unless you are very familiar with Storage Mirroring and Exchange. If you want to protect the Badmail folder, you will need to manually add it to the replication set as described in this section. To change the replication set rules: 1. Select the Override Generated Rules checkbox. When this box is selected, the Protected Storage Groups control on the Connection tab will be disabled. For more information, see Protected Storage Groups on page To add a replication set rule, click Add. The Add Repset Rule dialog box will appear. 3. In the Rule Path field, type the directory that you want to protect or exclude. 4. In the Include/Exclude area, select whether to include or exclude the path from the replication set. 5. In the Recursive area, select whether the directory should be recursive (protecting all sub-folders under the directory) or non-recursive (protecting only the files in the directory). 6. Click Add. 7. When you have entered all of your replication set rules, click Close to return to the Advanced configuration tab. You will need to manually verify that the rule path is correct since the Application Manager does not validate rule paths. 8. To remove a rule, select one or more rules, then click Remove. Removing rules that were automatically added by Application Manager could impact the success of failover. Any changes to rules should be thoroughly tested. 9. To reset the rules to the auto-generated rules and to re-enable the Protected Storage Groups control, remove the selection from the Override Generated Rules checkbox. 3-15

38 Failover/failback scripts Scripts are executed at different points during the failover/failback process to perform the actions necessary to make Exchange available on the appropriate server. Scripts perform steps such as starting/stopping services, modifying mailbox values in Active Directory to point users to the appropriate server, and modifying DNS entries on the DNS server to point users to the appropriate server. Editing scripts is an advanced feature. Do not edit scripts unless you fully understand what each command is doing. Any manual edits to the failover/failback scripts should be made carefully and tested prior to deployment in order to make sure that the changes are correct. If you remove the /username entry from the DFO command line in the PostFailover script, DNS failover will fail. Scripts are automatically generated by Application Manager during configuration. The scripts are copied to the Storage Mirroring installation directory on the specified server using the administrative share for that server s drive. Script File name Description Failover Failback Restore Post_failover_<source>_<target>.txt Pre_failback_<source>_<target>. txt Post_restore_<source>_<target>. txt A post-failover script is executed after the core failover processes have completed on the target server. The primary functions of the post-failover script are to start the services on the target and to modify DNS and Active Directory entries as necessary. A pre-failback script is executed before failback processing occurs on the target server. The primary functions of this script are to stop services on the target and to move DNS and Active Directory entries as necessary. A post-restore script is not executed automatically, though it is provided on the source to perform actions that are generally required after data has been restored from the target to source after a failover/failback. The primary function of this script is to restart services on the source server and rehome the public folders hosted on the source server. The post-restore script must be run from the source server. By default, Application Manager generates all the required scripts for you automatically based on your system configuration. You can also edit the scripts to add, modify, or delete specific commands. To edit a script: 1. Click on the button for the script you want to update. The script file will be displayed using your machine s default editor. 2. Enter your changes. 3. Save the script file. Any change you make to the script in the editor will be copied to the appropriate server when configuration changes are accepted, thus overwriting any changes that have been made outside the Application Manager. The scripts can be overwritten by certain operations during setup. For example, any changes to configuration options done in the Application Manager will overwrite previous script changes. If you want to make permanent changes to a script, you must modify the appropriate.txt file within the Application Manager installation directory. If there is more than one client machine that will be configuring failover, the change must be made to all the appropriate.txt files. 3-16

39 Before running Application Manager multiple times (for example, when re-enabling protection after a failover/failback), save a copy of your post-restore and pre-failback batch files. After Application Manager executes, replace the default script file(s) with the customized file(s) that you saved. Force AD replication (Default = selected) When selected, replication is initiated from the domain controller with which the source or target server communicates. This will be done each time the Exchange Failover utility (exchfailover.exe) is executed from within the failover/failback scripts. For more information about using the Exchange Failover utility, see Using the Exchange Failover (EFO) Utility on page G-1. Disable Force AD Replication if you do not want Active Directory changes to be replicated. In the Max wait time for AD replication field, enter the maximum time you want to wait for Active Directory replication to complete before continuing on with the failover/back process. The default is 30 minutes. The wait time is a factor determining when failover is complete. If replication exceeds the amount of time specified, a log entry is created and replication continues. If it is exceeded, failover is not reported as incomplete or failed. Target(ed) domain controller This field allows you to specify the name of the domain controller where updates will be made during failover and failback. If this field is left blank, the default or Active Directory-determined domain controller will be used. The Target(ed) domain controller field is only available for Exchange It is not available for Exchange You must enter the name of the domain controller. IP addresses are not valid for this field. By default, the domain controller is resolved through Windows. 3-17

40 Advanced settings The following options allow you to control what functions Application Manager will perform during configuration. By default, Application Manager performs all of these functions. Individual functions should only be disabled for testing or debugging purposes. These options are only available when you launch Application Manager using the command line /exchange /advanced option (dtam /exchange /advanced). 1. Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = NOT selected). 2. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = NOT selected). 3. Select the Active Directory Hostname (SPNs) checkbox if you want to remove the host SPN (Service Principle Name) automatically from Active Directory for the source and add it to Active Directory for the target during failover (Default = NOT selected). If you are using Active Directory, you should enable this option. Otherwise, you may experience problems with failover. 4. Select the Create Replication Set checkbox to automatically create a replication set that includes all of the necessary directories/files that must be protected for your specific configuration. This should only be disabled if you have customized your replication set and do not want to overwrite it (Default = selected). 5. Select the Create Failover Scripts checkbox to automatically generate the failover/failback scripts and copy them to the appropriate server. This should be disabled only if you have customized your script files and do not want them to be overwritten (Default = selected). 6. Select the Create Connection checkbox to create the connection between the source and target using the automatically-generated replication set. This should only be disabled if you would like to verify the replication set that is created by Application Manager prior to connection (Default = selected). 3-18

41 7. Select the Create Failover Monitor checkbox to create a failover monitor on the target to monitor the source for failure. This monitor will use the failover parameters specified during configuration as well as the script files that have been created (Default = selected). 8. When you are finished, click OK. 9. If you want to add the target back to the PF list to which the source belongs, you will need to enable the Restore PF Tree option. a. Select Tools, Actions. b. Choose Display Advanced Options. c. Select Protect Exchange Server again. The Restore PF Tree option will be added to the Actions menu. d. Select Actions, Restore PF Trees. This will copy the owning PF tree setting from the source public folders to the target public folders. This setting is cleared when protection is enabled, which prevents SMTP queuing issues when trying to deliver messages to the target, but is never restored. If you want to have an active target server, you can use this command to restore it to a pre-application Manager state. Saving configuration changes After you have changed the configuration parameters, click OK to apply the settings. If you click Cancel, any changes you have made will be discarded and the previous configuration parameters wil be used. When you have finished configuring the optional protection options, continue with Validate the Configuration on page 9-1. If you close the Application Manager prior to enabling protection, your changes will not be saved. You must enable protection in order to save your configuration settings for a source/target pair. If you modify your configuration on the source server (such as adding a new storage group or database), you must disable protection, run validation and fix any issues, then re-enable protection to apply the changes to the Application Manager replication set. 3-19

42 Protecting an Exchange Cluster with a Like-Named Cluster This section describes the process used to configure protection for an Exchange cluster with a like-named (also known as a standby) cluster. When you protect a cluster with a like-named cluster, the Application Manager moves the EVS (Exchange virtual server) location from the source cluster to the target cluster. By moving the EVS, the process of moving users and public folders from one server to another is not needed becausethey will continue to use the same mail store on the target as they were on the source. This,coupled with the ability to reduce the TTL (Time to Live) value of the EVS DNS record (optional), allows a more seamless failover. Prerequisites Before you can use the Application Manager to protect a cluster with a like-named cluster, you must complete the following: Each target server node must have the same version and service pack level of Exchange as is installed on the source nodes. The target must have a resource group that has the same name as the resource group on the source. The target resource group only needs to contain physical disk resources, which MUST use the same drive letters that are used by the physical disk resources on the source. Like-named cluster support is only available for clusters running Exchange It is not available for Exchange Permissions When protecting a cluster with a like-named cluster, you can perform the setup, failover, and failback with the following permissions: The user must be a member of the local Storage Mirroring Admin group. The user must be a member of the local Administrators group on all cluster nodes. The user must be delegated Full Exchange Administrator access through Exchange System Manager. (Optional) In order to change the TTL within DNS during failover, the user must be a member of the DnsAdmins group. Multiple EVS The instructions in this chapter also apply to setting up multiple EVS. There are two ways to perform multiple EVS failover: Set up multiple like-name jobs for each EVS on your source cluster, as described in this chapter. 4-1

43 Failover multiple EVS servers to pre-existing EVS servers on the target. If you choose this option, instead of selecting the like-named equivalent, you will select the target EVS with which to setup protection. The Like-named cluster setup window will not appear since you are not using a like-named target. If you are running Exchange 2003 in mixed mode, the first installed EVS contains the MTA (Message Transfer Agent) resource that is needed to communicate with versions prior to Exchange If you do not failover all Exchange virtual servers, then any user who is in a different mail store than the first one may not be able to route mail. Configuring a standby cluster The process for protecting a cluster with a like-named cluster is similar to protecting a standard cluster. The following instructions point out the differences in configuration. For more information about basic protection functions, see Protecting an Exchange Server on page In the Source Server field, select the source cluster that you want to protect. 2. In the Target Server field, select the same server. The server name will be appended with the suffix (like-named) 4-2

44 3. After you select a like-named cluster for the target, you will need to configure the like-named cluster. After you select the target server, the Like-named cluster setup dialog box will appear. 4. Enter the following information: Target Cluster Enter the name of one of the target nodes, then click Connect. Network Select the NIC to which you will assign the IP address. IP Address (to create) Enter a new IP address for the target to use when it stands in for the source. Subnet Mask Enter the subnet mask to use for the new IP address. Storage Resources The Application Manager will automatically select the required storage resources on the target, provided that they exist (for example, if the source and target both have E:\ and S:\). Verify that the drive letters where Exchange data is located are selected. You can not de-select a storage resource that exists on both the source and target. If the drive letters on the source and target do not match, then not all required data will be selected automatically. You will need to select it manually. The selected storage resources must be in the same group. 5. When you are finished, click OK to return to the Manage Exchange window. 4-3

45 6. On the Manage Exchange window, click Configure to open the Configure Protection window, then select the Failover tab. 7. DNS Failover is the only option available for configuring protection with like-named clusters. For more information about DNS failover, see DNS failover on page If you want to modify DNS configuration options, click Configure. The Configure DNS Failover window will appear. 4-4

46 9. On the Configure DNS window, you can modify the TTL value for the DNS record. You can also specify the user credentials needed to modify DNS. When you are finished, you can click Test to test the DNS configuration for the selected DNS server(s), or click OK to return to the Configure Protection window. Decreasing the TTL value will increase the speed at which clients get the updated information. 10. After you have changed the configuration parameters, click OK to apply the settings and return to the Manage Exchange window. If you click Cancel, any changes you have made will be discarded and the previous configuration parameters will be used. 11. Click Validate to validate the selected cluster pair. The validation proceeds exactly like validation for other methods of failover. 12. Click Enable Protection to enable protection for the source cluster. Enabling protection After protection is enabled, the Application Manager creates four resources on the target cluster: two generic script resources, an IP address resource, and a temporary name resource. The temporary name resource is the source EVS name with _LN appended to the end. The Application Manager uses the temporary name resource for the connection between the source and target clusters. The Application Manager gets the order of the source cluster resources from the Microsoft Cluster DLL, then builds the scripts with the resources in order and based off the source s resources configuration. Scripts are automatically generated by the Application Manager during configuration. The scripts are copied to the Storage Mirroring installation directory on the specified server using the administrative share for that server s drive. Script File name Description Failover post_failover_ln.txt A post-failover script is executed after the core failover processes have completed on the target server. The primary function of the post-failover script is to start the resources on the target. Failback pre_failback_ln.txt A pre-failback script is executed before failback processing occurs on the target server. The primary function of this script is to stop resources on the target. Restore post_restore_ln.txt A post-restore script is not executed automatically, though it is provided on the source to perform actions that are generally required after data has been restored from the target to source after a failover/failback. The primary function of this script is to restart resources on the source server. After the resources are online and the mirroring has completed, the source cluster is considered protected and the Application Manager starts monitoring the source for complete source failure. If you modify your configuration on the source cluster, you must disable protection, run validation and fix any issues, then re-enable protection to apply the changes to the Application Manager replication set. 4-5

47 Dealing with a failure Graceful failover At the user's discretion, the Application Manager can perform a graceful, or soft, failover. A soft failover means the source cluster remains up and running while the EVS is transferred to the target cluster. This can be accomplished by using the failover button in Application Manager. The steps the Application Manager takes to transfer the EVS from the source cluster to the target are the same as during a site failure failover, which is described in Site failure failover on page 4-6. The only difference is that in a soft failover, the source cluster resources are taken offline gracefully. Site failure failover If the Application Manager detects that the source cluster has failed completely, it will display a prompt asking if a failover is desired. The time it takes for the Application Manager to realize a complete source cluster failure varies greatly. At times, the prompt can be seconds after the failure, or it might take several minutes. If you want the prompt to appear more quickly and you know that the source cluster has failed, you can decrease the amount of wait time by closing the Application Manager, re-opening it, and selecting the protected pair (if it is not automatically selected). When a failover is initiated, the following steps occur: 1. The Application Manager waits on the target replication queue to empty. 2. The exchfailover.exe utility fails over the virtual protocols of the EVS. 3. The resources are created on the target cluster. The resources are created in the same order as they appeared on the source cluster. The resources are configured exactly as they were on the source cluster. 4. The resources are brought online. 5. The DNS failover utility is used to lock the source DNS record. Differences in failback The process used to failback to the source cluster is the same as any other cluster failover method. The only difference is the EVS is now on both the source and target clusters. To failback to the source cluster, make sure the Physical Disk resource(s) and the IP Address resource are online on the source cluster, then use the Storage Mirroring Application Manager to failback. When you bring the source cluster online, an identical network name will still be active on the target. Because of this, when the source cluster tries to bring up the EVS on the source, the network name resource will fail and consequently the group will not come online on the source. You should allow the source cluster to finish trying to bring the resources online before using the Application Manager to failback. 4-6

48 Protecting a SQL Server To configure protection for your SQL servers using Application Manager, you will complete the following steps: 1. Install SQL on the source server and apply any SQL service packs or patches. Use the default installation options for SQL. 2. Install SQL on the target, verifying that the installation location for the target is the same as the source. Apply the same SQL service packs or patches that were installed on the source. Use the default installation options for SQL with the following considerations: The target must be a unique installation (that is, two SQL servers must be available for a protection pair). Logical drive mapping must be the same on the source and target and must be assigned prior to running the Application Manager. You should use the same version and service pack of SQL Server on both the source and target servers. If you are using clusters, you will need to pre-configure the SQL instances on the target using any combination of default and/or named instances to match what is on the source. 3. Install Storage Mirroring on the source and target SQL servers. See the Storage Mirroring Getting Started guide for more information. 4. Install the Application Manager on page Select a task on page Select a domain on page Select source and target servers on page (Optional) Configure protection settings on page Validate the Configuration on page 9-1 To protect your SQL server, you will complete the following steps: 1. Enable protection on page Monitor protection status on page 10-2 In the event of a failure, you will need to perform some additional tasks. These tasks are described in Failover, Failback, and Restoration on page Select a task To protect a SQL server, open the Application Manager (Start, Programs, Storage Mirroring, Application Manager), then on the Tasks area on the left pane, select Protect SQL Server. The Manage SQL page will appear in the right pane. Make sure that the Setup tab is in view. You can also launch Application Manager for SQL by using the command line /sql option (dtam /sql). 5-1

49 Select a domain The Domain Name on the main window will be populated automatically with the domain where the Application Manager client resides. If you want to change the domain, type in a domain name for a trusted domain that the Application Manager client can connect to, then press Tab or click on another field. If the domain you entered doesn t exist or you do not have the credentials to modify Active Directory for the new domain, the Domain Login window will appear. You will be prompted to enter the domain name, user name, and password to use for logging in to the domain. Domain names must include a suffix, such as.com,.corp, or.net. The user account should have administrator permissions. For more information about configuring permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format NetBIOS domain name\username or username. If you enter a non-qualified name, the default domain will be used. 5-2

50 Select source and target servers If this is your first time to select a SQL server to protect, you may need to click the Advanced Find button to add servers to the Source Server and Target Server fields. For more information, see Add or manage servers on page 5-4. If you select a source/target pair for which you have previously enabled and disabled protection, you may use the existing configuration settings (provided that the source/target connection is not currently active, in which case the existing settings will always be used). When you select Configure or Validate, a prompt wil appear asking if you want to re-use the previous configuration information. Click Yes to re-use the previous information, or click No to revert to the Application Manager default settings. If the IP address(es) for the source or target server have changed since you originally configured protection (for example, if you configure the source or target in a staging area and then send it to a production location), you must re-configure the protection settings. When you are prompted to re-use the previous protection configuration, click No, then click the Configure Protection button. 1. In the Source Server field, select the SQL server that you want to protect. If this is your first time to log in to the selected server, you will be prompted to enter server login information. For more information about logging in to servers, see Enter server login information on page 5-5. You cannot protect a server if it is already functioning as a target server. If you attempt to select a source that is currently unavailable, a prompt will appear stating that the source is not available and that if the source is failed over, you should first select the target. If you select the target, then select the source (as recommended in the prompt), the same prompt appears (though you would expect to get a prompt to failover). The ability to failover using the Application Manager will not be available until a failover condition has been met in accordance with the failover monitor settings set on the Monitoring tab. 2. In the Target Server field, select the backup SQL server that will protect the source server in the event of a failure. Notice that after the source and target servers are selected, the Protection Status on the Monitor tab changes to Unprotected. If you first select a target that is monitoring a connection that has met a failover condition and requires manual intervention, then select the protected source server, a prompt will appear asking if you want to initiate failover. 5-3

51 Add or manage servers If the servers you need do not appear, click the Advanced Find button, or select Actions, Manage SQL Servers. The Manage SQL Servers window will appear. To discover all servers in the domain: 1. Click the Search button. The Discovered Servers list will be populated with all servers that the Application Manager can discover that reside in the domain. 2. To directly add a server to the drop-down list on the Manage SQL main page, select the server in the Discovered Servers list, then use the >> button to move it into the Current Servers list. 3. To add a non-discovered server to the Current Servers list, enter the server name in the field next to the Add button, then click Add. In environments with a very large number of servers in Active Directory, you may experience significant delays while the Application Manager searches for SQL servers. To override the automatic scan for SQL servers, you can launch Application Manager through the command line using the /nosqlsearch option (dtam /sql /nosqlsearch). This will cause the Application Manager not to populate the Source and Target fields automatically. You will then need to click the Advanced Find button and add the source and target SQL servers manually. 4. After a server has been added to the Current Servers list, you can manage that server. Select the server, then select one of the following options: Remove Click the Remove button to remove the selected server from the drop-down list on the Manage SQL main page. Test SQL Click the Test SQL button to determine if SQL is installed and accessible for the selected server. 5. When you have finished adding, managing, or testing servers, click OK to save your changes, or Cancel to return to the Manage SQL main page without saving. 5-4

52 Enter server login information After you select a server for the first time, you will be prompted to enter a user name and password to use for logging in to the selected server. The login account MUST be a member of the Storage Mirroring Admin local security group for the selected server. For more information about permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used. Entering the credentials for the logged-on user may be valid. The Application Manager will attempt to use the same user name and password the next time you select a server. Using clustered SQL servers SQL servers are selectable in the same way as physical servers; however, physical servers that are members of a cluster (called a node ) are not shown in the server drop-down list. Configure protection settings If you do not need to change the configuration settings, continue with Validate the Configuration on page 9-1. If you have already enabled protection for a connection and need to change the configuration parameters, you will first need to disable protection as described in Disable protection on page To change the default configuration parameters, click Configure from the main Application Manager window, or select Actions, Configure Protection from the menu. The Configure Protection window will appear. The Configure Protection window has tabs for configuring failover, connection, and advanced settings. The following sections describe the options on each of these tabs. 5-5

53 Select SQL instances If you launch the Application Manager using the /sql /advanced switch (dtam /sql /advanced), you can select which instances to protect, for example, when an instance is offline or does not exist on the target. This window will appear only when Application Manager is launched in advanced mode and when there are two or more SQL instances (default plus one or more named instance, or two or more named instances and no default instance). The Source SQL Server Instances list will be populated with all instances that the Application Manager can discover on the source SQL server. 1. To directly add an instance, select the server in the Source SQL Server Instances list, then use the >> button to move it into the SQL Server Instances to Protect list. 2. To add a non-discovered instance to the SQL Server Instances to Protect list, enter the instance name in the field next to the Add button, then click Add. 3. When you have finished adding instances, click OK to save your changes, or Cancel to return to the Configure Protection page without saving. Failover settings The Failover tab includes options that will be applied during SQL failover. 5-6

54 Failover type Failover Type indicates what name resolution method will be used to redirect users to the target SQL server in the event of a source failure. By default, DNS Failover is selected. For clustered environments, only DNS failover is supported. DNS failover DNS Failover is the recommended method for failover. Use this option if you want to failover by updating the DNS records associated with the source. This will modify all source server A, MX, and PTR-type DNS resource records to point to the target. In DNS Failover, the DNS records for the source server are modified to point to the target server s IP address. This allows clients to resolve the source SQL server name to the target server s network name and IP address at failover time. DNS Failover eliminates duplicate server name and IP addresses on your network. After you select the DNS Failover option, click Configure. The Configure DNS Failover window will appear. Configure the following information for DNS failover: 1. To add additional DNS server IP addresses, type the IP address into the DNS Server field, then click Add. 2. The list box under the DNS Server field contains all DNS IP addresses for the source and target servers. The label after the DNS IP address indicates whether the DNS IP address belongs to the source, target, or both. To remove an IP address from the DNS server list, select the IP address, then click the Delete button. 3. In the Source IP column, select the checkbox next to the source IP address(es) to be monitored for failover. 4. In the Target IP column, select the target IP address to be used when failover occurs. If the target is monitoring multiple source IP addresses for failover, each monitored source IP address must be mapped to a unique target IP address. 5-7

55 5. To specify the value the Application Manager will establish for Time to Live (TTL) on the source s affected DNS records, select the Update TTL checkbox, then enter the desired update interval (in seconds). The default is the current maximum TTL of all the source s A records. The recommended value is 300 seconds (5 minutes). 6. In the Username field, enter the user name that will be used to access/modify DNS records. The login account MUST be a member of the DNSAdmins group for the domain in which the DNS server resides. For more information about permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used by default. The domain name is obtained from the DNS server name, provided that reverse lookup in DNS is enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. 7. In the Password field, enter the password that will be used to access/modify DNS records. 8. Click the Test button to validate that DNS failover is configured correctly for the selected DNS server(s) and that the specified credentials are sufficient to update DNS. 9. When the DNS configuration is complete, click OK to save your entries and return to the Configure Protection window. If you are running Windows Server 2000 on the primary DNS server hosting zones or domains that contain source and/or target resource records, you must have the DNS WMI Provider installed on that DNS server. The Dynamic updates setting for the DNS zone should be set to Secure only. Otherwise, you must disable dynamic registration on the source server in order to prevent the source from reclaiming its DNS record. If a hosts file entry for the source server exists on the client machine, errors may occur during a failover and failback. Reverse lookup in DNS should be enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. DNS registration for the private (devoted to Storage Mirroring) NIC IP should be disabled. If dynamic updates are enabled on a standard primary zone, the source server will be able to update its DNS records after failover. To prevent this, configure DNS to use an Active Directory-integrated zone. For more information about using the DNS Failover utility, access the dfo.exe help by typing dfo.exe /? from a command prompt. Identity failover Select this option if you want to failover by transferring the source IP address and name to the target. When using identity failover, it is possible that a name and/or IP address conflict can occur either during failover or when the original source server comes back online. To avoid this conflict, use DNS Failover. Identity failover is not supported in clustered environments. Application Manager cannot be used for failover or failback when the Identity failover method is selected. However, the Failover Control Center can still be used to initiate failover. DNS failover reduces downtime and provides other benefits. It is recommended for most environments. In Identity Failover, the target s physical identity is modified to match the source during a failover. This includes the target adopting the source server s name, primary IP address, and drive shares during a failover. Identity failover may be required in the following situations: Access to the domain controller or DNS server is not available (for example, due to permissions) from the account that Storage Mirroring runs under on the source/target servers. If you determine that the time it takes to propagate the necessary DNS or Active Directory changes to the rest of your environment is not acceptable. The time needed to propagate these changes depends on your Active Directory Replication and DNS server settings. 5-8

56 If you have client applications that are configured to connect to an IP address rather than a server name. After you select the Identity Failover option, click Configure. The Configure Identity Failover window will appear. Enter the following information for Identity failover: 1. In the Source IP column, select the source IP address(es) to be monitored for failover. 2. In the Target NIC column, select the target NIC to be used when failover occurs. 3. The Target IP Addresses area displays the IP address(es) of the selected target NIC. 4. Select the IP Address checkbox if you want the specified source IP address to be monitored (Default = selected). If your source and target servers are on different subnets, you should NOT failover the IP address. Instead, if the server name is required you should choose DNS failover with the Advanced switch and select the Server Name. For more information, see Advanced settings on page Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = NOT selected). 6. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = NOT selected). 7. Select the Active Directory Hostname (SPNs) checkbox to remove the host SPN (Service Principle Name) from Active Directory for the source automatically and add it to Active Directory for the target during failover (Default = NOT selected). 8. Click OK to save your entries and return to the Configure Protection window. Services Application Manager will determine the appropriate SQL services to start/stop based on your operating system/sql configuration. You should only modify this selection if there are additional services that need to be started along with SQL during the failover/failback process. 5-9

57 Modifying the default configuration for services may affect whether data can be successfully replicated. Do not modify the services to start/stop unless you are very familiar with Storage Mirroring and SQL. 1. To add a service, click Add. The Add Service window will appear. 2. Select the Service name from the drop-down box, then click Add; or, type the name of a service, then press Enter. 3. If available, select the Service must be stopped on target checkbox. Most services must be stopped on the target for replication to occur properly. 4. When you are finished entering services, click Close to return to the Failover configuration window. 5. To remove a service, select one or more services, then click Remove. You can remove all of the services besides the required SQL server service (MSSQLSERVER for a default instance, or MSSQL$<instance_name> for a named instance). 6. Services will be started in the displayed order (top-to-bottom starting with the left column) and shutdown in reverse order (bottom-to-top starting with the right column). To re-arrange the order in which services are started/stopped: a. Add any additional services. b. Select a service in the list, then use the up and down arrow buttons to move the service to the appropriate position in startup/shutdown order. Resources (cluster only) If you are using clustered SQL servers, you will select resources instead of services to bring online and offline during failover. The Resource selection works exactly like the service selection functionality. 5-10

58 Monitor settings The Monitoring tab includes options for configuring how you want to monitor the source server for failure. Configure how you want to monitor the source server for failure. 1. Select the Active Monitoring Enabled option to enable or disable failover for the selected source/target pair. 2. By default, Manual Intervention Required is selected. Manual intervention allows you to control when failover occurs. When a failure occurs, a prompt appears and waits for you to initiate the failover process manually. Disable Manual Intervention Required only if you want failover to occur immediately when a failure condition is met. 3. In the Method to monitor for Failover field, select the ping method to use when monitoring source IP addresses. Network Access (ICMP) Storage Mirroring failover uses ICMP pings to determine if the source server is online. If a network device, such as a firewall or router, between the source and target is blocking ICMP traffic, failover monitors cannot be created or used. Replication Service (UDP) The Storage Mirroring service on the target server sends a ping-like UDP request to the source Storage Mirroring service, which replies immediately to confirm it is running. This method is useful when ICMP is blocked on routers between the source and target. 4. Configure how long to wait after a source failure to initiate failover. The amount of time before failover begins is calculated by multiplying the Monitor Interval by the Missed Packets. For example, if the Monitor Interval is set to 5 seconds and the Missed Packets setting is 5, a failover condition will be identified after 25 seconds of missed source activity. In a cluster environment, make sure to include a cushion to account for the time it takes for SQL to failover between nodes. Setting values too low will cause the Application Manager to assume the source cluster has failed and will indicate that a failover condition has been met. a. In the Monitor Interval field, select how often the monitor should check the source machine availability (Default = 5 seconds). b. In the Missed Packets field, select how many monitor replies can be missed before assuming the source machine has failed (Default = 5 missed replies). 5. If you are monitoring multiple IP addresses, select one of the Failover Trigger options. All Monitored IP Addresses Fail Failover begins when all monitored IP addresses fail. One Monitored IP Address Fails Failover begins when any of the monitored IP addresses fail. 5-11

59 Application Monitoring (BETA) By default, application monitor settings are not available in this release of the Storage Mirroring Application Manager. Application monitoring is only available when you launch Application Manager using the command line /sql /advanced option (dtam /sql /advanced) WARNING: This feature is currently BETA and should not be used in production environments. 1. If you select the Enable Application Monitoring checkbox, the remaining fields in Application Monitor Settings area will be enabled. A message box will appear, asking you to confirm that you want to use this BETA feature. To continue, click OK. Application monitoring is not available when dealing with a cluster. 2. In the Monitor Interval field, enter the interval (in seconds) at which you want to check application health. 3. In the Error Threshold field, enter the number of consecutive errors that can be received before an error alert appears. 4. In the Type of Monitoring area, select one of the following options. Built-in Monitoring Points Use the default monitoring options. Custom Script Launch a batch file to check application health. Either type the name of the script, or click Browse to locate a script. If you select Custom Script, you will also need to designate whether to use.ps1 (PowerShell) or.vb (VisualBasic) as the Script Engine. Make sure you select the appropriate engine for your script type. An example script that you can use as a basis for creating your custom script is included in the \Samples subfolder where the Application Manager is installed. 5. In the Username field, enter the fully-qualified user name that will be used to run WMI scripts. The fully-qualified user name must be in the format domain\username or username@domain. The required credentials for running WMI scripts is full WMI access to the CIMV2 namespace. Under Windows 2008, the supplied credentials must also be allowed through DCOM and User Access Control. It is recommended that a group be created for running scripts, and that the required permissions be given to the group. By default, the administrative group of a Windows 2008 machine has full WMI access. However, DCOM and User Access Control settings may need to be adjusted. 6. In the Password field, enter the password for the specified user account. 7. Click the Test button to validate that the specified credentials are sufficient to run WMI scripts. 5-12

60 8. (Optional) Click the Clear Cached Credentials button to clear the cached user name and password. Snapshot settings The following allow you to set up snapshots of your target data that can be used when failing over. By default, snapshots are not enabled in the Application Manager. 1. To enable snapshots, select the Enable periodic snapshots checkbox. This will enable the remaining controls. 2. In the Snapshot interval field, select the interval at which you want to perform snapshots (in minutes). The minimum interval is 15 minutes. 3. Select one of the following options for when to begin collecting snapshots: Start now Select this option to take the first snapshot as soon as protection is enabled. Start at Select this option to start taking snapshots at a future time. If you select this option, you will also need to enter a date and time. 4. When you are finished, click OK. 5-13

61 Connection settings The Connection tab includes options that will be applied to the specified source/target connection. Route This setting identifies the Target IP Address that the Storage Mirroring data will be transmitted through. You should only change this setting if you want to select a different route for Storage Mirroring traffic. On a machine with more than one NIC, this increases the flexibility of configuring Storage Mirroring activity. For example, you can separate regular network traffic and Storage Mirroring traffic on a machine. The default ports will be used. In a cluster, the route should be set to the name of the SQL dependent IP address. Protected Databases For SQL, you can select one of the following protection modes: SQL instance (default) Database only Database only mode, many-to-one configurations SQL instance (default) Select SQL Instance protection mode to replicate all of the SQL program and data files (except the \binn directory) to the target SQL server. This will allow the clients to access your production SQL Server data and functionality on the target in the event of a failure. 5-14

62 SQL Instance protection mode requires that the source and target servers both have the exact same version of SQL (major and minor versions) as well as similar logical drive structures (the target must have at least the same logical drives as the source where SQL program and data files are stored). Certain user databases can be de-selected, but the System databases (except for tempdb) are required. If you are protecting SQL named instances, both the source and target SQL Servers must have named instances with the exact same name installed prior to configuring protection. When using named instances, all named instances will appear in the Protected Databases area. You can either de-select an entire instance, or select specific databases within each instance. By default, the TcpPort on the source named instance will be different than the TcpPort on the target named instance. However, the Application Manager will still be able to work and there is no need for any additional configuration. If you need to reduce the amount of mirroring and replication traffic, you may choose to deselect the tempdb database if it is not necessary. You can also select non-application specific data under the Volumes folder. If Override Generated Rules is selected on the Advanced tab, this control will be disabled. To refresh the tree view to show new source directories or files that may have been added or removed, select the logical node, then click the Refresh button. If a node in the volumes branch is selected, then the items under that node will be refreshed. Database only The Database Only mode is intended for advanced users only. Select Database Only protection mode to replicate only the.mdf,.ldf, and.ndf files to the target server. The selected database(s) will be attached to the target SQL Server upon failover, allowing clients to access the underlying data. You can also select non-application specific data under the Volumes folder. If Override Generated Rules is selected on the Advanced tab, this control will be disabled. To refresh the tree view to show new source directories or files that may have been added or removed, select the logical node, then click the Refresh button. If a node in the volumes branch is selected, then the items under that node will be refreshed. During the configuration and validation process, you will have the opportunity to transfer user logins and permissions (both server and database-level) and certain SQL Server registry and configuration settings to the target server. This will allow users to access the data associated with the selected database(s), but no other server-level functionality will be transferred to the target server (including but not limited to Job Server configuration, Full-Text service configuration, SQL Replication configuration, linked servers, remote servers, backup devices). When using Database Only mode, any SQL Server replication configured on the protected databases must be configured by the administrator on the target after failover. 5-15

63 If you select Database Only protection mode, you can select a non-system database and map it to a unique path on the target. You must first select the database in order for the Target Path commands to be visible. 1. Select the database you want to re-map, then click the ellipse button. The Choose a Target Folder window will appear. 2. Enter the desired path in the Target Path field, then click OK. The target database must be either offline or detached from the target before you can enable protection in the Application Manager. The validation test will detect if the target database is still online. Clicking Fix will detach that database on the target. 5-16

64 3. To confirm the new path, click Apply. If Database-Only protection mode is used to protect SQL Server, atempting to attach a replicated SQL database on the target server after failover can fail when done outside of the Application Manager. The Storage Mirroring service account (typically the target's LocalSystem account) is the account used to attach/detach databases on failover/failback. When the database is detached by the failback script, the Storage Mirroring service account becomes the owner of those files that make up the database (*.mdf, *.ldf, etc.), and any attempts to manually attach the database may fail if the user account does not yet have NTFS permissions to access the physical files. To change the permissions on an individual file, perform these steps on each file that is part of the database's file list. 1. In Windows Explorer, select the folder that contains the physical files for the database that needs to be manually attached. 2. Right-click, then select Properties. 3. Select the Security tab. 4. Determine if the user account has NTFS permissions for that folder. 5. If the user account does not have specific or inherited permissions, click the Add button. 6. Enter the user account name (such as domain\administrator). 7. After the user account has been added, give the account the necessary permissions to the folder (Full Control). 8. Make sure that the subfolders and files are set to inherit these rights, then click OK. Database only mode, many-to-one configurations The following examples describe the SQL many-to-one configurations that can be protected using Application Manager. Example 1: If you have two SQL servers (Source1 and Source2) where each server has only the default instance installed, you can protect databases from both servers' default instance, provided that the database names are unique. Case 1: Both source servers default instances have a database named Accounting. You can only protect/failover one server's copy of the database (because SQL on the target will not allow you to attach more than one copy of the same-named database). If you select and setup both servers default instances for protection and both source servers fail, the Accounting database on the first source server to be failed over will be attached. The second server to failover will not be able to attach its Accounting database. Case 2: If Source1 has a database named Accounting1, and Source2 has a database named Accounting2, then you can protect and failover the database on both servers without any issues. All database filenames (*.mdf, *.ldf, and *.ndf) must either be: Uniquely named (for example, accounting1.mdf and accounting2.mdf), or Uniquely located on the target (for example, c:\source1\accounting1\accounting.mdf and c:\source2\accounting2\accounting.mdf). Example 2: If you have two SQL servers (Source3 and Source4) where each has a named instance installed (for example, Source3\instance1 and Source4\instance2), you can protect databases from both servers if the target has at least those two instances installed (Target1\instance1 and Target1\instance2). 5-17

65 Case: Both source SQL servers have a database named Accounting (Source3\instance1 Accounting and Source4\instance2 Accounting). You can protect and failover each SQL server s copy of the database without any issue. All the database filenames (*.mdf, *.ldf, and *.ndf) must either be: Uniquely named (for example, accounting1.mdf and accounting2.mdf), or Uniquely located on the target (for example, c:\source3\accounting1\accounting1.mdf and c:\source4\accounting2\accounting2.mdf) Mirror type The following options specify what files you want sent from the source to the target during a mirror. Full Copies all of the directories and files in the replication set to the target machine. If a mirror has already been completed, another full mirror will overwrite the data on the target. Checksum (Default) This option performs a checksum comparison calculation. A checksum calculation is a formula applied to blocks of data to determine if the binary make-up of the block is identical. If the checksums on the source and target machine are the same, the block is skipped. If the checksums on the source and target machine are not the same, the block on the source is sent to the target. With this option, the entire file is not overwritten; only the block that is received from the source is overwritten. The Mirror type setting also applies to the restoration connection. Enable compression This setting enables compression of data that is transmitted from the source to the target. Significant improvements in bandwidth utilization have been seen in Wide Area Network (WAN) configurations or in any case where network bandwidth is a constraint. Compression may be used in LocalArea Network (LAN) configurations, though it may not provide any significant network improvements. You can specify compression for different source/target connections, but all connections to the same target will have the same compression settings. By default, compression is disabled. To enable it, select Enable Compression, then set the level from minimum to maximum compression. 5-18

66 Advanced settings The Advanced tab includes advanced configuration options. Replication set rules A replication set defines what directories/files are to be protected by Storage Mirroring. By default, Application Manager selects all of the necessary directories/files to protect SQL based on your source server configuration. These include the SQL application data and transaction logs, tempdb files, and SQL error logs. By default, the Application Manager-generated replication set will be named sqldag01_<source server name>_<target server name>. You should only modify the replication set rules if there are additional directories/files specific to your configuration that must also be protected with SQL. Modifying the default configuration for replication set rules may affect whether data can be successfully replicated. Do not modify the replication set unless you are very familiar with Storage Mirroring and SQL. To change the replication set rules: 1. Select the Override Generated Rules checkbox. When this box is selected, the Protected Databases control on the Connection tab will be disabled. For more information, see Protected Databases on page To add a replication set rule, click Add. The Add Repset Rule dialog box will appear. 3. In the Rule Path field, type the directory that you want to protect or exclude. 4. In the Include/Exclude area, select whether to include or exclude the path from the replication set. 5-19

67 5. In the Recursive area, select whether the directory should be recursive (protecting all sub-folders under the directory) or non-recursive (protecting only the files in the directory). 6. Click Add. 7. When you have entered all of your replication set rules, click Close to return to the Advanced configuration tab. You will need to manually verify that the rule path is correct since the Application Manager does not validate rule paths. 8. To remove a rule, select one or more rules, then click Remove. Removing rules that were automatically added by Application Manager could impact the success of failover. Any changes to rules should be thoroughly tested. 9. To reset the rules to the auto-generated rules and to re-enable the Protected Databases control, remove the selection from the Override Generated Rules checkbox. Failover/failback scripts Scripts are executed at different points during the failover/failback process to perform the actions necessary to make SQL available on the appropriate server. Scripts perform steps such as starting/stopping services, attaching/detaching databases in database-only protection mode, and modifying DNS entries on the DNS server to point users to the appropriate server. Editing scripts is an advanced feature. Do not edit scripts unless you fully understand what each command is doing. Scripts are automatically generated by Application Manager during configuration. The scripts are copied to the Storage Mirroring installation directory on the specified server using the administrative share for that server s drive. Script File name Description Failover post_failover_sql.txt A post-failover script is executed after the core failover processes have completed on the target server. The primary functions of the post-failover script are to start the services on the target and to modify DNS and Active Directory entries as necessary. Failback pre_failback_sql.txt A pre-failback script is executed before failback processing occurs on the target server. The primary functions of this script are to stop services on the target and to move DNS and Active Directory entries as necessary. Restore post_restore_sql.txt A post-restore script is not executed automatically, though it is provided on the source to perform actions that are generally required after data has been restored from the target to source after a failover/failback. The primary function of this script is to restart services on the source server. By default, Application Manager generates all the required scripts for you automatically based on your system configuration. You can also edit the scripts to add, modify, or delete specific commands. To edit a script: 1. Click on the button for the script you want to update. The script file will be displayed using your machine s default editor. 2. Enter your changes. 3. Save the script file. 5-20

68 Any change you make to the script in the editor will be copied to the appropriate server when configuration changes are accepted, thus overwriting any changes that have been made outside the Application Manager. The scripts can be overwritten by certain operations during setup. For example, any changes to configuration options done in the Application Manager will overwrite previous script changes. If you want to make permanent changes to a script, you must modify the appropriate.txt file within the Application Manager installation directory. If there is more than one client machine that will be configuring failover, the change must be made to all the appropriate.txt files. Before running Application Manager multiple times (for example, when re-enabling protection after a failover/failback), save a copy of your post-restore and pre-failback batch files. After Application Manager executes, replace the default script file(s) with the customized file(s) that you saved. Items to failover Select the items to failover. 1. Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = NOT selected). 2. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = NOT selected). 3. Select the Active Directory Hostname (SPNs) checkbox if you want to remove the host SPN (Service Principle Name) automatically from Active Directory for the source and add it to Active Directory for the target during failover (Default = NOT selected). If you are using Active Directory, you should enable this option. Otherwise, you may experience problems with failover. 5-21

69 Advanced settings The following options allow you to control what functions Application Manager will perform during configuration. By default, Application Manager performs all of these functions. Individual functions should only be disabled for testing or debugging purposes. These options are only available when you launch Application Manager using the command line /sql /advanced option (dtam /sql /advanced). 1. Select the Create Replication Set checkbox to automatically create a replication set that includes all of the necessary directories/files that must be protected for your specific configuration. This should only be disabled if you have customized your replication set and do not want to overwrite it (Default = selected). 2. Select the Create Failover Scripts checkbox to automatically generate the failover/failback scripts and copy them to the appropriate server. This should be disabled only if you have customized your script files and do not want them to be overwritten (Default = selected). 3. Select the Create Connection checkbox to create the connection between the source and target using the automatically-generated replication set. This should only be disabled if you would like to verify the replication set that is created by Application Manager prior to connection (Default = selected). 4. Select the Create Failover Monitor checkbox to create a failover monitor on the target to monitor the source for failure. This monitor will use the failover parameters specified during configuration as well as the script files that have been created (Default = selected). Saving configuration changes After you have changed the configuration parameters, click OK to apply the settings. If you click Cancel, any changes you have made will be discarded and the previous configuration parameters wil be used. 5-22

70 When you have finished configuring the optional protection options, continue with Validate the Configuration on page 9-1. If you close the Application Manager prior to enabling protection, your changes will not be saved. You must enable protection in order to save your configuration settings for a source/target pair. If you modify your configuration on the source server (such as adding a new storage group or database to a directory that was not included in the replication set), you must disable protection, run validation and fix any issues, then re-enable protection to apply the changes to the Application Manager replication set. 5-23

71 Protecting a File Server To configure protection for your file servers using Application Manager, you will complete the following steps: 1. Install Storage Mirroring on the source and target file servers. See the Storage Mirroring Getting Started guide for more information. 2. Install the Application Manager on page Select a task on page Select a domain on page Select source and target servers on page (Optional) Configure protection settings on page Validate the Configuration on page 9-1 To protect your file server, you will complete the following steps: 1. Enable protection on page Monitor protection status on page 10-2 In the event of a failure, you will need to perform some additional tasks. These tasks are described in Failover, Failback, and Restoration on page Select a task To protect a File server, open the Application Manager (Start, Programs, Storage Mirroring, Application Manager), then on the Tasks area on the left pane, select Protect File Server. The Manage File Server page will appear in the right pane. Make sure that the Setup tab is in view. You can also launch Application Manager for File Servers by using the command line /fileprint option (dtam /fileprint). 6-1

72 Select a domain The Domain Name on the main window will be populated automatically with the domain where the Application Manager client resides. If you want to change the domain, type in a domain name for a trusted domain that the Application Manager client can connect to, then press Tab or click on another field. If the domain you entered doesn t exist or you do not have the credentials to modify Active Directory for the new domain, the Domain Login window will appear. You will be prompted to enter the domain name, user name, and password to use for logging in to the domain. Domain names must include a suffix, such as.com,.corp, or.net. The user account should have administrator permissions. For more information about configuring permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format NetBIOS domain name\username or username. If you enter a non-qualified name, the default domain will be used. 6-2

73 Select source and target servers Click the Advanced Find button to add servers to the Source Server and Target Server fields. For more information, see Add or manage servers on page 6-4. If you select a source/target pair for which you have previously enabled and disabled protection, you may use the existing configuration settings (provided that the source/target connection is not currently active, in which case the existing settings will always be used). When you select Configure or Validate, a prompt wil appear asking if you want to re-use the previous configuration information. Click Yes to re-use the previous information, or click No to revert to the Application Manager default settings. If the IP address(es) for the source or target server have changed since you originally configured protection (for example, if you configure the source or target in a staging area and then send it to a production location), you must re-configure the protection settings. When you are prompted to re-use the previous protection configuration, click No, then click the Configure Protection button. 1. In the Source Server field, select the File server that you want to protect. If this is your first time to log in to the selected server, you will be prompted to enter server login information. For more information about logging in to servers, see Enter server login information on page 6-4. You cannot protect a server if it is already functioning as a target server. If you attempt to select a source that is currently unavailable, a prompt will appear stating that the source is not available and that if the source is failed over, you should first select the target. If you select the target, then select the source (as recommended in the prompt), the same prompt appears (though you would expect to get a prompt to failover). The ability to failover using the Application Manager will not be available until a failover condition has been met in accordance with the failover monitor settings set on the Monitoring tab. 2. In the Target Server field, select the backup File server that will protect the source server in the event of a failure. In a parent/child configuration, you wil need to click Advanced Find and manually add the target server. The Application Manager only searches the root domain (or domain entered in Domain Name) and since the target server is in a child domain, it will not be auto discovered. Notice that after the source and target servers are selected, the Protection Status on the Monitor tab changes to Unprotected. If you first select a target that is monitoring a connection that has met a failover condition and requires manual intervention, then select the protected source server, a prompt will appear asking if you want to initiate failover. 6-3

74 Add or manage servers If the servers you need do not appear, click the Advanced Find button. The Manage Servers window will appear. To discover all servers in the domain: 1. Click the Search button. The Discovered Servers list will be populated with all servers that the Application Manager can discover that reside in the domain. 2. To directly add a server to the drop-down list on the Manage File Server main page, select the server in the Discovered Servers list, then use the >> button to move it into the Current Servers list. 3. To add a non-discovered server to the Current Servers list, enter the server name in the field next to the Add button, then click Add. 4. After a server has been added to the Current Servers list, you can click the Remove button to remove the selected server from the drop-down list on the Manage File Server main page. 5. When you have finished adding servers, click OK to save your changes, or Cancel to return to the Manage File Server main page without saving. Enter server login information After you select a server for the first time, you will be prompted to enter a user name and password to use for logging in to the selected server. The login account MUST be a member of the Storage Mirroring Admin local security group for the selected server. For more information about required account permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used by default. Entering the credentials for the logged-on user may be valid. The Application Manager will attempt to use the same user name and password the next time you select a server. 6-4

75 Configure protection settings If you do not need to change the configuration settings, continue with Validate the Configuration on page 9-1. If you have already enabled protection for a connection and need to change the configuration parameters, you will first need to disable protection as described in Disable protection on page To change the default configuration parameters, click Configure from the main Application Manager window, or select Actions, Configure Protection from the menu. The Configure Protection window will appear. The Configure Protection window has tabs for configuring failover, connection, and advanced settings. The following sections describe the options on each of these tabs. Failover settings The Failover tab includes options that will be applied during File server failover. Failover type Failover Type indicates what name resolution method will be used to redirect users to the target File server in the event of a source failure. By default, DNS Failover is selected. DNS failover DNS Failover is the recommended method for failover. Use this option if you want to failover by updating the DNS records associated with the source. This will modify all source server A, MX, and PTR-type DNS resource records to point to the target. In DNS Failover, the DNS records for the source server are modified to point to the target server s IP address. This allows clients to resolve the source File server name to the target server s network name and IP address at failover time. DNS Failover eliminates duplicate server name and IP addresses on your network. 6-5

76 After you select the DNS Failover option, click Configure. The Configure DNS Failover window will appear. Configure the following information for DNS failover: 1. To add additional DNS server IP addresses, type the IP address into the DNS Server field, then click Add. 2. The list box under the DNS Server field contains all DNS IP addresses for the source and target servers. The label after the DNS IP address indicates whether the DNS IP address belongs to the source, target, or both. To remove an IP address from the DNS server list, select the IP address, then click the Delete button. 3. In the Source IP column, select the checkbox next to the source IP address(es) to be monitored for failover. 4. In the Target IP column, select the target IP address to be used when failover occurs. If the target is monitoring multiple source IP addresses for failover, each monitored source IP address must be mapped to a unique target IP address. 5. To specify the value the Application Manager will establish for Time to Live (TTL) on the source s affected DNS records, select the Update TTL checkbox, then enter the desired update interval (in seconds). The default is the current maximum TTL of all the source s A records. The recommended value is 300 seconds (5 minutes). 6. In the Username field, enter the user name that will be used to access/modify DNS records. The login account MUST be a member of the DNSAdmins group for the domain in which the DNS server resides. For more information about required account permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used by default. The domain name is obtained from the DNS server name, provided that reverse lookup in DNS is enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. 7. In the Password field, enter the password that will be used to access/modify DNS records. 6-6

77 8. Click the Test button to validate that DNS failover is configured correctly for the selected DNS server(s) and that the specified credentials are sufficient to update DNS. 9. When the DNS configuration is complete, click OK to save your entries and return to the Configure Protection window. If you are running Windows Server 2000 on the primary DNS server hosting zones or domains that contain source and/or target resource records, you must have the DNS WMI Provider installed on that DNS server. The Dynamic updates setting for the DNS zone should be set to Secure only. Otherwise, you must disable dynamic registration on the source server in order to prevent the source from reclaiming its DNS record. If a hosts file entry for the source server exists on the client machine, errors may occur during a failover and failback. Reverse lookup in DNS should be enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. DNS registration for the private (devoted to Storage Mirroring) NIC IP should be disabled. If dynamic updates are enabled on a standard primary zone, the source server will be able to update its DNS records after failover. To prevent this, configure DNS to use an Active Directory-integrated zone. For more information about using the DNS Failover utility, access the dfo.exe help by typing dfo.exe /? from a command prompt. Identity failover Select this option if you want to failover by transferring the source IP address and name to the target. When using identity failover, it is possible that a name and/or IP address conflict can occur either during failover or when the original source server comes back online. To avoid this conflict, use DNS Failover. Application Manager cannot be used for failover or failback when the Identity failover method is selected. However, the Failover Control Center can still be used to initiate failover. DNS failover reduces downtime and provides other benefits. It is recommended for most environments. In Identity Failover, the target s physical identity is modified to match the source during a failover. This includes the target adopting the source server s name, primary IP address, and drive shares during a failover. Identity failover may be required in the following situations: Access to the domain controller or DNS server is not available (for example, due to permissions) from the account that Storage Mirroring runs under on the source/target servers. If you determine that the time it takes to propagate the necessary DNS or Active Directory changes to the rest of your environment is not acceptable. The time needed to propagate these changes depends on your Active Directory Replication and DNS server settings. If you have client applications that are configured to connect to an IP address rather than a server name. 6-7

78 After you select the Identity Failover option, click Configure. The Configure Identity Failover window will appear. Enter the following information for Identity failover: 1. In the Source IP column, select the source IP address(es) to be monitored for failover. 2. In the Target NIC column, select the target NIC to be used when failover occurs. 3. The Target IP Addresses area displays the IP address(es) of the selected target NIC. 4. Select the IP Address checkbox if you want the specified source IP address to be monitored (Default = selected). If your source and target servers are on different subnets, you should NOT failover the IP address. Instead, if the server name is required you should choose DNS failover with the Advanced switch and select the Server Name. For more information, see Advanced settings on page Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = selected). 6. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = selected). 7. Select the Active Directory Hostname (SPNs) checkbox to remove the host SPN (Service Principle Name) from Active Directory for the source automatically and add it to Active Directory for the target during failover (Default = selected). 8. Click OK to save your entries and return to the Configure Protection window. Services Application Manager will determine the appropriate services to start/stop based on your system configuration. You should only modify this selection if there are additional services that need to be started during the failover/failback process. 6-8

79 Modifying the default configuration for services may affect whether data can be successfully replicated. Do not modify the services to start/stop unless you are very familiar with Storage Mirroring and the applications running on your server. 1. To add a service, click Add. The Add Service window will appear. 2. Select the Service name from the drop-down box, then click Add; or, type the name of a service, then press Enter. 3. If available, select the Service must be stopped on target checkbox. Most services must be stopped on the target for replication to occur properly. 4. When you are finished entering services, click Close to return to the Failover configuration window. 5. To remove a service, select one or more services, then click Remove. You can only remove services that you added manually using the Application Manager. 6. Services will be started in the displayed order (top-to-bottom starting with the left column) and shutdown in reverse order (bottom-to-top starting with the right column). To re-arrange the order in which services are started/stopped: a. Add any additional services. b. Select a service in the list, then use the up and down arrow buttons to move the service to the appropriate position in startup/shutdown order. Monitor settings The Monitoring tab includes options for configuring how you want to monitor the source server for failure. Configure how you want to monitor the source server for failure. 1. Select the Active Monitoring Enabled option to enable or disable failover for the selected source/target pair. 2. By default, Manual Intervention Required is selected. Manual intervention allows you to control when failover occurs. When a failure occurs, a prompt appears and waits for you to initiate the failover process manually. Disable Manual Intervention Required only if you want failover to occur immediately when a failure condition is met. 3. In the Method to monitor for Failover field, select the ping method to use when monitoring source IP addresses. 6-9

80 Network Access (ICMP) Storage Mirroring failover uses ICMP pings to determine if the source server is online. If a network device, such as a firewall or router, between the source and target is blocking ICMP traffic, failover monitors cannot be created or used. Replication Service (UDP) The Storage Mirroring service on the target server sends a ping-like UDP request to the source Storage Mirroring service, which replies immediately to confirm it is running. This method is useful when ICMP is blocked on routers between the source and target. 4. Configure how long to wait after a source failure to initiate failover. The amount of time before failover begins is calculated by multiplying the Monitor Interval by the Missed Packets. For example, if the Monitor Interval is set to 5 seconds and the Missed Packets setting is 5, a failover condition will be identified after 25 seconds of missed source activity. a. In the Monitor Interval field, select how often the monitor should check the source machine availability (Default = 5 seconds). b. In the Missed Packets field, select how many monitor replies can be missed before assuming the source machine has failed (Default = 5 missed replies). 5. If you are monitoring multiple IP addresses, select one of the Failover Trigger options. All Monitored IP Addresses Fail Failover begins when all monitored IP addresses fail. One Monitored IP Address Fails Failover begins when any of the monitored IP addresses fail. Snapshot settings The following allow you to set up snapshots of your target data that can be used when failing over. By default, snapshots are not enabled in the Application Manager. 1. To enable snapshots, select the Enable periodic snapshots checkbox. This will enable the remaining controls. 2. In the Snapshot interval field, select the interval at which you want to perform snapshots (in minutes). The minimum interval is 15 minutes. 3. Select one of the following options for when to begin collecting snapshots: Start now Select this option to take the first snapshot as soon as protection is enabled. Start at Select this option to start taking snapshots at a future time. If you select this option, you will also need to enter a date and time. 4. When you are finished, click OK. 6-10

81 Connection settings The Connection tab includes options that will be applied to the specified source/target connection. Route This setting identifies the Target IP Address that the Storage Mirroring data will be transmitted through. You should only change this setting if you want to select a different route for Storage Mirroring traffic. On a machine with more than one NIC, this increases the flexibility of configuring Storage Mirroring activity. For example, you can separate regular network traffic and Storage Mirroring traffic on a machine. The default ports will be used. File Shares By default, all non-administrative file shares are selected. You can add other data that you want to protect by selecting the checkbox next to it in the tree view. On a domain controller, you cannot protect the NETLOGON and SYSVOL shares and they will not be visible in the File Shares tree. You can also select non-application specific data under the Volumes folder. If Override Generated Rules is selected on the Advanced tab, this control will be disabled. To refresh the tree view to show new source directories or files that may have been added or removed, select the logical node, then click the Refresh button. If a node in the volumes branch is selected, then the items under that node will be refreshed. Mirror type The following options specify what files you want sent from the source to the target during a mirror. Full Copies all of the directories and files in the replication set to the target machine. If a mirror has already been completed, another full mirror will overwrite the data on the target. 6-11

82 Checksum (Default) This option performs a checksum comparison calculation. A checksum calculation is a formula applied to blocks of data to determine if the binary make-up of the block is identical. If the checksums on the source and target machine are the same, the block is skipped. If the checksums on the source and target machine are not the same, the block on the source is sent to the target. With this option, the entire file is not overwritten; only the block that is received from the source is overwritten. The Mirror type setting also applies to the restoration connection. Enable compression This setting enables compression of data that is transmitted from the source to the target. Significant improvements in bandwidth utilization have been seen in Wide Area Network (WAN) configurations or in any case where network bandwidth is a constraint. Compression may be used in LocalArea Network (LAN) configurations, though it may not provide any significant network improvements. You can specify compression for different source/target connections, but all connections to the same target will have the same compression settings. By default, compression is disabled. To enable it, select Enable Compression, then set the level from minimum to maximum compression. Advanced settings The Advanced tab includes advanced configuration options. Replication set rules A replication set defines what directories/files are to be protected by Storage Mirroring. By default, Application Manager selects all of the necessary directories/files to protect the file server based on your source server configuration. These include all non-administrative file shares. By default, the Application Manager-generated replication set will be named fileprint_<source server name>_<target server name>. You should only modify the replication set rules if there are additional directories/files specific to your configuration that must also be protected. Modifying the default configuration for replication set rules may affect whether data can be successfully replicated. Do not modify the replication set unless you are very familiar with Storage Mirroring. 6-12

83 To change the replication set rules: 1. Select the Override Generated Rules checkbox. When this box is selected, the File Shares control on the Connection tab will be disabled. For more information, see File Shares on page To add a replication set rule, click Add. The Add Repset Rule dialog box will appear. 3. In the Rule Path field, type the directory that you want to protect or exclude. 4. In the Include/Exclude area, select whether to include or exclude the path from the replication set. 5. In the Recursive area, select whether the directory should be recursive (protecting all sub-folders under the directory) or non-recursive (protecting only the files in the directory). 6. Click Add. 7. When you have entered all of your replication set rules, click Close to return to the Advanced configuration tab. You will need to manually verify that the rule path is correct since the Application Manager does not validate rule paths. 8. To remove a rule, select one or more rules, then click Remove. Removing rules that were automatically added by Application Manager could impact the success of failover. Any changes to rules should be thoroughly tested. 9. To reset the rules to the auto-generated rules and to re-enable the File Shares control, remove the selection from the Override Generated Rules checkbox. Failover/failback scripts Scripts are executed at different points during the failover/failback process to perform the actions necessary to make the file shares available on the appropriate server. Editing scripts is an advanced feature. Do not edit scripts unless you fully understand what each command is doing. 6-13

84 Scripts are automatically generated by Application Manager during configuration. The scripts are copied to the Storage Mirroring installation directory on the specified server using the administrative share for that server s drive. Script File name Description Failover post_failover_fileprint.txt A post-failover script is executed after the core failover processes have completed on the target server. The primary functions of the post-failover script are to start the services on the target and to modify DNS and Active Directory entries as necessary. Failback pre_failback_fileprint.txt A pre-failback script is executed before failback processing occurs on the target server. The primary functions of this script are to stop services on the target and to move DNS and Active Directory entries as necessary. Restore post_restore_fileprint.txt A post-restore script is not executed automatically, though it is provided on the source to perform actions that are generally required after data has been restored from the target to source after a failover/failback. The primary function of this script is to restart services on the source server. Post-failback post_failback_fileprint.txt A post-failback script is executed on the target before the post-restore script runs. The primary function of this script is to re-start the Server service and al dependent services on the source in order to refresh client connections. By default, Application Manager generates all the required scripts for you automatically based on your system configuration. You can also edit the scripts to add, modify, or delete specific commands. To edit a script: 1. Click on the button for the script you want to update. The script file will be displayed using your machine s default editor. 2. Enter your changes. 3. Save the script file. Any change you make to the script in the editor will be copied to the appropriate server when configuration changes are accepted, thus overwriting any changes that have been made outside the Application Manager. The scripts can be overwritten by certain operations during setup. For example, any changes to configuration options done in the Application Manager will overwrite previous script changes. If you want to make permanent changes to a script, you must modify the appropriate.txt file within the Application Manager installation directory. If there is more than one client machine that will be configuring failover, the change must be made to all the appropriate.txt files. Before running Application Manager multiple times (for example, when re-enabling protection after a failover/failback), save a copy of your post-restore and pre-failback batch files. After Application Manager executes, replace the default script file(s) with the customized file(s) that you saved. Items to failover Select the items to failover. 1. Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = selected). 2. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = selected). 6-14

85 3. Select the Active Directory Hostname (SPNs) checkbox if you want to remove the host SPN (Service Principle Name) automatically from Active Directory for the source and add it to Active Directory for the target during failover (Default = selected). If you are using Active Directory, you should enable this option. Otherwise, you may experience problems with failover. Advanced settings The following options allow you to control what functions Application Manager will perform during configuration. By default, Application Manager performs all of these functions. Individual functions should only be disabled for testing or debugging purposes. These options are only available when you launch Application Manager using the command line /fileprint /advanced option (dtam /fileprint /advanced). 1. Select the Create Replication Set checkbox to automatically create a replication set that includes all of the necessary directories/files that must be protected for your specific configuration. This should only be disabled if you have customized your replication set and do not want to overwrite it (Default = selected). 2. Select the Create Failover Scripts checkbox to automatically generate the failover/failback scripts and copy them to the appropriate server. This should be disabled only if you have customized your script files and do not want them to be overwritten (Default = selected). 3. Select the Create Connection checkbox to create the connection between the source and target using the automatically-generated replication set. This should only be disabled if you would like to verify the replication set that is created by Application Manager prior to connection (Default = selected). 4. Select the Create Failover Monitor checkbox to create a failover monitor on the target to monitor the source for failure. This monitor will use the failover parameters specified during configuration as well as the script files that have been created (Default = selected). Saving configuration changes After you have changed the configuration parameters, click OK to apply the settings. If you click Cancel, any changes you have made will be discarded and the previous configuration parameters wil be used. 6-15

86 When you have finished configuring the optional protection options, continue with Validate the Configuration on page 9-1. If you close the Application Manager prior to enabling protection, your changes will not be saved. You must enable protection in order to save your configuration settings for a source/target pair. If you modify your configuration on the source server (such as adding a new storage group or database), you must disable protection, run validation and fix any issues, then re-enable protection to apply the changes to the Application Manager replication set. 6-16

87 Protecting a SharePoint Server The SharePoint databases will be protected by default and the Application Manager can be used to extend the target web front-end into the source SharePoint configuration. Source front-end web server Internet Information Services WSS 3.0 or MOSS 2007 Target database server and front-end web server Internet Information Services Microsoft SQL Server (default or named instance) WSS 3.0 or MOSS 2007 Storage Mirroring Source database server Microsoft SQL Server (default or named instance) Storage Mirroring To configure protection for your SharePoint servers using Application Manager, you will complete the following steps: 1. Configure each source as a Windows member server. 2. Install Microsoft SQL Server on each source that will be used as a back-end server. For SQL Server 2000, Microsoft recommends that all service packs be installed independently for each source and target instance. This ensures that operating system files and registry entries are applied appropriately. 3. Install and configure Windows SharePoint Services (WSS 3.0) or Microsoft Office SharePoint Server (MOSS 2007) on each source that will be used as a front-end server, according to Microsoft guidelines. 4. Configure each Windows 2003 target as a member server in the same Active Directory domain or trusted domain environment as the source. 5. Install SQL on the target, verifying that the locations for the SQL installation and the location of the data and log files for the target are the same as the source. Apply the same SQL service packs or patches as were installed on the source. Use the default installation options for SQL with the following considerations: The target must be a unique installation (that is, two separate SQL servers must be available for a protection pair) Logical drive mapping must be the same on the source and target and must assigned prior to running the Application Manager. For SQL Server 2000, Microsoft recommends that all service packs be installed independently for each source and target instance. This ensures that operating system files and registry entries are applied appropriately. 6. Install WSS 3.0 or MOSS 2007 on the target server, but DO NOT configure it if you want to use Storage Mirroring Application Manager to extend the target into the Web Farm. 7-1

88 7. Install Storage Mirroring the source and target SQL servers using the installation defaults. See the Storage Mirroring Getting Started guide for details. 8. Install the Application Manager on page Select a task on page Select a domain on page Select SharePoint front end on page Select source and target servers on page (Optional) Configure protection settings on page Validate the Configuration on page 9-1 To protect your SharePoint server, you will complete the following steps: 1. Enable protection on page Monitor protection status on page 10-2 In the event of a failure, you will need to perform some additional tasks. These tasks are described in Failover, Failback, and Restoration on page Select a task To protect a SharePoint server, open the Application Manager (Start, Programs, Storage Mirroring, Application Manager), then on the Tasks area on the left pane, select Protect SharePoint Server. The Manage SharePoint page will appear in the right pane. Make sure that the Setup tab is in view. You can also launch Application Manager for SharePoint by using the command line /sharepoint option (dtam /sharepoint). Select a domain The Domain Name on the main window will be populated automatically with the domain where the Application Manager client resides. 7-2

89 If you want to change the domain, type in a domain name for a trusted domain that the Application Manager client can connect to, then press Tab or click on another field. If the domain you entered doesn t exist or you do not have the credentials to modify Active Directory for the new domain, the Domain Login window will appear. You will be prompted to enter the domain name, user name, and password to use for logging in to the domain. Domain names must include a suffix, such as.com,.corp, or.net. The user account should have administrator permissions. For more information about configuring permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format NetBIOS domain name\username or username. If you enter a non-qualified name, the default domain will be used. Select SharePoint front end Enter the name of the server that functions as the SharePoint front end, then click Get Config to load that server s configuration information into the Application Manager. The source server will be detected and added to the Source Server field. Select source and target servers If this is your first time to select a SharePoint server to protect, you may need to click the Advanced Find button to add servers to the Source Server and Target Server fields. For more information, see Add or manage servers on page 7-4. If you select a source/target pair for which you have previously enabled and disabled protection, you may use the existing configuration settings (provided that the source/target connection is not currently active, in which case the existing settings will always be used). When you select Configure 7-3

90 or Validate, a prompt wil appear asking if you want to re-use the previous configuration information. Click Yes to re-use the previous information, or click No to revert to the Application Manager default settings. If the IP address(es) for the source or target server have changed since you originally configured protection (for example, if you configure the source or target in a staging area and then send it to a production location), you must re-configure the protection settings. When you are prompted to re-use the previous protection configuration, click No, then click the Configure Protection button. 1. In the Source Server field, select the SharePoint server that you want to protect. If this is your first time to log in to the selected server, you will be prompted to enter server login information. For more information about logging in to servers, see Enter server login information on page 7-5. You cannot protect a server if it is already functioning as a target server. If you attempt to select a source that is currently unavailable, a prompt will appear stating that the source is not available and that if the source is failed over, you should first select the target. If you select the target, then select the source (as recommended in the prompt), the same prompt appears (though you would expect to get a prompt to failover). The ability to failover using the Application Manager will not be available until a failover condition has been met in accordance with the failover monitor settings set on the Monitoring tab. 2. In the Target Server field, select the backup SharePoint server that will protect the source server in the event of a failure. Notice that after the source and target servers are selected, the Protection Status on the Monitor tab changes to Unprotected. If you first select a target that is monitoring a connection that has met a failover condition and requires manual intervention, then select the protected source server, a prompt will appear asking if you want to initiate failover. Add or manage servers If the servers you need do not appear, click the Advanced Find button, or select Actions, Manage SQL Servers. The Manage SQL Servers window will appear. To discover all servers in the domain: 1. Click the Search button. The Discovered Servers list will be populated with all servers that the Application Manager can discover that reside in the domain. 2. To directly add a server to the drop-down list on the Manage SharePoint main page, select the server in the Discovered Servers list, then use the >> button to move it into the Current Servers list. 7-4

91 3. To add a non-discovered server to the Current Servers list, enter the server name in the field next to the Add button, then click Add. In environments with a very large number of servers in Active Directory, you may experience significant delays while the Application Manager searches for SQL servers. To override the automatic scan for SQL servers, you can launch Application Manager through the command line using the /nosqlsearch option (dtam /sharepoint /nosqlsearch). This will cause the Application Manager not to populate the Source and Target fields automatically. You will then need to click the Advanced Find button and add the source and target SQL servers manually. 4. After a server has been added to the Current Servers list, you can manage that server. Select the server, then select one of the following options: Remove Click the Remove button to remove the selected server from the drop-down list on the Manage SharePoint main page. Test SQL Click the Test SQL button to determine if SQL is installed and accessible for the selected server. 5. When you have finished adding, managing, or testing servers, click OK to save your changes, or Cancel to return to the Manage SharePoint main page without saving. Enter server login information After you select a server for the first time, you will be prompted to enter a user name and password to use for logging in to the selected server. The login account MUST be a member of the Storage Mirroring Admin local security group for the selected server. For more information about permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used. Entering the credentials for the logged-on user may be valid. The Application Manager will attempt to use the same user name and password the next time you select a server. Configure protection settings If you do not need to change the configuration settings, continue with Validate the Configuration on page 9-1. If you have already enabled protection for a connection and need to change the configuration parameters, you will first need to disable protection as described in Disable protection on page To change the default configuration parameters, click Configure from the main Application Manager window, or select Actions, Configure Protection from the menu. The Configure Protection window will appear. The Configure Protection window has tabs for configuring failover, connection, SharePoint, and advanced settings. The following sections describe the options on each of these tabs. 7-5

92 Failover settings The Failover tab includes options that will be applied during SharePoint failover. Failover type Failover Type indicates what name resolution method will be used to redirect users to the target SharePoint server in the event of a source failure. By default, DNS Failover is selected. DNS failover DNS Failover is the recommended method for failover. Use this option if you want to failover by updating the DNS records associated with the source. This will modify all source server A, MX, and PTR-type DNS resource records to point to the target. In DNS Failover, the DNS records for the source server are modified to point to the target server s IP address. This allows clients to resolve the source SharePoint server name to the target server s network name and IP address atfailover time. DNS Failover eliminates duplicate server name and IP addresses on your network. 7-6

93 After you select the DNS Failover option, click Configure. The Configure DNS Failover window will appear. Configure the following information for DNS failover: 1. To add additional DNS server IP addresses, type the IP address into the DNS Server field, then click Add. 2. The list box under the DNS Server field contains all DNS IP addresses for the source and target servers. The label after the DNS IP address indicates whether the DNS IP address belongs to the source, target, or both. To remove an IP address from the DNS server list, select the IP address, then click the Delete button. 3. In the Source IP column, select the checkbox next to the source IP address(es) to be monitored for failover. 4. In the Target IP column, select the target IP address to be used when failover occurs. If the target is monitoring multiple source IP addresses for failover, each monitored source IP address must be mapped to a unique target IP address. 5. To specify the value the Application Manager will establish for Time to Live (TTL) on the source s affected DNS records, select the Update TTL checkbox, then enter the desired update interval (in seconds). The default is the current maximum TTL of all the source s A records. The recommended value is 300 seconds (5 minutes). 6. In the Username field, enter the user name that will be used to access/modify DNS records. The login account MUST be a member of the DNSAdmins group for the domain in which the DNS server resides. For more information about permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used by default. The domain name is obtained from the DNS server name, provided that reverse lookup in DNS is enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. 7. In the Password field, enter the password that will be used to access/modify DNS records. 7-7

94 8. Click the Test button to validate that DNS failover is configured correctly for the selected DNS server(s) and that the specified credentials are sufficient to update DNS. 9. When the DNS configuration is complete, click OK to save your entries and return to the Configure Protection window. If you are running Windows Server 2000 on the primary DNS server hosting zones or domains that contain source and/or target resource records, you must have the DNS WMI Provider installed on that DNS server. The Dynamic updates setting for the DNS zone should be set to Secure only. Otherwise, you must disable dynamic registration on the source server in order to prevent the source from reclaiming its DNS record. If a hosts file entry for the source server exists on the client machine, errors may occur during a failover and failback. Reverse lookup in DNS should be enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. DNS registration for the private (devoted to Storage Mirroring) NIC IP should be disabled. If dynamic updates are enabled on a standard primary zone, the source server will be able to update its DNS records after failover. To prevent this, configure DNS to use an Active Directory-integrated zone. For more information about using the DNS Failover utility, access the dfo.exe help by typing dfo.exe /? from a command prompt. Identity failover Select this option if you want to failover by transferring the source IP address and name to the target. When using identity failover, it is possible that a name and/or IP address conflict can occur either during failover or when the original source server comes back online. To avoid this conflict, use DNS Failover. Application Manager cannot be used for failover or failback when the Identity failover method is selected. However, the Failover Control Center can still be used to initiate failover. DNS failover reduces downtime and provides other benefits. It is recommended for most environments. In Identity Failover, the target s physical identity is modified to match the source during a failover. This includes the target adopting the source server s name, primary IP address, and drive shares during a failover. Identity failover may be required in the following situations: Access to the domain controller or DNS server is not available (for example, due to permissions) from the account that Storage Mirroring runs under on the source/target servers. If you determine that the time it takes to propagate the necessary DNS or Active Directory changes to the rest of your environment is not acceptable. The time needed to propagate these changes depends on your Active Directory Replication and DNS server settings. If you have client applications that are configured to connect to an IP address rather than a server name. 7-8

95 After you select the Identity Failover option, click Configure. The Configure Identity Failover window will appear. Enter the following information for Identity failover: 1. In the Source IP column, select the source IP address(es) to be monitored for failover. 2. In the Target NIC column, select the target NIC to be used when failover occurs. 3. The Target IP Addresses area displays the IP address(es) of the selected target NIC. 4. Select the IP Address checkbox if you want the specified source IP address to be monitored (Default = selected). If your source and target servers are on different subnets, you should NOT failover the IP address. Instead, if the server name is required you should choose DNS failover with the Advanced switch and select the Server Name. For more information, see Advanced settings on page Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = NOT selected). 6. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = NOT selected). 7. Select the Active Directory Hostname (SPNs) checkbox to remove the host SPN (Service Principle Name) from Active Directory for the source automatically and add it to Active Directory for the target during failover (Default = NOT selected). 8. Click OK to save your entries and return to the Configure Protection window. Services Application Manager will determine the appropriate SharePoint services to start/stop based on your operating system/sharepoint configuration. You should only modify this selection if there are additional services that need to be started along with SharePoint during the failover/failback process. 7-9

96 Modifying the default configuration for services may affect whether data can be successfully replicated. Do not modify the services to start/stop unless you are very familiar with Storage Mirroring and SharePoint. 1. To add a service, click Add. The Add Service window will appear. 2. Select the Service name from the drop-down box, then click Add; or, type the name of a service, then press Enter. 3. If available, select the Service must be stopped on target checkbox. Most services must be stopped on the target for replication to occur properly. 4. When you are finished entering services, click Close to return to the Failover configuration window. 5. To remove a service, select one or more services, then click Remove. You can remove all of the services besides the required SQL server service (MSSQLSERVER for a default instance, or MSSQL$<instance_name> for a named instance). 6. Services will be started in the displayed order (top-to-bottom starting with the left column) and shutdown in reverse order (bottom-to-top starting with the right column). To re-arrange the order in which services are started/stopped: a. Add any additional services. b. Select a service in the list, then use the up and down arrow buttons to move the service to the appropriate position in startup/shutdown order. Add/remove SharePoint services To stop the target SharePoint services when protection is enabled, click the Add SharePoint Services button. SharePoint services will be added to the list of services. If you add SharePoint services, they will be started upon failover and stopped upon failback. This will result in SharePoint on the target being active only when the target is failed over. Monitor settings The Monitoring tab includes options for configuring how you want to monitor the source server for failure. 7-10

97 Configure how you want to monitor the source server for failure. 1. Select the Active Monitoring Enabled option to enable or disable failover for the selected source/target pair. 2. By default, Manual Intervention Required is selected. Manual intervention allows you to control when failover occurs. When a failure occurs, a prompt appears and waits for you to initiate the failover process manually. Disable Manual Intervention Required only if you want failover to occur immediately when a failure condition is met. 3. In the Method to monitor for Failover field, select the ping method to use when monitoring source IP addresses. Network Access (ICMP) Storage Mirroring failover uses ICMP pings to determine if the source server is online. If a network device, such as a firewall or router, between the source and target is blocking ICMP traffic, failover monitors cannot be created or used. Replication Service (UDP) The Storage Mirroring service on the target server sends a ping-like UDP request to the source Storage Mirroring service, which replies immediately to confirm it is running. This method is useful when ICMP is blocked on routers between the source and target. 4. Configure how long to wait after a source failure to initiate failover. The amount of time before failover begins is calculated by multiplying the Monitor Interval by the Missed Packets. For example, if the Monitor Interval is set to 5 seconds and the Missed Packets setting is 5, a failover condition will be identified after 25 seconds of missed source activity. a. In the Monitor Interval field, select how often the monitor should check the source machine availability (Default = 5 seconds). b. In the Missed Packets field, select how many monitor replies can be missed before assuming the source machine has failed (Default = 5 missed replies). 5. If you are monitoring multiple IP addresses, select one of the Failover Trigger options. All Monitored IP Addresses Fail Failover begins when all monitored IP addresses fail. One Monitored IP Address Fails Failover begins when any of the monitored IP addresses fail. Application Monitoring (BETA) By default, application monitor settings are not available in this release of the Storage Mirroring Application Manager. Application monitoring is only available when you launch Application Manager using the command line /sharepoint /advanced option (dtam /sharepoint /advanced) WARNING: This feature is currently BETA and should not be used in production environments. 1. If you select the Enable Application Monitoring checkbox, the remaining fields in Application Monitor Settings area will be enabled. A message box will appear, asking you to confirm that you want to use this BETA feature. To continue, click OK. Application monitoring is not available when dealing with a cluster. 7-11

98 2. In the Monitor Interval field, enter the interval (in seconds) at which you want to check application health. 3. In the Error Threshold field, enter the number of consecutive errors that can be received before an error alert appears. 4. In the Type of Monitoring area, select one of the following options. Built-in Monitoring Points Use the default monitoring options. Custom Script Launch a batch file to check application health. Either type the name of the script, or click Browse to locate a script. If you select Custom Script, you will also need to designate whether to use.ps1 (PowerShell) or.vb (VisualBasic) as the Script Engine. Make sure you select the appropriate engine for your script type. An example script that you can use as a basis for creating your custom script is included in the \Samples subfolder where the Application Manager is installed. 5. In the Username field, enter the fully-qualified user name that will be used to run WMI scripts. The fully-qualified user name must be in the format domain\username or username@domain. The required credentials for running WMI scripts is full WMI access to the CIMV2 namespace. Under Windows 2008, the supplied credentials must also be allowed through DCOM and User Access Control. It is recommended that a group be created for running scripts, and that the required permissions be given to the group. By default, the administrative group of a Windows 2008 machine has full WMI access. However, DCOM and User Access Control settings may need to be adjusted. 6. In the Password field, enter the password for the specified user account. 7. Click the Test button to validate that the specified credentials are sufficient to run WMI scripts. 8. (Optional) Click the Clear Cached Credentials button to clear the cached user name and password. 7-12

99 Snapshot settings The following allow you to set up snapshots of your target data that can be used when failing over. By default, snapshots are not enabled in the Application Manager. 1. To enable snapshots, select the Enable periodic snapshots checkbox. This will enable the remaining controls. 2. In the Snapshot interval field, select the interval at which you want to perform snapshots (in minutes). The minimum interval is 15 minutes. 3. Select one of the following options for when to begin collecting snapshots: Start now Select this option to take the first snapshot as soon as protection is enabled. Start at Select this option to start taking snapshots at a future time. If you select this option, you will also need to enter a date and time. 4. When you are finished, click OK. Connection settings The Connection tab includes options that will be applied to the specified source/target connection. 7-13

100 Route This setting identifies the Target IP Address that the Storage Mirroring data will be transmitted through. You should only change this setting if you want to select a different route for Storage Mirroring traffic. On a machine with more than one NIC, this increases the flexibility of configuring Storage Mirroring activity. For example, you can separate regular network traffic and Storage Mirroring traffic on a machine. The default ports will be used. Protected Databases By default, all of the SharePoint program and data files (except the \binn directory) are selected for replication to the target SharePoint server. This will allow the clients to access your production SharePoint server data and functionality on the target in the event of a failure. The source and target servers must both have the exact same version of SharePoint (major and minor versions) as well as similar logical drive structures (the target must have at least the same logical drives as the source where SharePoint program and data files are stored). If you are using a SQL server named instance for a back-end database server in your SharePoint setup, both the source and target SQL servers must have named instances with the exact same name and logical drive structure as the source SQL server installed prior to configuring protection. To enable the ability to add or remove SharePoint instances, you can launch Application Manager through the command line using the /sharepoint /advanced option (dtam /sharepoint /advanced). With this option enabled, a dialog box will appear when you select Configure Protection. If you need to reduce the amount of mirroring and replication traffic, you may choose to deselect the tempdb database if it is not necessary. You can also select non-application specific data under the Volumes folder. If Override Generated Rules is selected on the Advanced tab, this control will be disabled. To refresh the tree view to show new source directories or files that may have been added or removed, select the logical node, then click the Refresh button. If a node in the volumes branch is selected, then the items under that node will be refreshed. Mirror type The following options specify what files you want sent from the source to the target during a mirror. Full Copies all of the directories and files in the replication set to the target machine. If a mirror has already been completed, another full mirror will overwrite the data on the target. Checksum (Default) This option performs a checksum comparison calculation. A checksum calculation is a formula applied to blocks of data to determine if the binary make-up of the block is identical. If the checksums on the source and target machine are the same, the block is skipped. If the checksums on the source and target machine are not the same, the block on the source is sent to the target. With this option, the entire file is not overwritten; only the block that is received from the source is overwritten. The Mirror type setting also applies to the restoration connection. Enable compression This setting enables compression of data that is transmitted from the source to the target. Significant improvements in bandwidth utilization have been seen in Wide Area Network (WAN) configurations or in any case where network bandwidth is a constraint. Compression may be used in LocalArea Network (LAN) configurations, though it may not provide any significant network improvements. 7-14

101 You can specify compression for different source/target connections, but all connections to the same target will have the same compression settings. By default, compression is disabled. To enable it, select Enable Compression, then set the level from minimum to maximum compression. Advanced settings The Advanced tab includes advanced configuration options. Replication set rules A replication set defines what directories/files are to be protected by Storage Mirroring. By default, Application Manager selects all of the necessary directories/files to protect SharePoint based on your source server configuration. These include the SharePoint application data and transaction logs, tempdb files, and SharePoint error logs. By default, the Application Manager-generated replication set will be named SharePointdag01_<source server name>_<target server name>. You should only modify the replication set rules if there are additional directories/files specific to your configuration that must also be protected with SharePoint. Modifying the default configuration for replication set rules may affect whether data can be successfully replicated. Do not modify the replication set unless you are very familiar with Storage Mirroring and SharePoint. To change the replication set rules: 1. Select the Override Generated Rules checkbox. When this box is selected, the Protected Databases control on the Connection tab will be disabled. For more information, see Protected Databases on page To add a replication set rule, click Add. The Add Repset Rule dialog box will appear. 7-15

102 3. In the Rule Path field, type the directory that you want to protect or exclude. 4. In the Include/Exclude area, select whether to include or exclude the path from the replication set. 5. In the Recursive area, select whether the directory should be recursive (protecting all sub-folders under the directory) or non-recursive (protecting only the files in the directory). 6. Click Add. 7. When you have entered all of your replication set rules, click Close to return to the Advanced configuration tab. You will need to manually verify that the rule path is correct since the Application Manager does not validate rule paths. 8. To remove a rule, select one or more rules, then click Remove. Removing rules that were automatically added by Application Manager could impact the success of failover. Any changes to rules should be thoroughly tested. 9. To reset the rules to the auto-generated rules and to re-enable the Protected Databases control, remove the selection from the Override Generated Rules checkbox. Failover/failback scripts Scripts are executed at different points during the failover/failback process to perform the actions necessary to make SharePoint available on the appropriate server. Scripts perform steps such as starting/stopping services, attaching/detaching databases, and modifying DNS entries on the DNS server to point users to the appropriate server. Editing scripts is an advanced feature. Do not edit scripts unless you fully understand what each command is doing. Scripts are automatically generated by Application Manager during configuration. The scripts are copied to the Storage Mirroring installation directory on the specified server using the administrative share for that server s drive. Script File name Description Failover post_failover_sharepoint.txt A post-failover script is executed after the core failover processes have completed on the target server. The primary functions of the post-failover script are to start the services on the target and to modify DNS and Active Directory entries as necessary. Failback pre_failback_sharepoint.txt A pre-failback script is executed before failback processing occurs on the target server. The primary functions of this script are to stop services on the target and to move DNS and Active Directory entries as necessary. Restore post_restore_sharepoint.txt A post-restore script is not executed automatically, though it is provided on the source to perform actions that are generally required after data has been restored from the target to source after a failover/failback. The primary function of this script is to restart services on the source server. 7-16

103 By default, Application Manager generates all the required scripts for you automatically based on your system configuration. You can also edit the scripts to add, modify, or delete specific commands. To edit a script: 1. Click on the button for the script you want to update. The script file will be displayed using your machine s default editor. 2. Enter your changes. 3. Save the script file. Any change you make to the script in the editor will be copied to the appropriate server when configuration changes are accepted, thus overwriting any changes that have been made outside the Application Manager. The scripts can be overwritten by certain operations during setup. For example, any changes to configuration options done in the Application Manager will overwrite previous script changes. If you want to make permanent changes to a script, you must modify the appropriate.txt file within the Application Manager installation directory. If there is more than one client machine that will be configuring failover, the change must be made to all the appropriate.txt files. Before running Application Manager multiple times (for example, when re-enabling protection after a failover/failback), save a copy of your post-restore and pre-failback batch files. After Application Manager executes, replace the default script file(s) with the customized file(s) that you saved. Items to failover Select the items to failover. 1. Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = selected). 2. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = NOT selected). 3. Select the Active Directory Hostname (SPNs) checkbox if you want to remove the host SPN (Service Principle Name) automatically from Active Directory for the source and add it to Active Directory for the target during failover (Default = selected). If you are using Active Directory, you should enable this option. Otherwise, you may experience problems with failover. 7-17

104 Advanced settings The following options allow you to control what functions Application Manager will perform during configuration. By default, Application Manager performs all of these functions. Individual functions should only be disabled for testing or debugging purposes. These options are only available when you launch Application Manager using the command line /sharepoint /advanced option (dtam /sharepoint /advanced). 1. Select the Create Replication Set checkbox to automatically create a replication set that includes all of the necessary directories/files that must be protected for your specific configuration. This should only be disabled if you have customized your replication set and do not want to overwrite it (Default = selected). 2. Select the Create Failover Scripts checkbox to automatically generate the failover/failback scripts and copy them to the appropriate server. This should be disabled only if you have customized your script files and do not want them to be overwritten (Default = selected). 3. Select the Create Connection checkbox to create the connection between the source and target using the automatically-generated replication set. This should only be disabled if you would like to verify the replication set that is created by Application Manager prior to connection (Default = selected). 4. Select the Create Failover Monitor checkbox to create a failover monitor on the target to monitor the source for failure. This monitor will use the failover parameters specified during configuration as well as the script files that have been created (Default = selected). 7-18

105 SharePoint settings The SharePoint tab includes options you can use to join or extend the target front-end web server to the production SharePoint configuration or web farm. The Application Manager determines the Microsoft SQL server and configuration database used by the source SharePoint web front-end server, then uses that information to connect the specified target web server to the same SharePoint configuration. The target web server specified can be local or remote. The target web server must have the same version of SharePoint installed as the production SharePoint web server. For best results, SharePoint should be installed but not yet configured on the target web server. In order to extend the target web server, you will also need to add the Sharepoint administrator account to the local Domain Admin group on the target server before you extend the target web front-end server into the farm. The first five fields will be filled in automatically. You can modify these values. 1. In the Server Name field, enter the NetBIOS or physical name of the target SharePoint web server. 2. In the IP Address field, enter the IP address for the target web server. 3. In the TCP Port field, enter the TCP port to be used for communicating with the target web server. 4. In the Config Database Server field, enter the name of the Microsoft SQL Server that hosts the configuration database. 5. In the Config Database Name field, enter the name of the configuration database for the production SharePoint web front-end server. 6. In the SharePoint Admin Name field, enter the account used to install and configure SharePoint on the production SharePoint web front-end server. This should be entered as a fully-qualified domain name (domain\username). 7. In the SharePoint Admin Password field, enter the password for the SharePoint Admin account. 8. In the Confirm Password field, re-enter the password. 9. When you have finished setting the configuration options, click Connect Server. 7-19

106 When you select this button, the SharePoint front-end web server specified in the Server Name field will be extended into the source SharePoint configuration. After you click Connect Server, it is recommended that you connect to both the source and target front-end web servers using a browser. The process of connecting a front-end web server to an existing SharePoint configuration can take several minutes to complete. During this time, you will be able to perform other tasks within the Configure Protection window; however, you will not be able to close the Configure Protection window until the task is complete. You must manually install the Central Administration web application after the target has been extended in order to be able to administrate SharePoint in the event of a failover. Saving configuration changes After you have changed the configuration parameters, click OK to apply the settings. If you click Cancel, any changes you have made will be discarded and the previous configuration parameters wil be used. When you have finished configuring the optional protection options, continue with Validate the Configuration on page 9-1. If you close the Application Manager prior to enabling protection, your changes will not be saved. You must enable protection in order to save your configuration settings for a source/target pair. If you modify your configuration on the source server (such as adding a new storage group or database to a directory that was not included in the replication set), you must disable protection, run validation and fix any issues, then re-enable protection to apply the changes to the Application Manager replication set. 7-20

107 Protecting a BlackBerry Server To configure protection for a consolidated one-to-one configuration of your BlackBerry servers using the Application Manager, you will complete the following steps: 1. Install Microsoft SQL Server on the source, if it is not already installed. Microsoft recommends that all service packs be installed independently for each source and target instance. This ensures that operating system files and registry entries are applied appropriately. 2. Install BlackBerry Enterprise Server on the source. 3. Install Microsoft SQL Server on the target, if it is not already installed. Having two BlackBerry Enterprise Servers running at the same time with the same SRP (Server Routing Protocol) key disables that particular SRP key. If the SRP key is disabled, wireless communication with BlackBerry devices will not function. 4. Verify that BlackBerry Enterprise Server is shut down on the source server. Otherwise, when installing the target you must reply No to start the BES services at the end of the installation. 5. Install BlackBerry Enterprise Server on the target, using the same values for BlackBerry server name, Windows login information, and database name that you used for the source. The SQL Server name will be the hostname of the target machine, not the source machine. 6. Stop the following BlackBerry Enterprise Server services so that the Storage Mirroring source can replicate the changes to the target. These may vary based on your environment. BlackBerry Alert BlackBerry Attachment Service BlackBerry Controller BlackBerry Dispatcher BlackBerry MDS Connection Service (if installed) BlackBerry MDS Services - Apache Tomcat Service (if installed) BlackBerry Policy Service BlackBerry Router BlackBerry Synchronization Service 7. Install Storage Mirroring on the source and target servers using the installation defaults. See the Storage Mirroring Getting Started guide for more information. 8. Install the Application Manager on page Select a task on page Select a domain on page Select source and target servers on page (Optional) Configure protection settings on page Validate the Configuration on page 9-1 To protect your BlackBerry server, you will complete the following steps: 1. Enable protection on page Monitor protection status on page 10-2 In the event of a failure, you will need to perform some additional tasks. These tasks are described in Failover, Failback, and Restoration on page

108 Select a task To protect a BlackBerry server, open the Application Manager (Start, Programs, Storage Mirroring, Application Manager), then on the Tasks area on the left pane, select Protect BlackBerry Server. The Manage BlackBerry page will appear in the right pane. Make sure that the Setup tab is in view. You can also launch Application Manager for BlackBerry by using the command line /blackberry option (dtam /blackberry). Select a domain The Domain Name on the main window will be populated automatically with the domain where the Application Manager client resides. If you want to change the domain, type in a domain name for a trusted domain that the Application Manager client can connect to, then press Tab or click on another field. If the domain you entered doesn t exist or you do not have the credentials to modify Active Directory for the new domain, the Domain Login window will appear. You will be prompted to enter the domain name, user name, and password to use for logging in to the domain. Domain names must include a suffix, such as.com,.corp, or.net. The user account should have administrator permissions. For more information about configuring permissions, see Recommended Credentials on page A

109 You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format NetBIOS domain name\username or username. If you enter a non-qualified name, the default domain will be used. Select source and target servers If this is your first time to select a BlackBerry server to protect, you may need to click the Advanced Find button to add servers to the Source Server and Target Server fields. For more information, see Add or manage servers on page 8-4. If you select a source/target pair for which you have previously enabled and disabled protection, you may use the existing configuration settings (provided that the source/target connection is not currently active, in which case the existing settings will always be used). When you select Configure or Validate, a prompt wil appear asking if you want to re-use the previous configuration information. Click Yes to re-use the previous information, or click No to revert to the Application Manager default settings. If the IP address(es) for the source or target server have changed since you originally configured protection (for example, if you configure the source or target in a staging area and then send it to a production location), you must re-configure the protection settings. When you are prompted to re-use the previous protection configuration, click No, then click the Configure Protection button. 1. In the Source Server field, select the BlackBerry server that you want to protect. If this is your first time to log in to the selected server, you will be prompted to enter server login information. For more information about logging in to servers, see Enter server login information on page 8-4. You cannot protect a server if it is already functioning as a target server. If you attempt to select a source that is currently unavailable, a prompt will appear stating that the source is not available and that if the source is failed over, you should first select the target. If you select the target, then select the source (as recommended in the prompt), the same prompt appears (though you would expect to get a prompt to failover). The ability to failover using the Application Manager will not be available until a failover condition has been met in accordance with the failover monitor settings set on the Monitoring tab. 2. In the Target Server field, select the backup BlackBerry server that will protect the source server in the event of a failure. Notice that after the source and target servers are selected, the Protection Status on the Monitor tab changes to Unprotected. If you first select a target that is monitoring a connection that has met a failover condition and requires manual intervention, then select the protected source server, a prompt will appear asking if you want to initiate failover. 8-3

110 Add or manage servers If the servers you need do not appear, click the Advanced Find button. The Manage BlackBerry Servers window will appear. To discover all servers in the domain: 1. Click the Search button. The Discovered Servers list will be populated with all servers that the Application Manager can discover that reside in the domain. 2. To directly add a server to the drop-down list on the Manage BlackBerry main page, select the server in the Discovered Servers list, then use the >> button to move it into the Current Servers list. 3. To add a non-discovered server to the Current Servers list, enter the server name in the field next to the Add button, then click Add. 4. After a server has been added to the Current Servers list, you can click the Remove button to remove the selected server from the drop-down list on the Manage BlackBerry Server main page. 5. When you have finished adding servers, click OK to save your changes, or Cancel to return to the Manage BlackBerry main page without saving. Enter server login information After you select a server for the first time, you will be prompted to enter a user name and password to use for logging in to the selected server. The login account MUST be a member of the Storage Mirroring Admin local security group for the selected server. For more information about permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used. Entering the credentials for the logged-on user may be valid. The Application Manager will attempt to use the same user name and password the next time you select a server. 8-4

111 Configure protection settings If you do not need to change the configuration settings, continue with Validate the Configuration on page 9-1. If you have already enabled protection for a connection and need to change the configuration parameters, you will first need to disable protection as described in Disable protection on page To change the default configuration parameters, click Configure from the main Application Manager window, or select Actions, Configure Protection from the menu. The Configure Protection window will appear. The Configure Protection window has tabs for configuring failover, connection, BlackBerry, and advanced settings. The following sections describe the options on each of these tabs. Failover settings The Failover tab includes options that will be applied during BlackBerry failover. Failover type Failover Type indicates what name resolution method will be used to redirect users to the target BlackBerry server in the event of a source failure. By default, DNS Failover is selected. DNS failover DNS Failover is the recommended method for failover. Use this option if you want to failover by updating the DNS records associated with the source. This will modify all source server A, MX, and PTR-type DNS resource records to point to the target. In DNS Failover, the DNS records for the source server are modified to point to the target server s IP address. This allows clients to resolve the source BlackBerry server name to the target server s network name and IP address atfailover time. DNS Failover eliminates duplicate server name and IP addresses on your network. 8-5

112 After you select the DNS Failover option, click Configure. The Configure DNS Failover window will appear. Configure the following information for DNS failover: 1. To add additional DNS server IP addresses, type the IP address into the DNS Server field, then click Add. 2. The list box under the DNS Server field contains all DNS IP addresses for the source and target servers. The label after the DNS IP address indicates whether the DNS IP address belongs to the source, target, or both. To remove an IP address from the DNS server list, select the IP address, then click the Delete button. 3. In the Source IP column, select the checkbox next to the source IP address(es) to be monitored for failover. 4. In the Target IP column, select the target IP address to be used when failover occurs. If the target is monitoring multiple source IP addresses for failover, each monitored source IP address must be mapped to a unique target IP address. 5. To specify the value the Application Manager will establish for Time to Live (TTL) on the source s affected DNS records, select the Update TTL checkbox, then enter the desired update interval (in seconds). The default is the current maximum TTL of all the source s A records. The recommended value is 300 seconds (5 minutes). 6. In the Username field, enter the user name that will be used to access/modify DNS records. The login account MUST be a member of the DNSAdmins group for the domain in which the DNS server resides. For more information about permissions, see Recommended Credentials on page A-1. You may enter a user name for a different domain by entering a fully-qualified user name. The fully-qualified user name must be in the format domain\username or username@domain. If you enter a non-qualified name, the DNS domain will be used by default. The domain name is obtained from the DNS server name, provided that reverse lookup in DNS is enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. 7. In the Password field, enter the password that will be used to access/modify DNS records. 8-6

113 8. Click the Test button to validate that DNS failover is configured correctly for the selected DNS server(s) and that the specified credentials are sufficient to update DNS. 9. When the DNS configuration is complete, click OK to save your entries and return to the Configure Protection window. If you are running Windows Server 2000 on the primary DNS server hosting zones or domains that contain source and/or target resource records, you must have the DNS WMI Provider installed on that DNS server. The Dynamic updates setting for the DNS zone should be set to Secure only. Otherwise, you must disable dynamic registration on the source server in order to prevent the source from reclaiming its DNS record. If a hosts file entry for the source server exists on the client machine, errors may occur during a failover and failback. Reverse lookup in DNS should be enabled. For more information about enabling reverse lookup, refer to your Microsoft documentation. DNS registration for the private (devoted to Storage Mirroring) NIC IP should be disabled. If dynamic updates are enabled on a standard primary zone, the source server will be able to update its DNS records after failover. To prevent this, configure DNS to use an Active Directory-integrated zone. For more information about using the DNS Failover utility, access the dfo.exe help by typing dfo.exe /? from a command prompt. In order to set the primary DNS server with which the Application Manager will communicate during failover, you must launch Application Manager using the command line /blackberry /advanced option (dtam /blackberry /advanced). When launched in the Advanced context, the Client DNS Server field will appear on the Configure DNS Failover window. Use the Client DNS Server field to select the primary DNS server. Identity failover Select this option if you want to failover by transferring the source IP address and name to the target. When using identity failover, it is possible that a name and/or IP address conflict can occur either during failover or when the original source server comes back online. To avoid this conflict, use DNS Failover. Application Manager cannot be used for failover or failback when the Identity failover method is selected. However, the Failover Control Center can still be used to initiate failover. DNS failover reduces downtime and provides other benefits. It is recommended for most environments. In Identity Failover, the target s physical identity is modified to match the source during a failover. This includes the target adopting the source server s name, primary IP address, and drive shares during a failover. Identity failover may be required in the following situations: Access to the domain controller or DNS server is not available (for example, due to permissions) from the account that Storage Mirroring runs under on the source/target servers. If you determine that the time it takes to propagate the necessary DNS or Active Directory changes to the rest of your environment is not acceptable. The time needed to propagate these changes depends on your Active Directory Replication and DNS server settings. If you have client applications that are configured to connect to an IP address rather than a server name. 8-7

114 After you select the Identity Failover option, click Configure. The Configure Identity Failover window will appear. Enter the following information for Identity failover: 1. In the Source IP column, select the source IP address(es) to be monitored for failover. 2. In the Target NIC column, select the target NIC to be used when failover occurs. 3. The Target IP Addresses area displays the IP address(es) of the selected target NIC. 4. Select the IP Address checkbox if you want the specified source IP address to be monitored (Default = selected). If your source and target servers are on different subnets, you should NOT failover the IP address. Instead, if the server name is required you should choose DNS failover with the Advanced switch and select the Server Name. For more information, see Advanced settings on page Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = NOT selected). 6. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = NOT selected). 7. Select the Active Directory Hostname (SPNs) checkbox to remove the host SPN (Service Principle Name) from Active Directory for the source automatically and add it to Active Directory for the target during failover (Default = NOT selected). 8. Click OK to save your entries and return to the Configure Protection window. Services Application Manager will determine the appropriate SQL services to start/stop based on your operating system/blackberry configuration. You should only modify this selection if there are additional services that need to be started during the failover/failback process. 8-8

115 Modifying the default configuration for services may affect whether data can be successfully replicated. Do not modify the services to start/stop unless you are very familiar with Storage Mirroring and BlackBerry. 1. To add a service, click Add. The Add Service window will appear. 2. Select the Service name from the drop-down box, then click Add; or, type the name of a service, then press Enter. 3. If available, select the Service must be stopped on target checkbox. Most services must be stopped on the target for replication to occur properly. 4. When you are finished entering services, click Close to return to the Failover configuration window. 5. To remove a service, select one or more services, then click Remove. You can remove all of the services besides the required SQL server service (MSSQLSERVER for a default instance, or MSSQL$<instance_name> for a named instance). 6. Services will be started in the displayed order (top-to-bottom starting with the left column) and shutdown in reverse order (bottom-to-top starting with the right column). To re-arrange the order in which services are started/stopped: a. Add any additional services. b. Select a service in the list, then use the up and down arrow buttons to move the service to the appropriate position in startup/shutdown order. Monitor settings The Monitoring tab includes options for configuring how you want to monitor the source server for failure. Configure how you want to monitor the source server for failure. 1. Select the Active Monitoring Enabled option to enable or disable failover for the selected source/target pair. 2. By default, Manual Intervention Required is selected. Manual intervention allows you to control when failover occurs. When a failure occurs, a prompt appears and waits for you to initiate the failover process manually. Disable Manual Intervention Required only if you want failover to occur immediately when a failure condition is met. 8-9

116 3. In the Method to monitor for Failover field, select the ping method to use when monitoring source IP addresses. Network Access (ICMP) Storage Mirroring failover uses ICMP pings to determine if the source server is online. If a network device, such as a firewall or router, between the source and target is blocking ICMP traffic, failover monitors cannot be created or used. Replication Service (UDP) The Storage Mirroring service on the target server sends a ping-like UDP request to the source Storage Mirroring service, which replies immediately to confirm it is running. This method is useful when ICMP is blocked on routers between the source and target. 4. Configure how long to wait after a source failure to initiate failover. The amount of time before failover begins is calculated by multiplying the Monitor Interval by the Missed Packets. For example, if the Monitor Interval is set to 5 seconds and the Missed Packets setting is 5, a failover condition will be identified after 25 seconds of missed source activity. a. In the Monitor Interval field, select how often the monitor should check the source machine availability (Default = 5 seconds). b. In the Missed Packets field, select how many monitor replies can be missed before assuming the source machine has failed (Default = 5 missed replies). 5. If you are monitoring multiple IP addresses, select one of the Failover Trigger options. All Monitored IP Addresses Fail Failover begins when all monitored IP addresses fail. One Monitored IP Address Fails Failover begins when any of the monitored IP addresses fail. Snapshot settings The following allow you to set up snapshots of your target data that can be used when failing over. By default, snapshots are not enabled in the Application Manager. 1. To enable snapshots, select the Enable periodic snapshots checkbox. This will enable the remaining controls. 2. In the Snapshot interval field, select the interval at which you want to perform snapshots (in minutes). The minimum interval is 15 minutes. 3. Select one of the following options for when to begin collecting snapshots: Start now Select this option to take the first snapshot as soon as protection is enabled. Start at Select this option to start taking snapshots at a future time. If you select this option, you will also need to enter a date and time. 4. When you are finished, click OK. 8-10

117 Connection settings The Connection tab includes options that will be applied to the specified source/target connection. Route This setting identifies the Target IP Address that the Storage Mirroring data will be transmitted through. You should only change this setting if you want to select a different route for Storage Mirroring traffic. On a machine with more than one NIC, this increases the flexibility of configuring Storage Mirroring activity. For example, you can separate regular network traffic and Storage Mirroring traffic on a machine. The default ports will be used. Protected Databases Select the databases to protect. You can also select non-application specific data under the Volumes folder. To refresh the tree view to show new source directories or files that may have been added or removed, select the logical node, then click the Refresh button. If a node in the volumes branch is selected, then the items under that node will be refreshed. You cannot un-select the databases holding the BES or MDS information. If you do not want to protect the MDS database, clear the checkbox next to Protect MDS services on the BlackBerry tab. For more information, see BlackBerry settings on page If you need to reduce the amount of mirroring and replication traffic, you may choose to deselect the tempdb database if it is not necessary. Mirror type The following options specify what files you want sent from the source to the target during a mirror. Full Copies all of the directories and files in the replication set to the target machine. If a mirror has already been completed, another full mirror will overwrite the data on the target. 8-11

118 Checksum (Default) This option performs a checksum comparison calculation. A checksum calculation is a formula applied to blocks of data to determine if the binary make-up of the block is identical. If the checksums on the source and target machine are the same, the block is skipped. If the checksums on the source and target machine are not the same, the block on the source is sent to the target. With this option, the entire file is not overwritten; only the block that is received from the source is overwritten. The Mirror type setting also applies to the restoration connection. Enable compression This setting enables compression of data that is transmitted from the source to the target. Significant improvements in bandwidth utilization have been seen in Wide Area Network (WAN) configurations or in any case where network bandwidth is a constraint. Compression may be used in LocalArea Network (LAN) configurations, though it may not provide any significant network improvements. You can specify compression for different source/target connections, but all connections to the same target will have the same compression settings. By default, compression is disabled. To enable it, select Enable Compression, then set the level from minimum to maximum compression. BlackBerry settings The BlackBerry tab includes options to protect the BlackBerry application. 1. Select Protect MDS services if you want to protect the MDS services. 2. In the BlackBerry Services area, Application Manager will determine the appropriate BlackBerry services to start/stop based on your operating system/blackberry configuration. You should only modify this selection if there are additional services that need to be started along with BlackBerry during the failover/failback process. Modifying the default configuration for services may affect whether data can be successfully replicated. Do not modify the services to start/stop unless you are very familiar with Storage Mirroring and BlackBerry. 8-12

119 3. To add a service, click Add. The Add Service window will appear. 4. Select the Service name from the drop-down box, then click Add; or, type the name of a service, then press Enter. 5. If available, select the Service must be stopped on target checkbox. Most services must be stopped on the target for replication to occur properly. 6. When you are finished entering services, click Close to return to the BlackBerry configuration window. 7. To remove a service, select one or more services, then click Remove. You can only remove services that you added manually using the Application Manager. 8. Services will be started in the displayed order (top-to-bottom starting with the left column) and shutdown in reverse order (bottom-to-top starting with the right column). To re-arrange the order in which services are started/stopped: a. Add any additional services. b. Select a service in the list, and use the up and down arrow buttons to move the service to the appropriate position in startup/shutdown order. Advanced settings The Advanced tab includes advanced configuration options. 8-13

120 Replication set rules A replication set defines what directories/files are to be protected by Storage Mirroring. By default, Application Manager selects all of the necessary directories/files to protect BlackBerry based on your source server configuration. These include the BlackBerry application data and transaction logs, tempdb files, and BlackBerry error logs. By default, the Application Manager-generated replication set will be named BB_<source server>_<target server>. You should only modify the replication set rules if there are additional directories/files specific to your configuration that must also be protected with BlackBerry. Modifying the default configuration for replication set rules may affect whether data can be successfully replicated. Do not modify the replication set unless you are very familiar with Storage Mirroring and BlackBerry. To change the replication set rules: 1. Select the Override Generated Rules checkbox. When this box is selected, the Protected Databases control on the Connection tab will be disabled. For more information, see Protected Databases on page To add a replication set rule, click Add. The Add Repset Rule dialog box will appear. 3. In the Rule Path field, type the directory that you want to protect or exclude. 4. In the Include/Exclude area, select whether to include or exclude the path from the replication set. 5. In the Recursive area, select whether the directory should be recursive (protecting all sub-folders under the directory) or non-recursive (protecting only the files in the directory). 6. Click Add. 7. When you have entered all of your replication set rules, click Close to return to the Advanced configuration tab. You will need to manually verify that the rule path is correct since the Application Manager does not validate rule paths. 8. To remove a rule, select one or more rules, then click Remove. Removing rules that were automatically added by Application Manager could impact the success of failover. Any changes to rules should be thoroughly tested. 9. To reset the rules to the auto-generated rules and to re-enable the Protected Databases control, remove the selection from the Override Generated Rules checkbox. Failover/failback scripts Scripts are executed at different points during the failover/failback process to perform the actions necessary to make BlackBerry available on the appropriate server. attaching/detaching databases, Editing scripts is an advanced feature. Do not edit scripts unless you fully understand what each command is doing. 8-14

121 Scripts are automatically generated by Application Manager during configuration. The scripts are copied to the Storage Mirroring installation directory on the specified server using the administrative share for that server s drive. Script File name Description Failover Failback Restore post_failover_<source>_<target> _bb.bat for distributed environments, or post_failover_<source>_<target> _sql_bb.bat for consolidated environments pre_failback_<source>_<target>_ bb.bat for distributed environments, or pre_failback_<source>_<target>_ sql_bb.bat for consolidated environments post_restore_<source>_<target> _bb.bat for distributed environments, or post_restore_<source server>_<target server>_sql_bb.bat for consolidated environments A post-failover script is executed after the core failover processes have completed on the target server. The primary functions of the post-failover script are to start the services on the target and to modify DNS and Active Directory entries as necessary. A pre-failback script is executed before failback processing occurs on the target server. The primary functions of this script are to stop services on the target and to move DNS and Active Directory entries as necessary. A post-restore script is not executed automatically, though it is provided on the source to perform actions that are generally required after data has been restored from the target to source after a failover/failback. The primary function of this script is to restart services on the source server. By default, Application Manager generates all the required scripts for you automatically based on your system configuration. You can also edit the scripts to add, modify, or delete specific commands. To edit a script: 1. Click on the button for the script you want to update. The script file will be displayed using your machine s default editor. 2. Enter your changes. 3. Save the script file. Any change you make to the script in the editor will be copied to the appropriate server when configuration changes are accepted, thus overwriting any changes that have been made outside the Application Manager. The scripts can be overwritten by certain operations during setup. For example, any changes to configuration options done in the Application Manager will overwrite previous script changes. If you want to make permanent changes to a script, you must modify the appropriate.txt file within the Application Manager installation directory. If there is more than one client machine that will be configuring failover, the change must be made to all the appropriate.txt files. Before running Application Manager multiple times (for example, when re-enabling protection after a failover/failback), save a copy of your post-restore and pre-failback batch files. After Application Manager executes, replace the default script file(s) with the customized file(s) that you saved. 8-15

122 Advanced settings The following options allow you to control what functions Application Manager will perform during configuration. By default, Application Manager performs all of these functions. Individual functions should only be disabled for testing or debugging purposes. These options are only available when you launch Application Manager using the command line /blackberry /advanced option (dtam /blackberry /advanced). 1. Select the Server Name checkbox if you want the source name to be added to the target when failover occurs (Default = selected). 2. Select the Shares checkbox if you want the source file shares to be added to the target when failover occurs (Default = NOT selected). 3. Select the Active Directory Hostname (SPNs) checkbox if you want to remove the host SPN (Service Principle Name) automatically from Active Directory for the source and add it to Active Directory for the target during failover (Default = selected). If you are using Active Directory, you should enable this option. Otherwise, you may experience problems with failover. 4. Select the Create Replication Set checkbox to automatically create a replication set that includes all of the necessary directories/files that must be protected for your specific configuration. This should only be disabled if you have customized your replication set and do not want to overwrite it (Default = selected). 5. Select the Create Failover Scripts checkbox to automatically generate the failover/failback scripts and copy them to the appropriate server. This should be disabled only if you have customized your script files and do not want them to be overwritten (Default = selected). 6. Select the Create Connection checkbox to create the connection between the source and target using the automatically-generated replication set. This should only be disabled if you would like to verify the replication set that is created by Application Manager prior to connection (Default = selected). 7. Select the Create Failover Monitor checkbox to create a failover monitor on the target to monitor the source for failure. This monitor will use the failover parameters specified during configuration as well as the script files that have been created (Default = selected). 8-16

123 Saving configuration changes After you have changed the configuration parameters, click OK to apply the settings. If you click Cancel, any changes you have made will be discarded and the previous configuration parameters wil be used. When you have finished configuring the optional protection options, continue with Validate the Configuration on page 9-1. If you close the Application Manager prior to enabling protection, your changes will not be saved. You must enable protection in order to save your configuration settings for a source/target pair. If you modify your configuration on the source server (such as adding a new storage group or database), you must disable protection, run validation and fix any issues, then re-enable protection to apply the changes to the Application Manager replication set. Complete BlackBerry protection After you have validated your BlackBerry configuration, a second window will appear. To protect the Exchange servers, click on the name of the Exchange server under step 2. The Protect Exchange servers window will appear. For more information about protecting Exchange servers, see Protecting an Exchange Server on page

124 Validate the Configuration Click Validate, or select Actions, Validate, to ensure that the source and target servers are configured correctly for failover. A description of the validation activity being performed is displayed in the status bar at the bottom of the Application Manager window, along with status progress indicator. When validation completes, the status progress indicator is removed. If you are using DNS Failover and did not enter DNS credentials on the Configure Protection window, you will be prompted to enter a user name and password for accessing/modifying DNS records. If the configuration is good, agreen checkmark icon will appear next to a validation message that states that the servers are configured correctly. Continue with the next section, Enable protection. If the validation detects potential configuration issues, an icon will appear next to the message(s). The following table identifies the icons and the validation conditions that they represent. Double-click on a message to view details concerning the issue. On the Validation Details window, review the additional information, and, if available, click Fix and Application Manager will attempt to resolve the issue. If you would rather address the issue manually, click Cancel. After correcting any issues, click Validate again to verify the change was made. Icon Good Validation Status Unknown Error, Fixable If not fixed, failover cannot occur. Can be fixed by Application Manager. Error, Not Fixable If not fixed, failover cannot occur. Must be fixed manually. Warning, Fixable The Application Manager detected an issue that should be addressed prior to failover. Can be fixed by Application Manager. Warning, Not Fixable The Application Manager detected an issue that should be addressed prior to failover. Must be fixed manually. If you run a validation against a source/target pair that is in a Protected state and the validation detects issues with the target (such as the target is missing or contains incorrect data), the Fix or Fix All button will be disabled. You must disable protection for the source/target pair before you can fix the issue. Then, you can re-enable protection. If the IP address(es) for the source or target server have changed since you originally configured protection (for example, if you configure the source or target in a staging area and then send it to a production location), you must re-configure the protection settings. When you are prompted to re-use the previous protection configuration, click No, then click the Configure Protection button. 9-1

125 Enabling Protection for a Server Based on the current protection status, the Enable/Disable Protection button (on both the Setup and Monitor tabs) and menu options will be updated to display the available actions. If the Application Manager is not in a state that will allow protection to be enabled, the Enable/Disable Protection button and menu option will be grayed out (disabled). After monitoring has been enabled for a source/target pair, you can view the status of the monitored connection on the Monitor tab. You can click the Show/Hide button to display or hide details about the protected pair. For details about changing the units used to display bytes remaining in the mirror and queues, see Change Application Manager preferences on page 2-4. Enable protection Click Enable Protection, or select Actions, Enable Protection. If you have not already performed a validation check, if you have changed the domain, source, target, or configuration parameters, or if you have disabled the connection, you will be prompted to run a validation check at this time. The Protection Status field will display the current status of the connection. When the initial mirror has completed, the Protection Status will change to Protected and, if you have not manually un-selected Failover Enabled, the Monitoring Status will change to Enabled. A source server can have a Protected status only if the source is currently connected to a target and an Application Manager-generated replication set exists. The following table lists the Application Manager-generated replication set names. Application Exchange SQL File server Replication set name xdag01_<source server name>_<target server name> sqldag01_<source server name>_<target server name> fileprint_<source server name>_<target server name> 10-1

126 Application SharePoint BlackBerry Replication set name BB_<source server>_<target server> SharePointdag01_<source server name>_<target server name> While there may be other Storage Mirroring connections between the selected source and target, Application Manager only recognizes connections that it has created. Any connection that has been built by Application Manager will be recognized as a valid connection, regardless of the connection state. If you modify your configuration on the source server (such as adding a new storage group or database to a directory that was not included in the replication set), you must disable protection, run validation and fix any issues, then re-enable protection to apply the changes to the Application Manager replication set. Disable protection You can disable an existing Application Manager-generated source/target connection monitor within the Application Manager. You must disable protection before you can change any of the Application Manager configuration parameters. 1. If you select a source that is already protected in the Source Server field, the target server will be filled in automatically and the Protection Status should indicated Protected. 2. Click Disable Protection at the bottom of the window, or select Actions, Disable Protection, to disable protection. Monitor protection status After the initial mirror, your source server is protected. To change whether failover monitoring is enabled, click the Enable/Disable Monitoring button at the bottom of the window, or select either Enable Monitoring or Disable Monitoring from the Actions menu. You cannot use both the Failover Control Center and the VMware interfaces to monitor a source/target pair at the same time. Hewlett-Packard recommends that all monitoring occur from the Application Manager interface. If both interfaces are open and a failover condition occurs, failover will not be initiated until the failover prompt is cleared in both interfaces. Protection status states The following table describes the possible protection status states. Protection Status Unprotected Warning Protected Synchronizing (% complete) Unknown Description No Storage Mirroring connection exists Storage Mirroring connection exists, but has issues (such as with target state, mirroring, or replication). For example, if the mirror has been paused outside of the Application Manager or if the target is down. See details for more information. Storage Mirroring connection exists and is active Mirroring is in progress Source server is not selected 10-2

127 Protection Status Failing over Failed over Failing back Restoring (% complete) Description Failover from the source to the target is in progress Target has assumed source role Failback from the target to the original source is in progress Mirroring (target to source) is in progress The following table describes the possible monitoring status states. Monitoring Status Disabled Enabled Failover condition met Failing over Failed over Failing back Description No Storage Mirroring monitor Storage Mirroring monitor is started Source server is down Failover from the source to the target is in progress Target has assumed source role Failback from the target to the original source is in progress Protection detail states The following table identifies the possible mirror status states. Mirror Status Calculating size Idle Mirroring Paused Removing orphans Verifying Restoring Transmitting (Unknown) Description Storage Mirroring is determining the size of the replication set prior to starting the mirror. The mirroring status will update the percentage complete if the replication set size is calculated. Data is not being mirrored to the target machine If the file size of the replication set has not been calculated and the data is being mirrored to the target machine, the Mirror Status will indicate Mirroring Mirroring has been paused Storage Mirroring is checking for orphan files within the target path location (files that exist on the target but not on the source). These files will be removed Data is being verified Data is being restored from the target to the source Data is being sent to the target machine Mirror status could not be determined The following table identifies the possible replication status states. Replication Status Calculating size Idle Description Storage Mirroring is determining the size of the replication set prior to starting the mirror. The mirroring status will update the percentage complete if the replication set size is calculated. Data is not being mirrored to the target machine 10-3

128 Replication Status Mirroring Paused Removing orphans Verifying Restoring Transmitting (Unknown) Description If the file size of the replication set has not been calculated and the data is being mirrored to the target machine, the Replication Status will indicate Mirroring Mirroring has been paused Storage Mirroring is checking for orphan files within the target path location (files that exist on the target but not on the source). These files will be removed Data is being verified Data is being restored from the target to the source Data is being sent to the target machine Replication status could not be determined The following table identifies the possible transmit modes. Transmit Mode Started Paused Warning (see details) Description The mirror or replication has been started The mirror or replication has been paused A warning condition has been encountered The following table identifies the possible target status states. Target Status Online Mirroring Mirroring Stopped Re-mirror required Retrying Paused Pausing Restore Required Replicating Snapshot reverted Target path unblocked Description The target machine is active and online The target is in the middle of a mirror process. The data will not be in a good state until the mirror is complete. The mirroring process has been stopped The data on the target is not in a good state because a remirroris required. This may be caused by an incomplete or stopped mirror or an operation may have been dropped on the target. The target machine is retrying operations for the connection The target machine is paused by user intervention The connection is in the process of pausing The data on the source and target do not match because of a failover condition. Restore the data from the target back to the source. If you want to discard the changes on the target, you can remirror to resynchronize the source and target. Data is being replicated to the target machine The data on the source and target do not match because a snapshot has been applied on the target. Restore the data from the target back to the source. If you want to discard the changes on the target, you can remirror to resynchronize the source and target. Target path blocking is disabled for the connection 10-4

129 Target path blocked (Unknown) Target Status Description Target pat h blocking is enabled for the connection Target status could not be determined Verify target data viability Target data verification can only be used with Exchange and SQL. After you have configured your servers, you can use the Application Manager to run a test that verifies that the database on the target is viable for failover. One benefit of performing the verification test is that you do not have to perform an additional remirror or failover to verify target data viability. In order to perform target data verification, the following prerequisites must be met: The target server must be running Windows 2003, Service Pack 1 or later. Target data verification cannot be used on Exchange clusters. If the current volumes do not have adequate space to contain the snapshots, modify the properties for the Shadow Copies settings on each volume to set the storage location of the snapshots where the data resides. Target path blocking must be disabled for the connection in the Storage Mirroring Management Console. The Storage Mirroring disk queue cannot be located on a volume that will be reverted. To use target data verification, you must first update the queue setting in Storage Mirroring Management Console, then restart the Storage Mirroring service. For Exchange, if you are running the Application Manager from any server other than the source or target, you must install the Exchange System Manager component on that client (due to a dependency on the cdoexm.dll file). For SQL, target data verification is only supported in instance mode. It is not available for database-only mode. While in verification mode, Storage Mirroring will queue on the target in the directory you selected during Storage Mirroring configuration. You should be aware of your data change rate and make sure you have adequate capacity on the volumes configured for the Storage Mirroring target queues. For more information, see the Storage Mirroring User s Guide. You can also verify target data viability from a command line interface. The TDV.exe utility is available from the DT_Utilities folder. For more information about using the target data verification command line utility, see Using the Target Data Verification (TDV) Utility on page F

130 You can verify the target stores at any time following the successful completion of a mirror. When you select Actions, Verify Target Data, the Database Verification window will appear. 1. The Status area displays the overall status of the database verification. Click on the status description for more information. 2. Click the Options button to change the services and scripts that are used during the target data verification. The Options dialog box will appear. a. In the Services area, select whether you want to start only the core application services, or all of the services you selected on the Failover tab when you configured protection. The Start Selected Services option would be used to include application add-ons such as BlackBerry or anti-virus when configured with failover. b. In the Scripts area, enter the paths for the scripts to run on the target to verify data and to run prior to restoring normal protection (for example, the first script would move users, and the second script would move them back following the test). Two sample scripts for moving users (moveusersrctotgt.vbs and moveusertgttosrc.vbs) are installed in the \Samples subfolder where the Application Manager is installed. You will need to modify these scripts for your environment. c. When you are finished, click OK to return to the Database Verification dialog box. 10-6

131 3. The Results area displays the status of the target Exchange Stores and Storage Groups or SQL databases and instances. Initially, the state of the Stores and Storage Groups is unknown (indicated by a question mark icon); it will change to green when the stores or databases have successfully mounted. 4. The History area displays a log showing the sequence of verification events. 5. The status messages at the bottom of the screen describe the progress of the validation test and protection restoration. 6. Click the Test button to verify the target data. You will see the History area updated as the test proceeds. The Status area will display Starting test while preparing the target. When the stores or databases finish mounting, the Status field changes to Target online. At this point, the verification is complete and the target application is ready for any other custom testing. 7. You must click the Continue button to revert the target to the pre-test state and transition out of testing mode. 8. If an issue is encountered during the target data verification process, the Undo button will be enabled. Click Undo to revert the target to its pre-test state and remove the snapshots and any other items created for the verification test. Vshadow is used to delete snapshots created during target data verification. The Volume Shadow Copy Service SDK needs to be installed on the target server. This tool is available for download from the Windows Download Center on the Microsoft website ( Relocating the MTA and SMTP pickup path and queues The following Microsoft KnowledgeBase articles provide information about how to relocate the SMTP pickup path and queues on the source prior to enabling protection and propagating changes to the target using cloning. How to change the Exchange 2003 SMTP Mailroot folder location, For more information about SMTP virtual server settings, see the Knowledge Base articles. How to Configure a SMTP Virtual Server Part 1, How to Configure a SMTP Virtual Server Part 2, For more information about moving the MTA directory, see the KnowledgeBase articles. How to change the location of the MTA Database and the MTA Run Directory, How to Move the MTA Database Directory,

132 Managing snapshots If snapshots were enabled when you configured protection, you can open the Snapshot Manager to take and delete snapshots. To launch the snapshot manager, select Tools, Manage Snapshots. 1. To take an on-the-fly snapshot, click Take Snapshot. A snapshot will begin immediately. 2. To remove a snapshot, select the snapshot in the list, then click Delete Snapshot. In order to fully delete a snapshot, you will need to use the VSAdmin tool. This tool is available for download from the Windows Download Center on the Microsoft website ( 3. When you are finished, click Close. 10-8

133 Failover, Failback, and Restoration If you selected DNS failover, you can use the Application Manager to automate failover, failback, and restoration. If you selected Identity failover, you will need to use the manual processes described in Identity failover, failback, and restoration on page If an error occurs during failover or failback, a message box will appear. You can use the Actions menu to launch the failover and failback log files. DNS failover, failback, and restoration Based on the current protection status and/or failover state, the Failover/Failback button on the Monitor tab and menu options will be updated to display the available command. If the Application Manager is not in a state that will allow failover or failback to be executed, the Failover/Failback button and menu option will be grayed out (disabled). In the Application Manager, there are two ways that failover can be initiated: Automatically, when a failover condition has been met (such as if the source has gone down) Manually (for instance, when you want to do maintenance or upgrades on the source server) In order to initiate either an automatic or manual failover, the source and target servers must already be configured so that the Protection Status is Protected and Monitoring Status is Enabled. During failover and failback, the status messages at the bottom of the screen describe the failover or failback progress. Protection Status and Monitoring Status on the Setup tab are not updated during failover and failback. The refresh update rate is not automatically updated during failover and failback. When using Application Manager for Exchange: If your SMTP gateway (or vendor) is configured to send mail to a specific IP address and that IP address is not failed over to the target, you will need to change it during failover. While in a failed over state, you cannot log in to the domain from the source Exchange server. This is because the target has assumed the source server's host Service Principal Names to allow Outlook Web Access to be accessed using the source name. If you need to log in to the domain and OWA is not needed, contact Hewlett-Packard Technical Support for a workaround. When using Application Manager for file servers, the failover button will only work after the source server is offline. This is necessary to prevent name conflicts on the network when the name is failed over. Initiating automatic failover When the Manual Intervention Required option is selected on the Failover tab of the Configure Protection window, a prompt will occur when a failover condition is met. For more information about setting failover options, see the Failover settings section for your application. If you cleared the Manual Intervention Required option and have failover enabled for your server pair, failover will occur automatically when a failover condition is met. 11-1

134 Initiating manual failover To initiate a manual failover, select Actions, Failover, or click the Failover button on the Monitoring tab. The Initiate Failover box will appear. 1. Select either Immediate Failover (to begin failover immediately and not wait for the queues to empty), or Graceful failover (to wait for the target queue to empty before failing over). 2. The queues could contain any messages or data recently sent to the target from the source. If the queues aren t empty when the prompt delay is reached, you will be asked whether you want to continue waiting, or to failover immediately. When failing over a protected File or SharePoint server, the Graceful Failover option is not available. To test failover for a protected File server, the source must either be shut down or disconnected from the network. 3. If you have previously taken snapshots, the Initiate Failover box will include options for failing over either live data or data previously collected from a snapshot. a. If you want to use the most recently replicated data on the target, select Use live data. 11-2

135 4. If you want to use the data from a snapshot, select Revert to specified snapshot, then select the snapshot in the list. Click Initiate Failover to begin failover process. After you select Initiate Failover, the failover process will begin and the Protection Status and Failover/Monitoring Status indicators on the Monitor tab will display Failing Over. You cannot cancel or interrupt the failover process. The length of time needed for a failover depends on the number of users and how long it takes to start services on the target. For a large number of users, the failover process could take a while. Failback and restoration After issues on the source server are resolved and it is connected and online, you can failback to the source and restore any modified data. In order to initiate failback, both the Protection Status and Failover/Monitoring Status must be Failed Over. When using Application Manager for Exchange, any mail stores or storage groups that are created while the source is in a failover state will not failback properly. If the source server has to be rebuilt, follow the instructions in Rebuilding the Source on page B-1. To initiate failback, click the Failback button, or select Actions, Failback. The Initiate Failback window will appear. On the Initiate Failback window, select the following failback options: 1. In the Source IP Address field, select the IP address the Storage Mirroring data will be transmitted through. You should only change this setting if you want to select a different route for Storage Mirroring traffic. On a machine with more than one NIC, this increases the flexibility of configuring Storage Mirroring activity. For example, you can separate regular network traffic and Storage Mirroring traffic on a machine. The default ports will be used. In a cluster, the route should be set to the name of the Exchange virtual server (EVS) dependent IP address. 2. Select Restore target data prior to failback if you want to restore any modified data from the target back to the source prior to beginning the failback. 3. Select Enable Compression to enable compression of data that is transmitted from the target to the source. Then, set the level from minimum to maximum compression. The default level is inherited from the source-to-target connection. 4. Select Prompt prior to failback if you want a prompt to appear before failing back. 11-3

136 5. Depending on how long the server has been failed over or the amount of data changed, it may be more efficient to perform a full mirror upon restore. Specify what files you want sent from the target to the source during a mirror. Full Copies all of the directories and files in the replication set to the target machine. If a mirror has already been completed, another full mirror will overwrite the data on the target. Checksum (Default) This option performs a checksum comparison calculation. A checksum calculation is a formula applied to blocks of data to determine if the binary make-up of the block is identical. If the checksums on the source and target machine are the same, the block is skipped. If the checksums on the source and target machine are not the same, the block on the source is sent to the target. With this option, the entire file is not overwritten; only the block that is received from the source is overwritten. 6. Click Initiate Failback to begin the failback process. The restoration will begin and the Protection Status will display the progress of the restoration. If you selected Prompt prior to failback, when the restoration is complete a prompt will appear asking if you want to failback. Click Yes to failback to the source. During restoration, the Application Manager will display the percent complete. Although the Application Manager does not display restoration statistics, you can view the connection and current status statistics through the Storage Mirroring Management Console. Identity failover, failback, and restoration The following sections describe the manual processes you can use to manage failover, failback, and restoration. These manual processes are required if you chose to perform Identity failover. You will be using the Storage Mirroring Management Console, Failover Control Center, and/or Text Client to manage identity failover and failback. For more information about using Storage Mirroring, refer to the Storage Mirroring User's Guide. Initiating a failover If a failure occurs and the Failover Control Center Time to Fail counter reaches zero (0), a dialog box will appear in the Failover Control Center requiring user intervention to initiate failover. Acknowledge the manual intervention prompt to start failover. If the Failover Control Center is not open when the failure occurs, the dialog box will appear the next time the Failover Control Center is opened and you are logged on to the target. See the Storage Mirroring User s Guide for information on monitoring a failure. The post-failover script created earlier will automatically run. During failover, Windows Event Viewer, the Storage Mirroring log, DFO log, and Application Manager logs record the failover events. When failover is complete, the target will have the application services started, the databases mounted, and the users pointed to the target. The DFO and Application Manager log files are located in the same directory as the Application Manager. If you are failing over Exchange, after the changes have propagated through your environment, clients can connect through Outlook or Outlook Web Access to receive their . Users that had Outlook open during the failure will need to restart the Outlook client (excluding Outlook Web Access clients on a LAN). If DNS failover was selected, the clients will have to wait for the IP cache to expire, or type in ipconfig /flushdns in a command window. This time can be adjusted by lowering the TTL (Time to Live) setting within your DNS server s configuration. For more information, refer to your DNS server documentation. Failback and restoration If your source experiences a failure, such as a power, network, or disk failure, your target machine will stand in for the source while you resolve the source machine issues. During the source machine downtime, data is updated on the target machine. When your source machine is ready to come back online, the data is no longer current and must be updated with the new data from the target machine. 11-4

137 Before you begin to restore to the original source, resolve the issue(s) that caused the failure. If the source server has to be rebuilt, follow the instructions in Rebuilding the Source on page B-1. Recovering to the original source 1. After repairing/rebuilding the source server offline, bring the server up but leave the network connection disabled by unplugging the cable or disabling the network interface adapter. 2. Stop all of the services on the source so that you can overwrite the data with the newer data on the target. Because the source server cannot communicate with a domain controller because its network connection is still inactive, this will take longer than normal. The following table lists the services that must be stopped, in the order in which they must be stopped. Stop the services appropriate to your application. Exchange 2007 Microsoft Exchange Active Directory Topology Service Microsoft Exchange Anti-spam Update Microsoft Exchange EdgeSync Microsoft Exchange File Distribution Microsoft Exchange IMAP4 Microsoft Exchange Information Store Microsoft Exchange Mail Submission Microsoft Exchange Mailbox Assistants Microsoft Exchange POP3 Microsoft Exchange Replication Service Microsoft Exchange Search Indexer Microsoft Exchange Service Host Microsoft Exchange System Attendant Microsoft Exchange Transport Microsoft Exchange Transport Log Search Microsoft Search (Exchange) World Wide Web Publishing Service Exchange 2003 MSExchangeSA MSExchangeMGMT POP3SVC IMAP4SVC ResVC MSExchangeES W3SVC SMTPSVC SQL MSSqlServer SQLServerAgent MSSearch (SQL 2000)/MSFteSQL (SQL 2005) MSSQLServerADHelper MSDTC MSSQLServerOLAPService MSDTSServer SQLWriter SQLBrowser (SQL 2005) 11-5

138 File Server Computer Browser SharePoint IISADMIN HTTPFilter SMTPSVC W3SVC SPAdmin SPSearch SPTimerV3 SPTrace SPWriter If the source is purely a SQL server (that is, the back-end for a SharePoint configuration), you will not need these services. If the source is a combined SharePoint front-end and SQL back-end, you will need to add these services. BlackBerry BlackBerry Router BlackBerry Server Alert BBAttachServer BlackBerry Controller BlackBerry Database Consistency Service BlackBerry Dispatcher BlackBerry Policy Service BlackBerry SyncServer BlackBerry MDS Connection Service MdsTomcat 3. On the target, open the Failover Control Center (Start, Programs, Storage Mirroring, Failover Control Center). 4. Double-click the target machine that is currently standing in for the failed source to login. 5. Highlight the failed source and click Failback. The failback script created earlier will run automatically. During failback, Windows Event Viewer and the Storage Mirroring log record the failback events. When failback is complete, the services will be stopped on the target and the Failback Complete dialog box will appear. 6. Do not select Continue or Stop at this time. First, reconnect the source to the network. 7. After the source is available on the network, select Continue (to restart monitoring) or Stop to disable monitoring. 8. To begin the restoration process, open the Storage Mirroring Management Console on the target (Start, Programs, Storage Mirroring, Management Console). 9. Login to the source machine by double-clicking on it. 10. Right-click on the original connection and select Disconnect. Application Exchange SQL File server Connection name xdag01_<source server name>_<target server name> sqldag01_<source server name>_<target server name> fileprint_<source server name>_<target server name> 11-6

139 Application SharePoint BlackBerry Connection name BB_<source server name>_<target server name> SharePointdag01_<source server name>_<target server name> 11. Select Tools, Restoration Manager. 12. Complete the appropriate fields on the Restoration Manager. Original Source The source where the data originally resided. Restore From The target that contains the replicated data that users have been updating. Replication Set The name of the replication set. Restore To The source where the data will be restored to. 13. Disable Only if backup copy is more recent. This option must be disabled because if the services were stopped on the source after the time they were stopped on the target, the source files will have a more recent date and time and the target files will not be restored. 14. Identify the correct drive mappings for the data and any other restoration options necessary. For detailed information on the restoration options, see the Storage Mirroring User's Guide. 15. On the Orphans tab, select to move or delete orphan files on the source. Orphan files, such as out-dated transaction logs, may keep the database from starting on the source. For more information about orphan files, see the Storage Mirroring User s Guide. 16. Verify that the selections you have made are correct and click Restore. The restoration procedure time will vary depending on the amount of data that you have to restore. When the restoration process is complete, the restoration status information will no longer appear in the right pane. 17. If you are performing a failback for an Exchange server, continue to the next section, Rehoming the Exchange objects to the source, to complete the restoration process. 18. Continue to Re-enabling protection on page 11-7 to complete the restoration process. Rehoming the Exchange objects to the source After the restoration is complete, you will need to run the Exchange Failover utility (exchfailover.exe) to rehome the informational store databases to the source. For more information about using the Exchange Failover utility, see Using the Exchange Failover (EFO) Utility on page G From a command prompt on the source, run the post_restore_<source server name>_<target server name>.bat file that Application Manager automatically generated. 2. Restart any Outlook clients so that they can access the source. To re-establish protection of the Exchange data on the source, create a replication set, re-establish the Storage Mirroring connection to the target, and begin failure monitoring as documented earlier in the procedure. If DNS failover was selected, the clients will have to wait for the IP cache to expire, or type in ipconfig /flushdns in a command window. This time can be adjusted by lowering the TTL (Time to Live) setting within your DNS server s configuration. For more information, refer to your DNS server documentation. Re-enabling protection To re-enable protection for your source, repeat the steps for protecting your application. Protecting an Exchange Server on page 3-1 Protecting a SQL Server on page 5-1 Protecting a File Server on page 6-1 Protecting a SharePoint Server on page 7-1 Protecting a BlackBerry Server on page 8-1 You can click the Enable Protection button to re-enable protection for the same source/target pair. 11-7

140 Appendix A: Recommended Credentials Application Manager credentials Proper rights must be assigned to the account that is entered when the Application Manager prompts for credentials. If these credentials are not properly assigned, you will be prompted to enter alternate credentials before protection can be enabled. 1. The user must be a member of the Power Users group on the client machine. 2. In order to update DNS, the user account must be part of the Domain Admins group. 3. The user must be a member of both servers local Storage Mirroring Admin group. 4. The user must be a member of the local Administrators group on each server that will be protected. 5. The user must be a member of the domain DnsAdmins group where the source's primary DNS server is located. 6. You may also need to set permissions to allow the user to manually set SPN update permissions. In addition, you must assign permissions that are necessary to administrate the protected applications. For more information about how to assign each of these credentials, see the following sections. Assigning the user to the Power Users group 1. Select Start, Settings, Control Panel. 2. Double-click Administrative Tools, then double-click Computer Management. 3. In the left pane, select the Groups folder (located under Computer Management\System Tools\Local Users and Groups\). 4. Right-click the Power Users group, then select All Tasks, Add to Group. 5. Click Add. 6. In Location, click the domain containing the users and computers you want to add, then click OK. 7. In Name, type the name of the user you want to add to the group. 8. If you want to validate the user or group names that you are adding, click Check Names. 9. Click OK to close all open dialog boxes. Assigning the user to the Storage Mirroring Admin group In order for the Application Manager to manage and administer Storage Mirroring, the user running the Application Manager must be a member of both servers' local Storage Mirroring Admin groups. By default, the members of the local Administrators group are added to the Storage Mirroring Admin group when Storage Mirroring is installed. Users added to the local Administrators group following the Storage Mirroring install will need to be explicitly added. The Application Manager does not attempt to impersonate the current logged-on user for these credentials. The Application Manager will prompt the user for these credential and they will be cached for later use, provided caching of credentials has not been disabled. 1. Select Start, Settings, Control Panel. 2. Double-click Administrative Tools, then double-click Computer Management. 3. In the left pane, select the Groups folder (located under Computer Management\System Tools\Local Users and Groups\). 4. Double-click the Storage Mirroring Admin group. 5. To add a user to the group, click Add. A - 1

141 6. Select the user to be included in the Storage Mirroring Admin group. 7. Click OK to return to the Local Group Properties dialog box. 8. Click OK to return to the User Manager. 9. Exit the User Manager. Assigning the user to the local servers Administrators group The user running the Application Manager must have access to both the servers' administrative shares and have rights to modify the SPN permissions. The target's machine account needs to be added to the source's Active Directory computer object for the purpose of updating the SPNs during failover and failback. The administrative shares are used to manage the configuration files and failover scripts on the source and target. To satisfy both of these rights, it is recommended that the user must be a member of the local Administrators group on each server (source and target). Follow these steps to add a user to the Administrators group on each server. 1. On the first server, select Start, Settings, Control Panel. 2. Double-click Administrative Tools, then double-click Computer Management. 3. In the left pane, select the Groups folder (located under Computer Management\System Tools\Local Users and Groups\). 4. Right-click the Administrator group and select Properties. 5. If the user is not already a member of the Administrators group, click Add. 6. In Location, click the domain containing the users you want to add, then click OK. 7. In Name, type Administrator. 8. Click OK to close all open dialog boxes. 9. Repeat for each additional server. Assigning the user to the DnsAdmins group Follow these steps to create a user account with permissions to update DNS. For instructions on assigning permissions to update DNS servers hosted on an Active Directory domain controller with Windows 2003 Service Pack 1 or earlier, see DNS permissions for Windows 2003 SP1 or earlier on page A-2. For instructions on assigning permissions to update DNS servers hosted on an Active Directory domain controller with Windows 2003 Service Pack 2 or later, see DNS permissions for Windows 2003 SP2 or later on page A-4. For instructions on assigning permissions to update DNS servers that are not hosted on an Active Directory domain controller with Windows 2003 Service Pack 2 or later, see DNS permissions for Windows 2003 SP2 or later on page A-4. DNS permissions for Windows 2003 SP1 or earlier The following permissions are required to use the DNS Failover Utility to modify DNS records on Windows 2003 with service pack 1 or earlier: The user must be a member of the DnsAdmins domain local group. For details, see Assigning the user to the DnsAdmins group on page A-3. A member of the Server Operator group, at the very least, to Deny the source access to the records. The resource record security can be set through the record properties within the DNSMgmt console. One of the following: A member of the Domain Admins group, or Full Control on each of the individual DNS records that are associated to the source IP and to be updated by the DNS Failover utility (DFO.exe). For details, see Assigning Full Control on the WMI DNS namespace on page A-3. A - 2

142 Assigning the user to the DnsAdmins group Follow these steps to add a user to the domain DnsAdmins group. 1. Select Start, Programs, Administrative Tools (Common), Active Directory Users and Computers. 2. Right-click the DnsAdmins group and select Properties. 3. Select the Members tab. 4. To add a user to the group, click Add. 5. In Location, click the domain containing the users you want to add, then click OK. 6. In Name, type the name of the user you want to add to the group. If you want to validate the user or group names that you are adding, click Check Names. 7. Click OK to close all open dialog boxes. Assigning Full Control on the WMI DNS namespace Follow these steps to assign appropriate permissions for the user for WMI control in the domain where the DNS server resides. 1. Click Start, Run, and type MMC. Click OK. 2. Select File, Add/Remove Snap-in. 3. Click Add and select WMI Control. 4. Click Add, then click Finish. 5. Click Close, then click OK. 6. Right-click WMI Control and select Properties. 7. Select the Security tab. 8. Double-click on Root to expand the tree. 9. Select MicrosoftDNS, then click the Security button. 10. Verify that the user is in the ACL list with the following permissions. If the permissions are not assigned, proceed to the next step. Execute Methods Full Write Partial Write Provider Write Enable Account Remote Enable Read Security 11. Click Add, then enter the login name for the user account that the DFO.exe command line will be using. If a different account is used to run DFO.exe from the target server, that account must have similar permissions. 12. Click OK to close all open dialog boxes. 13. Restart the Windows Management Instrumentation service. A - 3

143 DNS permissions for Windows 2003 SP2 or later Verify that the user has permissions to update DNS. The user must be: The user must be a member of the DnsAdmins domain local group. For details, see Assigning the user to the DnsAdmins group on page A-3. A member of the Server Operator, at the very least, to Deny the source access to the records. The resource record security can be set through the record properties within the DNSMgmt console. For details, see Assigning the user to the Server Operator group on page A-4. One of the following: A member of the Domain Admins group, or Full Control on each of the individual DNS records that are associated to the source IP and to be updated by the DNS Failover utility (DFO.exe). For details, see Assigning Full Control on page A-4. Assigning the user to the Server Operator group Follow these steps to add a user to the servers Server Operator group. 1. Select Start, Programs, Administrative Tools (Common), Active Directory Users and Computers. 2. Click on Builtin. 3. Right-click the Server Operators group and select Properties. 4. Select the Members tab. 5. To add a user to the group, click Add. 6. In Location, click the domain containing the users you want to add, then click OK. 7. In Name, type the name of the user you want to add to the group. If you want to validate the user or group names that you are adding, click Check Names. 8. Click OK to close all open dialog boxes. Assigning Full Control Follow the following procedure must be done on the DNS server to allow dfo.exe to be able to connect through WMI to alter the source server records. 1. Click Start, Run, and type wmimgmt.msc. Click OK. 2. Right-click WMI Control, then click Properties. 3. Click the Security tab. 4. Expand the Root folder, select the MicrosoftDNS folder, then click Security. 5. Click Add. Type the user or group name you wish to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK. 6. In the Permissions for User list, select the Allow checkbox next to the following permissions: Execute Methods Enable Account Remote Enable Read Security 7. Click Advanced. In the Permission entries list, select the user you added in step 5, then click Edit. 8. In the Apply onto box, click This namespace and subnamespaces. 9. Click OK four times. 10. Quit the WMI Control snap-in. 11. Click Start, Run, and type dcomcnfg.exe. Click OK. 12. Select Component Services and then expand it. Expand Computers. Right-click My Computer and select Properties. 13. Select the COM Security tab. 14. In the Access Permissions section, click Edit Limits. A - 4

144 15. Click Add. Type the user or group name you want to use in the Enter the object names to select box, click Check Names to verify your entry or entries, then click OK. 16. In the Permissions for User list, select the Allow checkbox next to the following permissions: Local Access Remote Access 17. Click OK. 18. In the Launch and Activation Permissions section, click Edit Limits. 19. Click Add. Type the user or group name you want to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK. 20. In the Permissions for User list, select the Allow checkbox next to the following permissions: Local Launch Remote Launch Local Activation Remote Activation 21. Click OK twice. 22. Expand My Computer and expand DCOM Config. 23. Right-click Windows Management and Instrumentation and click Properties. 24. Click the Security tab. 25. In the Access Permissions section, select Customize, then click Edit. 26. Click Add. Type the user or group name you want to use in the Enter the object names to select box, click Check Names to verify your entry or entries, and then click OK. 27. In the Permissions for User list, select the Allow checkbox next to the following permissions: Local Access Remote Access 28. Click OK twice. 29. Close Component Services. 30. Restart the DNS/Domain Controller. DNS permissions for non-active Directory Windows 2003 SP2 or later The following permissions are required to use the DNS Failover Utility to modify DNS records on Windows 2003 with SP2 or later that is not co-hosted with the Active Directory domain controller: The user must be a member of the DnsAdmins domain local group. For details, see Assigning the user to the DnsAdmins group on page A-3. The user must be a member of the local Administrator group. For details, see Assigning the user to the local Administrators group on page A-6. One of the following: A member of the Domain Admins group, or Full Control on each of the individual DNS records that are associated to the source IP and to be updated by the DNS Failover utility (DFO.exe). For details, see Assigning Full Control on the WMI DNS namespace on page A-3. A - 5

145 Assigning the user to the local Administrators group Follow these steps to add a user to the local Administrators group. 1. Select Start, Programs, Administrative Tools (Common), Active Directory Users and Computers. 2. Click on Builtin. 3. Right-click the Administrators group and select Properties. 4. Select the Members tab. 5. To add a user to the group, click Add. 6. In Location, click the domain containing the users you want to add, then click OK. 7. In Name, type the name of the user you want to add to the group. If you want to validate the user or group names that you are adding, click Check Names. 8. Click OK to close all open dialog boxes. Manually set SPN update permissions The Write serviceprincipalname permission on the source computer account in Active Directory must be assigned to the account that will modify the SPNs. This is an advanced permission and assigning either of the more general Write or Full Control permissions, which are assigned to Domain Admins by default, would also be adequate. The permission must be assigned to one of the following: The target's Storage Mirroring service logon account. If the target's Storage Mirroring service is configured to log on as the System account, the target's Active Directory computer account should be assigned the permissions. The account specified in the failover monitor configuration. Use the following procedure to assign the Write serviceprincipalname permission to a user or group: 1. Start Active Directory Users and Computers. 2. Select View, Advanced. 3. Locate the source's computer account. 4. Right-click on the source computer account and select Properties. 5. Select the Security tab and click the Advanced button. 6. If the account or group you want to add is not listed, click Add to add it. 7. Select the account or group and click View/Edit. 8. Select the Properties tab and check Validate Write serviceprincipalname. 9. Click OK twice. 10. Close Active Directory Users and Computers. Exchange credentials Proper rights must be assigned to the account that is entered when the Application Manager prompts for credentials. If these credentials are not properly assigned, you will be prompted to enter alternate credentials before protection can be enabled. For Exchange, you must first configure all permissions as described in Application Manager credentials on page A-1. In addition, the user must be an Exchange Full Administrator. In order to operate the Application Manager for setup and to manage failover and failback for Exchange, the following permissions are required: The user running the Application Manager must have rights to manage Exchange in order to query and modify the Exchange Active Directory objects. The Configuration Container resides in the root of the Active Directory forest and contains the Exchange organizational objects. A - 6

146 The user running the Application Manager must be an Exchange full administrator at the organizational level, as delegated via the Exchange System Manager at the user level or have delegated rights via the Application Manager Delegate Rights control, described in Delegating Exchange administrative rights on page A-8. The Application Manager will first attempt to impersonate the current logged-on user before prompting for different credentials. Rights must be delegated to a specific user and not the group the user belongs to in order for the Application Manager to recognize them. If Exchange is clustered, the user running the Application Manager must be a member of the Cluster Administrators and local Administrator group for each of the source and target cluster nodes. If Exchange is clustered, it is highly recommended that the same cluster service account be used for both source and target nodes. Assigning Exchange 2003 Full Administrator permission The user account being used for Application Manager cannot be nested in a group under the Exchange Organization that had Exchange Full Admin permissions. Remove the user account from the nested group or explicitly add the user account as an Exchange Full Admin in the Exchange System Manager. 1. Select Start, Programs, Microsoft Exchange, System Manager. 2. Right-click on the organization name (at the top of the tree) and select Delegate Control. 3. The Exchange Delegation Tool will open. Click Next. 4. If the user is not listed as Exchange Full Administrator under Users of Groups, click Add. You must explicitly add the domain user s login name as an Exchange Full Administrator. 5. Click Next to continue. 6. Click Finish to exit. If the user account being used for Application Manager was previously nested in a group, you will need to follow these instructions to explicitly add the user account as an Exchange Full Admin in the Exchange System Manager. Then, in VMware, select Tools, Option. In the Options dialog box, click the Clear Cached Credentials button. Restart the Application Manager and enter the new credentials. Assigning Exchange 2007 Full Administrator permission To assign Full Administrator permission for Exchange 2007, you will use the Exchange Management Console to delegate Server Administrator role to a user or group. 1. Open Exchange Management Console. 2. In the left pane, select Organization Configuration. 3. In the Action pane on the right side of the console, click Add Exchange Administrator. 4. On the Add Exchange Administrator page, click Browse. Select the user or group that you want to delegate control to. 5. Select Exchange Organization Administrator role. 6. On the Completion page, click Finish. A - 7

147 Delegating Exchange administrative rights To assign Exchange administrative rights to a user through the Application Manager, select Tools, Delegate Rights. The Delegate Rights dialog box will appear. 1. The Domain will be populated automatically with the domain where the Application Manager client resides. 2. In the Username field, enter the user name for the account that needs to be assigned Exchange administrative rights. 3. If the currently logged-on user does not have sufficient rights to assign Exchange administrative rights, select the Use credentials checkbox. 4. Enter the appropriate values for a user who does have sufficient permissions to assign these rights in the Domain, Username, and Password fields. The domain entered on the Delegate Rights dialog box must be the DNS domain name; you cannot use the NetBIOS domain name. For a description of the specific rights that are delegated to Exchange administrators, see Microsoft Knowledge Base article , available at SQL credentials Proper rights must be assigned to the account that is entered when the Application Manager prompts for credentials. If these credentials are not properly assigned, you will be prompted to enter alternate credentials before protection can be enabled For SQL, you should first configure all permissions as described in Application Manager credentials on page A-1. In addition, the user must have SQL Server System Administrator permission. In order to operate the Application Manager for setup and to manage failover and failback for SQL, the following permissions are required: The user must be assigned the System Administrator role on the SQL server in order to query and Administer SQL. A - 8