Capacity planning for Forefront Protection 2010 for Exchange Server
All organizations are unique and need to consider many things when making decisions that guide hardware purchase decisions. This topic will help you understand the additional load created by Forefront Protection 2010 for Exchange Server (FPE) on server environments and provide guidance with capacity planning decisions. This information should be combined with your experience, the Exchange server capacity planning guidelines, and your general knowledge of your own organization and IT landscape.
When considering capacity planning for your FPE environment there are several factors that should be considered: the objectives of the organization, the server load that must be supported, the deployment architecture, the physical or virtualized hardware specifications, and the Exchange Server roles.
You should also consider answers to the following questions before undertaking an extensive deployment of FPE:
Is there a required retention policy for quarantined data?
What is the maximum CPU and memory utilization of the hardware that should be used for capacity planning purposes?
Is the organization static or will it be growing, and is it designed to support a larger load in the future?
What is the redundancy policy?
Are there any business continuity requirements to guarantee availability and responsiveness?
Should some email be treated differently than others?
Load on an FPE deployment with Exchange is represented in three main areas: the number of mailboxes and users being supported, the incoming SMTP rate into your organization, and the user load profile of the supported users in your Exchange/FPE environment.
Calculating the number of mailboxes that must be supported is not difficult. However, differences in organization and geographical areas may lend to separating this data out into separate loads. For example, suppose your organization needs to support 20,000 mailboxes in North America and 40,000 mailboxes in Europe. Based on the network topology, an Edge server may be dedicated for North America traffic and the other for the European traffic. Therefore, you must know the expected SMTP load in supporting both locations.
The incoming SMTP rate is also needed. Identifying the SMTP rate is dependent upon any external filtering (appliance or cloud) that may exist in addition to the on-premises deployment infrastructure. This is the rate that must be supported by the Edge or Hub servers in the deployment architecture.
The average user load profile represents the total number of emails received and sent by a typical user per day. This may vary depending on location and business function. Subsequently, it is at the discretion of the IT planner to either separate or include the load profile in the overall numbers. Exchange Server 2010 provides a capacity planning tool that can help calculate the user load profile for an organization.
The size of the organization typically dictates the deployment architecture. This includes any cloud or appliance filtering in addition to the typical Exchange Server deployment architectures. Satellite locations, the corporate network infrastructure, and the goals of the organization may dictate one preferred architecture over another. There are two FPE reference architectures utilized in capacity planning analysis that are scalable units and apply to both medium and large scale organizations; for more information, see Reference architectures for Forefront Protection 2010 for Exchange Server.
Some organizations utilize existing hardware, procure hardware based on capacity planning analysis, or use a combination of both. For replication purposes, virtualization is more prevalent in enterprise organizations. The specifics of virtualization should be well understood and the resources that are attached to each virtualized deployment server should be known because this impacts the overall load being supported. For more information about virtualization with regards to capacity planning, see Relative performance considerations.
When operating Forefront Protection 2010 for Exchange Server in a database availability group (DAG) high-availability environment, special considerations should be observed. During a server switchover, the database mailbox will switch to its favored target. Once the switch is complete, all mailboxes will inherit the FPE policies configured on that physical server. Since each FPE server is independent, and not DAG aware, this can lead to multiple policies and multiple incidents/quarantines. Because of this, it is recommended to do the following:
Configure FPE identically, using a PowerShell script, between servers whose preferred database targets require the same policies. For example, if a particular set of users on a particular server have FPE configured with less stringent filtering rules, their target switchover server with FPE configured should also have the same filtering rules, in order to preserve minimal disruption. For more information on using PowerShell with FPE, see Using Windows PowerShell.
A user's Incidents and Quarantine items will be held based on when the database was associated with the physical server where FPE is installed. Therefore, it should be expected that a user's quarantine items can span multiple physical servers, based on the switchover history. Administrators should be prepared to check a user’s switchover history to help reference which physical server to go to in order to release that user's quarantined items for the particular time period.
If a physical server has been offline for some time, the administrator should force an engine update, to ensure all engines are up to date, before initiating database switchover and replication.