資料庫可用性群組 (DAG)Database availability groups

資料庫可用性群組 (DAG) 是信箱伺服器高可用性和站台回復性架構內建於 Microsoft Exchange Server 的基礎元件。A database availability group (DAG) is the base component of the Mailbox server high availability and site resilience framework built into Microsoft Exchange Server. DAG 是一組多達 16 個信箱伺服器的群組,可主控資料庫集,並提供從影響個別伺服器或資料庫的失敗中自動進行資料庫層級復原的功能。A DAG is a group of up to 16 Mailbox servers that hosts a set of databases and provides automatic database-level recovery from failures that affect individual servers or databases.

重要

DAG 中的所有伺服器都必須執行相同的 Exchange 版本。All servers within a DAG must be running the same version of Exchange. 例如,您不能混合使用 Exchange 2013 伺服器與相同 DAG 中的 Exchange 2016 伺服器。For example, you can't mix Exchange 2013 servers and Exchange 2016 servers in the same DAG.

DAG 是一種界限的信箱資料庫複寫、 資料庫和伺服器轉換和容錯移轉,以及內部元件稱為Active ManagerA DAG is a boundary for mailbox database replication, database and server switchovers and failovers, and an internal component called Active Manager. 在每個信箱伺服器上執行的 Active Manager 負責管理 DAG 內的轉換和容錯移轉。Active Manager, which runs on every Mailbox server, manages switchovers and failovers within DAGs. 如需 Active Manager 的相關資訊,請參閱 Active ManagerFor more information about Active Manager, see Active Manager.

DAG 中的任何伺服器都可以主控來自 DAG 中任何其他伺服器的信箱資料庫副本。將伺服器新增至 DAG 後,它即可與 DAG 中其他的伺服器搭配使用,而能夠在影響信箱資料庫的失敗狀況下自動復原 (例如磁碟、伺服器或網路故障)。Any server in a DAG can host a copy of a mailbox database from any other server in the DAG. When a server is added to a DAG, it works with the other servers in the DAG to provide automatic recovery from failures that affect mailbox databases, such as a disk, server, or network failure.

注意

如需建立 DAG、管理 DAG 成員資格、設定 DAG 內容、建立與監視信箱資料庫副本,以及執行轉換等相關資訊,請參閱管理高可用性和站台恢復For more information about creating DAGs, managing DAG membership, configuring DAG properties, creating and monitoring mailbox database copies, and performing switchovers, see Managing high availability and site resilience.

資料庫可用性群組週期Database availability group lifecycle

Dag 利用概念的漸進式部署中,也就是在安裝 Exchange 之後部署的所有信箱伺服器和資料庫的服務和資料可用性的能力。DAGs leverage the concept of incremental deployment, which is the ability to deploy service and data availability for all Mailbox servers and databases after Exchange is installed. 部署 Exchange Server 信箱伺服器之後,您可以建立 DAG、 將信箱伺服器新增至 DAG,,然後在 DAG 成員之間複寫信箱資料庫。After you deploy Exchange Server Mailbox servers, you can create a DAG, add Mailbox servers to the DAG, and then replicate mailbox databases between the DAG members.

注意

雖然不支援建立 DAG,其中包含組合的實體的信箱伺服器和虛擬化的信箱伺服器,但前提是伺服器和解決方案遵守Exchange Server 系統需求Exchange Server 虛擬化中所設定的需求。It's supported to create a DAG that contains a combination of physical Mailbox servers and virtualized Mailbox servers, provided that the servers and solution comply with the Exchange Server system requirements and the requirements set forth in Exchange Server virtualization. 與所有 Exchange 高可用性組態相同,您必須確定已適當地調整 DAG 中的所有信箱伺服器,以處理排定及未排定中斷期間的必要工作量。As with all Exchange high availability configurations, you must ensure that all Mailbox servers in the DAG are sized appropriately to handle the necessary workload during scheduled and unscheduled outages.

使用 New-DatabaseAvailabilityGroup 指令程式可建立一個 DAG。DAG 一開始是在 Active Directory 中建立的空物件。目錄物件是用於儲存 DAG 的相關資訊,例如伺服器成員資格資訊以及部分 DAG 組態設定。當您新增第一個伺服器到 DAG 時,就會自動為 DAG 建立容錯移轉叢集。這個容錯移轉叢集由 DAG 獨佔使用,而且必須專供 DAG 使用,不支援將此叢集用於其他任何用途。A DAG is created by using the New-DatabaseAvailabilityGroup cmdlet. A DAG is initially created as an empty object in Active Directory. This directory object is used to store relevant information about the DAG, such as server membership information and some DAG configuration settings. When you add the first server to a DAG, a failover cluster is automatically created for the DAG. This failover cluster is used exclusively by the DAG, and the cluster must be dedicated to the DAG. Use of the cluster for any other purpose isn't supported.

除了建立容錯移轉叢集之外,還會初始化監視伺服器是否發生網路失敗或伺服器失敗的基礎結構,然後使用容錯移轉叢集活動訊號機制和叢集資料庫來追蹤和管理可能快速變更的 DAG 資訊,例如資料庫裝載狀態、複寫狀態和最後裝載位置。In addition to a failover cluster being created, the infrastructure that monitors the servers for network or server failures is initiated. The failover cluster heartbeat mechanism and cluster database are then used to track and manage information about the DAG that can change quickly, such as database mount status, replication status, and last mounted location.

建立期間會為每個 DAG 指定一個唯一名稱,並指派一個或多個靜態 IP 位址,或設定為使用動態主機設定通訊協定 (DHCP),或是在沒有叢集管理存取點的情況下建立。During creation, the DAG is given a unique name, and either assigned one or more static IP addresses or configured to use Dynamic Host Configuration Protocol (DHCP), or created without a cluster administrative access point. 可以建立沒有管理存取點的 Dag,只有在伺服器執行 Exchange 2019、 Exchange 2016 或 Exchange 2013 Service Pack 1 或更新版本,與 Windows Server 2012 R2 Standard 或 Datacenter edition。DAGs without an administrative access point can be created only on servers running Exchange 2019, Exchange 2016, or Exchange 2013 Service Pack 1 or later, with Windows Server 2012 R2 Standard or Datacenter edition. 沒有叢集管理存取點的 DAG 具有下列特性:DAGs without cluster administrative access points have the following characteristics:

  • 叢集/DAG 未被指派任何 IP 位址,因此,叢集核心資源群組中沒有 IP 位址資源。There is no IP address assigned to the cluster/DAG, and therefore no IP Address Resource in the cluster core resource group.

  • 叢集未被指派任何網路名稱,因此,叢集核心資源群組中沒有網路名稱資源。There is no network name assigned to the cluster, and therefore no Network Name Resource in the cluster core resource group

  • 叢集/DAG 的名稱未登錄在 DNS 中,因此無法在網路上進行解析。The name of the cluster/DAG is not registered in DNS, and it is not resolvable on the network.

  • 未在 Active Directory 中建立叢集名稱物件 (CNO)。A cluster name object (CNO) is not created in Active Directory.

  • 無法使用容錯移轉叢集管理工具來管理叢集。它必須使用 Windows PowerShell 進行管理,而且必須對個別叢集成員執行 PowerShell Cmdlet。The cluster cannot be managed using the Failover Cluster Management tool. It must be managed using Windows PowerShell, and the PowerShell cmdlets must be run against individual cluster members.

此範例顯示如何使用 Exchange 管理命令介面 建立擁有三部伺服器且具有叢集管理存取點的 DAG。其中兩部伺服器 (EX1 和 EX2) 位於同一個子網路 (10.0.0.0),而第三部伺服器 (EX3) 位於另一個子網路 (192.168.0.0)。This example shows you how to use the Exchange Management Shell to create a DAG with a cluster administrative access point that will have three servers. Two servers (EX1 and EX2) are on the same subnet (10.0.0.0), and the third server (EX3) is on a different subnet (192.168.0.0).

New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer EX4 -DatabaseAvailabilityGroupIPAddresses 10.0.0.5,192.168.0.5
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EX1
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EX2
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EX3

建立沒有叢集管理存取點之 DAG 的命令非常類似:The commands to create a DAG without a cluster administrative access point are very similar:

New-DatabaseAvailabilityGroup -Name DAG1 -WitnessServer EX4 -DatabaseAvailabilityGroupIPAddresses ([System.Net.IPAddress])::None
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EX1
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EX2
Add-DatabaseAvailabilityGroupServer -Identity DAG1 -MailboxServer EX3

將 EX1 新增至 DAG 時,會建立 DAG1 的叢集。The cluster for DAG1 is created when EX1 is added to the DAG. 在叢集建立期間, Add-DatabaseAvailabilityGroupServer 指令程式會擷取為 DAG 設定的 IP 位址,並忽略在 EX1 上發現但不符合任何子網路的位址。During cluster creation, the Add-DatabaseAvailabilityGroupServer cmdlet retrieves the IP addresses configured for the DAG and ignores the ones that don't match any of the subnets found on EX1. 在上面的第一個範例中,會以 10.0.0.5 的 IP 位址來建立 DAG1 叢集,並忽略 192.168.0.5 的 IP 位址。In the first example above, the cluster for DAG1 is created with an IP address of 10.0.0.5, and 192.168.0.5 is ignored. 在上述第二個範例中, _DatabaseAvailabilityGroupIPAddresses_參數的值會指示工作建立沒有管理存取點之 dag 的容錯移轉叢集。In the second example above, the value of the DatabaseAvailabilityGroupIPAddresses parameter instructs the task to create a failover cluster for the DAG that does not have an administrative access point. 因此,會使用核心叢集資源群組中的 IP 位址或網路名稱資源來建立叢集。Thus, the cluster is created with an IP address or network name resource in the core cluster resource group.

接著新增 EX2,並由 Add-DatabaseAvailabilityGroupServer 指令程式再次擷取為 DAG 設定的 IP 位址。EX2 與 EX1 位於相同的子網路上,因此叢集的 IP 位址不會有任何變更。Then, EX2 is added, and the Add-DatabaseAvailabilityGroupServer cmdlet again retrieves the IP addresses configured for the DAG. There are no changes to the cluster's IP addresses because in EX2 is on the same subnet as EX1.

接著再新增 EX3,而 Add-DatabaseAvailabilityGroupServer 指令程式也會再次擷取為 DAG 設定的 IP 位址。由於 EX3 上有符合 192.168.0.5 的子網路,因此會將 192.168.0.5 位址當成 IP 位址資源新增至叢集群組。此外,還會針對每個 IP 位址資源自動設定網路名稱資源的 OR 相依性。當叢集核心資源群組移至 EX3 時,叢集就會使用 192.168.0.5 的位址。Then, EX3 is added, and the Add-DatabaseAvailabilityGroupServer cmdlet again retrieves the IP addresses configured for the DAG. Because a subnet matching 192.168.0.5 is present on EX3, the 192.168.0.5 address is added as an IP address resource in the cluster group. In addition, an OR dependency for the Network Name resource for each IP address resource is automatically configured. The 192.168.0.5 address will be used by the cluster when the cluster core resource group moves to EX3.

針對具有叢集管理存取點的 DAG,當網路名稱資源連線時,Windows 容錯移轉叢集會將叢集的 IP 位址註冊到網域名稱系統 (DNS)。For DAGs with cluster administrative access points, Windows failover clustering registers the IP addresses for the cluster in the Domain Name System (DNS) when the Network Name resource is brought online. 此外,將 EX1 新增至叢集時,會在 Active Directory 中建立叢集名稱物件 (CNO)。In addition, when EX1 is added to the cluster, a cluster name object (CNO) is created in Active Directory. 叢集的網路名稱、IP 位址和 CNO 不會用於 DAG 函數。The network name, IP address(es), and CNO for the cluster are not used for DAG functions. 系統管理員和使用者不需要處理或連線到叢集/DAG 名稱或 IP 位址 (不論原因為何)。Administrators and end users don't need to interface with or connect to the cluster/DAG name or IP address for any reason. 有些協力廠商應用程式連線到叢集管理存取點來執行管理工作 (例如備份或監視)。Some third party applications connect to the cluster administrative access point to perform management tasks, such as backup or monitoring. 如果您不使用任何協力廠商應用程式需要叢集管理存取點,與您的 DAG Windows Server 2012 R2 上執行 Exchange 2016 或 Exchange 2019,建議您建立沒有管理存取點的 DAG。If you do not use any third party applications that require a cluster administrative access point, and your DAG is running Exchange 2016 or Exchange 2019 on Windows Server 2012 R2, then we recommend creating a DAG without an administrative access point. 這樣可簡化 DAG 組態、不需要一個或多個 IP 位址,以及降低 DAG 的攻擊面。This simplifies DAG configuration, eliminates the need for one or more IP addresses, and reduces the attack surface of a DAG.

DAG 也設定為使用見證伺服器和見證目錄。見證伺服器與見證目錄可由系統自動設定,或是由系統管理員手動設定。在上面的範例中,是手動將 EX4 (不是 DAG 成員,未來也不會是 DAG 成員的伺服器) 設定為 DAG 的見證伺服器。DAGs are also configured to use a witness server and a witness directory. The witness server and witness directory are either automatically configured by the system, or they can be manually configured by the administrator. In the examples above, EX4 (a server that is not and will not be a member of the DAG) is being manually configured as the DAG's witness server.

根據預設,DAG 主要是使用內建的連續複寫功能,在 DAG 中的伺服器之間複寫信箱資料庫。By default, a DAG is designed to use the built-in continuous replication feature to replicate mailbox databases among servers in the DAG. 如果您正在使用 Exchange Server 中支援的協力廠商複寫 API 的協力廠商資料複寫,您必須在協力廠商複寫模式中建立 DAG,與_ThirdPartyReplication_參數搭配使用New-databaseavailabilitygroup指令程式項目。If you're using third-party data replication that supports the Third Party Replication API in Exchange Server, you must create the DAG in third-party replication mode by using the New-DatabaseAvailabilityGroup cmdlet with the ThirdPartyReplication parameter. 此模式一經啟用,就不能停用。After this mode is enabled, it can't be disabled.

DAG 建立完畢後,就可以將信箱伺服器新增至 DAG。新增第一台伺服器至 DAG 時,會形成叢集以供 DAG 使用。DAG 會運用 Windows 容錯移轉叢集技術,例如叢集活動訊號、叢集網路與叢集資料庫 (用於儲存變更的資料,例如資料庫從主動到被動的狀態變更,或是從裝載到卸載的狀態變更,反之亦然)。隨著其他伺服器陸續新增至 DAG,這些伺服器每一部都會加入至基礎叢集,Exchange 會自動調整叢集的仲裁模型,並新增至 Active Directory 中的 DAG 物件。After the DAG is created, Mailbox servers can be added to the DAG. When the first server is added to the DAG, a cluster is formed for use by the DAG. DAGs make use of Windows failover clustering technology, such as the cluster heartbeat, cluster networks, and the cluster database (for storing data that changes, such as database state changes from active to passive or vice versa, or from mounted to dismounted and vice versa). As each subsequent server is added to the DAG, it's joined to the underlying cluster, the cluster's quorum model is automatically adjusted by Exchange, and the server is added to the DAG object in Active Directory.

在將信箱伺服器新增到 DAG 之後,您可以設定各種 DAG 的內容,例如是否在 DAG 內的資料庫複寫作業中使用網路加密或網路壓縮。您也可以設定 DAG 網路,並建立額外的 DAG 網路。After Mailbox servers are added to a DAG, you can configure a variety of DAG properties, such as whether to use network encryption or network compression for database replication within the DAG. You can also configure DAG networks and create additional DAG networks.

將成員新增至 DAG 並設定好 DAG 之後,每一台伺服器上的主動信箱資料庫,就可以複寫到其他 DAG 成員上。建立好信箱資料庫副本之後,您可以使用各種內建的監視工具,來監視副本的健康狀況與狀態。此外,您也可以執行資料庫與伺服器轉換。After you add members to a DAG and configure the DAG, the active mailbox databases on each server can be replicated to the other DAG members. After you create mailbox database copies, you can monitor the health and status of the copies using a variety of built-in monitoring tools. In addition, you can perform database and server switchovers.

資料庫可用性群組仲裁模型Database availability group quorum models

每個 DAG 之下都有一個 Windows 容錯移轉叢集。Underneath every DAG is a Windows failover cluster. 容錯移轉叢集使用仲裁的概念,其使用投票人的合意以確保一次僅有一子集的叢集成員 (可指所有成員或多數成員) 在作用中。Failover clusters use the concept of quorum, which uses a consensus of voters to ensure that only one subset of the cluster members (which could mean all members or a majority of members) is functioning at one time. 仲裁並不是 Exchange Server 的新概念。Quorum isn't a new concept for Exchange Server. 舊版 Exchange 中高可用性的信箱伺服器也會使用容錯移轉叢集和它的仲裁概念。Highly available Mailbox servers in previous versions of Exchange also use failover clustering and its concept of quorum. 仲裁代表成員共同的觀點與資源,而仲裁一詞也用於說明代表叢集內組態的實體資料,此為所有叢集成員之間所共有。Quorum represents a shared view of members and resources, and the term quorum is also used to describe the physical data that represents the configuration within the cluster that's shared between all cluster members. 因此,所有 DAG 皆要求其基礎容錯移轉叢集具有仲裁。As a result, all DAGs require their underlying failover cluster to have quorum. 如果叢集失去了仲裁,所有 DAG 作業會終止,所有已安裝且由 DAG 主控的資料庫將會卸載。If the cluster loses quorum, all DAG operations terminate and all mounted databases hosted in the DAG dismount. 在此情況下,將需要系統管理員介入,以修正仲裁問題與恢復 DAG 作業。In this event, administrator intervention is required to correct the quorum problem and restore DAG operations.

對於確保一致性、作為避免分割的平局決勝者,以及確保叢集回應能力來說,仲裁都是非常重要的概念:Quorum is important to ensure consistency, to act as a tie-breaker to avoid partitioning, and to ensure cluster responsiveness:

  • 確保一致性: Windows 容錯移轉叢集的主要需求是每個成員一定一致與其他成員的叢集檢視。Ensuring consistency: A primary requirement for a Windows failover cluster is that each of the members always has a view of the cluster that's consistent with the other members. 叢集登錄區是所有與叢集相關之組態資訊的最終存放庫。The cluster hive acts as the definitive repository for all configuration information relating to the cluster. 如果叢集登錄區無法在 DAG 成員上從本機載入,叢集服務就不會啟動,因為無法保證該成員符合具有與其他成員一致之叢集檢視的需求。If the cluster hive can't be loaded locally on a DAG member, the Cluster service doesn't start, because it isn't able to guarantee that the member meets the requirement of having a view of the cluster that's consistent with the other members.

  • 作為平局決勝者: 仲裁見證資源在用於 Dag 成員數量為偶數避免 split brain 僵局案例,並確定只有一個在 DAG 中的成員集合被視為正式。Acting as a tie-breaker: A quorum witness resource is used in DAGs with an even number of members to avoid split brain syndrome scenarios and to make sure that only one collection of the members in the DAG is considered official. 當仲裁需要見證伺服器時,任何能夠與見證伺服器通訊的 DAG 成員都可以對見證伺服器的 witness.log 檔案加上伺服器訊息區塊 (SMB) 鎖定。When the witness server is needed for quorum, any member of the DAG that can communicate with the witness server can place a Server Message Block (SMB) lock on the witness server's witness.log file. 在鎖定 (稱為 「鎖定節點」) 在見證伺服器的 DAG 成員會保留額外一票供仲裁使用。The DAG member that locks the witness server (referred to as the locking node) retains an additional vote for quorum purposes. 與鎖定節點連絡的 DAG 成員屬於多數且會維護仲裁。The DAG members in contact with the locking node are in the majority and maintain quorum. 無法連絡鎖定節點的任何 DAG 成員則屬於少數,因此會遺失仲裁。Any DAG members that can't contact the locking node are in the minority and therefore lose quorum.

  • 確保服務有無反應: 若要確保服務有無反應,仲裁模型可確保,每當執行叢集、 足夠的成員分散式系統的作業及 communicative,且至少一份複本在叢集中的目前狀態可以保證。Ensuring responsiveness: To ensure responsiveness, the quorum model makes sure that, whenever the cluster is running, enough members of the distributed system are operational and communicative, and at least one replica of the cluster's current state can be guaranteed. 您不需要花費任何額外的時間讓成員開始通訊,或者判斷特定的複本是否一定存在。No additional time is required to bring members into communication or to determine whether a specific replica is guaranteed.

具有複數成員的 DAG 會使用容錯移轉叢集的「節點與檔案共用多數」仲裁模式,而這個模式會運用外部見證伺服器作為平局決勝者。在這種仲裁模式中,每個 DAG 成員都會獲得一票。此外,會使用見證伺服器提供一個 DAG 成員加權過的選票 (例如,取得兩票而非一票)。依預設,叢集仲裁資料會儲存在 DAG 每個成員的系統磁碟上,而且在這些磁碟之間保持一致。不過,仲裁資料的副本不會儲存在見證伺服器上。見證伺服器中的檔案會用於追蹤具有最新資料副本的成員,但見證伺服器並不會具有叢集仲裁資料的副本。在這種模式下,多數的投票者 (DAG 成員加上見證伺服器) 必須運作正常且能夠彼此通訊,才能維護仲裁。如果多數投票者無法彼此通訊,DAG 的基礎叢集會遺失仲裁,而且 DAG 必須讓系統管理員介入恢復運作。DAGs with an even number of members use the failover cluster's Node and File Share Majority quorum mode, which employs an external witness server that acts as a tie-breaker. In this quorum mode, each DAG member gets a vote. In addition, the witness server is used to provide one DAG member with a weighted vote (for example, it gets two votes instead of one). The cluster quorum data is stored by default on the system disk of each member of the DAG, and is kept consistent across those disks. However, a copy of the quorum data isn't stored on the witness server. A file on the witness server is used to keep track of which member has the most updated copy of the data, but the witness server doesn't have a copy of the cluster quorum data. In this mode, a majority of the voters (the DAG members plus the witness server) must be operational and able to communicate with each other to maintain quorum. If a majority of the voters can't communicate with each other, the DAG's underlying cluster loses quorum, and the DAG will require administrator intervention to become operational again.

具有奇數成員的 DAG 會使用容錯移轉叢集的「節點多數」仲裁模式。在這個模式下,每個成員都會取得一票,而且每個成員的本機系統磁碟都可用來儲存叢集仲裁資料。如果 DAG 的組態有所變更,則該變更會反映到不同的磁碟上。只有在對半數 (向下捨去) 再加一個成員的磁碟進行變更後,才會將該項變更視為已認可且成為持續性。例如,在有五個成員的 DAG 中,必須在二加一個成員 (也就是總共三個成員) 上進行變更。DAGs with an odd number of members use the failover cluster's Node Majority quorum mode. In this mode, each member gets a vote, and each member's local system disk is used to store the cluster quorum data. If the configuration of the DAG changes, that change is reflected across the different disks. The change is only considered to have been committed and made persistent if that change is made to the disks on half the members (rounding down) plus one. For example, in a five-member DAG, the change must be made on two plus one members, or three members total.

仲裁要求多數投票者必須能夠彼此通訊。假設某個 DAG 擁有四個成員。因為這個 DAG 具有偶數的成員,所以它會使用外部見證伺服器來提供一名叢集成員第五票,也就是平局決勝的一票。為了維持多數投票者 (並因而達成仲裁),至少要有三個投票者必須能夠彼此通訊。不論任何時候,最多可以有兩個投票者離線,而不致於造成服務和資料存取中斷。如果有三個或更多投票者離線,DAG 便會遺失仲裁,而且直到您解決問題之前,服務和資料的存取都會中斷。Quorum requires a majority of voters to be able to communicate with each other. Consider a DAG that has four members. Because this DAG has an even number of members, an external witness server is used to provide one of the cluster members with a fifth, tie-breaking vote. To maintain a majority of voters (and therefore quorum), at least three voters must be able to communicate with each other. At any time, a maximum of two voters can be offline without disrupting service and data access. If three or more voters are offline, the DAG loses quorum, and service and data access will be disrupted until you resolve the problem.