Importance of Analyzing Service Relationships When Managing Change
|
Because Exchange is highly dependent on other services such as Active Directory or DNS, a simple change without careful analysis of service relationships defined in the service map can have dramatic consequences on the messaging service. For the same reasons, it is also vital to evaluate existing risk management. (See Risk Management Discipline for Operations.)
For instance, suppose there is an organization where Active Directory and Exchange have different administrators and there is little or no change management in place. In this organization, administrators for Exchange—without understanding the demand of Exchange on Active Directory—installed several Exchange mailbox servers with 25,000 very active mailboxes in a new data center with a single global catalog server. The resulting impact, at the minimum, will be slow e-mail service. This is because a single global controller has become a performance bottleneck for all computers running Exchange Server in the data center. Another consequence is that users who authenticate using the domain controller and global catalog in the data center will have slow authentication responses.
Similarly, if an Active Directory administrator installs an untested security update for a third-party application on the domain controller and global catalog and they fail, the result will affect both Active Directory and Exchange users because of the close relationships between the services.
The following table lists examples of changes that frequently cause problems with Exchange services. For each case, understanding the relationships defined in the service map (see Exchange Service Map) and applying change management principles will prevent a negative impact on the Exchange service.
| Examples of Changes That Frequently Cause Problems for Exchange | |
| Change | Impact |
Untested installation of a security update | Exchange service degradation or outage will result if this change causes slow server response or failure to respond on any servers required to provide Exchange service—such as DNS, domain controller/global catalog, Exchange front-end/back-end (FE/BE), and Exchange Connector. |
DNS record change | Incorrect DNS entries will cause the Exchange server to be inaccessible to users. |
Active Directory replication interval change | Excessive intervals between Active Directory replication cycles will significantly increase the amount of time it takes to populate new mail-enabled objects in the global address list (GAL). |
Firewall rule change | Firewall rule-blocking ports required by Exchange will result in loss of Exchange functionality or loss of service. For example, blocking port 135 will result in loss of Exchange service, since System Attendant, message transfer agent (MTA) stack, and Information Store all require use of port 135. Blocking port 80 on an Exchange FE server might only affect user ability to access Outlook Web Access (OWA). |
Unscheduled/uncoordinated maintenance outage | Unscheduled/uncoordinated maintenance activities on any server or device with which Exchange is required to function will result in Exchange service degradation or Exchange service outage. |
OLAs should cover tasks such as communicating these types of changes to supporting services.
