Manage Learn to apply best practices and optimize your operations.

How to create the best Exchange monitoring option

The key to successful monitoring protocols for Exchange deployments isn't about the components themselves -- it's about end users.

As we looked at Exchange monitoring options in part one, we answered the tough question of what exactly organizations should monitor and looked at some of the differences between active and passive monitoring. Now, we'll cover what to look at for monitoring Exchange and how hybrid deployments are changing how organizations monitor Exchange deployments.

What do I look at to monitor Exchange?

In my opinion, you shouldn't really care about the individual components themselves for Exchange monitoring. There's simply no value in just reporting that a service isn't running. However, if that failed service is the reason why end users aren't able to access their email, you want to know it right away. The key is to focus on end-user experience.

If an end-user experience is broken, you should know about it; this is especially true in Exchange 2013, which includes a feature called Managed Availability. You can think of Managed Availability as Exchange's built-in monitoring and remediation tool. It will perform a series of tests called probes, which would fall into the active monitoring category that Exchange inspects so it can automatically respond to any failures.

This approach causes issues when using a traditional way to monitor Exchange. The best way to illustrate this is to again use a failed service example. When this happens, Managed Availability will automatically kick in and restart the service. There might be a gap of a few minutes between the service going down and Managed Availability restarting it. If the Exchange monitoring option would report on services' status, it might have thrown an alert by now. By the time you go in and look at the service, chances are you'd see the service up and running again because Managed Availability already restarted it.

There are many more examples in which traditional monitoring would typically fail. It's important that, especially with Exchange 2013, you have a mix of both active and passive monitoring. Modern tools should also use Managed Availability to determine what state Exchange 2013 is in.

Combining active and passive Exchange monitoring

Having active monitoring and passive monitoring is great, but it's even better if you combine data from both to create an entirely new view. Consider this example: You actively check the Exchange ActiveSync component on your Exchange service while monitoring the network load on your Exchange servers at the same time. Because you've monitored over time, you probably know the average load on your server's NIC. Let's assume there's typically an average load of 25% on the network at any given time.

Now, consider the following scenario. Your ActiveSync probe returns that all is okay, and your network monitor also returns that all is okay, but it also shows there's only a 5% load on the server's NIC. While normally this would not be a cause for concern, these statistics might actually reveal an underlying issue -- after all, you were expecting a 25% load on the NIC. Correlating this data allows you to make educated guesses about what's going on. In this particular example, you know there isn't an issue with Exchange ActiveSync because the test successfully passed. But because the load on the network is lower than normal, it's possible there's an underlying network connectivity issue. Maybe the WAN link with one of your sites is down and you haven't realized it yet.

How hybrid deployments change monitoring

The rise of hybrid Exchange further complicates matters. Hybrid deployments are disruptive to traditional monitoring software because they introduce another layer of complexity and require a broader scope of components to examine. Exchange hybrid deployments are much more than only Exchange. There are the Exchange-only components related to Mail Flow and federation, but there's also Directory Synchronization (DirSync) with or without Password Synchronization (Password Sync).

If you're using Active Directory Federation Services for authentication and you want to monitor your end users' behavior -- which is why you got into Exchange monitoring in the first place -- you have to take those components into account as well.

Things are moving quite fast in that area. It's not surprising to see new features and capabilities become available with every Cumulative Update. This means your software provider needs to be on top of its game as it wants to keep pace.

Right now, there aren't many providers out there that seem to have an offering ready. ENow's Mailscape for Exchange Online is, as far as I'm aware, the only company with a complete hybrid Exchange monitoring option available. However, I'm sure that competing options from other vendors will follow in the future. Although hybrid deployments have been around for a while, the market for monitoring those deployments is still young. I'm curious to see what the coming months will bring and how they might revolutionize monitoring all together.

About the author:
Michael Van Horenbeeck is a technology consultant, Microsoft Certified Trainer and Exchange MVP from Belgium, mainly working with Exchange Server, Office 365, Active Directory and a bit of Lync. He has been active in the industry for 12 years and is a frequent blogger, a member of the Belgian Unified Communications User Group Pro-Exchange and a regular contributor to The UC Architects podcast.

Dig Deeper on Exchange Server setup and troubleshooting

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Good post. We did get the question at MEC this year of how our monitoring product handles managed availability. SolarWinds server & application monitoring tool mimics Managed Availability (user experience monitoring) with the product’s MAPI, HTTP/S, POP3, IMAP4, and Exchange Web Services User Experience monitors. This product also helps admins determine when there is a deviation from normal behavior by statistically calculating thresholds from baseline performance, as well as provides the normal status checks on services/processes, replication status, etc.
To be frank msft should introduce all tools relaring to their products. consumers have to buy thitd party products after buying Msft which is again an investment.
people like it or not I strongly hope that MSFT should think again to gain more bussiness