Announcement

Collapse
No announcement yet.

Exchange 2003 redundancy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 redundancy

    Hello,

    I am looking for a solution to have a high availabiliy mail service. At the moment we have one mail server in our domain which means that if there is any problem with it we don't have mails anymore...

    For information the installation we have is:
    Windows 2003 Std
    Exchange 2003 Enterprise

    I have been looking on the net and until now I could find information about two solutions:

    - clustering (seems good but expensive due to the licencing)
    - Frontend/backend (well apparently to ha ve a redundant system with this
    configuration I need more than 2 servers to have for example 2 Frontend
    servers in load balancing and one Backend server...)

    Now my question is:

    If I installed a second exchange server in the same Forest and same domain they will synchronize and so they will both have the same configuration and database right ?

    Can exchange servers not work as domain controllers ? I mean with domain controllers if one is down the other will keep the domain up and running.

    I couldn't find information about such a solution until now so I am doubting if it is possible...

    Hope you will be able to clarify this for me,

    Christophe
    Last edited by cdechamps; 26th January 2007, 10:15.

  • #2
    Re: Exchange 2003 redundancy

    Originally posted by cdechamps View Post
    If I installed a second exchange server in the same Forest and same domain they will synchronize and so they will both have the same configuration and database right ?
    If you mean will they both host the same mailboxes then the answer is no. As far as i know you can only do this with clustering.

    Originally posted by cdechamps View Post
    Can exchange servers not work as domain controllers ? I mean with domain controllers if one is down the other will keep the domain up and running.
    There is debate about this in some areas. Yes you can install exchange on a domain controller but i wouldn't in my opinion. It will make the server slow to reboot when updates are applied, exchange is very memory hungry (it takes most of what you have)... but if you are short of hardware then it is a possibility. Having said that im no exchange expert. Remember that SBS is a domain controller with exchange installed...

    If you want redundancy in your exchange environment i would:

    2 x backends clustered
    2 x frontends running load balancing

    Hope this helps.
    Server 2000 MCP
    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Exchange 2003 redundancy

      For the solution you are proposing:

      2 x backends clustered
      2 x frontends running load balancing

      I need four servers then.... and for the licences i need to have:

      for the backends:
      2 Windows 2003 Ent
      2 Exchange 2003 Ent

      For the Frontends:
      2 Windows 2003 Std
      2 Exchange 2003 Std

      Right ?

      I am not familiar with clustering and load-balancing.

      Can a solution with a clustered exchange 2003 not be enough ? (I mean without the FE/BE configuration ?)

      Comment


      • #4
        Re: Exchange 2003 redundancy

        According to this article:

        http://technet.microsoft.com/en-us/l...0af9243e1.aspx

        You can use both enterprise and standard as front end and back end.

        With clustering you get mail box redundancy - i.e. users should be able to get to their mailbox should one of the clustered servers fail. The fe/be redundancy means that outlook web access will still be available if one of the frontend servers fail. The frontend servers can also provide OMA (mobile access) as well as others. It is the most secure config to use at least one frontend into your DMZ. Adding another in failover config will add the redundandcy described above.

        Hope this helps
        Server 2000 MCP
        Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

        Comment


        • #5
          Re: Exchange 2003 redundancy

          Thank you for your quick and useful answers !!!

          One more question, if you allow me , you say that for OMA and others things like that I need to have a FE/BE configuration right ? The thing is with our exchange server we can use OMA so I guess it is a sort of FE/BE configuration but on the same server I guess that will not change anything with the cluster right ?

          Comment


          • #6
            Re: Exchange 2003 redundancy

            You dont NEED fe/be to do OMA. You can do that with just one server (as you are doing) but it is best practice to do it with a front end server. More secure etc...

            A front end server basically is the same as a regular exchange server except it doesn't host mailboxes. It can route mail, do OWA and OMA etc etc.. it just doesn't have mailboxes.

            So im pretty sure that exchange clusters can still do OMA, OWA etc.. as per your current setup. It would just be better practice to throw a frontend into your DMZ and let it handle external requests to use your backends.
            Server 2000 MCP
            Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              Re: Exchange 2003 redundancy

              As soon as you start having more than one backend server, you need to have a frontend server.
              As far as I am concerned, it is almost mandatory to have a frontend with a cluster.

              However the place for the frontend is on your production network - NOT in the DMZ. The DMZ is not the place for any member of your domain.
              If you are concerned about Exchange having direct access to the internet, then put an ISA in the DMZ.

              Instead of clustering you could look at something like DoubleTake which requires another machine but isn't as complex as clustering. That mirrors the server on another machine.

              What you also need to consider is the cost. The longer you can survive without email the cheaper it is. You will not get instant fail over without paying a lot of money.

              Simon.
              --
              Simon Butler
              Exchange MVP

              Blog: http://blog.sembee.co.uk/
              More Exchange Content: http://exchange.sembee.info/
              Exchange Resources List: http://exbpa.com/
              In the UK? Hire me: http://www.sembee.co.uk/

              Sembee is a registered trademark, used here with permission.

              Comment


              • #8
                Re: Exchange 2003 redundancy

                Originally posted by Sembee View Post
                However the place for the frontend is on your production network - NOT in the DMZ. The DMZ is not the place for any member of your domain.
                If you are concerned about Exchange having direct access to the internet, then put an ISA in the DMZ.
                Are you saying that no-one should have their front end in the DMZ or just this guy?
                Server 2000 MCP
                Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                Comment


                • #9
                  Re: Exchange 2003 redundancy

                  Originally posted by tonyyeb View Post
                  Are you saying that no-one should have their front end in the DMZ or just this guy?
                  I am saying that no one should have a frontend server in the DMZ.
                  No one has yet given me a good reason why you should put a frontend server in to a DMZ. I blogged on this last year: http://www.sembee.co.uk/archive/2006...-in-a-DMZ.aspx

                  Simon.
                  --
                  Simon Butler
                  Exchange MVP

                  Blog: http://blog.sembee.co.uk/
                  More Exchange Content: http://exchange.sembee.info/
                  Exchange Resources List: http://exbpa.com/
                  In the UK? Hire me: http://www.sembee.co.uk/

                  Sembee is a registered trademark, used here with permission.

                  Comment


                  • #10
                    Re: Exchange 2003 redundancy

                    Dont ask me why but i think mine is staying in the DMZ... as recommended on my Exchange 2000 course. Cant remember why but i have no reason to move it either. I guess if it was comprimised it is in the dmz and cannot go anywhere much, whereas in the inside network it has free roam.
                    Server 2000 MCP
                    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    Comment


                    • #11
                      Re: Exchange 2003 redundancy

                      Originally posted by tonyyeb View Post
                      I guess if it was compromised it is in the dmz and cannot go anywhere much, whereas in the inside network it has free roam.
                      What is different to having it inside or outside?
                      The machine is a member of the domain. The number of changes that you have to make to get a domain member work through a firewall means that once the machine is compromised the attacker can walk straight in to your network, doesn't even have to look for the domain controllers - just follow the traffic.

                      Sounds like your course was done by someone who believes the mantra of all internal facing machines "belong" in the DMZ. I have had so called security consultants ask me to do the same thing. When I ask them why, they are unable to provide me with a good reason.
                      I have challenged everyone who suggests the same thing to give me a good reason why, and I have not been given one yet.

                      Simon.
                      --
                      Simon Butler
                      Exchange MVP

                      Blog: http://blog.sembee.co.uk/
                      More Exchange Content: http://exchange.sembee.info/
                      Exchange Resources List: http://exbpa.com/
                      In the UK? Hire me: http://www.sembee.co.uk/

                      Sembee is a registered trademark, used here with permission.

                      Comment


                      • #12
                        Re: Exchange 2003 redundancy

                        Oh well no point in having a dmz then. Ill just go and get rid of my 515 pix for a cheaper model with no dmz....
                        Server 2000 MCP
                        Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                        ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                        Comment


                        • #13
                          Re: Exchange 2003 redundancy

                          Originally posted by tonyyeb View Post
                          Oh well no point in having a dmz then. Ill just go and get rid of my 515 pix for a cheaper model with no dmz....
                          I didn't say that.
                          DMZs have their place. However they are not the place for domain members.
                          What I tell my clients is that anything you put in the DMZ you should be able to drop with a moment's notice. A domain member, particularly an Exchange server you cannot drop with a moments notice.

                          I only put machines that are part of a workgroup in the DMZ.

                          If we look at Exchange 2007, the new Edge Transport role has been designed to go in to an edge network (aka DMZ). The machine it is installed on does not have to be a member of the domain so is ideal to go in to the DMZ.

                          Simon.
                          --
                          Simon Butler
                          Exchange MVP

                          Blog: http://blog.sembee.co.uk/
                          More Exchange Content: http://exchange.sembee.info/
                          Exchange Resources List: http://exbpa.com/
                          In the UK? Hire me: http://www.sembee.co.uk/

                          Sembee is a registered trademark, used here with permission.

                          Comment


                          • #14
                            Re: Exchange 2003 redundancy

                            Sembee,
                            from a short reading on isaserver.org article, i saw something else:

                            http://www.isaserver.org/articles/2004dmzfebe.html
                            What's you're oppinion about this. (its 01:00 am here, so i couldn't read it entirely)
                            Marcel
                            Technical Consultant
                            Netherlands
                            http://www.phetios.com
                            http://blog.nessus.nl

                            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                            "No matter how secure, there is always the human factor."

                            "Enjoy life today, tomorrow may never come."
                            "If you're going through hell, keep going. ~Winston Churchill"

                            Comment


                            • #15
                              Re: Exchange 2003 redundancy

                              If you are on a list that Shinder posts to, if you want to liven it up, suggest that ISA is not a real firewall. Shinder will post his usual rhetoric.

                              I will often deploy an ISA in the DMZ with a Frontend in the production network. I have done for some of my financial services clients and they have been quite happy with it.

                              They key point is not to have anything between the Exchange servers. The number of holes that have to be punched through the firewall (be it a hardware firewall or ISA) basically makes the firewall swiss cheese.

                              Remember also that a frontend server needs access to all the backend servers, so while having a frontend in a DMZ with just a single backend will often work, as soon as you introduce a second backend server things will start to fail.

                              Simon.
                              --
                              Simon Butler
                              Exchange MVP

                              Blog: http://blog.sembee.co.uk/
                              More Exchange Content: http://exchange.sembee.info/
                              Exchange Resources List: http://exbpa.com/
                              In the UK? Hire me: http://www.sembee.co.uk/

                              Sembee is a registered trademark, used here with permission.

                              Comment

                              Working...
                              X