Announcement

Collapse
No announcement yet.

Planning new Exchange 2010 HA architecture

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Planning new Exchange 2010 HA architecture

    I'm planning to deploy Exchange 2010 in organization. This organization consists of 2 sites.

    The plan for 1st location (holding most of the employees) is:
    - 2 x Windows Server 2008 R2 Enterprise - Forefront TMG Servers working in NLB
    - 1 x Windows Server 2008 R2 Standard with CAS ROLE (and EDGE?) behind TMG
    - 1 x Windows Server 2008 R2 Enterprise with MAILBOX AND HUB in DAG

    The plan for 2nd location is (holding just couple of employees, eventually some external hosting):
    - 1 router (if necessary TMG server if not just simple hw box)
    - 1 x Windows Server 2008 R2 Standard with CAS ROLE (and EDGE?) behind TMG
    - 1 x Windows Server 2008 R2 Enterprise with MAILBOX AND HUB in DAG.

    Those 2 locations will be connected thru IPSEC permanently.

    1. Considering that I will have TMG servers do i need to put EDGE servers outside? or I can keep them with CAS role.
    2. Will DAG work thru IPSEC tunnel efficiently ?
    3. Is this even good plan ? What would be the best plan considering we have 3-4 locations people need perm access thru IPSEC tunnel to access mail and we need HA solution. We're putting mail servers in 2 locations since we want to be sure one or the other works and accept emails, serves them in case of power failure or network failure in one of the locations.
    My website with some small projects - http://www.pro-solutions.pl

  • #2
    Re: Planning new Exchange 2010 HA architecture

    1. TMG servers support the Edge transport role. I haven't done a deployment this way, and there were some issues with incompatibilities after the last round of updates. I believe they are now resolved though.

    2. DAG will work fine through pretty much any site-to-site VPN solution. Personally I'd use TMGs all the way if possible, to keep everything standardised, security of CAS publishing and also VPN access is built in, both for client access and remote sites. You can use IPSec, PPTP, or L2TP for site-to-site connections and SSTP for client connections. I don't know if SSTP is available for site-to-site connections though. TMG also supports being an IPSec endpoint for 3rd party hardware though.

    3. I'd maybe look at a 3rd site if possible. Microsoft's recommendations for DAGs are that if you have a 3 database solution it's reliable enough to not require being backed up. I think though that 2 database copies in one AD site is supported as well, check this article at msexchange.org.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: Planning new Exchange 2010 HA architecture

      Originally posted by cruachan View Post
      1. TMG servers support the Edge transport role. I haven't done a deployment this way, and there were some issues with incompatibilities after the last round of updates. I believe they are now resolved though.

      2. DAG will work fine through pretty much any site-to-site VPN solution. Personally I'd use TMGs all the way if possible, to keep everything standardised, security of CAS publishing and also VPN access is built in, both for client access and remote sites. You can use IPSec, PPTP, or L2TP for site-to-site connections and SSTP for client connections. I don't know if SSTP is available for site-to-site connections though. TMG also supports being an IPSec endpoint for 3rd party hardware though.

      3. I'd maybe look at a 3rd site if possible. Microsoft's recommendations for DAGs are that if you have a 3 database solution it's reliable enough to not require being backed up. I think though that 2 database copies in one AD site is supported as well, check this article at msexchange.org.
      Thank you for your answers. Is it possible to use Microsoft Forefront Security 2010 without Edge server?
      My website with some small projects - http://www.pro-solutions.pl

      Comment


      • #4
        Re: Planning new Exchange 2010 HA architecture

        I believe so. I've never really used Forefront for Exchange (I'm assuming that's the one you mean!) but it does come bundled with SBS 2008, for example.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: Planning new Exchange 2010 HA architecture

          Originally posted by MadBoy View Post
          Thank you for your answers. Is it possible to use Microsoft Forefront Security 2010 without Edge server?
          You should be more clear in that question, because Forefront nowadays is a bunch of products. If you mean TMG without Edge and Forefront for Exchange - yes, if you mean Forefront for Exchange without Exchange - no.

          Comment

          Working...
          X