Announcement

Collapse
No announcement yet.

Best practice for Exchange 2010 HA topology considering 6 x Exchange licenses and TMG

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Best practice for Exchange 2010 HA topology considering 6 x Exchange licenses and TMG

    What would be best topology considering that:

    1. 6 x Exchange 2010 Standard Licenses
    2. 2 x Separate locations that are supposed to support redundancy in case of link problems
    3. 4 x Forefront TMG 2010 with Forefront Security and Forefront Protection/Security

    Multiple locations worldwide using those Exchange. Most locations will be connected with VPN Tunnel (the ones hosting Exchange for sure).

    I was thinking something like this:

    Location **MAIN** (about 70-100 people):

    1. 2x TMG 2010 in NLB
    2. 1x Exchange 2010 CAS/HUB Role
    3. 2x Exchange 2010 Mailbox Role (Active + Passive)

    Location **SUPPORT** (about 20 people):

    1. 2x TMG 2010 in NLB
    2. 1x Exchange 2010 CAS/HUB Role
    3. 2x Exchange 2010 Mailbox Role (Active + Passive)

    Management wants to make sure that in case of problems in main location (power failure, link loss etc) second location can support all traffic from around the world and vice-versa. We have 6-7 locations and more comming up (not big ones but like 10+ people per each location).

    I do know that CAS/HUB is single point of failure (and no NLB), but i simply lack more licenses to do some redundancy on that.

    What do you think about this approach? What would be better approach according to you?
    My website with some small projects - http://www.pro-solutions.pl

  • #2
    Re: Best practise for Exchange 2010 HA topology considering 6 x Exchange licenses and

    I would put the second site in to a data centre and have all of the smaller sites that come on stream use the data centre for their email. No issues with bandwidth, power, Internet connections etc. You will need to put at least one domain controller in there, but two servers running VMWARE will run the platform quite happily.
    Have all email come in through the data centre, so if you lose the office site email continues to flow correctly.

    However your major issue is that you have a single point of failure in both locations, that being a single CAS. As all client connections to Exchange go through CAS, if you were to lose a CAS then you would have a mess on your hands.

    Six licences isn't really enough, unless you can purchase an additional load balancer. If you want to use a DAG, you need to use a CAS array. You can't use NLB with DAG, so putting all roles on to the same machine isn't going to work.

    One option would be to have four Exchange servers in one location, two in the other and take the hit while the DNS change is made for the CAS array for the second location in the event of a failure.
    In the location with the two Exchange servers a load balancer could be used.

    TMG is not going to load balance your internal traffic.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Best practise for Exchange 2010 HA topology considering 6 x Exchange licenses and

      Thank you for this. In my case we're gonna have separated user network and servers network and traffic will be going thru TMG so I guess it would be possible to make NLB work internally and externally?

      Can the CAS array be used/made over tunnel?

      What you mean with "take the hit while the DNS change is made for the CAS array for the second location in the event of a failure.". What DNS change you mean?


      "In the location with the two Exchange servers a load balancer could be used."
      Do you mean second location should have all the roles on one server x2 and external Load Balancer between those two ?

      Originally posted by Sembee View Post
      I would put the second site in to a data centre and have all of the smaller sites that come on stream use the data centre for their email. No issues with bandwidth, power, Internet connections etc. You will need to put at least one domain controller in there, but two servers running VMWARE will run the platform quite happily.
      Have all email come in through the data centre, so if you lose the office site email continues to flow correctly.

      However your major issue is that you have a single point of failure in both locations, that being a single CAS. As all client connections to Exchange go through CAS, if you were to lose a CAS then you would have a mess on your hands.

      Six licences isn't really enough, unless you can purchase an additional load balancer. If you want to use a DAG, you need to use a CAS array. You can't use NLB with DAG, so putting all roles on to the same machine isn't going to work.

      One option would be to have four Exchange servers in one location, two in the other and take the hit while the DNS change is made for the CAS array for the second location in the event of a failure.
      In the location with the two Exchange servers a load balancer could be used.

      TMG is not going to load balance your internal traffic.

      Simon.
      My website with some small projects - http://www.pro-solutions.pl

      Comment


      • #4
        Re: Best practise for Exchange 2010 HA topology considering 6 x Exchange licenses and

        Without NLB involved, if you were to lose the CAS server that the CAS array points to, then you need to make a change to the DNS of the CAS array DNS host to point to the second server. There will be a period while that takes effect.

        CAS Array does not cross AD sites. It is AD site specific.

        You cannot use TMG to load balance internal traffic. You shouldn't have a firewall between Exchange servers in the Exchange org. So while the traffic is going through TMG, it should be leaving it alone because it is INTERNAL traffic.
        While the sites may be separate, if they are in the same Forest, you cannot treat them as two separate environments.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X