Advice on new exchange server.

Posted on 2006-04-10
Last Modified: 2010-03-18
I am looking at getting a new exchange server.  I have exhange 2003, around 100 users (needs to be able to scale to more easily and cheap), somewhat intensive use, external web filtering software.  Would like to do some sort of archiving, but not completely needed.  Does anyone have any ideas? How does everyone normally set their boxes up (in DMZ or not).
Question by:fnbgppl
    LVL 51

    Expert Comment

    by:Keith Alabaster
    I always put my exchange servers on my internal LAN, never in the DMZ.
    I DO like to put an SMTP relay in the DMZ so that no outside body can talk to my Exchange servers directly.  ie The internet talks to my relay box and this, in turn, talks to the Exchange box.

    We use Sophos's Puremessage on the Exchange server which protects the stores from viruses plus gives the added protection for web-based viruses if you use OWA.

    We use Proofpoint & Mailsweeper as out incoming content and spam filters.

    Archiving, we use Outlooks own capabilities set for 6 months.
    LVL 14

    Expert Comment


    In the DMZ, I usually have a SMTP relay, a Outlook Web Access site (shared with the SMTP box), and if needed an RPC over HTTP server for the advanced Outlook users coming in from the internet.  But for better security, it is best to have a OWA and SMTP box available only.  If security is a concern, a ISA server can be put in the DMZ with a redirect to the internal Exchange server with SMTP, OWA, and Exchange set on it.

    For archiving, backup exec with the exchange module will work.  A Tape drive or silo attached with also work.  With 100 users, setting this to run after midnight is usually more than enough to keep things running.

    For scaliability, it is easiest to attach an external array.  Performance can be achieve with a SAN attached fiber connections (IBM sells them for about $5K) or a cheaper SCSI attached storage system with large drives attached.  Dell and HP sell some pretty reasonably priced arrays.  A typical exchange server can support at least 2000 users without any changes to the server with most dual 3.0 Ghz boxes.  The biggest issue is usually the drive space.

    LVL 104

    Expert Comment

    I never put a domain member in to the DMZ. Whether that is an Exchange server or something else. The number of holes required for it to work properly makes the DMZ practically pointless.

    Put everything inside and just open the ports required to the Internet - 25 (SMTP) and 443 (HTTPS for OWA).

    If there is a security concern then put an ISA server in the DMZ and publish OWA. Remember that the ISA server is a member of a workgroup, not the domain.

    As for the spec of the server, you haven't outlined how much data there is. Exchange isn't performance intensive, but storage intensive. 100 users can be easily managed by a single processor with 2gb of RAM. Where the performance gains come is storage configuration.

    For smaller installations such as these, I use something like a HP ML370 G4 (or its rack equivalent). This can take six drives without breaking the bank. A decent spec RAID card, 256mb will be fine. Six drives, 2x 36gb for the OS and Logs (partitioned), on RAID 0+1 (mirrored). Three 72gb drives (or bigger if you like) RAID 5 for the database. Singe drive configured as a hot spare for both arrays. The spare needs to be same or higher than the largest single drive in the machine - so if you are using 72gb drives for the database then the spare is also 72gb.

    That combination gives you the best combination of redundancy and performance. If one of the drives fail, in either array, the spare kicks in.

    For size of the database, take the existing store (if any), double it, add 30% and that gives you a rough idea. If you don't have Exchange (it isn't clear from your question), then look at your existing email solution and the typical mailbox size. Multiple that by the number of users to give you a rough store size.

    For archiving, there are two types of product.
    What I call archiving are products like Comm Vault which actually remove the items from the store and leave a place holder for the user.
    What many people are calling archiving are journaling products - which take a copy of every email as it goes through the system and then stores it in a separate database.
    If this is for compliance then you need the second solution.
    Both solutions would need to be installed on separate servers.

    LVL 1

    Author Comment

    Thanks for all the comments.  Simon we are currently using Exchange.  However, it is not currently on its own box but with our DC.  For security, compliance, and just plain better operation, I would like to get it on a serperate box.  If I do upgrade this I would like to have mail accessible from outside of my WAN, as well as offering as much functionality as I can (makes it easier to explain the price tag to the CFO).  Unfortunately I am not an Exchange guru, I am currently trying to get through "Learning Exchange Server 2003" by Boswell.  It's not exactly a page turner, any other literature that would recommended?  
    LVL 104

    Expert Comment

    Not a great lover of Boswell's material. I have tended to pick up on the fly what I needed to know.
    The usual recommendations I make is to have at least one of Microsoft's books, then look for another one whose style you get on with. Some of the Exchange books I just couldn't read - the style put me off.
    I then usually suggest a copy of the Exchange Server cookbook from OReily. It tells you what you need to do without all the fluff.

    Separate box is perfect - Exchange works best on a separate machine. The migration is quite simpler from most versions of Exchange to Exchange 2003. Subject comes up very frequently on the Exchange Topic Area.
    A single box will give you everything that Exchange 2003 offers - OWA, Outlook Mobile Access, Exchange Active Sync, RPC over HTTPS etc
    If you are currently on Exchange 2000, I find that showing off OWA on Exchange 2003 usually wins over any management concerns.

    LVL 1

    Author Comment

    Sorry guys I got sent away for a bit.  I've decided to go with this work up for the equipment, let me know what you think:
    Intel Pentium 4 xeon 3.0GHZ 2MB cache
    Asus P5WD2 Intel Socket 775 Motherboard w/ Int Giga-Bit Lan
    2GB DDR2 533MHz Dual Channel Kit (2-1GB Modules)
    120GB SATA2 7200RPM Hard Drive (set up as RAID 5 w/ 3 Drives)
    1.44MB Floppy Drive
    16X DVDRW Dual Layer Black
    4U RM Case
    AGI 400 Watt power supply w/ 120mm Fan
    Win 2003 server standard 5 CALs

    LVL 104

    Accepted Solution

    100 users - you haven't allowed enough storage.
    I wouldn't do Exchange with SATA to start with. SCSI only.
    You also need to split the databases and the store. Ideally store, logs and OS should be separated.

    As such, as a minimum you should have two RAID arrays, a mirror array for the OS (and logs if you aren't going to separate them) and then a RAID 5 for the database.

    The spec of the server that you have supplied will wheeze with 100 users and you will get very poor performance.

    Read what I wrote above - Exchange is STORAGE heavy. Use the fastest hard disks you can and split the logs and the store. They are both write intensive and as such will thrash the drives.


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
    Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now