[Last Call] Learn how to a build a cloud-first strategyRegister Now


Advice on new exchange server.

Posted on 2006-04-10
Medium Priority
Last Modified: 2010-03-18
I am looking at getting a new exchange server.  I have exhange 2003, around 100 users (needs to be able to scale to more easily and cheap), somewhat intensive use, external web filtering software.  Would like to do some sort of archiving, but not completely needed.  Does anyone have any ideas? How does everyone normally set their boxes up (in DMZ or not).
Question by:fnbgppl
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16419859
I always put my exchange servers on my internal LAN, never in the DMZ.
I DO like to put an SMTP relay in the DMZ so that no outside body can talk to my Exchange servers directly.  ie The internet talks to my relay box and this, in turn, talks to the Exchange box.

We use Sophos's Puremessage on the Exchange server which protects the stores from viruses plus gives the added protection for web-based viruses if you use OWA.

We use Proofpoint & Mailsweeper as out incoming content and spam filters.

Archiving, we use Outlooks own capabilities set for 6 months.
LVL 14

Expert Comment

ID: 16422504

In the DMZ, I usually have a SMTP relay, a Outlook Web Access site (shared with the SMTP box), and if needed an RPC over HTTP server for the advanced Outlook users coming in from the internet.  But for better security, it is best to have a OWA and SMTP box available only.  If security is a concern, a ISA server can be put in the DMZ with a redirect to the internal Exchange server with SMTP, OWA, and Exchange set on it.

For archiving, backup exec with the exchange module will work.  A Tape drive or silo attached with also work.  With 100 users, setting this to run after midnight is usually more than enough to keep things running.

For scaliability, it is easiest to attach an external array.  Performance can be achieve with a SAN attached fiber connections (IBM sells them for about $5K) or a cheaper SCSI attached storage system with large drives attached.  Dell and HP sell some pretty reasonably priced arrays.  A typical exchange server can support at least 2000 users without any changes to the server with most dual 3.0 Ghz boxes.  The biggest issue is usually the drive space.

LVL 104

Expert Comment

ID: 16439851
I never put a domain member in to the DMZ. Whether that is an Exchange server or something else. The number of holes required for it to work properly makes the DMZ practically pointless.

Put everything inside and just open the ports required to the Internet - 25 (SMTP) and 443 (HTTPS for OWA).

If there is a security concern then put an ISA server in the DMZ and publish OWA. Remember that the ISA server is a member of a workgroup, not the domain.

As for the spec of the server, you haven't outlined how much data there is. Exchange isn't performance intensive, but storage intensive. 100 users can be easily managed by a single processor with 2gb of RAM. Where the performance gains come is storage configuration.

For smaller installations such as these, I use something like a HP ML370 G4 (or its rack equivalent). This can take six drives without breaking the bank. A decent spec RAID card, 256mb will be fine. Six drives, 2x 36gb for the OS and Logs (partitioned), on RAID 0+1 (mirrored). Three 72gb drives (or bigger if you like) RAID 5 for the database. Singe drive configured as a hot spare for both arrays. The spare needs to be same or higher than the largest single drive in the machine - so if you are using 72gb drives for the database then the spare is also 72gb.

That combination gives you the best combination of redundancy and performance. If one of the drives fail, in either array, the spare kicks in.

For size of the database, take the existing store (if any), double it, add 30% and that gives you a rough idea. If you don't have Exchange (it isn't clear from your question), then look at your existing email solution and the typical mailbox size. Multiple that by the number of users to give you a rough store size.

For archiving, there are two types of product.
What I call archiving are products like Comm Vault which actually remove the items from the store and leave a place holder for the user.
What many people are calling archiving are journaling products - which take a copy of every email as it goes through the system and then stores it in a separate database.
If this is for compliance then you need the second solution.
Both solutions would need to be installed on separate servers.

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 16614524
Thanks for all the comments.  Simon we are currently using Exchange.  However, it is not currently on its own box but with our DC.  For security, compliance, and just plain better operation, I would like to get it on a serperate box.  If I do upgrade this I would like to have mail accessible from outside of my WAN, as well as offering as much functionality as I can (makes it easier to explain the price tag to the CFO).  Unfortunately I am not an Exchange guru, I am currently trying to get through "Learning Exchange Server 2003" by Boswell.  It's not exactly a page turner, any other literature that would recommended?  
LVL 104

Expert Comment

ID: 16614692
Not a great lover of Boswell's material. I have tended to pick up on the fly what I needed to know.
The usual recommendations I make is to have at least one of Microsoft's books, then look for another one whose style you get on with. Some of the Exchange books I just couldn't read - the style put me off.
I then usually suggest a copy of the Exchange Server cookbook from OReily. It tells you what you need to do without all the fluff.

Separate box is perfect - Exchange works best on a separate machine. The migration is quite simpler from most versions of Exchange to Exchange 2003. Subject comes up very frequently on the Exchange Topic Area.
A single box will give you everything that Exchange 2003 offers - OWA, Outlook Mobile Access, Exchange Active Sync, RPC over HTTPS etc
If you are currently on Exchange 2000, I find that showing off OWA on Exchange 2003 usually wins over any management concerns.


Author Comment

ID: 16923310
Sorry guys I got sent away for a bit.  I've decided to go with this work up for the equipment, let me know what you think:
Intel Pentium 4 xeon 3.0GHZ 2MB cache
Asus P5WD2 Intel Socket 775 Motherboard w/ Int Giga-Bit Lan
2GB DDR2 533MHz Dual Channel Kit (2-1GB Modules)
120GB SATA2 7200RPM Hard Drive (set up as RAID 5 w/ 3 Drives)
1.44MB Floppy Drive
16X DVDRW Dual Layer Black
4U RM Case
AGI 400 Watt power supply w/ 120mm Fan
Win 2003 server standard 5 CALs

LVL 104

Accepted Solution

Sembee earned 2000 total points
ID: 16923403
100 users - you haven't allowed enough storage.
I wouldn't do Exchange with SATA to start with. SCSI only.
You also need to split the databases and the store. Ideally store, logs and OS should be separated.

As such, as a minimum you should have two RAID arrays, a mirror array for the OS (and logs if you aren't going to separate them) and then a RAID 5 for the database.

The spec of the server that you have supplied will wheeze with 100 users and you will get very poor performance.

Read what I wrote above - Exchange is STORAGE heavy. Use the fastest hard disks you can and split the logs and the store. They are both write intensive and as such will thrash the drives.


Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question