Advice on new exchange server.

I am looking at getting a new exchange server.  I have exhange 2003, around 100 users (needs to be able to scale to more easily and cheap), somewhat intensive use, external web filtering software.  Would like to do some sort of archiving, but not completely needed.  Does anyone have any ideas? How does everyone normally set their boxes up (in DMZ or not).
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
I always put my exchange servers on my internal LAN, never in the DMZ.
I DO like to put an SMTP relay in the DMZ so that no outside body can talk to my Exchange servers directly.  ie The internet talks to my relay box and this, in turn, talks to the Exchange box.

We use Sophos's Puremessage on the Exchange server which protects the stores from viruses plus gives the added protection for web-based viruses if you use OWA.

We use Proofpoint & Mailsweeper as out incoming content and spam filters.

Archiving, we use Outlooks own capabilities set for 6 months.

In the DMZ, I usually have a SMTP relay, a Outlook Web Access site (shared with the SMTP box), and if needed an RPC over HTTP server for the advanced Outlook users coming in from the internet.  But for better security, it is best to have a OWA and SMTP box available only.  If security is a concern, a ISA server can be put in the DMZ with a redirect to the internal Exchange server with SMTP, OWA, and Exchange set on it.

For archiving, backup exec with the exchange module will work.  A Tape drive or silo attached with also work.  With 100 users, setting this to run after midnight is usually more than enough to keep things running.

For scaliability, it is easiest to attach an external array.  Performance can be achieve with a SAN attached fiber connections (IBM sells them for about $5K) or a cheaper SCSI attached storage system with large drives attached.  Dell and HP sell some pretty reasonably priced arrays.  A typical exchange server can support at least 2000 users without any changes to the server with most dual 3.0 Ghz boxes.  The biggest issue is usually the drive space.

I never put a domain member in to the DMZ. Whether that is an Exchange server or something else. The number of holes required for it to work properly makes the DMZ practically pointless.

Put everything inside and just open the ports required to the Internet - 25 (SMTP) and 443 (HTTPS for OWA).

If there is a security concern then put an ISA server in the DMZ and publish OWA. Remember that the ISA server is a member of a workgroup, not the domain.

As for the spec of the server, you haven't outlined how much data there is. Exchange isn't performance intensive, but storage intensive. 100 users can be easily managed by a single processor with 2gb of RAM. Where the performance gains come is storage configuration.

For smaller installations such as these, I use something like a HP ML370 G4 (or its rack equivalent). This can take six drives without breaking the bank. A decent spec RAID card, 256mb will be fine. Six drives, 2x 36gb for the OS and Logs (partitioned), on RAID 0+1 (mirrored). Three 72gb drives (or bigger if you like) RAID 5 for the database. Singe drive configured as a hot spare for both arrays. The spare needs to be same or higher than the largest single drive in the machine - so if you are using 72gb drives for the database then the spare is also 72gb.

That combination gives you the best combination of redundancy and performance. If one of the drives fail, in either array, the spare kicks in.

For size of the database, take the existing store (if any), double it, add 30% and that gives you a rough idea. If you don't have Exchange (it isn't clear from your question), then look at your existing email solution and the typical mailbox size. Multiple that by the number of users to give you a rough store size.

For archiving, there are two types of product.
What I call archiving are products like Comm Vault which actually remove the items from the store and leave a place holder for the user.
What many people are calling archiving are journaling products - which take a copy of every email as it goes through the system and then stores it in a separate database.
If this is for compliance then you need the second solution.
Both solutions would need to be installed on separate servers.

OWASP: Forgery and Phishing

Learn the techniques to avoid forgery and phishing attacks and the types of attacks an application or network may face.

fnbgpplAuthor Commented:
Thanks for all the comments.  Simon we are currently using Exchange.  However, it is not currently on its own box but with our DC.  For security, compliance, and just plain better operation, I would like to get it on a serperate box.  If I do upgrade this I would like to have mail accessible from outside of my WAN, as well as offering as much functionality as I can (makes it easier to explain the price tag to the CFO).  Unfortunately I am not an Exchange guru, I am currently trying to get through "Learning Exchange Server 2003" by Boswell.  It's not exactly a page turner, any other literature that would recommended?  
Not a great lover of Boswell's material. I have tended to pick up on the fly what I needed to know.
The usual recommendations I make is to have at least one of Microsoft's books, then look for another one whose style you get on with. Some of the Exchange books I just couldn't read - the style put me off.
I then usually suggest a copy of the Exchange Server cookbook from OReily. It tells you what you need to do without all the fluff.

Separate box is perfect - Exchange works best on a separate machine. The migration is quite simpler from most versions of Exchange to Exchange 2003. Subject comes up very frequently on the Exchange Topic Area.
A single box will give you everything that Exchange 2003 offers - OWA, Outlook Mobile Access, Exchange Active Sync, RPC over HTTPS etc
If you are currently on Exchange 2000, I find that showing off OWA on Exchange 2003 usually wins over any management concerns.

fnbgpplAuthor Commented:
Sorry guys I got sent away for a bit.  I've decided to go with this work up for the equipment, let me know what you think:
Intel Pentium 4 xeon 3.0GHZ 2MB cache
Asus P5WD2 Intel Socket 775 Motherboard w/ Int Giga-Bit Lan
2GB DDR2 533MHz Dual Channel Kit (2-1GB Modules)
120GB SATA2 7200RPM Hard Drive (set up as RAID 5 w/ 3 Drives)
1.44MB Floppy Drive
16X DVDRW Dual Layer Black
4U RM Case
AGI 400 Watt power supply w/ 120mm Fan
Win 2003 server standard 5 CALs

100 users - you haven't allowed enough storage.
I wouldn't do Exchange with SATA to start with. SCSI only.
You also need to split the databases and the store. Ideally store, logs and OS should be separated.

As such, as a minimum you should have two RAID arrays, a mirror array for the OS (and logs if you aren't going to separate them) and then a RAID 5 for the database.

The spec of the server that you have supplied will wheeze with 100 users and you will get very poor performance.

Read what I wrote above - Exchange is STORAGE heavy. Use the fastest hard disks you can and split the logs and the store. They are both write intensive and as such will thrash the drives.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.