Solved

Trying to remove single point of failure in our exchange topology

Posted on 2008-10-13
7
283 Views
Last Modified: 2013-11-30
We currently have 3 Exchange servers on an MPLS network.

All email comes into the NY server, and is routed through a Smart Host on the DC server (required for TLS encryption mandated by a couple of our clients).  Each physical server has it's own routing group and routing group connector.

So, if I mail comes in for a user with a mailbox stored on NY server, the MX record points to NY server, the NY server then sends the mail to a smart host on the DC server, after which, the mail is sent back to the NY server for delivery to the users mail box.  This works fine, and is only necessary due to some clients requiring TLS encryption for both sending and receiving mails.

The problem arises that our DC office will be having a scheduled power outtage over the weekend.  Therefore, even if a mail was destined for delivery in NY, it will not be sent to the NY mailbox, but will instead be queued until the DC server comes back up.

Can someone recommend a full mesh scenario where such service interruptions like the DC server going down, would still facilitate mail delivery to other offices?
0
Comment
Question by:zejoka
  • 4
  • 3
7 Comments
 
LVL 32

Expert Comment

by:gupnit
ID: 22705681
HI,
First things first..mails do not goto DC. DC is just used for AD Lookups .
Now coming back to your scenario.....
  • NY Exchange Server  Redundancy:
    • This is the first palce of failure as it receives all mails
    • Well in your case if this Exchange server goes down then there will be no incoming mails at all.
    • To overcome this if you have Budget then, point your MX Secondary to any of the Exchange Server in other Location (needless to say you will require Internet Connection there)
    • Now if NY Exchange server fails, incoming to other locations would also work.
  • DC Redundancy: Well where ever we have Exchange servers for DC Redundancy it is always recommended to have 2 Domain Controllers in that location. As Exchange will not work at all without a DC.
I am not sure whether I covered the very basic part, well there can be many scenarios that can be designed for your network, but for that you will have to give a lot of information.
If you can give me this info:
  • Number of Servers per Location (including DC/Exchange)
  • Number of Internet Connections (does every site has one or only NY)
Cheers
Nitin
0
 
LVL 1

Author Comment

by:zejoka
ID: 22706319
I should have clarified DC = Washington DC.

And actually, some further pertinent information.

Email goes through Postini (Spam & AV)
Postini then forwards to NYC Server
All mail has to go through NYC server first as we have a server called NYRelay (this is because certain mails have to be BCCd to a distribution list automatically for reasons I won't go in to)
So, once in NY all mail is forwarded to a smart host on the DC server (washington DC, not domain controller), and then it will be distributed to either, NY, DC or Miami mailbox servers.
I think the reason why the smart host is located on the Washington DC server is because of the 100Mbit pipe to the internet.
To answer your question, all offices have their own internet connection, as well as being on the MPLS.
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22710160
I see I see ;-) !!! It happens !!! Ok getting back to the question....
You need to clarify a few questions...
  • Is this the flow.....If I understood corectly......
    • Postini receives Internet Mails and forwards to New York Relay Server (for confidential compliance reasons) --> From the Relay Server to NY Exchange Server --> From NY Exchange Server to SMart Host @ DC --> From SH @ DC to other Exchange servers..........!!!
  • Now let me talk about some points here, that I understood....
    • NY Server has to receive all mails and you do not want to change that (due to compliance)....right?
    • DC Server is very very important as it is required as a client requirement for Encryption.
For me these 2 are going to be bottlenecks, if any one of them goes down then it would be an issue. I would recommend (assuming WAN link 100% availability)  the best solution would be to go for High Availability Solution for both of your servers (clustering or sth)
  • DC Server used for Encryption
  • NY Relay Server [This is until and unless your organization agrees to have a secondary MX pointing to another location like DC and having another Relay Server (for compliance).]
Hope this helps, let me know if you think I misunderstood sth or you need clarifications.
0
The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

 
LVL 1

Author Comment

by:zejoka
ID: 22713055
Your interpretation of Mailflow is correct.

a) NY Server has to receive all mails and you do not want to change that (due to compliance)....right?

Yes and no, we need to retain this feature somehow.  Currently a 3rd party software called eXclaimer sits on a server called NYRelay (NYRelay is NOT an exchange server, just server 2k box with eXclaimer resident) with a rule that all email relating to a certain issue being cc'd to a compliance department.  However, we would like to remove the 3rd party software and deal with this on an exchange level - maybe with the introduction of an Exchange 2007 we can achieve this? The main premise appears to be all incoming / outgonig mail relating to this issue needs to be processed by this relay / or rule before any transport to mailbox / external recipient

b) DC Server used for Encryption

Again, we need a smart host that looks at all incoming / outgoing mail, and anything to domain1.com and domain2.com MUST be sent / received using TLS.  It doesn't have to reside on the DC server, if we can do this more efficiently that would be great.

At the moment, I am thinking of introducing a Front End server for iPhone connections, OWA, Activesyn, which will have SSL and communicate to all the back end servers via HTTP.  Now if possible, I'd like to handle the above using this solution too, I'm just not sure how feasible this would be.
 
0
 
LVL 32

Expert Comment

by:gupnit
ID: 22713809
Hi,
Since you are already thinking of Exchange 2007, yes Transport Rules will take carfe of option a) and I would recommend rather than investing money in 2k3 now, it would be better to wait and deploy Exch 2k7. Else it will be an investment in terms of redundancy unncessarily
Let me know in case you need clarification.
Thanks
Nitin
0
 
LVL 1

Author Comment

by:zejoka
ID: 22713969
could you give me a little more information on the "Transport rules".  Like how this situation could be configured.  I've read a little about Exch 2007 and have it running on a virtual server for testing, and would love to try and implement a "proof of concept"
0
 
LVL 32

Accepted Solution

by:
gupnit earned 500 total points
ID: 22714033
Hi,
Transport rules are pretty much going to help you create Rules/Conditions/Filters for Compliance as the word goes.
Here are few links to guide you, as for Proof of Concept, I will have to sit in front of Server and guide you step by step:
Also try these Virtual Labs (free) to guide you on usage, they will guide you step by step:
Hope this helps
Thanks
Nitin
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Viewers will learn how to use the Hootsuite Dashboard.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now