Solved

Recommended Exchange 2007 roles for two server environment

Posted on 2009-05-08
4
278 Views
Last Modified: 2012-05-06
In an Exchange 2007 environment that will have only two physical servers, what is the recommended role placement?  (The only roles to be implemented are the minimum:  mailbox, HT, and CAS).

One server will have the mailbox role.
One server will have the CAS role.

Which server should have the hub transport?  Given that there is no clustering or redundancy, is there an advantage to combining the hub transport with one role over the other?


0
Comment
Question by:zmagick
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
tligda earned 500 total points
ID: 24338536
In my experience, this situation calls for the Mailbox role to be on a server and the Hub and CAS roles on the other server. It's basically separating message storage from message transport and it makes for a very efficient architecture.

One of the most important things is to separate log file storage for the mailbox server from that for the Hub and CAS servers. This makes a huge improvement in efficiency.

Also, if your hub and CAS servers start to get overloaded, you can add more servers and load balance between them.
0
 

Expert Comment

by:ms4life
ID: 24340479
Consider having Server1 handle all of the roles that will be used (Mailbox, HT, CAS).  Then use Server2 as an ISA/Forefront server in the DMZ.  That will offer additional security as the official MS recommendation is that Exchange servers should NOT be located in the DMZ.  And I try to avoid opening ports directly to servers on the LAN from the Internet.  

You should consider sizing the environment based on user count, number of message sent/received daily, projected database size, quota size, etc.  Because chances are you only need a single server for a small Exchange environment.  ISA/Forefront will allow you to secure all of the CAS services in addition to allowing you to publish other applications, web servers, etc.
0
 

Author Comment

by:zmagick
ID: 24340919
I didn't mention in the original post, but there is already a firewall and anti-malware appliance in place.  None of the Exchange roles would be in the DMZ, though the CAS would be reachable from the internet via a static NAT on the firewall.
0
 

Expert Comment

by:ms4life
ID: 24340994
The firewall and anti-malware is good but doesn't take the place of ISA/Forefront.  The static NAT to the Exchange CAS server is against Best Practices, even more so with Exchange 2007.  That setup would be flagged in a security audit, compliance audit, or through Microsoft's assessment services.  I try to avoid that situation because if/when you call MS Support for an emergency, you're better off with a standard, Best Practices implementation that everybody is familiar with.  Just my opinion.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now