• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 764
  • Last Modified:

Exchange 2010 CAS in an NLB Firewall Considerations

Hello,
I am in the process of deploying Exchange 2010.  I have read many articles on using NLB for the CAS function.  There have been no clear-cut answers to a few questions I have so hopefully someone here can answer the following:

1) When creating the NLB CAS Array, do you install the NLB service on one of the CAS servers or does it need to be on another server?

2) For OWA, I know I should create the DNS entry similar to owa.mydomain.com to point to the Virtual IP of the NLB cluster but do I only need to open port 443 on the firewall to the Virtual IP or do I need to provide public IPs to each member of the CAS array and open port 443 to each of them?

Any help you guys can provide would be greatly appreciated.  Thanks.
0
henryataa
Asked:
henryataa
  • 3
  • 3
1 Solution
 
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
1)  NLB service needs to be on all the servers you are setting up for load balanacing

2)  Yes you only need a DNS name pointing the the NLB VIP with 443 on the firewall hitting that IP only...you don;t need to add each member of the CAS Array
0
 
henryataaAuthor Commented:
Thanks.  What I should have said in part 1 was, is there a "Master" server and if so, does it have to be installed without any CAS functionality?
0
 
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Just install NLB on the servers and then config and add...
servermanagercmd -i NLB
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 
henryataaAuthor Commented:
Sorry to be dense but I want to do this right.  So I should go to one of my CAS servers, install NLB then create the VIP, then add the other CAS servers.  After that's done, I create the DNS record for the array, go into the Exchange Shell and add the array to AD.  Then go to my firewall and open port 443 to the VIP.  Correct?
0
 
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Yes you can go to each server and run servermanagercmd -i NLB   then you can config....or install the first then install the next server with NLB and add to the NLB cluster       Yes you will be able to set this up in a short time.
0
 
henryataaAuthor Commented:
Thanks again.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now