Exchange 2010 CAS in an NLB Firewall Considerations

Hello,
I am in the process of deploying Exchange 2010.  I have read many articles on using NLB for the CAS function.  There have been no clear-cut answers to a few questions I have so hopefully someone here can answer the following:

1) When creating the NLB CAS Array, do you install the NLB service on one of the CAS servers or does it need to be on another server?

2) For OWA, I know I should create the DNS entry similar to owa.mydomain.com to point to the Virtual IP of the NLB cluster but do I only need to open port 443 on the firewall to the Virtual IP or do I need to provide public IPs to each member of the CAS array and open port 443 to each of them?

Any help you guys can provide would be greatly appreciated.  Thanks.
henryataaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
1)  NLB service needs to be on all the servers you are setting up for load balanacing

2)  Yes you only need a DNS name pointing the the NLB VIP with 443 on the firewall hitting that IP only...you don;t need to add each member of the CAS Array
0
henryataaAuthor Commented:
Thanks.  What I should have said in part 1 was, is there a "Master" server and if so, does it have to be installed without any CAS functionality?
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Just install NLB on the servers and then config and add...
servermanagercmd -i NLB
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

henryataaAuthor Commented:
Sorry to be dense but I want to do this right.  So I should go to one of my CAS servers, install NLB then create the VIP, then add the other CAS servers.  After that's done, I create the DNS record for the array, go into the Exchange Shell and add the array to AD.  Then go to my firewall and open port 443 to the VIP.  Correct?
0
Rick FeeMessaging Engineer - Disaster Recovery EngineerCommented:
Yes you can go to each server and run servermanagercmd -i NLB   then you can config....or install the first then install the next server with NLB and add to the NLB cluster       Yes you will be able to set this up in a short time.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
henryataaAuthor Commented:
Thanks again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.