Exchange 2010 Deployment - High Availability

I partly want to check my logic, partly want to fill in the holes in it:

We want to migrate from our current Exchange 2003 environment to Exchange 2010 -- eventually, I think we want this:

2 sites -- "geo-clustered" basically.

1st Site (Primary) - 4 Servers Total
Mailbox server
Hub Transport / Client Access Server
In DMZ -- Edge Server, Forefront Threat Management Gateway Server (for ActiveSync & OWA protection)


2nd Site (Failover) - 4 Servers Total
Mailbox Server
Hub Transport / Client Access Server
In DMZ - Edge Server, Forefront TMG Server

Q1: I want to form a CAS Array with the two sites' CAS servers -- can Windows NLB handle this if the servers are at two different locations?

Q2:  Can CAS Array members also host the Hub Transport role in Exchange at each site?

Q3: I want a DAG as well.  From what I've been reading, an even-numbered DAG needs a quorum Windows server.  Where should this sit, at the primary site, or the secondary "failover" site?

Q4:  Sometimes, the two sites lose internet connectivity between each other.  In cases like this, I don't want anything to fail over.  I don't know enough about NLB and Windows Clustering to figure out if you can make it only MANUALLY fail over when I want it to, so it doesn't decide to fail over just b/c it can't talk to the primary site anymore.
LVL 1
NAMEWITHELD12Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Glen KnightCommented:
A1 > Yes there is no reason why they cannot be at different locations
A2 > You can have the transport role on the same server as a CAS array member.
A3 > it doesn't matter where it sites, it can be any server with a share, it would probably make sense for this to be at your remote site though.  Have a look at my High Availability Article here:
http://www.experts-exchange.com/articles/Software/Server_Software/Email_Servers/Exchange/High-Availability-Exchange-2010.html if you find the article useful please vote for it :)
A4 > You can set a delay on the DAG so that it doesn't fail over immediately
AkhaterCommented:
1. CAS arrays are per site, you cannot spam a cas array across sites

2. cas servers can be hub server

3. if you have a even number of servers your share witness should be in your primary location not in your DR site

4. You can use the Suspend-MailboxDatabaseCopy with the -ActivationOnly parameter to disable automatic fail over http://technet.microsoft.com/en-us/library/dd351074.aspx

Glen KnightCommented:
>>CAS arrays are per site, you cannot spam a cas array across sites
Are you sure about this? That's not what I have been told :)
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

NAMEWITHELD12Author Commented:
I'd be curious to see if CAS Arrays cannot span across sites or if they can talk over the WAN.  If I need to buy another 1U box to sit in our primary site and act as the other CAS array member, the CAS in the failover site would be independent of it, so how would I configure it to only start being used if the primary site failed?  
Glen KnightCommented:
See the comments at the end of this article: http://blogs.technet.com/ucedsg/archive/2009/12/06/how-to-setup-an-exchange-2010-cas-array-to-load-balance-mapi.aspx
It seems to suggest (whilst not recommended) that if the Active Directory Site spans multiple locations (which being as it's a failover site, wouldn't cause masive issues) then the CAS Array WOULD function across multiple locations.
AkhaterCommented:
when you create a CASArray you have to specify to which AD site it is part of so CAS arrays can only be in one site.

if what you want is for one CAS server in site 2 to take over the other in case a CAS server is down you can do it but not through CASArrays.

You will need to set use set-clientaccessserver CASName -AutodiscoverSiteScope site1,site2

NAMEWITHELD12Author Commented:
That sounds interesting akhater -- can you send me a link that details that command?  If the DAG fails over to the secondary site, it was my understanding that the only way to access those mailboxes would be through a CAS in the same AD site, which would be the failover location.  Would this command be run in the event of a failover only, or in advance/preparation of it?  I guess if you could lay out the failover scenario steps, that would help tremendously in where I'm missing the boat...
AkhaterCommented:
DAG failing over to the other site is not related to the CAS.

i.e. if a mailbox fails over to the other site user will still be connecting to its local cas server.
AkhaterCommented:
OK I think I was not clear enough

each CAS server has an autodiscover scope in which it acts, by default it is in its own site only. However the AutodiscoverSiteScope is a multivalued attribute so you can set a CAS server range of operation  to multiple sites.

a CAS array is a group of CAS servers in the same AD site NLBed together sharing the same name.

Glen KnightCommented:
If the same AD site shares miltiple locations then you CAN have a CAS Array across multiple locations.
AkhaterCommented:
The basic idea of and AD site is to represent a geographical location. so spanning on AD site across many locations is just tricking the system this is not what it was designed for
Glen KnightCommented:
Yes your right the "general" design is this way.
However, you may want to have a DR location as part of the same AD site for disaster recovery reasons.

It's not tricking the system, every scenario is different and should be evaluated as such.
NAMEWITHELD12Author Commented:
Ok, sorry to drag this out...

Failover Scenario 1:
DAG member in primary site fails --> Secondary site DAG member takes over, Primary site CAS is able to "see" the DAG member mailbox store so all is well with the clients.

Failover Scenario 2:
CAS in primary site fails and no array members take over b/c the other CAS is in Atlanta, so no array.  the primary DAG member is still active....how does the secondary CAS know to take over to allow visibility for the clients?

I think I have my dunce cap on today lol  
AkhaterCommented:
Failover Scenario 1:
DAG member in primary site fails --> Secondary site DAG member takes over, Primary site CAS is able to "see" the DAG member mailbox store so all is well with the clients.

clients will still be connected to their CAS server in site 1 to connect to their mailboxes up on a mailbox server in site 2


Failover Scenario 2:
CAS in primary site fails and no array members take over b/c the other CAS is in Atlanta, so no array.  the primary DAG member is still active....how does the secondary CAS know to take over to allow visibility for the clients?

for this scenario you will need to do 2 things

1. Before hand you should set each CAS server in each site to be able to server both sites using
set-clientaccessserver CAS1 -AutodiscoverSiteScope site1,site2
set-clientaccessserver CAS2 -AutodiscoverSiteScope site1,site2

2. after the failure happens you should set the DB config to use the cas array of site 2
set-mailboxdatabase MBName -RpcClientAccessServer CAS2

note it will take time for the replication to happen and for the clients to start to pickup the new cas server for autodiscover



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NAMEWITHELD12Author Commented:
Thanks!!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.