Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Multi Site, Multiple Virtualised Domain Controllers & Exchange 2010 DAGs....Advice please

Posted on 2010-08-17
Medium Priority
Last Modified: 2012-05-10
My company wants resiliency (High Availability) built into our multi-site network.  4 new servers have been purchased and the idea is to build a brand new network and domain to replace the existing.

Over the past week I have been looking into different methods to achieve this High Availability network and have come up with the proposed solution (see attached PDF).

I am very new to this so I would really like someone to have a look over it and offer some advice please.

I'm open to any advice or recommendations.

NOTE:  There are approx 20 users per site.

Cheers, Andy
Question by:andrewprouse
  • 6
  • 4

Expert Comment

ID: 33453151
Hi Andy,I've looked into you PDF-File.The whole setup looks quite well.Only one thing I'd suggest you think about is that you have the DHCP-Server on two Nodes each Site, if you configure this scenario like this you need to make sure that DHCP is configured properly for HA.While it seem you're running the DHCP as a cluster node there is no real need to run DHCP addionaly two times each site.Regarding the iSCSI storage I belive the clustered server will resider there or?Lokking for the Exchange-Server design you made you try to run the DAG (MBX) and HT/CAS on the same node what is not supported except you run do a loadbalancing for the HT/CAS roles with hardware loadbalancer or any loadbalancing software running outside the server.See: http://msexchangeteam.com/archive/2010/07/22/455603.aspxRegards,Stefan

Author Comment

ID: 33453227
Hi SGrossmann, thank you for the reply.

Ah, DHCP, good point.  I was going to have DHCP server 1 issuing the lower half of the range and DHCP server 2 issuing the higher part of the range (per site) but you're quite right...no need.

"Regarding the iSCSI storage I belive the clustered server will resider there or?"

Umm, not sure what you mean here.  The physical servers will be running Hyper-V, and will use the iSCSI storage for Quorum / Witness and Data.  If you're asking about the location of the VHD's then I'm not sure.  What's best?

Exchange: I wasn't aware of the load-balancing or patching issues.  What would you suggest is the best way to implement Exchange within our company?

Author Comment

ID: 33455522
I've spent the whole day looking into this and to be honest I'm more confused than when I started.

It would seem that DAG members can host all roles appart from the EDGE SERVER ROLE.  What is the Edge Server Role?  And where do I host that in my network?

The idea of creating CAS Arrays is all very well and good, but can I create a CAS Array (utilising Network Load Balancing) between Virtual Machines on seperate physical servers??  If I can, then I'm thinking of getting rid of the Hyper-V failover cluster and implementing the solution in the attached schematic.

If the above can be achieved then one other part that needs clarification is the location of the DAG witness server.  I am wanting to locate the DAG 1 witness server in site 2 (and visa-versa).  This will hopefully mean that if the WAN link goes down that both sites will maintain exchange connectvity, and also if either server 1 or 3 go down, both sites will maintain exchange connectivity.

I'm hopefully getting somewhere near because I really need to get cracking with implementing this network!

Thanks in anticipation.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Expert Comment

ID: 33455678
Hi Andy,the new draft is perfect regarding the exchange configuration. the only point is you need 4 exchange server licenses.Looking for your Cluster Wittness I would not recomment to put them to the other site.If you have a systemfailture and the lan link is slow the exchange will go offline.If you're running Enterprise Edition for Hyper-V I'd recomment this part from you prior draft and put the witnessserver onsite with HA.To use HA within Hyper-V you need to put the vhd to the iSCSI device.You need to think if you want to put a small server within the hyper-v for the wittness.I don't know if I/O is enough to run the DC and all of it's services there as a cluster service.Regards,Stefan

Author Comment

ID: 33455785
Are you saying that I should create a 2 node Hyper-V failover cluster (per site) and create a VM to solely act as a local DAG witness (per site)??

I was thinking about this, but i thought i'd read somewhere that NLB isn't supported within a clustered environment.

If I did create a 2 node Hyper-V failover cluster (per site), would I have to set the VM's running exchange roles as NON CLUSTERED RESOURCES so that they don't failover??

Expert Comment

ID: 33455887
You're right, NLB is not supported if the virtual machines holding the Windows NLB are clustered virtual machines.The problem without the HA Wittness-Server is, that exchange would go offline if the Hyper-V server holding both, one exchange and the wittness would stop the DAG completly.Maybe the best option would be to use a small iSCSI disk as quorum and don't use a fileshare wittness, therefore you iSCSI device needs to support SCSI3 reservations.

Author Comment

ID: 33463363

So if I understand this correctly; if the VMs are not 'clustere resources' then I can run NLB between VM's on seperate physical Hyper-V hosts??  But if they ARE 'cluster resources' then I cannot run NLB.

So if the above is correct, I could create a 2 node Hyper-V failover cluster (per site), set the VM's running exchange as NON CLUSTERED RESOURCES and implement DAG1 and CAS ARRAY1, then I could use DC1 as the DAG1 Witness Server and make it a failover cluster resource so that it would always be available.

In the hope that the above is correct, I have created draft 5 to illustrate the above scenario (see attached).

Just a few additionl points to be clarified:

1) Can I have multiple CAS arrays per domain? (seperate CAS Array per site)
2) What about the Exchange Edge Transport Role?
3) Verification required that clustered and non-clustered VM's can run 'side by side'.
4) Verification required that non-clustered VM's can run NLB.

Many many thanks, Andy.

Author Comment

ID: 33463935
Exchange Edge Transport Role:

Do I need to have an Exchange Edge Server?  Can I not just point the firewall at the CAS / HUB NLB IP address?  

If I do need an Edge server, can it be combined with the CAS & HUB roles onto the same VM?

Accepted Solution

SGrossmann earned 2000 total points
ID: 33465826
Ok now one point after the other :)NLB and Hyper-V:Yes you can run a NLB between multiple Hyper-V servers, you need to make sure the configuration is correct.Microsoft had a bug in 2008 Hyper-V with NLB and provided a step-by-step guide for NLB within Hyper-V (only look for the post-installation tasks in the article)http://support.microsoft.com/kb/953828Multiple CAS Arrays:Yes you can run multiple CAS-Arrays, you need to configure the Database for their CAS-Array, here a guide how to do this.http://blogs.technet.com/b/ucedsg/archive/2009/12/06/how-to-setup-an-exchange-2010-cas-array-to-load-balance-mapi.aspxHyper-V Clustered and Non-Clustered Machines:Yes you can run thos machines side by side, you need to add an virtual machine as a cluster resource to make it HA.to make this possible you need to have the machine running on a shares volume. Here a nice guide:http://blog.frankovic.net/2010/04/creating-hyper-v-failover-cluster-part-1/EDGE Transport:You don't need an edge transport server at all, only if you want to use the features e.g. putting it to the DMZ ...You can not run the EDGE Transport server on the same system as any other exchange role.Publish the Exchange:Easiest is to publish one of the exchange servers or both and put an anti-spam solution between the exchange and the internet or on the exchange servers.To send emails from the exchange servers you need to setup a send connector best would be on one of the two sides depending on the MX-Records for the Mailaddresses.Routing between the different exchange servers is done automaticly.I hope I did not miss any of you questions.

Author Closing Comment

ID: 33482945
Sorry for the delay in getting back to you.

That's absolutely fantastic, thank you very much for all of the info and advice!

Well now that draft 5 has been approved, I'm off to get some prices on software.  Watch this space.

Thanks again!!


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month10 days, 14 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question