asked on
2007 Hub Transport Design Question
Hello:
I need some help understanding how hub transport is working in my environment and how to get it to work better.
First, an explanation of our environment.
We have about 110 branch offices, all connected to an MPLS network - meaning that all can see each other. We have two production datacenters connected to the MPLS network with a 45Mb pipe. Each datacenter has an Exchange 2007 server with both Mailbox and Hub Transport roles.
Two of the branch offices are large and have their own Exchange server with mailbox and transport roles installed. These are connected to the MPLS network with @10Mb pipes. The remaining branch offices connect to the MPLS network with T-1's.
We did not setup AD sites as we expanded, therefore everyone is in the same site. Let me add that my understanding of sites is very limited.
I have found that our datacenter Exchange servers are heavily taxed. We use Citrix in about half of our branch offices, so users will often get messages in Outlook reporting that it is waiting for the Exchange server. I believe that if we separate the transport role to its own server, that we will reduce the load on the mailbox servers.
I am concerned, however, with unnecessary mail traffic traversing the network. If I have a message in Site A destined for a mailbox in Site B, I don't want to use the transport server in Site C. Especially since the two Exchange servers are connected via heavily taxed 9-12 Mb pipes.
So the thought was to create new Transport servers in the datacenters. This will clearly relieve the load on the mailbox servers. But what happens to mailflow? Would it be better to have the transport role in one datacenter only and mailbox servers elsewhere? How would mail flow in this scenario?
Thanks in advance for your help. You guys are great.
Dan
I need some help understanding how hub transport is working in my environment and how to get it to work better.
First, an explanation of our environment.
We have about 110 branch offices, all connected to an MPLS network - meaning that all can see each other. We have two production datacenters connected to the MPLS network with a 45Mb pipe. Each datacenter has an Exchange 2007 server with both Mailbox and Hub Transport roles.
Two of the branch offices are large and have their own Exchange server with mailbox and transport roles installed. These are connected to the MPLS network with @10Mb pipes. The remaining branch offices connect to the MPLS network with T-1's.
We did not setup AD sites as we expanded, therefore everyone is in the same site. Let me add that my understanding of sites is very limited.
I have found that our datacenter Exchange servers are heavily taxed. We use Citrix in about half of our branch offices, so users will often get messages in Outlook reporting that it is waiting for the Exchange server. I believe that if we separate the transport role to its own server, that we will reduce the load on the mailbox servers.
I am concerned, however, with unnecessary mail traffic traversing the network. If I have a message in Site A destined for a mailbox in Site B, I don't want to use the transport server in Site C. Especially since the two Exchange servers are connected via heavily taxed 9-12 Mb pipes.
So the thought was to create new Transport servers in the datacenters. This will clearly relieve the load on the mailbox servers. But what happens to mailflow? Would it be better to have the transport role in one datacenter only and mailbox servers elsewhere? How would mail flow in this scenario?
Thanks in advance for your help. You guys are great.
Dan
ExchangeActive Directory
Last Comment
ddotson
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Mail flow is based on which sites the Database servers are in and which users are assigned to the database server. If you have no sites at all, you will only ever use one Transport server. If you have only one Database server, only only the transport server in the same site and the transport server with the default receive connector assigned to it (if the database is in a different site than the main hub transport server) will ever be used. I haven't had a chance to test a situation with a Mailbox server in a site with no hub transport, but I imagine it would prevent any users with mailboxes on that database from getting any mail. AD Sites and Services controls all mailflow in Exchange 2007 and later, so you'll really want to get a good grip on how to manage that. http://technet.microsoft.com/en-us/library/cc730868.aspx has all the technet info on AD Sites and Services. I highly recommend going through that.
ASKER
OK - this is enlightening. I knew that Sites and Services was important but now it sounds critical.
Any other resources available for trying to wrap my head around Sites?
Any other resources available for trying to wrap my head around Sites?
Sure. AD sites are vital, not only for Exchange, but also for the replication topology, which servers a workstation will go to for authentication, and so on. This is how Active Directory understands the physical structure of your enterprise.
Right now since only a single site is in place non-essential AD replication operations that should be on a 15 minute or more replication cycle are occurring immediately since the domain controllers think they are on the same LAN. The list goes on. All in all, operations that should be and could be kept local are probably going over the WAN.
In depth: http://technet.microsoft.com/en-us/library/bb727051.aspx
also, http://en.wikipedia.org/wiki/Active_Directory#Sites
Right now since only a single site is in place non-essential AD replication operations that should be on a 15 minute or more replication cycle are occurring immediately since the domain controllers think they are on the same LAN. The list goes on. All in all, operations that should be and could be kept local are probably going over the WAN.
In depth: http://technet.microsoft.com/en-us/library/bb727051.aspx
also, http://en.wikipedia.org/wiki/Active_Directory#Sites
ASKER
I'm a little gun-shy. We've known that this was an issue for some time. A co-worker tried to do something with Sites a few years back and really messed some stuff up. And he's the cautious type.
Do you think that implementing Sites now will be disruptive?
Do you think that implementing Sites now will be disruptive?
I haven't had this particular problem on your scale to deal with before so I can't say first hand how ugly its going to feel for you. All is not lost though!
Sure, there will be some disruption but it should be temporary. Obviously make your changes on weekends or slow times so the disruption is minimal and changes can replicate. Remember your going to have to wait for everything to start to recognize the changes and settle down. Talking 2 or more hours here, not minutes. Hopefully your not the freakout type and start putting stuff back after 2 hours on the dot since that will actually make things worse then waiting it out! :)
If it was me, I'd start by mapping out on paper the sites I'm going to add and the respective IP ranges, and probably go ahead and create all my sites. Then start moving the subnets to the new sites, one site at a time. The domain controllers that are populated in AD sites and services console, you're going to need to manually move them (right-click) to the new site.
This set of documentation touches on this (creating new sites and moving current resources to it), and the other subguides do as well. Just read it carefully.
http://technet.microsoft.com/en-us/library/cc739015%28WS.10%29.aspx
Sure, there will be some disruption but it should be temporary. Obviously make your changes on weekends or slow times so the disruption is minimal and changes can replicate. Remember your going to have to wait for everything to start to recognize the changes and settle down. Talking 2 or more hours here, not minutes. Hopefully your not the freakout type and start putting stuff back after 2 hours on the dot since that will actually make things worse then waiting it out! :)
If it was me, I'd start by mapping out on paper the sites I'm going to add and the respective IP ranges, and probably go ahead and create all my sites. Then start moving the subnets to the new sites, one site at a time. The domain controllers that are populated in AD sites and services console, you're going to need to manually move them (right-click) to the new site.
This set of documentation touches on this (creating new sites and moving current resources to it), and the other subguides do as well. Just read it carefully.
http://technet.microsoft.com/en-us/library/cc739015%28WS.10%29.aspx
ASKER
Thanks, everyone for your participation.