Solved

Migrating/Rebuilding Exchange 2007 from Win 2K3 to Win2K8 in a new VM

Posted on 2011-09-15
6
206 Views
Last Modified: 2012-06-21
Hi guys,

Our current Exchange server has multiple issues and I've come to the conclusion that rebuilding the Exchange server is probably the most reliable fix.
At the same time, I'll be upgrading the server from 2003 to 2008.

What I'd like to do is properly configure the Exchange Server to have the Web Front end in a DMZ but lock the datastore away from public eyes, at the moment the whole exchange server may be vulnerable as it's all the one server. What is involved here too?

I'd also like to set up multiple datastores, as we currently have it all configured in one which is about 400GB at the moment.
Is it worth maintaining the current Exchange server, but designating it as a backup? Does this mean emails are duplicated and effectively doubling storage requirements (this isn't an option, space at this point in time is limited)

The server is a VM.

Anything else I need to consider? Points will be split over most helpful answers.

0
Comment
Question by:Tim Palmer
  • 4
  • 2
6 Comments
 
LVL 3

Expert Comment

by:Antknee869
ID: 36546893
In terms of installing Exchange, you can just install a server with the mailbox role and another with the CAS & HUB role (or all roles on one server for that matter).
It is not recommended to put the CAS (front end server) DMZ. It needs to be a member of the AD domain.
You could put another server with the Edge role on it in the DMZ but this is usually overkill for a smaller company. If you were going to put something in the DMZ I would suggest a TMG server.
After the servers are set up you essentially move over all the mailboxes and some other features and you can decommission the old Exchange server.
You will lose single instance storage when you move the mailboxes. FYI, Exchange 2010 does away with SIS, so you will need to plan for that anyway.
Honestly before you go to all that trouble, I would get the storage situation corrected.
I just gave you a rough outline. This is a big topic and will require many steps.
0
 
LVL 3

Author Comment

by:Tim Palmer
ID: 36546901
Thanks for the guideline, we'll be sticking with Exchange 2007.

Are there security risks involved with allowing HTTP traffic to our Exchange server?
What is a TMG server anyway, this isn't something I'm familiar with.
0
 
LVL 3

Expert Comment

by:Antknee869
ID: 36546949
Well, your firewall would be set up to allow only HTTPS traffic to your internal Exchange servers. You would need to purchase a certificate from an external vendor - Verisign, Entrust, etc.
TMG is Microsoft's Threat Management Gateway. It is a firewall/proxy server that works very well with Exchange and it's various feature such as ActiveSync and Outlook Anywhere. If you are just using OWA, you can create a rule in your firewall passing HTTPS (443) to you're internal CAS server and you will be good to go.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 3

Author Comment

by:Tim Palmer
ID: 36571206
We've got certificates from Thwate, so thats covered. I'm still tossing up whether rebuilding or repairing is the best way to go.

Basic plan of attack is install E2007 on W2008, migrate a few test users and see how we go.
Create 3 datastores (our main datastore is 190GB and apparently thats well above best practice)
As for the DMZ part of things... we'll see how we go from there.
0
 
LVL 3

Accepted Solution

by:
Tim Palmer earned 0 total points
ID: 37311835
Wow, sorry this one wasn't closed sooner, I've been away.

I decided not to rebuild exchange.
0
 
LVL 3

Author Closing Comment

by:Tim Palmer
ID: 37333712
No longer relevant
0

Featured Post

Do email signature updates give you a headache?

Do you spend too much time managing email signatures? Hate visiting every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Well, let Exclaimer give your company the email signature it deserves!

Join & Write a Comment

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now