[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 220
  • Last Modified:

Migrating/Rebuilding Exchange 2007 from Win 2K3 to Win2K8 in a new VM

Hi guys,

Our current Exchange server has multiple issues and I've come to the conclusion that rebuilding the Exchange server is probably the most reliable fix.
At the same time, I'll be upgrading the server from 2003 to 2008.

What I'd like to do is properly configure the Exchange Server to have the Web Front end in a DMZ but lock the datastore away from public eyes, at the moment the whole exchange server may be vulnerable as it's all the one server. What is involved here too?

I'd also like to set up multiple datastores, as we currently have it all configured in one which is about 400GB at the moment.
Is it worth maintaining the current Exchange server, but designating it as a backup? Does this mean emails are duplicated and effectively doubling storage requirements (this isn't an option, space at this point in time is limited)

The server is a VM.

Anything else I need to consider? Points will be split over most helpful answers.

0
Tim Palmer
Asked:
Tim Palmer
  • 4
  • 2
1 Solution
 
Antknee869Commented:
In terms of installing Exchange, you can just install a server with the mailbox role and another with the CAS & HUB role (or all roles on one server for that matter).
It is not recommended to put the CAS (front end server) DMZ. It needs to be a member of the AD domain.
You could put another server with the Edge role on it in the DMZ but this is usually overkill for a smaller company. If you were going to put something in the DMZ I would suggest a TMG server.
After the servers are set up you essentially move over all the mailboxes and some other features and you can decommission the old Exchange server.
You will lose single instance storage when you move the mailboxes. FYI, Exchange 2010 does away with SIS, so you will need to plan for that anyway.
Honestly before you go to all that trouble, I would get the storage situation corrected.
I just gave you a rough outline. This is a big topic and will require many steps.
0
 
Tim PalmerLevel 3 Escalation TechAuthor Commented:
Thanks for the guideline, we'll be sticking with Exchange 2007.

Are there security risks involved with allowing HTTP traffic to our Exchange server?
What is a TMG server anyway, this isn't something I'm familiar with.
0
 
Antknee869Commented:
Well, your firewall would be set up to allow only HTTPS traffic to your internal Exchange servers. You would need to purchase a certificate from an external vendor - Verisign, Entrust, etc.
TMG is Microsoft's Threat Management Gateway. It is a firewall/proxy server that works very well with Exchange and it's various feature such as ActiveSync and Outlook Anywhere. If you are just using OWA, you can create a rule in your firewall passing HTTPS (443) to you're internal CAS server and you will be good to go.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Tim PalmerLevel 3 Escalation TechAuthor Commented:
We've got certificates from Thwate, so thats covered. I'm still tossing up whether rebuilding or repairing is the best way to go.

Basic plan of attack is install E2007 on W2008, migrate a few test users and see how we go.
Create 3 datastores (our main datastore is 190GB and apparently thats well above best practice)
As for the DMZ part of things... we'll see how we go from there.
0
 
Tim PalmerLevel 3 Escalation TechAuthor Commented:
Wow, sorry this one wasn't closed sooner, I've been away.

I decided not to rebuild exchange.
0
 
Tim PalmerLevel 3 Escalation TechAuthor Commented:
No longer relevant
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now