Migrating/Rebuilding Exchange 2007 from Win 2K3 to Win2K8 in a new VM
Hi guys,
Our current Exchange server has multiple issues and I've come to the conclusion that rebuilding the Exchange server is probably the most reliable fix.
At the same time, I'll be upgrading the server from 2003 to 2008.
What I'd like to do is properly configure the Exchange Server to have the Web Front end in a DMZ but lock the datastore away from public eyes, at the moment the whole exchange server may be vulnerable as it's all the one server. What is involved here too?
I'd also like to set up multiple datastores, as we currently have it all configured in one which is about 400GB at the moment.
Is it worth maintaining the current Exchange server, but designating it as a backup? Does this mean emails are duplicated and effectively doubling storage requirements (this isn't an option, space at this point in time is limited)
The server is a VM.
Anything else I need to consider? Points will be split over most helpful answers.
Our current Exchange server has multiple issues and I've come to the conclusion that rebuilding the Exchange server is probably the most reliable fix.
At the same time, I'll be upgrading the server from 2003 to 2008.
What I'd like to do is properly configure the Exchange Server to have the Web Front end in a DMZ but lock the datastore away from public eyes, at the moment the whole exchange server may be vulnerable as it's all the one server. What is involved here too?
I'd also like to set up multiple datastores, as we currently have it all configured in one which is about 400GB at the moment.
Is it worth maintaining the current Exchange server, but designating it as a backup? Does this mean emails are duplicated and effectively doubling storage requirements (this isn't an option, space at this point in time is limited)
The server is a VM.
Anything else I need to consider? Points will be split over most helpful answers.
ASKER
Thanks for the guideline, we'll be sticking with Exchange 2007.
Are there security risks involved with allowing HTTP traffic to our Exchange server?
What is a TMG server anyway, this isn't something I'm familiar with.
Are there security risks involved with allowing HTTP traffic to our Exchange server?
What is a TMG server anyway, this isn't something I'm familiar with.
Well, your firewall would be set up to allow only HTTPS traffic to your internal Exchange servers. You would need to purchase a certificate from an external vendor - Verisign, Entrust, etc.
TMG is Microsoft's Threat Management Gateway. It is a firewall/proxy server that works very well with Exchange and it's various feature such as ActiveSync and Outlook Anywhere. If you are just using OWA, you can create a rule in your firewall passing HTTPS (443) to you're internal CAS server and you will be good to go.
TMG is Microsoft's Threat Management Gateway. It is a firewall/proxy server that works very well with Exchange and it's various feature such as ActiveSync and Outlook Anywhere. If you are just using OWA, you can create a rule in your firewall passing HTTPS (443) to you're internal CAS server and you will be good to go.
ASKER
We've got certificates from Thwate, so thats covered. I'm still tossing up whether rebuilding or repairing is the best way to go.
Basic plan of attack is install E2007 on W2008, migrate a few test users and see how we go.
Create 3 datastores (our main datastore is 190GB and apparently thats well above best practice)
As for the DMZ part of things... we'll see how we go from there.
Basic plan of attack is install E2007 on W2008, migrate a few test users and see how we go.
Create 3 datastores (our main datastore is 190GB and apparently thats well above best practice)
As for the DMZ part of things... we'll see how we go from there.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No longer relevant
It is not recommended to put the CAS (front end server) DMZ. It needs to be a member of the AD domain.
You could put another server with the Edge role on it in the DMZ but this is usually overkill for a smaller company. If you were going to put something in the DMZ I would suggest a TMG server.
After the servers are set up you essentially move over all the mailboxes and some other features and you can decommission the old Exchange server.
You will lose single instance storage when you move the mailboxes. FYI, Exchange 2010 does away with SIS, so you will need to plan for that anyway.
Honestly before you go to all that trouble, I would get the storage situation corrected.
I just gave you a rough outline. This is a big topic and will require many steps.