Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Exchange setting

Posted on 2012-08-31
3
Medium Priority
?
336 Views
Last Modified: 2012-09-16
We're using Exchange for mail server (Internet IP Address 64.0.0.1 NAT 192.168.1.1)

(MX record: domain.com)
domain.com MX preference = 10, mail exchanger = mail1.domain.com
(A Name)
mail1.domain.com  internet address = 64.0.0.1

----------------------------------------------------------------------------------------------------------------------------------
Question 1: (For a single Exchange server)
Can I add one more iP address for mail routing redundancy when 64.0.0.1 IP address is blacklisted)
1. Internet IP Address 64.0.0.2 NAT 192.168.1.1
2. (New A Name) mail2.domain.com  internet address = 64.0.0.2
3. domain.com MX preference = 30, mail exchanger = mail2.domain.com,

is it possible? If not, any good suggestion please?
----------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------
Question 2:
For DR (single domain: domain.com)
Site A: Master Exchange (Internet IP Address 64.0.0.1 NAT 192.168.1.1)
Site B: Standby Exchange  (Internet IP Address 68.0.0.1 NAT 192.168.101.1)

What I should prepare for mail server switching?
Site B will get all email when Master Exchange server down
----------------------------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------------------------
Question 3:
What's the good solution for Exchange server redundancy?
- Clustering ?
- Front-End+Back End Exchange (If Front-End Exchange down, how to auto switch to Back-End Exchange to pick up the online job?)
- Or others
----------------------------------------------------------------------------------------------------------------------------------

Thanks !
0
Comment
Question by:rhinoceros
3 Comments
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 38353423
1.) MX preference you can add as many mailservers you want until you have still numbers free: as lower the number the first its get served. So if you have 10 and 20 the first 10 is served is it down 20 is served etc.

For blacklisting you will have a problem because not only the mailserver itselfe get blacklisted also your domain

2.) its enough if you have the second mx entry for

3.) Master solution is a hardware loadbalancer infront and a cluster behind. If not possible then only cluster because then you do not need to switch anything and you can upgrade with more servers if you are under heavy load.
0
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1600 total points
ID: 38356074
In my opinion MX record cost/preference is no longer valid. While you can set it, email will go to all servers in the MX record list. Therefore either the servers need to accept and route email correctly, or ensure they don't answer.
Blacklisting has no effect on inbound email, so setting multiple MX records will provide no protection from that.
The best protection you can have for blacklisting is a dedicated IP address for Exchange, the firewall locked down to only allow SMTP traffic from Exchange, and then Exchange setup correctly so it cannot be abused.
Furthermore the posting above about blacklisting is incorrect. Domains are not blacklisted - it is ONLY IP addresses that are blacklisted. If domains could be blacklisted then companies could be held hostage, Microsoft for example would probably be permanently blacklisted.

If you have two sites, both in the same forest, then have MX records pointing to both locations. Although ensure that both locations have the same level of antispam, so that they are both protected.

You haven't said which version of Exchange that you are using, or what you want to protect to answer your third question.
Exchange 2010 makes site resilience very easy, Exchange 2007 it is ok, and with Exchange 2003 almost impossible. Too many options available to you and not enough information.

Simon.
0
 
LVL 12

Assisted Solution

by:Dave
Dave earned 400 total points
ID: 38356785
Making Exchange 2010 highly available can be challenging on the budget.  Exchange 2010 does not directly support the classic "fail over" cluster architecture like 2003 and 2007. Instead it  uses "Database Availability Groups" (DAGs) to make the mailbox servers resiliant. In a DAG there are copies of the database on multiple "back end" servers and the "client Access Servers" redirect the users connections to the backend server that currently has the database mounted. So at a minumum you will need two copies of Windows Enterprise server as DAGs actually use Cluster Services to manage fail over.

That will provide resliance for the databases but you need to provide client reslience. Microsoft do this through a Client Access Server Array which relies on IIS network load balancing clustering. The issue is that you can't isntall both MSCS and NLB clustering on the same server.

So if manual failover is sufficient then you can also put the the CAS roles on the database servers and tweak the DNS entries for the CAS to point to the active server but this will give a 15 minute failover time.

If you have an external hardware load balancer then you can just put the Client Access role on the database servers and let that load balancer manage things when a server fails but a hardware load balancer is generally not cheap, and then becomes a single point of failure in itself.

My personal preferance is to use a Hypervisor such as ESXi or HyperV. Then you can put two copies of Windows and Exchange on a single physical box. In each physical box you you install two virual machines. In one you set up Windows with MSCS cluster services and Exchange with the Mailbox roles. In the other virtual machine you install Network Load Balancing and Exchange with the Client Access and Hub Transport roles.

The main issue with this is that if the Client Access Service fails NLB will still try and connect folks to the faulty server. In my experience, on a fully patched server, it doesn'y happen very often, but you need to be aware and re-boot the server when it does lock up.

Assuming you are using Server/2008R2 then you only need two Windows licences as Windows Enterprise allows you to run up to four copies of Windows Server on a single virtual box regardless of the virtualization product. Sadly Exchange does not so you will need four Exchange Licences.


For many small users Exchange Server Standard will be OK as the ONLY limit is 5 databases. If you keep to the recomended database sizes thats 5 x 200gb or 1TB ....
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange database can often fail to mount thereby halting the work of all users connected to it. Finding out why database isn’t mounting is crucial and getting the server back online. Stellar Phoenix Mailbox Exchange Recovery is a champion product t…
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month10 days, 7 hours left to enroll

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question