Solved

Designing a resilient Exchange 2010 system

Posted on 2013-01-14
5
347 Views
Last Modified: 2013-01-24
I am in the process of designing an email system capable of providing uninterrupted access to email in case of hardware failure or data corruption on one of two sites where Exchange will be deployed.
So far I have planned 2 scenarios

Scenario 1

Site A:
2 CAS servers
1 Witness server for CAS
2 Mailbox servers DB-A-Active, DB-A-Passive & DB-B-Recovery (2 DBs on 1 server)
Site B:
2 CAS servers
2 Mailbox servers: DB-B-Active, DB-B-Passive & DB-A-Recovery (2 DBs on 1 server)
1 Witness serer for DAG
Questions: Can I create 2 DAG groups as follow:
DAG1: DB-A-Active, DB-A-Passive, DB-A-Recovery
DAG2: DB-B-Active, DB-Passive, DB-B-Recovery


Scenario 2

Site A:
3 CAS servers
3 Mailbox servers MB-A-1, MB-A,2, MB-A-3
Databases: DB-A-Active, DB-A-Passive, DB-B-Recovery
DAG members: DB-A-Active, DB-A-Passive, DB-A-Recovery
Site B:
3 CAS servers
3 Mailbox servers MB-B-1, MB-B,2, MB-B-3
Databases: DB-B-Active, DB-B-Passive, DB-A-Recovery
DAG members: DB-B-Active, DB-B-Passive, DB-B-Recovery

What I am not clear is the number of servers on each site, all examples I found on technet and other sites mention 2, 4, 8 servers  for CAS and DAG, I did not find any references to 3 servers.  Some documents state that for an array of 2 CAS servers I need to have either a witness or another CAS server. That prompted me to set up 3 CAS servers at each site, having 2 members at site A, and 1 member at site B.
Just to confirm I need an enterprise level server license to create DAGs and perhaps CAS. Another question is related to DNS, let’s assume both sites are named owaA.example.com and owaB.example.com. How would computers accessing mailboxes at site A automatically redirected to site B in case of any problems at site A? Would it happen automatically or rather manual redirection is preferred.
Appreciate any suggestions.
0
Comment
Question by:Coffinated
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 38774959
You do not need Enterprise version of Exchange for anything, and don't need Enterprise edition of Windows for the CAS/Hub role. You only need it for The mailbox role.
However if you are putting the CAS roles on the same physical machines (via VMs) then you can use Enterprise edition of Windows if you wish.

Personally i wouldn't bother with seperate CAS role holders. Have all roles on the same server and then use load balancers.

Don't try and do Active/Active over two sites as that will be unpredicible. If you want data on both sites, with live users in both sites, then have four servers at a minumum, Active and Passive in each site. Again use load balancers.

When it comes to cross site failure, manual activate is preferred. DAG only protects the data, it doesn't protect the client access. Therefore you will need some mechanism to move the client connectivity across - load balancers would be the answer here.

Simon.
0
 
LVL 5

Author Comment

by:Coffinated
ID: 38775068
Simon,

I was planning on virtualizing all servers and putting CAS-1, MBX-1 on the save VM. Live users will be on both sites, both having identical set up, Site A: Active, Passive and the Recovery DB on site B.

Is there a requirement when it comes to even/odd number of servers at each site or over all? All examples I found so far had either 2, 4, 8, 16 servers. When 2 CAS servers are deployed they require a witness server or another CAS member. Would you recommend one over another? I am leaning towards 3 CAS members as it provides desired functionality and provides additional CAS member.

As far as load balancers, how reliable are they? This would be a single point of failure for each site, should I have faith in them or deploy 2 at each site? Can you recommend any brand/models?

Thank you
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38775103
Seperating the CAS role out is no longer best practise. Most locations are now putting all roles on the same server. It makes life a lot easier. Why are you insistent on having seperate CAS?
Without knowing about number of users, load etc it is impossible to say whether the design is good or not. However the most common design I am seeing now is to have six servers, three in each location. These could be on two physical machines.
Active/Active/Passive in each location, with two copies locally and one copy remote.
All roles on all servers, RPC CAS Array in both.
You would need to have load balancers in both sites - the most common one suggested is Kemp, I am currently playing with the open source Zen Load Balancer - which has clustering and as it is open source you can have as many as you like.

If you have even numbers in a DAG then you need a witness. This can be anything - another Exchange server is preferable, but a member server will do the job. I am doing a lot of implementions where database servers are used.

Simon.
0
 
LVL 5

Author Comment

by:Coffinated
ID: 38776645
Simon,

There will be anywhere from 500-1000 users per site. I can create 3 EX'10 servers per site all having all roles installed. Would it be a secure set up against server penetration?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 38782602
Number of servers and the role they have has NOTHING to do with server security. If you are concerned about server security then you will have to put something in front of Exchange to publish it to the internet.

Two servers in active/active per location with a passive in a second location would most likely be fine for that number of users, although do run it through the Microsoft tools to see what they actually say. For example 1000 users with 25mb of email would be fine on a single mailbox. 500 users who send 1000 emails a day would not!

Simon.
0

Join & Write a Comment

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now