jmichaelpalermo4
asked on
Exchange 2010 - Virtualization and Load Balancing
Hello!
I'm looking to reconfigure Exchange 2010 in a test environment, eventually with the goal to be put into production. Any help you could answer on the following would be greatly appreciated.
I plan on setting up my environment as follows:
LoadBalancer
/\
Edge Transport
/\
CAS Array
/\
Mailbox Database
Each tier is composed of multiple virtual servers, for a large organization type of environment.
I am able to do most of this, but have some embarrassing gaps in my knowledge:
1. Which tiers will need to have public IPs assigned? (i.e. Edge Transport, CAS)
2. Does the Edge transport interact with the CAS at all? or does it simply go straight to the Mailbox Database?
3. Will I need SSL certs for the CAS servers, or can I install them on my Load Balancer (Zen, at the moment)
4. Any additional security recommendations for the CAS / Edge servers?
5. Any recommendations or criticisms to my current model?
Thank you!
I'm looking to reconfigure Exchange 2010 in a test environment, eventually with the goal to be put into production. Any help you could answer on the following would be greatly appreciated.
I plan on setting up my environment as follows:
LoadBalancer
/\
Edge Transport
/\
CAS Array
/\
Mailbox Database
Each tier is composed of multiple virtual servers, for a large organization type of environment.
I am able to do most of this, but have some embarrassing gaps in my knowledge:
1. Which tiers will need to have public IPs assigned? (i.e. Edge Transport, CAS)
2. Does the Edge transport interact with the CAS at all? or does it simply go straight to the Mailbox Database?
3. Will I need SSL certs for the CAS servers, or can I install them on my Load Balancer (Zen, at the moment)
4. Any additional security recommendations for the CAS / Edge servers?
5. Any recommendations or criticisms to my current model?
Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I would say that please have Edge servers on DMZ and place the load balancer's for CAS server requests. So that it can mange MAPI and internet requests well for users.
Once the load balancer placed point the CAS array IP to that to get work well.
SAN certificate should require to installed on CAS servers.
Once the load balancer placed point the CAS array IP to that to get work well.
SAN certificate should require to installed on CAS servers.
Theen you would have CAS servers in the internal VLAN and same with mailbox servers.
CAS array has nothin to do with the certificates . You need to have SAN certificate with the following domains
webmail.domain.com
autodiscover.com
casserver1.domain.com
casserver2.domain.com
http://blogs.technet.com/b/exchange/archive/2012/03/23/demystifying-the-cas-array-object-part-1.aspx