Exchange 2010 simple setup idea
Greetings,
I've asked a few questions about exchange 2010; still working out how to set it up. I only have about 100 mailboxes, but my store is about 450 GB. I recently read quite a few articles and based on this one:
http://blogs.technet.com/b/exchange/archive/2011/04/08/robert-s-rules-of-exchange-multi-role-servers.aspx
I am certain I am over-complicating my set up in such a small environment. I already have two licenses (std though, not ent). I was thinking of spreading CAS/HT and mbx across 4 servers (two each) and getting two more licenses. However, I don't really need load balancing with only 100 mailboxes, and am not certain I would get the funding. That said, and in light of the info I've been reading, I'm thinking of setting up one multi-role server with a second in a DAG with all roles that can be failed over to (much like comment #3 by GoodThings2Life in the article I referenced above). I guess I'd need a FSW set up on local storage on my other host to spread it out across storage.
This is a VMware environment and I have enough resources to accommodate this. I was thinking of putting the active server on the vnxe and the other on my new host on local storage, just in case something happened with the SAN environment.
I also read this
http://technet.microsoft.com/en-us/library/dd979781.aspx#Two
But don't need load balancing but would like the benefit of high availability.
I guess my question is whether or not I can / should have two multi-role exchange servers, one active and one passive so-to-speak, and if so, how would I set this up?
Any thoughts very much appreciated.
I've asked a few questions about exchange 2010; still working out how to set it up. I only have about 100 mailboxes, but my store is about 450 GB. I recently read quite a few articles and based on this one:
http://blogs.technet.com/b/exchange/archive/2011/04/08/robert-s-rules-of-exchange-multi-role-servers.aspx
I am certain I am over-complicating my set up in such a small environment. I already have two licenses (std though, not ent). I was thinking of spreading CAS/HT and mbx across 4 servers (two each) and getting two more licenses. However, I don't really need load balancing with only 100 mailboxes, and am not certain I would get the funding. That said, and in light of the info I've been reading, I'm thinking of setting up one multi-role server with a second in a DAG with all roles that can be failed over to (much like comment #3 by GoodThings2Life in the article I referenced above). I guess I'd need a FSW set up on local storage on my other host to spread it out across storage.
This is a VMware environment and I have enough resources to accommodate this. I was thinking of putting the active server on the vnxe and the other on my new host on local storage, just in case something happened with the SAN environment.
I also read this
http://technet.microsoft.com/en-us/library/dd979781.aspx#Two
But don't need load balancing but would like the benefit of high availability.
I guess my question is whether or not I can / should have two multi-role exchange servers, one active and one passive so-to-speak, and if so, how would I set this up?
Any thoughts very much appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
For 100 users office365 is better, or use ex2013 for which u don't need window ent lic.
ASKER
365 not approved and 2013 isn't approved yet for our doc mgt system. I thought of going to 2013 until they told me.
Any thoughts on what I posted as far as two Multi-role servers? Thx
Any thoughts on what I posted as far as two Multi-role servers? Thx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Simon. While load balancing would be ideal, there is no way I'm getting money this year for a kemp, or two. I will budget it for the beginning of next year though. I'm going to check out zen, but right now my main goal is to get this up and running next Thursday and Friday, with the foundation to add load balancing either with zen soon or kemp early next year. I'm trying to keep this as simple as possible, but have high availability even if that means some manual intervention for failover. I am going to configure a CAS array in DNS.
At this point I'd like to finally just move forward and at least have one server up and deal with the failover server after everyone is moved off the 2003 box, or whenever is optimal.
Can you explain what you mean by "repair" the outlook profile on each client? That sounds cumbersome, if it means actually touching each client.
I'd read somewhere about round robin for the CAS and if the server didn't respond within a set TTL, it would redirect to the other server. However, I'm not sure about that and as long as I have an Internet connection to the datacenter manual intervention, while not preferable, is acceptable. In a failover situation, we can tolerate a small amount of downtime.
Also, will the services activate and databases mount on the passive / DAG server when the active is down, or would I need to manually do that as well?
Thanks again.
At this point I'd like to finally just move forward and at least have one server up and deal with the failover server after everyone is moved off the 2003 box, or whenever is optimal.
Can you explain what you mean by "repair" the outlook profile on each client? That sounds cumbersome, if it means actually touching each client.
I'd read somewhere about round robin for the CAS and if the server didn't respond within a set TTL, it would redirect to the other server. However, I'm not sure about that and as long as I have an Internet connection to the datacenter manual intervention, while not preferable, is acceptable. In a failover situation, we can tolerate a small amount of downtime.
Also, will the services activate and databases mount on the passive / DAG server when the active is down, or would I need to manually do that as well?
Thanks again.
There is no high availability in DNS, so what you have read about round robin is incorrect.
What I mean by repairing the Outlook profile means exactly that - in Accounts, select your Outlook account and choose Repair. That will force a full Autodiscover and the "correction" of the Exchange server name to your RPC CAS Array address. Yes it is cumbersome to visit every client - I have a client currently visiting 300 machines across three continents before we can continue the migration. If you had created the CAS Array right at the start this wouldn't be an issue.
As long as the FSQ is available, then failover of the databases doesn't require manual intervention. Of course the client change will require intervention - even if this is just changing the DNS entry.
Simon.
What I mean by repairing the Outlook profile means exactly that - in Accounts, select your Outlook account and choose Repair. That will force a full Autodiscover and the "correction" of the Exchange server name to your RPC CAS Array address. Yes it is cumbersome to visit every client - I have a client currently visiting 300 machines across three continents before we can continue the migration. If you had created the CAS Array right at the start this wouldn't be an issue.
As long as the FSQ is available, then failover of the databases doesn't require manual intervention. Of course the client change will require intervention - even if this is just changing the DNS entry.
Simon.
ASKER
Ok, so goes that regarding round robin. What do you recommend for TTL? Does the failover to the other server happen as quickly as I change DNS? Also, I thought with a CAS array I had multiple exchange servers configured for failover, essentially. But I guess I need load balancing for that. Starting to get confused again... Need a simple setup. Definitely stressing to much over this.
Oh, I haven't started anything yet. The install is scheduled for next week. I only have the 2008 R2 servers patched and ready. No exchange 2010 install has yet begun. I planned on creating the CAS array first. So, how does that change the outlook profile "repair"?
Thanks again. Three continents?? They must've originated in the UK since your website states you don't work outside the UK for liability reasons, much to my disappointment. ;-)
Oh, I haven't started anything yet. The install is scheduled for next week. I only have the 2008 R2 servers patched and ready. No exchange 2010 install has yet begun. I planned on creating the CAS array first. So, how does that change the outlook profile "repair"?
Thanks again. Three continents?? They must've originated in the UK since your website states you don't work outside the UK for liability reasons, much to my disappointment. ;-)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks. I may contact you through your company for a design.
Ok, so set up the CAS array after I configure both exchange servers and set up the DAG? When I do CAS array, without load balancing, what IP do I give it? Then, when I setup a load balancer, I'd point the CAS array to the load balancer, correct? if I needed to failover to the passive server and didn't have a load balancer, I would point the CAS array to the passive server and clients would redirect to it based on the TTL I set on the DNS CAS array entry, correct? I don't need to do anything since the DAG will mount the databases on the passive server as needed, correct? Whew, I guess this is last: I'd point the firewall to the CAS array, which points to the active server, then I'd point the firewall to the load balancer when that's in, right?
Any further questions will be posted as new questions.
I looked into the zen load balancer then found the article on your website explaining the setup. I will likely try that out.
Thanks again.
Ok, so set up the CAS array after I configure both exchange servers and set up the DAG? When I do CAS array, without load balancing, what IP do I give it? Then, when I setup a load balancer, I'd point the CAS array to the load balancer, correct? if I needed to failover to the passive server and didn't have a load balancer, I would point the CAS array to the passive server and clients would redirect to it based on the TTL I set on the DNS CAS array entry, correct? I don't need to do anything since the DAG will mount the databases on the passive server as needed, correct? Whew, I guess this is last: I'd point the firewall to the CAS array, which points to the active server, then I'd point the firewall to the load balancer when that's in, right?
Any further questions will be posted as new questions.
I looked into the zen load balancer then found the article on your website explaining the setup. I will likely try that out.
Thanks again.
Initially just give the CAS array the IP address of one of the servers with the CAS role.
When you introduce a load balancer, you can test it by modifying hosts files to get the DNS entry to resolve and then when you are ready to go in to production, undo the hosts file change and adjust the DNS entry.
If they failover, just change the DNS entry as you have said.
The CAS array is an INTERNAL only address, that isn't used for anything but MAPI TCP traffic.
However if you have a load balancer there is nothing to stop you from using the same virtual IP address on the load balancer for other services, just with a different host name.
Simon.
When you introduce a load balancer, you can test it by modifying hosts files to get the DNS entry to resolve and then when you are ready to go in to production, undo the hosts file change and adjust the DNS entry.
If they failover, just change the DNS entry as you have said.
The CAS array is an INTERNAL only address, that isn't used for anything but MAPI TCP traffic.
However if you have a load balancer there is nothing to stop you from using the same virtual IP address on the load balancer for other services, just with a different host name.
Simon.
ASKER
thanks again Simon. Going to start this tonight. I ran the pre-install analyzer and need to change to native mode and also apply some permissions to AD. Any caveats to that?
Everything else looked good except for a notification about connectors. I don't think that will prevent an install and is more of something to deal with during the actual transition.
Everything else looked good except for a notification about connectors. I don't think that will prevent an install and is more of something to deal with during the actual transition.
Shouldn't be any probelms making thos changes - other than replication delays.
Simon.
Simon.
ASKER
so this shows up in the report but I don't know where to find the security settings to edit them. any ideas? so aggravating and preventing me from moving forward.
Access control list (ACL) inheritance is blocked for the Exchange server object (CN=EXCH1,CN=Servers,CN=Fi
Thanks
Access control list (ACL) inheritance is blocked for the Exchange server object (CN=EXCH1,CN=Servers,CN=Fi
Thanks
What have you got at the moment? 2003 or 2007?
If 2003 then you need to use the KB article mentioned and ESM to enable inheritance on the Admin group. If you have 2007 then you will have to use ADSIEDIT to enable inheritance.
Simon.
If 2003 then you need to use the KB article mentioned and ESM to enable inheritance on the Admin group. If you have 2007 then you will have to use ADSIEDIT to enable inheritance.
Simon.
ASKER
2003. The KB article is about displaying the security tab but it's already shown in ESM. I just don't know where I'm supposed to find this. I don't understand the path I guess. Does this literally mean my administration database?
Thx
Thx
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Figured this out and now the only thing is the link state suppression warning.
We got hit with a virus Thursday late afternoon that affected 3 shares and about 10 workstations, so been cleaning that up and just finished. plan on getting back to this Monday morning.
Thanks for the help.
We got hit with a virus Thursday late afternoon that affected 3 shares and about 10 workstations, so been cleaning that up and just finished. plan on getting back to this Monday morning.
Thanks for the help.
ASKER
in case anyone is available, I posted this
https://www.experts-exchange.com/questions/28160805/prepare-AD-for-exchange-2010.html
https://www.experts-exchange.com/questions/28160805/prepare-AD-for-exchange-2010.html
ASKER
Thanks all.
ASKER
Thanks for the DNS info. Hate to have to manually configure if the first one failed, but may not have a choice based on what I'm working with. How would that affect a users connection once DNS is altered? How would a CAS array configured in DNS affect having to manually switch DNS, if at all?
Thanks again