Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Emal design Verification

Posted on 2015-02-11
Medium Priority
Last Modified: 2015-02-25
Dear Experts,

I attached a design for Exchange 2010 , I need to know if this design is right or not , if there is something wrong where is it , if additional can be added please advise?
I need to know also if Exchange 2013 is stable and reliable or not?

Thanks in Advance,
Question by:oamal2001
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 59

Expert Comment

by:Cliff Galiher
ID: 40604723
There are definitely a few issues with your architecture. Enough so that I don't think I could cover them with any depth in a forum post. You should really bring in a consultant based on what I'm seeing.

Exchange 2013 is stable. Like Exchange 2010, some of the CUs are better than others. Quality control has been a struggle for the Exchange team. But overall 2013 is functional and I'd usually recommend it over 2010 for new deployments.
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40604850
Personally, this is not a design I would run with.

There is really no need to split out Exchange roles. I haven't done it in years. I would consider going multi-role on all your servers. In fact, check out Ross Smith IV's architecture keynote from MEC 14 and he explains Microsoft's shift from breaking out roles to keeping everything together.

Unfortunately, there is no enough information to go on to make decisions on the rest of the design. We don't know how many users you have, how large their mailboxes are, or, what kind of profile they fit in (how many messages they send and receive). So we can't really assess how many multi-role servers you would need.

The other problem here is I see no mention of a Database Availability Group for your mail servers. I hope you are going with one.

Plus I am not seeing any form of load balancing.

I would do something like this. Again. Generalizations based on what I see here.

You have 4 dedicated Exchange servers in your diagram. Make all these multirole, configure them in a 4 member DAG with a File Share Witness and put a load balancer in front of them (hopefully a nice Layer 7 KEMP HLB) to load balance client connections across your 4 new multi-role servers.

Again, generalizations.

With regard to the Edge Server, that is optional. Personally I have never been a big fan of the Edge Server. If you are looking for message hygiene and routing I tend to lean more towards Barracuda or something similar. Or a Cloud Service like Exchange Online Protection.

With regard to the stability of Exchange 2013, its rock solid. And its several Cumulative Updates deep now. I was a huge fan on 2010 but I love 2013 more now.

Also, keep in mind that Exchange 2010 exited mainstream support in January. So, Exchange 2010 will not see any more development. All new development will go towards 2013 (and Exchange 2016). You will get patches and tech support for 5 more years.
LVL 53

Accepted Solution

Will Szymkowski earned 2000 total points
ID: 40604864
Based on the design you have posted i see the following issues for an Exchange 2010 architecture.
- RODC in the DMZ (there is no need for this and even though it is a RODC still a security concern)

- Why do you have CAS and HUB separated? They should not be (save on licensing costs)

- Based on your diagram the mailbox servers are in a DAG using shared storage? Both Mailbox servers need to have independent storage for each server, having the same logical drive letters and paths.

- Also you have mailbox in HA using DAG but why not CAS or Edge for that matter? This creates a single point of failure.

- load balacing CAS you will want to get a hardware load balancer.

Also if this is a greenfield deployment Exchange 2013 would be a better move. They now have released CU8 which is quite stable from all of my testing I have done. Exchange 2013 is much more feature rich over Exchange 2010. There are several reasons to go with Exchange 2013 (too many to list) but always look at support life cycle.

Exchange 2013 is newer so it will be supported longer over time. Exchange also is designed to have all roles installed on a single server.

Exchange 2013 new features.

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Expert Comment

by:Manoj Bojewar
ID: 40605458
Exchange 2013 CU5 is very stable version. Go for this version and implement Exchange 2013. Exchange 2013 doesn't require HUB server role install separately on new server.Also additional advantage Exchange 2013  CAS server roles  does automatic load balancing.
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40605634
@ Manoj Bojewar
Exchange 2013 doesn't require HUB server role install separately on new server
Although there is not a single role for Hub Transport there is in fact a Hub transport service on both CAS and Mailbox server. CAS being the Front-End Transport Service and Mailbox server role has the Backend Transport Service.

@Manoj Bojewar
Exchange 2013  CAS server roles  does automatic load balancing.
CAS does not load balance itself. You still require a load balancing solution, i.e hardware load balancer, or WNLB (not recommended for production deployments).

CAS in 2013 does not have persistent connections anymore to mailbox servers it only proxies connections now. This means that you can load balance at Lyaer4 or Layer7. Layer7 is still recommended as it is Service Aware, where Layer4 is only Server aware.

LVL 31

Expert Comment

by:Gareth Gudger
ID: 40605698
You can use Layer 4 with multiple namespaces to get the same effect of Layer 7. But Layer 7 is so much better. :)
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40605949
You can use Layer 4 with multiple namespaces to get the same effect of Layer 7
This is what you had to do in Exchange 2010 if you wanted to use Layer4 load balancing. It can still be used but requires  multiple namespaces and Exchange 2013 has simplified the namesapces to 2 and

But i can be done :-)

LVL 31

Expert Comment

by:Gareth Gudger
ID: 40605974

I meant for having more than 1-2 health checks. If you wanted to monitor all health checks, like you can in Layer 7, for all the different virtual directories. You would need multiple namespaces on a layer 4. For example,,, and so on. I was basing it on Ross Smith's diagram below from MEC 2014.

LVL 53

Expert Comment

by:Will Szymkowski
ID: 40630330
Misunderstood, yeah monitoring this way is possible but it is not as clean as using a L7 LB.

Having multiple name spaces just requires more management.

LVL 31

Expert Comment

by:Gareth Gudger
ID: 40630757
Right. I never recommend it. But it is a possibility that Microsoft throws out there. Its the old money vs time. Most times its worth it to just spend the extra $$$ to save time.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question