Emal design Verification

Posted on 2015-02-11
Last Modified: 2015-02-25
Dear Experts,

I attached a design for Exchange 2010 , I need to know if this design is right or not , if there is something wrong where is it , if additional can be added please advise?
I need to know also if Exchange 2013 is stable and reliable or not?

Thanks in Advance,
Question by:oamal2001
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 58

Expert Comment

by:Cliff Galiher
ID: 40604723
There are definitely a few issues with your architecture. Enough so that I don't think I could cover them with any depth in a forum post. You should really bring in a consultant based on what I'm seeing.

Exchange 2013 is stable. Like Exchange 2010, some of the CUs are better than others. Quality control has been a struggle for the Exchange team. But overall 2013 is functional and I'd usually recommend it over 2010 for new deployments.
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40604850
Personally, this is not a design I would run with.

There is really no need to split out Exchange roles. I haven't done it in years. I would consider going multi-role on all your servers. In fact, check out Ross Smith IV's architecture keynote from MEC 14 and he explains Microsoft's shift from breaking out roles to keeping everything together.

Unfortunately, there is no enough information to go on to make decisions on the rest of the design. We don't know how many users you have, how large their mailboxes are, or, what kind of profile they fit in (how many messages they send and receive). So we can't really assess how many multi-role servers you would need.

The other problem here is I see no mention of a Database Availability Group for your mail servers. I hope you are going with one.

Plus I am not seeing any form of load balancing.

I would do something like this. Again. Generalizations based on what I see here.

You have 4 dedicated Exchange servers in your diagram. Make all these multirole, configure them in a 4 member DAG with a File Share Witness and put a load balancer in front of them (hopefully a nice Layer 7 KEMP HLB) to load balance client connections across your 4 new multi-role servers.

Again, generalizations.

With regard to the Edge Server, that is optional. Personally I have never been a big fan of the Edge Server. If you are looking for message hygiene and routing I tend to lean more towards Barracuda or something similar. Or a Cloud Service like Exchange Online Protection.

With regard to the stability of Exchange 2013, its rock solid. And its several Cumulative Updates deep now. I was a huge fan on 2010 but I love 2013 more now.

Also, keep in mind that Exchange 2010 exited mainstream support in January. So, Exchange 2010 will not see any more development. All new development will go towards 2013 (and Exchange 2016). You will get patches and tech support for 5 more years.
LVL 53

Accepted Solution

Will Szymkowski earned 500 total points
ID: 40604864
Based on the design you have posted i see the following issues for an Exchange 2010 architecture.
- RODC in the DMZ (there is no need for this and even though it is a RODC still a security concern)

- Why do you have CAS and HUB separated? They should not be (save on licensing costs)

- Based on your diagram the mailbox servers are in a DAG using shared storage? Both Mailbox servers need to have independent storage for each server, having the same logical drive letters and paths.

- Also you have mailbox in HA using DAG but why not CAS or Edge for that matter? This creates a single point of failure.

- load balacing CAS you will want to get a hardware load balancer.

Also if this is a greenfield deployment Exchange 2013 would be a better move. They now have released CU8 which is quite stable from all of my testing I have done. Exchange 2013 is much more feature rich over Exchange 2010. There are several reasons to go with Exchange 2013 (too many to list) but always look at support life cycle.

Exchange 2013 is newer so it will be supported longer over time. Exchange also is designed to have all roles installed on a single server.

Exchange 2013 new features.

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.


Expert Comment

by:Manoj Bojewar
ID: 40605458
Exchange 2013 CU5 is very stable version. Go for this version and implement Exchange 2013. Exchange 2013 doesn't require HUB server role install separately on new server.Also additional advantage Exchange 2013  CAS server roles  does automatic load balancing.
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40605634
@ Manoj Bojewar
Exchange 2013 doesn't require HUB server role install separately on new server
Although there is not a single role for Hub Transport there is in fact a Hub transport service on both CAS and Mailbox server. CAS being the Front-End Transport Service and Mailbox server role has the Backend Transport Service.

@Manoj Bojewar
Exchange 2013  CAS server roles  does automatic load balancing.
CAS does not load balance itself. You still require a load balancing solution, i.e hardware load balancer, or WNLB (not recommended for production deployments).

CAS in 2013 does not have persistent connections anymore to mailbox servers it only proxies connections now. This means that you can load balance at Lyaer4 or Layer7. Layer7 is still recommended as it is Service Aware, where Layer4 is only Server aware.

LVL 31

Expert Comment

by:Gareth Gudger
ID: 40605698
You can use Layer 4 with multiple namespaces to get the same effect of Layer 7. But Layer 7 is so much better. :)
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40605949
You can use Layer 4 with multiple namespaces to get the same effect of Layer 7
This is what you had to do in Exchange 2010 if you wanted to use Layer4 load balancing. It can still be used but requires  multiple namespaces and Exchange 2013 has simplified the namesapces to 2 and

But i can be done :-)

LVL 31

Expert Comment

by:Gareth Gudger
ID: 40605974

I meant for having more than 1-2 health checks. If you wanted to monitor all health checks, like you can in Layer 7, for all the different virtual directories. You would need multiple namespaces on a layer 4. For example,,, and so on. I was basing it on Ross Smith's diagram below from MEC 2014.

LVL 53

Expert Comment

by:Will Szymkowski
ID: 40630330
Misunderstood, yeah monitoring this way is possible but it is not as clean as using a L7 LB.

Having multiple name spaces just requires more management.

LVL 31

Expert Comment

by:Gareth Gudger
ID: 40630757
Right. I never recommend it. But it is a possibility that Microsoft throws out there. Its the old money vs time. Most times its worth it to just spend the extra $$$ to save time.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question