exchange topology

need a cost effective complete topology for an exchange setup

1.2 servers with both configured as CAS and MailBox and configured in  a DAG
2.Recommended Public DNS topology; can i ask my network register to create two Host records ( pointing towards to the public WAN interface of my firewall )  and point the MX  record to the A Record  and Internal DNS topology with regard to AD.
3. Want to divert all incoming mails to a mail hygiene system and which is the best product in this category
4. how to achieve routing of mails to two CAS servers for load balancing - is it possible via mail hygiene system and whether the hygiene system have a default mail relay system in place to divert to the CAS in a round-robin fashion
5. Plan to put the Mail Hygiene system in a DMZ

Help pls
shamnadAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StuartTechnical Architect - CloudCommented:
First you didn't mention what version of Exchange you were looking at, I will presume 2013

1.2 servers with both configured as CAS and MailBox and configured in  a DAG - this is in my experience the best method, Microsoft's preferred architecture also recommends multi role configurations

2.Recommended Public DNS topology; can i ask my network register to create two Host records ( pointing towards to the public WAN interface of my firewall )  and point the MX  record to the A Record  and Internal DNS topology with regard to AD. - what you would normally do here is create multiple records and list them in the MX ordered by preference. This is would normally point to the firewall in your primary site then the firewall in your secondary site. If your a single site then I would argue that two records is not required (your primary firewall should be resilient also)

3. Want to divert all incoming mails to a mail hygiene system and which is the best product in this category - there are many mail hygiene appliances on the market. If you chose an internal device your MX would NAT to this then routes would exist to exchange. Products I have used in the past are ironport, mcafee ironmail etc although there are cheaper solutions out there. You could opt for a cloud based hygiene system such as websense, Symantec in this case your MX would route to this and routes would go to your primary firewall which would NAT to Exchange

4. how to achieve routing of mails to two CAS servers for load balancing - is it possible via mail hygiene system and whether the hygiene system have a default mail relay system in place to divert to the CAS in a round-robin fashion - the best and recommended solution would be to place a pair of L4 load balancers eg Kemp Load Master's between your hygiene device and exchange. These would not only load balance mail but would load balance client access services such as Outlook Anywhere, OWA and Active Sync. An L4 load balancer would also be aware of failed services on your exchange environment which DNS RR wouldn't. You cannot use Network Load Balancing (NLB) as your Exchange servers are multirole however I would avoid NLB anyway!

5. Plan to put the Mail Hygiene system in a DMZ - As stated in 3. this is possible it depends on 1. If you have the technical guys to look after them and 2. If it is more cost effective that a cloud based solution. Some people have requirements over and above what a cloud based solution cannot provide.

Hope this helps you

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Software

From novice to tech pro — start learning today.