Solved

Exchange 2016 Deployment

Posted on 2016-09-28
5
31 Views
Last Modified: 2016-10-25
We have the project to migrate from exchange 2003 to exchange 2016.

My queries are :

1) New Hardware sizing (for 200 users) - planning to have 2 virtual servers in two diff physical hosts
2) DAG setup with HA
3) Load Balancing - Is the OS Loadbalacning and exchange DAG is enough or need to have applicance
4) Antispam to be used for extensive filtering
5) Securing exchange
6) Backup policies for exchnage 2016
7) Audit Mechanisms
8) DR for Exxhange 2016
0
Comment
Question by:kurajesh
5 Comments
 
LVL 29

Accepted Solution

by:
ScottCha earned 251 total points (awarded by participants)
Comment Utility
1.  Get a good server.   One we have been using that will meet your needs is an HP ML350 G9.  Get plenty of HD space
2.  Not sure what the question is but yes, you can set up a DAG for HA.
3.  For your environment, you should be ok without the hardware part to LB.
4.  I would use an external spam filter such as AppRiver
5.  Make sure your hardware and passwords are adequate.
6.  I would suggest the 3-2-1 rule.  3 copies of data, 2 onsite in different locations and 1 offsite.
7.  You could op to use a journaling mailbox
8.  If your backups are in good shape your DR should be ok.

Now, there is no direct migration path from Exchange 2003 to 2016.  You MUST first do a migration to Exchange 2010, remove Exchange 2003 completely, then migrate to Exchange 2016.
2
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 83 total points (awarded by participants)
Comment Utility
1. https://gallery.technet.microsoft.com/Exchange-2013-Server-Role-f8a61780 has a calculator, the requirements for 2016 are not different than 2013 with all roles installed. Add a little additional CPU for safety, though.
2. DAG creates a copy of the DB on all nodes, so make sure you provide enough space for each copy and its transaction logs. If you have 3 or more nodes set up with one as a Lagged copy, you can usually get away with Circular logging on all databases, which saves some space. It does require a Hardware Load Balancer to do proper HA, but you can skip that if you're okay with changing DNS records for client access when the primary node fails. If you have a 2 node DAG (even number of nodes), be mindful of where you place your File Share Witness. Do not configure that to point to another Exchange Server. Point it to a system that will allow at least one Exchange Server to access the file share if the connection between exchange servers fails. That will prevent Split Brain issues.
3. You cannot do Windows NLB and DAG on the same server, so if you want to Load Balance things for HA purposes, you need to have a Hardware Load Balancer. Since 2016 did away with multiple server roles, NLB is no longer supported by MS for Exchange 2016.
4. I usually recommend cloud-based spam services like AppRiver or Barracuda's cloud security service. Unless, of course, you are under HIPAA regulations and ePHI is sent by email. If that's the case, get a Barracuda Appliance that includes their Outlook encryption plugin. It will save you a lot of headache, since the only spam service I've found that even allows forced encryption is Exchange Online Protection with Azure AD RMS added on. All the others I've looked at are either crazy expensive or don't offer it at all.
5. Depends on how much security you want. Spam Filter appliances/services do most of the security that you'll *need* by filtering access to port 25, but you need to make sure port 25 is *only* accessible by the IP addresses of the spam filter. If you have a high security environment or policies that state Domain Joined Computers cannot be accessible from the Internet, you'll want to set up a Web Application Publishing Server on a non-domain Server 2012 R2 system for port 443. If you use a Load Balancer, that will take care of security for OWA and other websites on the Exchange server, since HLB devices serve as Reverse Proxies for Exchange.
6. Depends on your company's disaster recovery policies and whether you have backup software that is Exchange Aware. If you're willing to spend extra for Enterprise CALs, you have access to the In-Place Hold feature, which allows you to prevent users from permanently deleting emails. This technique makes it so you can restore individual messages or folders without having to go to your backups. That in combination with a 3 node DAG that has one lagged node will give you a "Backupless" Exchange environment, where you don't really even need to do backups (This is basically how Office 365 is set up, but with a lot more nodes per DAG).
7. What do you mean by auditing? What exactly are you looking for?
8. The InPlace Hold feature allows fantastic DR for individual items and mailboxes, since nothing can ever be deleted. For entire server failures, a DAG with a Network Load Balancer will provide disaster resilience, but there are a lot of things to consider when designing a HA Exchange cluster (more than can be covered easily here). Disaster recovery in 2016 uses Recovery Databases, which were released in Exchange 2010. Basically, you would restore a full copy of the database, mount it on Exchange as a Recovery Database, then run a mailbox recovery. This is a pretty big subject that is hard to cover as well.
2
 
LVL 5

Assisted Solution

by:CodeTwo Software
CodeTwo Software earned 83 total points (awarded by participants)
Comment Utility
Hi Kurajesh,

7: Apart from journaling there's also mailbox auditing. It's very easy to set up via PowerShell:

Set-Mailbox [user name] –AuditEnabled $True

Open in new window


Additional parameters let you define log retention time, what actions are logged, etc. The logs themselves can be searched via Shell and EMC. More info in this article (the 2013 commands work for 2016): http://www.codetwo.com/admins-blog/user-mailbox-and-shared-mailbox-auditing-in-exchange-2013/?sts=6362

All your other questions have been addressed, so let me just add that you can do the mailbox move from 2003 to 2016 directly (no double-hop) in a cross-forest scenario using CodeTwo Exchange Migration. Learn more here: http://www.codetwo.com/exchange-migration/cross-forest?sts=6362

If you have questions about any of the above, don't hesitate to ask.

Best regards,
CodeTwo
1
 
LVL 8

Assisted Solution

by:Kevin k
Kevin k earned 83 total points (awarded by participants)
Comment Utility
I hope the above suggestion clarifies you concern to get this job done.

For migration, you'll prob need to go to Exchange server 2010/2013 first then you can easily migrate from Exchange server 2010/2013 to Exchange server 2016. Moreover, You may get help from this path to upgrade to Exchange 2016:

-Install Exchange 2010 into your Exchange 2003 organization.

-Configure Exchange 2010 and Exchange 2003 coexistence.

-Migrate Exchange 2003 mailboxes, public folders, and other components to Exchange 2010.

-Decommission and remove all Exchange 2003 servers.

-Install Exchange 2016 into your Exchange 2010 organization.

-Configure Exchange 2016 and Exchange 2010 coexistence.

-Migrate Exchange 2010 mailboxes, public folders, and other components to Exchange 2016.

-Decommission and remove all Exchange 2010 servers.

In addition to above few more migration solutions out their to migrate directly from Exchange 2003 or 2007 to Exchange 2016 easily and efficiently, like:
Dell Migration Manager for Exchange
Lepide Migrator for Exchange
MigrationWiz

Hope this helps!
1
 
LVL 29

Expert Comment

by:ScottCha
Comment Utility
Excellent suggestions from all.  Should answer question completely.
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now