Go Premium for a chance to win a PS4. Enter to Win


Exchange 2016 Deployment

Posted on 2016-09-28
Medium Priority
Last Modified: 2016-10-25
We have the project to migrate from exchange 2003 to exchange 2016.

My queries are :

1) New Hardware sizing (for 200 users) - planning to have 2 virtual servers in two diff physical hosts
2) DAG setup with HA
3) Load Balancing - Is the OS Loadbalacning and exchange DAG is enough or need to have applicance
4) Antispam to be used for extensive filtering
5) Securing exchange
6) Backup policies for exchnage 2016
7) Audit Mechanisms
8) DR for Exxhange 2016
Question by:kurajesh
LVL 32

Accepted Solution

Scott C earned 1004 total points (awarded by participants)
ID: 41820565
1.  Get a good server.   One we have been using that will meet your needs is an HP ML350 G9.  Get plenty of HD space
2.  Not sure what the question is but yes, you can set up a DAG for HA.
3.  For your environment, you should be ok without the hardware part to LB.
4.  I would use an external spam filter such as AppRiver
5.  Make sure your hardware and passwords are adequate.
6.  I would suggest the 3-2-1 rule.  3 copies of data, 2 onsite in different locations and 1 offsite.
7.  You could op to use a journaling mailbox
8.  If your backups are in good shape your DR should be ok.

Now, there is no direct migration path from Exchange 2003 to 2016.  You MUST first do a migration to Exchange 2010, remove Exchange 2003 completely, then migrate to Exchange 2016.
LVL 43

Assisted Solution

by:Adam Brown
Adam Brown earned 332 total points (awarded by participants)
ID: 41820754
1. https://gallery.technet.microsoft.com/Exchange-2013-Server-Role-f8a61780 has a calculator, the requirements for 2016 are not different than 2013 with all roles installed. Add a little additional CPU for safety, though.
2. DAG creates a copy of the DB on all nodes, so make sure you provide enough space for each copy and its transaction logs. If you have 3 or more nodes set up with one as a Lagged copy, you can usually get away with Circular logging on all databases, which saves some space. It does require a Hardware Load Balancer to do proper HA, but you can skip that if you're okay with changing DNS records for client access when the primary node fails. If you have a 2 node DAG (even number of nodes), be mindful of where you place your File Share Witness. Do not configure that to point to another Exchange Server. Point it to a system that will allow at least one Exchange Server to access the file share if the connection between exchange servers fails. That will prevent Split Brain issues.
3. You cannot do Windows NLB and DAG on the same server, so if you want to Load Balance things for HA purposes, you need to have a Hardware Load Balancer. Since 2016 did away with multiple server roles, NLB is no longer supported by MS for Exchange 2016.
4. I usually recommend cloud-based spam services like AppRiver or Barracuda's cloud security service. Unless, of course, you are under HIPAA regulations and ePHI is sent by email. If that's the case, get a Barracuda Appliance that includes their Outlook encryption plugin. It will save you a lot of headache, since the only spam service I've found that even allows forced encryption is Exchange Online Protection with Azure AD RMS added on. All the others I've looked at are either crazy expensive or don't offer it at all.
5. Depends on how much security you want. Spam Filter appliances/services do most of the security that you'll *need* by filtering access to port 25, but you need to make sure port 25 is *only* accessible by the IP addresses of the spam filter. If you have a high security environment or policies that state Domain Joined Computers cannot be accessible from the Internet, you'll want to set up a Web Application Publishing Server on a non-domain Server 2012 R2 system for port 443. If you use a Load Balancer, that will take care of security for OWA and other websites on the Exchange server, since HLB devices serve as Reverse Proxies for Exchange.
6. Depends on your company's disaster recovery policies and whether you have backup software that is Exchange Aware. If you're willing to spend extra for Enterprise CALs, you have access to the In-Place Hold feature, which allows you to prevent users from permanently deleting emails. This technique makes it so you can restore individual messages or folders without having to go to your backups. That in combination with a 3 node DAG that has one lagged node will give you a "Backupless" Exchange environment, where you don't really even need to do backups (This is basically how Office 365 is set up, but with a lot more nodes per DAG).
7. What do you mean by auditing? What exactly are you looking for?
8. The InPlace Hold feature allows fantastic DR for individual items and mailboxes, since nothing can ever be deleted. For entire server failures, a DAG with a Network Load Balancer will provide disaster resilience, but there are a lot of things to consider when designing a HA Exchange cluster (more than can be covered easily here). Disaster recovery in 2016 uses Recovery Databases, which were released in Exchange 2010. Basically, you would restore a full copy of the database, mount it on Exchange as a Recovery Database, then run a mailbox recovery. This is a pretty big subject that is hard to cover as well.

Assisted Solution

by:CodeTwo Software
CodeTwo Software earned 332 total points (awarded by participants)
ID: 41821182
Hi Kurajesh,

7: Apart from journaling there's also mailbox auditing. It's very easy to set up via PowerShell:

Set-Mailbox [user name] –AuditEnabled $True

Open in new window

Additional parameters let you define log retention time, what actions are logged, etc. The logs themselves can be searched via Shell and EMC. More info in this article (the 2013 commands work for 2016): http://www.codetwo.com/admins-blog/user-mailbox-and-shared-mailbox-auditing-in-exchange-2013/?sts=6362

All your other questions have been addressed, so let me just add that you can do the mailbox move from 2003 to 2016 directly (no double-hop) in a cross-forest scenario using CodeTwo Exchange Migration. Learn more here: http://www.codetwo.com/exchange-migration/cross-forest?sts=6362

If you have questions about any of the above, don't hesitate to ask.

Best regards,
LVL 16

Assisted Solution

by:Ajit Singh
Ajit Singh earned 332 total points (awarded by participants)
ID: 41821599
I hope the above suggestion clarifies you concern to get this job done.

For migration, you'll prob need to go to Exchange server 2010/2013 first then you can easily migrate from Exchange server 2010/2013 to Exchange server 2016. Moreover, You may get help from this path to upgrade to Exchange 2016:

-Install Exchange 2010 into your Exchange 2003 organization.

-Configure Exchange 2010 and Exchange 2003 coexistence.

-Migrate Exchange 2003 mailboxes, public folders, and other components to Exchange 2010.

-Decommission and remove all Exchange 2003 servers.

-Install Exchange 2016 into your Exchange 2010 organization.

-Configure Exchange 2016 and Exchange 2010 coexistence.

-Migrate Exchange 2010 mailboxes, public folders, and other components to Exchange 2016.

-Decommission and remove all Exchange 2010 servers.

In addition to above few more migration solutions out their to migrate directly from Exchange 2003 or 2007 to Exchange 2016 easily and efficiently, like:
Dell Migration Manager for Exchange
Lepide Migrator for Exchange

Hope this helps!
LVL 32

Expert Comment

by:Scott C
ID: 41858234
Excellent suggestions from all.  Should answer question completely.

Featured Post

WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question