• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 103
  • Last Modified:

Exchange 2016 Deployment

We have the project to migrate from exchange 2003 to exchange 2016.

My queries are :

1) New Hardware sizing (for 200 users) - planning to have 2 virtual servers in two diff physical hosts
2) DAG setup with HA
3) Load Balancing - Is the OS Loadbalacning and exchange DAG is enough or need to have applicance
4) Antispam to be used for extensive filtering
5) Securing exchange
6) Backup policies for exchnage 2016
7) Audit Mechanisms
8) DR for Exxhange 2016
4 Solutions
Scott CSenior Systems EnginerCommented:
1.  Get a good server.   One we have been using that will meet your needs is an HP ML350 G9.  Get plenty of HD space
2.  Not sure what the question is but yes, you can set up a DAG for HA.
3.  For your environment, you should be ok without the hardware part to LB.
4.  I would use an external spam filter such as AppRiver
5.  Make sure your hardware and passwords are adequate.
6.  I would suggest the 3-2-1 rule.  3 copies of data, 2 onsite in different locations and 1 offsite.
7.  You could op to use a journaling mailbox
8.  If your backups are in good shape your DR should be ok.

Now, there is no direct migration path from Exchange 2003 to 2016.  You MUST first do a migration to Exchange 2010, remove Exchange 2003 completely, then migrate to Exchange 2016.
Adam BrownSr Solutions ArchitectCommented:
1. https://gallery.technet.microsoft.com/Exchange-2013-Server-Role-f8a61780 has a calculator, the requirements for 2016 are not different than 2013 with all roles installed. Add a little additional CPU for safety, though.
2. DAG creates a copy of the DB on all nodes, so make sure you provide enough space for each copy and its transaction logs. If you have 3 or more nodes set up with one as a Lagged copy, you can usually get away with Circular logging on all databases, which saves some space. It does require a Hardware Load Balancer to do proper HA, but you can skip that if you're okay with changing DNS records for client access when the primary node fails. If you have a 2 node DAG (even number of nodes), be mindful of where you place your File Share Witness. Do not configure that to point to another Exchange Server. Point it to a system that will allow at least one Exchange Server to access the file share if the connection between exchange servers fails. That will prevent Split Brain issues.
3. You cannot do Windows NLB and DAG on the same server, so if you want to Load Balance things for HA purposes, you need to have a Hardware Load Balancer. Since 2016 did away with multiple server roles, NLB is no longer supported by MS for Exchange 2016.
4. I usually recommend cloud-based spam services like AppRiver or Barracuda's cloud security service. Unless, of course, you are under HIPAA regulations and ePHI is sent by email. If that's the case, get a Barracuda Appliance that includes their Outlook encryption plugin. It will save you a lot of headache, since the only spam service I've found that even allows forced encryption is Exchange Online Protection with Azure AD RMS added on. All the others I've looked at are either crazy expensive or don't offer it at all.
5. Depends on how much security you want. Spam Filter appliances/services do most of the security that you'll *need* by filtering access to port 25, but you need to make sure port 25 is *only* accessible by the IP addresses of the spam filter. If you have a high security environment or policies that state Domain Joined Computers cannot be accessible from the Internet, you'll want to set up a Web Application Publishing Server on a non-domain Server 2012 R2 system for port 443. If you use a Load Balancer, that will take care of security for OWA and other websites on the Exchange server, since HLB devices serve as Reverse Proxies for Exchange.
6. Depends on your company's disaster recovery policies and whether you have backup software that is Exchange Aware. If you're willing to spend extra for Enterprise CALs, you have access to the In-Place Hold feature, which allows you to prevent users from permanently deleting emails. This technique makes it so you can restore individual messages or folders without having to go to your backups. That in combination with a 3 node DAG that has one lagged node will give you a "Backupless" Exchange environment, where you don't really even need to do backups (This is basically how Office 365 is set up, but with a lot more nodes per DAG).
7. What do you mean by auditing? What exactly are you looking for?
8. The InPlace Hold feature allows fantastic DR for individual items and mailboxes, since nothing can ever be deleted. For entire server failures, a DAG with a Network Load Balancer will provide disaster resilience, but there are a lot of things to consider when designing a HA Exchange cluster (more than can be covered easily here). Disaster recovery in 2016 uses Recovery Databases, which were released in Exchange 2010. Basically, you would restore a full copy of the database, mount it on Exchange as a Recovery Database, then run a mailbox recovery. This is a pretty big subject that is hard to cover as well.
CodeTwo SoftwareSoftware DeveloperCommented:
Hi Kurajesh,

7: Apart from journaling there's also mailbox auditing. It's very easy to set up via PowerShell:

Set-Mailbox [user name] –AuditEnabled $True

Open in new window

Additional parameters let you define log retention time, what actions are logged, etc. The logs themselves can be searched via Shell and EMC. More info in this article (the 2013 commands work for 2016): http://www.codetwo.com/admins-blog/user-mailbox-and-shared-mailbox-auditing-in-exchange-2013/?sts=6362

All your other questions have been addressed, so let me just add that you can do the mailbox move from 2003 to 2016 directly (no double-hop) in a cross-forest scenario using CodeTwo Exchange Migration. Learn more here: http://www.codetwo.com/exchange-migration/cross-forest?sts=6362

If you have questions about any of the above, don't hesitate to ask.

Best regards,
Ajit SinghCommented:
I hope the above suggestion clarifies you concern to get this job done.

For migration, you'll prob need to go to Exchange server 2010/2013 first then you can easily migrate from Exchange server 2010/2013 to Exchange server 2016. Moreover, You may get help from this path to upgrade to Exchange 2016:

-Install Exchange 2010 into your Exchange 2003 organization.

-Configure Exchange 2010 and Exchange 2003 coexistence.

-Migrate Exchange 2003 mailboxes, public folders, and other components to Exchange 2010.

-Decommission and remove all Exchange 2003 servers.

-Install Exchange 2016 into your Exchange 2010 organization.

-Configure Exchange 2016 and Exchange 2010 coexistence.

-Migrate Exchange 2010 mailboxes, public folders, and other components to Exchange 2016.

-Decommission and remove all Exchange 2010 servers.

In addition to above few more migration solutions out their to migrate directly from Exchange 2003 or 2007 to Exchange 2016 easily and efficiently, like:
Dell Migration Manager for Exchange
Lepide Migrator for Exchange

Hope this helps!
Scott CSenior Systems EnginerCommented:
Excellent suggestions from all.  Should answer question completely.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now