jskfan
asked on
Exchange 2013 CAS Array
Exchange 2013 CAS Array
If I understand, Users from inside the Network and Outside the Network, when they connect to their mailboxes in Exchange server, they should go through one of the CAS servers.
Multiple CAS servers are set as an Array and Virtual IP address should be assigned to the Array and DNS record should be created for the CAS Array
OK Now, how do you create the CAS array for internal/External users ?
Thank you
If I understand, Users from inside the Network and Outside the Network, when they connect to their mailboxes in Exchange server, they should go through one of the CAS servers.
Multiple CAS servers are set as an Array and Virtual IP address should be assigned to the Array and DNS record should be created for the CAS Array
OK Now, how do you create the CAS array for internal/External users ?
Thank you
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes, but you want to balance it more, you would need to implement a hardware LB.
Just make sure all the servers have the Client Access role installed.
ASKER
For users coming from Outside how do they get to their mailboxes ?
mail.exchange2013demo.com will have a Public IP address on the public DNS
mail.exchange2013demo.com will have a Public IP address on the public DNS
For OWA? They would go to mail.exchange2013demo.com/ owa to get it. For using Outlook or Phones, you will need to have Autodiscover setup correctly. this is assuming you have all the prerequisites taken care of already. Users have access to your Mail servers via https and you have a certificate with the name autodiscover.exchange2013d emo.com and mail.exchange2013demo.com on it and your users all have mail addresses of @exchange2013demo.com. There are many good setup articles out there you can use.
ASKER
Can you please describe the path that external user takes to get to their email from outside.
for instance :
mail.exchange2013demo.com is registered with the ISP
user will type in in the browser: mail.exchange2013demo.com
the Public IP associated with mail.exchange2013demo.com should be the extrenal interface of the firewall .
The firewall will know that is an SMTP traffic and will route traffic to the load -balancer for CAS servers.
etc....
etc....
until user gets to their mailbox.
a process flow like that might help.
I have seen some process flow diagrams online but, not clear ..
for instance :
mail.exchange2013demo.com is registered with the ISP
user will type in in the browser: mail.exchange2013demo.com
the Public IP associated with mail.exchange2013demo.com should be the extrenal interface of the firewall .
The firewall will know that is an SMTP traffic and will route traffic to the load -balancer for CAS servers.
etc....
etc....
until user gets to their mailbox.
a process flow like that might help.
I have seen some process flow diagrams online but, not clear ..
OK, this all assumes the following.
1. Your Public IP is configured correctly on your firewall and has TCP port 443 forwarded to your Load Balancer VIP for the CAS Traffic
2. You have DNS configured Correctly with an A record for Mail and an A record for Autodiscover
3 Given the above information, you have configured IIS redirect on the root Website to redirect requests to https://mail.exchange2013demo.com/owa
4. You have certificates installed with the name mail.exchange2013demo.com and the SAN autodiscover.exchange2013d emo.com
5. You users use the mail domain @exchange2013demo.com
For OWA, the user types https://mail.exchange2013demo.com in the browser. His resolved to the proper IP and the traffic is directed to the Load Balancer VIP. Depending on your type of Load Balancer, the traffic will be directed to one of the CAS servers. The site there will return a redirect to the /owa virtual directory and prompts the user to login. They now get their mail. The CAS server just proxies the connection to the mail server with the active database if you have a DAG.
For Outlook (Outlook ANywhere), Outlook will resolve the dns name autodiscover.exchange2013d emo.com and use this to contact the CAS array. The actual path is the same. It will use the settings downloaded from the Autodiscover Virtual Directory to configure it.
Sorry if this seems to be over explaining things but I am not sure how familiar you are with Exchange planning.
1. Your Public IP is configured correctly on your firewall and has TCP port 443 forwarded to your Load Balancer VIP for the CAS Traffic
2. You have DNS configured Correctly with an A record for Mail and an A record for Autodiscover
3 Given the above information, you have configured IIS redirect on the root Website to redirect requests to https://mail.exchange2013demo.com/owa
4. You have certificates installed with the name mail.exchange2013demo.com and the SAN autodiscover.exchange2013d
5. You users use the mail domain @exchange2013demo.com
For OWA, the user types https://mail.exchange2013demo.com in the browser. His resolved to the proper IP and the traffic is directed to the Load Balancer VIP. Depending on your type of Load Balancer, the traffic will be directed to one of the CAS servers. The site there will return a redirect to the /owa virtual directory and prompts the user to login. They now get their mail. The CAS server just proxies the connection to the mail server with the active database if you have a DAG.
For Outlook (Outlook ANywhere), Outlook will resolve the dns name autodiscover.exchange2013d
Sorry if this seems to be over explaining things but I am not sure how familiar you are with Exchange planning.
ASKER
Ok.. quick questions
1 - How does the firewall know that this email traffic needs to be forwarded to Load Balancer VIP ? because it is SMTP ?
2 - at the Registrar(ISP) we will have 2 DNS records :
mail.exchange2013demo.com (for OWA)
autodiscover.exchange2013d emo.com ( For Outlook Anywhere)
Correct ?
Probably Internal DNS also will have the same DNS records. Corretc ?
3--in your statement "The site there will return a redirect to the /owa virtual directory and prompts the user to login."
the redirect will be within the CAS server ?
4--- you stated users will hit the load Balancer through the Firewall , if I understand Load Balancer will have internal IP NATTED by the Firewall... Correct ?
Thank you for your time
1 - How does the firewall know that this email traffic needs to be forwarded to Load Balancer VIP ? because it is SMTP ?
2 - at the Registrar(ISP) we will have 2 DNS records :
mail.exchange2013demo.com (for OWA)
autodiscover.exchange2013d
Correct ?
Probably Internal DNS also will have the same DNS records. Corretc ?
3--in your statement "The site there will return a redirect to the /owa virtual directory and prompts the user to login."
the redirect will be within the CAS server ?
4--- you stated users will hit the load Balancer through the Firewall , if I understand Load Balancer will have internal IP NATTED by the Firewall... Correct ?
Thank you for your time
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for your Help
ASKER
-- Configure Outlook Anywhere on each CAS server to point to mail.exchange2013demo.com
---Add mail.exchange2013demo.com to DNS
when user opens Outlook does it look for mail.exchange2013demo.com which in turn sends the Outlook to a less busiest CAS Server ?