What would be best topology considering that:
- 6 x Exchange 2010 Standard Licenses
- 2 x Separate locations that are supposed to support redundancy in case of link problems
- 4 x Forefront TMG 2010 with Forefront Security and Forefront Protection/Security
Multiple locations worldwide using those Exchange. Most locations will be connected with VPN Tunnel (the ones hosting Exchange for sure).
I was thinking something like this:
Location MAIN (about 70-100 people):
- 2x TMG 2010 in NLB
- 1x Exchange 2010 CAS/HUB Role
- 2x Exchange 2010 Mailbox Role (Active + Passive)
Location SUPPORT (about 20 people):
- 2x TMG 2010 in NLB
- 1x Exchange 2010 CAS/HUB Role
- 2x Exchange 2010 Mailbox Role (Active + Passive)
Management wants to make sure that in case of problems in main location (power failure, link loss etc) second location can support all traffic from around the world and vice-versa. We have 6-7 locations and more comming up (not big ones but like 10+ people per each location).
I do know that CAS/HUB is single point of failure (and no NLB), but i simply lack more licenses to do some redundancy on that.
What do you think about this approach? What would be better approach according to you?
Best Answer
That setup doesn't sound too ridiculous to me, and I wouldn't change much. I'm assuming all the preparatory work has been done (such as multiple Active Directory Sites, Domain controllers in each site etc.) so I won't go into great detail about that. If you can stretch your budget a little bit, I would tweak your CAS topology a little bit to eliminate the SPOF.
You can install the Hub Transport role on your Mailbox servers and they will automatically load balance themselves according to the Active Directory site they reside in. That's a quick and easy win, and I can't see that much of a reason not to do this.
If your budget can accomodate 2 hardware load balancers, you can also install the CAS role on the Mailbox servers as well. You'd then create A records in DNS for your load balancers and configuire the appropriate Mailbox Databases in each site to use the CAS Array for the site.
To do this, issue the command
New-ClientAccessArray -Fqdn "ex-sitename-casarray.acme-widgets.com" -Site "AD-Site-MAIN"for each site (replacing your A records and real AD Site Names as appropriate).Then issue
Set-MailboxDatabase "<<Appropriate Database>>" -RpcClientAccessServer <<site-casarray-name.acme-widgets.com>>to make sure your Mailbox Databases use the CAS Array.It is best to have a local copy of a users Mailbox in the same site as the user, so I would create 2 Mailbox Databases each replicating to a Mailbox server in the same site, as well as the other site (I've done a diagram to visualise it for you). For users in the MAIN site, home their Mailbox on the Main Mailbox DB and for users in the SUPPORT site, home their Mailboxes on the Support Mailbox DB.