Re: Exchange 2003 Front-end design

  • From: Dennis Depp <dennis.depp@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 21 Dec 2004 07:55:06 -0500

Sorry for the late reply, but I didn't see anyone really answer your questions.

1.  You don't say what type of servers you are running.  I have two
front end servers.  These are dual processor machines with 1GB ram.  I
have no problem with load on these servers.  I would estimate a
similar load to what you describe.

2.  I have not used NLB on the front end servers, but I am considering
it.  You can have NLB temporarily turn off for new connections and
then wait for existing connections to finish.  This allows for a more
seamless patching environment than our existing solution.

3.  Again I am not running NLB with Exchange, but I have no SSL issues
on other NLB servers I am running.

4.  Yes NLB is smart enough to forward all your requests to the same
front end server.  I believe this is configurable, but I have not done
any tinkering with it.

Dennis


On Thu, 16 Dec 2004 23:53:11 -0500, Chris Wall
<Chris.Wall@xxxxxxxxxxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
> 
> 
> Currently trying to decide on the best Front-end deployment of Exchange 2003
> for our organization...
> 
>  
> 
> I am leaning towards using windows 2003 server NLB (network load balancing)
> on 3 servers in our DMZ.  These three servers will all perform SMTP Gateway,
> OWA with SSL, RPC over HTTPS duties and each will have GFI Mail Security and
> Mail Essentials running on them...  These servers will not be clustered - at
> least they will not share an external NAS or SAN device for storage.  They
> will rely on their own disk stores individually.
> 
>  
> 
> A little info about our domain..
> 
> - I am estimating no more than 50 to 75 OWA users at any time.  RPC over
> HTTPS will be used sporatically at best.  We receive on average 4 million
> e-mails per month, 85% of which is marked as SPAM.  I expect this number to
> drop drastically when GFI is installed on the Exchange 2003 FE servers and
> can reject emails destined for non-existent e-mail addresses on our domain.
> 
>  
> 
>  
> 
> My Questions/concerns are:
> 
>  
> Is this too much load on these servers?  (SSL encryption for OWA and RPC,
> SPAM/Viral filtering, as well as SMTP delivery) 
> 
>       2.   Has anyone implemented NLB on their front end servers?  If so,
> can you provide any Pros/Cons?
> Will I have SSL Certificate issues with NLB on FE servers? 
> How are the OWA and RPC sessions handled? In other words, if a user connects
> to OWA in the NLB environment, will Windows NLB be smart enough to forward
> all their exchange requests back to the original FE server so that the
> session is not dropped or cancelled? 
> 
>  
> 
> Microsoft recommends the use of NLB on FE servers, but I have yet to find
> any real detail into possible issues or deployment recommendations.  After
> this, I hope to write a 'Help' document to be posted on MSExchange.org as
> there isn't one there at this time.
> 
>  
> 
> Thanks for your expertise.
> 
> 
> Regards,
> 
>  
> 
> Chris Wall
> 
> Sr. Exchange Administrator
> 
> MCSE, MCSA
> 
> T - 919.460.3236
> 
> F - 919.468.4889
> 
>  
> 
> Global Knowledge Network
> 
> LEARNING. To Make a Difference
> 
> http://www.globalknowledge.com
> 
>  ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> dennis.depp@xxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx


Other related posts: