RE: Bridgehead Exchange Server Build
- From: "Mulnick, Al" <Al.Mulnick@xxxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Wed, 12 Jan 2005 17:20:16 -0500
Silly people those softies ;)
It makes perfect sense. What he's saying is to create a server that does
nothing but handle the SMTP traffic to/from the internet gateways. Your FE
server in the DMZ is for OWA and I assume that's all it does.
To prevent the traffic from having to go to the DMZ for restriction
processing, the softie wants you to create a separate FE server dedicated to
that process.
Basically, you want to have a server that handles SMTP traffic and
restrictions, so you basically want something with processor and disk
spindles. Not a lot, but some more than a standard web server, right. I'd
approach it like this: dual proc machine with some memory (1-2GB would
likely be more than enough), enough spindles to off-load the log files and
the SMTP Queue (since that's what it does, right?). In HPQ terms, that
would likely be a DL380 machine with 6 spindles in RAID 1 x 3 configuration
(three mirror sets). Not too large of drives, but 36GB would be likely.
All of this depends on the expected message traffic, but it's primary job is
to check restrictions and route mail. That infers you'd want to be able to
withstand some backed up SMTP queues, hence the space/spindles. SMTP also
does better if you remove the disk bottleneck. SMTP is write heavy,
previously estimated for planning at 7:1 w/r signature.
To install a server as a FE server, install it into the ORG. Configure the
disk layout. Designate it as a FE server. Configure your connector to use
that server as the brideghead. In case of failure, re-configure the
connector to your BE master server.
What confuses me, is what the purpose of the BE master server is? If it's
not doing anything, why not use it? If it services mailboxes, then never
mind.
As a side note, it's likely that you would want to off-load RUS and DG
expansion to this machine as well, if you can get away with it. Just a
thought though.
Does that make sense?
Al
-----Original Message-----
From: Amy Kohler [mailto:akohler@xxxxxxxxxxxxx]
Sent: Wednesday, January 12, 2005 4:59 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Bridgehead Exchange Server Build
http://www.MSExchange.org/
Currently we have an FE OWA server in the DMZ. We have a dedicated SMTP
Gateway for inbound and a dedicated SMTP (Symantec) Gatway for outbound. We
have a master be and a cluster be. A microsoft health guy came in last month
and said that since we have restrictions to not let certain users be able to
send internet mail (configured on the connector) we should implement a
dedicated bridgehead server to take off the process toll of the...
Here is what he wrote:
The first is the lack of a dedicated bridgehead server. In a small
environment this is not a problem in and of itself, as all servers can still
email all others and the Internet with no problems. However, as message
volumes increase, the lack of a dedicated routing server will be felt as
mailbox servers suffer under an increased routing load.
The use of restrictions on connectors is particularly problematic in an
environment without dedicated routing servers. Restriction checking is
extremely processor intensive, as the criteria must be re-evaluated for each
message. Having mailbox servers spend precious cycles upon evaluating
message criteria is inherently inefficient. By deploying a dedicated
bridgehead server, this restriction checking can be offloaded to a server
whose primary function is to perform such work. EXCHSTL1 is the current
bridgehead for the outbound SMTP connector to the Internet.
Therefore, we want to set up a dedicated exchange bridgehead server inside
the DMZ that the mail can flow through and can process the restrictions on
the connector and take processor work off of the master server. Does this
help?
-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Wednesday, January 12, 2005 3:50 PM
To: [ExchangeList]
Cc: Amy Kohler
Subject: [exchangelist] RE: Bridgehead Exchange Server Build
http://www.MSExchange.org/
If you have a FE in the DMZ, a smarthost isn't what you want to be using. A
FE server is part of the Exchange ORG by default. Unless it's part of a
separate forest, it knows how to route with any connectors defined to use
the bridgehead.
Is that how you have it configured?
-----Original Message-----
From: Amy Kohler [mailto:akohler@xxxxxxxxxxxxx]
Sent: Wednesday, January 12, 2005 3:42 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Bridgehead Exchange Server Build
http://www.MSExchange.org/
What if I already have an FE in the dmz. Have you ever heard that one would
need to remove the smart host from the BE's also?
-----Original Message-----
From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx]
Sent: Wednesday, January 12, 2005 2:24 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Bridgehead Exchange Server Build
http://www.MSExchange.org/
Usually you'd designate it as a Front-End server as well. That just says
that it's not going to handle any user mailstores.
There are some docs on http://www.microsoft.com/exchange/library that talk
about FE-BE scenarios if you need them.
al
-----Original Message-----
From: Amy Kohler [mailto:akohler@xxxxxxxxxxxxx]
Sent: Wednesday, January 12, 2005 3:23 PM
To: [ExchangeList]
Subject: [exchangelist] Bridgehead Exchange Server Build
http://www.MSExchange.org/
Good Afternoon!
It has been suggested to me to build a Dedicated BridgeHead server for my
exchange environment to off load the backend servers since I am using
restrictions on connectors. Does anyone know of a "rules to follow or steps
to follow for building a Dedicated Bridgehead server?
All is 2000
Do I Just install exchange, patch it, IIS Lockdown it. It will be behind
firewalls.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
akohler@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
akohler@xxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
al.mulnick@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx
Other related posts:
