Dennis, Thanks for the information. I have set this up in a test environment and all seems to be working out... I am using Dell 2650's (dual processors) with 1 gb ram each. The only challenge that I have at this point is with GFI Mail Essentials and Mail Security. This is a software SPAM/Virus solution and there is no way for the 3 machines to reference a single database for block lists, white lists, etc... In other words, the 3 machines will all have different block lists, bayesian filters, etc. This is not good. To over come this I have decided that the better design for my org is to have 2 Front-end NLB servers running Secure OWA and RPC over HTTPS. Then also have two SMTP Gateway FE servers with different MX record values and attempt to keep these machines as 'similar' as possible with their GFI block lists. Thanks again for the info. Chris -----Original Message----- From: Dennis Depp [mailto:dennis.depp@xxxxxxxxx] Sent: Tuesday, December 21, 2004 7:55 AM To: [ExchangeList] Subject: [exchangelist] Re: Exchange 2003 Front-end design http://www.MSExchange.org/ Sorry for the late reply, but I didn't see anyone really answer your questions. 1. You don't say what type of servers you are running. I have two front end servers. These are dual processor machines with 1GB ram. I have no problem with load on these servers. I would estimate a similar load to what you describe. 2. I have not used NLB on the front end servers, but I am considering it. You can have NLB temporarily turn off for new connections and then wait for existing connections to finish. This allows for a more seamless patching environment than our existing solution. 3. Again I am not running NLB with Exchange, but I have no SSL issues on other NLB servers I am running. 4. Yes NLB is smart enough to forward all your requests to the same front end server. I believe this is configurable, but I have not done any tinkering with it. Dennis On Thu, 16 Dec 2004 23:53:11 -0500, Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > > Currently trying to decide on the best Front-end deployment of Exchange 2003 > for our organization... > > > > I am leaning towards using windows 2003 server NLB (network load balancing) > on 3 servers in our DMZ. These three servers will all perform SMTP Gateway, > OWA with SSL, RPC over HTTPS duties and each will have GFI Mail Security and > Mail Essentials running on them... These servers will not be clustered - at > least they will not share an external NAS or SAN device for storage. They > will rely on their own disk stores individually. > > > > A little info about our domain.. > > - I am estimating no more than 50 to 75 OWA users at any time. RPC over > HTTPS will be used sporatically at best. We receive on average 4 million > e-mails per month, 85% of which is marked as SPAM. I expect this number to > drop drastically when GFI is installed on the Exchange 2003 FE servers and > can reject emails destined for non-existent e-mail addresses on our domain. > > > > > > My Questions/concerns are: > > > Is this too much load on these servers? (SSL encryption for OWA and RPC, > SPAM/Viral filtering, as well as SMTP delivery) > > 2. Has anyone implemented NLB on their front end servers? If so, > can you provide any Pros/Cons? > Will I have SSL Certificate issues with NLB on FE servers? > How are the OWA and RPC sessions handled? In other words, if a user connects > to OWA in the NLB environment, will Windows NLB be smart enough to forward > all their exchange requests back to the original FE server so that the > session is not dropped or cancelled? > > > > Microsoft recommends the use of NLB on FE servers, but I have yet to find > any real detail into possible issues or deployment recommendations. After > this, I hope to write a 'Help' document to be posted on MSExchange.org as > there isn't one there at this time. > > > > Thanks for your expertise. > > > Regards, > > > > Chris Wall > > Sr. Exchange Administrator > > MCSE, MCSA > > T - 919.460.3236 > > F - 919.468.4889 > > > > Global Knowledge Network > > LEARNING. To Make a Difference > > http://www.globalknowledge.com > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp > Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com > Leading Network Software Directory: http://www.serverfiles.com > No.1 ISA Server Resource Site: http://www.isaserver.org > Windows Security Resource Site: http://www.windowsecurity.com/ > Network Security Library: http://www.secinf.net/ > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this MSEXchange.org Discussion List as: > dennis.depp@xxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=exchangelist > Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: Chris.Wall@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx