Re: Exchange 2003 Front-end design

• From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
• To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
• Date: Tue, 21 Dec 2004 09:49:56 -0500

Dennis,

Thanks for the information.  I have set this up in a test environment and
all seems to be working out...  I am using Dell 2650's (dual processors)
with 1 gb ram each. The only challenge that I have at this point is with GFI
Mail Essentials and Mail Security.  This is a software SPAM/Virus solution
and there is no way for the 3 machines to reference a single database for
block lists, white lists, etc... In other words, the 3 machines will all
have different block lists, bayesian filters, etc.  This is not good.

 To over come this I have decided that the better design for my org is to
have 2 Front-end NLB servers running Secure OWA and RPC over HTTPS.  Then
also have two SMTP Gateway FE servers with different MX record values and
attempt to keep these  machines as 'similar' as possible with their GFI
block lists.

Thanks again for the info.

Chris

-----Original Message-----
From: Dennis Depp [mailto:dennis.depp@xxxxxxxxx] 
Sent: Tuesday, December 21, 2004 7:55 AM
To: [ExchangeList]
Subject: [exchangelist] Re: Exchange 2003 Front-end design

http://www.MSExchange.org/

Sorry for the late reply, but I didn't see anyone really answer your
questions.

1.  You don't say what type of servers you are running.  I have two
front end servers.  These are dual processor machines with 1GB ram.  I
have no problem with load on these servers.  I would estimate a
similar load to what you describe.

2.  I have not used NLB on the front end servers, but I am considering
it.  You can have NLB temporarily turn off for new connections and
then wait for existing connections to finish.  This allows for a more
seamless patching environment than our existing solution.

3.  Again I am not running NLB with Exchange, but I have no SSL issues
on other NLB servers I am running.

4.  Yes NLB is smart enough to forward all your requests to the same
front end server.  I believe this is configurable, but I have not done
any tinkering with it.

Dennis


On Thu, 16 Dec 2004 23:53:11 -0500, Chris Wall
<Chris.Wall@xxxxxxxxxxxxxxxxxxx> wrote:
> http://www.MSExchange.org/
> 
> 
> Currently trying to decide on the best Front-end deployment of Exchange
2003
> for our organization...
> 
>  
> 
> I am leaning towards using windows 2003 server NLB (network load
balancing)
> on 3 servers in our DMZ.  These three servers will all perform SMTP
Gateway,
> OWA with SSL, RPC over HTTPS duties and each will have GFI Mail Security
and
> Mail Essentials running on them...  These servers will not be clustered -
at
> least they will not share an external NAS or SAN device for storage.  They
> will rely on their own disk stores individually.
> 
>  
> 
> A little info about our domain..
> 
> - I am estimating no more than 50 to 75 OWA users at any time.  RPC over
> HTTPS will be used sporatically at best.  We receive on average 4 million
> e-mails per month, 85% of which is marked as SPAM.  I expect this number
to
> drop drastically when GFI is installed on the Exchange 2003 FE servers and
> can reject emails destined for non-existent e-mail addresses on our
domain.
> 
>  
> 
>  
> 
> My Questions/concerns are:
> 
>  
> Is this too much load on these servers?  (SSL encryption for OWA and RPC,
> SPAM/Viral filtering, as well as SMTP delivery) 
> 
>       2.   Has anyone implemented NLB on their front end servers?  If so,
> can you provide any Pros/Cons?
> Will I have SSL Certificate issues with NLB on FE servers? 
> How are the OWA and RPC sessions handled? In other words, if a user
connects
> to OWA in the NLB environment, will Windows NLB be smart enough to forward
> all their exchange requests back to the original FE server so that the
> session is not dropped or cancelled? 
> 
>  
> 
> Microsoft recommends the use of NLB on FE servers, but I have yet to find
> any real detail into possible issues or deployment recommendations.  After
> this, I hope to write a 'Help' document to be posted on MSExchange.org as
> there isn't one there at this time.
> 
>  
> 
> Thanks for your expertise.
> 
> 
> Regards,
> 
>  
> 
> Chris Wall
> 
> Sr. Exchange Administrator
> 
> MCSE, MCSA
> 
> T - 919.460.3236
> 
> F - 919.468.4889
> 
>  
> 
> Global Knowledge Network
> 
> LEARNING. To Make a Difference
> 
> http://www.globalknowledge.com
> 
>  ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> World of Windows Networking: http://www.windowsnetworking.com
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSEXchange.org Discussion List as:
> dennis.depp@xxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
Chris.Wall@xxxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

• » Exchange 2003 Front-end design
• » Re: Exchange 2003 Front-end design
• » Re: Exchange 2003 Front-end design
• » Re: Exchange 2003 Front-end design
• » Re: Exchange 2003 Front-end design
• » Re: Exchange 2003 Front-end design
• » Re: Exchange 2003 Front-end design
• » Re: Exchange 2003 Front-end design
• » Re: Exchange 2003 Front-end design

1. Home
2. exchangelist
3. Archive
4. 12-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---