Exchange 2010 Design Consideration in Multi Site Topology

  • Thread starter scott_k22792
  • Start date Views 1,467
Status
Not open for further replies.
S

scott_k22792

Hi all,
This is going to be a multi-part question post. We want to take advantage of an active/passive configuration between two data centers. Site A / primary houses all users. We will have two cas, ht and mailbox servers with a single mail edge. In our failover datacenter Site B, we will have a multi-role server with ht/cas/mailbox and an additional mail-edge server. Our focus is on simplicity.
Our intention is for users to only connect to this remote datacenter in a lights out/disaster scenario, or in the possible case of a planned outage, but this last will be very unlikely. The intention would likely be to simply use OWA for accessing mail in the remote site during its alive time. What I would like to achieve though is the continued use of the second mail-edge. The business wants to ensure that external mail is always delivered and never ndr"ed back to the customers. My intention was to add an additional mx record with a higher cost for this second mail-edge.
Now my questions begin.
1) Having a second mail-edge in the remote data center I understand that once a subscription is in place that edge should be able to forward messages to the HT servers in site A so long as it has connectivity to them. My question is, if site a went offline for 30 minutes would all incoming external mail queue on the remote edge server and deliver to the HT servers of Site A once it is reachable again?
2) having the second remote edge server, is it possible to prevent internal outgoing messages from being load balanced to that server and instead force clients to only send outgoing external messages to the edge server in their site (site a)?
3) In the case we want to keep things very simple for a failover scenario (that is our goal). Is it enough to give users an externally accessible IP address to the CAS server in the remote data center that they could connect to for OWA access? What we are trying to avoid is creating the split dns name space, renaming all of our services so they don"t conflict, ensuring they are registered on the certificate, etc. Since we only want to use this remote site (site b) as a dr site and not a regular failover site I think this could meet our needs in the case of a catastrophic failure. Our main concern is being able to continue sending, receiving and having available all messages in the case our primary site goes offline for an extended period of time. Limited access is better than no access. Continued mail flow however is extremely critical to the company.
That is our plan. Are there any gaping holes that need to be addressed? I understand the failover scenario is not considered optimal but we are a company of about 650 users. Designing a failover environment on the scale of a typical enterprise network is not required for us. We just want to ensure we can get access to continue sending and receiving mail if the primary site goes offline, without all the additional complexity of modifying dns to point to different cas arrays, worry about activesync, outlook anywhere, mapi connectivity, etc. We can live without those features in a DR situation. That would be the last of our concerns at that point.
 
B

Busbar [MVP]

1) Having a second mail-edge in the remote data center I understand that once a subscription is in place that edge should be able to forward messages to the HT servers in site A so long as it has connectivity to them. My question is, if site a went offline for 30 minutes would all incoming external mail queue on the remote edge server and deliver to the HT servers of Site A once it is reachable again?

a- you don't need to edge you can do that by hub, if you will use edge, you will subscribe hte edge at site B to the HUB on site b and it will forward the email to HUB at site A, if site A goes down, it will queue at site B.

2) having the second remote edge server, is it possible to prevent internal outgoing messages from being load balanced to that server and instead force clients to only send outgoing external messages to the edge server in their site (site a)?

a- if you didn't subsribe the edge at site B to HUB at site A (which should be the configuration) then it will be fine, if not then it will be load balanced.

3) In the case we want to keep things very simple for a failover scenario (that is our goal). Is it enough to give users an externally accessible IP address to the CAS server in the remote data center that they could connect to for OWA access? What we are trying to avoid is creating the split dns name space, renaming all of our services so they don"t conflict, ensuring they are registered on the certificate, etc. Since we only want to use this remote site (site b) as a dr site and not a regular failover site I think this could meet our needs in the case of a catastrophic failure. Our main concern is being able to continue sending, receiving and having available all messages in the case our primary site goes offline for an extended period of time. Limited access is better than no access. Continued mail flow however is extremely critical to the company.

we have done that by having mail and drmail when mail is not accessible then users are using drmail.

Regards, Mahmoud Magdy Watch Arabic Level 300 Videos about Exchange 2010 here: http://vimeo.com/user3271816 Read pretty advanced Exchange stuff I post here: http://www.enowconsulting.com/ese/blog.asp, follow my blog: http://autodiscover.wordpress.com , corp blog: http://ingazat.wordpress.com, Follow me on twitter http://www.twitter.com/_busbar and if you Liked my post please mark it as helpful and accept it as an answer
 
S

Steve Goodman

Hiya,

Just to add to Mahmoud's comments, which answer your questions..

Firstly , you should consider use of DAC to ensure you don't get a split-brain scenario.

Secondly, don't forget that in most setups the failover/failback won't be automatic, and you probably don't want it to be.

Thirdly, make sure your DNS infrastructure is solid. If it's not, then that's what will cause NDRs. A mail server that is down but can be resolved shouldn't lose mail. RFC compliant hosts will retry. If no MX records can be resolved - that's where NDRs start. I'm not saying it's not worth having a secondary MX already plumbed in though as some mail servers may not be set to retry. Also bear in mind you'll still get (mostly rubbish) though the secondary MX as some spammers will try that in the hope it has less effective defences.

Finally, instead of just handing out an IP address, have you considered a process of, in the event of a DR situation, updating external DNS records for OWA etc instead?

Steve

Steve Goodman
Check out my Blog for more Exchange info or find me on Twitter
 
B

Brian Desmond -MVP-

3) In the case we want to keep things very simple for a failover scenario (that is our goal). Is it enough to give users an externally accessible IP address to the CAS server in the remote data center that they could connect to for OWA access? What we are trying to avoid is creating the split dns name space, renaming all of our services so they don"t conflict, ensuring they are registered on the certificate, etc. Since we only want to use this remote site (site b) as a dr site and not a regular failover site I think this could meet our needs in the case of a catastrophic failure. Our main concern is being able to continue sending, receiving and having available all messages in the case our primary site goes offline for an extended period of time. Limited access is better than no access. Continued mail flow however is extremely critical to the company.

we have done that by having mail and drmail when mail is not accessible then users are using drmail.
The usual design here is that if you have say " mail.contoso.com" , you just switch the IP on the DNS record in the event of a failover.My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
 
Status
Not open for further replies.
Top