General design questions   

We are running Exchange 2003 but want to add a new server into existing 
infrastructure with Exchange 2007.  Working on the design and have some 
quesitons.

1. Is ISA necessary?  I don't use it now.  We use basic authentication for 
OWA.  Firewall passes traffic to FE sitting in internal network.  I thought 
Edge server is going to act like OWA/FE at DMZ.  Is it?  Without ISA, what's 
the best way to implement OWA?  Add a CA server at DMZ?

2. We have P/A cluster at HQ and a DR server at remote office.  DB 
replication is done by a 3rd party service using Double-Take for failover.  
We'd like the same setting with Exchange 2007 mailbox server.  Are CCR and 
SCR a good option?  Is it reliable?  Any field experience?

3. We might put hub, CA and MBX roles on the same server initially.  Of 
course, we can't do CCR with such settting.  Is it easy to transfer the roles 
to other servers later on so we can implement CCR?

4. Any suggestion if we should run MBX, CA and Hub on VMWare ESX, or at 
least CA and Hub on VM?


Thanks,

David

date: Thu, 15 Nov 2007 13:10:16 -0800   author:   Chris

Re: General design questions   

Responses inline.

-- 
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------


"Chris"  wrote in message 
news:D0A3EC50-7F6F-455C-B466-D95EEDC8BFD2@microsoft.com...
> We are running Exchange 2003 but want to add a new server into existing
> infrastructure with Exchange 2007.  Working on the design and have some
> quesitons.
>
> 1. Is ISA necessary?  I don't use it now.  We use basic authentication for
> OWA.  Firewall passes traffic to FE sitting in internal network.  I 
> thought
> Edge server is going to act like OWA/FE at DMZ.  Is it?  Without ISA, 
> what's
> the best way to implement OWA?  Add a CA server at DMZ?

This has been the subject of plenty of  debates. Wouldn't say ISA is 
necessary, but depending on security requirements and considering that CAS 
servers are not supported in perimeter networks any more (unlike Exchange 
Server 2003/2000), ISA or ISA-like application-layer/application-aware 
firewalls/appliances certainly help in ability to sleep peacefully at 
night...




>
> 2. We have P/A cluster at HQ and a DR server at remote office.  DB
> replication is done by a 3rd party service using Double-Take for failover.
> We'd like the same setting with Exchange 2007 mailbox server.  Are CCR and
> SCR a good option?  Is it reliable?  Any field experience?

You will have to evaluate features provided by the third-party solution(s) 
and Exchange Server 2007's CCR + SCR. It's too early to say whether SCR (or 
CCR for that matter) reliable. SCR is not even released yet - it's part of 
SP1. Having used these for a while now - they certainly haven't displayed 
any signs of unreliability. (Of course, SP1 makes it better... ). If 
starting out fresh, I would certainly recommend a CCR + SCR solution.


>
> 3. We might put hub, CA and MBX roles on the same server initially.  Of
> course, we can't do CCR with such settting.  Is it easy to transfer the 
> roles
> to other servers later on so we can implement CCR?

You can't start with a non-clustered server and then convert it into a 
cluster. You can, however, install additional servers with Hub/CAS roles, 
and remove Hub/CAS roles from the existing box. To utilize the same box(es) 
for a cluster, you'll need to move mailboxes to another (even temporary) 
mailbox server, setup the Clustered Mailbox Server (CMS), and then move 
mailboxes back. There's no "transfer" of roles, so to speak - 
adding/removing roles is possible.

>
> 4. Any suggestion if we should run MBX, CA and Hub on VMWare ESX, or at
> least CA and Hub on VM?

As long as you are aware of Microsoft's support policies in the context of 
virtualization, and at peace with those....

>
>
> Thanks,
>
> David

date: Thu, 15 Nov 2007 15:48:00 -0800   author:   Bharat Suneja [MVP]