It has been a while since I have done an exchange install (back on Exchange 2003) and I would like see if I can come up with a good overview plan. Let me explain what the goals are the what this particular environment consists of.
- We are a VMWare shop running on Essentials Plus on 2 hosts.
- One host is an older 2950III 2xQuad Core Procs with 32MB of RAM and 1.0TB of RAID10 usable local storage (10x300GB SAS 10K)
- One host is a newer R710 2-Six Core Procs with 64MB of RAM and 1.0TB of RAID10 usable local storage.
- One Dell MD3200i SAN with 1.63TB of RAID10 usable local storage using 4 NICS per host to dedicated SAN Switches (Dell 6248).
- We have two Domain Controllers running Windows 2008 R2 SP2 with domain and function level 2008 R2. (1 on each host running on local storage). Possibly adding third DC on older physical server.
- Our internal AD domain looks like this ad.mydomain.org. The external public domain looks like this mydomain.org.
- We will want all email address to be based on emailname@mydomain.org NOT emailname@ad.mydomain.org.
- We have approximately 50 users that will use email and various aliases.
- All users will use Microsoft Outlook 2010 on PC's and notebooks.
- We would like notebook users that go remote to still be able to use Microsoft Outlook 2010 on the computer even when at home or on another public network with internet access.
- We will have a number of users with the following mobile devices: android, iphone, ipad, or possible windows mobile.
- Users will also need access via the OWA feature so when they are on their own home computer or anywhere they can access their email via web interface.
- Our users will most definitely want to have a common set of contacts and common calendars or shared calendars for departments.
- All of our servers and PC's connect through multiple Dell 5448 Switches or other smaller switches.
- We have one core site, but we will have 2 other sites that will have a site to site VPN. The remote sites at this time will not have a Domain controller, but will in the future. These are small sites with just 4 or 5 people. So far all normal needs work just fine over VPN (file services mainly).
- The internet is through Comcast and we have 1 public IP address.
- The firewall is a Sonicwall NSA240 with multiple internal ports. Currently just 1 internal port to private network. No DMZ's at the moment as we have no external services yet.
- I don't know if I can get another IP or not from Comcast, will be checking tomorrow. (I am use to having multiple IP addresses when I have internal services on a DMZ, but may not be able to get multiple in this situation)
- We ARE planning on using Google's Postini for inbound and outbound protection. I know they are rolling this into Google Apps, but we have the account as Google Postini right now. Not using it yet, but will be using it.
I think the above gives a fairly clear picture of the environment and the needs. Let me shoot some general thoughts out.
- In past environments (if I recall as it has been a while) we utilized an ASA server behind the hardware firewall to deal with incoming requests for internal services like Microsoft Exchange or Terminal Services. I don't know if this is still the common
practice or not, but I am venturing I would either have an ASA server or Exchange 2010 Edge server... OR both. Not sure what specific server or combination needed at the perimeter. What are recommendations here? I don't want to make things
more complicated, but I seem to recall protecting the internal exchange server from public and have either ASA or something else in the middle.
- I would then have the Exchange Server 2010 running inside our network. I think it would have the mailbox, hub transport, and client access roles.
- One concern would be OWA. Is that another server in the DMZ (on edge server) or does that get redirected via ASA to internal exchange to feed to the external clients.
- I will be a virtual server and I will probably have it on the R710 "local storage" for now. I know I lose the vmotion when it is local, but plan to institute solid backups and can live with short down time until I get more comfortable with the SAN. A little concerned with performance of that SAN for exchange.
I'll stop at this point and just ask for some feedback on what I have described here as I continue doing some research and hopefully in the next day or two start doing some tests in a virtual test environment.
Thanks in advance,
Greg