Distributed HTTPS/RPC environment - multiple remote sites?
Hello. Need to get some advice on the pending changes I need to make on an overloaded Exchange 2003 deployment.We have just taken over support for a large org with 14 locations. All config was done by the last IT firm so please don't beat me up on how it's currently configured. :-)Currently we have a single F/E server and a single B/E server in a Colo with 1200 MBoxes and a single T1 - yes, a single T. This config services all remote sites (14) and all users (1200). Everyone does RPC/HTTPS to get mail. As you can imagine - there are MANY problems with performance. My first task is to make the Corporate office and those Executivess happy. They need fast access in Outlook when on the LAN and they still need RPC/HTTPS when travelling.I plan on installing exchange on a new server in the Corp office which is connected via T1 VPN to Colo. I then plan to move Corp office users (About 25 Executives) to the newly installed server in that office. This should provide access to mail at LAN speed and make them happy. These users MBoxes total about 30GB of data so I plan on first moving them to their own store at Colo and then 'forklifting' the EDB/Log file via USB hard drive to new server at Corp office and re-mounting store. I can't use Move-Mailbox over T1 due to amount of data. I am also considering ExMerge to empty MBoxes and then moving over the wire. Comments on this welcomed too :-)The main question I have is, if I move these 25 users to the new B/End server at the Corp office, how do I configure RPC/HTTPS so that these users have a good experience when travelling? It seems to me as thought they'll still have to connect to the F/End server at the Colo in then go over the site to site VPN to the new B/End server at their office? They'll still have a poor experience when off the LAN. Do I need to install a F/End server along with the new B/End server at the Corp offic and create DNS entries and reconfig all these users to use their own F/End server?If so, I'm assuming I'll need a different F/End server at every location as I plan on adding B/End servers to most sites. I have remote offices all over the world. There's a single domain name and all mail should still be delivered to the primary server and then sent to the server which holds the user mailbox. I don't want all users to RPC/HTTPS to a single server.I'm pretty sure I need a F/End and B/End server at each remote site and then congig each user to connect to their appropriate F/End server.Can anyone help with this logic and config? Am I right? Is there a better way to do it and improve performance and make then all happy?We're also in the process of going from a single T to a 6MB/10MB burtable pipe which will help but remote sites will still only have a T1.Sorry this is long but I wanted to explain it as well as I can.Thanks!
February 6th, 2010 7:23pm
On Sat, 6-Feb-10 16:23:16 GMT, MrITGuyInGA wrote:>Hello. Need to get some advice on the pending changes I need to make on an overloaded Exchange 2003 deployment.We have just taken over support for a large org with 14 locations. All config was done by the last IT firm so please don't beat me up on how it's currently configured. :-)Currently we have a single F/E server and a single B/E server in a Colo with 1200 MBoxes and a single T1 - yes, a single T. This config services all remote sites (14) and all users (1200). Everyone does RPC/HTTPS to get mail. As you can imagine - there are MANY problems with performance. My first task is to make the Corporate office and those Executivess happy. They need fast access in Outlook when on the LAN and they still need RPC/HTTPS when travelling.I plan on installing exchange on a new server in the Corp office which is connected via T1 VPN to Colo. I then plan to move Corp office users (About 25 Executives) to the newly installed server in that office. This should provide access to mailat>LAN speed and make them happy. These users MBoxes total about 30GB of data so I plan on first moving them to their own store at Colo and then 'forklifting' the EDB/Log file via USB hard drive to new server at Corp office and re-mounting store. I can't use Move-Mailbox over T1 due to amount of data. I am also considering ExMerge to empty MBoxes and then moving over the wire. Comments on this welcomed too :-)>The main question I have is, if I move these 25 users to the new B/End server at the Corp office, how do I configure RPC/HTTPS so that these users have a good experience when travelling?Their Outlook profiles should have the "High speed" box unchecked inthe Exchange Proxy Settings.>It seems to me as thought they'll still have to connect to the F/End server at the Colo in then go over the site to site VPN to the new B/End server at their office?Yes.>They'll still have a poor experience when off the LAN.Why? Is your problem with the F/E server or that T1? If it's the T1,step up to the next level of service or add another T1.>Do I need to install a F/End server along with the new B/End server at the Corp offic and create DNS entries and reconfig all these users to use their own F/End server?Not necessarily. That would require another connection to theInternet. If bandwidth at the colo is the problem then buy more.>If>so, I'm assuming I'll need a different F/End server at every location as I plan on adding B/End servers to most sites.If you plan to move to Exchange 2007 or 2010 you should stop andconsider how this will work with OWA. Will all those other locationsalso have their own AD sites? Exchange 2003 F/E servers acted simplyas a protocol proxy and it was the B/E servers that did all the hardwork. That's changed and Exchange now uses AD sites to determine whereyou need CAS roles. You can have one, or several, Internet accesspoints, but if they're in different sites you'll be redirected to the"correct" one if there's a CAS with an external URL in "your" site. Ifnot you'll use proxying.>I have remote offices all over the world. There's a single domain name and all mail should still be delivered to the primary server and then sent to the server which holds the user mailbox.You're talking about Internet SMTP e-mail, not internal e-mail, right?That's not a problem.>I don't want all users to RPC/HTTPS to a single server.I'm pretty sure I need a F/End and B/End server at each remote siteNot really. You can get by with multiple F/E servers at one locationif you want to. It might not be the smartest thing, but it's do-able.Having two servers at each location will be costly (two machines, twoO/S licenses, two Exchange licenses, network access costs, etc.).>and then congig each user to connect to their appropriate F/End server.That'll work.>Can anyone help with this logic and config? Am I right? Is there a better way to do it and improve performance and make then all happy?We're also in the process of going from a single T to a 6MB/10MB burtable pipe which will help but remote sites will still only have a T1.The remote sites will probably be constrainted more by latency thanbandwidth. Unless you've devised a way to travel faster than the speedof light it'll still take longer to send electrons from Japan to NewYork than it will to send them to, say, Hong Kong.>Sorry this is long but I wanted to explain it as well as I can.Thanks! Have you considered using just a few locations to serve as regionalhubs rather than co-locate Exchanges servers wherever there's anoffice?---Rich MatheisenMCSE+I, Exchange MVP
---
Rich Matheisen
MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2010 9:17pm