For compliance reasons, I need to split up our current single server Exchange 2007 installation into a 3 server setup with 1 Client Access Server and 2 mailbox servers. I have been passed a design by our in-house architect but they have admitted that exchange is not their strong point (nor is it mine) so I thought Id present the solution here and see if anyone knows of any reason why it wont work. There will be 3 servers in 3 networks separated by VLANS. Network 1 contains the current server and will retain the majority of the mailboxes and a hub transport role. Network 2 will contain the new mail store server and will have access to a local AD/GC server. A small group of mailboxes will be housed here. Network 3 will contain the server with the CAS role and a Hub transport role. AD services will be provided by the DCs on the other VLANS. All external traffic will be routed through this server first. The plan is to deploy the new servers, install the roles and then transfer the services as per the MS guidance, update DNS, etc, then move the required mailboxes over. Please let me know if there is anything obviously wrong with this setup, i'm pretty sure it's correct but any guidance will be appreciated. Cheers,

Nope, don't do it. In the many different scenarios that I've had customers thrown at me, there is absolutely no good reason to split your servers into different VLANs. It will cause you trouble and it WILL NOT really satisfy any security requirements. Having 1 Client Access Server and 2 Mailbox servers is out of balance. 2 mailbox servers isn't going to give you any additional security. And, of course, at this point, deploying a new Exchange 2007 architecture is a little behind the times, look at moving to at least Exchange 2010.Ed

Nope, don't do it. In the many different scenarios that I've had customers thrown at me, there is absolutely no good reason to split your servers into different VLANs. It will cause you trouble and it WILL NOT really satisfy any security requirements. Having 1 Client Access Server and 2 Mailbox servers is out of balance. 2 mailbox servers isn't going to give you any additional security. And, of course, at this point, deploying a new Exchange 2007 architecture is a little behind the times, look at moving to at least Exchange 2010. Ed Alas I am stuck with both the VLAN segregation and 2007. Neither of these factors are under my control. Can you give me any specific example of issues with this kind of setup? I may be able to use it as an argument against the design or at least prepare for the issues. The compliance issue is related to PCI DSS. Network have separated any server that hold credit card info into its own VLAN, as we have a few mailboxes which also hold data i need to store them in this environment.

Hi It will work if these three networks are all connected with no problem. But, when it meet some issues, that might be very difficult to trouble shoothing on it. CheersZi Feng TechNet Community Support

Hi It will work if these three networks are all connected with no problem. But, when it meet some issues, that might be very difficult to trouble shoothing on it. CheersZi Feng TechNet Community Support