Exchange 2010 HA Organization Design
Hi,
We would like to design a new Exchange 2010 infrastructure replacing our current setup with Exchange 2007. For the moment we have an ISA 2006, 2 Edge-servers, 2 HUB/CAS-server in a NLB-configuration and one CCR for the MB-role.
I have a suggestion for our new environment, but would like to know if everything is possible to implement.
This is how I see it:
- 2 Mailbox-servers configured as DAG
- 2 HUB/CAS-servers configured as NLB
And then the setup for our Edge-TMG configuration:
- 2 TMG Enterprise servers with Edge and ForeFront protection for Exchange in an TMG NLB Array.
The last item is unknown for me. A few questions:
1. Can we NLB a TMG array with Edge and ForeFront protection installed on it?
2. Will internal http proxying work without joining the TMG-servers in the AD-domain (Because Edges are preferably not domain-joined)
Overall is this a working proposition of is there a better practice?
Thank you very much for your response.
April 5th, 2011 5:39am
Hi WoCom,
For question 1,
We could use the the NLB for Edge server and ForeFront protection installed on it.
For question 2,
Internal users would not use the proxy.
Regards!
GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
April 8th, 2011 4:19am
Gavin,
Your answer on question 2 is not clear to me. Internal users do have to use the proxy for internet browsing. I already tested with Radius-authentication and that works, but everytime a user start their Internet Explorer they get a popup
for authentication and we would like to avoid that. So my guess is we have to join the Edge-servers to the AD-domain or is there another way? Are there any caveats by joining an Edge-server to the domain?
April 14th, 2011 2:46am
Hi WoCom,
Do you create TMG as the proxy for the external users? If yes, the TMG proxy sever could join into the domain or without joined.
But TMG server would not used for internal users.
Edge server could not be joined into the domain.
Regards!
GavinPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
April 15th, 2011 1:40am