Exchange 2007 at branch office
Now I’ll be deploying exchange 2007 for branch office and I need the right design for it.
In the HQ exchange 2007(one box),DC 2008 installed behind Cisco pix firewall.
I need to install exchange 2007 on the branch office as I need :
§ Internal outbound emails routes through the VPN (between HQ and branch and vice versa)
§ Branch external emails goes from the branch directly in case link fails
§ Received emails for the branch comes to the HQ and route to the branch via VPN as the users will be roaming from HQ to the branch.
§ Access OWA is universal from the HQ so even Branch user can check their emails.
On the other hand I need to know what kind of DC shall I install on the branch ? additional domain controller or child domain controller? One site or make other site?
Answers
- Hello Rajnish,
I'm actually planned for what u suggested, now it comes to the exchange 2007 emails flow as i've asked earlier,as i wanted the mailes received to get to the HQ as it's now and then replicated to the branch exchange and the external email go through the branch connection but internal goes through the VPN.
On the other hand what roles will be installed at the branch? as i have exchange on one box at the HQ ?
So is that will be possible and how can this be done?
Regards- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
I need to install exchange 2007 on the branch office as I need :
· Internal outbound emails routes through the VPN (between HQ and branch and vice versa)
ANSWER : Email Routing in exchange 2007 is handled through the configuration of Sites in active directory.
If you have a Sites representing the Head office and Branch Office in Active Directory Sites and Services, and they HAVE a site link between them, then your desired email routing will be automatically achieved.
· Branch external emails go from the branch directly in case link fails
ANSWER: Outgoing emails flow will be configured using send Connectors on the Branch HUB server. And this link will not work as a backup for an failure. Once Configured all emails from the Branch site will flow directly to the internet. Irrespective of any other link failure.
· Received emails for the branch comes to the HQ and route to the branch via VPN as the users will be roaming from HQ to the branch.
ANSWER: You need to configure the MX record for your domain to point to the gateway firewall in your HQ site. All external emails will land on HQ and flow to the branch site using AD sites and services.
· Access OWA is universal from the HQ so even Branch user can check their emails.
ANSWER : OWA URL will be configured to point to the ISA server located at the HQ site. CAS proxy should be used to allow users to access OWA through the Internet.
- Proposed As Answer byS. Alizaib Alam Wednesday, October 28, 2009 5:29 AM
- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
- Hi,
Any update on this issue?
Thanks
Allen- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
- Yes i wanted to know which is better
To keep HQ and branch in one site or create other site ?
As the problem i need to have both the HQ and branch on the same subnet as i have other application requires this.
Waiting your advise- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
- For sure, keeping them in the same AD site will be good. the only challenge will be, how you are going to stretch the VLAN from one location to another. If you can stretch it, go for single AD site.
Raj- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
- I have cisco catalyst 6000 series at both sides to this Job.
Thanks for help and i'm very thanksful.- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:58 PM
All Replies
- First for the DC
1. If it is secure , go for a ADC with DNS (in case your number os users are more).
2. If not secure , go for RODC.
3. keep it simple and make them on single AD site , also that will make your mail routing easy as in Exchange 2007 , mail flow is based on AD site and not routing groups.
For mail flow, try to get the MX record pointing to the firewall (or any other device), where you want your emails to land.
are you considering rpc over https for your branch users?
Raj - Hello Rajnish,
I'm actually planned for what u suggested, now it comes to the exchange 2007 emails flow as i've asked earlier,as i wanted the mailes received to get to the HQ as it's now and then replicated to the branch exchange and the external email go through the branch connection but internal goes through the VPN.
On the other hand what roles will be installed at the branch? as i have exchange on one box at the HQ ?
So is that will be possible and how can this be done?
Regards- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
1. Make sure that MX record for your SMTP domain is pointing towards the FW (any other deviuce) on your HQ. On its own, the mail will go thorugh the VPN to the Branch Office.
2. Extrenal Emails in Exchange 2007 always takes the outgoing connector path. so what ever you set on the outgoing connector, the outgoing emails will take that. (Directly DNS or Any other relay server like AV etc.).
3. Accorind to me, if the numvber of users are less, consider every thing on one box, or else you can go ahead with CCR for Mail box servers, HUB and CAS on two servers (NLB'd) and possibly a edge server.
RajHi,
In the organization, the connection (Send Connector) between Hub Transport servers are created automated implicitly by computing a path between Active Directory sites that is Active Directory Site Link costs.
Thus, no matter what site that you deployed, the mail flow is going via VPN for internal email between the two places.
To make the branch's email send the Internet directly, you need to create a send connector and set the source server as the branck's Hub transport server in the branch's Exchange server.
To mail the external email relay from HQ, you need to make the MX record associated with the HQ.
For what roles need to be installed, if your deploy another site for branch, the CAS, Mailbox and Hub need to be installed. If only one site for the two places, Hub and Mailbox are needed.
Thanks
Allen- Edited byAllen SongMSFT, ModeratorWednesday, November 04, 2009 1:55 AM
- Edited byAllen SongMSFT, ModeratorWednesday, November 04, 2009 1:56 AM
I need to install exchange 2007 on the branch office as I need :
· Internal outbound emails routes through the VPN (between HQ and branch and vice versa)
ANSWER : Email Routing in exchange 2007 is handled through the configuration of Sites in active directory.
If you have a Sites representing the Head office and Branch Office in Active Directory Sites and Services, and they HAVE a site link between them, then your desired email routing will be automatically achieved.
· Branch external emails go from the branch directly in case link fails
ANSWER: Outgoing emails flow will be configured using send Connectors on the Branch HUB server. And this link will not work as a backup for an failure. Once Configured all emails from the Branch site will flow directly to the internet. Irrespective of any other link failure.
· Received emails for the branch comes to the HQ and route to the branch via VPN as the users will be roaming from HQ to the branch.
ANSWER: You need to configure the MX record for your domain to point to the gateway firewall in your HQ site. All external emails will land on HQ and flow to the branch site using AD sites and services.
· Access OWA is universal from the HQ so even Branch user can check their emails.
ANSWER : OWA URL will be configured to point to the ISA server located at the HQ site. CAS proxy should be used to allow users to access OWA through the Internet.
- Proposed As Answer byS. Alizaib Alam Wednesday, October 28, 2009 5:29 AM
- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
- Hi,
Any update on this issue?
Thanks
Allen- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
- Yes i wanted to know which is better
To keep HQ and branch in one site or create other site ?
As the problem i need to have both the HQ and branch on the same subnet as i have other application requires this.
Waiting your advise- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
- For sure, keeping them in the same AD site will be good. the only challenge will be, how you are going to stretch the VLAN from one location to another. If you can stretch it, go for single AD site.
Raj- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:59 PM
- Hi,
As Rajnish recommended, one site is the best practice.
Thanks
Allen - I have cisco catalyst 6000 series at both sides to this Job.
Thanks for help and i'm very thanksful.- Marked As Answer byMohamed Abdel Aziz Thursday, November 05, 2009 12:58 PM
