none
HA/DR active/active design .... CAS arrays and namespace planning

    Question

  • Hi,

    I will be implementing an active/active design as shown below

    I am now getting round to namespace planning and am a little confused about how OWA acess will work for both sites.

    Is it possible to use one external URL for all  external users to access OWA ?
    (we currently have an Eastcoast OWA URL and Westcoast OWA URL in our Exchange 2007 setup)

    What I would like to happen is as follows:

    - East coast users hit the OWA URL and East Coast CAS array directs them to active East Coast database
    - West coast users hit the OWA URL and West Coast CAS array directs them to active West Coast database
    - Should East Coast site fail all users hit West Coast CAS array and access failover database (and the other way round if West Coast site fails)

    I have been reading up on CAS array redirection and think this may be the answer but most scenarios refer to active/passive, not active/active.
    Cross-Site Silent Redirection in Exchange 2010 SP2

    We've updated the OWA connection process to support Cross-Site Silent Redirection. The CAS performs the following steps during service discovery:

    1. Evaluate the mailbox version (either Exchange 2007 or Exchange 2010).
    2. Check the mailbox's location.
    3. Obtain the ExternalURL of target <acronym title="Client Access Server">CAS</acronym>.
    4. Obtain the redirection type on the source CAS.
      1. If CrossSiteRedirectType=Manual, we issue a manual redirect.
      2. If CrossSiteRedirectType=Silent, we issue a silent redirect.
        1. If source and target CAS have <acronym title="Form-Based Authentiation">FBA</acronym> enabled, then the source CAS issues a hidden form back to the browser that contains the user’s credentials and FBA settings, along with the redirect URL.
        2. If FBA is not enabled on source and target, source CAS simply issues a 302 redirect.
    That’s right; Cross-Site Silent Redirection can be a <acronym title="Single Sign-On">SSO</acronym> experience when the source and target OWA virtual directories leverage Forms-Based Authentication.


    The majority of users are East coast so I guess all users hit East Coast CAS array and if they are West Coast users that CAS array will redirect to the West Coast one ?

    If anyone can just give me a basic explanation if a single URL can work for us that would be fantastic.

    Kind Regards

















    • Edited by hubbardt Thursday, March 15, 2012 9:46 PM
    Thursday, March 15, 2012 8:07 PM

Answers

  • Hi,

    We can use one external URL for all external users toaccess OWA.

    Publishing OWA to internet in one site and setexternalurl. Thus CAS in an Internet-facing Active Directory site will proxy incoming requests to a CAS in a Non-Internet-facing ActiveDirectory site (that's located in the same site as the Mailbox server being accessed).

    If both sites are Internet-facing Site, then we can use redirection.

    But when site failover occur, it cannot connect the published CAS server, it will not do redirection or proxy. I think.

    We may have to update the DNS record to point the record to the current active site when site failover occur.

    Besides, some 3rd hardware load balance for CAS can do load balance between sites.









    Xiu Zhang

    TechNet Community Support

    • Marked as answer by hubbardt Monday, March 19, 2012 1:58 PM
    Monday, March 19, 2012 8:51 AM

All replies

  • Hi,

    We can use one external URL for all external users toaccess OWA.

    Publishing OWA to internet in one site and setexternalurl. Thus CAS in an Internet-facing Active Directory site will proxy incoming requests to a CAS in a Non-Internet-facing ActiveDirectory site (that's located in the same site as the Mailbox server being accessed).

    If both sites are Internet-facing Site, then we can use redirection.

    But when site failover occur, it cannot connect the published CAS server, it will not do redirection or proxy. I think.

    We may have to update the DNS record to point the record to the current active site when site failover occur.

    Besides, some 3rd hardware load balance for CAS can do load balance between sites.









    Xiu Zhang

    TechNet Community Support

    • Marked as answer by hubbardt Monday, March 19, 2012 1:58 PM
    Monday, March 19, 2012 8:51 AM
  • Thank you for the clear answer. Both sites are active and internet facing so we will use redirection.

    Good point about updating the MX record if an actual site failover occurs.

    Kind regards,

    Monday, March 19, 2012 1:59 PM