none
Multi-Tenant Exchange RRS feed

  • Question

  • Hello All.........I need help in setting up multi-tenancy exchange environment which is production ready and addresses all aspects of production service such as robust design, secure, highly available, disaster recovery, etc.  I would be utilizing one of the Control Panels that are recommended by Microsoft.  But, I need help in setting up my Exchange environment in such a way that it is able to service multi-tenant environment.

    So, would help if anyone could guide on following:

    1.  Design of the solution (Servers, DAG, Internal and External URLs, DNS Management, etc.)

    2.  How to make it secure

    3.  What HA model should be followed

    4.  What DR model should be followed

     any literature would be highly appreciated.  thanks in advance.
    Thursday, May 4, 2017 1:17 PM

All replies

  • You wish to recreate Office 365?  OK, we have a team of thousands working with millions of servers to do this.  What sort of scale are you attempting to support?

    So from your list, see below:

        • Yes, you will use DAGs, with load balancers in front of them to support inbound client connections and email delivery.  You will obviously need an Active Directory environment to front-end this infrastructure, too.
        • You would need to deploy multiple authoritative domains, as well as multiple GALs for them, but once deployed, Exchange is secure by default.  If you wish to add things like MFA for mobile devices, you can do this with third-party add-ons or by requiring client certificates (which you would need to deploy, meaning you will need to include a certificate authority to your Active Directory infrastructure). Adding additional security to OWA or Outlook Anywhere may also require additional third party tools or client certificates.
        • Multiple servers hosting the replicated mailbox databases will give you your high availability solution.  For a truly redundant multi-tenant environment, you should have these in multiple datacenters, which can take over for each other to support the high availability target, but you can do this with two copies in a single datacenter.
        • For DR, you would deploy servers in multiple datacenters.

    If I was trying to build multi-tenancy, I'd do it in multiple datacenters, starting with four.  All of them would host active mailbox databases, and each database would have four copies (three for HA, and one lagged for point in time recovery).  I'd set my systems so that deleted messages or mailboxes wouldn't be purged for 90 days.  (I'd also tell my customers that if they need items restored from backups, it would cost them a substantial amount.)

    As for literature, see the Exchange documentation:

  • There are also third-party sites with guidance.  I am giving these as reference, but don't have any connection with them:

  • Will Martin ...
    -join ('77696c6c406d617274696e2d66616d696c6965732e6f7267' -split '(?<=\G.{2})' | ? { $_ } | % { [char][int]"0x$_" })

Thursday, May 4, 2017 2:09 PM