none
Geographically redundant cas array RRS feed

  • Question

  • We're looking at putting in a second exchange 2010 server, we have one here in NZ and a new one will go in the US, both will be in a DAG, with about half the users external using outlook anywhere connecting to US server, other half internal only connecting the NZ server. We need OWA as well, and currently have outlook anywhere and OWA on the same FQDN with one server.

     

    We plan to geographically load balance it so people in NZ can still use outlook anywhere / OWA connecting locally from home etc, which we can do with our dns provider, also provides failover if one site goes down etc...

     

    The question is, how do we achieve this, maintaining the same FQDN for all the servers? I've read up on CAS arrays and they seem only really for internal clients to use, setting the FQDN to the external address seems like its not recommended.

     

    I assume we install a certificate for the FQDN with also the servers names in it as well as part of the process? hmmm... struggling to find a definitive answer on this, so any help would be much apreciated!

     

    Jeremy.

    Wednesday, November 17, 2010 1:39 AM

Answers

  • Regarding the user redirection:

    "Although the Client Access server's response can vary by protocol, when a Client Access server receives a request for a user whose mailbox is in an Active Directory site other than the one the Client Access server belongs to, it looks for the presence of an ExternalURL property on the relevant virtual directory on a Client Access server that's in the same Active Directory site as the user's mailbox. If the ExternalURL property exists, and the client type supports redirection (for example, Outlook Web App or Exchange ActiveSync), the Client Access server will issue a redirect to that client. "

    src: http://technet.microsoft.com/en-us/library/bb310763.aspx



    Mike Crowley
    Check out My Blog!

    Thursday, November 18, 2010 2:42 PM
    Moderator
  • Regarding the stretched DAG.  This is possible, however there may be a lot more to it than that.  Jim McBee just did a nice presentation on this concept at Exchange Connections in Vegas.  See his slide deck here:

    High Availability for Small and Medium Sized Businesses without the High Cost



    Mike Crowley
    Check out My Blog!

    Thursday, November 18, 2010 2:45 PM
    Moderator

All replies

  • You can only have a single CAS Array in a given Active Directory site.  Furthermore, a CAS Array cannot “span” multiple Active Directory sites.

    So unless you are using a stretched site across the pond (not recommended), you cannot use a single CAS array.

    It sounds like you’d be best off with regional entry points (i.e. one for US another for NZ)



    Mike Crowley
    Check out My Blog!

    Wednesday, November 17, 2010 3:55 AM
    Moderator
  •  Exchange 2010 Organizational Models

    This topic examines the following types of topology:

    • Consolidated Datacenter Model   This model consists of a single physical site. All servers are located within the site, and there's a single namespace, for example, mail.contoso.com.
    • Single Namespace with Proxy Sites   This model consists of multiple physical sites. Only one site contains an Internet-facing Client Access server. The other sites aren't exposed to the Internet. There's only one namespace for the sites in this model, for example, mail.contoso.com.
    • Single Namespace and Multiple Sites   This model consists of multiple physical sites. Each site can have an Internet-facing Client Access server. Or, there may be only a single site that contains Internet-facing Client Access servers. There's only one namespace for the sites in this model, for example, mail.contoso.com.
    • Regional Namespaces   This model consists of multiple physical sites and multiple namespaces. For example, a site that's located in New York City would have the namespace mail.usa.contoso.com, a site that's located in Toronto would have the namespace mail.canada.contoso.com, and a site that's located in London would have the namespace mail.europe.contoso.com.
    • Multiple Forests   This model consists of multiple forests that have multiple namespaces. An organization that uses this model could be made up of two partner companies, for example, Contoso and ContosoOnline. Namespaces might include mail.usa.contoso.com, mail.europe.contoso.com, mail.asia.contosoonline.com, and mail.europe.contosoonline.com.

     http://technet.microsoft.com/en-us/library/dd351198.aspx



    Mike Crowley
    Check out My Blog!

    Wednesday, November 17, 2010 3:59 AM
    Moderator
  • Thanks Mike, the regional namespacing looks to be like what I'm trying to achieve, would you recommend the US site be in a seperate forest or could it stay in the same? we will have a local GC / DC for the US server :)

     

    Wednesday, November 17, 2010 6:42 PM
  • The general rule is to keep as few domains and forests as possible.  So, unless you have a reason not to, I’d make this a single domain in a single forest. 

    Use an Active Directory site for each physical location with low bandwidth and/or high latency connecting them.



    Mike Crowley
    Check out My Blog!

    Wednesday, November 17, 2010 9:23 PM
    Moderator
  • Groovy, never setup a second AD site so will be fun, do the users need to exist in that site as well?

     

    I assume both exchange servers should have seperate names and I set the rpcclientaccess setting on the appropriate db's to that servers fqdn for outlook anywhere, autodiscover will make the clients connect to the correct one?

     

    Sorry about all the questions!! 

    Wednesday, November 17, 2010 9:28 PM
  • On a domain controller:

    • dssite.msc
    • add the new site
    • add subnets and associate them with the sites
    • adjust the site link connector if you want the domian controllers in each site to talk more than every 3 hours.

    Also understand a site is a boundary for Exchange.  It requires DCs in it's local site.  Also for every site you have a mailbox server, you need at least 1 HT and CAS (though they could all be on 1 box.)

    Either way you go, you'll want a solid understanding of:

    • cas arrays
    • dags
    • sites
    • namespaces
    • load balancing
    • dns

    If you feel you're not a pro in any of those areas, you might want to find some help with the design.

     

    PS, sites affect a whole lot in AD.  A site object is fundamental to how AD works, so if you've got users in this forest, you'll want to plan before you change sites around...



    Mike Crowley
    Check out My Blog!

    Wednesday, November 17, 2010 9:39 PM
    Moderator
  • Hmmm, definately not an AD pro, the site option looks like a good option tho', DC at second site and all roles on the exchange server so no problems there, will have to do some reading into sites, I assume I can do it without the second site setup then change it later? 

    Wednesday, November 17, 2010 10:06 PM
  • Setup of a second site looks fairly easy, move the associated serves into it, the users who will be connecting to it won't be joining machines to the domain if that makes any difference, only using outlook anywhere / owa, so users can stay in main site?
    Wednesday, November 17, 2010 10:29 PM
  • Setup of a second site looks fairly easy, move the associated serves into it, the users who will be connecting to it won't be joining machines to the domain if that makes any difference, only using outlook anywhere / owa, so users can stay in main site?



    Yes, you are right. User accounts are not tied to a site and are replicated to all DCs in the domain.

    You should note that you need Active Directory infrastructure (including Global Catalog(s)) in the second site.

    Steve


    Steve Goodman
    Check out my Blog for more Exchange info or find me on Twitter

    Wednesday, November 17, 2010 10:45 PM
  • Thanks Steve, I have a DC / GC box in second site, albeit on a different subnet, but it looks like I can assign multiple subnets to a site :)

     

    Wednesday, November 17, 2010 10:48 PM
  • Righto, second site setup, exchange installed, assume autodiscover will redirect outlook anywhere clients to correct regional namespaced site?

     

    So the idea is that in the DAG the NZ mailboxes are active on webmail-nz, US mailboxes active on webmail-us,  copies on each other etc. I hope this is how it should work? I find the documentation a bit sparse in this regard.

     

    Also is it possible to have OWA & Autodiscover setup on both machines for external access as the same FQDN? we can do geographically targetted dns to make life easier for clients :-)

     

     

    Thursday, November 18, 2010 2:37 AM
  • Regarding the user redirection:

    "Although the Client Access server's response can vary by protocol, when a Client Access server receives a request for a user whose mailbox is in an Active Directory site other than the one the Client Access server belongs to, it looks for the presence of an ExternalURL property on the relevant virtual directory on a Client Access server that's in the same Active Directory site as the user's mailbox. If the ExternalURL property exists, and the client type supports redirection (for example, Outlook Web App or Exchange ActiveSync), the Client Access server will issue a redirect to that client. "

    src: http://technet.microsoft.com/en-us/library/bb310763.aspx



    Mike Crowley
    Check out My Blog!

    Thursday, November 18, 2010 2:42 PM
    Moderator
  • Regarding the stretched DAG.  This is possible, however there may be a lot more to it than that.  Jim McBee just did a nice presentation on this concept at Exchange Connections in Vegas.  See his slide deck here:

    High Availability for Small and Medium Sized Businesses without the High Cost



    Mike Crowley
    Check out My Blog!

    Thursday, November 18, 2010 2:45 PM
    Moderator
  • Legend, thanks Mike!
    Thursday, November 18, 2010 7:47 PM
  • Glad to help!



    Mike Crowley
    Check out My Blog!

    Sunday, November 21, 2010 5:31 AM
    Moderator