Robert’s Rules of Exchange: The Scenario


Overview

Today we kick off Robert’s Rules of Exchange, a series of blog posts in which we take a fictitious company, describe their existing Exchange implementation, and then walk through the thought processes behind the design, installation, and configuration of their Exchange 2010 environment. Robert’s Rules of Exchange: Table of Blog Contents will serve as a reference for all posts in this series.

This post provides an overview of the scenario that will be used throughout this series. Here, we’ll define the RobertsRules.ms network, the servers, the situation in which the company finds itself, and the goals and requirements around implementation of Exchange 2010 in their environment.

The Robert’s Rules Company

Robert’s Rules is a fictitious company that creates straight edges designed for engineering and drafting work. For those of you that do not speak English as a first language, please reference http://www.merriam-webster.com/dictionary/rule – definition 4 for this use of the word "rule". Some of our competition can be seen here: http://www.bing.com/shopping/search?q=engineering%20ruler&qpvt=engineering+ruler.

Robert’s Rules is located in the United States, and has a proud southern US heritage. The main datacenter is in Huntsville, AL (referred to as "HSV"). Another smaller datacenter is located at Lightfoot Hollow (referred to as "LFH"), which is in Winchester, TN. Both of these datacenters host Exchange servers and provide email services for Robert’s Rules users.

Robert’s Rules has an Internet domain that is primarily used for email services. This domain is RobertsRules.ms. At this time, the RobertsRules.ms domain provides no other public Internet services.

The Exchange Environment

Robert’s Rules initially deployed Exchange 2003 into their environment for internal Outlook 2003 users only. As their sales force has grown, they have developed a requirement for external/Internet-based access to email. As they looked at their requirements in this area, it was determined that a VPN or DirectAccess type of solution would be more of an investment than they would like to make, and that simply publishing Exchange onto the Internet would meet all of their current requirements.

The Robert’s Rules IT department decided to move the company to Exchange 2007. As a pilot, Exchange 2007 was deployed in the HSV datacenter. Unfortunately, this deployment was not completed successfully, primarily because the senior Robert’s Rules email administrator won the Tennessee PowerBall Lottery and retired to a less stressful life as a professional poker player in Las Vegas.

The CIO decided to abandon further efforts to move to Exchange 2007 and focus all further upgrade efforts around Exchange 2010. As we deploy Exchange 2010 in this environment, we will have to co-exist with the Exchange 2003 and Exchange 2007 servers currently in the environment.

Windows Server 2003 was used for the Exchange Server 2003 machines, Windows Server 2008 for the Exchange Server 2007 machines, and Windows Server 2008 R2 for the Exchange Server 2010 machines. Both domain controllers are Windows Server 2008 R2, with the Active Directory in Windows Server 2008 forest functional mode. All servers are kept up to date on the appropriate service packs, rollups and patches as recommended by Microsoft.

The Email Clients

The user community at Robert’s Rules is primarily made up of people that do not sit at their desk doing email all day. There are factory workers, shipping facility workers, engineers that design the drafting instruments that the company sells, etc. As such, about 90% of the people at Robert’s Rules have an email profile where they send and receive less than 50 messages/day , with the average message size in the 75KB range. The remaining 10% of users are VIPs and sales executives that send and receive an average of 100 messages/day, with the average message size of 100KB.

Robert’s Rules currently has a mixture of Outlook 2003, Outlook 2007 and Outlook 2010 clients deployed. All clients are kept up-to-date with service packs and security patches. Some of these clients are primarily desktop machines (internal corporate access), and some are laptops for the sales force and a few VIPs and these laptops are sometimes on the internal network, and sometimes external (Internet access from hotels, airports and other WiFi access points). The desire is for the transition between internal and external access (and back) for the sales force to be transparent to the user.

Robert’s Rules has a new requirement to provide mobile email access to users with mobile devices that support Exchange ActiveSync (EAS), as well as web-based email access (using OWA) internally and from the Internet.

The Network

As described above, Robert’s Rules has two datacenters that do (and will) host Exchange. They have a publicly routed network in each of the two datacenters, as well as a dedicated replication network between the two datacenters. All client access, as well as all normal server-to-server communications will happen on the publicly routable network. The customer wishes to leverage the replication network for our DAG replication in Exchange 2010.

Each of the two datacenters has a perimeter network. ForeFront Threat Management Gateway (the next-generation release of ISA Server) is used for reverse proxy and web publishing.

The Exchange 2010 Goals

Robert’s Rules would like to upgrade their environment to Exchange 2010, raising their availability stance (they currently have no clusters or load-balancing in place), raising the hygiene stance (they currently have no spam filtering in place, and would like to move to Microsoft’s Forefront Protection for Exchange virus scanning). Robert’s Rules would like to introduce the idea of site resilience into their Exchange 2010 environment as well. Also, as stated above, they want to provide access from the Internet for Outlook Anywhere and Exchange ActiveSync clients.

To meet these requirements, we will be deploying two Edge Transport servers in the perimeter, two CAS/HT servers in each of our datacenters, two Mailbox servers in the HSV datacenter, and one Mailbox server in the LFH datacenter. We have separated the Client Access role from the Mailbox role because as a small organization, Robert’s Rules has chosen to utilize Windows Network Load Balancing. Windows NLB is not supported on servers that utilize Windows Failover Clustering, and the DAG servers will utilize clustering, so we are required to separate these roles.

Exchange server sizing was accomplished utilizing the Exchange 2010 Mailbox Server Role Requirements Calculator from the Exchange Team Blog. All sizing guidance in that calculator comes directly from the Exchange 2010 core documentation on TechNet. To review and understand this information, start with Mailbox Server Storage Design, which is the core to how we size Exchange 2010 storage. Storage design leads us to Mailbox Server Processor Capacity Planning. Once we understand our mailbox role processor capacities, we can also get our processor configuration for all other server roles and the memory configuration for all roles from the guidance in Understanding Exchange Performance.

NOTE: The real main Exchange 2010 goal for this series is to demonstrate migration to Exchange 2010 from previous versions of Exchange and to show the current configuration options. That means that at times I might do things outside of these stated company goals just for the sake of demonstration.

The Blog Lab Environment

To simulate the Robert’s Rules network in my lab, I will be using a single server running Windows Server 2008 R2. By being aggressively skimpy with RAM configurations on these servers, I hope to shoehorn this entire production into the 24 GB of RAM in my server. Some 32-bit client machines, where feasible, will be hosted on my Windows 7 desktop machine (which resides on the same home network as the server).

To implement the virtual networks for the lab itself, I have chosen to do something like what’s shown in this diagram:


Figure 1: The Robert’s Rules Lab Network

This shows two separate routers, and I have actually done this with a single Windows 2008 R2 server running RRAS (configured for IP routing only), and used filters to ensure that traffic that’s supposed to be on the replication networks is not allowed on the public networks and vice versa. I am simulating a full perimeter network with a third network off of my ISA server. I will only have this one perimeter network, but for the demonstration purposes of this series of posts, this shouldn’t be an issue.

You can see that the "outward facing" network is my "home network". That’s the network that my home desktops, my work laptops, my server, my wife’s and kids’ machines, and our four Xbox 360s use to connect to the Internet. As such, I gave that network interface on my ISA server a static IP address, and I will use my Internet router to "port forward" specific ports to the ISA server. With this, I hope to be able to perform everything from simply sending and receiving Internet email all the way through using the MFG (Microsoft Federation Gateway) to show Exchange 2010 Federation capabilities.

The lab begins with Exchange 2003 and Exchange 2007 deployed as shown in the following diagram:


Figure 2: Robert’s Rules Exchange 2003 and 2007 Environment

When we have added Exchange 2010 to this environment, it should look similar to the following diagram:


Figure 3: Robert’s Rules Exchange 2003, 2007 and 2010 Environment

Note that I will only be able to test for a variety of Windows Mobile phones (mostly utilizing emulators), as I am limited to what I have in hand. If anyone would like to donate an iPhone, iPad, or Droid device and the associated service necessary, I will be more than happy to test and document my findings. Similarly, all clients tested will be various supported Outlook versions. For those that want to see EWS for the Mac client, please provide a Macintosh computer and I will be happy to test that as well!

Robert Gillies

Comments (17)
  1. They call me Mr Kemp says:

    Why are you using 2 dedicated CAS servers when you could use a single inexpensive virtual or hardware load balancer (like the Kemp LoadMaster series)?  They are USD $1500 each and can be configured in pairs for HA.  Seems like a lot less expensive than 2 physical/virtual CAS servers (once you count hardware and licensing costs)… maybe a future blog post?

  2. Paul Brock says:

    This looks just like the solution I chose for a small bank with a main data center and smaller disaster recovery datacenter. We leveraged Virtual Machines except for the mailbox servers. My only complaint is that it requires 2 CAS servers at each datacenter and 6 Exchange server licenses to get full resiliency. It would be better if it were possible to stretch the CAS array across data centers like a DAG and still have the ability to failover automatically. The problem with the current model is the CAS array needs to be in the same IP subnet and all those Exchange licenses get expensive for a smaller organization.

  3. Robert Gillies [MSFT] says:

    @Mr. Kemp – what a fine idea!  I’ll add that to the list with any other great ideas that come in.  I think that Kemp has a virtualized version of the load balancers, hopefully they will have a Hyper-V version soon.  This way I can show both Windows NLB and a "hardware" NLB solution!

    @Paul – The ClientAccessArray is associated with an AD site, not with an IP subnet.  If you have "LAN-speed" connectivity between the two locations, you could designate them as a single AD site and have a single ClientAccessArray.  We’ll be having a lot of discussions around this and other design points through this blog series, so keep reading!

    Thanks for all comments – don’t hesitate to check out the list I have already planned and leave ideas there as well!

  4. SAT says:

    This is a great idea – real life implementation.  I look forward to the series.

    Regarding the Kemps – excellent value NLB for  small businesses out there, not realizing that HA requires this now.  

  5. adi says:

    Seems a lot like my current environment, though in my current environment exchange 2007 is primary and 2003 are left overs for branch users [can’t upgrade to 2007, licensing and hardware issues] look forward to this series, will probably run similar scenario

  6. Dominique says:

    Really looking forward to the series, thanks for your effort and time for showing this stuff to us!

  7. Lord Melch says:

    Excellent article thanks. Keep up the good work.

  8. Rhoderick Milne says:

    Hi Robert,

    The Hyper-V Kemp VLB device is available.  I have previously installed it in my test lab Hyper-V cluster with minimal fuss.  Just ensure that you get sent a Hyper-V eval key and not an ESX key – that was my only issue.  

    http://www.kemptechnologies.com/us/server-load-balancing-appliances/virtual-loadbalancer/hyperv-vlm-download.html

    HTH

    Rhoderick

  9. Robert Gillies [MSFT] says:

    @Rhoderick – thanks for the pointer!

    @Everyone else – thanks for the comments and encouragement!

  10. Robert says:

    How did you configure the IP filtering for router?  I can’t seem to get the two networks separated.

  11. Robert Gillies [MSFT] says:

    @Robert – first I have to see if what I did works.  :)  What I did was set up filters.  On the replication network interfaces, I put an inbound filter that drops all packets except for those that were sourced on those IP subnets.  On the public/MAPI networks I put an inbound filter that receives all packets except those that come from teh replication network IP subnets.

    Make sense?

  12. Bob says:

    @Robert – Thanks for sharing this with us!

  13. Bob says:

    @Kemp – Thanks for sharing the virtualized HLB lab solution!

  14. Andreas says:

    While I’m not able to donate devices to test EAS functionality you are free to download my ActiveSync testing utility called EAS MD. It doesn’t implement actual continuous sync/push, but will do the initial FolderSync commands as well as specific tests like security policies, being provisionable and IRM. You can also define which protocol version of EAS you want to test (limited to Exchange 2007/2010 – no 2003 support).

    It is similar to http://testexchangeconnectivity.com, but has more options, more features, is fully updated for Exchange 2010 SP1, and comes as a stand-alone client for use on the desktop.

    Well, enough with the self promotion – use it if you like, or use real devices if people send you hardware :)

    Download here: http://mobilitydojo.net/downloads  

  15. techref6969 says:

    I may be getting ahead, if so please consider as this progresses. I’m wondering how to estimate disk space when all the single instance store messages are expanded (?) when the mailboxes are migrated from Ex2003 to Ex2010. I really wish MS kept that feature.

  16. Robert Gillies [MSFT] says:

    @techref6969 – While I understand that Single Instance Store (SIS) is a feature that most of our customers are worried about losing, we think that the gains in performance we see in the database outweigh the impact of losing the SIS.  Remember that in Exchange 2003 our guidance for how many messages to have in a single root folder was 5000 items (http://msexchangeteam.com/archive/2009/12/07/453450.aspx).  With Exchange 2010 and the changes made, we now allow up to 100,000 messages per folder.

    If you balance that gain against the fact that we implemented other database and store enhancements such as header compression and compression of HTML message payloads, we saw the size of the mailbox databases neither get larger or smaller overall.  Of course, specific customers might have some impact one way or the other, but for most of us there should be minimal space impact.

    Also, the storage calculator will keep in mind the size necessary on disk to store a specific amount of user data for planning purposes.  It takes into account overhead space like the indexes needed, the "white space" necessary for a healthy database, etc.

  17. UsedtobeNLB says:

    Used MS NLB happily for several years to LB our OWA/CAS servers… then switched to Cisco equipment, where the quickest way to kill a server is to use NLB.  Immediately stops all routing for the primary address and stops ALL traffic for the pseudo address.  We’re looking at Kemp for our 2010 implementation as well.

Comments are closed.