Today we kick off Robert's Rules of Exchange, a series of blog posts in which we take a fictitious company, describe their existing Exchange implementation, and then walk through the thought processes behind the design, installation, and configuration of their Exchange 2010 environment. Robert's Rules of Exchange: Table of Blog Contents will serve as a reference for all posts in this series.
This post provides an overview of the scenario that will be used throughout this series. Here, we'll define the RobertsRules.ms network, the servers, the situation in which the company finds itself, and the goals and requirements around implementation of Exchange 2010 in their environment.
The Robert's Rules Company
Robert's Rules is a fictitious company that creates straight edges designed for engineering and drafting work. For those of you that do not speak English as a first language, please reference http://www.merriam-webster.com/dictionary/rule - definition 4 for this use of the word "rule". Some of our competition can be seen here: http://www.bing.com/shopping/search?q=engineering%20ruler&qpvt=engineering+ruler.
Robert's Rules is located in the United States, and has a proud southern US heritage. The main datacenter is in Huntsville, AL (referred to as "HSV"). Another smaller datacenter is located at Lightfoot Hollow (referred to as "LFH"), which is in Winchester, TN. Both of these datacenters host Exchange servers and provide email services for Robert's Rules users.
Robert's Rules has an Internet domain that is primarily used for email services. This domain is RobertsRules.ms. At this time, the RobertsRules.ms domain provides no other public Internet services.
The Exchange Environment
Robert's Rules initially deployed Exchange 2003 into their environment for internal Outlook 2003 users only. As their sales force has grown, they have developed a requirement for external/Internet-based access to email. As they looked at their requirements in this area, it was determined that a VPN or DirectAccess type of solution would be more of an investment than they would like to make, and that simply publishing Exchange onto the Internet would meet all of their current requirements.
The Robert's Rules IT department decided to move the company to Exchange 2007. As a pilot, Exchange 2007 was deployed in the HSV datacenter. Unfortunately, this deployment was not completed successfully, primarily because the senior Robert's Rules email administrator won the Tennessee PowerBall Lottery and retired to a less stressful life as a professional poker player in Las Vegas.
The CIO decided to abandon further efforts to move to Exchange 2007 and focus all further upgrade efforts around Exchange 2010. As we deploy Exchange 2010 in this environment, we will have to co-exist with the Exchange 2003 and Exchange 2007 servers currently in the environment.
Windows Server 2003 was used for the Exchange Server 2003 machines, Windows Server 2008 for the Exchange Server 2007 machines, and Windows Server 2008 R2 for the Exchange Server 2010 machines. Both domain controllers are Windows Server 2008 R2, with the Active Directory in Windows Server 2008 forest functional mode. All servers are kept up to date on the appropriate service packs, rollups and patches as recommended by Microsoft.
The Email Clients
The user community at Robert's Rules is primarily made up of people that do not sit at their desk doing email all day. There are factory workers, shipping facility workers, engineers that design the drafting instruments that the company sells, etc. As such, about 90% of the people at Robert's Rules have an email profile where they send and receive less than 50 messages/day , with the average message size in the 75KB range. The remaining 10% of users are VIPs and sales executives that send and receive an average of 100 messages/day, with the average message size of 100KB.
Robert's Rules currently has a mixture of Outlook 2003, Outlook 2007 and Outlook 2010 clients deployed. All clients are kept up-to-date with service packs and security patches. Some of these clients are primarily desktop machines (internal corporate access), and some are laptops for the sales force and a few VIPs and these laptops are sometimes on the internal network, and sometimes external (Internet access from hotels, airports and other WiFi access points). The desire is for the transition between internal and external access (and back) for the sales force to be transparent to the user.
Robert's Rules has a new requirement to provide mobile email access to users with mobile devices that support Exchange ActiveSync (EAS), as well as web-based email access (using OWA) internally and from the Internet.
As described above, Robert's Rules has two datacenters that do (and will) host Exchange. They have a publicly routed network in each of the two datacenters, as well as a dedicated replication network between the two datacenters. All client access, as well as all normal server-to-server communications will happen on the publicly routable network. The customer wishes to leverage the replication network for our DAG replication in Exchange 2010.
Each of the two datacenters has a perimeter network. ForeFront Threat Management Gateway (the next-generation release of ISA Server) is used for reverse proxy and web publishing.
The Exchange 2010 Goals
Robert's Rules would like to upgrade their environment to Exchange 2010, raising their availability stance (they currently have no clusters or load-balancing in place), raising the hygiene stance (they currently have no spam filtering in place, and would like to move to Microsoft's Forefront Protection for Exchange virus scanning). Robert's Rules would like to introduce the idea of site resilience into their Exchange 2010 environment as well. Also, as stated above, they want to provide access from the Internet for Outlook Anywhere and Exchange ActiveSync clients.
To meet these requirements, we will be deploying two Edge Transport servers in the perimeter, two CAS/HT servers in each of our datacenters, two Mailbox servers in the HSV datacenter, and one Mailbox server in the LFH datacenter. We have separated the Client Access role from the Mailbox role because as a small organization, Robert's Rules has chosen to utilize Windows Network Load Balancing. Windows NLB is not supported on servers that utilize Windows Failover Clustering, and the DAG servers will utilize clustering, so we are required to separate these roles.
Exchange server sizing was accomplished utilizing the Exchange 2010 Mailbox Server Role Requirements Calculator from the Exchange Team Blog. All sizing guidance in that calculator comes directly from the Exchange 2010 core documentation on TechNet. To review and understand this information, start with Mailbox Server Storage Design, which is the core to how we size Exchange 2010 storage. Storage design leads us to Mailbox Server Processor Capacity Planning. Once we understand our mailbox role processor capacities, we can also get our processor configuration for all other server roles and the memory configuration for all roles from the guidance in Understanding Exchange Performance.
The Blog Lab Environment
To simulate the Robert's Rules network in my lab, I will be using a single server running Windows Server 2008 R2. By being aggressively skimpy with RAM configurations on these servers, I hope to shoehorn this entire production into the 24 GB of RAM in my server. Some 32-bit client machines, where feasible, will be hosted on my Windows 7 desktop machine (which resides on the same home network as the server).
To implement the virtual networks for the lab itself, I have chosen to do something like what's shown in this diagram:
This shows two separate routers, and I have actually done this with a single Windows 2008 R2 server running RRAS (configured for IP routing only), and used filters to ensure that traffic that's supposed to be on the replication networks is not allowed on the public networks and vice versa. I am simulating a full perimeter network with a third network off of my ISA server. I will only have this one perimeter network, but for the demonstration purposes of this series of posts, this shouldn't be an issue.
You can see that the "outward facing" network is my "home network". That's the network that my home desktops, my work laptops, my server, my wife's and kids' machines, and our four Xbox 360s use to connect to the Internet. As such, I gave that network interface on my ISA server a static IP address, and I will use my Internet router to "port forward" specific ports to the ISA server. With this, I hope to be able to perform everything from simply sending and receiving Internet email all the way through using the MFG (Microsoft Federation Gateway) to show Exchange 2010 Federation capabilities.
The lab begins with Exchange 2003 and Exchange 2007 deployed as shown in the following diagram:
When we have added Exchange 2010 to this environment, it should look similar to the following diagram:
Note that I will only be able to test for a variety of Windows Mobile phones (mostly utilizing emulators), as I am limited to what I have in hand. If anyone would like to donate an iPhone, iPad, or Droid device and the associated service necessary, I will be more than happy to test and document my findings. Similarly, all clients tested will be various supported Outlook versions. For those that want to see EWS for the Mac client, please provide a Macintosh computer and I will be happy to test that as well!