Welcome Sign in
Skip Navigation Links
Exchange Server TechCenter
Click to Rate and Give Feedback
TechNet
TechNet Library
Exchange Server
 Overview of Namespace Planning
Overview of Namespace Planning

Topic Last Modified: 2008-05-27

Patricia DiGiacomo Eddy

One of the most important decisions that you must make before you deploy Microsoft Exchange Server 2007 is how to arrange the namespace for your organization. A namespace is a logical structure that is usually represented by a domain name in DNS. When you define your namespace, you must consider the various locations of your clients and the servers that house their mailboxes. In addition to the physical locations of clients, you must evaluate how they connect to Exchange 2007. The answers to these questions will determine how many namespaces you must have. Your namespaces will typically align with your DNS configuration. A namespace is usually represented in DNS by an A record such as mail.contoso.com or mail.europe.contoso.com.

The decisions that you make about your namespaces will affect the following:

  • How you configure DNS.
  • What certificates you must have to encrypt communications between your computers that are running Exchange 2007 and your organization's client computers and devices.
  • How your clients access their mailboxes.

Planning your namespaces involves examining your physical and logical network structure and choosing an organizational topology. This article presents several different topologies and provides information about how using the different topologies would affect your Exchange organization.

We will examine the following topologies:

  • Consolidated Data Center Model   This model consists of a single physical site. All servers are located within one physical site and there is a single namespace, such as mail.contoso.com.
  • Single Namespace with Proxy Sites   This model consists of multiple physical sites. Only one site contains an Internet-facing Client Access server. The other physical sites are not exposed to the Internet. There is only one namespace for the sites in this model, for example, mail.contoso.com.
  • Single Namespace and Multiple Sites   This model consists of multiple physical sites. Each site can have an Internet-facing Client Access server or there may be only a single site that contains Internet-facing Client Access servers. There is only one namespace for the sites in this model, for example, mail.contoso.com.
  • Regional Namespaces   This model consists of multiple physical sites and multiple namespaces. For example, a site that is located in New York City would have the namespace mail.usa.contoso.com, a site that is located in Toronto would have the namespace mail.canada.contoso.com, and a site that is located in London would have the namespace mail.europe.contoso.com.
  • Multiple Forests   This model consists of multiple forests that have multiple namespaces. An organization that uses this model could be made up of two partner companies, for example, Contoso and ContosoOnline. Namespaces might include mail.usa.contoso.com, mail.europe.contoso.com, mail.asia.contosoonline.com, and mail.europe.contosoonline.com.

Consolidated Data Center Model

The consolidated data center model is the simplest model considered in this article. It consists of one physical site.

Exchange 2007 single namespace topology

The advantages of this model are:

  • There are fewer DNS records to manage than with multiple namespace models.
  • There are fewer certificates to manage. Communications between the Exchange Client Access server and clients can be encrypted in several ways. We recommend using a single certificate that supports Subject Alternative Names. For more information, see Unified Communications Certificate Partners for Exchange 2007 and for Communications Server 2007.
  • End users do not have to determine which namespace to use. All end users use the same namespace and URL to access Microsoft Exchange.

The disadvantages of this model include:

  • This model does not support multiple data centers.
  • If regional Internet links are slow because of low bandwidth, high latency, or high use, end users in those regions will experience poor performance.

Single Namespace with Proxy Sites

This model consists of multiple physical sites that use a single namespace. One of the sites has one or more Internet-facing Client Access servers. The other sites do not contain Internet-facing Client Access servers.

Important:
Installing a Client Access server in a perimeter network is not supported.

The following figure illustrates this model.

Single Namespace Proxy Sites

The advantages of this model are as follows:

  • There are fewer DNS records to manage than with multiple namespace topologies. This reduces operational complexity.
  • There are fewer certificates to manage. Communications between the Client Access server and clients can be encrypted by using a single certificate that supports Subject Alternative Names.
  • End users do not have to determine which namespace to use. All end users use the same namespace and URL to access Microsoft Exchange.

There are also several disadvantages to deploying a single namespace with proxy sites. These include the following:

  • A high percentage of users will access their Mailbox server through proxying. If a user connects to a Client Access server that is not in the same physical site as their Mailbox server, they will be proxied to a Client Access server that is in the same physical site as their Mailbox server. Because of the added proxying, WAN link costs will increase and performance will not be optimal. The effect on performance depends on the distance between the two physical data centers.
  • Access to Windows SharePoint Services libraries and Windows file shares is not possible when users connect to a Client Access server that is not within the same site as their Mailbox server. The failure occurs because access to Windows SharePoint Services libraries and Windows file shares requires the user's user name and password. In a proxying scenario, communication to the Windows SharePoint Services libraries and Windows file shares is performed through the Exchange service account. This account is not aware of the user's user name and password.

Single Namespace with Multiple Sites

This model consists of multiple physical sites that use a single namespace. Behind an ISA Server server or another firewall, each site can have one or more Internet-facing Client Access servers. This model also requires a load balancing solution that splits the incoming traffic equally between the Internet-facing sites. We do not recommend deploying this kind of topology.

Important:
Installing a Client Access server in a perimeter network is not supported.

The following figure illustrates this model.

Exchange 2007 multiple site topology
Caution:
We do not recommend that you deploy this model.

The advantages of this model are as follows:

  • There are fewer DNS records to manage than with multiple namespace models. This reduces operational complexity.
  • There are fewer certificates to manage. Communications between the Client Access server and clients can be encrypted by using a single certificate that supports Subject Alternative Names.
  • End users do not have to determine which namespace to use. All end users use the same namespace and URL to access Microsoft Exchange.

There are also several disadvantages to deploying a single namespace with multiple sites. These include the following:

  • A high percentage of users will access their Mailbox server through proxying. If a user connects to a Client Access server that is not in the same physical site as their Mailbox server, they will be proxied to a Client Access server that is in the same physical site as their Mailbox server. Because of the added proxying, WAN link costs will increase and performance will not be optimal. The effect on performance depends on the distance between the two physical data centers.
  • In a topology that includes Microsoft Exchange ActiveSync, devices will receive an error when they connect to a Client Access server that does not reside in the same site as their Mailbox server and Exchange ActiveSync will fail. Exchange ActiveSync does not support redirection.
  • Access to Windows SharePoint Services libraries and Windows file shares is not possible when users connect to a Client Access server that is not within the same site as their Mailbox server. The failure occurs because access to Windows SharePoint Services libraries and Windows file shares requires the user's user name and password. In a proxying scenario, communication to the Windows SharePoint Services libraries and Windows file shares is performed through the Exchange service account. This account is not aware of the user's user name and password.
    Important:
    We do not recommend deploying a topology that has a single namespace and multiple Active Directory sites. If your topology uses multiple Active Directory sites, we recommend that you use a regional namespace model.
    Note:
    To deploy a single namespace with multiple sites, you must clear the ExternalURL values for the virtual directories on the Internet-facing Client Access servers if you want to disable redirection and enforce proxying.

Regional Namespaces

The multiple site model that uses a different namespace for each site is known as a regional namespace model. The following figure illustrates the regional namespace model.

Exchange 2007 multiple namespace topology

The advantages of this model are as follows:

  • Proxying will be reduced because a larger percentage of users will be able to connect to a Client Access server in the same Active Directory site as their Mailbox server. This will improve the end-user experience and performance. Users who have mailboxes in a site that does not have an Internet-facing Client Access server will still be proxied.

The disadvantages to this model are as follows:

  • Multiple DNS records must be managed.
  • Multiple certificates must be obtained, configured, and managed.
  • Managing security is more complex because each Internet-facing site requires an ISA Server computer or other firewall.
  • Each user must connect to their own regional namespace. This may result in additional help desk calls and training.
Important:
We recommend that any topology that involves multiple Active Directory sites use the regional namespace model.

Multiple Forests

This model consists of multiple forests with multiple namespaces. An organization that uses this model could be made up of two partner companies, Contoso and ContosoOnline. Namespaces might include mail.usa.contoso.com, mail.europe.contoso.com, mail.asia.contosoonline.com, and mail.europe.contosoonline.com.

We recommend that you implement a regional namespace model for each forest to provide the highest level of performance for end users. Multiple certificates must be managed for each forest.

For more information about Exchange 2007 SP1, see What's New in Exchange Server 2007 Service Pack 1.

For more information about Windows Mobile 6.1, see the Windows Mobile Home page.

Patricia DiGiacomo Eddy - Senior Technical Writer, Microsoft Exchange Server

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
Processing
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker