Planning for a Standard Exchange Organization
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2008-03-17
Of the four defined organizational models for Microsoft Exchange Server 2007, the standard Exchange organization represents the most common topology into which Exchange 2007 is deployed. As messaging service needs grow beyond the resource limits of a single computer, separation of Exchange 2007 services onto multiple computers becomes the next topological division: the standard Exchange organization. The standard Exchange organization builds upon the simple Exchange organization by deploying multiple computers running Exchange.
|For more information about the simple Exchange organization, see Planning for a Simple Exchange Organization.|
Unlike the simple Exchange organization, in which all Exchange services, except for the Edge Transport server, are installed on a single computer, the distinguishing characteristic of the standard Exchange organization is that Exchange services are installed on multiple computers. In this topology, Exchange Server is not installed on a directory server, and it may be installed on multiple member servers. In this case, adequate directory service resources must be available to meet the needs of the messaging system. Other distinguishing characteristics of the standard Exchange organization include:
The Service Delivery Location (SDL) and Client Service Location (CSL) reside on the same local area network (LAN).
There are more than 1,000 mailboxes in the organization.
There are fewer than five routing groups, and between one and five Active Directory directory service sites. Multiple locations and Active Directory sites introduce the multi-site routing protocol and role discovery algorithms, as well as a requirement to use IP site links.
Note: Multiple routing groups will only exist in a standard Exchange organization that includes Exchange 2007 and either Exchange Server 2003 or Exchange 2000 Server, or both. In a pure Exchange 2007 environment, all servers belong to a single routing group.
There is a single Active Directory forest. We recommend the single-forest Exchange design because it offers the richest set of mail system features and has the most streamlined administrative model. Because all resources are contained in a single forest, a single global address list (GAL) contains all users across the forest. The main disadvantage associated with this option is that administrators must determine how to share or divide responsibilities for managing Active Directory and Exchange objects. The introduction of a second or subsequent forest automatically redefines the topology as a complex Exchange organization.
Note: For more information about the complex Exchange organization, see Planning for a Complex Exchange Organization.
An Exchange organization with all of the previously listed characteristics is considered a standard Exchange organization. Standard Exchange organizations can also optionally include one or more Edge Transport Servers.
Historically, deploying a dedicated Active Directory site for Exchange services has been a recommended best practice. This optimization partitioned the global catalog servers for Exchange and Active Directory replication, a strategy that is typically used to mitigate performance issues that arise from using a common collection of domain controllers for Exchange and normal user, application, and logon activities.
In some situations when dedicated Active Directory sites are used, Exchange servers in those Active Directory sites are no longer considered to be in the routing path. This is usually the case when the Exchange site is subordinate to an Active Directory replication hub site via a single IP site link. There are several ways to address this issue including the placement of a Hub Transport server in the replication site or combining the sites.
We recommend that you introduce a new IP site link to bring the dedicated Active Directory site into the back-off routing path. One way to do this is to introduce new IP site links, which cause the site to be an intermediate site between other Active Directory sites with Exchange servers. On these new IP site links, Exchange override costs are created to identify the preferred route for message flow. The override cost will not affect Active Directory replication if the site cost is such that it is not a low cost route for Active Directory replication.
Another method is to introduce new IP site links, which place the dedicated Active Directory site between other sites with Exchange servers and then eliminate the existing site links. This method will not affect Active Directory replication to any branch offices but will change the Active Directory replication path for the dedicated Active Directory site.
The standard Exchange organization is any Exchange organization that is not simple, large, or complex. In the simplest form, this topology includes a single Active Directory site definition per SDL and it also contains a single point of egress to the Internet.
The following figure illustrates one example of a standard Exchange organization.
Figure 1 Standard Exchange organization
As you can see in Figure 1, the Woodgrove Bank topology includes two Active Directory sites connected by an IP site link. In this example, each SDL is responsible for providing minimum dependent services, such as name resolution and directory services using resources deployed on the local LAN. In addition, there are multiple Hub Transport servers and Edge Transport servers, and the Unified Messaging server is co-located with each Mailbox server.
During the planning phase of your deployment, and before you deploy any Exchange 2007 servers in a standard Exchange organization, we recommend that you consider the following points:
The single forest option offers the following advantages:
Provides the richest set of mail system features
Allows for a streamlined administrative model
Takes advantage of an existing Active Directory structure
Uses existing domain controllers and global catalog servers
Does not require provisioning or synchronization with other forests
An increase in the number of Exchange SDLs is generally accompanied by an overall increase in the number of mailboxes and an increased dependence upon reliable mail delivery. To meet these requirements, we recommend that you install multiple Edge Transport servers to address external mail flow requirements and multiple Hub Transport servers to address internal mail flow requirements. The requirement for multiple Hub Transport servers will not only be to service Mailbox servers from the immediate location, but will also likely include hub-to-hub communication across locations.
When Exchange servers are hosted across multiple Active Directory sites, directory replication latency becomes a consideration. Directory replication between Active Directory sites occurs much less frequently than it does between domain controllers within an Active Directory site. The actual cross-site replication interval cannot be predicted because this is configured according to the directory service administrator's design requirements. The replication latency across Active Directory sites is generally measured in fractions of or entire hours and continues to increase as the number of Active Directory sites increases. For more information about Active Directory replication within and between Active Directory sites, see Replication within a site, Replication between sites, and How the Active Directory Replication Model Works.
Deployment of Exchange 2007 server roles that respect network design assumptions is required to a much greater extent than with the simple Exchange organization.
Active Directory site and subnet mapping becomes critical for Exchange 2007 to function normally.
In this topology, although the Exchange organization is distributed across multiple physical locations, the external Simple Mail Transfer Protocol (SMTP)-specific and client protocol-specific namespaces are common across the locations. To provide resiliency and reliability of external services, and because in these environments, the network requirements for Internet connectivity become more stringent, we recommend that you implement a true perimeter network when deploying a standard Exchange organization. In addition, to achieve even higher security, we recommend that you use dissimilar firewall products on inner and outer firewalls, so that an attacker cannot use the same techniques on inner and outer firewalls to penetrate the internal network. For example, if you use Microsoft Internet Security and Acceleration (ISA) Server on the inner firewall, use a non-Microsoft product on the outer firewall, or vice versa.
When deploying a standard Exchange organization, providing high availability deployment options becomes a consideration. In Exchange 2007, there are multiple solutions that can be used to provide high availability for each server role. For more information about high availability strategies and features for Exchange 2007, see High Availability.
If you are transitioning from an existing Exchange Server 2003 or Exchange 2000 Server organization to an Exchange 2007 organization, be aware that you cannot perform an in-place upgrade of your existing servers. You must add one or more Exchange 2007 servers to your existing organization, move mailboxes and other data to Exchange 2007, and then remove the Exchange 2003 or Exchange 2000 server from the organization.
For more information about deploying and transitioning to a standard Exchange 2007 organization, see Deploying a Standard Exchange Organization.