Recommendations for Large Organizations


Topic Last Modified: 2005-10-13

The recommendations for medium organizations are also applicable to large organizations that have more than 1,000 users and possibly multiple server locations or even multiple messaging systems. For example, large organizations should ensure that multiple domain controllers and global catalog servers are available in each server location. However, you must consider several requirements that go beyond the needs of medium organizations. In locations that have many servers, you might deploy a multi-node cluster of Exchange mailbox servers in front of a Storage Area Network to support a very high number of users. You might also deploy dedicated bridgehead servers to optimize message transfer. The following figure shows an environment that has clustered mailbox servers and bridgehead servers in several locations.

A large Exchange 2003 organization that has three server locations


Consider the following recommendations when you develop a server consolidation strategy for a large organization:

  • Deploy a redundant DNS and Active Directory infrastructure in all server locations   As mentioned in the previous section, your environment requires a dependable DNS and Active Directory infrastructure that provides reliable services to the Exchange 2003 organization. Most critical is the location of domain controllers, global catalog servers, and the directory replication topology. The Active Directory forest of an Exchange 2003 organization should have more than one domain controller in each domain, multiple global catalog servers in each server location, and a well-structured site topology for efficient directory replication.

  • Deploy dedicated mailbox and bridgehead servers in locations that have a large number of users   The sample environment illustrated in Figure 5 shows dedicated mailbox and bridgehead servers in locations A and B. Dedicated bridgehead servers between routing groups help to reduce processing requirements for message transfer on mailbox servers. Server location C does not have a bridgehead server because the mailbox server was deemed powerful enough to function as a bridgehead server, as well. For load balancing and increased fault tolerance, consider deploying multiple bridgehead servers.

    You may also make bridgehead servers responsible for distribution group expansion, which is a useful setting if you want to prevent groups that have thousands of members from expanding on mailbox servers. If you specify an expansion server for a distribution group, all other Exchange servers in the organization must forward messages addressed to this mail-enabled group to its expansion server first. The expansion server then populates each message header with group membership information before transferring the message to its destinations.

  • Keep the number of routing groups to a minimum   Figure 5 shows a configuration of three routing groups that correspond to server locations. These routing groups are connected to each other through routing group connectors on bridgehead servers. However, if the network connections between the server locations are fast and reliable (for example, a VPN over fast Internet connection), you might be able to eliminate all bridgehead servers by placing all mailbox servers into a single routing group. Within a single routing group, message transfer is always direct from mailbox server to mailbox server. Routing group connectors or bridgehead servers are not required.

    The smaller the number of routing groups in an Exchange 2003 organization, the smaller the link state table that is used to replicate link state information between all Exchange 2003 servers. This means that less bandwidth is required to transfer link state information over the computer network. An Exchange 2003 organization can span up to 1,000 routing groups, but it is best to restrict the number of routing groups to fewer than 150.

  • Migrate the entire organization to Exchange Server 2003   Mixed environments that have multiple messaging systems require additional bridgehead servers and messaging connectors to connect the systems. The additional servers and connectors increase administrative overhead and network requirements. Consequently, if your organization uses Exchange Server 5.5 or non-Exchange messaging systems, you can streamline the messaging infrastructure by migrating all users to Exchange 2003. It might be possible to migrate users from different messaging systems to a single Exchange 2003 mailbox server.

  • Deploy front-end servers in locations that have multiple mailbox servers   If you have multiple mailbox servers and want to provide users with access to mailboxes through Outlook Web Access 2003, POP3, or IMAP4 over the Internet, you might find it helpful to deploy a farm of dedicated front-end servers. A front-end server is a computer that receives incoming client connections and proxies them to an appropriate mailbox server. Front-end servers determine the location of each resource in the organization by using Active Directory. In a location that has multiple mailbox servers, front-end servers provide a single point of access to all messaging resources, regardless of the actual mailbox server where the resources reside. By deploying multiple front-end servers in a server farm, you can provide load balancing and eliminate single points-of-failure for incoming client connections.

    Front-end servers can help to reduce the workload of mailbox servers. SSL encryption can be enabled on the front-end servers, offloading these processing requirements from the mailbox servers. You can place the front-end servers in the perimeter network. However, when you use ISA Server 2000 with Feature Pack 1, it is better to place the ISA servers in the perimeter network instead, and move the Exchange front-end servers to the internal network. This simplifies your configuration and gives front-end servers full access to Active Directory domain controllers. Plus, you benefit from the security features of ISA Server when you provide access to Outlook Web Access 2003 over the Internet. For information about using ISA Server 2004 with Exchange Server 2003, see Using ISA Server 2004 with Exchange Server 2003.

    Front-end servers should not hold any mailboxes or public folders. In server locations that have only one Exchange server holding mailboxes and public folders, you can configure ISA Server to proxy incoming client connections directly to the mailbox server. In this scenario, a front-end server is not necessary.
  • Choose an active/passive configuration for Windows clusters running Exchange Server 2003   Windows clusters are most suited for very large mailbox servers that have a high availability requirement. A cluster is a group of servers connected to each other by means of a public and private network, as well as an external storage system. The physical servers can act as one or many virtual Exchange 2003 servers. A virtual server corresponds to a generic IP address and a network name, and owns a disk resource in the cluster. Any of the cluster nodes can then host the virtual servers, and users can access all of the resources in the cluster without having to know the actual name of the node that currently hosts the virtual server. When you configure a virtual Exchange 2003 server, place the mailbox and public folder stores on the shared disk system. Only the Enterprise Edition of Exchange 2003 supports the Windows Clustering.

    The following figure shows the main components of a multi-node cluster, which can support a very large number of users, for example, 9,000 users in Location B of the figure above. By grouping two or more computers together in a cluster, you minimize system downtime caused by software, network, or hardware failures because another node can automatically take over a virtual Exchange 2003 server if the node that is currently executing the virtual server fails. This process is called a failover.

    A multi-node active/passive cluster for three Exchange 2003 mailbox servers.


    Failover can also be triggered manually. For example, you can intentionally fail over a virtual server to the passive node if the currently active node requires maintenance. Users are disconnected only for a brief period of time during the failover process. The hierarchy of service dependencies was flattened in Exchange 2003, so that virtual Exchange 2003 servers fail over significantly faster than virtual servers running a previous version of Exchange. Users might not notice the short downtime period if they are using Outlook 2003 in Exchange cached mode.

    Simplified hardware and software maintenance is one of the main reasons why organizations deploy Windows clusters. You can move the virtual servers to alternate nodes and then perform hardware or software upgrades on the original node, which is now passive. To upgrade hardware or software in this way is called a rolling upgrade.

    You can configure multiple virtual servers on one cluster. However, consider several limitations when you design a server cluster. For example, a server cluster can have only one public folder store associated with the MAPI-based public folder hierarchy. Several components, such as Connector for Lotus Notes or Novell GroupWise, are not cluster-aware at all. Furthermore, a physical Exchange 2003 server cannot manage more than four storage groups. If you specify that virtual Exchange 2003 servers have multiple storage groups, ensure that a node does not have to run more than one virtual server at a time. Otherwise, you might create a situation in which a particular node must host more than four storage groups. You can address this issue in an active/passive cluster configuration by ensuring that the failover happens only to the passive node. It is possible to configure preferred nodes for failover.

    You should leave at least one node free of a virtual server so that this passive node can take over a virtual server from a failing node without impacting performance. In an active/active configuration, one of the remaining nodes would have to assume the extra workload, in addition to its own virtual servers, when a cluster node fails or is failed over manually. It is important to note that Microsoft does not support active/active configurations in cluster configurations that have more than two nodes. For more information about clustering with Windows Server 2003 and Exchange 2003, see Using Clustering with Exchange 2003: An Example.

    Windows Clustering does not provide load balancing or storage redundancies. Virtual Exchange 2003 servers can be moved over from a failed node to another node in the cluster, but it is impossible to run the same virtual server on multiple nodes at the same time, or to specify that multiple virtual servers use replicated copies of the same messaging databases. Each virtual server must have an individual set of databases. Consequently, you must either configure the disk subsystem by using RAID 5 or RAID 0+1, or deploy a high-availability Storage Area Network solution.
  • Use a Storage Area Network to implement the storage system for multiple mailbox servers   Because Exchange 2003 supports Windows clusters that have up to eight nodes, a powerful and reliable shared disk system is required to implement the storage subsystem for all the messaging databases. If the number of users in a server location justifies the investment, consider deploying a Storage Area Network. Server clusters are a perfect choice for front-end Storage Area Network-based data storages. Storage Area Networks rely on Internet SCSI (iSCSI), Fibre Channel switching, or Gigabit Ethernet technology, which connects the storage systems, on which data is stored and protected, to the computer systems running Windows Clustering and the virtual Exchange 2003 servers. Fibre Channel switching or Gigabit Ethernet technology is fast and reliable, and allows hardware vendors to create storage solutions of up to several terabytes (TB). Complete Storage Area Network packages include the hardware, as well as the necessary storage management software. In a reliable Storage Area Network environment, multiple paths exist to the stored data, and the data can be backed up and restored efficiently.

    The storage industry is moving toward a seamless Storage Area Network provisioning model, where storage can be added at any time and reallocated to applications, such as Exchange 2003, as needed. Windows Server 2003 supports this model by providing support for emerging Storage Area Network industry standards like iSCSI, as well as established standards like Fibre Channel and Gigabit Ethernet.
  • Configure mailbox servers that have four storage groups and a large number of mailbox stores   Exchange 2003 supports up to four storage groups, each containing up to five messaging stores. Distribute the mailboxes across multiple mailbox stores to keep the size of individual databases manageable. Also, distribute the mailbox stores across multiple storage groups. Databases within a single storage group share a common set of transaction log files and must be backed up together. Separate storage groups use individual sets of transaction logs. They can be backed up in parallel and they support concurrent I/O operations, which improves performance. The Microsoft Exchange Information Store service operates by using multiple threads that can write transactions for separate transaction log files concurrently. For more information about designing storage groups and mailbox databases, see Planning an Exchange Server 2003 Messaging System.


Community Additions