So....a detailed design of this magnitude is not something I would attempt to do via email. That being said, you've obviously done lots of investigation already, which is a good thing. I'd recommend you sit down with someone who has done a migration this large and spend a couple of days coming up with a detailed plan.
I think you don't need that many servers based on 15K users. I'd probably go with four HT/CAS combinations. [1] what's your RTO? What, if anything is your backup speed/mechanism? That's the questions that defines the answer. [2] Depends on your user mix. If everyone is Outlook and you want one CAS to be able to handle the load of two CAS in case of h/w failure, I'd probably look at limiting my NORMAL active user count to around 4,000. What you want to watch out for is TCP port exhaustion. 4K users is probably going to sit around 25K ports, 8K users about 50K ports, which still gives you a little headroom for multi-mailbox users. Bumping that to 5,000 is too many. On the other hand, if everyone is using OWA, that's one port per CAS and if you size your hardware right, you can support 20K users on that CAS. Note: Outlook uses about six TCP ports per mailbox. Doesn't matter whether Outlook Anywhere or MAPI; it's still about six ports. Every additional mailbox that you have Outlook open adds ANOTHER six ports. So, if your normal configuration is to have every user open their own mailbox plus a shared mailbox, you've just cut your headcount that can be served by a single CAS in half. [3] as long as you configure all the internal and external URI's properly, Exchange doesn't care. [4] You need your OWA name, your autodiscover name, and I like to add my SMTP name. That's it. You must have (minimally) a self-signed certificate on every hub so that every hub can communicate with every other hub and MB server using SSL/TLS. All communications are encrypted. [8] proper configuration of your OutlookProviders (see Set-OutlookProvider) and autodiscover handle this. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: helpdesk UK [mailto:uk.helpd...@gmail.com] Sent: Saturday, January 01, 2011 8:55 AM To: MS-Exchange Admin Issues Subject: Designing & Implementing Exchange 2010 in the new year. Hi Wish everyone a Happy New Year!!! Currently we have Lotus Domino and Windows 200 AD and it has not been maintained well. Also due to various business reasons the migrations have been long over due; hence we will be getting rid of it all soon and moving to Windows 2008 and Exchange 2010. We are not migrating stuff it will all be a new install and users will be imported from scratch. Our internal AD FQDN and external FQDN are changing too due to business mergers. I have been tasked to sort out the Exchange 2010 design. New FQDN ========= externalfqdn.com<http://externalfqdn.com> = External Name Space internalfqdn.internal = Internal Name Space (AD 2008 R2) No. of Users ========== Total number of users will be approx. 10,000 to start off with and potential for another 3000 in 6 months' time. But after a year the business plans are to grow even more so the solution is being designed with that in mind so we can expand easily. CAS servers =========== CAS1.internalfqdn.internal CAS2.internalfqdn.internal CAS3.internalfqdn.internal CAS4.internalfqdn.internal Mail Servers ============ MBX1.internalfqdn.internal MBX2.internalfqdn.internal MBX3.internalfqdn.internal MBX4.internalfqdn.internal HT Servers ========== HT1.internalfqdn.internal HT2.internalfqdn.internal HLB (Hardware Load Balancers) ========================== 2 * HLB ( this is still being discussed no product has been finalised yet ) Virtualisation =========== VMware ESX is the product of choice and all servers will be running virtually and storage will be on a fibre SAN. Queries ====== 1. How many users should we have in one database? 2. How many users should we have overall on one single server? 3. We intend to use the same FQDN name internally and externally on the CAS server URL setting; in spite of our FQDN internally and externally are not the same. Is this recommended or any known gotchas? a. External URL ( mail.externalfqdn.com<http://mail.externalfqdn.com> ) b. Internal URL ( mail.externalfqdn.com<http://mail.externalfqdn.com> ) c. We will apply the external URL using the new "Configure External Client Access Domain wizard" and the internal URL's manually using power shell. d. We will also create a new AD zone for our external FQDN and ensure required records point to internal ip address of the HLB ( www / mail / autodiscover / etc.... ) 4. Clarification on the SAN certificate. a. We intend to do SSL Offloading on HLB any gotchas/recommendations? b. If we have a HLB than we only need a single SAN cert correct on the HLB? c. Will the CAS servers need any certificates at all I guess not due to the two points above)? d. Do we need to add any more FQDN's / hostnames in the list mentioned below for the SAN certificate? E.g. server NETBIOS names / internal FQDNS of CAS servers? SAN certificate for CAS servers & DNS records requirements ================================================= mail.externalfqdn.com<http://mail.externalfqdn.com> = (OWA + ECP + EAS + OAB + EWS ) autodiscover.externalfqdn.com<http://autodiscover.externalfqdn.com> = Auto Discover internalfqdn.internal autodiscover.internalfqdn.internal ? ? ? 5. DNS A records which will be created are as follows: mail.externalfqdn.com<http://mail.externalfqdn.com> = (OWA + ECP + EAS + OAB + EWS) autodiscover.externalfqdn.com<http://autodiscover.externalfqdn.com>= Auto Discover autodiscover.internalfqdn.internal outlook.externalfqdn.com<http://outlook.externalfqdn.com> = (RPC CAS Array FQDN) 6. All of the DNS records mentioned above will be created and pointed to the HLB ip address? a. Either the external NAT'ed ip address. b. Internal ip address of HLB (VIP) 7. We will implement DAG on a single database only with 3 copies which will hold the most critical mailboxes only. All the rest of the databases will have normal databases without DAG. 8. We are still trying to figure out the best and easiest way to manage outlook settings for different types of users. a. Mobile users who will need access to Outlook when on the move seamlessly. b. Static desktop users who will not need that kind of access so we need to apply outlook settings accordingly. c. To achieve the above is the old fashioned "outlook.prf" the only way or GPO has been enhanced to provide such features. d. What we don't want is the msstd: settings to be applied to users who don't need them and let them connect normally. On the other hand mobile users when in office will use the msstd: settings and automatically resolve to an internal ip address of the HLB (as mentioned in (point 3 (d) above) & once they go out of the office DNS will resolve to external ip add of the firewall which is than NAT'ed to the HLB. Any other things we should consider and have not thought off please feel free to express your thoughts. Thanks Jim --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
