I would propose that if they are unwilling to bring in outside help, then it becomes more important that your group receive some kind of training beforehand. Depending on your Microsoft agreement, there may be funds available to offset some of the cost of migration as well as training dollars!
-Paul From: helpdesk UK [mailto:uk.helpd...@gmail.com] Sent: Tuesday, January 04, 2011 7:02 AM To: MS-Exchange Admin Issues Subject: Re: Designing & Implementing Exchange 2010 in the new year. I completely agree with your comments and I would not do that either but the fact is as follows...simply to convince management that we need to get it right & has been a massive challenge itself but they have agreed on one condition that internal IT would have to design and implement this solution. Getting external companies involved is not possible due to the cost. I guess the IT Director is trying to justify our jobs & savings as we are going through redundancy due to a merger in all depts. :( So as a team of 5 we have to perform 100% !!! So coming back to your comments are fantastic some information I could not find anywhere :) So when you "four HT/CAS combinations" say do you mean a combined role installation ? The number of users could double within two years would that still be recommended approach OR should we stick to a distributed approach ? 1. RTO : This will be D2D2T (T = Tape Library) solution using veritas. We are also considering a de-duplicator but that is being discussed. 2. User mix this was amazing question it completely slipped out of my mind ? Three types of Users we will provide service for are as follows: Based on 10K Users ================ a. OWA Users = 8 k ( They will use only OWA internally and while at home ) b. Outlook Users = Per site we will have approx 300 users using Outlook ( Current Total = 2000 Users ) c. Mobile Phone users ( IPhone / HTC ) = These users will be the same users in point 2 but I would probably say not even 500 users will be given company phones for this purpose. Those 2000 users mentioned above in (b) will also have DAG enabled Database and will spread them accross 3 servers. All servers will be in the single AD site, same physical Data Center and subnet. I hope by this discussion I will get a firm understanding of how many servers we will need & what roles will reside on which servers. 3. But are there any guidelines that the name for OWA / ecp etc....should not be the same as the RPC ARrray ? 4. My impression was exchange 2010 generates a self signed ssl at the time of the install or is this a manual task for SSL / TLS ? 8. I am beginning to read up on this one.... :) "Set-OutlookProvider" :) I hope this is the answer to all our problems for Outlook configuration. Thank you so much and looking forward for some ideas. :) cheers Jim On 3 January 2011 17:16, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: So....a detailed design of this magnitude is not something I would attempt to do via email. That being said, you've obviously done lots of investigation already, which is a good thing. I'd recommend you sit down with someone who has done a migration this large and spend a couple of days coming up with a detailed plan. I think you don't need that many servers based on 15K users. I'd probably go with four HT/CAS combinations. [1] what's your RTO? What, if anything is your backup speed/mechanism? That's the questions that defines the answer. [2] Depends on your user mix. If everyone is Outlook and you want one CAS to be able to handle the load of two CAS in case of h/w failure, I'd probably look at limiting my NORMAL active user count to around 4,000. What you want to watch out for is TCP port exhaustion. 4K users is probably going to sit around 25K ports, 8K users about 50K ports, which still gives you a little headroom for multi-mailbox users. Bumping that to 5,000 is too many. On the other hand, if everyone is using OWA, that's one port per CAS and if you size your hardware right, you can support 20K users on that CAS. Note: Outlook uses about six TCP ports per mailbox. Doesn't matter whether Outlook Anywhere or MAPI; it's still about six ports. Every additional mailbox that you have Outlook open adds ANOTHER six ports. So, if your normal configuration is to have every user open their own mailbox plus a shared mailbox, you've just cut your headcount that can be served by a single CAS in half. [3] as long as you configure all the internal and external URI's properly, Exchange doesn't care. [4] You need your OWA name, your autodiscover name, and I like to add my SMTP name. That's it. You must have (minimally) a self-signed certificate on every hub so that every hub can communicate with every other hub and MB server using SSL/TLS. All communications are encrypted. [8] proper configuration of your OutlookProviders (see Set-OutlookProvider) and autodiscover handle this. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com<http://theessentialexchange.com/> From: helpdesk UK [mailto:uk.helpd...@gmail.com<mailto:uk.helpd...@gmail.com>] Sent: Saturday, January 01, 2011 8:55 AM To: MS-Exchange Admin Issues Subject: Designing & Implementing Exchange 2010 in the new year. Hi Wish everyone a Happy New Year!!! Currently we have Lotus Domino and Windows 200 AD and it has not been maintained well. Also due to various business reasons the migrations have been long over due; hence we will be getting rid of it all soon and moving to Windows 2008 and Exchange 2010. We are not migrating stuff it will all be a new install and users will be imported from scratch. Our internal AD FQDN and external FQDN are changing too due to business mergers. I have been tasked to sort out the Exchange 2010 design. New FQDN ========= externalfqdn.com<http://externalfqdn.com/> = External Name Space internalfqdn.internal = Internal Name Space (AD 2008 R2) No. of Users ========== Total number of users will be approx. 10,000 to start off with and potential for another 3000 in 6 months' time. But after a year the business plans are to grow even more so the solution is being designed with that in mind so we can expand easily. CAS servers =========== CAS1.internalfqdn.internal CAS2.internalfqdn.internal CAS3.internalfqdn.internal CAS4.internalfqdn.internal Mail Servers ============ MBX1.internalfqdn.internal MBX2.internalfqdn.internal MBX3.internalfqdn.internal MBX4.internalfqdn.internal HT Servers ========== HT1.internalfqdn.internal HT2.internalfqdn.internal HLB (Hardware Load Balancers) ========================== 2 * HLB ( this is still being discussed no product has been finalised yet ) Virtualisation =========== VMware ESX is the product of choice and all servers will be running virtually and storage will be on a fibre SAN. Queries ====== 1. How many users should we have in one database? 2. How many users should we have overall on one single server? 3. We intend to use the same FQDN name internally and externally on the CAS server URL setting; in spite of our FQDN internally and externally are not the same. Is this recommended or any known gotchas? a. External URL ( mail.externalfqdn.com<http://mail.externalfqdn.com/> ) b. Internal URL ( mail.externalfqdn.com<http://mail.externalfqdn.com/> ) c. We will apply the external URL using the new "Configure External Client Access Domain wizard" and the internal URL's manually using power shell. d. We will also create a new AD zone for our external FQDN and ensure required records point to internal ip address of the HLB ( www / mail / autodiscover / etc.... ) 4. Clarification on the SAN certificate. a. We intend to do SSL Offloading on HLB any gotchas/recommendations? b. If we have a HLB than we only need a single SAN cert correct on the HLB? c. Will the CAS servers need any certificates at all I guess not due to the two points above)? d. Do we need to add any more FQDN's / hostnames in the list mentioned below for the SAN certificate? E.g. server NETBIOS names / internal FQDNS of CAS servers? SAN certificate for CAS servers & DNS records requirements ================================================= mail.externalfqdn.com<http://mail.externalfqdn.com/> = (OWA + ECP + EAS + OAB + EWS ) autodiscover.externalfqdn.com<http://autodiscover.externalfqdn.com/> = Auto Discover internalfqdn.internal autodiscover.internalfqdn.internal ? ? ? 5. DNS A records which will be created are as follows: mail.externalfqdn.com<http://mail.externalfqdn.com/> = (OWA + ECP + EAS + OAB + EWS) autodiscover.externalfqdn.com<http://autodiscover.externalfqdn.com/>= Auto Discover autodiscover.internalfqdn.internal outlook.externalfqdn.com<http://outlook.externalfqdn.com/> = (RPC CAS Array FQDN) 6. All of the DNS records mentioned above will be created and pointed to the HLB ip address? a. Either the external NAT'ed ip address. b. Internal ip address of HLB (VIP) 7. We will implement DAG on a single database only with 3 copies which will hold the most critical mailboxes only. All the rest of the databases will have normal databases without DAG. 8. We are still trying to figure out the best and easiest way to manage outlook settings for different types of users. a. Mobile users who will need access to Outlook when on the move seamlessly. b. Static desktop users who will not need that kind of access so we need to apply outlook settings accordingly. c. To achieve the above is the old fashioned "outlook.prf" the only way or GPO has been enhanced to provide such features. d. What we don't want is the msstd: settings to be applied to users who don't need them and let them connect normally. On the other hand mobile users when in office will use the msstd: settings and automatically resolve to an internal ip address of the HLB (as mentioned in (point 3 (d) above) & once they go out of the office DNS will resolve to external ip add of the firewall which is than NAT'ed to the HLB. Any other things we should consider and have not thought off please feel free to express your thoughts. Thanks Jim --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe exchangelist
