HUB or EDGE

Lehr · Joined: 09 Jan 2008 Posts: 22

We have 3 locations, 3 AD sites, internet connectivity for all users goes
through one internet link in one site.
Is it possible for all inbounf mail flow from the internet to go through one
HUB server? and then that HUB servers forwards mail to other HUB servers
depending on recipient's location of mailbox?

Tnx!

Archived from group: microsoft>public>exchange>design

Bharat Suneja [MVP] · Joined: 05 Aug 2007 Posts: 1043

Yes, and that's the typical implementation (inbound to one location). Some
Orgs like to leverage their multiple points of presence/internet
connectivity and add additional MX records to point to additional locations.
This ensures that in case of internet outage at one site, or a site outage,
the rest of the Org continues to receive/send internet mail.

Deploying an Edge Transort server (or other non-Exchange MTA) to route mail
to/from the intenet is always recommended and certainly more secure, but
many organizations do receive inbound on their Hub Transport servers as
well. Once the message makes it to Exchange, it can determine which
server/Site the recipient is in and routes it to the Hub Transport server(s)
in the destination.
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------

"Lehr" wrote in message @microsoft.com...
> We have 3 locations, 3 AD sites, internet connectivity for all users goes
> through one internet link in one site.
> Is it possible for all inbounf mail flow from the internet to go through
> one
> HUB server? and then that HUB servers forwards mail to other HUB servers
> depending on recipient's location of mailbox?
>
> Tnx!

Lehr · Joined: 09 Jan 2008 Posts: 22

"Bharat Suneja [MVP]" wrote:

> Yes, and that's the typical implementation (inbound to one location). Some
> Orgs like to leverage their multiple points of presence/internet
> connectivity and add additional MX records to point to additional locations.
> This ensures that in case of internet outage at one site, or a site outage,
> the rest of the Org continues to receive/send internet mail.
>
> Deploying an Edge Transort server (or other non-Exchange MTA) to route mail
> to/from the intenet is always recommended and certainly more secure, but
> many organizations do receive inbound on their Hub Transport servers as
> well. Once the message makes it to Exchange, it can determine which
> server/Site the recipient is in and routes it to the Hub Transport server(s)
> in the destination.

Thank you Bharat! Smile

Lehr · Joined: 09 Jan 2008 Posts: 22

"Bharat Suneja [MVP]" wrote:

> Yes, and that's the typical implementation (inbound to one location). Some
> Orgs like to leverage their multiple points of presence/internet
> connectivity and add additional MX records to point to additional locations.
> This ensures that in case of internet outage at one site, or a site outage,
> the rest of the Org continues to receive/send internet mail.
>
> Deploying an Edge Transort server (or other non-Exchange MTA) to route mail
> to/from the intenet is always recommended and certainly more secure, but
> many organizations do receive inbound on their Hub Transport servers as
> well. Once the message makes it to Exchange, it can determine which
> server/Site the recipient is in and routes it to the Hub Transport server(s)
> in the destination.

Just one more dilema..
To provide HA, is it possible to put two HUB's in NLB cluster and inbound
mail flow will be directed to CNAME(IP) of that NLB.
Is it going to work?

Bharat Suneja [MVP] · Joined: 05 Aug 2007 Posts: 1043

Why not use multiple MX records instead?
NLB will work, though.

Deployment Options for Hub Transport Servers
http://technet.microsoft.com/en-us/library/bb124398(EXCHG.80).aspx
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------

"Lehr" wrote in message @microsoft.com...
>
>
> "Bharat Suneja [MVP]" wrote:
>
>> Yes, and that's the typical implementation (inbound to one location).
>> Some
>> Orgs like to leverage their multiple points of presence/internet
>> connectivity and add additional MX records to point to additional
>> locations.
>> This ensures that in case of internet outage at one site, or a site
>> outage,
>> the rest of the Org continues to receive/send internet mail.
>>
>> Deploying an Edge Transort server (or other non-Exchange MTA) to route
>> mail
>> to/from the intenet is always recommended and certainly more secure, but
>> many organizations do receive inbound on their Hub Transport servers as
>> well. Once the message makes it to Exchange, it can determine which
>> server/Site the recipient is in and routes it to the Hub Transport
>> server(s)
>> in the destination.
>
> Just one more dilema..
> To provide HA, is it possible to put two HUB's in NLB cluster and inbound
> mail flow will be directed to CNAME(IP) of that NLB.
> Is it going to work?

Lehr · Joined: 09 Jan 2008 Posts: 22

"Bharat Suneja [MVP]" wrote:

> Why not use multiple MX records instead?
> NLB will work, though.

Hm...but our hub's are located in LAN, and all mail from internet can be
forwarder from firewall to one internal IP located on LAN. So I thought that
NLB would be HA solution.
I don't understand that with multiple MX records. It makes sence when hubs
have internet IP's, right?

Correct me if I'm wrong...

Bharat Suneja [MVP] · Joined: 05 Aug 2007 Posts: 1043

You're right - if you have a single IP address available.... you can use NLB
and publish the NLB IP address.

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------

"Lehr" wrote in message @microsoft.com...
> "Bharat Suneja [MVP]" wrote:
>
>> Why not use multiple MX records instead?
>> NLB will work, though.
>
> Hm...but our hub's are located in LAN, and all mail from internet can be
> forwarder from firewall to one internal IP located on LAN. So I thought
> that
> NLB would be HA solution.
> I don't understand that with multiple MX records. It makes sence when hubs
> have internet IP's, right?
>
> Correct me if I'm wrong...

Bernle Jesper · Joined: 14 Feb 2008 Posts: 2

Hi Bharat!

I was under the impression that High Availabillity for Hub Transport
Servers, HT, is provided by Active Directory and also if Hub Transport and
Client Access Server, CAS, is colocated on the same server and you load
balance CAS you should disable NLB for HT (port 25 - SMTP).

So, you say I can NLB both CAS and HT?

Jesper Bernle | Enterprise Messaging Administrator

"Bharat Suneja [MVP]" wrote in message %23AzbIHA.3812@TK2MSFTNGP04.phx.gbl...
> You're right - if you have a single IP address available.... you can use
> NLB and publish the NLB IP address.
>
> --
> Bharat Suneja
> MVP - Exchange
> www.zenprise.com
> NEW blog location:
> exchangepedia.com/blog
> ----------------------------
>
>
>
> "Lehr" wrote in message
> @microsoft.com...
>> "Bharat Suneja [MVP]" wrote:
>>
>>> Why not use multiple MX records instead?
>>> NLB will work, though.
>>
>> Hm...but our hub's are located in LAN, and all mail from internet can be
>> forwarder from firewall to one internal IP located on LAN. So I thought
>> that
>> NLB would be HA solution.
>> I don't understand that with multiple MX records. It makes sence when
>> hubs
>> have internet IP's, right?
>>
>> Correct me if I'm wrong...
>

Lehr · Joined: 09 Jan 2008 Posts: 22

The way I look...
NLB in this case would be HA option for iternet inbound mail flow when you
have no Edge servers, and all incoming mail is forwarded through firewall to
one local IP...so to provide HA for hubs, NLB is solution

HUB HA for outbound is provided by Active Directory.

right?

"Bernle Jesper" wrote:

> Hi Bharat!
>
> I was under the impression that High Availabillity for Hub Transport
> Servers, HT, is provided by Active Directory and also if Hub Transport and
> Client Access Server, CAS, is colocated on the same server and you load
> balance CAS you should disable NLB for HT (port 25 - SMTP).
>
> So, you say I can NLB both CAS and HT?
>
> Jesper Bernle | Enterprise Messaging Administrator

Bharat Suneja [MVP] · Joined: 05 Aug 2007 Posts: 1043

True - as Lehr stated. You shouldn't use NLB for internal mail delivery -
the doc link I posted earlier covers that. As of SP1 (iirc), you can use NLB
to load-balance mail delivery as you intend to do.

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------

"Lehr" wrote in message @microsoft.com...
> The way I look...
> NLB in this case would be HA option for iternet inbound mail flow when you
> have no Edge servers, and all incoming mail is forwarded through firewall
> to
> one local IP...so to provide HA for hubs, NLB is solution
>
> HUB HA for outbound is provided by Active Directory.
>
> right?
>
> "Bernle Jesper" wrote:
>
>> Hi Bharat!
>>
>> I was under the impression that High Availabillity for Hub Transport
>> Servers, HT, is provided by Active Directory and also if Hub Transport
>> and
>> Client Access Server, CAS, is colocated on the same server and you load
>> balance CAS you should disable NLB for HT (port 25 - SMTP).
>>
>> So, you say I can NLB both CAS and HT?
>>
>> Jesper Bernle | Enterprise Messaging Administrator
>
>

Bernle Jesper · Joined: 14 Feb 2008 Posts: 2

Okay. Good to know. Smile

Jesper Bernle | Enterprise Messaging Administrator

"Bharat Suneja [MVP]" wrote in message @TK2MSFTNGP04.phx.gbl...
> True - as Lehr stated. You shouldn't use NLB for internal mail delivery -
> the doc link I posted earlier covers that. As of SP1 (iirc), you can use
> NLB to load-balance mail delivery as you intend to do.
>
> --
> Bharat Suneja
> MVP - Exchange
> www.zenprise.com
> NEW blog location:
> exchangepedia.com/blog
> ----------------------------
>
>
> "Lehr" wrote in message
> @microsoft.com...
>> The way I look...
>> NLB in this case would be HA option for iternet inbound mail flow when
>> you
>> have no Edge servers, and all incoming mail is forwarded through firewall
>> to
>> one local IP...so to provide HA for hubs, NLB is solution
>>
>> HUB HA for outbound is provided by Active Directory.
>>
>> right?
>>
>> "Bernle Jesper" wrote:
>>
>>> Hi Bharat!
>>>
>>> I was under the impression that High Availabillity for Hub Transport
>>> Servers, HT, is provided by Active Directory and also if Hub Transport
>>> and
>>> Client Access Server, CAS, is colocated on the same server and you load
>>> balance CAS you should disable NLB for HT (port 25 - SMTP).
>>>
>>> So, you say I can NLB both CAS and HT?
>>>
>>> Jesper Bernle | Enterprise Messaging Administrator
>>
>>
>

A Few Questions on Edge Server Design I have built an Exchange 2007 system but I believe I may have to rebuild our Edge server before we can place it into production. It has been a quite a process to learn everything about Exchange 2007 from scratch and I would like to confirm, if I can, tha

Edge Transport or Exchange Hosted Services If a company already uses the Exchange Hosted Services Filtering service is there any additional benefit to be gained by deploying Edge Transport servers when they will not be required for Virus and Spam checking?

Exchange 2007 Edge server in Exchange 2003 Organization I would like to deploy Exchange 2007 EDGE servers in my DMZ for incoming email but my entire organization is running Exchange 2003 in an AD 2003 environment. 1. Can I do this? Will the 2007 EDGE servers work with Exchange 2003? 2. If so (and I go to assu

Edge in Multiple Sites 1 org, 2 sites, with a hub transport server in each site. Is it possible to subcribe each hub transport server to an edge in its own site? Each site would have, and Edge, Hub Transport, CA, and Mailbox Server. MX records configured to provide redundancy

Edge and Hub on one box Everything I have read says that you need to have two separate machines (one in the DMZ and one inside) if you want to add on the edge transport role. I understand that this is the recommended configuration and I understand the security implications but