Re: Exchange 2000 configuration question

From: Stoodley, Matthew C. (matthew.c.stoodley@accenture.com)
Date: 10/12/01 

Subject: Re: Exchange 2000 configuration question
Date: Fri, 12 Oct 2001 13:34:19 -0500
Message-ID: <C6218117BA07314F8BEB1DBC29B59C2904C419@NBRXM1100.dir.svc.accenture.com>
From: "Stoodley, Matthew C." <matthew.c.stoodley@accenture.com>
To: <focus-ms@securityfocus.com>

With only two servers you should run the Active Directory and Exchange
2000 on one server and the Exchange Front-end Server(OWA) on the other.
This was you can keep your AD and Exchange Stores on a machine that is
not connected directly to the Internet. For OWA however to work the
Exchange Front-end server needs to be part of the AD. You have really
have two options here: 1)Place the Exchange Front-End server in your
internal network and open ports to it, this is a bad idea. 2) Place the
Exchange Front-End server in a DMZ and then open the ports needed back
to your AD/Exchange Server, this is outlined in Microsoft Q article
Q280132.

With only two servers you are going to run into issues with patching
boxes and taking down more than one service. Even with three servers
you will have issues if you need to reboot the AD server, without it
being up users will not be able to use Exchange, they will have no way
to login or send mail. I think that to do this right you would need 4
boxes, 2 AD servers, 1 Exchange Mailbox server, 1 Exchange Front-End
server. This way you can take down one AD server and still keep
Exchange up and running, also Exchange and the AD are seperated which
will help performance. Exchange 2000 uses the AD for all authentication
and addressing.

Accenture
Data Center Services
Email and Collaboration
Matthew C. Stoodley
Phone - (847)714-3350
Fax - (847)326-3350
Octel - 71/43350

 -----Original Message-----
From: "Eric Johansen" <eric.johansen@reliastar.com>@ACCENTURE On
Behalf Of "Eric Johansen" <eric.johansen@reliastar.com>
Sent: Friday, October 12, 2001 10:18 AM
To: focus-ms@securityfocus.com
Cc: Eric Johansen
Subject: Exchange 2000 configuration question

Hello.

I have a dilemma - we're on a tight budget so I've only been allocated
two
machines (albeit beefy ones) to set up Exchange 2000 with Outlook Web
Access
(OWA) for 2000 users (although they will be light email users).

System Specs:
Box 1 - Dual PIII 933, >1GB RAM, >70GB mirrored Ultra3 10K RPM
storage
Box 2 - Dual PIII 733, >1GB RAM, >70GB mirrored Ultra3 10K RPM
storage
Ghetto 1 - Single PIII 700, 512MB RAM, 10GB IDE storage (non-mirrored)
[basically a workstation] *
* this machine may or may not be available, for sanity's sake I am
planning
for the worst - it isn't available, but I would like to consider my
options
just in case it is, indeed, available for use on this project

We do not have an existing Active Directory configuration so I've also
got
to figure out the safest in terms of security and availability a way to
initiate AD, deploy OWA, and run Exchange 2000 within the two machines.

I've been given a possible option that I can get a "ghetto box" (i.e. a
workstation type machine - 700MHz and about 512MB of memory with IDE
hard
drive(s)). In this case I may opt for the OWA or the Active Directory
portion on this machine.

Main problems are:
1) A patch is released for one of the products above, whatever other
products are also residing on the box will suffer downtime (or worse,
incompatibilities and data loss) as well.
2) Security - obviously running Active Directory on an Internet-facing
machine is not a good idea, same goes for running IIS 5.0 on any machine
;)
3) Performance - what combinations will cause the best/worst
performance?

I will be hardening the machines and their software as much as possible
according to Best Practices and the machines will also be completely
firewalled except for necessary Internet services (port 80,443 and port
25).

Any help on or off the list is appreciated greatly! Thanks for reading!
:)

Regards,
Eric Johansen
eric.johansen@reliastar.com

Relevant Pages

  • Re: Connection to a SAMBA Active Directory
    ... Keep in mind that you're trying to setup a NT4 style trust ... if you setup the Exchange as a resource forest model, ... domain and the Exchange server in another domain will work. ... I am able to define a 2 way Realm trust using the Active Directory ...
    (microsoft.public.exchange.connectivity)
  • Re: Connection to a SAMBA Active Directory
    ... domain and the Exchange server in another domain will work. ... I am able to define a 2 way Realm trust using the Active Directory ... There is a bit of confusing on the SAMBA side. ...
    (microsoft.public.exchange.connectivity)
  • Re: Exchange Disaster Recovery Server
    ... The backup server is setup also in the lab so I ... >>> The Microsoft Exchange Server computer is not available. ... >>> Microsoft Exchange Server Information Store ...
    (microsoft.public.exchange2000.admin)
  • Re: Home Network Dilemma
    ... You must understand Active Directory first, in order to implement Exchange. ... Matter of fact, Exchange must alter Active Directory prior to installation, to accomodate the changes. ... On top of that, an understanding of DNS is required, because AD will not work if DNS is not implemented properly for its internal use only, and on top of that, an understanding of DNS on the internet is required in order to manipulate public records so others in the world can 'find' your mail server on your network. ...
    (microsoft.public.windows.server.networking)
  • Re: Configuration / Protocols Missing
    ... and I removed the E55 server. ... the ADCConfigCheck deployment tool (Check Exchange ... The tool searches Active Directory by ... >> its endpoints are the Site Replication Service and a global catalog ...
    (microsoft.public.exchange.setup)
Quantcast