Client Connectivity Performance Testing on Production Exchange 2007 Server
I have an Exchange server that has been in production for several months now, running great.I scaled the server for 450 users mostlylight to moderate email load. I was now told we are going to be taking over another organization in a few monthswith 1000 users with heavier mail flow requirements. I am planning on putting these 1000 users on the same server as the 450 users and just increase RAM. However, I wanted to test client connectivity performance but the server is in production and I know it is probably not good to test this in production. I wanted to use LoadGen or another tool. Any ideas on how to test performance for these new 1000 users? I have been doing number crunching with some TechNet documents and it seems like the server I have will handle it fine. I am running a BL 460C G5 blade with 10GB or RAM connected to and HP EVA 4400 San.
August 22nd, 2009 12:06am

The problem with testing on a production box is: the whole point of testing is to find the break point. And this means when you "find" it, you'll affect production services. Loadgen is the tool to use here, but ideally you test this on parallel hardware, not the production box. The other idea is to NOT test it and to use the data thats out there from other's tests to determine what you'll need. The Exchange storage calculator can help here and so can the System Center Capacity Planner. Before I offer ballpark guidance, I want to clarify: You have 450 users all on one server, or do you have Hub Transport and Client Access roles elsewhere? Mike Crowley A+, Network+, Security+, MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator Do you still have Exchange 2000? Looking to upgrade to Exchange 2010? Read how.
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2009 1:52am

Hi Mike,Thanks for the kind response. I have all 450 users on this Exchange 2007 server with all roles on the same box. I am considering to at least take the CAS role and move it to a seperate server and keep the Hub and Mailbox roles on the same server. All the calculations I have been doing show that all the roles will scale fine on one server but I don't think I will go that route. I like the Exchange calculator. HP also has one as well for Exchange.Alex
August 22nd, 2009 6:47am

I have also seen other calculators, but the Microsoft excel based one is the most up to date. You may also consider combining the Client Access and Hub Transport on one box. I think this would be a more common approach, rather than combining HT and MB. Mike Crowley A+, Network+, Security+, MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator Do you still have Exchange 2000? Looking to upgrade to Exchange 2010? Read how.
Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2009 7:09am

I was going to put our CA server on a box in the DMZ since the majority of our clients(1000 users)will be sitting outside our domain. I assume putting the HT with the CA in the DMZ would not be a good thing?
August 25th, 2009 12:03am

It is not supported to have the ClientAccess Serverin a DMZ. For this, use ISA. Supporting documentation: http://blogs.msdn.com/brad_hughes/archive/2008/05/05/how-not-to-deploy-client-access-servers.aspx Excerpt: Deploy your Client Access Servers in a DMZ or Perimeter network, but "pretend" it's not a DMZ We've seen customers again and again try and skirt our support stance on this. Just in case you didn't know: Planning for Client Access Servers: http://technet.microsoft.com/en-us/library/bb232184(EXCHG.80).aspx Installation of a Client Access server in a perimeter network is not supported. The Client Access server must be a member of an Active Directory directory service domain, and the Client Access server machine account must be a member of the Exchange Servers Active Directory security group. This security group has read and write access to all Exchange servers within your organization. Communications between the Client Access server and the Mailbox servers within the organization occurs over RPC. It is because of these requirements that installing a Client Access server in a perimeter network is not supported. Don't pretend your DMZ/Perimeter network isn't a DMZ/Perimeter network! We've had numerous customers who want to argue about what is and is not a Perimeter network. What was meant in the original documentation by Perimeter network is any network that does not have unrestricted access to every Domain Controller and Exchange Server in the Organization. We've had customer who have called it a "pocket-DMZ" meaning that it's not their main DMZ where there web servers are. This DMZ sits off their internal network in a separate "pocket" where access to and from the internal network is restricted. This is still a Perimeter network and falls into the above support policy. If your CAS is NOT on your internal network, it's probably safe to assume that it's in a DMZ and likely not supported. Not supported, means not supported! If you call into PSS and the support engineer you are working with finds that your Client Access Server is in a restricted or perimeter network, you are deemed unsupported. This does not mean that the PSS engineer hangs up the phone and says too bad right off the bat. What this does mean is that the Engineer will gather logs and attempt to better understand your issue. If at any point during troubleshooting, the PSS Engineer feels your issue may be caused or complicated by the Client Access Server being in the perimeter, the engineer may request that troubleshooting be suspended and that the Client Access Server in question be moved into the internal network before further troubleshooting. If the customer is not willing to do this, then the customer is at that point unsupported by Microsoft PSS. Mike Crowley A+, Network+, Security+, MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging AdministratorDo you still have Exchange 2000? Looking to upgrade to Exchange 2010? Read how.
Free Windows Admin Tool Kit Click here and download it now
August 28th, 2009 10:31pm

Thanks Mike. My servers on the DMZ have access to the internal network(where my domain controllers are) through a PIX firewall. The necessary ports are open to get these machines to talk internally. The CAS still would not be a candidate in the DMZ even if it is a member of the domain?Thanks,Alex
August 31st, 2009 4:44am

CAS *MUST* be a member of a domain. Only Edge can be standalone. and ISA of course.I'm not saying it wont work (putting CAS in DMZ)- just that its not supported.Also be careful with cisco firewalls and exchange. they do "something" to smtp by default. telnet to a server on port 25 through one and if you geta banner with helo instead of ehlo and get a bunch of ***** you have a problem. I think its called smtp fixup. Mike Crowley A+, Network+, Security+, MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging AdministratorDo you still have Exchange 2000? Looking to upgrade to Exchange 2010? Read how.
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2009 6:57am

I'm not sure if the smtp fix up would apply to me in my case since I have a email appliance on my dmz that accepts all inbound mail and then passes it off to my hub transport role which is internal.
September 8th, 2009 6:54am

Agreed. Just making sure you dont have fixup between exchange servers. Mike Crowley A+, Network+, Security+, MCT, MCSE, MCTS, MCITP: Enterprise Administrator / Messaging Administrator
Free Windows Admin Tool Kit Click here and download it now
September 9th, 2009 3:47pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics