We are having too much Exchange network traffic going between our 2010 CAS at a remote data center and our local workstations, so we would like to have an internal CAS when we migrate to 2013.  We would like internal email to be able to flow without sending any traffic out across the WAN.

Current Layout:

Local office: single exch2010 server with mailbox and hub transport.  domain controllers and dns servers are also in local office

Remote data center: single exch2010 server with only CA role (uses domain controller/dns in local office)

Is it possible to migrate that old layout above to this new plan below?

local office: single exchange 2013 server with CAS and mailbox role

data center: 2 multi role Exchange 2013 servers with CAS, mailbox and hub transport behind a load balancer. Plus local domain controller and dns server to be  installed in data center.

We would like to have a 3 member DAG with one DAG member in our local office and the other 2 in the data center.

We would like our desktop PCs to use the internal CAS and mailbox server and remote users to use the servers in the data center so that we can greatly cut our local office LAN network i traffic related to  internal emails and only send traffic out to the data center when sending/receiving mail from external users.

Does anyone have suggestions on how to accomplish this?

Hi MyGposts,

Thank you for your question.

In new layout, when the user login window, it will authenticate though remote database center, it still has too much network traffic.

By my understanding, in order to reduce network traffic between local and remote. I suggest we deploy the following layout:

Local:  Domain Controller, DNS,  Exchange 2013

Remote: Domain Controller, DNS, CA, two Exchange 2013s

In this layout, when the user login on, it will authenticate in itself domain controller instead of cross site.

If there are any questions regarding this issue, please be free to let me know. 

Best Regard,

Jim

• Edited by jim-xu 4 hours 52 minutes ago

Hi MyGposts,

Thank you for your question.

In new layout, when the user login window, it will authenticate though remote database center, it still has too much network traffic.

By my understanding, in order to reduce network traffic between local and remote. I suggest we deploy the following layout:

Local:  Domain Controller, DNS,  Exchange 2013

Remote: Domain Controller, DNS, CA, two Exchange 2013s

In this layout, when the user login on, it will authenticate in itself domain controller instead of cross site.

If there are any questions regarding this issue, please be free to let me know. 

Best Regard,

Jim

• Edited by jim-xu Monday, February 16, 2015 6:57 AM
• Marked as answer by MyGposts 7 hours 24 minutes ago

I forgot to include that we would still have our existing domain controllers and dns in the local office.

All of the servers are virtualized on Hyper-V.

Since we expect the most email activity to be coming from our office rather than remote users, would it make more sense to reverse the layout and have the 2 multi-role cas/mailbox servers and dc/dns in the local office and only a single cas/mailbox server VM with a dc/dns server VM in the data center?

Since this new DAG is going to have some DAG members in our office and other other part of the DAG in the remote data center, I am concerned that there is still going to be lots Exchange traffic between our office and the data center for DAG replication.  I assume we will have less WAN traffic if there is only one DAG member remote.  How does DAG replication volume compare to traffic generated from actual email?  Is is the same?

We are going to have some amount of email traffic between sites no matter what because our smarthost/anti-spam device is located in the remote data center. 

Currently: Mail from Internet >>>  antispam in data center >>> 2010 CAS in data center >>>2010 mailbox server and hub transport in local office >>> back to antispam smarthost in data canter for outgoing mail to Internet.  Outlook traffic also has to go back to data center for any CAS related actions (each authentication, calendar free/busy lookup, EAS activity, OAB, internal OWA use etc.)

New: Mail from Internet >>> antispam in datacenter (with 2013 CAS (for remote Outlook Anywhere users, VPN users) + mailbox DAG member) >>>multi-role 2013 CAS (for internal users)\Mailbox server  in local office (on Hyper-V cluster) >>> only sends email-related traffic back to data center to send mail out to external domains through smarthost and for the DAG replication.

If we put two of the three 2013 CAS/Exchange server VMs in our office, would we also need to have a load balancer in our local office to manage the internal CAS access?

Also, with the DAG spread between the local office and the remote data center, wouldn't some active copies of the database have to be hosted on the DAG member in the datacenter or can we keep all the active copies in the office and only passive copies in the datacenter with a 3 member DAG hosting 5 databases plus public folders?

• Edited by MyGposts 18 hours 57 minutes ago

All DAG replication initiates from the active copy. If you have one copy in the 2nd site, you get 1 log files worth of transactions across the wire. If you have 2 passive copies in the 2nd site, you'll have double the load needed. Currently there is no way to throttle DAG replication network.

No active copies are required in the 2nd site. Many customers have their 2nd site as 100% passive.

LB's are recommend for all CAS traffic as DNS RR is not intelligent, but is available.

DAG replication is mostly mail content, but also includes all transactions: calendar events, notes, contacts, etc.

Mike

Ok, so it sounds like to minimize WAN traffic and still have some site redundancy, with only servers, all servers should be multirole with only one of them in the remote data center.