Hello, I just migrated from Novell Netware to Microsoft Windows Server 2008 R2. Now I'm working on Exchange 2010 switch over from GroupWise. Infrastructure: 1. Two Sites A & B connected via Full T1. 2. Internet Access from Site A ONLY. Site B access internet from Site A. Router at Site B has been configured for Public network. 3. IP network are: Private : 192.168.XXX.XXX and 172.20.XXX.XXX. Public: 66.xxx.xxx.xxx (subnetted for Site A and Site B). 4. Servers: SiteA & SiteB (same config - server numbering would be incremental accordingly) 1 Physical box as DC1 1 Physical box with Three VMs - F/P, DC2, DHCP 2 Physical boxes with Two VMs each - MB1, CAS-HUB1 & MB2, CAS-HUB2 5. Single Domain & forest. Domain name: mycomp.loc. Sites have been configured. 6. Firewall is in Drop-In Mode meaning no DMZ setup. 7. CAS/HUB 1 & 2 is NLB'ed in Site A. CAS/HUB 3 & 4 is NLB'ed in Site B. 8. MB 1, 2, 3 & 4 are part of DAG with database across sites. Questions: a. Where do I setup Public IP (in CAS Array?) for Outlook and Outlook Web App to access remotely? How do this effect internal access? How many NIC do I need? Right now I have configured two nics - one for Internal and other for NLB.I'm assuming I need b. How to setup for a fail-over from CAS Array on Site A to Site B and vice-vera. c. How to configure HUB HA and fail-over between sites. d. What about Outlook Mobile configuration? Thanks Kris

a). Why even have a public IP on the servers? Just terminate at your perimeter device and port forward. All you're going to forward is tcp 25 and 443. b). If you assume you're planning for MBX failure in site 1 you may as well plan for using the CAS in site 2 when the MBX are live in site 2. All you'd need is two certificates, one geared for site 1 and one for site 2. You'd have some firewall changes to do to point the external IP at the CAS in site 2. There are any number of other ways of doing this and depending on whoever sells you the certificate you might only use one across every service and site. You could do some research based on what you know about your environment. NLB is there for you within the site. c). HT will generally be looking after themselves in terms of load balancing internally. Again, you can load balance the Internet inbound in any way you choose depending on your internal site topology. You're already doing NLB so you're in decent shape there. d). What about it? You publish a URL and configure your devices. Don't deviate from that URL. Any failover you have to do within the environment will be transparent to them. Other things to consider are what your plans are for Internet failure. Are you planning all this around data centre failure and don't care so much about external issues, vice versa or both? Then there's virtualization. What's your SAN? Can't you do array based replication? Physical boxes for one of the DCs, what's the point? You're not gaining anything from it. "Mr.Kris" wrote in message news:5e268faa-256f-459a-b555-dd97975595f8... Hello, I just migrated from Novell Netware to Microsoft Windows Server 2008 R2. Now I'm working on Exchange 2010 switch over from GroupWise. Infrastructure: 1. Two Sites A & B connected via Full T1. 2. Internet Access from Site A ONLY. Site B access internet from Site A. Router at Site B has been configured for Public network. 3. IP network are: Private : 192.168.XXX.XXX and 172.20.XXX.XXX. Public: 66.xxx.xxx.xxx (subnetted for Site A and Site B). 4. Servers: SiteA & SiteB (same config - server numbering would be incremental accordingly) 1 Physical box as DC1 1 Physical box with Three VMs - F/P, DC2, DHCP 2 Physical boxes with Two VMs each - MB1, CAS-HUB1 & MB2, CAS-HUB2 5. Single Domain & forest. Domain name: mycomp.loc. Sites have been configured. 6. Firewall is in Drop-In Mode meaning no DMZ setup. 7. CAS/HUB 1 & 2 is NLB'ed in Site A. CAS/HUB 3 & 4 is NLB'ed in Site B. 8. MB 1, 2, 3 & 4 are part of DAG with database across sites. Questions: a. Where do I setup Public IP (in CAS Array?) for Outlook and Outlook Web App to access remotely? How do this effect internal access? How many NIC do I need? Right now I have configured two nics - one for Internal and other for NLB.I'm assuming I need b. How to setup for a fail-over from CAS Array on Site A to Site B and vice-vera. c. How to configure HUB HA and fail-over between sites. d. What about Outlook Mobile configuration? Thanks Kris Mark Arnold, Exchange MVP.

Mark, Thank you for responding to my post. a. forwarding to both subnets 192 and 172? b. Yes, as mentioned in my first post, CAS-HUB is installed in both Sites with two servers in each site. Question is how to configure fail-over between sites? As a start can I work with Self assigned Certificate? c. OK but configuration wise I just add server names? d. external url will be set in CAS Array? Thanks

Hi, a. If you have public Ip address on router or firewall, then you do not need to add public IP address to Exchange Server, we just try to map 25 and 443 port to Exchange Server. As we do not recommned to let the exchange server face to internet directly. b. With CAS-Hub. If one CAS is internet-faced, then when it get request, it can proxy to CAS in non-internet faced site. Understanding Proxying and Redirection http://technet.microsoft.com/en-us/library/bb310763.aspx For certificate, if it is a non-internet faced CAS server, then we can use Self-signed certificate. For internet faced CAS, I recommend you have a certificate from 3rd CA. Regards, Xiu