Front End Server Install
I have a two node active/passive Exchange 2003 cluster (SAN) and I need to install a front end server for this configuration. Currently I have each exchange node configured to handle acitve sync and OMA. I have read about installing a front end server for a new installation but I could not find anything about installation for an existing cluster configuration. My main concern would be about IP addressing and certificates since I have external users that use OWA and Active Sync for their email. Any helpful hints on this would be great. Thanks!!
April 8th, 2009 10:04pm
Configuration steps for Front End and Back-End Server are pretty much the same, regardless of whether it's a new or an existing installation. Make sure that the Front End Server is installed at the same patch levels (OS and Exchange) as your backend server. Another important consideration would be to export the SSL certificate from your backend server (Assuming you have one installed) and install it on the IIS instance on the FE server. If you don't already have a .PFX file with an exportable private key, you will have to export one from the BE server. As far as IP addressing, I'm assuming that you have the HTTP Virtual Server on your Back-end Cluster is responding to a particular IP Address, so that would be the IP address that you would want to allow through your firewall from the DMZ (FE) to the Internal Network (BE) Great checklist from Technet: http://technet.microsoft.com/en-us/library/aa997436(EXCHG.65).aspx A good walkthrough of OMA configuration is from Daniel Petri's blog: http://www.petri.co.il/configure_oma.htm Ook
April 8th, 2009 11:24pm
Yes, I do have SSL certificate on the BE that I will need to put on the FE. Thanks for the info on that.My concern for IP addressing is about the NAT statement I have in the firewall. Right now the outside address routes to the cluster IP so people can OWA and OMA. Will I need to change the NAT statement to point at the new FE?Also, would having a load balanced FE scenario be beneficial? We are like redundancy here.Thanks for the links. I will look at them to get a good idea of how to deploy the FE.
April 9th, 2009 12:06am
Great info,mykul.. 1. I am assuming you have at least 3 segments defined in your firewall. External - Clients connecting over internet DMZ - FE server to be placed here Internal - Back End Server goes here If you are publishing an public DNS host record for external users, then answer is yes: you need to reconfigure NAT to forward inbound client traffic to FE server first. 2. Load balancing is great and you have many options here a. Configure OWA in a NLB environment. This provides load balancing. (More info in the client listing above) b. Deploy an ISA 2006 Server farm and publish client access rules to your FE server(s) If you're into Redundacy, ever considered moving up to Exchange 2007? It's more modular and supports more redundant features.Ook
April 9th, 2009 12:30am
Actually I only have an external firewall that NATs the external address to the internal IP. I don't have any Exchange boxes sitting in my DMZ.I do have an article bookmarked on OWA NLB butI haven't read it yet. I didn't know if it was really practicle or over kill.We have looked into Exchange 2007 but right now our budget doesn't allow for us to spend for the upgrade.
April 9th, 2009 12:36am
Mykul, Microsoft recommends that if you're going to place a FE server in your internal segment, that you deploy an advanced firewall (ie ISA Server) and publish client traffic over the internet through the ISA server into your FE server. Is that an option that you are willing to consider? Check out this link for a couple of diagrams that give you an idea of FE and BE server placement. http://technet.microsoft.com/en-us/library/aa997482(EXCHG.65).aspx Good luck!Ook
April 9th, 2009 3:56am
No, I do not have a server that I can deploy to use for ISA and I don't see how ISA would benefit my situation either.
June 18th, 2009 11:25pm