How to Plan Your First Exchange Server – you need to consider following important things to installing a single First Exchange server for first time Exchange administrators.
How to Plan Your First Exchange Server Introduction
Occasionally Microsoft products can be misleading. To install First Exchange Server all you need to do is run the setup program and press Next until the whole thing is over. However, there are a few considerations that should be taken care when setting up the first Exchange server.
You need consider few most important things like IP addresses, naming schemes, Active directory part, hardware , Anti-virus protection and other things. Install your own first setup Exchange server. No issues should not occur if you plan and execute well.
- IP addresses
- Naming schemes
- Active directory (GCS and DNS)
- Anti Virus
Active Directory role in Setup First Exchange Server
First setup Exchange server always depend on Active Directory. It means that users, groups and even the First Exchange server configuration will be stored in Active Directory.
Active Directory is also called a Domain Controller. We can install on a domain controller. For redundancy you should installing two domain controllers, separate from Exchange Server. Domain controllers require a reboot from time to time, so when you have two separate DC, you can do so without interrupting service to clients.
What is Active Directory?
It’s a database just like Exchange. Actually built on the same technology. Some small businesses will start using Active Directory for the first time when they implement First Exchange server. Previously, they had been working in a “Workgroup” where each computer has it’s own security mechanism.
Once Active Directory is installed and setup in order to make way for Exchange, all computers start using a central authentication system. So each time when you login to your Windows you need to enter a username and password stored on AD DC. Active Directory (AD) can also store all information about you. You can setup groups and implement permissions on files, database and objects.
As soon as your First Exchange server is installed. You can add more attributes to AD. Referred to as “Extending the schema”. Exchange attributes can now be assigned to a user such as e-mail addresses, location of a user’s mailbox.
As an admin of First Exchange server you need to always take care of Active Directory. Most of Exchange problems are occurs due to domain controller errors. Exchange uses only domain controllers which are global catalog servers for some functions. You need to make sure all domain controllers are global catalog servers. Otherwise you might find problem with your first DC which is a global catalog server by default can cause Exchange not to service users anymore.
Global Catalog Server – First Exchange Server
By default first DC is your global catalog server. To set more global catalog servers:
- Click Start, click Administrative Tools, and then click Active Directory Sites and Services.
- Double-click Sites, expand Servers, and then select your domain controller.
- Double-click the domain controller to expand the server contents.
- Below the server, an NTDS Settings object is displayed. Right-click the object, and then click Properties.
- On the General tab, make sure that the Global Catalog check box is selected (this is the default setting).
Though a restart is not a requirement anymore with Windows 2003. Reboot of domain controller is recommended here.
Sometimes Exchange information replicates slowly from one domain controller to another so when setting up a mailbox for a user or change a group member you need to wait for replication or you can replicate it yourself.
DNS Server – First Exchange Server
Computers on the Internet (or hosts as they are called) use DNS servers to locate servers. If you want to locate www.hitnfind.com to browse website. It will approach your Internet provider’s DNS server and it will search for this server by either using its cache or by querying a root server for the “com” domains list. From there to the server responsible for the “hitnfind.com” domain which hosts the “www” server, or several servers that answer collectively as “www”.
Microsoft decided to use this technology with Active Directory. In an Active Directory domain clients will have to use local DNS servers instead of the ISP servers to resolve local server names. Active Directory also hosts special records called “SRV records” for finding various services such as Global Catalog servers.
You need to setup an Active Directory-integrated DNS and have clients DNS list point to the first, then the second domain controller, and then perhaps as a last resort, the ISP DNS. This means that a failure of a single domain controller will still allow you to use Exchange services, and a failure of two domain controllers will allow you to browse the Internet.
A domain controller should have a DNS client list as follows: Itself, the other domain controller and the ISP DNS.
You can have a separate Internet domain (hitnfind.com) and an internal one (hitnfind.local). This is actually the recommended configuration as it simplifies name resolution issues when you have some servers, such as your web server hosted outside your internal network. Make sure that your internal domain name is not one that is used on the Internet. Every few years new domain suffixes are added (.biz, for example), so using “[domain name].local” is considered a safe bet for a local Active Directory domain name.
IP Addressing – First Exchange Server
At this point you should decide on an IP addressing scheme. Most businesses these days use a separate internal and external IP addressing. The Internet provider assigns you an external, public Internet IP address. Internally, however, you will use one the private IP schemes.
The most common internal IP range for small companies is 192.168.0.0/16. You can use subnet mask 255.255.255.0 if you require less than 254 IP addresses or 255.255.0.0 if you need more in a single network. All these IP addresses will be translated on the Internet to one IP address, the one assigned to you by your Internet provider.
You should assign a range for servers, for example, 192.168.0.0-192.168.0.10 that will not be used by DHCP (which automatically assigns IP Addresses) or by manually assigned workstations.
You might require one more public IP address to represent your Exchange server on the Internet. The router or Firewall (shown below) will translate your public IP address to the internal one and forward communications from the internet to your Exchange server.
Alternatively you can have your router or Firewall redirect all incoming mail traffic (port 25) and possibly Outlook Web Access traffic (port 443) to your internal Exchange server. This means that the Internet DNS servers will point you to the router IP address and it will forward all relevant queries to the internal Exchange server which will no longer require an external IP address.
A typical Exchange server with no port re-direction implemented will answer to an internal IP address (such as 192.168.0.2) and externally to a valid Internet IP address (such as 188.8.131.52).
Some organizations might choose to implement a “mail relay” which accepts incoming mail and scans it for viruses, spam, etc. This server will also face all kinds of Internet attacks. This is a very good option for medium to large organizations but for small offices I would recommend using a good Firewall to fend Internet attacks, perhaps even weed out viruses and spam and not install a separate server.
In case you do implement a mail relay, Exchange will still need a public IP address if you intend to publish Outlook Web Access on the Internet, unless you implement an Exchange front-end server which answers HTTPS calls and forwards them to your internal Exchange server.
Again, for small organizations, implementing a front-end server could be a waste of money and time that could otherwise be invested in other solutions that can improve your security such as a better Firewall.
Naming – Plan your First Exchange Server
Externally, you can call your mail server whatever you like, though “mail” is quite common. The internal name does not need to have any resemblance to the external one. The external name, after all is resolved by Internet DNS servers and the internal one is resolved by the internal DNS servers.
Some “security experts” recommend a vague name for your Exchange server such as a color (“Red”), a planet (“Venus”) or a complex name (“b2xxxrl3”). This supposedly meant to disguise the true nature of your server so that attackers will not find right away that your server is a domain controller or an Exchange server. However, most hackers and even viruses or Trojan horses will typically scan your machine for ports rather than look at its name.
My recommendation is to keep names simple and obvious. Remember that that you will need to configure a few Outlook servers and enter you Exchange name a few hundred times during your Exchange admin career. Worse, sometimes users will need to enter their own configurations, so the simpler the better. Names like “Exchange”, “Mail”, “DC1” and “DC2” are preferred.
Hardware – Plan your First Exchange Server
Exchange 2003 basically requires a server with at least 512MB though 1GB or more is recommended.
CPU is always an issue, but most servers and even workstations have enough CPU horsepower for Exchange if you’re not loading your server with anything else that is CPU intensive. Exchange supports hyperthreading feature available with Pentium 4 and other CPUs. If you need more CPU power you can use Intel Xeon which can offer you more cache and multiple CPU support.
Today, 64-Bit support is available in some CPUs but is Not supported by Exchange 2003 and will only be available with the next version of Exchange, E12.
Disk configuration is a complex issue and is covered in my article:
You can choose either SATA disks for lower end Exchange servers or SCSI disks if you can afford it. SATA disks can give you more disk space for less money but are generally slower though by far better than ATA (IDE) disks. You will need some form of disk redundancy (RAID) so disk failure will not bring you down. Hardware based RAID is recommended in most cases.
When planning for disk space it is best to leave room for a bit more than double the disk space expected for the Exchange databases. 32GB or more for the Exchange database partition is recommended for Exchange Standard edition.
Backup, Viruses, SPAM – Plan your First Exchange Server
You cannot have an Exchange server without some extra components that you might need to purchase separately. Windows 2003 has its own backup utility that can backup Exchange 2003 and IMF can be freely installed on Exchange 2003 to prevent junk e-mail (SPAM) but you will definitely need to purchase some sort of an Exchange-specific anti-virus even if you have some sort of perimeter level anti-virus protection, because some viruses might come from within.
Make sure that your Exchange server is backed up daily and that your backup tapes are placed in a fireproof safe. You should also buy new tapes on a regular basis so that your tapes are not worn to a degree that makes them unusable.
IMF is not the most advanced junk e-mail filter though it is going to be improved in upcoming service packs and Exchange versions. You can buy a commercial product but make sure that it lets users manage their own filtering options so users don’t have to turn to you every time an e-mail is quarantined because your junk e-mail filter found it to be suspect.
A solid anti-virus package doesn’t hog your CPU and allows you to filter file types by extension which is typically less CPU intensive than going over virus signatures for every attachment. It should be updated on a daily basis or more since virus outbreaks can sometimes be violent and quick. Some anti-virus packages now have a way to determine whether an e-mail item contains an unknown virus.
Its very hard to test an antivirus for Exchange. So you can ask around or search Internet for recommendations before installing antivirus.
Conclusion of Plan Your First Exchange Server
In this article is just a start when it comes to the different aspects of Exchange.
In this post we came to know about planning for an implementation of a single Exchange server is not that difficult. You just need to separate fact from myth and understand the basic architecture.