Exchange Server 2010: Complex Organizations

Email | Print

In a previous post on Exchange Server 2010: Organization and Configuration, we looked at the simple server organization with either a single server, or two servers with one of them hosting both the domain controller and server roles. In this article, we look at the more complex organizations that need more complex setups.

The complex organizations can be Standard, Large, or Complex depending on the size of the company and its IT function.

The Standard Organization

In a standard organization, the location that delivers the e-mail service (SDL) and the location to which e-mail clients link (CSL) to are both within the same Local Area Network, even though these might be on separate servers. Such an organization will also be hosted within a single Active Directory (AD) forest though there might be more than one AD site (subject to a limit of five).

Hosting of the domain controller and server roles are separated with the latter being hosted on member servers. Edge Transport Servers (ETS) will connect to the Internet through a firewall and the ETS will be connected to the Hub Transport Server (HTS) that routes the mail within the organization. The Mailbox, Client Access and Unified Messaging Servers will be distributed on multiple servers as needed, typically in a shared manner.

Large Organization

When the number of AD sites exceeds five, the server organization becomes large. The AD forest can have several domains, with a common root namespace. SDL and CSL might be present at more than one site and might also be on different servers. There is also wider distribution of server roles, with many servers hosting not more than two roles, say CAS and UMS .

Message traffic to and from the Internet occurs only through a single location and is then distributed to all the different sites within the organization, each of which can have its own fully qualified domain name (under a common root domain). Each domain can adopt a security strategy that is best for it.

A single AD forest is preferred wherever possible. However there might be occasions when a multiple AD forest strategy becomes necessary, as when a merged company desires to maintain its own IT infrastructure. The organization becomes complex in such a scenario.

Complex Organization

Multiple AD forests will require synchronization of multiple Exchange Global Address Lists (GALs). Such synchronization is achieved using Microsoft Forefront Identify Manager (FIM). Complex Organization can adopt different models:

  • In one model, the Exchange Server has a dedicated AD forest of its own. In this Exchange Resource Forest, the mailboxes serve only as place holders for the users in the mailboxes of other forests in the organization. Users cannot access these mailboxes directly and must do so through cross-forest trusts from their own particular forests. Mailbox creation can as a rule be done only in the Exchange Resource Forest and control is exercised by it over the other forests. This model is suitable where you have complete control over all the forests.
  • In the other model, the different AD forests are synchronized to work as a single organization without any forest having control over any other. This option might become necessary where the different forests already have Exchange organizations of their own.

The topology of the server organization is thus something that must be selected to suit the entity and can range from a single server model to a huge network of servers and multiple AD forests, with consequent implications for their administration.

Related Posts

Ask This Expert a Question or Leave a Comment




Get New Posts:

Infrastructure White Paper Download