A simplest exchange organization having all the roles deployed on separate physical servers will look like above. Above diagram describes the placement of ET role specifically. To be very precise this role does not require any kind of interaction with Active Directory for operations. It communicates directly to the HT Server role in your Exchange organization. Another major drastic change in the architecture is the Client Access Server (CAS) Role which has replaced the Exchange Front End concept does not sit in DMZ anymore. It can be installed within the enterprise network now. That eliminates the need to open the ports used by Active Directory services on any of the firewalls. That explains the reduced surface attack concept. “Lesser the number of ports open on firewall, lesser is the chance of attacks.” If the above is the network diagram of your Exchange organization what all you need on your device firewalls is just few well known ports open and that’s it. Ports for services like SMTP, SSL, HTTP on the internet facing device and few ports for the services like HTTP, EdgeSync (50636), DNS,RPC, etc on your internal firewall would do work for you fine.
In the recent post I have already described what each of these Server roles does in the Exchange organization. A step ahead the next phase is to understand the installation part. I will divide this part into following different stages instead of just saying “Installation”. There are few prerequisites those need to be installed on the Server you will be installing exchange Server roles. Few of these software prerequisites are role dependant as well. So my understanding of installation phase is if I want to proceed with installation of Exchange Server roles on separate servers I will classify the installation pre considerations as below:
- Requirements on Active Directory servers and DNS servers.
- Operating system.
- Permission required for deployment.
Requirements of Active Directory servers and DNS servers:
- Must have at least one Global Catalog Server in each Active Directory site where exchange Server roles will be installed.
- For the optimal performance on GC related queries and outlook client the standard ratio of 4:1 should always be maintained. (For 1 Core CPU of an Exchange box there should be 4 cores or 1X4 Global Catalogs must be available. This ratio plays a very important role in large environments like 20000 mailboxes and above.)
- The Active Directory Schema Master should have Windows Server 2003 SP1 applied at least.
- The Active Directory Domain Functional Level (DFL) should be Windows 2000 Server native or higher. This condition also applies to the Active Directory domains or forests hosting exchange recipients also.
- If you already have an Exchange Server 2003 organization in your AD forest it should be running in Native Mode.
- Domain Name System (DNS) is configured correctly in your Active Directory forest.
- During the primary steps of installation exchange Server setup tries to contact the schema master role in Active Directory so it must be reachable from the computer you are running Exchange Server forest preparation and domain preparation.
- Use of x64 bit Active Directory servers. This provides the flexibility to install and support more than 1 GB RAM over the 32 bit Active Directory servers.
Choosing a correct hardware is always a trouble; it is always followed by your company policies, budget and other hell and unfortunately there is a twist in the entire setup architecture this time though its good and is more powerful the 32 bit operating systems. What has been changed is the use of x64 bit architecture based hardware as well the operating system strictly, though exchange Server 2007 is also available in 32 bit version from Microsoft website but it is not supported at all. It’s for your labs and evaluation. Below are the minimum recommendations for choosing a right hardware for your servers.
- x64 architecture based processor that supports Intel EM64T.
- 2 GB of RAM (Minimum Recommended). As per few articles written by experts there having 2 GB plus 10 MB per mailbox of RAM is good.
- At least 2.5 GB of disk space on available on the partition where the exchange Server binaries will be installed.
Bifurcating disk partitions according to
- System partition
- Partition that stores Exchange binaries
- Partitions containing storage group file, including transaction log files
- Partitions containing database files
- Partitions containing other Exchange files; is good from performance perspective.
No talk is required on this topic! It should be Windows Server 2003 with Service Pack 1 (SP1) or Windows Server 2003 R2, Standard or Enterprise editions else, Windows Server 2003 x64 or Windows Server 2003 x64 R2, Standard or Enterprise editions.
As I stated earlier in this post there are some Server role specific requirements as well as the requirements which are compulsory for all the Server roles. To install any of the Exchange Server roles on Windows Server 2003 based Server you need at least following set of software installed on that Server. Following requirements does not apply for a Windows Server 2008 Server as there are many things pre-included into Windows Server 2008 SP1 such as .NET framework, MSXML log parser, MMC 3.0 and the very important Powershell 1.0
- Microsoft .NET Framework 2.0
- Microsoft .NET Framework hotfix 926776
- Windows PowerShell™ 1.0
- Microsoft Management Console (MMC) 3.0
- For 64-bit systems, hotfix 918980
Minimum software requirements per Server role are as follows (An Exchange Server should have all of the above components installed. Below are the Server specific);
Mailbox Server Role
- Network COM+ Access
- WWW Service.
CAS Server Role
- WWW Service.
- RPC over HTTP Windows networking component.
- ASP.NET 2.0
UM Sever Role
- MS Speech service. Exchange Server setup installs it automatically though not installed prior.
- Windows Media Encoder.
- MSXML 6.0
HT Server Role
All of the required and common components but SMTP and NNTP cannot be installed on the Server running this Server role.
Edge Transport Server Role
- Active Directory Application Mode (ADAM)
- Edge Transport servers must have a Domain Name System (DNS) suffix configured, and you must be able to perform name resolution from an Edge Transport server to any Hub Transport servers.
The user account that you use to install Exchange Server 2007 must meet certain permission requirements. Make sure that you are logged on by using an account that has the following group memberships:
- If you’re installing the first server in the
forest AND you haven’t run /PrepareSchema, then Schema Administrator and Enterprise Administrator group memberships are required.
- If you’re installing the first server in the forest and you have run /PrepareSchema, but /PrepareAD has not been run, Enterprise Administrator group memberships are required.
- If you’re installing the first server in the forest and /PrepareSchema and /PrepareAD have been run, then Local Administrator group membership is required as well as the Exchange Organization Administrator role.