 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Exchange Server / Design / July 2006Does a MS Ech2K3 Server need a GC on the same LAN?
I am planning to use MS Echange 2003 Entreprise Edition in our Windows 2003 Domain. The thing is I have 2 offices, the 1st one in Tokyo and the 2nd one in the north of Japan. For security-reasons, I cannot put a DC in the 2nd office so I decided to put 2 DCs in Tokyo office for redunduncy purposes. BUT let's say I put a Mailbox Server (MS Ech 2K3) in the 2nd office (that is on a LAN where there is no GC locally). Will MS Ech 2003 work properly even the only GC available is on a remote LAN? "Properly" and "Well" are two different things. The latency in most WAN links would manifest itself exponentially if you went with that design - most likely. If there's a need to put a mail server there, there's a need to put it's directory there as well. Exchange relies heavily on the GC for it's directory services and you do not want to separate the two like that if you can help else performance would suffer horribly in most cases. Have you considered using RPC/HTTP for the non-Tokyo users? >I am planning to use MS Echange 2003 Entreprise Edition in our Windows 2003 > Domain. [quoted text clipped - 8 lines] > Will MS Ech 2003 work properly even the only GC available is on a remote > LAN? First thanks for your answerAl! I forgot to say that we will more likely use Outlook 2003 Cache Mode on the Client Side so that GAL-related load coming from users will be gone. 1) Despite this, will still MS Ech2K3 (the Mailbox server) not be working well? I admit that the MAibox Server may take more time to transfer e-mails since it needs GC/DC info to transfer properly e-mails, but except that what could be the problems? 2) The reason why I was thinking of putting a Mailbox Server in the North of Japan is to avoid the bottleneck issue that would arise when all the users would open their Outlook 2003 and connect to their Mailbox Server. Because in Japan all users arrive at the same time in the morning, which means everybody access their Mailbox at the same time. Moreover, those users ususally receive huge e-mails like 12MB e-mails during the night. Therefore even if using OUtlook 2003 CAche Mode, the first time all the users start their Outlook, their will be a latency and a long time before they start receiving their new e-mail in case the Mailbox server was not in local. And even if using HTTP over RPC, that would be the same problem since anyway they would have to dowload their big e-mails all together in the morning which would also create a bottleneck effect! Tell me what you think! Thanks in advance. > "Properly" and "Well" are two different things. > The latency in most WAN links would manifest itself exponentially if you [quoted text clipped - 19 lines] > > Will MS Ech 2003 work properly even the only GC available is on a remote > > LAN? The mailbox server would perform slowly without a local GC in most cases. Cached mode can help, but the users will download the OAB every day which can be rough. Same issue as you describe with the mail. If you absolutely must have better performance and a better performing Exchange server, consider making that Exchange server a GC. Better yet, consider virtualization. I understand you mentioned you are unable to put a DC local to the site but your requirements are opposing to that. If you are unable to make the Exchange server a GC or put one local, then I highly suggest putting the server in the same site as the GC and letting the users get their mail and OAB remotely. They'll be functional even when they first logon, but it will likely take time to get the first emails. At least it will be consistent and the server itself won't be bogged down, just the WAN link. You can't make a silk purse out of this one :) > First thanks for your answerAl! > [quoted text clipped - 63 lines] >> > remote >> > LAN? Al, another question! If like I said, we were using Outlook 2003 Cached Mode on the Client side and that no local GC was present on the Lan the Mailbox Server of North Japan office is located, exactly when would the Mailbox server have problems? I know that MS Exch 2K3 will need a GC and DC when routing e-mails to find out where is the Mailbox of recipients and then how to route the mail so that it can reach recipients Mailbox Server. But the only drawback of having a remote DC/GC here is that e-mail routing will be slower but nobody will even notice it, right? 1) So except this, where and/or when do you think other problems could arise? 2) You said that this could also create problems when Outlook 2003 Clients would be downloading their OAB, but if the OAB is replicated on the Mailbox Server, then users would dowload it from the local Mailbox server, so I don't see very well where the problem could be! Could you tell me what you meant by issue with the OAB? Thanks for your help here. > The mailbox server would perform slowly without a local GC in most cases. > Cached mode can help, but the users will download the OAB every day which [quoted text clipped - 81 lines] > >> > remote > >> > LAN? "But the only drawback of having a remote DC/GC here is that e-mail routing will be slower but nobody will even notice" It's not really e-mail routing, it's really the entire message processing, categorization, routing etc. Exchange will cache the directory information which does help, but does periodically query AD for this information. Also you said that you could not place a GC in your second site for security reasons, can you elaborate on this? Thanks. James Chong MCSE + Messaging, MCTS msexchangetips.blogspot.com > Al, > another question! [quoted text clipped - 103 lines] > > >> > remote > > >> > LAN? James beat me to it. The OAB has to get generated and I was thinking of having the OAB centralized. You're correct, it *could* be on the Northern Japan server if you configure it that way. Doesn't have to be. If local, it's going to be better download performance, although it's a background process for the client, so I'm not sure anyone will notice. As James asked, what was the reason you can put an email server local to the site but can't put a GC? > "But the only drawback of having a remote DC/GC here is that e-mail > routing [quoted text clipped - 152 lines] >> > >> > remote >> > >> > LAN? The reason why I cannot put a DC in the North of Japan is that the Head-quarter decided that for security reasons a DC cannot be put in a room that is not securely locked. Our office is within the Japanese Client's Office so that the only server room we have available is a room that is accessible from the top, meaning it has no roof! For this reason people from the HQ said no for a DC in that kind of PC room but ok for a Mailbox Server. But concretely what won't work well if I don't put a local GC in the North of Japan? > James beat me to it. > The OAB has to get generated and I was thinking of having the OAB [quoted text clipped - 162 lines] > >> > >> > remote > >> > >> > LAN? What won't work? Just about everything. That server is so dependent on the directory, that everything it does that might require a lookup, i.e. folder reads, message reads, F/B updates (by default every 15 minutes), store maintenance, mail delivery, anti-virus scanning, backups, etc... Pretty much everything the server does or might do. It expects to have a GC local to it. By itself, if this is not a very busy Exchange server, it might do alright most of the time. What's the cutoff? Can't tell. But note that the way Exchange works (in practice), everything has to get done. If it is not finished right this second, then it goes into the queue. You'll run into performance related issues and possibly some operational issues over time vs. all at once. Exchange *can* operate for periods of time with a GC that is not local. It's designed to do that. It's not designed to do that permanently. I sense that you're trying to justify an exception to the decree of no GC. If you lose that, I highly suggest favoring the server vs. the clients and have the clients access the server remotely. If it later becomes a performance problem, i.e. users are unhappy, then have them put a GC in the local site along with the Exchange server. I would not budge on the Exchange server and the GC/DNS/DC being in the same LAN connected site. Preferrably on the same subnet. If necessary, on the same machine depending on layer 8 issues in that org (I infer that AD is not managed by you? Or is that just the location of the DC's that is not?) Hopefully no black-clad individuals jump in through the roof and take your servers ;) Al > The reason why I cannot put a DC in the North of Japan is that the > Head-quarter decided that for security reasons a DC cannot be put in a [quoted text clipped - 203 lines] >> >> > >> > remote >> >> > >> > LAN? > The reason why I cannot put a DC in the North of Japan is that the > Head-quarter decided that for security reasons a DC cannot be put in a room [quoted text clipped - 7 lines] > But concretely what won't work well if I don't put a local GC in the North > of Japan? Almost everything. Can you not just improve the physical security (lock the DC in a cage with no keyboard/mouse?) and put a DC/GC onsite, or buys a rack-bount or other small server and hide it in a wiring closet? i can see the thinking, but surely there's more ptentially valuable information in a mailbox than on a DC if you were thinking of data theft? Since network access to the directory is unavoidable, you only have to worry about physical access to the server. It's really going to be a pain. Depending how good the link is you may have problems getting exchange to start at all, never mind perform well. Physical access to the exchange server is as much or more of a security risk then access to the DC. The exchange server will have databases that store company data that is worth as much or more then the directory information stored on the DC. I would recommend finding a way to secure the servers and putting both a DC and Exchange there or not putting either there. > The reason why I cannot put a DC in the North of Japan is that the > Head-quarter decided that for security reasons a DC cannot be put in a [quoted text clipped - 203 lines] >> >> > >> > remote >> >> > >> > LAN? Julien, You have a challenge ahead of you that may be fixed by pre-positioning Exchange mailbox content on the local network of the remote office. I'm a storage architect that also handles some exchange design problems for my company. Check out a company called Riverbed. http://www.riverbed.com/technology/app_streamlining/index.php Their product can provide TCP WAN acceleration which would include the Exchange traffic. We are looking at deploying these around our region and are currently evaluating them in our lab. We are seeing up to 80% improvements on file access and reduced latency so far. I hope this provides other options and ideas. > The reason why I cannot put a DC in the North of Japan is that the > Head-quarter decided that for security reasons a DC cannot be put in a room [quoted text clipped - 174 lines] > > >> > >> > remote > > >> > >> > LAN? |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.