Word leaked out in the trainer community in the last week, and word is leaking out all around. So, to clarify, yes, it is true. Today, in about 6.5 hours, I will be joining many other IT professionals in New Employee Orientation (NEO) training at Microsoft. I will be wearing a blue badge pretty soon, after they take a picture of my pretty face and print it up.

It is funny how the word gets out. Some people heard because they were involved in the process. Others heard because jobs that I have been doing suddenly became available. Yet others heard because people can't help but share wonderful inside information (meaning they can't keep secrets) with others.

The right opportunity came up, and I just had to take advantage of it. I opened the door.

What does this mean? Scott Hanselman really did a great job of explaining his reasons for joining Microsoft, and they very closely mirror mine with the major exception being that Scott is a code weenie (BTW, I do not consider that derogatory, and if you do, then please accept my apologies) and I am an admin type.

I am extremely excited about the future, and I will share more once I am up and running in my new position. This, however, will be my final post in this blog. I intent to do some changes to the number of blogs that I use and this one will be one that is dropped. My main blog will continue to be http://msmvps.com/clusterhelp.

I would like to say that nothing will change in my blogging, but I have to admit that it is likely that things will change a bit. I promise to try to share more knowledge as I gain it. You can be sure that I will keep that promise. However, at the same time, there will be lots of information that I just can't share because I am not allowed to share it. Sorry, that is life. The same has always been true, though, as I have been under Non-Disclosure Agreement (NDA) with Microsoft for many years. I would love to share lots of stuff that I have had to keep to myself, but I am bound by both honor and legal agreements.

I expect that I will go dark (geek talk for not being publically available) for a few weeks, but I will be back and sharing again in the very near future on my other blog.

I will miss the people at Ameriteach. They are a great bunch. Maybe, sometime in the near future, I will be able to come back and teach a class as a guest trainer. I don't know if it will happen, but I will try.

I had a great question in class today, "What services are installed and used for the CAS and the Hub roles?" So, having a few moments, I went ahead and installed each, individually to find the following:

Client Access Server

• Microsoft Exchange Active Directory Topology Service - Started, Automatic
• Microsoft Exchange File Distribution - Started, Automatic
• Microsoft Exchange IMAP4 - Stopped, Manual
• Microsoft Exchange Monitoring - Stopped, Manual
• Microsoft Exchange POP3 - Stopped, Manual
• Microsoft Exchange Service Host - Started, Automatic

Of course, the CAS will also require installation of IIS and the related services and other pre-reqs.

Hub Transport

• Microsoft Exchange Active Directory Topology Service - Started, Automatic
• Microsoft Exchange Anti-spam Update - Started, Automatic
• Microsoft Exchange EdgeSync - Started, Automatic
• Microsoft Exchange Monitoring - Stopped, Manual
• Microsoft Exchange Transport - Started, Automatic
• Microsoft Exchange Transport Log Search - Started, Automatic

Just as with the CAS, there are also required pre-reqs for the Hub.

Mailbox

• Microsoft Exchange Active Directory Topology Service - Started, Automatic
• Microsoft Exchange Information Store  - Started, Automatic
• Microsoft Exchange Mail Submission  - Started, Automatic
• Microsoft Exchange Mailbox Assistants  - Started, Automatic
• Microsoft Exchange Monitoring - Stopped, Manual
• Microsoft Exchange Replication Service - Started, Automatic
• Microsoft Exchange Search Indexer - Started, Automatic
• Microsoft Exchange Service Host  - Started, Automatic
• Microsoft Exchange System Attendent  - Started, Automatic
• Microsoft Exchange Transport Log Search  - Started, Automatic
• Microsoft Search (Exchange)  - Started, Automatic

Just as with the other roles, there are also required pre-reqs for the Mailbox role.

These are some blogs and website links for those interested in IIS. There sure is a lot of great stuff out there. Don't hurt yourself reading!

IISAnswers

IIS Insider

IIS.net

IIS-Aid

Bernard Cheah

Keith Combs

Chris Crowe

Brett Hill

Gerry O'Brien

Steven Schofield

Ken Shaefer

A common concern that students have are the changes made between Exchange Server 2003 and Exchange Server 2007 when it comes to providing service redundancy and disaster recovery.

So, here is my response, at a high level.

First - You need to do what you should do with every single server in your environment, you need to harden the operating system and the application. The easiest way to do that is to use the Security Configuration Wizard (SCW). In order to use SCW, you need to first configure SCW so that it knows about Exchange Server 2007. Luckily, I have already written how to do that here for you.

Second, you need to look at each of the roles and decide whether redundancy is needed for them or not.

The mailbox role is often the most critical because it contains alll of the data for your Exchange environment. You need to decide what is the best method to use for providing high availability for your mailbox servers. I updated this blog just a few minutes ago to include some discussion on Single Copy Clusters (SCC) vs. Clustered Continuous Replication (CCR) here.

The Hub Transport and Client Access Server services are also considered extremely important for most organizations. In order to keep the number of servers down, combining these two roles on the same servers is a pretty common practice. However, the way that redundancy is usually implemented is not the same. Anyway, to make a long paragraph short, just read this blog entry regarding how to configure Network Load Balancing for the HT and CAS roles and it should help you out a great deal.

In order to provide high availability for the Unified Messaging role, just deploy multiple UM servers with the same rules on each.

As far as the Edge server role goes, you can configure one Edge server and then export its rules and import them on a second Edge server to provide support. You should also configure subscriptions on multiple Hub Transport servers. To provide redundancy for messages coming in from the Internet, simply create multiple MX records and point at your individual Edge servers. Provide the same priority level for both and they will nicely round robin.

Third, you should look at Standby Continuous Replication (SCR) to provide a copy of your database at a remote location for disaster recovery purposes.

Last, please, please, please configure a proper backup and recovery strategy and test it over and over again so you are confident that you can recover any server you need to in a little time as possible with as few mistakes as possible.

As always, I hope nothing ever goes wrong with your environment, but just in case it does, keep your resume up to date <G> and be prepared for the worst to happen.

In order to keep the number of servers down in a high availability environment, administrators have been looking at using Network Load Balancing (NLB) for CAS and then co-locating the HT role on each node of the NLB cluster to also provide high availability for the HT role.

This configuration can work, and it really is not too difficult to configure. It is extremely important to note that using NLB to load balance the default SMTP receive connectors (using port 25) is not supported and is completely unnecessary since they are load balanced for all intra-Exchange communications like HT to HT communications. However, using NLB to provide redundancy and load balancing for connections to  HTs that are hosting Client SMTP receive connectors (using port 587) is fully supported and may be desireable if you have a large number of external SMTP/POP and SMTP/IMAP clients that need to connect to this receive connector.

The steps that you need are to:

1. Setup two servers running Windows Server 2003 with two NICs in each server
2. Install Exchange Server2007 Hub Transport and Client Access Service (CAS) on each server
3. Configure one NIC for the Network Load Balance cluster and setup the other NIC in a separate network so it can be managed through that IP address
4. Configure NLB with Unicast and even load balancing
5. Setup the port rules:
   • Port 25 to 25 for both TCP and UDP and select the radio button to disable this port range (this will exclude port 25 from being listed to using the virtual IP address of the NLB cluster, but still allow the individual server IPs to still listen to port 25)
   • Port 465 to 465 for both TCP and UDP and selected the radio button to disable this port range
   • Port 80 to 80 for both TCP and UDP and set affinity to none (I recommend "none" so you can easily test and verify that it works)
   • Port 587 to 587 for both TCP and UDP, affinity none (this is for the client SMTP receive connector)
   • Port 443 to 443 for both TCP and UDP, affinity none
   • Port 110 to 110 for both TCP and UDP, affinity none
   • Port 993 to 993 for both TCP and UDP, affinity none
   • Port 143 to 143 for both TCP and UDP, affinity none
   • Port 995 to 995 for both TCP and UDP, affinity none
6. With affinity set to none, you can more readily test the CAS (after updating the web pages to show which server is actually responding) and verify that the load is being shared. You can also test to make sure the NLB cluster does not respond to SMTP on port 25, which it shouldn't if you set it right, and verify that each server does respond to SMTP as an individual server name.
7. You can configure protocol logging for the other protocols and telnet to the ports using the NLB IP address to see if they are loading balancing like they should. You can also use the NLB IP for the testing by sending and receiving messages and checking the message tracking logs to see that the traffic was being balanced. It all worked.

NOTE: You may want to change affinity to either single (especially if it is being used internally) or Class C (especially if it is accessible from the Internet) once your testing is done.

Good luck, and have lots of fun!

BTW, if all of this talk about NLB and configuration is going over your head, you might want to visit www.clusterhelp.com for more information. The course described there is taught at Ameriteach on a regular basis.