Most organizations are spread across multiple locations in today’s business world. Exchange being such a critical application, it’s essential to make sure that it is up and running around the clock without any downtime. Regarding High Availability and Disaster Recovery, Exchange 2013 has many features due to new improvements and some changes with DAGs as compared to Exchange 2010.
How would you provide a redundant path to send and receive emails from the Internet if an entire primary site goes down and exchange is running from the DR site? Of course we can add additional servers in the DMZ to take up the load if one or more server goes down. What though could you do if the complete Datacenter goes down?
Let’s consider an example where we have two datacenters where Exchange servers are hosted. The primary datacenter is in New York and has internet access to send and receive external emails through the internet and the other datacenter in Dallas. Both are interconnected by a high speed WAN network.
Figure 1 (seen below) is a visual representation of the above scenario:
Figure 1. Email flow between primary, secondary datacenter and internet.
In the above example the first datacenter (New York) has Exchange servers with DAG configurations and provides the site resiliency option using the alternative datacenter at Dallas. It also has the internet connectivity to send and receive internet email. The second datacenter in Dallas hosts only the Exchange server. If the Exchange servers in the primary datacenter are lost, the DAG will activate the passive copies of a mailbox database in Dallas and users will be able to connect to Dallas Exchange servers to access their email.
With the loss of the primary datacenter in New York, we also loose the DMZ. This will impact the internet mail flow to the organization. Users will not be able to send and receive email over the internet. This can cause a huge data loss (not to mention revenue loss). Let us work on a solution by providing a redundant path to send and receive email over the internet.
In our design example Exchange is configured in both AD sites. The primary site in New York hosts the Active copies while the secondary site in Dallas hosts the passive copies. New York is the only AD site which is connected to internet. To provide alternative internet mail flow we need to connect the Dallas AD site to the internet through the Dallas DMZ. Figure 2, shows these details. Just a connection to the internet at Dallas will not serve the purpose though.
Figure 2. New internet mail flow configuration through Dallas datacenter.
Let’s list down the simple steps to configure Dallas to send and receive mail over internet.
Configuring Dallas Site to Accept Messages via Internet
All email from internet will be sent to the DNS MX record with lowest preference and if lowest preference is not reachable/available, then the email will be send to next highest preference. It is recommended to keep higher preference for MX record in different regions. This provides the alternative path to accept email, if the primary site goes down.
Configuring Dallas Site to Send Messages to Internet. (some steps already defined above)
It’s important to configure SPF and Sender ID correctly. Any misconfigurations can lead to non-delivery of messages to the target recipient. Most organizations accept email from the internet only if the message is from a trusted source.
Configuring alternative paths to send and receive internet messages are expensive. You would need similar number of servers, overall network infrastructure (DMZ and Exchange 2013 servers), configuration, and even the network bandwidth at Secondary site. This would be in case it must take up the complete internet email load in the event of primary datacenter failure.