Herewith we start a series, that we decided to call “Deep Dive”. In it you might find the answers to some of your technical questions. The industry experts will provide their insights on several topics and research some new features of most popular applications. It’s a great read, and you are welcome for comments and discussion!
Exchange 2013 has simplified the Client Access Server (CAS) design architecture using global/single namespace. This is because of the way CAS works in Exchange 2013. Outlook no longer uses RPC protocol to access the email, but instead it connects to the CAS server and accesses the mailbox through https protocol. The CAS server makes a direct connection with the mailbox server, if the mailbox exists on the same AD site. If not, then it decides, whether to proxy the request or to redirect the request to another CAS/Mailbox infrastructure. It queries the Active Manager to determine the mailbox server hosting the active copy and it will proxy the request to mailbox server. This occurs irrespectively of a mailbox location. One CAS server redirects its request to another CAS server only if there is a telephony related request or an OWA request.
These changes have simplified the design and reduced the number of CAS URL requirements for Exchange 2013 server in Multisite environment. It eliminates the need for separate OWA URL namespace in primary and secondary data centers. Finally it also eliminates the requirement of having a separate namespace for RPC client access in these data centers. Instead, it is possible to have a single namespace for both internal and external, regardless of where the mailbox is located. The primary requirement for this design is that there should be no network latency and utilization between the data centers.
From an external you can configure a DNS round-robin between the VIPs of the load balancer in each data center. Users from the Internet will use the DNS round-robin to connect to any available VIP and access their mailbox. Major concern of the design is that the most proxy traffic will be out of site.
Similarly from internal, configure DNS round-robin between the VIPs of the load balancer in each of the data center for the name space Mail.Blue.com. This will cause outlook client to receive multiple VIPs IP address for a given fully qualified domain name (FQDN) Mail.Blue.com and thereby providing a failover option at the client. If the client tries to connect with a VIP IP address and the connection fails, the client waits for about 20 seconds and then tries for the next VIP address in the list. Technically, automatic recovery should happen in 21 seconds.
E.g. below is the two Internet facing AD site with Active/Active users configured in the DAG, configure DNS round-robin between the two load balancers.
Below is the CAS URL configuration between the two intranets facing AD site with Active/Active users with Single namespace design. Single namespace allows one common URL configuration across all the CAS servers and on both data centers. With failure of server/data center, users will be automatically connected to another server or data center without any impact for the end users.
Single namespace has simplified the Exchange design and the major requirement to implement this solution is to have a solid network connection between the two data centers with no latency, throughput or utilization issue. While both the data centers are internet facing sites, it is only needed to make sure that both the AD sites have Load balancer configured with VIPs. This design reduces the number of SAN required in the certificate, we just need one certificate with two SAN for a complete organization. This option provides site resilience between the sites, without much administration effort.