Hi Everyone, I am sure alot of you must bee having a setup of GTM+LTM and running multiple services, I have LTM configured for Exchange setup at main and the DR site and now I am going to introduce the GTM at both the sites. I need to understand what Changes I will have to make in my internal/external DNS setup plus how the traffic of internal users will flow to reach to the available Exchange servers or how will it be distributed. Need some quick response.

In one paragraph... Setup your GTM on a separate subdomain (e.g. wip.domain.com). Delegate that sip.domain.com to your GTM. Setup your GTM pool containing the LTM VS's as poolmembers. Create a WIP. Place the GTM pool in the WIP. Test. Then change the service name to be a CNAME record with the value being the WIP. Note that 1 paragraph hides a bit of configuration around data centres, servers, big3d and gtmd comms etc... H

How about the internal network users? Currently the internal DNS takes care of the resolution of the traffic for them, so even in the internal DNS I will change the A record and replace it with the CNAME and it will be forwarded to GTM to manage it over GTM Pool?

Well... There lies the devil in the detail... You need to plan this out, and try to be consistent in everything (Special cases will kill you). Some questions you ned to ask yourself... Do the internal users connect to the same VS as external users? Do you run split DNS? NAT'ing? Are you using APM? Or just LB'ing your CAS servers? Are you silo'ing everything? Or are you spreading your cluster horizontally? Sorry to be asking you so many questions, but without you knowing all the answers, you can't plan successfully... H

We've setup GTM as described and only for internal, external users need to VPN in for email. More detail on the cNAME; it's a cNAME on an A record in the internal.domain.com and the A record we chose was the IP address of the service VIP on the LTM in the primary data center. The cName data points to the wip.domain.com. Our GTM is setup for manual failover of exchange records, to prevent any false positives. The WIP has 2 pools and is setup for global availability. The pools are setup with an IPv4 fallback IP to ensure the pool always available until we manually disable it to initiate failover. As stated in previous thread, there are a TON more details and it will depend on your requirements. Hope this helps.

Configuring Exchange on GTM setup

14 Replies

Hamish
Cirrocumulus
Oct 01, 2013
In one paragraph...

Setup your GTM on a separate subdomain (e.g. wip.domain.com). Delegate that sip.domain.com to your GTM. Setup your GTM pool containing the LTM VS's as poolmembers. Create a WIP. Place the GTM pool in the WIP. Test. Then change the service name to be a CNAME record with the value being the WIP.

Note that 1 paragraph hides a bit of configuration around data centres, servers, big3d and gtmd comms etc...

H
Techgeeeg
Nimbostratus
Oct 02, 2013
How about the internal network users? Currently the internal DNS takes care of the resolution of the traffic for them, so even in the internal DNS I will change the A record and replace it with the CNAME and it will be forwarded to GTM to manage it over GTM Pool?
Hamish
Cirrocumulus
Oct 02, 2013
Well... There lies the devil in the detail... You need to plan this out, and try to be consistent in everything (Special cases will kill you).

Some questions you ned to ask yourself... Do the internal users connect to the same VS as external users? Do you run split DNS? NAT'ing? Are you using APM? Or just LB'ing your CAS servers? Are you silo'ing everything? Or are you spreading your cluster horizontally?

Sorry to be asking you so many questions, but without you knowing all the answers, you can't plan successfully...

H
MVA
Nimbostratus
Oct 02, 2013
We've setup GTM as described and only for internal, external users need to VPN in for email. More detail on the cNAME; it's a cNAME on an A record in the internal.domain.com and the A record we chose was the IP address of the service VIP on the LTM in the primary data center. The cName data points to the wip.domain.com. Our GTM is setup for manual failover of exchange records, to prevent any false positives. The WIP has 2 pools and is setup for global availability. The pools are setup with an IPv4 fallback IP to ensure the pool always available until we manually disable it to initiate failover. As stated in previous thread, there are a TON more details and it will depend on your requirements. Hope this helps.
- Hamish
  Cirrocumulus
  Oct 13, 2013
  If everything is manual, why do you bother with GTM? You might as well edit the DNS records on your internal DNS as have to go & make changes in GTM and incur all the overhead of the delegated domain etc.
- MVA
  Nimbostratus
  Oct 14, 2013
  Yes, we started with the goal of automating Exchange failover with GTM but was advised by MS to make this a manual process to avoid unintended failover. The 'win' from this is twofold; we have a centralized place to failover all our Exchange records and we know have GTM in the environment to support other applications. Build it and they will come mantra.
MVA_60288
Altocumulus
Oct 02, 2013
We've setup GTM as described and only for internal, external users need to VPN in for email. More detail on the cNAME; it's a cNAME on an A record in the internal.domain.com and the A record we chose was the IP address of the service VIP on the LTM in the primary data center. The cName data points to the wip.domain.com. Our GTM is setup for manual failover of exchange records, to prevent any false positives. The WIP has 2 pools and is setup for global availability. The pools are setup with an IPv4 fallback IP to ensure the pool always available until we manually disable it to initiate failover. As stated in previous thread, there are a TON more details and it will depend on your requirements. Hope this helps.
- Hamish
  Cirrocumulus
  Oct 13, 2013
  If everything is manual, why do you bother with GTM? You might as well edit the DNS records on your internal DNS as have to go & make changes in GTM and incur all the overhead of the delegated domain etc.
- MVA_60288
  Altocumulus
  Oct 14, 2013
  Yes, we started with the goal of automating Exchange failover with GTM but was advised by MS to make this a manual process to avoid unintended failover. The 'win' from this is twofold; we have a centralized place to failover all our Exchange records and we know have GTM in the environment to support other applications. Build it and they will come mantra.
Techgeeeg
Nimbostratus
Oct 05, 2013
In my situation I have 2 sites, each site has 2 CAS servers and under the current setup the users of a particular site are forwarded to their site NLB, now NLB will get replaced with LTM and for the high avaliability we will configure GTM as well, what we want is that the users of each site should get forwarded to their respective CAS aray until that site's CAS array faces any problem the users should not be forwarded to the CAS array of the other site. we are considering automatic fail over no static...
- Hamish
  Cirrocumulus
  Oct 13, 2013
  Assuming that each site has their own LDNS, then topology records are probably the way you want to go. So setup the topology so site1 LDNS gets resolved to site1 LTM, site2 LDNS gets site2 LTM etc. Then have additional topology records so that if (For example) site1 LTM is down, then site1 LDNS gets resolves to site2 LTM. H
Techgeeeg_28888
Nimbostratus
Oct 05, 2013
In my situation I have 2 sites, each site has 2 CAS servers and under the current setup the users of a particular site are forwarded to their site NLB, now NLB will get replaced with LTM and for the high avaliability we will configure GTM as well, what we want is that the users of each site should get forwarded to their respective CAS aray until that site's CAS array faces any problem the users should not be forwarded to the CAS array of the other site. we are considering automatic fail over no static...
- Hamish
  Cirrocumulus
  Oct 13, 2013
  Assuming that each site has their own LDNS, then topology records are probably the way you want to go. So setup the topology so site1 LDNS gets resolved to site1 LTM, site2 LDNS gets site2 LTM etc. Then have additional topology records so that if (For example) site1 LTM is down, then site1 LDNS gets resolves to site2 LTM. H
Techgeeeg
Nimbostratus
Oct 13, 2013
Hi Guys, Anyone answer pls.... waiting for some input....

Regards,

Forum Discussion

Configuring Exchange on GTM setup

14 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

LTM VE behind Sophos Firewall deployment - configuration/setup question

Looking for Setup Advice

Exchange 2016

How to Setup Shape Log Analysis in Fastly

BIG-IP BGP Routing Protocol Configuration And Use Cases