Exchange 2010 – Client Access Server – HA and DR

Exchange 2010 has come up with lots of interesting and advanced features and one of the most important features is HA. Being exchange one of the most mission critical application of any organization, it’s important that we must have a strong HA solution for any kind of issues. It can be either server failure or a complete Site Failure

Most of your would have gone through the DAG features which provides us with the HA flexibility with in the same site and across the site for the MAILBOX role servers. There are other important server’s roles which mailbox server depends and it’s very important that we plan HA for them as well and they are CAS role and HUB role server. HUB role are designed with HA by default using active directory. If any server HUB server fails in a site then other HUB servers are used and during the site failure all the email will be routed to the new HUB servers in the DR site and if there are multiple HUB servers they are load balanced in round robin fashion.

Let’s talk about the CAS servers with HA and DR flexibility. Exchange 2010 has come up with the new HA for CAS server and it is called as CAS Array. Outlook uses this CAS Array to configure the outlook. You may already know that outlook uses CAS server for the MAPI connection. CAS Array allows you to add all the CAS servers into the array with behind the load balancer and expose the Virtual IP (VIP) for the user connection. Load balancer poles all the CAS servers in the array and if there is any server down then user connection will not directed to the failed CAS server until it comes up. In this fashion we have HA flexibility within the site when we have one or more CAS server failure.

Highlight of this article is to find how CAS Array works when there is a site failure in a DR Scenario which we don’t find much information around.

 Let’s consider a scenario, we have 2 AD site. First is the primary site with the name SiteA and second is the DR site with the name SiteB. Below Table 1 shows the details of the CAS Array with their site specific names and there corresponding IP address

If there is failure of siteA then with the help of DAG we mount all the database on the server in the SiteB(DR Site) with this user will not have the outlook connected. They will still be in disconnected state, because all the users’ outlook is configured with and it is down because of the site failure.

Now it’s not feasible configure the entire database in SiteB (DR site) with the new CAS Array and reconfigure the entire user’s outlook with new CAS array name. This is not a solution any company would require for DR and it doesn’t look good even from the design prospective. Ideal and simple solution is to change the DNS IP address of with the SiteB IP address May need to wait for some time for the replication and soon you should find user outlook coming online. Table 2 shows the new IP address on during DR. Once you wanted to failback to the primary site (SiteA) then we have again revert the CAS array IP address to the old state as defined in the Table 1.

I am sure many would have had this query in your mind as I had and hope this article helps you in design a solution depending on your requirement.

One thought on “Exchange 2010 – Client Access Server – HA and DR

  1. Thanks Krishna. i was looking for this but i have couple of queries. please assist.

    “I have been reading for last couple of days about designing and deploying Exchange 2010 SP3 based – High Availability and Site Resiliency; in existing infrastructure. Currently we have Single AD Site (Primary Site) – Internet Facing with following Roles.

    – 2 Domain Controllers with FSMO roles.

    – Single CAS and Hub Transport server (marked as file share witness) on separate box.

    – Single DAG (called DAG1) with two Mailbox Servers.

    – Edge Transport Server in DMZ.


    URLs for Autodiscover > AUTODISCOVER.DOMAIN.COM

    Note: we are using single name space and want to keep it as is.

    First we want to add more exchange servers in Primary Site to achieve HA as following.

    – 2 DCs will remain as is.

    – Single DAG with two Mailbox Servers will remain as is.

    – will be added another CAS server to make it CAS Array. (how to achieve this? what configuration will it require? can we use WNLB for CAS?)

    – will be added another Hub Transport server to make it Highly Available. (Hub Transport Server does not require any configuration for making it HA, is that correct?)

    Secondly, we want to add servers in DR Site to achieve Site Resiliency & HA in the event of primary site failure as following.

    – Secondary AD site would be created and 2 DCs will be added. New AD site would be called secondary site.

    – Two CAS servers will be added as CAS Array in secondary AD site.

    – Two Hub Transport server will be added to make it Highly Available and one of Hub Transport will be made alternate File Share Witness.

    – Two Mailbox Servers will be added in existing DAG (called DAG1)

    – Single Edge Server will be added in DMZ

    Question: is this correct order/ approach to introduce exchange servers in existing exchange organization?

    We want to achieve following model.

    – Users will remain connected/ functional with Primary Site as it is happening in the current scenario >> Users will be routed to DR site only in the event of Site Failure to restore connectivity of exchange users.

    – Email flow would be through Primary Site as is but >> will be routed to DR Site only in the event of Site Failure.

    – There will be no users connected to secondary site except in DR situation.

    – We would want to use single name space as we are currently using (URLs For OWA/ ECP/ OAB…> WEBMAIL.DOMAIN.COM/*, URLs for Autodiscover > AUTODISCOVER.DOMAIN.COM).

    – in DR event will be following below mentioned approach per article.

    Questions: Is the entire above stated approach going to work for us? or how can we make it even better?

    please assist. Thanks.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s