Organization Topologies
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
Although Microsoft Exchange Server 2007 includes several components that make up an Exchange topology, all of the components needed by Exchange 2007 can be categorized into three layers that combine to form an Exchange topology:
The network layer
The Active Directory directory service layer
The Exchange layer
From the perspective of an Exchange topology, each of these layers can be described in terms of both logical and physical layers.
Network Layer of an Exchange Topology
The physical network layer provides the base foundation for all computers that need to communicate together. The physical network layer defines the path that computers use to send data to each other.
The logical network layer maps the naming convention and name resolution scheme that is used to identify the IP address based on the Domain Name System (DNS) name. The DNS layout typically maps to an organization's internal structure.
Physical Network Layer
IP addresses, IP subnets, LAN or WAN links, and routers and firewalls comprise the physical network layer.
Elements | Definition |
---|---|
IP address |
A base element of the network layer that is used to uniquely identify a computer on the network. Exchange 2007 supports IPv4 addresses only. IPv6 addresses are not supported. |
Boundaries | Definition |
---|---|
IP subnet |
A non-overlapping grouping of IP addresses that is used to control how data packets are routed. Typically, IP subnets map to an organization's geographic locations. However, it is also common for a single location to have multiple IP subnets. |
Boundary property | Definition |
---|---|
LAN or WAN link |
IP subnets that are highly connected, meaning that they have a large amount of bandwidth between them and are connected by a LAN link. Geographic locations are typically linked by a slower WAN link, which makes consideration of the amount of traffic that travels over these links important during the planning process. |
Router and firewall |
A LAN or WAN link uses a router and firewall as an interface between IP subnets, which can define the network ports and protocols that can be passed between IP subnets. |
Logical Network Layer
DNS zones that include separate boundaries for Active Directory domain DNS zones, company DNS zones, and Internet DNS zones comprise the logical network layer.
Elements | Definition |
---|---|
DNS zones |
A contiguous portion of the DNS tree that is administered as a single separate entity by a DNS server. The zone contains resource records for all names within the zone. |
Boundaries | Definition |
---|---|
Internet zone ("." root) |
This zone is used to resolve any domain that is registered to be available from the Internet. DNS needs to be configured to resolve to an authoritative root domain server to successfully resolve Internet DNS URLs. |
Company zone |
Each company is responsible for its own domain and domain name. A zone name begins at a specified name and ends at a delegation point. A delegation point indicates where one zone ends and another begins. To successfully deploy Exchange, and to allow for messages from the Internet, an appropriate MX resource record needs to be created and published in the company's DNS zone. |
Domain zone |
Active Directory uses service (SRV) resource records in DNS to register a list of domain controllers for client use. |
Active Directory Layer of an Exchange Topology
The physical Active Directory layer provides the infrastructure that domain members can use to contact the closest directory server and to control the behavior of replication traffic between directory servers.
The logical Active Directory layer describes the layout of the authentication and authorization model. The logical Active Directory layer lets each organization configure and deploy security policies that map their security needs to their business structure.
Physical Active Directory Layer
Domain controllers, global catalog servers, and Active Directory site links comprise the physical Active Directory layer.
Elements | Definition |
---|---|
Domain controller |
A server that authenticates domain logons and maintains the security policy and master accounts database for a domain. |
Global catalog server |
A directory server that contains a partial replica of Active Directory for every domain in an enterprise forest. |
Boundary property | Definition |
---|---|
Active Directory site links |
The defined connection that controls replication traffic between Active Directory sites. There are two attributes of an IP site link that are used to control the replication behavior between Active Directory sites: Schedule and Site Link Cost. In many environments, Schedule and Site Link Cost are used interchangeably (for example, Site Link Cost increases as Schedule interval increases). For Exchange 2007 to make intelligent routing decisions, it must have an understanding of the physical relationships that exist between Active Directory sites. We recommend that you define Site Link Cost in terms of the available network resources, where lower costs indicate a higher-bandwidth and more reliable link. Doing this will allow Exchange 2007 to make routing decisions that use network resources more efficiently. |
Boundary connections | Definition |
---|---|
Active Directory site link connectors |
Active Directory defines two types of site link connectors: IP and Simple Mail Transfer Protocol (SMTP). Exchange 2007 only supports IP-based site link connectors. Any Active Directory site used to host computers running Exchange 2007 must make use of IP-based Active Directory site links to other Active Directory sites. All intermediate Active Directory site link connections between Active Directory sites hosting computers running Exchange 2007 must also use IP-based Active Directory site links. |
Logical Active Directory Layer
Users, groups, forests, sites, domains, and organizational units comprise the logical Active Directory layer.
Elements | Definition |
---|---|
User |
A directory object used to identify a specific and unique account in Active Directory. |
Group |
A collection of users, computers, contacts, and other groups. Groups can be used as security or as e-mail distribution collections. In Exchange topologies, groups are often referred to as distribution lists. |
Boundaries | Definition |
---|---|
Forest |
A collection of one or more Active Directory domains that are organized as peers and connected by two-way transitive trust relationships. All domains in a forest share a common schema, configuration, and global catalog. |
Active Directory site |
A location on the network that contains Active Directory servers that communicate directly with each other. A site is defined as one or more well-connected IP subnets. |
Domain |
A networked set of computers that share a Security Accounts Manager (SAM) database and that can be administered as a group. |
Organizational unit (OU) |
An Active Directory container used within domains. OUs are logical containers into which users, groups, computers, and other OUs are placed. It can only contain objects from its parent domain. An OU is the smallest unit of scope to which a group policy or delegate authority can be applied. |
Exchange Layer of an Exchange Topology
The physical Exchange layer defines how mail is delivered between Exchange servers. The physical Exchange layer is also used to scope public folder replication when optimizing traffic across slow links. In Exchange 2007, the physical layer also defines which middle tier and back-end servers are well-connected so that traffic is optimized between them.
The logical Exchange layer describes how Exchange resources are grouped together for purposes of security and delegation management.
Physical Exchange Layer
Exchange servers and mail connectors comprise the physical Exchange layer.
Elements | Definition |
---|---|
Exchange server |
Any server that has any Exchange services installed on it. |
Boundary property | Definition |
---|---|
Mail connector |
A mail connector is used to define how mail should be routed outside the server's routing boundaries. |
Logical Exchange Layer
Mailboxes, public folders, databases, Exchange servers, distribution lists, administrative groups, and an organizational boundary comprise the logical Exchange layer.
Elements | Definition |
---|---|
Mailbox |
A repository of private folders that is associated with a user account and maintained in a mailbox database on an Exchange server. |
Public folder |
A repository of public folders that is organized into a logical tree called the public folder hierarchy. |
Database |
An Extensible Storage Engine (ESE) database file that contains mailboxes or public folders. |
Exchange server |
Any server that has any Exchange services installed on it. |
Distribution list |
A collection of users, computers, contacts, and other groups. Groups can be used as security or as e-mail distribution collections. |
Boundaries | Definition |
---|---|
Organization |
A logical container that groups Exchange resources together. Exchange resources within an organization are tightly integrated and share a common security context. There can be only one Exchange organization per forest. |
Exchange Organization Topology Definitions
The defined Exchange organization topologies are presented as a continuum. The definitions build incrementally upon each other from the most simple to the most complex. A key assumption of the topologies presented here is that, as new characteristics are added to a topology, all of the characteristics defined in the previously defined topology are applicable to the subsequent topologies as well.
There are four standard Exchange organization topologies that can be deployed:
SimpleExchangeorganization The simple Exchange organization represents the most basic topology into which Exchange 2007 can be deployed. For more information about simple Exchange organizations, see Planning for a Simple Exchange Organization.
StandardExchangeorganization The standard Exchange organization is the classification for topologies that are not simple, large, or complex. For more information about standard Exchange organizations, see Planning for a Standard Exchange Organization.
LargeExchangeorganization The large Exchange organization is an Exchange organization that contains more than five Active Directory sites. In an Exchange organization that includes Exchange Server 2003 or Exchange 2000 Server, the definition of the large Exchange organization also includes any Exchange organization that has more than five routing groups. For more information about large Exchange organizations, see Planning for a Large Exchange Organization.
ComplexExchangeorganization The complex Exchange organization is any Exchange organization that contains multiple Active Directory forests. A complex Exchange organization typically also includes Microsoft Identity Integration Server. For more information about complex Exchange organizations, see Planning for a Complex Exchange Organization.
Deploying Exchange 2007 outside of one of these defined topologies is not supported. You can run the Microsoft Exchange Server Best Practices Analyzer Tool (ExBPA) to determine your current organization model. You can do this by launching ExBPA from the Toolbox Work Center in the Exchange Management Console.