The purpose of this article is to provide guidance for FPE 11.0 capacity planning. This includes hardware information such as the number of processing cores and memory requirements. The guidance will provide information that will utilize the existing Forefront Security for Exchange SP1 capacity planning tool for Exchange 2007 deployments and then provide enough detailed information to help with new Exchange 2010 deployments.
The goal is to provide guidance in-line with the documentation provided by Exchange. In all cases, this is the underlying data that was used to develop the guidance provided within this document.
A tool and additional updates to this document will be available in the future.
Note: All organizations are unique and they have requirements, policies, behaviors, and cultures that guide their requirements and inform hardware purchasing decisions. This document provides information about the additional load created by Forefront Protection 2010 for Exchange Server (FPE) on sample server environments and provides guidance to help with capacity planning decisions. This information should be combined with your experience, the Exchange capacity planning guidelines, and your general knowledge of your organization and IT landscape.
Reference Architectures and Server Roles
Enterprise Reference Architecture
There are two main reference architectures that are used for FPE deployments. The first is the Enterprise Reference Architecture show in Figure 1. This is a scalable unit that is intended to be deployed within a larger organization and is composed of an edge server, a hub server, multiple mailbox servers, an active directory server and a CAS server.
Figure 1. Enterprise Reference Architecture
Standard Reference Architecture
Figure 2 depicts the Standard Reference Architecture, which is intended to be a scalable unit, targeted at small to medium sized organizations. This architecture is composed of a dedicated edge server, one or more multi-role servers that encompass the hub server, mailbox server and CAS server roles and then a dedicated active directory server.
Figure 2. Standard Reference Architecture
Server Roles
Given the two reference architectures, the unique server roles are identified as follows:
FPE Edge Server
This is where the SMTP data stream comes into an organization and where message hygiene is performed. Message hygiene includes antispam as well as antivirus, antispyware and custom filtering. The FPE protection technology software resides on this server along with the Exchange Transport services. The messages that pass an enterprise’s message hygiene will be routed to the appropriate hub server for additional processing/routing. Messages that have undergone scanning as part of the message hygiene at the Edge do not have to be scanned again at the hub.
FPE Hub Server
This server accepts routing SMTP information from the FPE edge server, can perform additional message hygiene – based on configuration, and then routes the messages to their appropriate mailbox server or additional hub servers. The FPE protection technology software and the Exchange Transport services reside on this server.
FPE Mailbox Server
The FPE mailbox server accepts the incoming messages from the hub and can perform additional message hygiene – based on configuration. In addition, the mailbox server can perform scheduled scanning requests, and on-demand scanning requests. The FPE protection services in addition to the Exchange Mailbox services reside on this server.
FPE Multi-Role Server
This server contains the capabilities of the FPE hub server, FPE mailbox server, and Exchange CAS server in one server. Hence it provides the aggregate functionality.
<snip>