SMB Mail Failover – 1-2 punch knocks out SMB mail availability troubles

Just another thing I manage to squeeze into this weekends ExchangeDefender feature pack, support for multihomed Exchange (SBS included) servers. But a bit of background first:

Traditional SMB deployment of failover / high availabilty Internet access is a scaled down enterprise approach – get two dedicated T1’s or better from different providers, big Cisco or Juniper router, ASN number along with a dedicated IP allocation, announce both ranges and with BGP4 you’ve got a multihomed, highly available deployment.

The only trouble with the above is that complexity is way beyond the SMB IT skill set and cost is hard to swallow as well. So what a lot of SBSers have turned to are devices that allow multiple broadband connections and provide HA using DNS round robbin and MX weights. With a decent router this type of a solution with bandwidth would cost less than a single T1 and be setup in a day. Tim recommends the Secure Computing & CyberGard products, Erick recommends SonicWall Pro 2040, 3060, 4100, 4060 and 5060.

ExchangeDefender in the mix…

If you look at your ExchangeDefender account configuration it might look a little like this… Nothing interesting there, just type in the IP addresses and you’re ready to go..

But click on the Advanced Settings text and it turns to this:

And as you can tell, its ridiculously simple to setup ExchangeDefender with a multihomed configuration. Insead of providing an IP address to deliver mail to, you can provide a fully qualified domain name (mailserver.yourdomain.com) and you can also provide an extra IP address to route outbound mail through our outbound grid.

What happens on the backend? Well, DNS is looked up at delivery time and the ExchangeDefender delivery agent acts as a real mail server – it gets an MX record list, orders the weights in ascending order and hunts down the list. First available server that answers gets a conversation started and mail delivered. On the flip side, by adding an extra IP address to ExchangeDefender’s outbound network you can turn up high availability and load balancing on your outbound link and let mail go out using both network interfaces.

Now, couple all this with the ExchangeDefender LiveArchive and… frankly… you can pull off 99.999% if you design your network correctly – and we’ll guarantee the 99.999% on the archive.exchangedefender.com so you’re all set.

Caveat

I know what you’re thinking and no, don’t do it: “Sweet, I can now bring over all my dyndns customers!”; Technically, you can. Practically, I wouldn’t do it. Here is why – we cache our DNS lookups. So if you put in a DYNDNS server that has a frequently expiring IP address and your TTL doesn’t match mine.. well.. Just don’t do it.

But in case you have a fairly reliable connection and you don’t need 100% guarantee that the mail will get there, and you absolutely cannot get a business line and you totally have no way of getting a static IP address.. well, you’re still screwed, but we’ll work with you. You can route your mail through your ISPs smarthost (not recommended) or you can route it through our outbound grid (recommended) but you’ll have to use SMTP authentication and relay mail via SMTP-over–SSL. That means modifying your Exchange SMTP configuration and opening a ticket in support.ownwebnow.com to get a username and password for SMTP SSL. But, small price to pay if all you’ve got is dyndns or noip.

Conclusion

I’m listening to you guys…. I thank you for your business and we’re working tirelessly here to keep on addressing all the concers that the SMBs have and we’re making this a winning product. We’re now integrated with Autotask and Connectwise, we now support HA and we offer realtime business continuity, extended archiving, encryption…. and.. well.. nobody else can say that. So thank you for putting up with the v3 troubles, aren’t you glad you stuck around? You can kill your competitors with the ExchangeDefender feature set offer alone! I know I do.