Deploy a pair of F5 load balancers in front of their exchange environment in the primary datacenter and an additional single F5 in a secondary datacenter, to secure traffic on 80/443 (web) and 25/587 (STMP). The Big IP devices will be in an active/passive configuration with an additional device in a secondary datacenter for disaster recovery purposes. Each site will have 3 virtual IPs (VIPs) setup for
1) SMTP TLS mail
2) SMTP non-TLS mail
3) Client Access over HTTP
The main datacenter has 3 exchange servers and the secondary datacenter has 2 exchange servers. There is a DAG configured for redundancy between all of the servers.
Currently the F5s are not in use. As they are not in use we can put them in place between the existing firewall and the existing servers and test them before they deploy. Work can be done any time during regular business hours, except for the cutover, .
SSL certificates will be exported from the current certificate authority for all devices and installed on the BigIP. SSL offloading will occur on the BigIP but the certificates will also be used on the devices as they currently are in use now.