Exchange Server on AWS
Exchange Server Quick Start

Step 2. Launch the Quick Start

Note

You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start. For full details, see the pricing pages for each AWS service you will be using in this Quick Start.

  1. Choose one of the following options to launch the AWS CloudFormation template into your AWS account. For help choosing an option, see Deployment Options earlier in this guide.

    Option 1

    Deploy Exchange Server into a new VPC on AWS

    
                                                Quick Start launch button for Exchange Server in
                                                  new VPC

    Option 2

    Deploy Exchange Server into an existing VPC

    
                                                Quick Start launch button for Exchange Server in existing VPC

    Important

    If you’re deploying Exchange Server into an existing VPC, make sure that your VPC has at least two private subnets in different Availability Zones. These subnets require NAT gateways or NAT instances in their route tables, to allow the instances to download packages and software without exposing them to the internet. You will also need the domain name option configured in the DHCP options as explained in the Amazon VPC documentation. You will be prompted for your VPC settings when you launch the Quick Start.

    Each deployment takes about 90 minutes to complete.

  2. Check the region that’s displayed in the upper-right corner of the navigation bar, and change it if necessary. This is where the network infrastructure for Exchange Server will be built. The template is launched in the US West (Oregon) Region by default.

  3. On the Select Template page, keep the default setting for the template URL, and then choose Next.

  4. On the Specify Details page, change the stack name if needed. Review the parameters for the template. Provide values for the parameters that require your input. For all other parameters, review the default settings and customize them as necessary. When you finish reviewing and customizing the parameters, choose Next.

    In the following tables, parameters are listed by category and described separately for the two deployment options:

    Option 1: Parameters for deploying Microsoft Exchange Server into a new VPC

    View template

    VPC Network Configuration:

    Parameter label Parameter name Default Description
    Availability Zones AvailabilityZones Requires input The list of Availability Zones to use for the subnets in the VPC. The Quick Start uses two Availability Zones from your list and preserves the logical order you specify.
    Number of Availability Zones NumberOfAZs 2 The number of Availability Zones to use in the VPC. This number must match your selection in the list of the Availability Zones parameter.
    Third Availability Zone ThirdAZ no

    Enables you to deploy three Availability Zones. The third Availability Zone can either be used just for the witness, or can be a full Exchange cluster node.

    Note:

    If you use the Availability Zone for the witness, you must set the File Server Private IP Address parameter to an IP in the third subnet range.

    VPC CIDR VPCCIDR 10.0.0.0/16 The CIDR block for the VPC.
    Private Subnet 1 CIDR PrivateSubnet1CIDR 10.0.0.0/19 The CIDR block for the private subnet located in Availability Zone 1.
    Private Subnet 2 CIDR PrivateSubnet2CIDR 10.0.32.0/19 The CIDR block for the private subnet located in Availability Zone 2.
    Private Subnet 3 CIDR PrivateSubnet3CIDR 10.0.64.0/19 (Optional) The CIDR block for the private subnet located in Availability Zone 3.
    Public Subnet 1 CIDR PublicSubnet1CIDR 10.0.128.0/20 The CIDR block for the public (DMZ) subnet located in Availability Zone 1.
    Public Subnet 2 CIDR PublicSubnet2CIDR 10.0.144.0/20 The CIDR block for the public (DMZ) subnet located in Availability Zone 2.
    Public Subnet 3 CIDR PublicSubnet3CIDR 10.0.160.0/20 (Optional) The CIDR block for the optional public (DMZ) subnet 3 located in Availability Zone 3.

    Amazon EC2 Configuration:

    Parameter label Parameter name Default Description
    Key pair name KeyPairName Requires input The public/private key pair, which allows you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
    Tenancy HostType Shared

    The host type. If you select Dedicated or Dedicated Host, hosts will be created in each Availability Zone.

    Note:

    For Dedicated host type, you must already have suitable dedicated hosts in your account.

    BYOL AMI to use on dedicated host DedicatedHostAMI

    (Conditional) If the host type is set to "Dedicated" or "Dedicated Host", you need to specify your imported BYOL AMI ID.

    Microsoft Active Directory Configuration:

    Parameter label Parameter name Default Description
    Domain DNS name DomainDNSName example.com The fully qualified domain name (FQDN) of the forest root domain (e.g. example.com).
    Domain NetBIOS name DomainNetBIOSName example The NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Windows (e.g. EXAMPLE).
    Restore Mode password RestoreModePassword Requires input The password for a separate Administrator account when the domain controller is in Restore Mode. Must be at least 8 characters containing letters, numbers and symbols. Avoid using special characters such as @ or $.
    Domain Admin user name DomainAdminUser StackAdmin The user name for the account that will be added as Domain Administrator. This is separate from the default Administrator account.
    Domain Admin password DomainAdminPassword Requires input The password for the domain admin user. Must be at least 8 characters containing letters, numbers and symbols. Avoid using special characters such as @ or $.
    Domain Controller 1 instance type ADServer1InstanceType m4.xlarge The Amazon EC2 instance type for the first Active Directory instance.
    Domain Controller 1 NetBIOS name ADServer1NetBIOSName DC1 The NetBIOS name of the first Active Directory server (up to 15 characters).
    Domain Controller 1 private IP address ADServer1PrivateIP 10.0.0.10 The private IP for the first Active Directory server located in Availability Zone 1.
    Domain Controller 2 instance type ADServer2InstanceType m4.xlarge The Amazon EC2 instance type for the second Active Directory instance.
    Domain Controller 2 NetBIOS name ADServer2NetBIOSName DC2 The NetBIOS name of the second Active Directory server (up to 15 characters).
    Domain Controller 2 private IP address ADServer2PrivateIP 10.0.32.10 The private IP for the second Active Directory server located in Availability Zone 2.

    Remote Desktop Gateway Configuration

    Parameter label Parameter name Default Description
    Allowed Remote Desktop Gateway external access CIDR RDGWCIDR Requires input The allowed CIDR block for external access to the Remote Desktop Gateways.
    Remote Desktop Gateway instance type RDGWInstanceType t2.large

    The Amazon EC2 instance type for the Remote Desktop Gateway instances.

    Number of RDGW hosts NumberOfRDGWHosts 1

    The number of Remote Desktop Gateway hosts to create.

    Microsoft Exchange Server Configuration:

    Parameter label Parameter name Default Description
    Exchange Server version ExchangeServerVersion 2013 The version of Exchange Server to install. Options include either 2013 or 2016.
    Deploy Edge servers IncludeEdgeTransportRole no Setting this parameter to yes will include Exchange Edge Transport servers in the public subnets.
    Edge Role instance type EdgeInstanceType m4.large The Amazon EC2 instance type for the Exchange Edge Transport servers.
    Edge Node 1 NetBIOS name EdgeNode1NetBIOSName EdgeNode1 The NetBIOS name of the first Edge server (up to 15 characters.
    Edge Node 1 private IP address EdgeNode1PrivateIP1 10.0.128.12 The primary private IP for the first Edge server located in Availability Zone 1.
    Edge Node 2 NetBIOS name EdgeNode2NetBIOSName EdgeNode2 The NetBIOS name of the second Edge server (up to 15 characters).
    Edge Node 2 private IP address EdgeNode2PrivateIP1 10.0.144.12 The primary private IP for the second Edge server located in Availability Zone 1.
    Encrypt data volumes EncryptDataVolumes false Setting this parameter to true encrypts the data and log volumes on the Exchange nodes.
    KMS key to encrypt volumes EncryptionKmsKey

    (Optional) The AWS KMS encryption ARN in the following format: arn:aws:kms:[REGION]:[ACCOUNTNUMBER]:key/[GUID]

    Leave blank to use the default EBS encryption key.

    Exchange Server volume IOPS VolumeIops 1000 The provisioned IOPS for the Exchange Data and Logs volumes. This parameter is only applicable when the Exchange Server volume type parameter is set to "io1".
    Exchange Server volume size (GiB) VolumeSize 500 The volume size for the Exchange data and log volumes.
    Exchange Server volume type VolumeType gp2 The volume type for the Exchange data and log volumes.

    Load Balancer Configuration:

    Parameter label Parameter name Default Description
    Deploy Application Load Balancer

    DeployLoadBalancer

    false Setting this parameter to true configures an Application Load Balancer (ALB).
    Application Load Balancer Certificate

    CertificateArn

    (Conditional) The certificate ARN to be used by the ALB. If true is chosen in the Deploy Application Load Balancer option, specify the certificate ARN to be used by the load balancer in the following format: arn:aws:acm:[REGION]:[ACCOUNTNUMBER]:certificate/[GUID]

    Failover Cluster Configuration:

    Parameter label Parameter name Default Description
    Instance type for Exchange nodes

    ExchangeNodeInstanceType

    r4.2xlarge The Amazon EC2 instance type for the Exchange nodes.
    Exchange Node 1 NetBIOS name

    ExchangeNode1NetBIOSName

    ExchangeNode1 The NetBIOS name of the first Exchange node (up to 15 characters).
    Exchange Node 1 private IP address 1 ExchangeNode1PrivateIP1 10.0.0.100 The primary private IP for Exchange node 1 located in Availability Zone 1.
    Exchange Node 1 private IP address 2 ExchangeNode1PrivateIP2 10.0.0.101 The secondary private IP for Exchange node 1.
    Exchange Node 2 NetBIOS name ExchangeNode2NetBIOSName ExchangeNode2 The NetBIOS name of Exchange node2 (up to 15 characters).
    Exchange Node 2 Private IP address 1 ExchangeNode2PrivateIP1 10.0.32.100 The primary private IP for Exchange node 2.
    Exchange Node 2 Private IP address 2 ExchangeNode2PrivateIP2 10.0.32.101 The secondary private IP for Exchange node 2.
    Exchange Node 3 NetBIOS name ExchangeNode3NetBIOSName ExchangeNode3 (Optional) The NetBIOS name of the optional Exchange node 3 (up to 15 characters).
    Exchange Node 3 Private IP address 1 ExchangeNode3PrivateIP1 10.0.64.100 (Optional) The primary private IP for the optional Exchange node 3.
    Exchange Node 3 Private IP address 2 ExchangeNode3PrivateIP2 10.0.64.101 (Optional) The secondary private IP for the optional Exchange node 3.
    Exchange Node 2 private IP address 2 ExchangeNode2PrivateIP2 10.0.32.101 The secondary private IP for the Exchange node 2.
    File Server instance type FileServerInstanceType t2.small The Amazon EC2 instance type for the file-share witness server.
    File Server NetBIOS name FileServerNetBIOSName FileServer The NetBIOS name of the file-share witness server (up to 15 characters).
    Exchange Node 3 private IP address 1 ExchangeNode3PrivateIP1 10.0.64.100 (Optional) The primary private IP for Exchange node 3 located in Availability Zone 3.
    File Server private IP address FileServerPrivateIP 10.0.0.200 The primary private IP for the file-share witness server located in Availability Zone 1.

    AWS Quick Start Configuration:

    Parameter label Parameter name Default Description
    Quick Start S3 bucket name QSS3BucketName aws-quickstart S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
    Quick Start S3 key prefix QSS3KeyPrefix quickstart-microsoft-exchange/ The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes, but should not start or end with a forward slash (which is automatically added).

    Option 2: Parameters for deploying Microsoft Exchange Server into an existing VPC

    View template

    VPC Network Configuration:

    Parameter label Parameter name Default Description
    Third Availability Zone ThirdAZ no

    Enables you to deploy three Availability Zones. The third Availability Zone can either be used just for the witness, or can be a full Exchange cluster node.

    Note:

    If you use the Availability Zone for the witness, you must set the WFC File Server Private IP Address parameter to an IP in the third subnet range.

    VPC for Exchange deployment VPCID Requires input The ID of the VPC (e.g., vpc-0343606e).
    CIDR block of VPC VPCCidrBlock 10.0.0.0/16 The CIDR block for the VPC.
    Private Subnet 1 ID PrivateSubnet1ID Requires input The ID of the private subnet 1 in Availability Zone 1 (e.g., subnet-a0246dcd).
    Private Subnet 1 CIDR PrivateSubnet1CIDR 10.0.0.0/19 The CIDR block for the private subnet 1 located in Availability Zone 1.
    Private Subnet 2 ID PrivateSubnet2ID Requires input The ID of the private subnet 2 in Availability Zone 2 (e.g., subnet-a0246dcd).
    Private Subnet 2 CIDR PrivateSubnet2CIDR 10.0.32.0/19 The CIDR block for the private subnet 2 located in Availability Zone 2.
    Private Subnet 3 ID PrivateSubnet3ID (Optional) The ID of the optional private subnet 3 in Availability Zone 3 (e.g., subnet-a0246dcd).
    Private Subnet 3 CIRD PrivateSubnet3CIDR 10.0.64.0/19 (Optional) The CIDR block for optional private subnet 3 located in Availability Zone 3.
    Public Subnet 1 ID PublicSubnet1ID Requires input (Optional) The ID of the public subnet 1 in Availability Zone 1 (e.g., subnet-a0246dcd).
    Public Subnet 2 ID PublicSubnet2ID Requires input (Optional) The ID of the public subnet 2 in Availability Zone 2 (e.g., subnet-a0246dcd).

    Amazon EC2 Configuration:

    Parameter label Parameter name Default Description
    Key pair name KeyPairName Requires input The public/private key pair, which allows you to connect securely to your instance after it launches. When you created an AWS account, this is the key pair you created in your preferred region.
    Tenancy HostType Shared

    The host type. If you select Dedicated or Dedicated Host, hosts will be created in each Availability Zone.

    Note:

    For Dedicated host type, you must already have suitable dedicated hosts in your account.

    BYOL AMI to use on dedicated host DedicatedHostAMI

    (Conditional) If the host type is set to "Dedicated" or "Dedicated Host", you need to specify your imported BYOL AMI ID.

    Microsoft Active Directory Configuration:

    Parameter label Parameter name Default Description
    Domain DNS name DomainDNSName example.com The fully qualified domain name (FQDN) of the forest root domain (e.g. example.com).
    Domain NetBIOS name DomainNetBIOSName example The NetBIOS name of the domain (up to 15 characters) for users of earlier versions of Windows (e.g. EXAMPLE).
    Domain Admin user name DomainAdminUser StackAdmin The user name for the account that will be added as Domain Administrator. This is separate from the default Administrator account.
    Domain Admin password DomainAdminPassword Requires input The password for the domain admin user. Must be at least 8 characters containing letters, numbers and symbols. Avoid using special characters such as @ or $.
    Domain Controller 1 NetBIOS name ADServer1NetBIOSName DC1 The NetBIOS name of the first Active Directory server (up to 15 characters).
    Domain Controller 1 private IP address ADServer1PrivateIP 10.0.0.10 The private IP for the first Active Directory server located in Availability Zone 1.
    Domain Controller 2 NetBIOS name ADServer2NetBIOSName DC2 The NetBIOS name of the second Active Directory server (up to 15 characters).
    Domain Controller 2 private IP address ADServer2PrivateIP 10.0.32.10 The private IP for the second Active Directory server located in Availability Zone 2.
    Security Group ID for AD domain members DomainMemberSGID Requires input The ID of the Domain Member Security Group (e.g., sg-7f16e910).

    Exchange Server Configuration:

    Parameter label Parameter name Default Description
    Exchange Server version ExchangeServerVersion 2013 The version of Exchange Server to install. Options include either 2013 or 2016.
    Deploy Edge servers IncludeEdgeTransportRole no Setting this parameter to yes will include Exchange Edge Transport servers in the public subnets.
    Instance type for Edge server EdgeInstanceType t2.large The Amazon EC2 instance type for the Exchange Edge Transport servers.
    Edge Node 1 NetBIOS name EdgeNode1NetBIOSName EdgeNode1 The NetBIOS name of the first Edge server (up to 15 characters.
    Edge Node 1 private IP address EdgeNode1PrivateIP1 10.0.128.12 The primary private IP for the first Edge server located in Availability Zone 1.
    Edge Node 2 NetBIOS name EdgeNode2NetBIOSName EdgeNode2 The NetBIOS name of the second Edge server (up to 15 characters).
    Edge Node 2 private IP address EdgeNode2PrivateIP1 10.0.144.12 The primary private IP for the second Edge server located in Availability Zone 1.
    Encrypt data volumes EncryptDataVolumes false Setting this parameter to true encrypts the data and log volumes on the Exchange nodes.
    KMS key to encrypt volumes EncryptionKmsKey

    (Optional) The AWS KMS encryption ARN in the following format: arn:aws:kms:[REGION]:[ACCOUNTNUMBER]:key/[GUID]

    Leave blank to use the default EBS encryption key.

    Data Volume size (GiB) VolumeSize 500 The volume size for the Exchange data drive.
    Data Volume type VolumeType gp2 The volume type for the Exchange data and log volumes.
    Data Volume IOPS VolumeIops 1000 The IOPS for the Exchange Data drive (This is only used when the volume type is io1.)

    Load Balancer Configuration:

    Parameter label Parameter name Default Description
    Deploy Application Load Balancer

    DeployLoadBalancer

    false Setting this parameter to true configures an Application Load Balancer (ALB).
    Application Load Balancer Certificate

    CertificateArn

    (Conditional) The certificate ARN to be used by the ALB. If true is chosen in the Deploy Application Load Balancer option, specify the certificate ARN to be used by the load balancer in the following format: arn:aws:acm:[REGION]:[ACCOUNTNUMBER]:certificate/[GUID]

    Failover Cluster Configuration:

    Parameter label Parameter name Default Description
    File Server instance type

    FileServerInstanceType

    t2.small The Amazon EC2 instance type for the file-share witness server.
    File Server NetBIOS name

    FileServerNetBIOSName

    FileServer The NetBIOS name of the file-share witness server (up to 15 characters).
    File Server private IP address 1 FileServerPrivateIP1 10.0.0.200 The primary private IP for the file-share witness server located in Availability Zone 1.
    Instance type for Exchange nodes ExchangeNodeInstanceType r4.2xlarge The Amazon EC2 instance type for the Exchange nodes.
    Exchange Node 1 NetBIOS name ExchangeNode1NetBIOSName ExchangeNode1 The NetBIOS name of the first Exchange node (up to 15 characters).
    Exchange Node 1 private IP address 1 ExchangeNode1PrivateIP1 10.0.0.100 The primary private IP for Exchange Node 1 located in Availability Zone 1.
    Exchange Node 1 private IP address 2 ExchangeNode1PrivateIP2 10.0.0.101 The secondary private IP for Exchange node 1.
    Dedicated HostID for Node 1 DedicatedHostIDNode1 (Conditional) The dedicated HostID for Node1. This is only used if HostType is set to "host".
    Exchange Node 2 NetBIOS name ExchangeNode2NetBIOSName ExchangeNode2 The NetBIOS name of Exchange node 2 (up to 15 characters).
    Exchange Node 2 private IP address 1 ExchangeNode2PrivateIP1 10.0.32.100 The primary private IP for Exchange node 2 located in Availability Zone 2.
    Exchange Node 2 private IP address 2 ExchangeNode2PrivateIP2 10.0.32.101 The secondary private IP for the Exchange node 2.
    Dedicated HostID for Node 2 DedicatedHostIDNode2 (Conditional) The dedicated HostID for Node2. This is only used if HostType is set to "host".
    Exchange Node 3 NetBIOS name ExchangeNode3NetBIOSName ExchangeNode3 (Optional) The NetBIOS name of the second Exchange node (up to 15 characters).
    Exchange Node 3 private IP address 1 ExchangeNode3PrivateIP1 10.0.64.100 (Optional) The primary private IP for Exchange node 3 located in Availability Zone 3.
    Exchange Node 3 private IP address 2 ExchangeNode3PrivateIP2 10.0.64.101 (Optional) The secondary private IP for Exchange node 3 located in Availability Zone 3.
    Dedicated HostID for Node 3 DedicatedHostIDNode3 (Optional) The dedicated HostID for the optional Node3 located in Availability Zone 3. This is only used if HostType is set to "host".

    AWS Quick Start Configuration:

    Parameter label Parameter name Default Description
    Quick Start S3 bucket name QSS3BucketName aws-quickstart S3 bucket where the Quick Start templates and scripts are installed. Use this parameter to specify the S3 bucket name you’ve created for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. The bucket name can include numbers, lowercase letters, uppercase letters, and hyphens, but should not start or end with a hyphen.
    Quick Start S3 key prefix QSS3KeyPrefix quickstart-microsoft-exchange/ The S3 key name prefix used to simulate a folder for your copy of Quick Start assets, if you decide to customize or extend the Quick Start for your own use. This prefix can include numbers, lowercase letters, uppercase letters, hyphens, and forward slashes, but should not start or end with a forward slash (which is automatically added).
  5. On the Options page, you can specify tags (key-value pairs) for resources in your stack and set advanced options. When you're done, choose Next.

  6. On the Review page, review and confirm the template settings. Under Capabilities, select the check box to acknowledge that the template will create IAM resources.

  7. Choose Create to deploy the stack. Monitor the status of the stack. When the status is CREATE_COMPLETE, the deployment is ready.