Presentation
Introduction Supported coexistence scenarios Upgrade and coexistence Exchange 2003 Upgrade and coexistence Exchange 2007
Exchange version
Exchange Server 5.5 Exchange 2000 Server Exchange Server 2003 Exchange 2007
Source: http://support.microsoft.com/lifecycle
Exchange version Exchange Server 5.5 Exchange 2000 Server Exchange Server 2003
Exchange 2007 Mixed Exchange 2007 and Exchange Server 2003 organization
Supported Supported
Exchange
Exchange 2003 Sp2 Exchange 2007 Sp2 Exchange organization in native mode
Active Directory
In every site 1 Global Catalog Win 2003 Sp2 or later At least Windows Server 2003 forest functionality mode Schema Master Win 2003 Sp2 or later
The order
Active Directory sites Server roles
From 2 server roles to 5 server roles: Client Access, Hub Transport, Edge Transport, Mailbox, Unified Messaging 64-bit only for production AD Sites replace Routing Groups Exchange Web Services & Autodiscover Unified Messaging New admin tools
On-Premise & In-The-Cloud High Availability solution for mailboxes is Database Availability Groups (DAG) RPC Client Access Service Management Tools (Exchange Binaries) are 64-bit only
Routing groups Administrative groups Link state routing Exchange Installable File System (ExIFS) Event service ExMerge Outlook Mobile Access (OMA) Network News Transfer Protocol (NNTP)
Local Continuous Replication Fax services Single copy clusters (SCC) and along with them:: Shared storage Pre-installing a cluster Clustered mailbox servers Running setup in cluster mode Moving a clustered mailbox server Storage groups
Properties moved to database objects
Two copy limitation of CCR Streaming Backup WebDAV, ExOLEDB, CDOEx (Entourage EWS uses EWS)
Desktop
Microsoft Office Outlook 2003 and later POP/IMAP Entourage
Web
Internet Explorer Mozilla Safari
Mobile
EAS + Third-Party vendors
Exchange 2003
Exchange 2007
Exchange 2010
ADUC / ESM
RBAC EMS/EMC/ECP
ESM
Actions that create new objects, such as new mailboxes or a new Offline Address Book, can only be performed on a version of the Exchange Management Console that is the same as the target object. Exchange 2007 Mailbox databases cannot be managed from the Exchange 2010 Management Console, although these databases can be viewed. Exchange 2010 Management Console can't enable or disable Exchange 2007 Unified Messaging mailboxes. Exchange 2010 Management Console can't manage Exchange 2007 mobile devices. Actions that require management can be performed on Exchange 2007 objects from the Management Console in Exchange Server 2010. These actions cannot be performed from the Management Console in Exchange 2007 on objects from Exchange Server 2010.
Actions that require viewing of objects can be performed from any version of the Exchange Management Console to any version of Exchange objects with a few exceptions. Exchange 2007 and Exchange 2010 transport rule objects can only be viewed from the corresponding version of the Exchange Management Console. Exchange 2007 and Exchange 2010 servers can only be viewed from their corresponding version of the Exchange Management Console. Exchange 2010 Management Console's Queue Viewer tool can't connect to an Exchange 2007 server to view queues or messages.
Start = internet accessible Active Directory sites first Step 1. Upgrade existing servers to SP2 Step 2. Deploy E2010 servers
CAS first, MBX last Start with a few, add more as you move mailboxes
Step 4. Move
Internet hostnames to CAS2010 UM phone numbers to UM 2010 SMTP end point to HUB 2010
Step 5. Move Mailboxes Step 6. Decommission old servers Upgrade internal sites second (repeat same steps)
ESM E2003
EMC E2007
EMS E2007
EMC E2010
EMS E2010
Best practice: minimize the number of certificates Use Subject Alternative Name (SAN) certificate which can cover multiple hostnames Wildcard Certificates Certificate Wizard in E2010
1.
2.
Transition from E2003: Ensure OWA can redirect user to correct URL
3.
4.
5.
Transition from E2007: Tell CAS2010 how to send users to CAS2007: Configure externalURL parameters on CAS2007 virtual directories (OWA,EAS,EWS,OAB etc.) to point to legacy URL Test that CAS2010 is redirecting/proxying to CAS2007 Configure reverse proxy or DNS
Step 1. Upgrade existing E2003 and E2007 servers to SP2 Step 2. Install HUB and MBX 2010 Step 3. Switch Edgesync + SMTP to go to HUB2010 Step 4. Install Edge2010 Step 5. Switch internet email submission to Edge2010 HUB2007-HUB2010: SMTP HUB2007-MBX2007: RPC HUB2007-MBX2010: NO HUB2010-MBX2007: NO HUB2010-MBX2010: RPC EDGE2010-HUB2007Sp1: EdgeSync Yes
No OCS
With OCS
Step1. Introduce UM2010 to existing dial plan Step 2. Route IP GW/PBX calls to UM2010 for dial plan Step 3. Remove UM2007 after UMenabled mailboxes have been moved
Step 1. Introduce UM2010 with new dial plan Step 2. Remove UM2007 after UM-enabled mailboxes have been moved
Online = minimal user disruption (briefly disconnected as recently received messages are copied over) Online:
E2007 SP2, E2010 -> E2010, Exchange Online
Offline:
E2003 -> E2010 E2010 -> E2003/E2007
http://technet.microsoft.com/en-us/exdeploy2010/default(EXCHG.140).aspx#Home
Exchange 2010 High Availability Fundamentals High Availability Management Storage Improvements End-to-End Availability Improvements High Availability Design Examples
Key benefits
Easier & cheaper to deploy Easier & cheaper to manage Better SLAs Reduced storage costs Larger mailboxes Easier & cheaper to manage Better SLAs
Mailbox Server
DB1 DB2 DB3 DB4 DB5
San Jose
Dallas
Evolution of Continuous Replication technology Combines the capabilities of CCR and SCR into one platform Easier than traditional clustering to deploy and manage Allows each database to have up to 16 replicated copies Provides full redundancy of Exchange roles on two servers
Mailbox Server 6
Mailbox Server 1
Mailbox Server 2
Mailbox Server 3
Mailbox Server 4
Mailbox Server 5
Database Availability Group (DAG) Mailbox Servers Mailbox Database Database Copy Active Manager
Active Manager Active Manager Active Manager
RPC Client Access Service
Group of up to 16 servers Wraps a Windows Failover Cluster Defines the boundary of replication and failover/switchover
Mailbox Servers . Host the active and passive copies of multiple mailbox databases Support up to 100 Databases per server
Mailbox Database
Unit of Failover/Switchover 30 second Database Failover/Switchover Database names are unique across an forest
Log shipping in Exchange Server 2010 leverages TCP sockets Target Replication service notifies the active instance the next log file it expects Source Replication service responds by sending the required log file(s) Copied log files are placed in the targets Inspector directory Validation tests are performed prior to log replay
Active Manager
High Availabilitys Brain Manages which database copies should be active and passive Source of definitive information on where a database is active and mounted
Active Directory is primary source for configuration information Active Manager is primary source for changeable state information such as active and mounted
Active Manager selects the best copy to become when the active fails
1. 2. 3. 4. Ignores servers that are unreachable or activation is temporarily or regularly blocked Sorts copies by currency Breaks ties in during sort based on Activation Preference Selects from sorted listed based on copy status of each copy
Outlook Clients
MBX1
MBX2
Exchange 2010
Exchange 2010 High Availability Fundamentals High Availability Management Storage Improvements End-to-End Availability Improvements High Availability Design Examples
Easy to add high availability to existing deployment High availability configuration is post-setup HA Mailbox servers can host other Server Roles
Datacenter 2
Mailbox Server 1
Mailbox Server 2
Mailbox Server 3
Create DAG
New-DatabaseAvailabilityGroup
HA Administration within Exchange Recovery uses the same simple operation for a wide range of failures Simplified activation of Exchange services in a standby datacenter
Select a database
Backup from any copy of the database/logs Always choose Passive (or Active) copy Backup an entire server Designate a dedicated backup server for a given database
VSS requestor
Exchange 2010 High Availability Fundamentals High Availability Management Storage Improvements End-to-End Availability Improvements High Availability Design Examples
Storage Improvements
Performance Enhancements Enable New Options
Ex 2003
Read IOPS
Write IOPS
Exchange 2010 Storage Enhancements 70% reduction in IOPS Smoother IO patterns Resilience against corruption
Choose from a wide range of storage technologies without sacrificing system availability:
Exchange 2010 High Availability Fundamentals High Availability Management Storage Improvements End-to-End Availability Improvements High Availability Design Examples
Exchange 2010 High Availability Fundamentals High Availability Management Storage Improvements End-to-End Availability Improvements High Availability Design Examples
CAS/HUB/ MAILBOX 1
CAS/HUB/ MAILBOX 2
DB2
Upgrade server 1 Single Site Server 2 fails 4 Nodes Server 1 upgrade is done 3 HA Copies 2 active die Copies JBOD ->copies 3 physical
Mailbox Server 1 Mailbox Server 2 Mailbo x Server 3 Mailbo x Server 4
Customers can evolve to site resilience Standalone Local Redundancy Site Resilience No single subnet requirements Normal administration remains unchanged Disaster recovery usually requires manual intervention Standby datacenter is "always live"
Hub Transport
Edge Transport Unified Messaging
Easier & Cheaper to deploy Simplified Administration Granular failover & recovery Better End-to-End Availability One Technology for both High Availability
and Site Resilience
The annual cost of helpdesk support staff for e-mail systems with 7,500 mailboxes is approximately $20/mailbox. This cost goes up the smaller the organization.
(Email Support Staff Requirements and Costs: A Survey of 136 Organizations, Ferris Research, June 2008).
Empower Specialist Users to Perform Specific Tasks with Role-based Administration Compliance Officer - Conduct Mailbox Searches for Legal Discovery HR Officer - Update Employee Info in Company Directory Lower Support Costs Through New User Self-Service Options Track Status of sent messages Create and Manage Distribution Lists
New Exchange Management Console features Exchange Control Panel (ECP) Role Based Access Control (RBAC)
New and simplified web based management console Targeted for end users, hosted tenants, and specialists
Remote PowerShell
New authorization model Easy to delegate and customize All Exchange management clients (EMS, EMC, ECP) use RBAC Manage Exchange remotely using PowerShell v2.0 Note: No more local PowerShell, it's all remote in Exchange 2010
Built on Remote PowerShell and RBAC Multiple Forest Support Cross-premises Exchange Management
Including Mailbox Moves Recipient Bulk Edit PowerShell Command Logging New feature support For Example: High Availability
Specialists
End Users
Tenant Administrators
AJAX-based Shares some code with OWA, but two separate applications Deployed on Client Access Server ECP ASP.Net RBAC PowerShell Authentication
Windows Integrated, Basic, Forms Based
Users shouldn't have access to message tracking Message tracking tab doesn't show up in ECP Users can edit mailboxes, but not create new ones "New Mailbox" button hidden Users can edit display name but not Department
RBAC has replaced the permission model used in Exchange 2007 Your role is defined by what you do Define precise or broad roles and assignments based on the tasks that need to be performed Includes Self Administration Used by EMC, EMS and ECP
End-Users
RoleGroup/USG
Role
<Role Entry> Role RoleEntry Entry Cmdlet: Param1
Cmdlet: Param1 Cmdlet: Param1 Param2 Param2 Param2 Param3 Param3 Param3
Role Assignment
Configurati on Write Scope
Where?
Configurati on Read Scope
Admins What?
Add-RoleGroupMember Remove-RoleGroupMember
End-Users Who?
RoleGroup/USG
Role
Role Entry
Cmdlet: Param1 Param2 Param3
Role Assignment
New-RoleAssignmentPolicy Remove-RoleAssignmentPolicy
Where?
End-Users
RoleGroup/USG
Role
<Role Entry> Role RoleEntry Entry Cmdlet: Param1
Cmdlet: Param1 Cmdlet: Param1 Param2 Param2 Param2 Param3 Param3 Param3
Role Assignment
Configurati on Write Scope
Where?
Configurati on Read Scope
New-ManagementScope Name VIP-Recipients What? Who? -RecipientRestrictionFilter ((Title eq CEO) or (Title eq CIO) -Exclusive
RoleGroup/USG
Role Assignment Policy
Admins
End-Users
Role
Role Entry
Cmdlet: Param1 Param2 Param3
Role Assignment
Configurati on Write Scope
Where?
Configurati on Read Scope
RoleGroup Delegation
Controlled through RoleGroup ownership ManagedBy parameter similar to DGs (Multi-Valued) Ownership does not grant RoleGroup permissons
Get-ManagementRoleAssignment
Effective Roles for a User Effective Users by Role/Scope/Group Effective permissions to a Writable Object
No Binaries scenarios
Exchange-cmdlet management from a client machine which does not have Exchange Management Tools (Exchange binaries) installed
Cmdlets Available in Runspace: New-PSSession Remote Cmdlets Available in Runspace: New-Mailbox -Name Get-Mailbox Set-Mailbox -Name
IIS: Authentication
Exchange Server
$UserCredential = Get-Credential $rs = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://<Exchange 2010 servername>/powershell Credential $UserCredential
Import-PSSession $RS
RBAC used as the permissions model Enables the definition of broad or precise roles and assignments,
based on the actual roles administrators perform
Remote Powershell
Provides a new way to administer a subsets of Exchange features Provides a great self provisioning portal Uses familiar Exchange cmdlets Allows administration without the Exchange management tools Provides a firewall friendly management access