Exchange Server 2010 (Beta) Ignite Module Number 01 Microsoft© Corporation

Flexible and Reliable
Deployment Flexibility Continuous Availability Simplify Administration

Anywhere Access
Manage Inbox Overload Enhance Voice Mail Collaboration Effectively

Protection and Compliance
E-mail Archiving Protect Communications Advanced Security

Optimize for Software + Services

2

Microsoft Confidential

1

Flexible and Reliable
Provide the flexibility needed to operate a scalable, high performing, and easy to administer messaging infrastructure
Delivered in Exchange Server 2007

Improved installation and deployment experience High Availability through Continuous Replication Simplified management console and command line shell
Building on these Investments in Exchange Server 2010 (Beta)

Choice of solution delivery with addition of hosted service Single platform for High Availability and Disaster Recovery Role-based administration and user self-service

3

Microsoft Confidential

Deploy Exchange in a Fashion That Best Fits Business Needs with Choice of Delivery
On-Premises Hosted Service

Co-Existence

4

Microsoft Confidential

2

Greater Range of Storage Options Through Performance Enhancements

Storage Area Network (SAN)

Direct Attached w/ SAS Disks

Direct Attached w/ SATA Disks

JBOD SATA (RAID-less)

70% reduction in IOPS Smoother IO patterns Resilience against corruption
5

E2K3 E2K7 E2010
Read IOPS Write IOPS

Microsoft Confidential

Simplified Mailbox High Availability and Disaster Recovery with New Unified Platform
San Jose
Mailbox Server Recover quickly from disk and database failures
DB1 DB2 DB3 DB4 DB5

New York
Mailbox Server
DB1 DB2 DB3 DB4 DB5

Mailbox Server
DB1 DB2 DB3 DB4 DB5

Replicate databases to remote datacenter

Evolution of Continuous Replication technology Easier than traditional clustering to deploy and manage Allows each database to have 16 replicated copies Provides full redundancy of Exchange roles on as few as two servers Capabilities of CCR and SCR combined into one platform
6

Microsoft Confidential

3

Limit User Disruption During Mailbox Moves and Maintenance
E-Mail Client

Client Access Server

Users remain online while their mailboxes are moved between servers  Sending messages  Receiving messages  Accessing entire mailbox Administrators can perform migration and maintenance during regular hours

Mailbox Server 1
7

Mailbox Server 2
Microsoft Confidential

Guard Against Lost E-Mail Due to Hardware Failures with Improved Transport Resiliency
Edge Transport

Mailbox Server Hub Transport

X
Edge Transport

Servers keep “shadow copies” of items until they are delivered to the next hop

Also helps simplify Hub and Edge Transport Server upgrades and maintenance
8

Microsoft Confidential

4

Empower Specialist Users to Perform Specific Tasks with Role-based Administration Compliance Officer Human Resources Help Desk Staff Conduct Mailbox Searches for Legal Discovery 9 Update Employee Info in Company Directory Microsoft Confidential Manage Mailbox Quotas Lower Support Costs Through New User SelfService Options Track the status of sent messages Create and manage distribution groups 10 Microsoft Confidential 5 .

Anywhere Access Help manage communication overload by offering an easy to navigate. and mobile device Single inbox for voice mail. phone. universal inbox with advanced messaging features Delivered in Exchange Server 2007 Outlook experience on the web. and more Increased productivity with improved calendar experience Building on these Investments in Exchange Server 2010 (Beta) Easier Inbox navigation with updated conversation view Enhanced voice mail with text preview Share free/busy calendar details with external partners 11 Microsoft Confidential Organize and Navigate with Ease Using Enhanced Conversation View and Filtering Conversation View Filtering Ignore 6 . e-mail.

Help Reduce Unnecessary and Undeliverable E-Mail Through New Sender MailTips Remove Extra Steps and E-Mail Limit Accidental E-Mail Reduce NonDelivery Reports 13 Microsoft Confidential Quickly Triage and Take Action on Messages with Voice Mail Preview Text Preview of Voice Mail Audio Playback Contextual Contact Actions 14 Microsoft Confidential 7 .

Create Customized Voice Mail Menus with Personal Auto Attendant Managing Auto Attendants Defining a Personalized Voice Mail Menu 15 Microsoft Confidential A Familiar and Rich Outlook Experience Across Clients. Devices and Platforms Desktop Web Mobile 16 Microsoft Confidential 8 .

Text Messages with a Universal Inbox Voice Telephony Instant Messaging SMS Text Messaging 18 Microsoft Confidential 9 . Instant Messages.Rich Mobile Messaging Experience with ‘Desktop Class’ Features and Functionality Voice Mail Preview Auto-Complete Cache Conversation View 17 Microsoft Confidential One Location for E-Mail.

Ease Collaboration by Federating Calendar Details with External Business Partners 19 Microsoft Confidential Protection and Compliance Achieve increased IT governance compliance with advanced tools to protect communications and manage the infrastructure Delivered in Exchange Server 2007 On-premises and hosted protection from virus and spam Compliance to corporate and government regulations Mobile device security and management policies Building on these Investments in Exchange Server 2010 (Beta) E-mail archiving and more powerful retention policies New Transport Rules for automated protection of e-mail Powerful multi-mailbox search UI for eDiscovery 20 Microsoft Confidential 10 .

…or set folders to archive automatically… 21 Microsoft Confidential Apply Granular Per Message and Per Folder Policies as well as Legal Hold Policy Drop Down in Ribbon Message expiration time in view 22 Microsoft Confidential 11 .Better Manage Mail in a Central Archive While Maintaining a Familiar User Experience Drag and drop PSTs directly into the archive…. …apply a retention policy….

Empower Compliance Officers to Conduct Multi-Mailbox Searches with Ease New User Friendly Search Easily Refine and Target Search 23 Microsoft Confidential Safeguard Sensitive Information with Integrated Information Leakage Protection Capabilities Across the organization • Apply RMS automatically to messages per policies. content • Enable discovery of archived messages that have been RMS-protected • Protect sensitive voice mail messages Across multiple devices or PCs • View and compose RMS messages in OWA • Protect messages from any mobile or desktop client • Enable offline access to RMS-protected messages Between partners • One-click message encryption • Send and receive RMS messages • Web-based reach client for B2B and B2C communications 24 Microsoft Confidential 12 .

Automatically Protect E-Mail with Centralized Rights Management Rules Automate RMS Policies Based on Sender and Recipient Attributes Apply RMS polices through Transport Rules 25 Microsoft Confidential Stop Malicious Software and Spam from Entering into the Messaging Environment Hosted Service On-Premise Software Internet SMTP Hub Transport Server Mailbox Server Client Access Server Antivirus and anti-spam protection for Exchange Server 2010 (Beta) eServer Roles Multiple scan engines throughout the corporate infrastructure Tight integration with Exchange maximizes availability and performance Easy-to-use management console provides central configuration and operation 26 Microsoft Confidential 13 .

• • • • • Increase operational flexibility Streamline communications Manage inbox overload Deliver e-mail archiving solution Optimize for Software + Services 2009 • Microsoft hosted enterprise messaging solution • Centralized. Web-based configuration and admin • Financially backed service level agreements 2008 2007 SP1 • Public Folder access in Outlook Web Access • Standby Continuous Replication (SCR) • Additional Exchange ActiveSync Policies • Unified Messaging and more efficient collaboration • Outlook experience from desktop to mobile Microsoft Confidential • Performance and scalability optimization 2006 Communication overload Globally distributed customers and partners High cost of communications Increasing security and compliance 28 Microsoft Confidential 14 .

© 2009 Microsoft Corporation. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. IMPLIED OR STATUTORY. All rights reserved. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Windows. it should not be interpreted to be a commitment on the part of Microsoft.S. Microsoft. MICROSOFT MAKES NO WARRANTIES. and/or other countries. 15 . Because Microsoft must respond to changing market conditions. AS TO THE INFORMATION IN THIS PRESENTATION. EXPRESS.

Exchange Server 2010 (Beta) Ignite Module Number 02 Microsoft© Corporation Exercise 1. Steps 1 & 2. start the virtual machines 2 Microsoft Confidential 1 .

Client – 1024 DC – 512 Exchange – 1536 OCS – 1024 3 Microsoft Confidential Deployment scenarios Deployment prerequisites Role configuration Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role Virtualization deployment guidelines 4 Microsoft Confidential 2 .

dedicated)** Combined roles Can install Hub.Small organizations Exchange Online Combined role servers – can run all roles on 2 servers (including High Availability (HA)) Mid-market – multiple servers to run Active Directory® (AD) Dedicated Mailbox server role Client Access server and Hub Transport server role – potentially combine Unified Messaging server role (optional. Cannot combine Edge Server role with other roles UM combination only recommended in a single server deployment Role combination is always a performance management exercise 5 Microsoft Confidential Large and/or complex organizations Consider dedicated server(s) for: Mailbox server role Client Access server role Hub Transport server role Unified Messaging server role (optional) Edge Transport server role (must be dedicated) Follow current best practices for Active Directory infrastructure 6 Microsoft Confidential 3 . CAS and/or UM on a Mailbox server that is part of Database Availability Group (DAG).

5 or 2000 servers You cannot add Exchange Server 2007 servers to a new Exchange Server 2010 (Beta) organization Exchange organization must be in native mode You can transition an existing Exchange organization only if the servers have the following versions installed: Exchange Server 2003 Service Pack 2 (SP2) Exchange Server 2007 SP2 on all CAS servers in the organization Exchange Server 2007 SP2 on all Exchange Servers in any site that will contain Exchange Server 2010 (Beta) servers 7 Microsoft Confidential To deploy server roles. use this sequence: Client Access server role Hub Transport server role Mailbox server role Edge Transport server role (optional) on separate server Unified Messaging server role (optional) 8 Microsoft Confidential 4 .In-place upgrades are not a valid scenario You cannot add an Exchange Server 2010 (Beta) server to an existing Exchange organization if it contains Exchange Server 5.

Exchange Server 2007 features dropped from Exchange Server 2010 (Beta) Local Continuous Replication (LCR) Fax services Single copy clusters (SCC) and along with them: Shared storage Pre-installing a cluster Clustered mailbox servers Running setup in cluster mode Moving a clustered mailbox server Storage groups Properties moved to database objects Two copy limitations of cluster continuous replication (CCR) Streaming backups 9 Microsoft Confidential All client connections are routed through a Client Access server installation Outlook only talks to the CAS server for all workloads Outlook Web Access (OWA) Exchange Active Sync (EAS) Outlook Anywhere POP3 and IMAP4 MAPI/RPC now uses RPC Client Access (aka MOMT) You must have at least one Client Access server role in each site where Exchange Server 2010 (Beta) Mailbox server(s) exist Outlook no longer connects to the mailbox server role CAS needs good network connection to Mailbox server role to facilitate RPC communication 10 Microsoft Confidential 5 .

Capacity planning More load on Exchange Server 2010 (Beta) Client Access server (CAS) than on Exchange Server 2007 CAS server Never deploy Client Access server in perimeter network Authentication is performed by Client Access server (EAS. OWA. Outlook Anywhere) Client Migration Outlook 2007 clients and higher automatically be reconfigured by Autodiscover when the mailbox is moved from Exchange Server 2007 to Exchange Server 2010 (Beta) Legacy clients will communicate with the RPC Client Access component on the CAS 2010 to access the mailbox Utilize ISA Server for web publishing where possible 11 Microsoft Confidential All servers Enter the Exchange product key Run the Microsoft Best Practices analyzer Install anti-virus software Verify installation success Event logs 12 Microsoft Confidential 6 .

Deployment scenarios Deployment prerequisites Role configuration Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role Virtualization deployment guidelines 13 Microsoft Confidential Active Directory Windows Server 2003 SP2 global catalog server is installed in each Exchange AD site Windows Server 2003 forest functional level AD RAP is recommended Exchange Existing servers are Exchange Server 2003 SP2 or later Mixing versions is supported Exchange Server Risk Assessment and Health Check Program (EXRAP) is recommended prior to introduction of Exchange Server 2010 (Beta) 14 Microsoft Confidential 7 .

Validate existing environment DCDiag: basic domain diagnostics NetDiag: domain controller network diagnostics REPLMon: replication monitor NETDom: domain and trust diagnostics ExBPA Windows Update 15 Microsoft Confidential Preparing Active Directory /PrepareSchema Requires Schema Administrator and Enterprise Administrator rights Must be done from a 64-bit server with prerequisites installed Verify Replication Organization name not required /PrepareAD Requires Enterprise Administrator Exchange Organization Administrator rights if the enterprise administrators have been explicitly denied access to the Exchange configuration Requires /OrganizationName /PrepareDomain Requires Domain Administrator rights 16 Microsoft Confidential 8 .

com/fwlink/?LinkID=96339 Windows Remote Management 2.Install PowerShell ServerManagerCmd -i PowerShell Install remote Active Directory Management tools ServerManagerCmd -i RSAT-ADDS 17 Microsoft Confidential PowerShell Version 2 http://go.microsoft.0 http://go.5 http://go. you can preinstall the Windows 2008 Failover Clustering component (this allows the addition of a remote server to a DAG) 18 Microsoft Confidential 9 .com/fwlink/?LinkID=104222 .microsoft.microsoft.NET Framework 3.com/fwlink/?LinkID=107396 Restart the server NOTE – If installing the mailbox HA features.

xml 19 Microsoft Confidential Complete Exercise 1 by installing Exchange Server 2010 (Beta) 20 Microsoft Confidential 10 .Installation requirements Windows Server 2008 64-bit editions Standard Edition Enterprise Edition Datacenter Edition Windows Server 2008 prerequisites for Exchange Sever 2010 (Beta) ServerManagerCmd –ip Exchange-Typical.

Deployment scenarios Deployment prerequisites Role configuration Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role Virtualization deployment guidelines 21 Microsoft Confidential Verify the installation Secure the Client Access server messaging environment Use the Security Configuration Wizard Ensure that a valid third-party commercial SSL certificate or Windows PKI certificate is installed on the Client Access server Configure Autodiscover Configure OAB distribution point Optional: Configure Availability service for other Exchange organizations Optional: enable Outlook Anywhere Customize Exchange ActiveSync mailbox policies 22 Microsoft Confidential 11 .

perimeter network 24 Microsoft Confidential 12 .Configure accepted domains Create an accepted domain for each domain for which you will accept email Subscribe Edge Server Configure Internet Mail Flow Manual process if Edge is not configured Configure external post master recipient Configure cross-forest connectors 23 Microsoft Confidential Must be installed on its own separate physical machine (this is only applicable for Edge Transport server and mailbox servers) It cannot have other roles installed The computer must NOT be member of the production Active Directory forest The computer can be a member of a perimeter network Active Directory forest Uses Active Directory Lightweight Directory Services (ADLDS) to store configuration and recipient information Infrastructure placement .

you can execute a clone process to copy certain information between Edge Transport servers Enable Edge synchronization 25 Microsoft Confidential Edge synchronization is needed to use the Recipient Lookup and Safe Sender features To enable Edge Synchronization you must: Export the Edge Subscription file on the Edge Transport server Copy the Edge Subscription file to the Hub Transport server Import the Edge Subscription file on the Hub Transport server Run EdgeSync and verify the synchronization completed successfully. message policy. You can also have the Internet Send Connector created automatically as part of this process Hub Transport server will provision certificates to secure Edge-Hub connection You will need to repeat this process for each Edge Transport server that will receive Internet email On an hourly schedule. and message security features (all are enabled by default) If installing additional Edge Transport servers.Verify successful role installation (setup logs.) Set Administrator Permissions (local) Lock down the server via the Security Configuration Wizard Configure the agents that provide the antivirus and anti-spam protection. the Hub Transport server role publishes recipient data to Edge Transport server role securely 26 Microsoft Confidential 13 . etc.

the File Distribution Service (FDS) 28 Microsoft Confidential 14 .Verify successful installation of Mailbox server role Configure permissions using the Exchange administrator roles Create mailboxes for users in your organization as needed Move mailboxes from an existing Exchange Server Configure public folders (optional) Configure Messaging Records Management Configure continuous replication for data and service availability Configure backups for disaster recovery Configure Calendar Concierge features Configure out-of-office features Configure the spam confidence level (SCL) junk e-mail folder threshold 27 Microsoft Confidential You can create additional address books if you need them either via Exchange Management Console or Exchange Management Shell New-OfflineAddressBook The Offline Address Book (OAB) can be distributed in two ways Web service – for Outlook 2007 or later clients Public Folders – for down-level clients If you want to distribute the OAB via the web service. you must configure the CAS server as an OAB Distribution Point The OAB data is copied from the Mailbox server role to the Offline Address Book distribution points by a new Exchange Server 2010 (Beta) service.

Unified Messaging server must be a member of a domain before the Unified Messaging server role is installed for a new Unified Messaging server object to be created during the installation Infrastructure placement: corporate network Requires Mailbox and Hub Transport server roles installed 29 Microsoft Confidential Verify successful installation of the Unified Messaging (UM) server role Add a UM server that will be in a new Dial Plan Create and configure a UM Dial Plan Add a UM server to an existing UM Dial Plan Enable users for Unified Messaging Ensure IP/VoIP gateways or IP-PBXs are configured properly Create and configure a UM IP Gateway Create and configure UM mailbox policies Optional: create and configure UM Hunt Groups Optional: create and configure UM Auto Attendant Add a UM server to an existing UM Dial Plan Enable out-dialing 30 Microsoft Confidential 15 .

iSCSI Dedicated pass-through storage 32 Microsoft Confidential 16 .Deployment scenarios Deployment prerequisites Role configuration Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role Virtualization deployment guidelines 31 Microsoft Confidential Windows Server 2008 Hyper-V Host Third party virtualization validated in the Windows Server Virtualization Validation Program (SVVP) Must meet all deployment guidelines for non-virtualized systems Storage Independent DAS.

Client Access Server. LoadGen. Mailbox and Edge Not Supported Unified Messaging Not Recommended Mailbox Role Must meet processor and disk requirements May not make sense: Edge Server Role 33 Microsoft Confidential Follow current Exchange deployment and planning guidance Determine where virtualization actually makes sense (branch offices/decentralized environments) More power-savings and cost savings possible when Exchange storage moves from SAN to DAS Separate LUN’s for Root OS.No support stance (yet) with 2010 (Beta) Exchange Server 2007 support stance Hub Transport. guest OS VHD’s. Hyper-V Hypervisor Performance Counters on host 34 Microsoft Confidential 17 . and HyperV/VM storage Eliminate single-points-of-failure Proper host and guest performance testing JetStress.

35 Microsoft Confidential Complete Lab 1 36 Microsoft Confidential 18 .

Windows. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Because Microsoft must respond to changing market conditions. it should not be interpreted to be a commitment on the part of Microsoft. All rights reserved. MICROSOFT MAKES NO WARRANTIES. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. and/or other countries. 19 .© 2009 Microsoft Corporation.S. AS TO THE INFORMATION IN THIS PRESENTATION. IMPLIED OR STATUTORY. EXPRESS. Microsoft.

Exchange Server 2010 (Beta) Ignite Module Number 03 Microsoft© Corporation Overview of product team testing and guidance process Guidelines and ratios Role specific details Toolkit for planning and sizing 2 Microsoft Confidential 1 .

3 Microsoft Confidential Example hardware Standard configurations Vendor loaned ―specials‖ Topologies PerfSimple/PerfBasic Low load. all-in-one config PerfComplex Medium to high load with all roles on individual machines Tools 4 Microsoft Confidential 2 .

goal to further decrease input/output (I/O) to reduce Total Cost of Ownership (TCO) Scaling up increases risk that an outage or failure affects more users Scaling out provides an opportunity for high availability at low cost 5 Microsoft Confidential Testing limited to prioritized scenarios Hardware selection limited Time constrained Third party products not considered 6 Microsoft Confidential 3 .Strategic choice made by the product group Product group focused on supporting large mailboxes at low cost.

com 7 Microsoft Confidential 8 Microsoft Confidential 4 .erinbook@microsoft.

Single role servers Beta: 12 cores maximum No benefit from moving to 16 cores Known issues updating memory across cores Code takes longer to execute. transaction costs rise Processor cross-talk High scale all-in-one server—currently under investigation Beta: 16 cores max Multiple processes Cross-talk less of an issue 9 Microsoft Confidential cache Core1 Core2 Core3 Core4 Socket/Die 1 cache Socket/Die 2 10 Microsoft Confidential 5 .

Sizing Impact Crosstalk increases with utilization Exchange sizes for 75% utilization Don’t add sockets to reduce to 50% Two ways to address crosstalk Hypervisor to segment processes to specific processor dies (currently not available in Hyper-V) Windows Resource Manager – segment processes to specific processor dies 11 Microsoft Confidential Processor core ratios Client Access Server (CAS) : Mailbox = 3 : 4 HUB transport server : Mailbox = 1 : 7 (no A/V on Hub) = 1 : 5 (with A/V Hub) Edge guidance expected to be very similar to Exchange Server 2007 GC: Mailbox = 1 : 4 (32–bit GC) = 1 : 8 (64-bit GC) 12 Microsoft Confidential 6 .

The system requirements may change prior to RTM. Roles Max Processor Configuration Recommended Processor Max Memory Configuration Recommended Memory Transport Servers Client Access Servers Mailbox Servers 12 cores 12 cores 12 cores 4 cores 8 cores 8 cores 16 gigabytes (GB) 16 GB 64 GB 1 GB per core or 8 GB (minimum) 2 GB per core or 8 GB (minimum) 4 GB plus 2-6 megabytes (MB) per mailbox 8 GB plus 2-6 MB per mailbox 2 GB per core or 4 GB (minimum) All-In-One Servers 16 cores 8 cores 64 GB Unified Messaging 12 cores 4 cores Microsoft Confidential 16 GB 13 Windows Network Load Balancing (NLB) Not recommended above 8 nodes Hardware load balancer Recommended for larger environments All-in-one High Availability (HA) scenarios 14 Microsoft Confidential 7 . so be sure to check the final guidance when it is released.

as the ratio of Transmission Control Protocol (TCP) connections to users is much higher than you would see for Outlook Web Access (OWA). or IMAP traffic Beyond ISA 2006 … pre-release product information Forefront Unified Access Gateway (UAG) Next-generation secure remote access product and the future version of Microsoft Intelligent Application Gateway—native 64-bit architecture Will be tested with Exchange Server 2010 (Beta) Forefront Threat Management Gateway (TMG) Next-generation network security product and the future version of Microsoft ISA Server—native 64-bit architecture Will be tested with Exchange Server 2010 (Beta) 15 Microsoft Confidential 16 Microsoft Confidential 8 . ActiveSync.Internet Security and Acceleration (ISA) Server 2006 Kernel memory limitations imposed by the 32-bit architecture ISA:CAS ratio 3:1 (worst case) Important when you have a large percentage of your users connected via Outlook Anywhere. POP.

I/O reduced by 70% from Exchange Server 2007 Optimized for Serial Advanced Technology Attachment (SATA) disks Two socket platform is optimal Crosstalk a concern High Availability improvements Introducing Database Availability Group (DAG) 17 Microsoft Confidential Use 4 – 8 total cores for mailbox 16 cores shows decline in throughput on single role machines 4 GB random access memory (RAM) with 2-6 MB per mailbox recommended Size and prepare disks correctly Use storage calculator Use multiple 1 GB or 10 GB network speeds for HA replication 18 Microsoft Confidential 9 .

Size for double failures Do not over-commit resources Spread node failure across all available nodes not one or two Distribute database (DB) copies across nodes in a matrix Seed compression/encryption (opt in) Improved DB seed/log shipping performance across wide area network (WAN) Log shipping compression/encryption (opt in) New log shipping architecture (Transport Control Protocol (TCP) socket based as opposed to Server Message Block (SMB)) Improved high latency capability Scales/database (TCP connection per database) Use multiple 1 GB networks or 10 GB network Improves LAN re-seed/log replication queue drain performance Especially with large servers and/or large databases 19 Microsoft Confidential Removal of DSProxy Consolidation of store access paths MAPI on the Middle Tier (MoMT) Remote procedure call (RPC) endpoint for Outlook MAPI connection pool CAS  MBX Connection limitation on store not a factor 20 Microsoft Confidential 10 .

Net Middle Tier Outlook / MAPI clients Entourage MAPI RPC XSO Core Objects MAPI.Entourage Exchange Components WS Mailbox Agents Exchange Components WS Mailbox Agents OWA Sync Transport Agents OWA Sync Transport Agents UM UM Outlook / MAPI clients Middle Tier XSO MAPI.Net Mailbox MAPI RPC Store DAV Mailbox MAPI RPC Store 21 Microsoft Confidential Outlook Clients Outlook Clients Failover: Client disconnected for 1-15 minutes Exchange CAS NLB MBX MBX CAS Failure: Client just reconnects MBX1 MBX2 Exchange 2007 22 Failover: Connected client disconnected for 6090 seconds (POR) Exchange 2010 Microsoft Confidential 11 .

60K connections / MBX server Outlook Clients MBX # of CAS servers x 100 connections / CAS MoMT service/process Outlook Clients Exchange CAS NLB MBX 23 Microsoft Confidential Hardware requirements increased For additional features (MoMT) and Exchange Web Services (EWS) services Use 4 to 8 cores 2 GB RAM/core recommended (8 GB min) CAS: Mailbox = 3:4 Cores 24 Microsoft Confidential 12 .

With transport dumpster changes and Extensible Storage Engine (ESE) improvements. transport I/O operations per second (IOPS) requirements are targeted to be reduced by more than 50% Database compression 7-bit compression and XPRESS DB cache size 64 MB min and 1 GB max Large messages are supported without causing backpressure 25 Microsoft Confidential Use 4-8 cores 4-8 GB of RAM recommended More than 8 GB is not shown to improve TCO or scale DB cache Not needed to adjust at install Improvements in DB cache usage 26 Microsoft Confidential 13 .

CAS and Transport roles Not sure of UM combination at this time Use 8 core 8 GB RAM plus 2-6 MB mailbox recommended Max recommended RAM 64 GB 28 Microsoft Confidential 14 .Use 4 core 4-8 GB of RAM recommended More than 8 GB is not shown to improve TCO or scale Not recommended combining with other roles Audio quality can be affected – still investigating Place close to the mailbox servers that host mailboxes of the UM enabled Voice mail preview Need to adjust guidance based on this feature 27 Microsoft Confidential MBX.

CAS and Transport roles Not sure of UM combination at this time Possible solution for high core configurations Considering Windows System Resource Manager (WSRM) to restrict per process system utilization Use 8-16 cores 8 GB RAM plus 2-6 MB mailbox recommended Max recommended RAM 64 GB 29 Microsoft Confidential Exchange Server 2010 (Beta) Windows Operating System Windows or 3rd Party Kernel % Performance Hit Hypervisor Layer % Performance Hit 30 Microsoft Confidential 15 .Currently under investigation MBX.

Sizing guidance will account for expected overhead from virtualization technology Exchange application is not virtualization aware No plans to change Setup experience Fully assess the risks/benefits before deploying Exchange in a virtualized environment Exchange is a business critical application directly affecting broad base of users every day Virtualization can add complexity and risk to your environment Sharing infrastructure is a bad thing Build out virtual machine configuration prior to installing Exchange 31 Microsoft Confidential Small office. file.aspx Exchange Supportability Statement http://technet. and domain infrastructure services Disaster recovery "Warm Site‖ Should you virtualize Exchange? http://msexchangeteam.com/en-us/library/cc794548. remote or branch office with High Availability Reduces physical servers Mobile LAN Complete network infrastructure deployed at a moments notice Exchange.aspx 32 Microsoft Confidential 16 .com/archive/2009/01/22/450463.microsoft.

quick migration) Unknown Windows 7 features (i. live migration) 33 Microsoft Confidential 34 Microsoft Confidential 17 .Supported Microsoft an third party virtualization platforms within the Server Virtualization Validation Program (SVVP) Not supported Unified Messaging (UM) Role Hypervisor-provided clustering.e. migration or portability solutions (i.e.

Profiling Exchange Profile Analyzer (EPA) Performance Monitor (Perfmon) Sizing Exchange Server 2010 (Beta) storage calculator (beta pending) Spreadsheet available to plan for the storage you need based on user profile Validation Jetstress 2010 (beta in April) Exchange load generator ―Loadgen‖ 35 Microsoft Confidential Exchange Load Generator User Profile (Mailflow & Other Details) Exchange Profile Analyzer Exchange Storage Calculator 2010 Performance Monitor (perfmon) User Profile (IOPS) Exchange Jetstress 2010 36 Microsoft Confidential 18 .

Generates statistical profile of user actions Messages sent and received/day Rule counts Inputs Item size and counts Crawls mailboxes with MAPI (previously DAV) OWA log analysis tool and ―summarizer‖ Accuracy somewhat dependent on how users manage their mailbox 37 Microsoft Confidential Follows product group recommendations on: Storage Memory Mailbox sizing Goal of the calculator is to output: I/O requirements Capacity requirements Logical user number (LUN) design 38 Microsoft Confidential 19 .

Jetstress Jetstress should always be run on a new deployment to validate storage reliability and performance prior to Exchange deployment It’s cheap and easy to run! Loadgen Loadgen should be used where you have a need to validate end-to-end Exchange configuration Be aware of what the tool can and cannot do Loadgen cannot replicate your client activity with 100% accuracy 39 Microsoft Confidential Exchange I/O simulator Uses Jet (ESE) database engine Analyzes server I/O performance for Exchange requirements What can Jetstress be used for? Storage performance validation Storage reliability testing End-to-end testing of storage components What can’t Jetstress be used for? Validation of client experience Integration testing with third party software solutions 40 Microsoft Confidential 20 .

CPU/memory utilization) Scalability The capability of a system to increase total throughput when resources (typically hardware) are added Performance Cost of performing an operation in isolation (CPU. ActiveSync… others in development 41 Microsoft Confidential Capacity planning The process of determining the optimal hardware configuration which will support a given system load within identified performance constraints (response time. network.The only supported multi-protocol load generator for Exchange Replaces Loadsim and ESP Overall platform targets Exchange 2000 Server through Exchange Server 2010 (Beta)+ Windows UI interface as well as a command-line interface Both task-based and scripted simulation modes Consumed both internally at Microsoft and externally Existing modules include: Outlook® 2003/2007 (online and cached). memory. Post Office Protocol (POP). disk I/O. OWA. latency) 42 Microsoft Confidential 21 . Simple Mail Transfer Protocol (SMTP). Internet Message Access Protocol (IMAP).

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.43 Microsoft Confidential © 2009 Microsoft Corporation. 22 . and/or other countries. Because Microsoft must respond to changing market conditions. AS TO THE INFORMATION IN THIS PRESENTATION. Windows. EXPRESS. MICROSOFT MAKES NO WARRANTIES. it should not be interpreted to be a commitment on the part of Microsoft. IMPLIED OR STATUTORY. All rights reserved. Microsoft. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S.

Exchange Server 2010 (Beta) Ignite Module Number 04 Microsoft© Corporation Client Access Server (CAS) functions What’s new in Exchange Server 2010 (Beta) Exchange Server 2003/Exchange Server 2007 Migration to Exchange Server 2010 (Beta) Secure Sockets Layer (SSL) and certificate considerations 1 .

LOB apps.Windows .MailTips EWS Entourage .UM .Free/Busy .Everything 3rd Party Apps .Any platform.Client Access Server Internet Explorer. Mobile Devices Outlook Outlook from the Internet Thunderbird Outlook from the intranet OWA & ECP EAS EWS Autodiscover LDAP RPC Mailbox Server Offline Address Book download Outlook Anywhere Domain Controller POP/IMAP MAPI on the Middle Tier Proxied HTTP Other CAS Server ExOLEDB.Contacts/Buddy List . Safari Mobile Devices Outlook.OOF .NET EWS Managed API 2 . Entourage. Linux/Mac Outlook . Firefox. Eg. LOB apps Outlook. Entourage. CDOEx and store events are gone Exchange Server 2010 (Beta) development: Exchange Web Services (EWS) and Transport Agents EWS strengths Remotable over the Internet Encapsulates Outlook business logic Strongly typed Personal Information Manager (PIM) objects Cross-platform interoperability through open web service standards Performant and scalable 3rd Party Apps Office Communicator . WebDAV.

add/remove members Time zone enhancements Folder Associated Items (FAI) User configuration objects GetRoomLists/GetRooms 3 .tld>/autodiscover/ or https://Autodiscover. Entourage. user name and password Outlook automatically adjusts when Exchange configuration changes or mailboxes are moved Works ―out of the box‖ for intranet clients Self-signed certificates auto-installed to work with internal clients Deploy on the Internet for Outlook Anywhere clients https://<your domain.<your domain.NET development for EWS Supports Exchange 2007 Service Pack 1 (SP1) and later Built-in Autodiscover client WS-Security authentication Full DL (―groups‖) support Create/update groups. Outlook magically configures itself without requiring any user entry From outside the corporate network. Exchange ActiveSync clients and Exchange Web Services applications Auto-configures client for end user Within corporate network. user enters e-mail address.Used by Outlook.tld>/autodiscover/ Requires valid Secure Sockets Layer (SSL) certificate to prevent domain spoofing New in Exchange Server 2010 (Beta) SOAP-based Autodiscover service with WS-Security and batch request support EWS Managed application programming interface (API) First class .

com 2 The user’s home CAS server determines which mailboxes are local vs. in remote sites 3 Local free/busy information is retrieved via MAPI RPC from the mailbox MAPI RPC HTTPS Request Free/busy results Exchange Web Services CAS AD Site 1 John’s Exchange 2007 Mailbox Server 5  Meeting The original CAS server combines the local and remote results and returns them to Outlook HTTPS Request Free/busy results suggestions returned for new ―Scheduling Assistant‖ MAPI RPC 4 Requests for remote sites are proxied to remote CAS servers Exchange Web Services CAS AD Site 2 Amy’s Exchange 2007 Mailbox Server MailTips will be available in Outlook 14 (screenshot below) and Outlook Web Access 2010 Site or forest boundary (cross org not supported) Mailbox 1 RPC Mailbox 2 RPC Active Directory Autodiscover HTTPS GetMailTips (HTTPS) (cross forest only) CAS Group Metrics File EWS EWS GetMailTips (HTTPS) 4 .1 Outlook’s Scheduling Assistant calls EWS’ GetUserAvailability method using the URL determined via Autodiscover Outlook requests free/busy for John@nwtraders.com Amy@nwtraders.

Org 1 Org 2 Mailbox RPC Hub RPC Mailbox RPC Hub RPC Sharing relationship CAS GetMessageTrackingReport HTTPS CAS HTTPS Windows Live Id authentication Client Note: The same architecture is used cross-site within one organization. Can access shared calendar in both Outlook and OWA. Only needs to establish trust once No need for external contacts in GAL. The following table shows the benefits: User Security  Continues to control who has access to calendar. 5 . Does not require privileged service account or full AD trust.     Benefits Does not need separate account to share externally.    Can enable free busy access for entire org. Does not need to provide credentials. Cross-site HTTP calls are cheaper than RPCs. IW IT   IT can restrict sharing to specific domains and max level of detail. Works across organizations. Only needs to know e-mail address.EWS in Exchange Server 2010 (Beta) introduces new APIs to support federated sharing outside the organization. Provides a service that traces the servers a message went through from start to finish.

What’s changed RPC Client Access Services (RPC Client Access Services Tier): Clients now connect to CAS instead of MBX DoMT (Directory on the Middle Tier): A full NSPI endpoint to replace DSProxy Requirements Windows 2008 RPC HTTP Load balancer for RPC Client Access Services should be different from RPCHTTP but may be the same servers Impact DoMT resolves issues surrounding DSProxy and split HTTP connections Cross-site moves/failovers will require additional configuration to be seamless to clients Outlook connecting with Outlook Anywhere HTTP Windows 2008+ RPCHTTP RPC CAS RPC Client Access Services + DoMT LDAP RPC AD Mailbox Exchange Server 2010 (Beta) CAS still distributes OABv4 via Background Intelligent Transfer Service (BITS) over HTTP(s) for Outlook 2007 or later – no version change! Exchange Server 2010 (Beta) OAB will bring support for: Hierarchical Address Book (HAB) Properties customization MailTips for O14 6 .

HAB support is accomplished by populating objects with organization tree information (e. etc. to manage and monitor 7 .g. performance counters. departments and sub-departments) List of properties stored in OAB is viewed by Get-OfflineAddressBook OAB properties list customization Set-OfflineAddressBook –ConfiguredAttributes <att1>.<att2> Globally enable OAB distribution Customizing the OAB properties list can result in generation of large diff files Set-OfflineAddressBook –GlobalWebDistributionEnabled:$true A new service that establishes an Remote Procedure Call (RPC) endpoint for client access on the Client Access Server (CAS) role Replaces the existing RPC endpoint on the Mailbox Replaces DSProxy Consists of: New RPC endpoint entirely re-written in managed code Combination of re-factored XSO code and new code into a new Core Objects abstraction layer Cmdlets.

Net Mailbox Mailbox MAPI RPC Store DAV MAPI RPC Store 8 . Outlook client will only see ~30 sec disconnection. as compared to 1-15 min before MBX # of CAS servers x 100 cnx / CAS server Support more concurrent connections/mailboxes per Mailbox server CAS machines Entourage Exchange Components WS Mailbox Agents Exchange Components WS Mailbox Agents OWA Sync Transport Agents OWA Sync Transport Agents UM Outlook / MAPI clients UM Middle Tier Middle Tier XSO MAPI.What? A new service in Exchange Server 2010 (Beta) for Outlook to connect to CAS instead of connecting directly to MBX servers Outlook Clients Why? Reduce code and client logic in Exchange store process for increased reliability Use the same business logic for Outlook and other CAS clients Calendar logging + fix up Content/body conversion Exchange CAS Array Provide a better client experience during switchovers/failovers When a MBX server fails over.Net Outlook / MAPI clients Entourage MAPI RPC XSO Core Objects MAPI.

Net Mailbox MAPI RPC Store ESE DSProxy NSPI MAPI RPC Store ESE LDAP Mailbox AD AD RPC Data Flow HTTP Data Flow Common Data Flow 60K connections / MBX server Outlook Clients MBX Exchange Server 2007 # of CAS servers x 100 connections / CAS RPCCA service/process Outlook Clients Exchange CAS NLB MBX 9 .Exchange Server 2007 Outlook / MAPI clients Exchange Server 2010 Outlook / MAPI clients CAS RpcProxy CAS Array MAPI RPC Common Logic RPC Proxy NSPI MAPI.

MBX 2003 or 2007 Most clients will connect to CAS2010 for access to any mailbox CAS2010 will redirect and proxy clients to CAS2007/FE2003/MBX2003 for access to Exchange Server 2003/Exchange Server 2007 mailboxes OWA Exchange Beta: CAS2010 manual redirect to CAS2007. move of Autodiscover to E2010) Move UM phone number for OVA to point to UM2010 1. Move Internet hostnames to point to CAS2010 (incl. MBX 1.4 Move Mailboxes CAS. UM. CAS. HUB. HUB. HUB.1 Upgrade E2007 servers to SP2 2. UM.3 1. user get new ―legacy‖ OWA URL for FE2003—RTM: CAS2010 redirects to CAS2007 or MBX2003—all users use CAS2010 URL All devices get proxied from CAS2010 to MBX2003 WM6. UM.1+ gets redirected between CAS2010 and CAS2007 WM5 and WM6 get proxied from CAS2010 to CAS2007 Autodiscover sends clients to a CAS matching the MBX version RPC/HTTP service on CAS2010 forwards traffic to MBX 2003/2007 Leverages RPC Client Access service for mailbox access Users get new ―legacy‖ hostnames for CAS2007 and FE2003 access EAS EWS Outlook Anywhere Outlook Intranet RPC IMAP4/POP3 10 .No in-place upgrade: deploy new Exchange Server 2010 (Beta) servers Internet facing AD Site 1 Upgrade Internet facing sites first CAS-CAS proxy 1. MBX 2010 1.2 Deploy E2010 servers Internal AD Site 2 Upgrade Internal sites second Internet CAS.

via RPC Outlook Intranet RPC with MBX 2010 Outlook Intranet RPC with MBX 2003/2007 IMAP4/POP3 No Not Required due to CAS-> MBX comm. IMAP/POP clients must access a CAS in the mailbox AD Site directly and must access a CAS matching the mailbox version No Coming soon 11 . Between AD sites OLK2007 and newer: Autodiscover OLK2003 and older : No Direct access from CAS2010 to MBX2003 Direct access from CAS2010 to MBX2003/2007/2010 Not Required due to client->MBX direct comm. but the user goes to an OWA URL for a CAS in a different AD site What: OWA will show a page telling the user which OWA URL they should be using for access to their home AD site User-Italy Use ―externalUrl‖ config key to control OWA redirection Proxy When: No CAS in the user’s mailbox AD site is available on the Internet—the user uses the OWA URL for a CAS in a different AD site What: OWA will proxy the user requests to User-Italy the CAS in the mailbox AD Site Use ―internalUrl‖ configuration key to control OWA proxy behavior Redirect CAS-USA CAS-Italy CAS-USA Proxy CAS-Italy CAS->MBX OWA 2010/2007 EAS 2010/2007 No Web Services 2010/2007 (Outlook 2007+ other apps) Redirect CAS->CAS Yes Autodiscover + redirection logic Proxy CAS-> CAS Comments & Consequences Yes Autodiscover Must have a CAS server in each Exchange AD site to use OWA/EAS/Web Services OWA 2003 Yes.CAS to MBX RPC communication requires good network connection Every AD Site with Exchange Server 2007 mailboxes needs a CAS role Redirection When: A CAS in the user’s mailbox AD site Is available on the Internet. via HTTP EAS 2003 Outlook Anywhere with MBX 2003/2007/2010 Yes.

Availability. UAG or 3rd party Load Balancers CAS array Client NLB using Client IP or 3rd party cookie LB UAG cookie LB Client Scenario Service is contacted on CAS in site A Service needs to proxy request to CAS in site B which is closer to targeted mailbox Site B has load balanced CAS servers (NLB.OWA and EWS require server affinity During a session. all client requests must go to the same CAS server Other CAS services do not require client-server affinity Client IP-based load balancing Cookie-based load balancing ―Poor man’s‖ solution Windows Network Load Balancing (NLB) UAG Affinity fails if client IP changes during session array Does not work behind reverse proxies like ISA since the client IP is masked by the reverse proxy ISA 2006 and UAG can do client IP LB for servers behind it ―No hassle‖ solution ISA 2006. MailTips Support in POP/IMAP coming soon EWS bypasses NLBs Subscriptions need CAS affinity Configurable via cmdlet NLB array EWS NLB bypass CAS1 CAS2 CAS3 12 . reverse proxy) CAS-to-CAS enabled services ActiveSync.

nwtraders. WM5) do not support wildcard certificates— use different certificate for EAS specifically Cheaper: SAN certificate covering up to 6 hostnames e.com Some mobile devices (e.com.Improved scalability with lower memory and CPU utilization MIME fidelity improves reproduction of MIME in cases of DBCS handling.com. Use Exchange Server 2010 (Beta) certificate wizard to figure out the hostnames you need included Performance SSL is ~10% of CAS CPU load Ensure client-server affinity for the server which terminates SSL to avoid re-doing SSL handshake for new connections Consider offloading SSL to reverse proxy (e. imap.nwtraders.com. using an self-signed certificate To make things simple: use a wildcard certificate like *.com. signed and encrypted messages Added (back) Delegate Access support Duplicate download of messages mitigated for most cases Hidden messages are not retrieved anymore R4: Adding service discovery support for HA scenarios Installs with SSL on by default.nwtraders. smtp. pop. autodiscover.com.nwtraders.g. ISA/UAG) or hardware accelerator 13 .nwtraders.g. Owa.nwtraders.g.

ISA2006/UAG FBA. RSA SecurID 14 .Perimeter Network HTTPS Active Directory Service Account for CAS->MBX access Reverse Proxy w/ Pre-authN Firewall Firewall Client Access Mailbox Never deploy CAS in the Perimeter Network No domain member servers should be in perimeter— they have too many access rights on intranet AD servers Use pre-authentication on reverse proxy Ensure no unauthenticated traffic reaches intranet servers For example.

Because Microsoft must respond to changing market conditions. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. All rights reserved. MICROSOFT MAKES NO WARRANTIES. Windows. IMPLIED OR STATUTORY. Microsoft. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation.© 2009 Microsoft Corporation.S. EXPRESS. it should not be interpreted to be a commitment on the part of Microsoft. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. 15 . AS TO THE INFORMATION IN THIS PRESENTATION. and/or other countries.

Exchange Server 2010 (Beta) Ignite Module 05 Microsoft© Corporation TechReady content is Microsoft Confidential DO NOT post TechReady content to any blogs or external Websites Please DO NOT take photos or video of Sessions or Slides throughout the TechReady Event All appropriate content will be made available on-demand post event via https://www.mytechready.com and procurable on DVD via http://msmarket 2 Microsoft Confidential 1 .

5 Feature Set Demo Outlook Web Access in Exchange Server 2010 (Beta) Feature Set Demo 3 Microsoft Confidential Enterprise Network Edge Transport Routing & AV/AS Hub Transport Routing & Policy Phone system (PBX or VOIP) External SMTP servers Mailbox Storage of mailbox items Unified Messaging Voice mail & voice access Mobile phone Web browser Outlook (remote user) Client Access Client connectivity Web services Line of business application Outlook (local user) 4 Microsoft Confidential 2 .Exchange Server 2010 (Beta) Architecture overview Mobility with Exchange Server 2010 (Beta) and Windows Mobile 6.

1 devices with these new Exchange Server 2010 (Beta) features overthe-air! IT Pro Enhancements View mobile devices connecting to Exchange Allow/block quarantine by device type/OS Growing number of EAS supported devices 6 Enhanced Visual Voicemail Auto suggestions Microsoft Confidential 3 .5 Microsoft Confidential End User Enhancements Information overload Conversation view and actions Message preview Reply/forward status Exchange Active sync Devices Free/busy information Integrating communications (Unified inbox): Enhanced visual voicemail. including speechto-text transcriptions Text messages synchronized to Exchange inbox (send text messages from OWA and Outlook 14!) Conversation View Free Busy Information Quickly address emails with automatic recipient suggestions – shares the nickname cache with OWA Update your WM 6.

Apple 7 Microsoft Confidential Conversation View Free/Busy Lookup Read your voicemail (Enhance Voice Mail) Short Message Service (SMS) from your computer Find any e-mail in your mailbox Remember to tell them you’re on vacation Access documents while you’re out of the office Top Secret E-mail protection POP/IMAP service discovery Block/Allow via approved device list Approved by device type or by user Device type reported by the device Block an unsupported device Quarantine E-mail sent Administrator approved Lost devices don’t mean leaked information 8 Microsoft Confidential 4 .

EAS sync state upgrade POP/IMAP service discovery POP/IMAP performance improvements Calendar now support lunar calendars Downloadable Outlook Mobile client Use of temp installer and Skyline server 9 Microsoft Confidential SharePoint 2003/2007 Server SharePoint Request Proxy via Exchange CAS Internet Exchange CAS Server Subscription to Mailbox Exchange Mailbox Server 256-Bit SSL Tunnel ISA Server / Reverse Proxy Active Directory DMZ Microsoft Confidential Intranet 10 5 .

Sync Configure message formats (HTML or plain txt) Include past e-mail items E-mail body truncation size HTML e-mail body truncation size Include past calendar items (duration) Require manual sync while roaming Allow attachment download Maximum attachment size Authentication Minimum number of complex characters Enable password recovery Allow simple password Password expiration (days) Enforce password history Windows file share access Windows SharePoint access Minimum password length Timeout without user input Require password Require alphanumeric password Number of failed attempts Policy refresh interval Allow non-provisionable devices Encryption Require signed SMIME messages Require encrypted SMIME messages Require signed SMIME algorithm Require encrypted SMIME algorithm Allow SMIME encrypted algorithm negotiation Allow SMIME SoftCerts Device encryption Encrypt storage card Color Key Exchange 2007 SP1 Exchange 2007 RTM Exchange 2003 SP2 11 Microsoft Confidential Device Control Disable desktop ActiveSync Disable removable storage Disable camera Disable SMS text messaging Network Control Disable Wi-Fi Disable Bluetooth Disable IrDA Allow internet sharing from device Allow desktop sharing from device Application Control Disable POP3/IMAP4 e-mail Allow consumer e-mail Allow browser Allow unsigned applications Allow unsigned CABs Application allow list Application block list Color Key Exchange 2007 SP1 Exchange 2007 RTM Exchange 2003 SP2 12 Microsoft Confidential 6 .

13 Microsoft Confidential POP/IMAP service discovery Nickname cache See your UM messages Forward/Reply information Conversation view & actions Free/Busy information SMS sync Block/Allow list Downloadable client 14 Microsoft Confidential 7 .

side-by-side calendar views) – Information Rights Management (IRM) email without plug-in – “Virtual List View” removes need for paging Microsoft Confidential 16 8 . and get mobile notifications on your phone You asked for it – Delegate Access – Calendar and contacts sharing (within org and between orgs.15 Microsoft Confidential Outlook Web Access (OWA) Premium in Firefox 3 + Safari 3 + Internet Explorer (IE) 7/8 Information overload Conversations for everybody Filters Folder favorites MailTips Integrating communications IM integration (OCS + pluggable model) Send/receive mobile text messages (SMS) through Exchange ActiveSync devices.

FireFox. and Safari Improved threaded conversation view Integrated Presence and IM for SPOG UC Experience Nickname cache See your UM Voice Mail Messages External Calendar sharing and Side by Side Calendaring SMS Sync in OWA (Outlook and Mobile too!) Favorites folders Advanced search End User Archiving and access to archive Distribution group creation IRM Delegate access 17 Microsoft Confidential View conversations in context All messages All folders Forks Hide repeated information Take action on conversations Move Ignore 18 Microsoft Confidential 9 .OWA premium for IE.

19 Microsoft Confidential 20 10 .

21 Microsoft Confidential SMS Provider User Recipient 22 Microsoft Confidential 11 .

SSL User SSL Recipient Exchange Server 2010 (Beta) 23 •UCWeb. •Cert. must be from same CA •Can •Collaboration.•SipEPS.DLL must use FQDN 3rd Party Certificate Authority OCS 2007 R2 Set-OwaMailboxPolicy –identity <identity name> Set-OwaVirtualDirectory -InstantMessagingEnabled:$true Forefront –Identity <identity name> UAG Server -InstantMessagingType:server –InstantMessagingType:server MTLS Download Center Active Directory –InstantMessagingEnabled:$true Set-CASMailbox <MailboxIdParameter> Exchange 2010 CAS Exchange 2010 MBX -OwaMailboxPolicy <MailboxPolicyIdParameter> 24 12 .DLL use an internal CA •Multiple CAS = Multiple Certs.DLL •Cert.

Delegate access Distribution group creation IRM Archiving 25 Microsoft Confidential OWA premium for IE. and Safari Conversation view Ignore/Move conversation Virtual list view Presence Instant messaging Nickname cache UM card Calendar sharing Side by side calendar view Message tracking SMS Sync Favorites folders Advanced search Archiving Distribution group creation IRM Delegate access 26 Microsoft Confidential 13 . FireFox.

27 Microsoft Confidential 14 .

S. Microsoft. it should not be interpreted to be a commitment on the part of Microsoft. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. IMPLIED OR STATUTORY.© 2009 Microsoft Corporation. and/or other countries. Windows. AS TO THE INFORMATION IN THIS PRESENTATION. MICROSOFT MAKES NO WARRANTIES. EXPRESS. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. 15 . Because Microsoft must respond to changing market conditions. All rights reserved.

Exchange Server 2010 (Beta) Ignite Module Number 06 Microsoft© Corporation 2 Microsoft Confidential 1 .

no credentials No passport /Windows Live accounts or passwords shared Person-Person relationship Pat Org 1 Org 2 Angi Jon Org 1 Org 2 Org-org relationship 3 Microsoft Confidential Delegation Scenario Services act on behalf of a user to access Exchange resources Federated sharing Federated delivery Outlook Web Access (OWA) and Messenger 3rd party access to mailbox Virtual address lists Sign-on Scenarios User uses corporate credentials to access Exchange resources in the cloud Cross-premise mailbox login Direct logon for Line-ofBusiness (LOB) applications 4 Microsoft Confidential 2 .Joe Requires Microsoft Federation Gateway (MFG) Broker service only.

com Contoso.com MFG Cloud Services nwtraders.com nwtraders. standards-based trust MFG acts as trust broker FourthCoffee.Today (Exchange Server 2007) Complex. proprietary trust management MFG Simple.com Use Publicly Trusted Certificate Public. private key No name dependency Get-ExchangeCertificate Lists available certificates Create the actual federation trust New-FederationTrust -Name MFGTrust OrgCertificateThumbprint [cert thumbprint] 6 Microsoft Confidential 3 .com FourthCoffee.com Microsoft Confidential fabrikam.com Contoso.com 5 fabrikam.

com Subsequent domains Set-FederatedDomain –DomainName contosoresearch.com Set-FederatedOrganizationIdentifier DelegationFederationTrust MFG Trust -AccountNamespace contoso.DNS TXT record with the AppID IN TXT AppID=001600008000000F Add account name space for contoso.com 7 Microsoft Confidential 8 Microsoft Confidential 4 .

com One-time key exchange Proof of domain ownership Authenticated free busy access Request: View calendar For: Joe@contoso.com From: mary@fabrikam.com Create org-org relationship Enter organization info .domain name.9 Microsoft Confidential Exchange Server 2010 (Beta) Exchange Server 2010 (Beta) Requires Exchange Server 2010 (Beta) Establish MFG trust (once) fabrikam. standards-based trust with MFG Microsoft Confidential 5 .com contoso. Web Service (WS) endpoint Organization can enable anonymous discovery of info Exchange makes request for user O12/O14/OWA talks to local CAS User not prompted for credentials Windows Live Id No Active Directory (AD) trust or account management 10 Each org establishes a simple.

11 Microsoft Confidential 12 Microsoft Confidential Paul@fabrikam.com. retrieves the data from the calendar folder Contoso AS returns free/busy data to Fabrikam AS Paul sees free/busy information for Crystal 6 .com adds Crystal@ contoso. Performs authorization by validating the organization relationship for contoso.com to a meeting Fabrikam AS determines Crystal is an external recipient and looks up sharing relationship Fabrikam AS requests a delegation token for Paul for use by AS in Contoso Fabrikam AS includes the delegation token in the free/busy request to Contoso AS Contoso AS determines Paul is an external recipient.

com From: mary@contoso.Exchange Server 2010 (Beta) Exchange Server 2010 (Beta) Authenticated Configure MFG trust calendar access Configure Sharing Policy Request: Sync calendar Include list of allowed domains users For: joe@fabrikam. MFG Exchange Server 2010 (Beta) Opening invitation with O14/OWA creates a server-side subscription Exchange Server 2010 (Beta) gets token on behalf of user when making Server syncs shared calendar to request user’s mailbox All clients can view sync’d calendar 13 Microsoft Confidential 14 Microsoft Confidential 7 .com Contoso Fabrikam can share with Set maximum level of sharing for each domain Associate users with sharing policy Send Sharing Invitation Invitation requires O14/OWA.

The company registers which domain name should server as the account namespace of the federated domain. Additional domains can be registered to allow users with e-mail addresses in those domain to get delegation tokens. The certificate distribution is handled as part of the certificate deployment provided by the transport team.Sharer sends invitation to share his calendar/contacts to recipient outside of the Exchange organization Sharing Invitation contains sharing payload Encrypted with POP key Receiver’s e-mail address Alias support Calendar subscription is created in receiver’s Calendar with target information of the sender 15 Microsoft Confidential Configuration steps to enable Federated Sharing: two Exchange on-premise organizations with no Active Directory Trust want to share Calendar information Administrator Steps Comment This is the token signing certificate for federation trust with the Federation service. The mechanism used is to lookup a AppID TXT record for the domain that contains the ApplicationIdentifier created by the trust. Set-FederatedOrganizationIdentifier -DelegationFederationTrust LiveTrust -AccountNamespace contoso. New-FederationTrust -Name LiveTrust -OrgCertificateThumbprint 16be06c9431f910f5ccc833def56c535661ca6ca Both on-premise companies establish a federated trust with Microsoft Federation Gateway The network administrator creates an TXT record in DNS: contoso. Existing certificates can be leveraged if they meet the requirements. Request a CA signed certificate with private/public key and deployment on all CAS servers in the on-premise environment. and a shadow account is automatically created by Windows Live in the account namespace.com 16 Microsoft Confidential 8 .com IN TXT AppID=001600008000000F Windows Live Custom Domains require proof-of-ownership of any domain that should be federated with Federation Service. User with e-mail addresses ending with this domain will get delegation tokens from Federation Gateway.com Set-FederatedDomain –DomainName contosoresearch.

com Offer: MSExchange. Contoso Exchange server requests delegation token from Microsoft Federation Gateway On behalf of paul@contoso.com sends secure e-mail message to crystal@fabrikam. 3.Scenarios Contoso establishes Org-Org Sharing Relationship with Fabrikam User Steps To setup a Sharing Relationship for Contoso with Fabrikam: Get-FederationInformation –DomainName Fabrikam.com 1. MFG contoso. DeliveryInternalSubmit Targeted to fabrikam.com Fabrikam Server 9 .com | New-SharingRelationship -Name Fabrikam -CalendarEnabled $true -FederatedDeliveryEnabled $true Comment 17 Microsoft Confidential paul@contoso.com Exchange Server 18 Contoso Exchange creates RPMSG like message Creates a content key Creates a DRMData stream with encrypted body Encrypts content key with PoP key from token Adds delegation token and encrypted content key to new stream Microsoft Confidential Fabrikam decrypts RPMSG like message Decrypts SAML token targeted to Fabrikam to get PoP key Uses PoP to decrypt content key Uses content key to decrypt DRMData stream Converts message back to normal e-mail message fabrikam.com 2.

Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. 10 . it should not be interpreted to be a commitment on the part of Microsoft. and/or other countries. Because Microsoft must respond to changing market conditions. Windows. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. AS TO THE INFORMATION IN THIS PRESENTATION. EXPRESS.19 Microsoft Confidential © 2009 Microsoft Corporation. All rights reserved. Microsoft.S. MICROSOFT MAKES NO WARRANTIES. IMPLIED OR STATUTORY.

Exchange Server 2010 (Beta) Ignite Module Number 07 Microsoft© Corporation Transport and routing Exchange Server 2010 (Beta) transport key design goals Capacity planning High Availability and reliability Instrumentation and reporting Transport interoperability Edge Information Leakage Protection and Control (IPC) Transport content protection Confidential communications Exchange Server 2010 (Beta) and Information Rights Management (IRM) Integration 2 Microsoft Confidential 1 .

restart server. rebuild database.Lowering costs Increased availability Better administrative control Operational excellence 3 Microsoft Confidential Lowering capital expenditure (CapEx) Reduction in IOPS/msg through performance improvements reduces number of servers required in deployment Enable non-redundant storage (RAID0) configurations without increased risk of data loss Lowering operations expenditure (OpEx) Smaller server footprint. reimage server) Key Health Indicators (KHI) provide notification when system needs attention 4 Microsoft Confidential 2 . less power and A/C “Disposable state” enables simple recovery actions (restart process.

que database improvements Increased Extensible Storage Engine (ESE) page size to 32 KB ESE Database (DB) page compression ESE version store maintenance Better use of intrinsic long value storage Increase DB cache size and checkpoint depth Decrease transport dumpster size through truncation feedback to improve cache efficiency Result: More than 50% reduction in IOPS (hub) 5 Microsoft Confidential Reducing Version Bucket Resource Pressure 500 450 400 350 300 250 200 150 100 50 0 Version Buckets VersionBucketsHighThreshold (200) E2007 E2010 VersionBucketsMediumThreshold (120) 10mb 30mb 90mb 150mb 200mb 370mb Message Size 6 Microsoft Confidential 3 .mail.

previous hop resubmits SMTP extensions used (create little overhead) Ellimination of RAID overhead 50% IOP„s reduction for 80% Write I/O„s 8 Microsoft Confidential 4 .Overview Shadow messaging—transport redundancy Automated server recovery Transport dumpster 7 Microsoft Confidential Goals Increased reliability without increased hardware costs Enabled by default Shadow redundancy similar to transport dumpster Data retained on previous hop until delivered When failure in next hop detected.

Success: Hub (shadow) queries Edge1 (primary) for expiry status Hub issues XQDISCARD command (next SMTP Session). resubmits messages in shadow queue—resubmitted messages are delivered to Edge2 (go to #1) Microsoft Confidential Edge1 2 Edge2 Foreign MTA 10 5 . issued XQDISCARD command (heartbeat)—if Hub can’t contact Edge1 within timeout. Failure: Hub (shadow) queries Edge1 (primary) discard status and resubmits Hub opens SMTP session. Edge1 (primary) receives message (becomes “primary owner”) Edge1 delivers message to next hop Edge1 updates discard status of the message indicating delivery complete to foreign MTA Microsoft Confidential Edge1 2 Edge2 Foreign MTA 9 Hub 1 3 4 3.Hub 1 1.Edge1 checks local discard status and responds with list of messages considered delivered  Hub deletes messages from its shadow queue 4. Hub (shadow) delivers message to Edge1 (primary) Detects that Edge1 supports Transport redundancy through XSHADOW verb Hub moves message to shadow queue and stamps Edge1 as current. primary owner 2.

POP and IMAP clients) MUA (UM. client resubmits Mailbox Submission redundancy relies on copy of message in sender‟s “Sent Items” folder Mail Submission Service resubmits copy when hub doesn‟t acknowledge successful delivery of message System generated (Journal Report.UM.name. NDR) are considered “side effects” of original message submission. tracked as part of original delivery status 11 Microsoft Confidential Global Shadow Redundancy Configuration: [PS] D:\>get-TransportConfig | FL Shadow* ShadowRedundancyEnabled : True ShadowHeartbeatTimeoutInterval : 00:05:00 ShadowHeartbeatRetryCount : 3 ShadowMessageAutoDiscardInterval : 2.00:00:00 Delayed Acknowledgement Timer Configuration: [PS] D:\>get-receiveconnector | ft server. 3rd party Message Transfer Agent( MTA ) and Mail User Agent (MUA .MaxAcknowledgementDelay -a Server Name MaxAcknowledgementDelay ------------------------------HP64PIZZA50 Default HP64PIZZA50 00:00:30 HP64PIZZA50 Client HP64PIZZA50 00:00:30 Delayed Acknowledgement disabled on a receive connector by setting MaxAcknowledgementDelay to 00:00:00 12 Microsoft Confidential 6 . POP and IMAP clients) 250 response delayed up to 30 sec (default) If transport server fails before ack.Delayed acknowledgement after end of data SMTP submission from Exchange 2003/2007.

and continue operation Shadow redundancy provides data resiliency 14 Microsoft Confidential 7 . move/delete DB. Watson report (determine cause of failure) and restarts Exchange Server 2010 (Beta) Alert can send to System Center to further analyze resource pressure Exchange Server 2007 queue database corruption results in downtime until administrator can perform manual recovery Exchange Server 2010 (Beta). transport will detect queue database corruption.13 Microsoft Confidential Exchange Server 2007 memory resource pressure results in decreased service availability Exchange Server 2010 (Beta) implemented signal to generate Dr.

Up to 200% increase in IOPS/msg on hub transport role when using transport dumpster in AD site with many storage groups 18 megabyte (MB) quota per storage group using cluster continuous replication (CCR) results in inefficient JET database cache Redelivery request from mailbox role after lossy failover results in resubmission of entire quota Analysis has shown that most are detected as duplicates unless significant log replication lag exists Can‟t recover data that exceeds dumpster quota (default 18 MB) regardless of how many logs lost in DB failover Increased quota results in decreased cache efficiency 15 Microsoft Confidential Eliminate extra IOPS due to transport dumpster Database replication feedback from mailbox role allows dumpster truncation on hub role LastLogInspected time for each database copy retrieved from active manager at regular interval Timestamp of “worst” database copy in DAG used as the dumpster watermark for each database Items older than dumpster watermark are removed based on scheduled feedback Size of transport dumpster based on log replication latency and frequency of feedback Redelivery requests result in resubmission of messages newer than dumpster watermark 16 Microsoft Confidential 8 .

How many items are in the dumpster for each database ? How much space is the dumpster consuming for each database? PS] D:\>get-date.Get-MailboxServer | for each {get-databasecopystatus -MailboxServer $_.SummaryCopyStatus -ne 'Mounted'}} | foreach {$_.identity -DumpsterStatistics | ? {$_. June 16.DumpsterStatistics} Monday. 2008 11:07:02 PM Server : HP64PIZZA50 OldestItem : 6/16/2008 11:06:11 PM QueueSize : 3645 NumberOfItems : 63 Server : HP64PIZZA50 OldestItem : 6/16/2008 11:06:14 PM QueueSize : 827 NumberOfItems : 43 17 Microsoft Confidential Key health indicators Service Level Agreement (SLA) instrumentation Measuring delivery latency End-to-end latency Server component latency Historical reporting and trends Transport scorecard Transport dashboard Log Search Service 18 Microsoft Confidential 9 .

may or may not result in latency Exchange Server 2010 (Beta) Health Service Availability: aggregation of individual measurements of process uptime Categorization Bottleneck: raises alert when rate of submission exceeds rate of messages entering delivery queue for extended period of time (5 min) Delivery Latency: measurements of component latency and raise alerts when SLA exceeded over long periods of time (30 min) 19 Microsoft Confidential Intra-organizational delivery latency is measured from point of entry into organization to mailbox delivery or transfer to external mail system Servers in route between org entry and exit contribute to the end-to-end latency Components on each server contribute to the latency on each server Exchange Server 2010 (Beta) measures both and provides reporting for both using message tracking log and PerfMon instrumentation 20 Microsoft Confidential 10 .Exchange Server 2007 Health Service availability: measurement of process uptime Error events: large number of error conditions that may cause service disruption if left undetected Queue depth: rate of submission exceeds rate of delivery.

com> MessageLatency : 00:00:10.First Exchange Server 2010 (Beta) (H1) Server loops over received headers for InternalSMTPServers (H1 -> P2 -> P1): Add Latency header for P2‟s and P1‟s received header Add OriginalArrivalTime header for P1 Add InProgress header for H1 Server (H3): Loop over Received headers until we reach the previous Exchange Server 2010 (Beta) server (H3 -> H2 -> H1): Add Latency header for H2‟s received header Convert H1‟s InProgress header to latency header Add InProgress header for H3 21 Microsoft Confidential What was the end-to-end latency of messages delivered? What was the latency on each server hop in end-to-end route? [PS] D:\>get-MessageTrackingLog -MessageId "<341fbd56-fce9-41a7-aabd-145949785d66@HP64SFF77.extest.com>" | ? {$_.com> MessageLatency : 00:00:10.VGPHIG-dom.microsoft.microsoft.dns.microsoft.dns.dns.MessageLatencyType -eq 'EndToEnd'} | ConvertTo-Messagelatency InternalMessageId : 2 MessageId : <341fbd56-fce9-41a7-aabd-145949785d66@HP64-SFF77.com ComponentCode : TOTAL ComponentName : Total Server Latency ComponentLatency : 00:00:00 22 Microsoft Confidential 11 .5310000 MessageLatencyType : EndToEnd ComponentServerFqdn : HP64PIZZA50.dns.5310000 MessageLatencyType : EndToEnd ComponentServerFqdn : HP64-SFF77.microsoft.com ComponentCode : TOTAL ComponentName : Total Server Latency ComponentLatency : 00:00:09 InternalMessageId : 2 MessageId : <341fbd56-fce9-41a7-aabd-145949785d66@HP64-SFF77.microsoft.

TotalSeconds -gt 20} | convertTo-messageLatency | where {$_.BXWLWF-dom.Why did messages take longer than 20 seconds to deliver end to end? [PS] D:\>get-messagetrackinglog -server:fesmoke2 -eventid:deliver | where {$_.7500000 MessageLatencyType : EndToEnd ServerFqdn : 3859R7-LB18.MessageLatency.6180000 MessageLatencyType : EndToEnd ServerFqdn : 3859R7-LB18.BXWLWF-dom.extest.ComponentCode -notlike "total"} InternalMessageId : 1 MessageId : <f8bee984-LB18.com> MessageLatency : 00:00:25.com ComponentCode : SMR ComponentName : SMTP Receive Latency : 00:00:24 23 Microsoft Confidential 24 Microsoft Confidential 12 .microsoft.BXWLWF-dom.microsoft.BXWLWF-dom.com> MessageLatency : 00:00:26.Latency -gt "00:00:20" -and $_.com ComponentCode : SMR ComponentName : SMTP Receive Latency : 00:00:22 InternalMessageId : 3 MessageId : <32623cfb-LB18.extest.MessageLatencyType eq "EndtoEnd" -and $_.

1 day/ 1 wk/ 1m/ 3m/ 6m/ 1 yr Alerts – 4 alerts a.5% 95.5% 99. Low disk space Transport delivery CAS OWA Active Sync Web Services Outlook Anywhere 98. Network switch failure b.5% 99.5% 94.0% Response time in mins c.5% 99. Version 4.5% 99.5% 97.2% From 03/05/07 to 04/04/07 Zoom.3 of antispam definition file deployed d. Akamai routing issues Performance Components Unified messaging POP / IMAP Availability and Performance Message delivery latency MAPI logon 92.9.5% 95.Contoso SLA dashboard– Windows Internet Explorer   http://contoso/sla     Contoso> SLA Welcome Paula | My links | Email this page | Customize | Help SLA scorecard SLA scorecard Alerts Billing Overall SLA 99.5% 100% 25 Microsoft Confidential Install Exchange 2007 SP2 on all Exchange Server 2007 Servers (including Edge) Introducing Exchange Server 2010 (Beta) Hub Servers creates Routing Version Boundary Exchange Server 2010 (Beta) Hub cannot Edge-Sync to Exchange Server 2007 SP2 Edge Server(s) 26 Microsoft Confidential 13 .

the Sender Filtering agent blocks mail from blocked senders 27 Microsoft Confidential Enhanced EdgeSync Configuration and Troubleshooting Exposed Configuration Settings to Powershell Added new log file to track EdgeSync activity 28 Microsoft Confidential 14 . Incremental updates significantly reduces the edge sync workload Introduced Deltasync Mode Support Safe Senders and blocked Senders Realtime support: Incremental Updates significantly reduces the edge sync workload Junk E-mail Options Assistant propagates blocked senders lists from mailboxes to AD EdgeSync pushes blocked senders from AD to ADAM on Edges On Edges.Better Performance for EdgeSync.

Transport Content Protection What‟s new in Exchange Server 2010 (Beta)? Confidential communications Automatic content-based privacy Transport Pipeline decryption Information Rights Management (IRM) in Outlook and Outlook Web Access (OWA) Outlook Protection Rules Business-to-business (B2B) Rights Management Services (RMS) communication 29 Microsoft Confidential Exchange Server 2007 introduced: Secure intranet e-mail by default Opportunistic Transport Layer Security (TLS) RMS pre-Licensing Exchange Server 2010 (Beta) goes beyond: Automatic detection and protection of sensitive content using RMS Provides centralized control of e-mail protection Enable transport agents to be "RMS aware" Secure business communication using RMS 30 Microsoft Confidential 15 .

M&A info potentially lead to loss of revenue. market capitalization Loss of research. GLBA. CA SB 1386) Non-compliance with regulations or loss of data can lead to significant legal fees. SOX. fines. analytical data. and more Damage to Image and Credibility Damage to public image and credibility with customers Financial impact on company Leaked e-mails or memos can be embarrassing Loss of Competitive Advantage Disclosure of strategic plans. Regulatory and Financial impacts Cost of digital leakage per year is measured in $Billions Increasing number and complexity of regulations (e. and other intellectual capital 31 Microsoft Confidential Authorized Users Information Leakage Access Control List Perimeter Unauthorized Users Unauthorized Users Firewall Perimeter …but not ongoing usage.g.Legal. 32 Microsoft Confidential 16 .

Enforcement tools are required—content protection should be automated. 33 Microsoft Confidential Automatic Protection Streamlined End User Experience Enable IT Infrastructure B2B RMS 34 Microsoft Confidential 17 .

or forwarding of information Limit file access to only authorized users Audit trail tracks usage of protected files Persistent protection Protects your sensitive information no matter where it goes Uses technology to enforce organizational policies Authors define how recipients can use their information 35 Microsoft Confidential RMS Protection is applied both to the message itself and to the attachments. rights to view. printing.Windows Platform Information Protection Technology Better safeguard sensitive information Protect against unauthorized viewing. 36 Microsoft Confidential 18 . editing. copying.g. print or copy content). Saved attachments retain the relevant protection (e.

Protect message in transit via Transport Rules action Protect messages by default at Outlook Client Private Voice message automatically protected by Unified Messaging (UM) 37 Microsoft Confidential Exchange Server 2010 (Beta) provides a single point in the organization to control the protection of e-mail messages. Automatic Content-based Privacy: •Transport Rule action to apply RMS template to e-mail message • Transport Rules support Regex scanning of attachments in Exchange 2010 (including content) • Internet Confidential and Do Not Forward Policies available out of box 38 Microsoft Confidential 19 .

Office 2007. and XPS documents are supported for attachment protection 39 Microsoft Confidential 40 Microsoft Confidential 20 . Office 14.New Transport rule action to “RMS protect” Transport Rules support regular expression scanning of attachments in Exchange Server 2010 (Beta) “Internet Confidential” and “Do Not Forward” policies are available out of the box Office 2003.

outside.Allows an Exchange administrator to define clientside rules that will protect sensitive content in Outlook automatically Rules can be mandatory or optional depending on requirements Rules look at the following predicates: Sender‟s department (HR.) Recipient‟s identity (specific user or distribution list) Recipient‟s scope (all within the organization.) Rules are automatically retrieved from Exchange using Autodiscover and Exchange Web Services 41 Microsoft Confidential Step 1: User creates a new message in Outlook 14. R&D. Permission granted by: edbanti@exchange. Reply All. Edit. Save. etc.com 42 Microsoft Confidential 21 . etc. Step 3: Outlook detects a sensitive distribution list (DL) and automatically protects as MS Confidential.microsoft. Microsoft Confidential .This content is confidential and proprietary information intended for Microsoft employees only and provides the following user rights: View. Reply. Step 2: User adds a distribution list to the To line. Print and Forward.

preventing forwarding or copying content Private voice mail is supported in Outlook 14 and Outlook Web Access (OWA) 44 Microsoft Confidential 22 .IRM Protection will be applied by Outlook Exchange does not require super-user access to the IRM content: Achieves protection from the service provider But has certain limitations: IRM protected e-mail cannot be shown in Outlook Web Access IRM protected e-mail cannot be indexed by the content indexing engine on the mailbox server Mail cannot be journaled in the clear to internal or 3rd party archives E-discovery is unable to access or retrieve these messages within Exchange 43 Microsoft Confidential Unified Messaging administrators can allow incoming voice mail messages to be marked as “private” Private voice mail can be protected using “Do Not Forward”.

45 Microsoft Confidential Automatic Protection Streamlined End User Experience Enable IT Infrastructure B2B RMS 46 Microsoft Confidential 23 .

Macintosh and Windows Conversation View. Preview pane Full-text search on RMS protected messages 48 Microsoft Confidential 24 . Safari.Pre-licensing enables offline and mobile access to RMS protected messages IRM Feature Parity between Outlook and Outlook Web Access Conduct full-text search on RMS protected messages in Outlook Web Access 47 Microsoft Confidential Create/Consume RMS protected messages natively. just like Outlook No client download or installation required Supports: Firefox.

49 Microsoft Confidential Automatic Protection Streamlined End User Experience Enable IT Infrastructure B2B RMS 50 Microsoft Confidential 25 .

message forks and NDRs with original Publishing License 51 Microsoft Confidential All of the RMS integration agents are implemented as “internal agents” End of Data • Pipeline Decryption Agent Decrypt RMS message from SMTP On Routed • Transport Rules Agent • Journal Report Decryption Agent • Encryption Agent • PreLicense Agent • Journal Agent On Submitted • Pipeline RMS Decryption Agent Decrypt AD RMS message from Pipeline 52 Microsoft Confidential 26 .Enables Hub Transport agents to scan/modify RMS protected messages Required for Antivirus scanning. Transport Rules or 3rd party agents Decryption Agent Decrypts message and attachments. using RMS super-user privileges Only decrypts once per forest. to improve performance Option to non-deliver (NDR) messages that can‟t be decrypted Encryption Agent Re-encrypts messages. on the first Hub.

off by default • Stamps x-Org header to prevent future decrypt attempts Archive/Journal 53 Microsoft Confidential 54 Microsoft Confidential 27 .Server Decryption agent: • Attaches clear-text copies of RMS protected messages and attachments to journal mailbox • Requires super-user privileges.

Automatic Protection Streamlined End User Experience Enable IT Infrastructure B2B RMS 55 Microsoft Confidential Today customers can communicate using RMS between organizations by deploying ADFS and setting up trusts ADFS requires a separate trust between each partner ADFS isn‟t supported by Exchange In Exchange Server 2010 (Beta). customers can federate with the Microsoft Services Gateway instead of each partner A single federation point replaces individual trusts Allows Exchange to act on-behalf-of users for decryption Next slides show an example of how OWA will decrypt messages on-behalf-of a recipient using federation 56 Microsoft Confidential 28 .

com Organizations federate Exchange and RMS with the Microsoft Services Gateway 1 Create a federated trust with Microsoft Services Gateway using wizard Create a federated trust with Microsoft Services Gateway using wizard Exchange 2010 Exchange 2010 AD RMS 2008 58 Microsoft Confidential 29 .57 Microsoft Confidential nwtraders.com Microsoft Services Gateway Fabrikam.

com Fabrikam requests a delegation SAML token from the Services Gateway Organizations federate Exchange and RMS with the Microsoft Services Gateway 1 User in Northwind Traders sends an RMS protected message to a recipient in Fabrikam 2 Exchange Server 2010 (Beta) Delegation SAML token is used to authenticate on-behalf-of the recipient to Northwind Traders’s RMS server AD RMS 2008 60 Exchange Server 2010 (Beta) Fabrikam’s Exchange server requests a delegation SAML token from Services Gateway for Northwind Traders’s RMS server 3 Microsoft Confidential 30 .com Microsoft Services Gateway Fabrikam.com Organizations federate Exchange and RMS with the Microsoft Services Gateway 1 Message is protected against Northwind Traders’s AD RMS server User in Northwind Traders sends an RMS protected message to a recipient in Fabrikam 2 Exchange Server 2010 (Beta) Exchange Server 2010 (Beta) AD RMS 2008 59 Microsoft Confidential nwtraders.com Microsoft Services Gateway Fabrikam.nwtraders.

com Northwind Traders validates the signature on the delegation SAML token and ensures that the recipient has rights to the message Microsoft Services Gateway Fabrikam.com Organizations federate Exchange and RMS with the Microsoft Services Gateway 1 User in Northwind Traders sends an RMS protected message to a recipient in Fabrikam Northwind Traders returns a license to Fabrikam which can be used to decrypt the message in OWA and enforce rights Exchange Server 2010 (Beta) 2 Exchange Server 2010 (Beta) Fabrikam’s Exchange server requests a delegation SAML token from Services Gateway for Northwind Traders’s RMS server 3 Northwind Traders returns license to Fabrikam to decrypt mail in OWA for recipient AD RMS 2008 4 61 Microsoft Confidential Senders can control how their data is accessed by 3rd parties By using federation. Journal Report Decryption and Transport Pipeline decryption 62 Microsoft Confidential 31 . RMS can allow organizations and applications to access data on-behalf-of individuals Specifically they can specify whether recipient organizations can archive e-mails in the clear RMS administrator can control which 3rd parties can access data using federated authentication (allow/block list) Recipient organization can decrypt RMS protected messages for Outlook Web Access.nwtraders.

Exchange Server 2010 Supported on Windows Server® 2008 Planned support for Windows Server 2008 R2 RMS integration features require: RMS on Windows Server 2008 SP2 or Windows Server 2008 R2 B2B RMS requires: Windows Server 2008 R2 RMS 63 Microsoft Confidential 64 Microsoft Confidential 32 .

65 Microsoft Confidential Reduction in datacenter server footprint Lowering Input / Output Per Second (IOPS) per message Reduction in random Input/Output Increased service availability Handling larger messages without resource pressure increases capacity of servers in site Lowering delivery latency (99% in 90 sec) Measuring transport component latency provides insight into how to make system run more efficiently 66 Microsoft Confidential 33 .

Exchange Server 2007: The “X-MS-Exchange-OrganizationOriginalArrivalTime” header indicates the time the first Exchange Server 2007 server is encountered by a message. 68 Microsoft Confidential 34 . 67 Microsoft Confidential Provides a service that traces the servers a message went through from start to finish. Exchange Server 2010 (Beta): The “X-MS-ExchangeOrganization-MessageLatency” and “X-MS-ExchangeOrganization-MessageLatencyInProgress” headers contain FQDNs and detailed latency data for Exchange Server 2010 (Beta) servers that messages go through. Cross-site HTTP calls are cheaper than RPCs. IP addresses and time stamps for every hop messages take.Header Information is utilized to extract required information. Org 1 Org Boundary Org 2 Mailbox RPC Hub RPC Hub RPC Mailbox RPC Sharing relationship CAS Message Tracking Task HTTPS . Works across organizations. Trusted (internal) Server IP/Ranges must be present in the InternalSMTPServers AD attribute. All servers: RFC 2821/2822 “Received” headers provide server FQDNs.EWS Call (Windows Live ID authentication) CAS Note: the same architecture is used cross-site within one organization.

Allows the user to edit the IRM content. Allows the user to make a copy of any portion of a file and paste that portion of the file into the work area of another application. 70 Microsoft Confidential 35 . Expiration does not apply to users with Full Control. Allows the user to print the contents of a file. Allows e-mail recipients to reply to an IRM e-mail message. Microsoft Confidential Step 2: User adds a distribution list to the To line. This corresponds to Read Access in the Office user interface. and the right to make changes to permissions associated with content. Allows the user to save a file. Allows the user to open IRM content. Allows e-mail recipients to reply to all users on the To: and Cc: lines of an IRM e-mail message. Allows the user to save content in another location or format that may or may not support IRM. Gives the user permission to view the rights associated with a file.IRM right Full Control View Edit Save Extract Export Print Allow Macros Forward Reply Reply All View Rights 69 Description Gives the user every right listed below. Allows e-mail recipients to forward an IRM e-mail message. Allows the user to run macros against the contents of a file. Office ignores this right.

Step 3: Outlook detects a sensitive distribution list (DL) and automatically protects as MS Confidential. 71 Microsoft Confidential Variant: Administrator can define a policy as required. 72 Microsoft Confidential 36 . disabling the Permission button.

and/or other countries. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. MICROSOFT MAKES NO WARRANTIES. IMPLIED OR STATUTORY. 37 .S. Microsoft.73 Microsoft Confidential © 2009 Microsoft Corporation. Windows. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. it should not be interpreted to be a commitment on the part of Microsoft. All rights reserved. EXPRESS. Because Microsoft must respond to changing market conditions. AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange Server 2010 (Beta) Ignite Module Number 08 Microsoft© Corporation Compliance Framework IW & IT Pro Pain Points Archive – IW Experience Archive – IT Pro Experience Exchange Server 2010 (Beta) Features Summary 2 Microsoft Confidential 1 .

” 3 Microsoft Confidential Exchange Admin with EMC/ECP PSTs Exchange Mailbox Mailbox DB Mailbox DB Mailbox DBs PSTs • Unlimited storage • Portability • Offline Access Mailbox • Highly available • Reliable • Outlook/OWA User Archive (3rd Party) User Archive • Makes PSTs discoverable • Enables legal hold on PSTs • Unlimited Mail storage • Outlook/OWA with stubs Business Archive (3rd Party) Business Archive • Discovery across email. single instancing.Component Preserve Protect Discover Prove Challenges “I need an archive for eDiscovery. compression) Backups Backups Single Item Restore Rogue Admin Separation Disaster Recovery CAS Server IW with Outlook/OWA Compliance Officer with ECP 4 Microsoft Confidential 2 .” “Regulations require we set up ethical walls. documents.” “We‟re worried about information leakage.” “Our auditors require detailed activity reports of user and IT administrator email activity. etc.” “Our lawyers need a faster. easier way to hold and search email.” “We need to a more consistent way to apply retention policies. • Retention Mgmt • Auditing • Efficient storage (deduping.

single instancing. compression) Backups Exchange Server 2010 Exchange Server (Beta) Archive 2010 (Beta) •Larger cheaper mailbox Mailbox •Single item restore • Highly available •Highly Available • Reliable •Discoverable • Outlook/OWA •Retention Mgmt •Outlook/OWA User Archive • Enables PST data to be discovered • Enables PST data to be under legal hold • Unlimited mail storage • Outlook/OWA experience with stubs Backups •Single item restore •Rogue admin separation •Disaster recovery IW with Outlook/OWA Compliance Officer with ECP 6 Microsoft Confidential 3 . • Retention mgmt • Auditing • Efficient storage (deduping.IT Pro Perspective Out-of-box solution limited Litigation hold can‟t be enforced on Personal Information Stores (PST) – unable to ensure items not deleted PSTs cannot be discovered Lost laptop results in exposure of PSTs Backup/recovery cost prohibitive PST on network share not supported End user viewpoint Changes workflow Litigation hold removes PST access and user can‟t delete messages Litigation hold causes OST performance to suffer Quota forces forwards to Gmail 3rd party add-in is confusing Inconsistent experience Are accessible on local machine only Search degraded when PST is on a network share Bad hard drives lead to lost PSTs PST corruptions increase when PST is located on network share As PSTs grow. documents. etc. stability lessens (>5 gigabytes (GB)) 3rd party solution expensive Licensing cost more than Outlook 14/Exchange Server 2010 (Beta) Additional hardware needs purchased Delays Office upgrades Deployment touches all desktops Add-in cause performance woes Leads to increased Help Desk cost 5 Microsoft Confidential Exchange Admin with EMC/ECP PSTs • Unlimited storage • Portability • Offline Access PSTs Primary Mailbox Recoverable Items Archive Mailbox User Archive (3rd Party) Recoverable Items Business Archive (3rd Party) Business Archive • Discovery across email.

30 GB Online Only Exchange Admin/ Compliance Officer Recoverable Items (14 Days) Recoverable Items (14 Days) Archive mailbox is end user accessible from Outlook and OWA Exchange Server 2010 (Beta) DB + Copies DAS Storage Archive availability and reliability is the same as existing Exchange mailboxes 7 Microsoft Confidential 8 Microsoft Confidential 4 .Archive is an additional mailbox associated with an existing user account User Account AD IT Pro manages Archive mailboxes same as existing Exchange mailboxes Primary Mailbox Outlook/OWA 1-2 yrs of email Size < 10 GB Offline and Online Archive Mailbox 1.10 yrs of email Size < 10 .

A secondary mailbox that is configured by the administrator Appears alongside a user‟s primary mailbox in Outlook or Outlook Web Access PSTs can dragged and dropped to the Online archive Primary mailbox data can be moved automatically using messaging records management (MRM) Retention Policies 9 Microsoft Confidential 10 Microsoft Confidential 5 .

any other folder 12 Microsoft Confidential 6 .Move menu has latest used folders. Items in Archive displayed exactly like any other folder. including archive folders Copy/move brings up folder picker which includes the archive Drag and drop also supported between folders in both cases 11 Microsoft Confidential Archive Node shows Archive Node shows up up as another root as another root node node.

folder. Choosing to search in All Mail Items will include the Archive. you need to select Archive from the Dropdown.Search in a folder in Search in a folder in the archive works the the archive works the same as any other same as any other folder. even if you are viewing your primary mailbox To search the whole archive. 13 Microsoft Confidential Pre-Conditions: • Default Move Policy = 2 Year User selects 5 Years from set of Policies 14 Microsoft Confidential 7 .

Pre-Conditions: • Default Move Policy = 2 Year User selects 5 Years from set of Policies 15 Microsoft Confidential Pre-Conditions: • Default Move Policy = 2 Year • Project X Folder Move Policy = 1 Year • Item 1 with Move Policy = 5 Years 16 Microsoft Confidential 8 .

17 Microsoft Confidential Pre-Conditions: • Default Move Policy = 2 Years • Default Delete Policy = 7 Years User selects 5 Years from set of Policies 18 Microsoft Confidential 9 .

Pre-Conditions: • Default Move Policy = 2 Year • Default Delete Policy = 7 Years • Delete Policy On This Message = 10 years User selects 5 Years from set of Policies 19 Microsoft Confidential Pre-Conditions: • Default Move Policy = 2 Years • Selected Item Move Policy = 5 Years • Default Delete Policy = 7 Years • Selected Item Delete Policy = 10 Years • Project X Folder Move Policy = 1 Year • Project X Folder Delete Policy = 6 years 20 Microsoft Confidential 10 .

enable IT Pro to add and remove the archive P1 . same site.enable IT Pro to view and manage the archive P1 .enable IT Pro to migrate the archive Assumptions Archive and Primary Mailbox are on same database (DB). same forest Users will only have one Archive in Exchange Server 2010 (Beta) Archives cannot be accessed by delegate users 22 Microsoft Confidential 11 .21 Microsoft Confidential Requirements P1 .

size) for a user Get: Enumerate all archives in a DB or an org Manage the archive Set: Set archive properties (e.g.g. Microsoft Confidential 12 .Add the archive to a user New: Create an archive mailbox for a user Enable: Enable an archive mailbox for a user Connect: Connect an existing archive to a user Remove the archive from a user Disable: Disconnect the archive for a user Remove: Remove the archive mailbox from a user View the Archive Get: View archive properties (e. mailbox and archive Scenario Input Output 24 Create new Exchange Server 2010 (Beta) users and add primary mailbox and archive New-Mailbox -Name „Hal' ……… –archive Command Prompt. quota) for a user Get: View archive statistics (for e. quota) for a user Import: Import data into an archive Export: Export data from an archive Migrate the archive and the primary mailbox Move: Migrate the archive and primary mailbox 23 Microsoft Confidential Create user.g.

Microsoft Confidential Scenario Input Output Enable Mailbox and Archive for Exchange Server 2010 (Beta) users with no primary mailbox or archive Get-user hal | enable-mailbox -archive Command prompt 26 Microsoft Confidential 13 .Enable archive Scenario Input Output 25 Enable Archive for existing Exchange Server 2010 (Beta) users with primary mailbox but no archive Enable-mailbox –identity:hal -archive Command Prompt.

primary and archive Scenario Input Output Remove the archive.Connect the archive Scenario Input Output 27 Reconnect the archive to a user connect-mailbox -id “legacydn of hal‟s archive" -User “jack“ –archive Command Prompt Microsoft Confidential Remove user. Are you sure you want to remove Hal? Microsoft Confidential 28 14 . the user account and primary mailbox Remove-mailbox hal Removing the mailbox will remove the Windows user object and mark the mailbox and archive for removal.

Remove the archive only Scenario Input Output 29 Remove the archive only (keep user account and primary mailbox) Remove-mailbox hal –archive Removing the Archive will mark the archive for removal. Are you sure you want to remove the Archive for Hal? Microsoft Confidential Disconnect the primary and archive Scenario Input Output 30 Disconnect the primary mailbox and the archive from a user Disable-mailbox hal Command Prompt Microsoft Confidential 15 .

Disconnect the archive Scenario Input Output 31 Disconnect the archive from the user Disable-mailbox hal –archive Command Prompt Microsoft Confidential View Archive (special icon) Scenario Input Output Default Output 32 Get users with mailbox and archive Get-Mailbox –filter „(ArchiveGUID –ne $null)‟ Mailbox objects Name -------Hal RecipientType -------------------UserMailbox Microsoft Confidential ArchiveName ------------------Archive 16 .

Filter the Recipients Scenario Input Output Get Recipients with archive Get-recipient –filter „(ArchiveGUID –ne $null)‟ Mailbox objects 33 Microsoft Confidential Scenario Input Output Default Output Get statistics for all the archives on a DB Get-mailbox –database DB1 | get-mailboxStatistics -archive Mailbox statistics for archive on a DB DisplayName LastLogonTime -------------------Hal (Archive) 2:03 PM John (Archive) 2:03 PM ItemCount --------------2 3 StorageLimitStatus ------------------------BelowLimit BelowLimit -----------------12/17/2008 12/17/2008 34 Microsoft Confidential 17 .

Archive quota is set with other mailbox quota properties Scenario Input Output Scenario Input Output 35 Configure quota on archive Set-Mailbox hal –archiveQuota:50000000 Command Prompt Bulk Operation: Set quota on all the archives on a DB Get-mailbox –database db1 | set-mailbox –ArchiveQuota 30000000 Command Prompt Microsoft Confidential Export the Archive Scenario Input Output 36 Export archive data to PST or mailbox export-mailbox –id:„hal„ -TargetMailbox „johndoe' -TargetFolder 'foo„ archive Command Prompt Microsoft Confidential 18 .

Import PST into the Archive Scenario Input Output 37 Import a PST into the Archive import-mailbox –id:„hal„ –PSTFolderPath C:\PSTFiles\hal_arch. primary and archive from Exchange Server 2010 (Beta) DB1 to Exchange Server 2010 (Beta) DB2 New-MoveRequest Hal –Targetdatabase DB2 Command Prompt Move primary and archive for a group of users to Exchange Server 2010 (Beta) DB2 Get-Mailbox -Filter { Department –eq Sales } | New-MoveRequest – Targetdatabase DB2 Command Prompt Move primary and archive from DB1 to DB2 (Decommission DB) Get-Mailbox –Database db1 | New-MoveRequest –targetdatabase DB2 Command prompt Microsoft Confidential 19 .pst – archive Command Prompt Microsoft Confidential Scenario Input Output Scenario Input Output Scenario Input Output 38 Move user.

archives. IRMprotected and deleted items Specific search by keywords. mailbox Microsoft Confidential 20 . dates. specific mailboxes… and a variety of mailbox items 40 Copy email from query and place in PST. compliance officer or HR Search across primary mailbox.Preserve Feature Role Based Access Copy edited and deleted items Auto alert notification Search dumpster Benefits Delegate Legal Hold function to non-IT users through user-friendly ECP GUI Builds on Exchange Server 2007 hold for auto-deleted items Eliminates manual alerts to users on hold Use multi-mailbox search to retrieve deleted/edited items 39 Microsoft Confidential Discover Delegate access to search graphic user interface (GUI) to attorney. content types.

Preserve Protect • • • • • • • • Centralize PST files in a Online Archive Apply granular retention policies per item or folder Capture edited and deleted items with litigation hold Decrypt IRM-protected e-mail for journaling Automatically apply IRM-protection based on policies Allow partners/customers to read IRM-protected messages Enable managers to monitor email traffic more effectively Apply dynamic signatures to email based on user attributes Discover Prove 41 • Perform multi-mailbox search using simple GUI • Delegate search access to litigators/compliance managers • Export search query items to PST for further analysis • Generate reports detailing mailbox activity and system configurations Microsoft Confidential 42 Microsoft Confidential 21 .

and/or other countries. Because Microsoft must respond to changing market conditions. 22 . and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Microsoft.© 2009 Microsoft Corporation. All rights reserved. IMPLIED OR STATUTORY. MICROSOFT MAKES NO WARRANTIES. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. Windows.S. it should not be interpreted to be a commitment on the part of Microsoft. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. EXPRESS. AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange Server 2010 (Beta) Ignite Module Number 9 Microsoft© Corporation Background Architecture Customer research and feedback How Exchange Unified Messaging (UM) is used at Microsoft Exchange Server 2010 (Beta) UM Migration Administration Features Demos Questions 2 Microsoft Confidential 1 .

701 15.016 2.559 55.917 210.922 52. per user Call answered voice messages per user 4 67733 3.638 2.459 42.UM protocols SIP/RTP to gateway/PBX LDAP to the directory MAPI/(RPC) to mailboxes Can place UM servers distant from PBXs Support scale out and server consolidation 3 Microsoft Confidential UM mainly used for call answering About 2 in 3 of these are “missed calls” Date UM Total Calls UM Call Answer Calls UM Call % Calls Avg Voice UM Fax Subscriber Avg Answer Leaving Message Size Messages Logons Subscriber Call Voice Voice (sec) Duration (sec) Messages Message 7.1 1.044 3.175 Total 272.651 579 36% 36% 36% 38% 38% 27% 18 18 19 19 20 19 49 76 52 33 25 4 601 635 588 661 533 58 72 74 52 45 33 28 1/31/2009 1/30/2009 1/29/2009 1/28/2009 1/27/2009 1/26/2009 1/25/2009 9.079 33.570 43.1 Microsoft Confidential 2 .437 15.778 12.879 257 3.559 41.500 15.233 29% 18 18 120 74 14.196 Number of UM-enabled users Calls diverted to UM.465 41.223 52.309 40.301 58.402 76.

Exchange UM is used most for creating call-answered voice messages Outlook Voice Access is very valuable to mobile workers. Configure Internet Protocol (IP) gateways to send calls to UM 2010 Office Communications Server (OCS) requires new UM Dial Plan (new pilot #) UM-disable. enable (PIN reset) in new DP 6 Microsoft Confidential 3 . Require at least one UM 2010 server in the Dial Plan. Not supported. but they are often in the minority Requests for: Built-in Message Waiting Indicator (MWI) support Speech recognition (not just in English) Outbound fax support Support split messaging/telephony administration model Better audio support for non-Windows clients Private voice mail option Better caller ID resolution 5 Microsoft Confidential UM 2010 requires mailbox. Subscriber access: REFER (with context) to UM 2007 server in the Dial Plan UM “just works” for the enabled users. transport 2010 Unified Messaging version 2007 SP2 2010 (Beta) Call answer: 302 (redirect on INVITE) to UM 2007 server in the Dial Plan Mailbox version 2007 SP2 2010 UM “just works” for the enabled users.

PIN reset.UM now uses Exchange Role Based Access Control (RBAC) Three UM administrative roles. as shipped UM management Administer any and all UM functionality UM mailbox Provision UM mailbox. clear lockout UM prompt Update Dial Plan and/or Auto Attendant prompts Custom roles may be created 7 Microsoft Confidential Exchange Server 2007 UM supported inbound fax Delivered to users’ mailboxes No specialized routing software No outbound fax UM customers mostly used other fax products Exchange Server 2010 (Beta) UM will not create fax messages Working with key partners to provide migration and interoperability story for UM fax UM can hand fax calls off to partner solution UM configuration slightly extended (for partner Uniform Resource Identifier (URI)) 8 Microsoft Confidential 4 .

names) Beta US English German Canadian French Mexican Spanish Japanese RTM Chinese (PRC) Chinese (Taiwan ROC) Dutch English (Australia) English (UK) French Italian Korean Brazilian Portuguese Spanish Swedish 9 RTM+120 Days Catalan Chinese (Hong Kong SAR) Danish English (Canada) English (India) Finnish Norwegian (Bo) Polish Portuguese Russian Microsoft Confidential MP3 (codec and file format) is now the default for recording voice messages Socializes more easily with non-Windows and non-Windows Mobile mail clients G.The goal is for each UM language pack to contain: Prerecorded prompts Text-to-speech (now using Microsoft engine) Speech recognition (command/control.711 MP3 WMA 2 GSM WMA 9 10 Microsoft Confidential 5 .

164 Lookup did not use unindexed AD attributes telephoneNumber. mobile UM can now generate suffix search fields AllowHeuristicADCallingLineIDResolution on DP Bottom line: caller ID lookup is now better! 12 Microsoft Confidential 6 .164 was inflexible InternationalNumberFormat single-valued Added NumberingPlanFormats on DP One or more patterns to extend N-digit to E.Failure to resolve caller ID to a name is a major source of complaint by end users Numbering plan split across UM Dial Plans Added EquivalentDialPlanPhoneContexts on DP FQDNs of other DPs in same numbering plan Many non UM-enabled users have more than one phone number msRTCSIP-Line is not multi-valued Added UMCallingLineIds to User object 11 Microsoft Confidential Extension of CLID to E. homePhone.

g.Call answer is UM’s most frequent scenario Play greeting. then run… Greeting and menu: collect caller's choice of… Action: transfer. time of day Call answering rules Condition: if it evaluates to true. special greetings by contact. take message Users wanted more control e. "Find me" or leave message 13 Microsoft Confidential 14 Microsoft Confidential 7 .

Exchange Server 2007 UM did not support MWI Third-party solutions required Exchange Server 2010 (Beta) UM supports MWI natively Configure through UM Mailbox Policy ON by default No new roles Highly scalable MWI via Short Message Server (SMS) Requires mail gateway SIP NOTIFY Phone 15 Gateway & PBX Microsoft Confidential UM servers Mailbox servers 16 Microsoft Confidential 8 .

Speech recognition applied to voice mail Text on delivery Feature mark-up Text Preview of Voice Mail Audio Playback Searchable <100% accurate In SMS MWI Contextual Actions 17 Microsoft Confidential Available in U. German for Beta Accuracy is still improving Average ~75% for en-US. English.S. less for other languages "Your mileage may vary" Release to manufacturing (RTM) languages to be determined (usability tests in progress) Controlled by UM mailbox policy Uses Dial Plan default language We need your feedback 18 Microsoft Confidential 9 .

CPU-intensive: affects UM scalability Throttled: UM will skip transcription if too busy Estimate ~1 VM/min/core as throughput Try to use all cores Below normal priority Transcription followed by: Transcoding of audio Creation of message Submission to Hub 19 Microsoft Confidential Exchange Server 2007 UM doesn’t have private voice mail Deployment blocker for some customers Some voice messages are sensitive Caller may have marked the message private Some users receive nothing but sensitive voice mails Treat voice mail as special case of e-mail E-mail can already be protected Information Rights Management UM will use the same approach 20 Microsoft Confidential 10 .

Controlled by UM mailbox policy Requires AD Rights Management Services Private: protect if sender marks message private All: protect all messages (don't ask sender) Always uses Do Not Forward permissions RequireProtectedPlayOnPhone property Blocks use of multimedia: no voice data on client 21 Microsoft Confidential Requires rights management-aware client interface that also supports Exchange UM Outlook Voice Access (Exchange UM telephone user interface (TUI)/voice user interface (VUI)) Outlook Web Access (Exchange Server 2010 (Beta)) Outlook "14" 22 Microsoft Confidential 11 .

Deep investments in UM features that will add real benefit to common scenarios
Voice mail preview Call answering rules Built-in MWI Protected voice mail

A natural replacement for legacy voice mail

23

Microsoft Confidential

24

Microsoft Confidential

12

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13

Exchange Server 2010 Ignite Module Number 10 Microsoft© Corporation

Exchange storage background Disk storage technology 2010+ Exchange Server 2010 (Beta) storage architecture Store innovations Extensible Storage Engine (ESE) database innovations Exchange Server 2010 (Beta) storage design Summary
2

Microsoft Confidential

1

Significant innovation in Exchange Server 2007
Reduce storage input/output (I/O) (70%) Use large amounts of memory (64 bit) Increased page size (4 kilobyte (KB) -> 8 KB) Lower storage costs Support large mailboxes (> 1 gigabyte (GB)) Provide fast search (CI) Continuous replication (log shipping) High Availability (HA) + fast recovery Eliminate single points of failure
3

Microsoft Confidential

SATA (3.5") Drive Capacity (GB) RPM Transfer Rate (Mb/sec) Read Seek Time (ms) FC/SAS (3.5”) Drive Capacity (GB) RPM Transfer Rate (Mb/sec) Read Seek Time (ms)

2006 750 7.2K 930 8 2006 300 15K 975 3.7

2010 2,000 7.2K 2,000 7.2 2010 600 15K 2,000 3.3

2013 8,000 10k 5,000 6.5 2013 2,400 15K 4,000 2.8

Disk capacity trend predicted to continue Sequential throughput increasing linearly based on areal density (2010 SATA = 250 megabytes (MB)/sec) Random I/O performance not expected to improve substantially
4

Microsoft Confidential

2

Random IO Disk head has to move to process Disk Head subsequent IO Head movement = High IO latency Seek Latency limits IO (IOPS) Sequential IO Disk head does not move to process subsequent IO Stationary head = low IO latency Disk RPM speed limits I/O per second (IOPS)
7.2K SATA Disk (20ms Latency) Random = 50 IOPS Sequential = +300 IOPS
5

Microsoft Confidential

NAND

Flash best utilized by Exchange Server 2010 (Beta) when used as a cache within storage stack

PCM

HBA / RAID

NAND

Exchange Server 2010 (Beta) Mailbox Server Enterprise SAN Array
6

Hybrid HDD

SATA SSD
Microsoft Confidential

3

sequential. large size. Low-cost Mailboxes Storage Design Flexibility 7 SATA/Tier 2 Disk Optimization RAID-less Storage (JBOD) Microsoft Confidential Store schema = the way the store organizes data in the Extensible Storage Engine (ESE) Database Exchange Server 2010 (Beta): One simple theme Move away from doing many. random.IO Reduction Sequential IO Large. small size. disk IOs to doing fewer. disk IO's Significant Benefits Fast/efficient… Outlook Web Access (OWA)/Outlook Online Mode End user viewing for “cold” states/first time view creation Calendar operations Search performance Outlook cached mode/Exchange Active Sync OST sync = sequential IO Exchange ActiveSync Server (EAS) sync = sequential IO Server management Move mailbox Content Index Crawls 8 Microsoft Confidential 4 . Fast.

xls Ann:Pic. small size. large size.doc Joe:Inbox:H1 Joe:Inbox:H2 Joe:Inbox:H3 Secondary Indexes used for Views Per Database Per Mailbox Message Header Table Per View View Tables (e. From) Mailbox Table Folders Table Body Table Exchange Server 2010 (Beta) Jeff’s Mbx Ann’s Mbx Joe’s Mbx Joe:Inbox Joe:Drafts Joe:Unread Joe:H10 Joe:H302 Joe:H920 Microsoft Confidential Joe:Msg10 Joe:Help.bmp Joe:Help.doc Joe:Msg302 Joe:H920 Joe:H302 Joe:H10 9 New store schema = no more single instance storage within a database Mailbox Inbox Calendar Drafts For Follow-up DL Mail Exchange Server 2007 M1 M3 M5 M4 M2 Many.g. IOs 5 . IOs Random Mailbox DL Mail Exchange Server 2010 (Beta) Calendar Drafts For Follow-up Inbox 10 M1 M2 M3 M4 M5 Microsoft Confidential Sequential Fewer.Per Database Message Table (Msg) Attachments Table Per Folder Message/Folder Table (MFT) Mailbox Table Folders Table Exchange Server 2007 Jeff’s Mbx Ann’s Mbx Joe’s Mbx Jeff:Inbox Ann:Drafts Joe:Unread Joe:Msg10 Jeff:Msg32 Ann:Msg180 Jeff:Excel.

small size. sequential.Exchange Server 2007 B+ Tree 1078 92 4577 6 872 7210 3278 21 9346 Many. IOs (1 per 8K page) Exchange Server 2010 (Beta) B+ Tree 1078 1079 1080 1081 1082 1083 3456 3457 3458 Fewer. IOs (1 per view) 6 . larger size. random. IOs (1 per update) M2 arrives M1 flagged M3 arrives M2 deleted DB I/O M1 arrives Time User uses OWA/Outlook Online and switches to this view Exchange 2010 Pay to Play Approach All Unread or Flagged items (view) M1 M2 M1 M3 M2 Fewer. sequential IOs 11 Microsoft Confidential Exchange 2007 Nickel & Dime Approach All Unread or Flagged items (view) M1 M2 M1 M3 M2 Many.

IOs done together Logical separate table—so many. spanning N pages (N ≈100) Headers for an entire mailbox kept in a single table—hence fewer. large sized. IOs (1 for each page) Headers for each folder kept in Exchange Server 2010 (Beta) Excellent physical contiguity of leaf pages—so fewer. large sized.How do you move from random IO to sequential IO? Element Physical Contiguity (ESE) Exchange Server 2007 Poor physical contiguity of leaf pages—hence many. Contiguity (Store) small size. small size. small size. large size IOs. IOs spread over time Microsoft Confidential Temporal Contiguity (View) 13 Optimize for new store schema Allocate database space in contiguous manner (table space hints) Maintain database contiguity over time (online defrag refactored) Utilize space efficiently (database compression) Increase database (DB) IO Size DB page size increased from 8 kilobyte (KB) to 32 KB Improved read/write IO coalescing (Gap coalescing) Provide improved async read capability (pre-read) Increase cache effectiveness (milestone=R4) 100 megabyte (MB) checkpoint depth (HA configurations only) Cache compression (dehydration) DB cache priority (fast evict) 14 Microsoft Confidential 7 . IOs spread over many tables All views and indexes updated each time a mail is delivered— so many. IOs on a single table Views and indexes updated only when they are accessed by user—so fewer.

pages are zeroed by default Database is compacted and space reclaimed at run-time—auto-throttled Database is analyzed for contiguity and space at run time and is defragmented in the background (B+Tree Defrag/OLD2)—autothrottled Two options (both Active and Passive copies): 1. manual throttle—active DB copy only Database B+Tree Defragmentation (aka OLD2): Background/throttled process that maintains space and contiguity of database tables 16 Microsoft Confidential 8 . Run DB Checksum in the background 24x7 (default). ½ of OLD maintenance window reserved for sequential scan (Checksum).Database table space allocation hints Allocate DB space based on either data compactness or data contiguity (based on usage pattern) Space Contiguity Page X Msg Header Page Y Page Z Event History DB Cache Msg Header Space Compactness Page 1 Used Page Page 2 Event History Disk Page 3 Used Page Page 4 Msg Header Page 5 Msg Header Contiguity Random/Compact 15 Sequential/Bloat Microsoft Confidential New Database Maintenance Architecture: ESE Function Cleanup (deleted items/mailboxes) Space Compaction (deleted items/mailboxes) Maintain Contiguity (defragmentation) Exchange Server 2007 Service Pack 1 (SP1) Cleanup performed during Online Defrag (OLD) which occurs during Online Maintenance (OLM) time window Database is compacted and space reclaimed during Online Defrag (OLD) N/A: Contiguity is compromised by space compaction Exchange Server 2010 (Beta) Cleanup performed at run time (when hard delete occurs)—happens during Store dumpster cleanup (OLM). Sequential IO 2. Sequential IO Database Checksum When configured. Run DB Checksum during OLM window.

B+Tree Defrag and 32 KB page size combine to increase DB file size by 20% Solution: Growth is 100% mitigated by Database Compression Targeted compression for message headers and text/html bodies (7bit/Express) DB File Size Comparison DB Space Analysis Counts E2K7 SP1 750 14754 60852 3 85784 28486144 85. Message size = ~50KB 9 .20 1. 750 x 250MB mailboxes RTF = RTF Compressed.00 E2K7/RTF E14/RTF E14/Mix E14/HTML 1. space hints.7% 14.0% Mailbox Count 1.50 1.9% E2010 750 92435 37652 5 4557 5814032 86. 15% RTF.00 0.Exchange Server 2007 Message Header Table (aka MFT) DB Page Numbers FRAGMENTED Random deletes at the tail Exchange Server 2010 (Beta) Message Header Table (aka MsgHeader) CONTIGUOUS *Production/Dogfood database analysis 17 Microsoft Confidential Blue = contiguous (good) Red = fragmented (bad) Problem: Store Schema change.3% 84.50 0. 8% Text Avg.88 Internal Trees LV Trees Secondary Indexes Pages Used Pages (%) Available Pages (%) Msg Table (% space) Msg Views 32KB Pages 18 Microsoft Confidential 1 Database. Mix = 77% HTML.00 Tables 0.3% 80.00 1.7% 13.

Msg Body Page 2 (32KB) X 19 Microsoft Confidential Exchange Server 2007 DB Read Behavior 3 Read IO’s Page 1 Page 3 Msg Body Page 5 Msg Body DB Cache Msg Header Disk Page 1 Msg Header Page 2 X Page 3 Msg Body Page 4 X Page 5 Msg Body Exchange Server 2010 (Beta) DB Read Behavior 1 Read IO Page 1 Page 2 Temp Buffer Page 3 Msg Body Page 4 Temp Buffer Page 5 Msg Body DB Cache Msg Header Disk Page 1 Msg Header Page 2 X Page 3 Msg Body Page 4 X Page 5 Msg Body 20 Microsoft Confidential 10 .Exchange Server 2007 DB Read 20 KB Message 3 Read IO’s Page 1 Page 3 Msg Body Page 5 Msg Body DB Cache Msg Header Disk 8 KB Pages Page 1 Msg Header Page 2 X Page 3 Msg Body Page 4 X Page 5 Msg Body Exchange Server 2010 (Beta) DB Read 20 KB Message 1 Read IO DB Cache Page 1 (32KB) Msg Header. Msg Body Disk 32 KB Pages Page 1 (32KB) Msg Header.

2k SATA. 1x 750GB 7. no caching array controller 22 Microsoft Confidential 11 .Exchange Server 2007 DB Write Behavior DB Cache Page 1 Page 2 Page 3 Page 4 Page 5 Dirty Clean Dirty Clean Dirty Writes spaced out over time Disk DB Cache Page 1 Page 2 Page 3 Page 4 3 Write IO’s Exchange Server 2010 (Beta) DB Write Behavior Page 5 Dirty Clean Dirty Clean Dirty 1 Write IO Disk 21 Microsoft Confidential IO Latency increases with IO size Random DB IO Latency Based on Size 25 20 Exchange Server 2010 (Beta) Max IO Size = 256KB for Read 384KB for Write IO Latency (ms) 15 Read Write 10 5 0 0 128 256 384 512 640 768 896 1024 IO Size (KB) SqlIO Test.

Outlook 2007 Online Very Heavy Profile Checkpoint Depth (MB) Deep checkpoint risks = long store shutdown times. long crash recovery times Risk mitigation: shutdown databases in parallel. 3MB DB Cache/user. Loadgen Outlook 2007 Online Very Heavy Profile. 250MB Mailbox Size (build 405) 12 .Checkpoint depth = the amount of data that has yet to be committed to the database file (edb) Exchange Server 2010 (Beta) default checkpoint depth max is increasing from 20 MB to 100 MB only on databases within an HA solution (standalone still 20 MB) Deep checkpoint benefit = efficient DB writes (40% reduction) 100MB Checkpoint Depth = 40% DB write IO reduction 120 100 80 60 40 20 0 20 40 60 80 100 DB Writes/sec (avg) Database Pages Repeatedly Written/sec Loadgen Test: 3000 Mailbox. failover on store crash 23 Microsoft Confidential DB IOPS 500 450 400 350 300 250 200 150 100 50 0 Exchange Server 2007 Exchange Server 2010 (Beta) 24 +70% Reduction! DB Read IO/Sec DB Write IO/Sec DB IO/Sec Microsoft Confidential 3000 Mailboxes. 12 DB.

Loadgen load generating 250 RPC Operations/second.11 +90% Reduction! Exchange Server 2003 Exchange Server 2007 Exchange Server 2010 (Beta) 25 Microsoft Confidential Problem: DB write bursts negatively affect DB read and Log write latency The more write IOs issued at a time.8 0.4 0.6 0.2 0 Exchange Server 2003 Exchange Server 2007 Exchange Server 2010 (Beta) 0. the more disk contention IO Latency Based on Max DB Write IO’s (ms) 120 100 80 Latency (ms) DB Read IO 80 63 69 Log Write 40 35 IO 42 85 91 114 E2K7=96 Maximum write Queue depth (global) 60 40 20 0 2 31 18 20 4 8 16 32 64 Maximum DB Write IO's Issued Single 7.2k SATA disk. ~50 IOPS 26 Microsoft Confidential 13 .33 0.DB IOPS/Mailbox 1 1 0. logs/db on same spindle.

1 3.7 5.25x of checkpoint target.24x of checkpoint target.1 0.2k SATA disks (DB/Logs on same spindles). 3MB DB Cache/user. the more aggressively we raise the max outstanding DB writes/LUN (maximum = 512/LUN) 20 MB Max Checkpoint Example 40 Max Outstanding DB Writes vs. 12 x 7. ratchet up max outstanding DB writes/LUN The further behind on checkpoint. Limit Max Outstanding DB writes/LUN to 1 When checkpoint depth meets or exceeds 1. Loadgen Outlook 2007 Online Very Heavy Profile 14 . Checkpoint Depth Max Outstanding DB Writes 35 30 25 20 15 10 5 0 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 Works for both JBOD SATA and RAID10 SAN! Log Checkpoint Depth (MB) 27 Microsoft Confidential Exchange Server 2010 (Beta) Smooth DB IO Benefit 49 50 45 40 35 34 DB Read Latency (ms) Log Write Latency (ms) RPC Average Latency 50% Reduction! 30 25 20 15 10 5 0 Exchange Server 2010 (Beta) Baseline 28 10.Throttle DB writes based on checkpoint target (QoS) When checkpoint depth equals 1x ->1.7 Exchange Server 2010 (Beta) Smooth DB IO Microsoft Confidential 3000 Mailboxes.

12 x 7.2K SATA) +4X Mailboxes/Disk! +500 125 Exchange Server 2007 Exchange Server 2010 (Beta) Microsoft Confidential 29 250 MB Mailbox Size.2k SATA disks (DB/Logs on same spindles).g. RAID10) cannot be leveraged Disk failure = database failover (~30 second outage) Re-enabling resiliency = spare disk assignment/partitioning/format/DB reseed (scriptable) Soft disk errors (bad blocks) must be detected and repaired Microsoft Confidential 15 . 3MB DB Cache/user. measured at <20ms RPC Average latency JBOD : 1 disk = 1 database (with logs) Requires Exchange Server 2010 (Beta) High Availability (3+ DB Copies) Annual Disk Failure Rate (AFR) = 5% JBOD Advantages Reducing Storage Costs/Complexity Eliminates unnecessary DB copies: server and storage redundancy can be symmetrical Reduces disk IO: eliminates RAID write penalty Enables simple storage design: 1 disk = 1 database (with logs) Enables simple storage failure recovery 30 JBOD Challenges Exchange HA/storage must replace RAID functionality Disk striping performance (e. Loadgen Outlook 2007 Online Very Heavy Profile.Mailboxes/Disk (7.

Improve HA storage failure detection and failover Optimize HA failovers/switchovers

HA now detects storage failures and automatically fails over (~30 seconds) ESE tuned to leverage DB cache between passive->active transitions (cache warming) Active/passive copy background scan (checksum) Active/passive copy lost write detection Utilize DB passive copy for seeding source (R4 feature) Avoid re-seed by using single page restore (active and passive) (R4 feature)

Improve storage failure detection (bad blocks/corruption)

Improve database seeding/repair
31

Microsoft Confidential

What is a lost flush? A DB write IO that the disk subsystem/OS returned as completed did not actually get written to media or was written in the wrong location (aka lost write). Why are they so bad? Your database may be logically corrupt and you do not know it! How can they be detected in Exchange Server 2010 (Beta)? Two methods: 1. In memory flush map (active and passive): memory overhead of 2 bits/page—event ID 530 is fired when detected (-1119) and page can be patched.
Perfmon Counter: MSExchange Database - > Database Pages Lost Flush Detection %: The percentage of database pages which have valid lost flush detection information recorded.

2.
32

Database recovery: event is fired (ID 516: timestamp mismatch, (567)) and database must be re-seeded.
Microsoft Confidential

16

1.

Page corruption detected on Active Copy (e.g. -1018)

Database Availability Group (DAG)
Mailbox Server Node 1 Mailbox Server Node 2 Mailbox Server Node 3

2.

Active DB places marker in log stream to notify passive copies to ship up to date page Passive receives log and replays up to marker, retrieves good page, invokes Replay Service callback and ships page Active receives good page, writes page to log, DB page is patched Subsequent page repair from additional copies ignored

3.

DB1-Active

DB1-CopyA

DB1-CopyB

Log Page1 Page2 Page3
Database

Log Page1 Page2 Page3
Database

Log Page1 Page2 Page3
Database

4.

5.

33

Microsoft Confidential

1.

Page corruption detected on DB Passive Copy (e.g. 1018) Passive copy pauses log replay (log copying continues) Passive retrieves the corrupted page # from the active using DB seeding infrastructure Passive copy waits till log file which meets max required generation requirement is copied/inspected, then patches page Passive resumes log replay

Database Availability Group (DAG)
Mailbox Server Node 1 Mailbox Server Node 2 Mailbox Server Node 3

2.

DB1-Active

DB1-CopyA

DB1-CopyB

3.

Log Page1

Log Page1 Page2 Page33
Database

Log Page1 Page2 Page3
Database

4.

Page2 Page3
Database

5.
34

Microsoft Confidential

17

SAN
HA = Shared Storage Clustering +1.0 IOPS/Mailbox 3.5” 15K 146GB FC Disks RAID10 for DB & Logs Dedicated Spindles Multi-path (HBA’s, FC Switches, SAN array controllers) Backup = Streaming off active Fast Recovery = Hardware VSS (Snapshots/Clones)

DAS (SAS)
HA = CCR .33 IOPS/Mailbox 2.5” 146GB 10K SAS Disks RAID5 for DB RAID10 for Logs SAS Array Controller (/w BBU) Backup = VSS Snapshot Fast Recovery = CCR

DAS (SATA)
HA = DAG (2 DB copies) .11 IOPS/Mailbox 3.5” 2TB 7.2K SATA/SAS Disks RAID10 for DB & Logs SAS Array Controller (/w BBU) Backup = Optional/VSS Fast Recovery = Database Failover

JBOD (SATA)
HA = DAG (3+ DB copies) .11 IOPS/Mailbox 3.5” 2TB 7.2K SATA/SAS Disks 1 DB = 1 Disk SAS Array Controller (/w BBU) Backup = Optional/VSS Fast Recovery = Database Failover

35

More options to reduce storage cost

Exchange Online archive provides mailbox storage flexibility
One mailbox per user or two

Exchange Server 2010 (Beta) optimized for DAS storage but SAN storage is supported
IOPS reductions/SATA optimizations enable lower performing storage Exchange Server 2010 (Beta) HA architected for DAS (simpler)

JBOD* and RAID storage support Exchange Server 2010 (Beta)optimized for Tier 2 (SATA) disks but Enterprise disks are supported SSD/Flash storage supported but not recommended for mainstream due to high $/GB Max 100 databases/server, storage groups are gone Max recommended DB Size = 2 TB* Max recommended folder Item Count = 100 K**
*3 copy High Availability only ** Assuming no 3rd party applications (OWA/Outlook Online)
36

Microsoft Confidential

18

Storage Guidance

Stand Alone

Exchange Server (Beta) 2010 HA (2 copies)

Exchange Server 2010 (Beta) HA (3+ copies)

Storage Type Disk Type RAID RAID Type DB/Log Isolation Windows Disk Type Partition Type Partition Alignment File System NTFS Allocation Unit Size Encryption Support
37

DAS, SAN (Fibre Channel, iSCSI) SAS, Fibre Channel, SATA , SSD RAID recommended RAID-1/0, RAID-5, RAID-6 Best Practice Basic (recommended), Dynamic GPT (recommended), MBR Windows 2008 Default (1MB) NTFS 64 KB for both database and log volumes Outlook Protection Rules, Bitlocker
Microsoft Confidential

RAID optional JBOD Not required

Exchange Server 2010 (Beta) store has…
Reduced DB IOPS by +70%...again! Optimized for large mailboxes (+10 GB) and 100K item counts Optimized for large/slow/low-cost disks (SATA/Tier2) Made JBOD/RAID-less storage a viable option Enables unmatched storage flexibility to push storage Capex costs down

38

Microsoft Confidential

19

39

Microsoft Confidential

40

Microsoft Confidential

20

Random Delete 3.New Exchange Server 2010 (Beta) behavior… 1. Defragmentation Mailbox Messages M1 M3 M5 M7 M10 M11 M12 M13 M14 M15 Contiguous 41 Microsoft Confidential Simplified mailbox High Availability and disaster recovery with new unified platform San Jose Mailbox Server Recover quickly from disk and database failures DB1 DB2 DB3 DB4 DB5 New York Mailbox Server DB1 DB2 DB3 DB4 DB5 Mailbox Server DB1 DB2 DB3 DB4 DB5 Replicate databases to remote datacenter Evolution of continuous replication technology (database mobility) Easier than traditional clustering to deploy and manage Allows each database to have 16 replicated copies Provides full redundancy of Exchange roles on as few as two servers 42 Microsoft Confidential 21 . Delivery Mailbox Messages M1 M2 M3 M4 M5 M6 M7 M8 M9 M10 Contiguous M1 M2 M3 M4 M5 M6 M7 M8 M9 M10 Fragmented 2.

Supported. RAID1 JBOD. 25% Read Cache (with Battery Backed Cache) Best Practice (for recoverability) = separate database file (. not recommended 64KB for both edb and log volumes Not Supported for Exchange Database files Not Supported for Exchange Database files Supported for all Exchange database and log files Recommended Supported Recommended Supported Windows 2008 Default: 1MB Drive Letter or Mount Point (mount point host volume must be RAID’d) NTFS support only Not required. 25% Read Cache (with Battery Backed Cache) Supported Supported. not recommended 64KB for both edb and log volumes Not Supported for Exchange Database files Not Supported for Exchange Database files Supported for all Exchange database and log files 44 Microsoft Confidential 22 . RAID10. RAID10 256KB 75% Write Cache. RAID10 256KB 75% Write Cache. 3+ Database copies Supported Supported. Best Practice = Do not place both database copies on the same physical spindles. JBOD = one DB file/volume is recommended RAID = based on backup methodology.AD site: Dallas AD site: San Jose Client DB1 DB3 Mailbox Server 6 CAS/HUB DB5 Mailbox Server 1 Mailbox Server 2 Mailbox Server 3 Mailbox Server 4 Mailbox Server 5 Database Availability Group (DAG) DB1 DB2 DB3 DB4 DB5 DB1 DB2 DB3 DB4 DB5 DB1 DB2 DB3 DB4 DB5 43 Microsoft Confidential Exchange 2010 Storage Guidance Storage Type Direct Attached Storage (DAS) Storage Area Network (SAN): iSCSI Stand Alone Supported Supported. RAID10. Database Files/Volume Log Streams/Volume Windows Disk Type Basic Disk Dynamic Disk Partition Type GUID Partition Table (GPT) Master Boot Record (MBR) Partition Alignment Volume Path File System NTFS Defragmentation NTFS Allocation Unit Size NTFS Compression NTFS Encrypted File System (EFS) Windows Bitlocker (volume encryption) Based on backup methodology Based on backup methodology Based on backup methodology Based on backup methodology RAID = based on backup methodology. Best Practice = Do not place both database copies on the same physical spindles. Supported. RAID10 256KB 75% Write Cache. Best Practice = Do not share physical disks backing Exchange data with other applications. JBOD = one log stream/volume is recommended Recommended Supported Recommended Supported Windows 2008 Default: 1MB Drive Letter or Mount Point (mount point host volume must be RAID’d) NTFS support only Not required.edb) and logs from same Database can share Database on to different volumes backed by different physical disks (. Best Practice = Do not share physical disks backing Exchange data with other applications. Not Supported Supported. RAID1 RAID1. RAID1 RAID1. RAID10. This is a best practice for volumes backed by different physical disks JBOD/RAID'less storage scenario where one or more volumes store the edb and log files backed by the same physical disk. Best Practice = Do not share physical disks backing Exchange data with other applications. Best Practice = Do not share physical disks backing Exchange data with other applications. Not Supported Supported. 25% Read Cache (with Battery Backed Cache) Storage Area Network (SAN): Fiber Channel (FC) Network Attached Storage (NAS): SMB Physical Disk Type SATA Not Supported Supported. Best Practice = Do not share physical disks backing Exchange data with other applications. requires battery backed caching array controller for data integrity Supported Supported Supported Not Supported RAID recommended RAID5/6. Database Availability Group: 2 nodes. RAID1. 2 Database copies Database Availability Group: 3+ nodes. Supported.edb) and logs from same Best Practice (for recoverability) = separate database file Database file (. requires battery backed caching array controller for data integrity SAS FC SSD (Flash Disk) Physical Disk Write Caching (enabled) Storage RAID EDB Volume Log Volume Disk Array RAID Stripe Size (kb) Storage Array Cache Settings Database/Log file placement Database/Log Isolation Supported Supported Supported Not Supported RAID recommended RAID5/6. Best Practice = Do not share physical disks backing Exchange data with other applications.edb) and logs from same Database on to different same volume and same physical disk. requires battery backed caching array controller for data integrity Supported Supported Supported Not Supported RAID optional JBOD. RAID5/6. not recommended 64KB for both edb and log volumes Not Supported for Exchange Database files Not Supported for Exchange Database files Supported for all Exchange database and log files Recommended Supported Recommended Supported Windows 2008 Default: 1MB Drive Letter or Mount Point (mount point host volume must be RAID’d) NTFS support only Not required.

IMPLIED OR STATUTORY. and/or other countries. Microsoft. Because Microsoft must respond to changing market conditions. All rights reserved. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. EXPRESS. 23 .© 2009 Microsoft Corporation. MICROSOFT MAKES NO WARRANTIES. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.S. Windows. AS TO THE INFORMATION IN THIS PRESENTATION. it should not be interpreted to be a commitment on the part of Microsoft. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.

Exchange Server 2010 (Beta) Ignite Module Number 11 Microsoft Corporation Review of Exchange Server 2007 Availability Solutions Overview of Exchange Server 2010 (Beta) High Availability Exchange Server 2010 (Beta) High Availability Fundamentals Exchange Server 2010 (Beta) High Availability Architecture Scenarios Exchange Server 2010 (Beta) Site Resilience 2 Microsoft NDA Only 1 .

SCC restarts store on the same machine. no CMS failover SCC does not automatically recover from storage failures SCC does not protect your data. the relatively easy components to recover Supports rolling upgrades without losing redundancy 4 Microsoft NDA Only 2 . your most valuable asset SCC does not protect against site failures SCC redundant network is not leveraged by CMS Conclusion SCC only provides protection from server hardware failures and bluescreens.Exchange Server 2007 Availability Solutions 3 Microsoft NDA Only Single Copy Cluster (SCC) out-of-box provides little high availability value On Store failure.

Inspect logs Database Log E00.log E0000000011. Copy logs 3. ActiveSync.2.log E0000000012.log Log Database 1. Replay logs Local Cluster File Share Standby Log shipping to a local disk Log shipping within a cluster Log shipping to a standby server or cluster 5 Microsoft NDA Only Outlook (MAPI) client AD site: San Jose OWA. no GUI Clustering knowledge required Database failure requires server failover Windows cluster Windows cluster DB1 DB2 DB3 DB1 DB2 DB3 DB4 DB5 DB6 DB4 DB5 DB6 6 Microsoft NDA Only 3 . or Outlook Anywhere Manual “activation” of remote mailbox server Mailbox server can’t co-exist with other roles AD site: Dallas Client Access Server DB4 DB5 Standby Server DB6 Client Access Server SCR CCR #1 Node A CCR #1 Node B CCR #2 Node A CCR #2 Node B SCR managed separately.

Windows Failover Cluster Default Cluster Group • Cluster IP Address • Cluster Name • Cluster Quorum Clustered Mailbox Server (CMS) • CMS IP Address • CMS Name • CMS resources (exres.dll) • CMS disk resources Cluster Database Cluster Networks Database Availability Group Active Manager •PAM •SAM Windows Failover Cluster Default Cluster Group • Cluster IP Address • Cluster Name • Cluster Quorum DAG Networks Cluster Database 4 .

Database Availability Group Mailbox Server GetMailboxDatabaseCopyStatus Mailbox Server GetMailboxDatabaseCopyStatus Mailbox Server GetMailboxDatabaseCopyStatus MoveActiveMailboxDatabase MoveActiveMailboxDatabase MoveActiveMailboxDatabase Primary Active Manager Standby Active Manager Standby Active Manager Storage Storage Storage Overview of Exchange Server 2010 (Beta) High Availability 10 Microsoft NDA Only 5 .

Reduce complexity Reduce cost Native solution .no single point of failure Improve recovery times Support larger mailboxes Support large scale deployments Make High Availability Exchange deployments mainstream! 11 Microsoft NDA Only Improved mailbox uptime • • • • • • Improved failover granularity Simplified administration Incremental deployment Unification of CCR + SCR Easy stretching across sites Up to 16 replicated copies Key Benefits  Easier and cheaper to deploy  Easier and cheaper to manage  Better Service Level Agreements (SLAs) More storage flexibility • Further IO reductions • RAID-less/JBOD support  Reduced storage costs  Larger mailboxes Better end-to-end availability • Online mailbox moves • Improved transport resiliency 12  Easier and cheaper to manage  Better SLAs Microsoft NDA Only 6 .

AD site: Dallas Client All clients connect via CAS servers Client Access Server DB1 DB3 AD site: San Jose Mailbox Server 6 DB5 Client Access Server Easy to stretch across sites Mailbox Server 1 Mailbox Server 2 Mailbox Server 3 Mailbox Server 4 Mailbox Server 5 Failover managed within Exchange DB1 DB2 DB3 DB4 DB5 DB1 DB2 DB3 DB4 DB5 DB1 DB2 DB3 DB4 DB5 Database centric failover 13 Microsoft NDA Only Exchange Server 2010 (Beta) High Availability Fundamentals 15 Microsoft NDA Only 7 .

Exchange Administrative Group Database Availability Groups DAG 1 Servers Databases Server 1 Database 1 16 Microsoft NDA Only Database Copy 1 17 Microsoft NDA Only 8 .

cluster database Defines the boundary of database replication Defines the boundary of failover/switchover (*over) Defines boundary for DAG’s Active Manager Mailbox Server 1 19 Mailbox Server 2 Mailbox Server 3 Mailbox Server 4 Mailbox Server 16 Microsoft NDA Only 9 .Database Availability Group (DAG) Server Database Database Copy Active Manager (AM) RPC Client Access service DAG 18 Microsoft NDA Only A group of up to 16 servers hosting a set of replicated databases Wraps a Windows Failover Cluster Manages servers’ membership in the group Heartbeats servers. quorum.

Unit of membership for a DAG Hosts the active and passive copies of multiple mailbox databases Executes Information Store. etc.. Assistants. CI. services on active mailbox database copies Executes replication services on passive mailbox database copies Mailbox Server 1 Mailbox Server 2 Mailbox Server 3 DB1 DB2 DB3 DB4 DB1 DB2 DB3 DB4 20 Microsoft NDA Only Provides connection point between Information Store and RPC Client Access Very few server-level properties relevant to HA Server’s Database Availability Group Server’s Activation Policy RCA Mailbox Server 1 Mailbox Server 2 Mailbox Server 3 DB1 DB2 DB3 21 DB4 DB1 DB2 DB3 DB4 Microsoft NDA Only 10 .

Unit of *over A database has 1 active copy – active copy can be mounted or dismounted Maximum # of passive copies == # servers in DAG – 1 Mailbox Server 1 Mailbox Server 2 Mailbox Server 3 DB1 DB2 DB3 DB4 DB1 DB2 DB3 DB4 DB1 22 Microsoft NDA Only ~30 seconds database *overs Server failover/switchover involves moving all active databases to one or more other servers Database names are unique across an forest Defines properties relevant at the database level GUID: a Database’s unique ID EdbFilePath: path at which copies are located Servers: list of servers hosting copies 23 Microsoft NDA Only 11 .

Availability Terms Active: Selected to provide email services to clients Passive: Available to provide email services to clients if active fails Replication Terms Source: Provides data for copying to a separate location Target: Receives data from the source 24 Microsoft NDA Only Scope of replication A copy is either source or target of replication at any given time A copy is either active or passive at any given time Only 1 copy of each database in a DAG is active at a time A server may not host >1 copy of a any database Mailbox Server 1 Mailbox Server 2 DB1 DB2 DB3 25 X Microsoft NDA Only DB1 DB2 DB1 DB3 12 .

Initializing. Dismounted. Disconnected.Defines properties applicable to an individual database copy Copy status: Healthy. FailedandSuspended.g. Mounted. Failed.. Resynchronizing. Suspended. RPC Client Access and Hub Transport) Information stored in cluster database 13 . Seeding ActiveCopy CopyQueueLength ActivationSuspended ReplayQueueLength 26 Microsoft NDA Only Exchange-aware resource manager (high availability’s brain) Runs on every server in the DAG Manages which copies should be active and which should be passive Definitive source of information on where a database is active or mounted Provides this information to other Exchange components (e.

Active Directory is still primary source for configuration info Active Manager is primary source for changeable state information (such as active and mounted) Replication service monitors health of all mounted databases. and monitors ESE for IO errors or failure Primary Active Manager (PAM) Runs on the node that owns the default cluster group (quorum resource) Gets topology change notifications Reacts to server failures Selects the best database copy on *overs Standby Active Manager (SAM) Runs on every other node in the DAG Responds to queries from other Exchange components for which server hosts the active copy of the mailbox database 14 .

Continuous replication has the following basic steps: Database copy seeding of target Log copying from source to target Log inspection at target Log replay into database copy 30 Microsoft NDA Only There are three ways to seed the target instance: Automatic Seeding Requires 1st log file containing CreateDB record Update-MailboxDatabaseCopy cmdlet Can be performed from active or passive copies Manually copy the database 31 Microsoft NDA Only 15 .

the file will be recopied and inspected (up to 3 times) If the log file passes inspection it is moved into the database copy’s log directory 33 Microsoft NDA Only 16 .log files to ExxOutofDate folder that exist on target if it was previously a source If inspection fails.Log shipping in Exchange Server 2010 (Beta) leverages TCP sockets Supports encryption and compression Administrator can set TCP port to be used Replication service on target notifies the active instance the next log file it expects Based on last log file which it inspected Replication service on source responds by sending the required log file(s) Copied log files are placed in the target’s Inspector directory 32 Microsoft NDA Only The following actions are performed to verify the log file before replay: Physical integrity inspection Header inspection Move any Exx.

Log replay has moved to Information Store The following validation tests are performed prior to log replay: Recalculate the required log generations by inspecting the database header Determine the highest generation that is present in the log directory to ensure that a log file exists Compare the highest log generation that is present in the directory to the highest log file that is required Make sure the logs form the correct sequence Query the checkpoint file. then the database will mount with zero data loss If unsuccessful (lossy failure). if one exists Replay the log file using a special recovery mode (undo phase is skipped) 34 Microsoft NDA Only In the event of failure. it will run through divergence detection and perform an incremental reseed or require a full reseed Microsoft NDA Only 17 .ACLL If successful. the following steps will occur for the failed database: Active Manager will determine the best copy to activate The Replication service on the target server will attempt to copy missing log files from the best ―source‖ . then the database will mount based on the AutoDatabaseMountDial setting 35 The mounted database will generate new log files (using the same log generation sequence) Transport Dumpster requests will be initiated for the mounted database to recover lost messages When original server or database recovers.

Active Manager selects the ―best‖ copy to activate when the active fails Ignores servers that are unreachable or activation is temporarily or regularly blocked Sorts copies by currency to minimize data loss Breaks ties during sort based on Activation Preference Selects from sorted list based on copy status of each copy—if the criteria does not identify a copy that can be activated, then the next set of criteria is tried:

36

Microsoft NDA Only

Incremental reseed scenario
Active DB1 on server1 fails Passive DB1 on server3 takes over service Sometime later, failed DB1 on server1 comes back as passive – contains inconsistent data Make DB1 on server1 consistent with new active

Transaction logs of active and failed copy are compared to find divergence point Determines from logs the database pages that changed after divergent point Copies database pages from active to failed copy, then play new logs, until in-sync Mailbox Mailbox Mailbox Replaces Exchange Server Server 1 Server 2 Server 3 2007’s Lost Log Resilience (LLR)
LLR is set to 1
37

Microsoft NDA Only

DB1

X

DB1

DB1

18

Streaming backup APIs for public use have been cut, must use Volume Shadow Copy Service (VSS) for backups Backup from any copy of the database/logs Always choose Passive (or Active) copy Backup an entire server Designate a dedicated backup server for a given database Restore from any of these backups scenarios
Database Availability Group

Mailbox Server 1

Mailbox Server 2

Mailbox Server 3

DB1 DB2 DB3
38

DB1 DB2 DB3

DB1 DB2 DB3

VSS requestor
Microsoft NDA Only

Site/server/disk failure Archiving/compliance Recover deleted items

Exchange Server 2010 (Beta) HA E-mail archive Extended/protected dumpster retention

Database Availability Group

Mailbox Server 1

Mailbox Server 2

Mailbox Server 3 7-14 day lag copy

DB1 DB2 DB3

DB1 DB2 DB3

DB1 DB2 DB3

X
19

39

Microsoft NDA Only

Exchange Server 2010 (Beta) High Availability Design Examples
40

Microsoft NDA Only

File Share

File Share

File Share

File Share

File Share

41

Microsoft NDA Only

20

2 servers out -> manual Single Site activation of server 3 3 Nodes In 3 server DAG, quorum is lost 3 HA Copies DAGs with more servers sustain JBOD -> 3 physical Copies more failures – greater resiliency
Mailbox Server 1

Mailbox Server 2

X
X
Microsoft NDA Only

Mailbox Server 3

Database Availability Group (DAG)
42

CAS/HUB/ MAILBOX 1

CAS/HUB/ MAILBOX 2

Member servers of DAG can host other server roles

DB2

2 server DAGs, with server roles combined or not, should use RAID

43

Microsoft NDA Only

21

Exchange Server 2010 (Beta) Site Resilience
44

Microsoft NDA Only

Within a datacenter
Database *over Server *over

Between datacenters
Single database *over Server *over

Datacenter failover (which is really a switchover)
45

Microsoft NDA Only

22

Database mounted in another datacenter and another Active Directory site Serviced by ―new‖ Hub Transport servers ―Different OwningServer‖ – for routing Transport dumpster re-delivery now from both Active Directory sites Serviced by ―new‖ CAS ―Different CAS URL‖ – for protocol access Outlook Web Access (OWA) now re-directs connection to second CAS farm Other protocols proxy or redirect (varies) 46 Microsoft NDA Only GC HUB FSW Alt FSW MbxSvr1 MbxSvr2 DAG 47 Site: Redmond Microsoft NDA Only Site: Dublin HUB GC 23 .

―available topology‖ in the standby datacenter Exchange Server 2010 (Beta) provides a safe answer with ―datacenter activation coordination‖ (DAC) mode Requires a DAG with three nodes Requires activation in partial datacenter failure cases is ―done right‖ Mailbox servers must be ―stopped‖ or powered off Implements a ―Mommy may I protocol‖ before active manager mounts databases 49 Microsoft NDA Only 24 .Customers can evolve to site resilience Standalone  local redundancy  site resilience Consider name space design at first deployment Keep extending the DAG! Monitoring and many other concepts/skills just re-applied Normal administration remains unchanged No ―special‖ network requirements No single subnet requirements Disaster recovery not HA event 48 Microsoft NDA Only Two datacenter *overs have a risk of split brain Primary datacenter power outage is classic example Exchange Server 2010 (Beta) datacenter failovers maintain DAG membership but shrink cluster membership to create a new.

18.contoso.x ―Replication‖ Network AD Site Baltimore Outlook 2007/14 (MBX on DB1) 172.x.x.2. MBX-A-1 DB1 data center is capable of hosting service fails Verify primary fails Adjust DNS records for SMTP and HTTPS access and adjust CAS configuration (if necessary) 2. Mount databases in primary data center Unhealthy? Database Contoso. Schedule downtime for the mailbox databases and dismount them Legend Active Database 5.com Load Balance Array Records Edge-A Proxy-A 2.x ―Replication‖ Network AD Site Bel Air 25 .If DAC is not enabled.x. Automatic failovercenter servers back to DAG: Start-DatabaseAvailabilityGroup DAG1 –ActiveDirectorySite Baltimore Add primary data to MBX-A-2 Run Stop-DatabaseAvailabilityGroup DAG1 in primary data center: Set-DatabaseAvailabilityGroup DAG1 –FileShareWitnessShare 3.17.16. Databases mount (no activationaccess back to primary data center 6.x.com (MX Record) Autodiscover.1.x ―MAPI‖ Network DAG1 MBX-A-1 DB1 DB2 DB1 MBX-A-2 DB2 MBX-B-3 DB1 DB2 MBX-B-4 DB1 DB2 DB3 DB4 DB3 DB4 DB3 DB4 DB3 DB4 172.x Perimeter Network Proxy-B Edge-B 2. Change MX records and HTTP block scenario) Database Copy 7. the DAG will not restart and mount databases until a majority of servers are restored If DAC is enabled.x ―MAPI‖ Network DAG1 172.x. the ―Mommy May I Protocol‖ is used to coordinate with Active Managers in DAG to determine state and recoverability There are several requirements that must be satisfied to prevent split brain between datacenters after datacenter failover 50 Microsoft NDA Only Data Center Failure Failure Scenario: Database Failure Server Center Recovering Primary DataFailure Primary data center fails 1.19. Move databases back to primary data center: Move-ActiveMailboxDatabase DB1 –ActivateOnServer MBX-A-1 8.com Mail. Restore-DatabaseAvailabilityGroupoccur and update copies in primary data center Reseed data or allow replication to DAG1 –ActiveDirectorySite ―Bel Air‖ –AlternateFileShareWitnessShare \\htb\fsw 5.contoso.x. MBX-A-1 DB1 is fixed and Share Witness–ActiveDirectorySite Baltimore –ConfigurationOnly (in both data is DAG Reconfigurefixed to use File centers) becomes a copy \\ht-a\fsw 4.x Perimeter Network DC-A HT-A CAS-A CAS-B HT-B DC-B 172.

our goals are to make Exchange high availability: Easier and cheaper to deploy Easier and cheaper to manage Support better SLAs with faster and more granular recoveries Improve site resiliency support Our other goal is for highly available deployments to be mainstream! 52 Microsoft NDA Only 53 Microsoft NDA Only 26 .With each release.

54 Microsoft Confidential Non-Lagged Copies Has the log file been backed up (assuming no circular logging)? Is the log file below my checkpoint? Does the other non-lagged copies agree with deletion? Has the log file been inspected by all lagged copies? Yes  Truncate Lagged Copies Is the log file below my checkpoint? Is the log file older than ReplayLagTime + TruncationLagTime? Is the log file deleted on the source? Yes  Truncate 27 .

Microsoft. IMPLIED OR STATUTORY. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. Windows. 28 . MICROSOFT MAKES NO WARRANTIES. and/or other countries. AS TO THE INFORMATION IN THIS PRESENTATION.S. it should not be interpreted to be a commitment on the part of Microsoft. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. EXPRESS.© 2009 Microsoft Corporation. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. All rights reserved. Because Microsoft must respond to changing market conditions.

Exchange Server 2010 (Beta) Ignite Module Number 12 Microsoft© Corporation Recognize the Exchange Server 2010 (Beta) Management Tool set Understand Exchange Server 2010 (Beta) Management Tools new capabilities and application Understand Exchange Server 2010 (Beta) Role Based Access Control and how to delegate administrative function Discover the Exchange Server 2010 (Beta) control panel Learn how to manage an Exchange Server 2010 (Beta) server using Remote PowerShell 2 Microsoft Confidential 1 .

June 2008).IT organizations need to… Maximize efficiency Reduce cost The annual cost of helpdesk support staff for e-mail systems with 7. Ferris Research. (―Email Support Staff Requirements and Costs: A Survey of 136 Organizations‖. 3 Microsoft Confidential Empower Specialist Users to Perform Specific Tasks with Role-based Administration Compliance Officer Human Resources Help Desk Staff Conduct Mailbox Searches for Legal Discovery Update Employee Info in Company Directory Manage Mailbox Quotas 4 Microsoft Confidential 2 .500 mailboxes is approximately $20/mailbox. This cost goes up the smaller the organization.

recipient and server data Cannot create new roles hence too much functionality for decentralized IT environments—Unified Messaging. and danger of ACL bloat Permissions-based troubleshooting and related product support services (PSS) calls are really expensive No easy way to report who has permission or audit what was done 5 Microsoft Confidential MMC Powershell Cmdlets (Business logic) Process / Machine Boundary Store IIS Metabase AD Local Machine 6 Microsoft Confidential 3 . error prone. MoveMailbox. e-mail life cycle administrators need permissions to manage their functions without being granted full organization administration functionality Organization scope is too broad Too much permission required in order to delegate some operations (e.Exchange Server 2007 has only 3 big roles to modify only organization.g. Export-Mailbox) Permissions focused on Active Directory (AD) objects Objects don‘t always map 1:1 with tasks Unified Messaging administrators wants to manage Unified Messaging recipient data without being granted full write rights to all properties on the mailbox AD object Granting and delegation Exchange permissions is complex Customize access control lists (ACLs) manually which is complex.

Enabling Exchange management capability to match business needs Set many more out of the box roles matching typical business needs (e. records management administration) Ability to create custom roles Enable self-service management for IW (e. reporting and delegation of permissions Audit the execution of business operations Consistent.g. ECP) use RBAC authorization model Exchange Control Panel (ECP) New and simplified web based management console Targeted for end users. UM admin.0 8 Microsoft Confidential 4 . hosted tenants. EMC. not AD objects Define authorization grants as the actions a given user can perform over a set of resources Define scopes which determine the set of objects that can be accessed by the granted operations Remove direct rights on underlying storage Help deliver a first class management experience for Enterprise and Exchange Labs Reduce administration burden by supporting easy management. secure authorization model for Exchange management clients (ECP. and specialists Remote PowerShell Manage Exchange remotely using PS v2. helpdesk etc.g. self service role) Map authorization grants to operations. EMC) 7 Microsoft Confidential New Exchange Management Console features Role Based Access Control (RBAC) New authorization model that grants operations based on role or job function (e.) Easy to delegate and customize All Exchange management clients (EMS. recipient admin.g.

e. i.EMS MMC WinForms EMC Data Layer Powershell Remote Powershell Runspace Cmdlets (Business logic) Process / Machine Boundary Store AD IIS Metabase Local Machine 9 Microsoft Confidential Add Exchange Forests to the console tree Organizational health Community and feedback Command log (with export) Diagnostic logging Exchange help A feature based changes. DAG 10 Microsoft Confidential 5 .

Role based Access Control (RBAC) has replaced the permissions model used in Exchange Server 2007 Able to define precise or broad roles and assignments based on the tasks that need to be performed Includes self administration 11 Microsoft Confidential Management role Set A container for a grouping of management role entries Management role entries A cmdlet. that is added to a management role Management role scope Scope of influence or impact Management role assignment The assignment of a management role to a user or universal security group 12 Microsoft Confidential 6 . including its parameters.

with built-in role at the top 14 Microsoft Confidential 7 .Role (What) Role Assignment User or USG (Who) Scope (Where) 13 Microsoft Confidential Built-in administrative management roles Organization management View only organization management Recipient management GAL Sync management Unified Messaging management Unified Messaging recipient management Unified Messaging prompt management Discovery management Built-in self management roles My options My distribution group membership My distribution groups Custom roles can be added to suit specific delegation requirements Roles are hierarchical.

g. management role\cmdlet e. OrganizationManagement\Set-Mailbox e. and the name of the cmdlet i. DiscoveryManagement\Search-Mailbox Role entries can only be removed from a role 15 Microsoft Confidential Example: Defines the specific scope of impact or influence of a management role There two types of scopes – IMPLICIT and EXPLICIT Implicit scopes are default scopes that apply to a management role type Explicit scopes are self set to meet delegation requirements 16 Microsoft Confidential 8 .e.Example: A combination of the management role that they are associated with.g.

Apply a management role and the management role scope. the user or group specified gains access to the cmdlets and parameters made available by the associated management role Role assignments are additive Role A + role B = all role entries from both roles A and B Assignments without scopes use the implicit scope of the role type of the role 17 Microsoft Confidential Step 1: Create the management role Step 2: Change the new role's management role entries (by removing role entries) Step 3: Create a management scope (if required) Step 4: Assign the new management role 18 Microsoft Confidential 9 . to a user or universal security group When an assignment is created. if specified.

DC=Com‖ New-ManagementRoleAssignment –Name ―RA-Sales eDiscovery Administrators‖ –User ―USG-Sales eDiscovery Admins‖ -Role ―eDiscovery-Sales‖ –DomainScopeRestriction ―Sales Mailboxes‖ 19 Microsoft Confidential > New-PSSession –URI https://server.New-ManagementRole -Name ―eDiscoverySales‖ –Parent DiscoveryManagement New-ManagementScope –Name ―Sales Mailboxes‖ –DomainRestrictionFilter ―(RecipientType –eq ‗UserMailbox‘)‖ – DomainRoot ―OU=Sales.DC=nwtraders.fqdn.com/PowerShell/ > New-Mailbox –Name Bob [Bob Mailbox Object in Pipeline] Evan PSv2 Client Runspace IIS PSv2 RBAC Server Runspace Evan: Role Assignment New-Mailbox -Name Get-Mailbox Set-Mailbox -Name PS Client LAP1 Active Directory WSMan + RBAC stack: Authorization IIS: Authentication Cmdlets Available in Runspace: New-PSSession Remote Cmdlets Available in Runspace: New-Mailbox -Name Get-Mailbox Set-Mailbox -Name SRV1 Cmdlets Available in Runspace: New-Mailbox -Name Get-Mailbox Set-Mailbox -Name 20 Microsoft Confidential 10 .

and specialists Accessible directly via URL. administrators. Outlook Web Access (OWA) and Outlook 14 Deployed as a part of the Client Access Server (CAS) role Simplified user experience to common management tasks Role-Based Access Control (RBAC) aware 21 Microsoft Confidential UI Scope Control Secondary Navigation Slab Primary Navigation 22 Microsoft Confidential 11 .A browser based management client for end users.

23 Microsoft Confidential 24 Microsoft Confidential 12 .

25 Microsoft Confidential 26 Microsoft Confidential 13 .

g. and Firefox Authentication Currently supports Integrated Windows and basic authentication ECP is an IIS virtual directory on the Client Access Server role 28 Microsoft Confidential 14 . Department Administrator. Safari 3+.NET application Full browser support for Internet Explorer (IE) 7+.Specialists Administrators can delegate to specialists (e. Help Desk Operators. and eDiscovery Administrators) End users Comprehensive self service tools for end users OWA options plus Hosted customers Tenant administrators 27 Microsoft Confidential ASP.

The ECP IIS virtual directory is automatically created when installing the Client Access Server role ECP settings are stored in Active Directory and the IIS metabase The ECP is managed using Exchange cmdlets ECP cmdlets New-ECPVirtualDirectory Set-ECPVirtualDirectory Get-ECPVirtualDirectory Remove-ECPVirtualDirectory Test-ECPConnectivity 29 Microsoft Confidential The new management paradigm for PowerShell automation in Exchange Server 2010 (Beta) Integrates with RBAC model Is used for local and remote management Standard protocols allow easier management through firewalls Solves many cross-forest management issues Simplifies management tools installation 30 Microsoft Confidential 15 .

Exchange partners provide infrastructure to transport cmdlet operations and data from the (smart) client-side runspace to the server-side runspace and back WSMan – remoting transport and authorization-hooks PowerShell V2 ―Fan-in‖ remoting – allows highscale client-connectivity to a server/datacenter environment Exchange RBAC serves as the authorization provider for PowerShell Remoting 31 Microsoft Confidential 32 Microsoft Confidential 16 .

Exchange -ConnectionUri https://<Exchange 2010 computer name>/powershell –Credential $UserCredential Import-PSSession $RS 34 Microsoft Confidential 17 .33 Microsoft Confidential $UserCredential = Get-Credential $rs = New-PSSession -ConfigurationName Microsoft.

Role Based Access Control RBAC has replaced the permission model used in Exchange Server 2007 Enables the definition of extremely broad or extremely precise roles and assignments. based on the actual roles administrators perform Exchange Control Panel Provides a new way to administer a subsets of Exchange features Provides a great self provisioning portal Remote Powershell Uses familiar Exchange cmdlets Allows administration without the Exchange management tools Provides a firewall friendly management access 35 Microsoft Confidential 36 Microsoft Confidential 18 .

IMPLIED OR STATUTORY. 19 . and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. and/or other countries. Because Microsoft must respond to changing market conditions. MICROSOFT MAKES NO WARRANTIES. it should not be interpreted to be a commitment on the part of Microsoft. Microsoft. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation.© 2009 Microsoft Corporation. EXPRESS. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. Windows.S. All rights reserved. AS TO THE INFORMATION IN THIS PRESENTATION.

Exchange Server 2010 (Beta) Airlift Module Number 13 Microsoft© Corporation Review Exchange Server 2010 (Beta) key architecture changes Discuss Exchange Server 2010 (Beta) transition and co-existences scenarios Discuss how to prepare your environment for Exchange Server 2010 (Beta) today 2 Microsoft Confidential 1 .

Exchange 2007 Issues Client access role is not a middle-tier •Messaging Application Programming Interface (MAPI) and Web Distributed Authoring and Versioning (WebDAV) clients connect directly to the store •Multiple different code paths stored in different processes depending on connecting client Scale issues •Windows TCP outbound port scalability issues (65.535) per server in Windows Server 2003 and per IP address in Windows Server 2008 (affects Outlook Anywhere) •DSProxy only supports 60. provides calendar access between Exchange organizations 3 Microsoft Confidential Entourage Exchange Components WS Mailbox Agents Exchange Components WS Mailbox Agents OWA Sync Transport Agents OWA Sync Transport Agents UM Outlook / MAPI clients UM Middle Tier Middle Tier Entourage Core Objects MAPI.Net Outlook / MAPI clients MAPI RPC XSO 2 .000 RPC context handles Federation allows for sharing of free/busy data.000 RPC context handles per server No easy solution for external data sharing Exchange Server 2010 (Beta) •All end-user clients now connect through the Client Access server for mailbox data and for directory information •Client WebDAV communication mechanism has been deprecated •Scale issue between Mailbox and CAS roles for Outlook Anywhere disappear due to the use of the RPC Client Access service •DSProxy interface has been replaced with an NSPI interface that is part of the RPC Client Access service •Store supports 250.000 outbound TCP ports per sever •Store only supports 60.Net Mailbox DSPROXY Mailbox MAPI RPC Store DAV MAPI RPC Store 4 Microsoft Confidential NSPI XSO MAPI.

you must deploy OCS 2007 R2 Since CAS role is now a true middle-tier solution. consider deploying hardware load balancing solution For Office Communications Server (OCS) integration with OWA. CAS to Mailbox processor core ratio changes drastically as a result of RPCCA (Beta1: 3:4) OWA 2010 will not support Public Folder (PF) access to folder stored only on MBX 2007 or MBX 2003 servers 5 Microsoft Confidential Exchange 2007 Issues Exchange does many small. and management nightmare New Messaging Records Management features •Item level policy settings •Archive mailbox feature for importing and storing PST data •Compliance Officer search capabilities Result: PSTs can be removed by placing data into Exchange repository and can be searched easily 6 Microsoft Confidential 3 .000 items per folder Outlook Personal Folder Files (PSTs) are a litigation. CAS servers will require beefier hardware. sequential I/Os •Store schema changes •DB I/O size improvements •Database cache effectiveness improvements •ESE optimized for new store schema Result: Exchange Server 2010 (Beta) reduces I/O by an additional 70% when compared to Exchange Server 2007 and is optimized for SATA class disks Large item count per folder is an issue due to restricted views (affects large mailbox deployments Schema changes of the table structure and deferred index updates greatly improves restricted view performance Result: Supports 100.Exchange Server 2010 (Beta) CAS required in every AD site where Exchange Server 2010 (Beta) MBX is deployed Load balancing If planning on deploying more than 8 CAS servers in a load balanced array. smoother. security. random input/outputs (I/Os) which inhibit the types of disks that can be used Exchange Server 2010 (Beta) Exchange store schema and ESE optimized for fewer large.

Single-copy cluster Cluster Continuous Replication Exchange Server 2010 High Availability *Over granularity Copies of data *Over time *Over management Data replication Server-level 1 ~2 min Windows Cluster Partner replication or SCR Separate No Server-level 2 ~2 min Windows Cluster Continuous replication Database-level 2 to 16 ~30 sec (POR) Exchange Server Continuous replication Management tools Host other roles? Separate No Unified Yes Other advantages Step up to automatic failover without rebuilding the mailbox server Incrementally add replicated copies to meet business needs No subnet or special DNS requirements 7 Microsoft Confidential Outlook Clients Outlook Clients Failover: Client disconnected for 0-TTL minutes Exchange CAS NLB MBX MBX CAS Failure: Client just reconnects MBX1 MBX2 Exchange 2007 8 Failover: Connected client disconnected for 30 seconds (POR) Microsoft Confidential Exchange Server 2010 (Beta) 4 .

Leverage the incremental deployment capabilities of Exchange Server 2010 (Beta) You do not need to deploy site resilience out of the box! Deploy larger database availability groups (DAGs) over smaller DAGs Distribute database copies across nodes in a matrix Improved database seed/log shipping performance across the wide area network (WAN) Seed compression/encryption (optional) Log shipping compression/encryption (optional) Log shipping is now Transport Control Protocol (TCP) socket based 9 Use multiple 1 GB networks or 10 GB network to improve local area network (LAN) re-seed/log replication queue drain performance Microsoft Confidential 8 Cores 32 GB RAM 8 Cores 32 GB RAM 8 Cores 32 GB RAM Mbx Server 1 DB1 DB2 DB3 DB4 DB5 DB6 Mbx Server 2 DB1 DB2 DB3 DB4 DB5 DB6 Mbx Server 3 DB1 DB2 DB3 DB4 DB5 DB6 10.11 IOPS/mailbox 2 GB mailbox size 3.333 active mailboxes/server 3 nodes. 3 copies = secondary failure resiliency 1TB 7.2k disks (SAS/SATA) JBOD: 30 disks/node online spares battery backed caching array controller DB7 DB8 DB9 DB10 DB11 DB12 DB7 DB8 DB9 DB10 DB11 DB12 DB7 DB8 DB9 DB10 DB11 DB12 DB13 DB14 DB15 DB16 DB17 DB18 D B DB13 1 D B 1 DB25 DB19 DB14 DB15 DB16 DB17 DB18 D D B DB13 B 1 1 D D B B 1 DB25 1 DB19 DB14 DB15 DB16 DB17 DB18 DB19 DB20 DB21 DB22 DB23 DB24 DB20 DB21 DB22 DB23 DB24 DB20 DB21 DB22 DB23 DB24 DB25 DB26 DB27 DB28 DB29 DB30 DB26 DB27 DB28 DB29 DB30 DB26 DB27 DB28 DB29 DB30 Database Availability Group (DAG) Active copy 10 Passive copy Microsoft Confidential Spare Disk Legend 5 .000 mailboxes heavy Profile: 120 messages/day .

Fibre Channel.Upgrade server 1 Single Site Server 2 4 Nodes fails Server 1 upgrade is done 3 HA Copies 2 active 3 physical JBOD ->copies die Copies Mailbox Server 1 Mailbox Server 2 XX Database Availability Group (DAG) Microsoft Confidential Mailbox Server 3 Mailbox Server 4 11 Storage Guidance Storage Type Disk Type RAID RAID Type DB/Log Isolation Windows Disk Type Partition Type Partition Alignment File System NTFS Allocation Unit Size Encryption Support Stand Alone or Database Availability Group (2 copies) DAS. RAID-6 Best practice Basic (recommended). Fibre Channel. SSD RAID recommended RAID-1/0. RAID-5. iSCSI SAS. MBR Windows 2008 Default (1MB) NTFS 64KB for both database and log volumes Bitlocker Database Availability Group (3+ copies) RAID optional JBOD Not required 12 Microsoft Confidential 6 . SATA (with battery backed cache). Dynamic GPT (recommended).

consider RAID-less storage design and combining logs and database on same spindles Ensure unique database names across the organization Large mailbox support (10 GB+) Deploy active mailbox to support 1-2 years worth of data Deploy archive mailboxes to allow end users to retain long-term needed data Deploy Office 2007 Service Pack 2 (SP2) or later 13 Microsoft Confidential Exchange 2007 Issues Transport is stateful – loss of service results in loss of mail Exchange Server 2010 (Beta) Shadow redundancy allows transport to become stateless by keeping an additional copy of the message during the entire time the message is in transit Result: No need to worry about state of a transport server Transport dumpster impacts the environment •Large number of SGs in an environment coupled with a small database cache result in large increase in I/Os •Redelivery submission results in entire quota being redelivered and store removing duplicates Database engine is not optimized for transport delivery Database replication feedback is now used to control which messages remain in dumpster and thus redelivery requests only result in redelivery of messages that had not been replicated to that database copy ESE improvements •Multi-threaded version store maintenance •Larger checkpoint depth (40MB) •Optimized database cache (64MB – 1GB) •Intrinsic long value record storage Result: With transport dumpster changes and ESE improvements. transport IOPS requirements are targeted to be reduced by more than 50% No automatic mechanism to protect messages based on content Leverages Information Rights Management (IRM) and transport rules to automatically protect messages that are deemed ―sensitive‖ Provides the ability to detect incoming external encrypted mail and take action and to control when message encryption can be used No automatic way to restrict encrypted message flow within the environment 14 Microsoft Confidential 7 .Streaming backup support has been removed Deploy direct-attached storage (DAS) solutions. as they are more cost effective with large mailboxes and continuous replication Leverage the Storage Cost Calculator Deploy Database Availability Groups (DAGs) and use replication to achieve high availability If deploying 3 or more database copies.

there is no need to include RAID in your storage designs Currently only Exchange Server 2010 (Beta) Hub Transport servers can communicate in an Edge synchronization process with Exchange Server 2010 (Beta) Edge Transport servers Information Rights Management (IRM) usage with transport requires Rights Management Server deployed on Windows Server 2008 15 Microsoft Confidential Review Exchange Server 2010 (Beta) key architecture changes Discuss Exchange Server 2010 (Beta) transition and co-existences scenarios Discuss how to prepare your environment for Exchange Server 2010 (Beta) today 16 Microsoft Confidential 8 .Exchange Server 2010 (Beta) Mailbox servers can only communicate with Exchange Server 2010 (Beta) Hub Transport servers Exchange Server 2010 (Beta) Hub Transport servers can communicate with Exchange Server 2007 Hub Transport servers Must deploy an Exchange Server 2010 (Beta) Hub Transport server in every site where you deploy Exchange Server 2010 (Beta) Mailbox server Since transport is stateless.

Schema changes! No hard requirement for Windows Server® 2008 Active Directory® (AD) At minimum. one Windows 2003 Service Pack 2 (SP2) global catalog in each site Exchange Server 2010 (Beta) domain-joined server roles will be installed The AD must be at least in Windows Server 2003 forest functionality mode No support for read-only domain controller (RODC)/read-only global catalog (ROGC) 17 Microsoft Confidential Exchange Server 2007/Exchange Server 2010 (Beta) coexistence in the same AD site which requires Exchange Server 2007 changes (SP2) Exchange Server 2007 SP2 Must be deployed to every server in the same AD Site as Exchange Server 2010 (Beta) All 2007 Client Access Services (CAS) servers in the organization need to be upgraded Exchange Server 2010 AD schema extensions are planned to be backported into Exchange Server 2007 SP2 18 Microsoft Confidential 9 .

multiple AD sites Single forest. multiple AD sites Single AD site 19 Microsoft Confidential Hard blocked Exchange Server 2010 (Beta) coexistence with Exchange 2000 Server and earlier Exchange Server 2010 (Beta) coexistence with Exchange Server 2003 prior to SP2 Exchange Server 2010 coexistence with Exchange Server 2007 prior to SP2 Adding older versions of Exchange to an Exchange Server 2010 (Beta)-created organization 20 Microsoft Confidential 10 .Co-existence with Exchange Server 2007 in the same organization Multiple forests (resource forest model).

MBX 14 1. MBX 2003 or 2007 1. 2007 objects are managed by 2007 console) 21 Microsoft Confidential 1. HUB. UM.There is no support for in-place server upgrades Microsoft is investing in online mailbox moves Exchange Server 2007 and 2010 (Beta) Exchange Management Console (EMC) can now run on the same machine side by side (Administrator only) Exchange objects are only managed via the EMC management console that have the same version (e.1 Upgrade E2007 servers to SP2 •Move UM phone number for OVA to point to UM14 22 Microsoft Confidential 11 .g. HUB.3 •Move Internet hostnames to point to CAS2010 • This moves AutoDiscover CAS. UM. UM. MBX last Internal AD Site 2 Upgrade Internal sites second Internet CAS-CAS proxy CAS.2 1 Internet facing AD Site Upgrade Internet facing sites first Deploy E2010 servers CAS first. HUB. MBX •―legacy‖ hostname for old CAS •Includes SSL cert purchase •End Users don‘t see this hostname CAS.4 Move Mailboxes 1.

MBX2003. UM2007. FE2003.CAS2010/UM2010/HUB2010 will redirect and proxy clients to CAS2007. HUB2007 for access to Exchange Server 2003/2007 mailboxes Server installation order Client Access Server Hub Transport Unified Messaging (if applicable) Mailbox Set subheads in ―sentence case‖ Generally set subhead to 36pt or smaller so it will fit First Exchange Server 2010 (Beta) server must be a CAS server Order of removing/decommissioning Exchange Server 2007 servers in a site Mailbox Unified Messaging (if applicable) Hub Transport Client Access Server 23 Microsoft Confidential Supported scenarios Scenario 1 2 3 4 5 6 Internet Facing Site 2010 2010 2007+ 2010 2007 + 2010 2003 + 2010 2003 + 2007 + 2010 Non-Internet Facing Site 2010 and/or 2007 2007 and 2003 2007 and/or 2003 2007 and/or 2010 2010 and/or 2003 2010 and/or 2007 and/or 2003 Unsupported scenarios Scenario 7 8 9 24 Internet Facing Site 2007 2007 2010 Microsoft Confidential Non-Internet Facing Site 2007 + 2010 2010 2003 12 .

1+. obtain certificate(s) Publish Outlook Web Access (OWA) via Exchange Server 2010 (Beta) CAS Configure external URL Configure Outlook Anywhere on Exchange Server 2010 CAS Configure DNS Replace the certificate on Exchange Server 2003 frontend 25 Microsoft Confidential Internet AutoDiscover end point is moved to CAS2010 first in migration Exchange Server 2010 (Beta) Autodiscover supports lookups for MBX2007 and MBX2010 26 Autodiscover Internet Clients (Outlook.Install Exchange Server 2010 (Beta) Install certificate on Exchange Server 2010 (Beta) CAS Create certificate signing request (CSR). EWS clients like Entourage) CAS 2007 SP2 CAS 2010 AutoD AutoD Outlook finds AutoD using AD Site SCPs For users w/ MBX2010: AutoD2007 redirects to AutoD2010 Autodiscover Intranet clients Microsoft Confidential 13 . WM6.

OWA rendering happens on CAS SSO Redirection SSO Redirection MBX 2003 CAS 2007 ―XSO MAPI‖ CAS 2010 ―XSO MAPI‖ FE 2003 Proxy + PF/MBX Integration logic MBX 2007 (Public Folder) MBX 2007 MBX 2010 (Public Folders) MBX 2010 MBX 2003 (Public Folders) MBX 2003 28 Microsoft Confidential 14 .Internal Outlook clients connect via MAPI Mailboxes on MBX2010 will connect to CAS via RPCCA Outlook Anywhere clients connect to the CAS2010 server via RPC/HTTPS Traffic is sent proxy to MBX2003. MBX2007. or MBX2010 27 Internet Intranet Outlook Anywhere CAS 2010 Outlook on intranet MBX 2007 Microsoft Confidential MBX 2010 MBX 2003 In Exchange Server 2007 and Exchange Server 2010 (Beta).

WM6. EAS/POP/IMAP are parsed on CAS In Exchange Server 2003. WM6. WM6.1+ POP/IMAP clients Proxy CAS 2010 ―XSO MAPI‖ CAS 2007 ―XSO MAPI‖ MBX 2003 29 MBX 2010 MBX 2007 Microsoft Confidential Before mailbox is moved WM5. WM6.1 connect to MSAS endpoint on Exchange Server 2010 (Beta) CAS For Beta 1. all clients must perform a full resynchronization of data—user must also select ‗Sync‘ on phone multiple times before this completes successfully This is not expected at RTM Exchange Server 2010 (Beta) CAS handles the request to the Exchange Server 2010 (Beta) Mailbox server 30 Microsoft Confidential 15 .In Exchange Server 2007 and Exchange Server 2010 (Beta). EAS/POP/IMAP are proxy-ed to MBX— FE2003 FE2003 is only an authenticating proxy WM5/6 WM6.1 connect to Microsoft Server ActiveSync (MSAS) endpoint on Exchange Server 2010 (Beta) CAS Exchange Server 2010 (Beta) CAS proxies request directly to Exchange Server 2003 BE Mailbox server via HTTP NOTE: Exchange Server 2003 BE must be configured for Windows Integrated authentication—this is a manual step for IT administrators After mailbox is moved WM5.

1 Full Resync Required Outlook Web Access HTTP Redirect POP IMAP EWS 32 Microsoft Confidential New Entourage Version Required 16 .CAS 2007 SP2 AutoD For lookups against MBX2010: AutoD2007 redirects to AutoD2010 CAS 2010 AutoD Exchange Server 2007 AS Clients (Outlook. OWA.com) (mail. OWA.contoso.contoso. EWS clients) ―XSO MAPI‖ ―XSO MAPI‖ MBX 2007 storing mbxes MBX 2003 Storing F/B in Public Folders MBX 2010 storing mbxes 31 Microsoft Confidential Before mailbox is moved from 2003 to After Mailbox transitioned 2010 to Exchange Server 2010 (mail.com) Outlook 2003 Outlook 2007 Windows Mobile 5 Full Resync Required Windows Mobile 6 Full Resync Required Windows Mobile 6. EWS clients) Avail svc Proxy to AS version Matching MBX version For Exchange Server 2007/Exchange Server 2010 Avail svc Exchange Server 2010 AS Clients (Outlook.

Hub Transport Transition Deploy Exchange Server 2010 (Beta) Hub(s)—at this point. Finally. As you migrate more mailboxes to Exchange Server 2010 (Beta). you need to have sufficient Exchange Server 2010 (Beta) Hub servers to handle Exchange Server 2010 (Beta) mailboxes and Exchange Server 2007 Hub servers to handle Exchange Server 2007 mailboxes. Remove Exchange Server 2007 Edge and Exchange Server 2007 Edge subscriptions. 33 Microsoft Confidential Install the SP2 on Exchange Server 2007 servers Deploy Exchange Server 2010 (Beta) CAS. Deploy Exchange Server 2010 (Beta) Edge and establish Exchange Server 2010 (Beta) Edge Subscription. Hub and MBX roles Exchange Server 2010 (Beta) and Exchange Server 2007 Hub servers configure themselves Exchange Server 2010 MBX -> Exchange Server 2010 Hub -> E2007 Hub -> E2007 MBX E2007 MBX -> E2007 Hub -> Exchange Server 2010 Hub -> Exchange Server 2010 MBX 34 Microsoft Confidential 17 . you can decrease the number of Exchange Server 2007 Hub servers and increase the number of Exchange Server 2010 (Beta) Hubs. remove Exchange Server 2007 Hubs when no Exchange Server 2007 mailboxes are present.

Edge 2007 SP2 can proxy to Hub 2010 Edge servers can be upgraded to Exchange Server 2010 (Beta) last
Perimeter network
SMTP ―XSO MAPI‖ Edge 2007 SP2 HUB 2010 SMTP MBX 2010 MBX 2003

Incoming or Outgoing email

―XSO MAPI‖ HUB 2007 MBX 2007

Edge 2010

35

Microsoft Confidential

AD-Site E2007 Edge-Sync

E2007 SP2 E2007 Edge Edge E2007 SP2 E2007 Edge Edge

E2007 SP2 E2007 HUB HUB E2007 SP2 E2007 HUB HUB

E2007 SP2 E2007 Mailbox

1. Deploy Exchange Server 2007 SP2 on all Servers (including Edge) 2. Introduce Exchange Server 2010 (Beta) Hub Servers  Routing Version boundary  Exchange Server 2010 (Beta) Hub cannot EdgeSync to Exchange Server 2007 SP2 Edge)

E2007 SP2 E2007 Mailbox

E2010 HUB E2010 HUB

SMTP

Routing Version boundary

36

Microsoft Confidential

18

Routing is dependent on the AD site boundary and server versions Every AD-Site with a mailbox will always require a hub of the same version for mail delivery to that mailbox Cannot be changed (e.g. specify Hub Server in SubmissionServerOverrideList)

37

Microsoft Confidential

AD-Site E2007 Edge-Sync

E2007 SP2 Edge E2007 SP2 Edge

E2007 SP2 HUB E2007 SP2 HUB

E2007 SP2 Mailbox

3. Deploy Exchange Server 2010 (Beta) Mailbox Role

E2007 SP2 Mailbox

4. Deploy Exchange Server 2010 (Beta) Edge Role
5. Subscribe Exchange Server 2010 (Beta) Edge Server(s)

SMTP

Routing Version boundary
E2010 Mailbox

E2010 Edge E2010 Edge

E2010 HUB E2010 HUB

E2010 Mailbox

E2010 Edge-Sync

19

Exchange Server 2007 Edge can maintain Sync for Exchange Server 2010 (Beta) Edge R4 Upgrade Story In R4, we will be doing work to simplify the upgrade process—these include:
Exchange Server 2007 SP2 ADAM schema will be compatible with the Exchange Server 2010 (Beta) schema—this will enable Exchange Server 2010 (Beta) Hubs to subscribe to Exchange Server 2007 SP2 Edge servers Simplify the credential bootstrap process so that adding new Exchange Server 2010 (Beta) Hub servers do not require re-subscribing to the Edge servers We will support deltasync to the Edges which is much more efficient than syncing the entire AD every 4 hours

39

Microsoft Confidential

AD-Site E2007 Edge-Sync

E2007 SP2 Edge E2007 SP2 Edge

E2007 SP2 HUB E2007 SP2 HUB

E2007 SP2 Mailbox

6. Remove Exchange Server 2007 Edge Role and Subscription 7. Remove Exchange Server 2007 Mailbox Role 8. Remove Exchange Server 2007 Hub Role

E2007 SP2 Mailbox

SMTP

Routing Version boundary
E2010 Mailbox

E2010 Edge E2010 Edge

E2010 HUB E2010 HUB

E2010 Mailbox

E2010 Edge-Sync

40

Microsoft Confidential

20

Source mailbox can be used by users as normal during ―online‖ moves Online mailbox move is only available for Exchange Server 2007 and above No OST resync after mailbox move MAPI RPC used for all moves

Exchange 2007

On lin

e

line Off

Exchange 2010 CAS with ―Mailbox Replication Service‖

Exchange 2010 Mailbox Server

41

Exchange 2003

Microsoft Confidential

With private branch exchange/gateways (PBX/GWs): One Dial Plan, Redirect

With Office Communications Server: 2 Dial Plans, Direct

42

Microsoft Confidential

21

Co-existence support between mailbox server 2010 and mailbox server 2003/2007
Co-existence with mailbox server 2000 is not supported

Outlook can read mailbox from one Exchange version (e.g. 2010) and public folder from another (e.g. 2003/2007) OWA 2010 only gives access to public folders with replica in mailbox server 2010
Error message when accessing public folder with replica only on Exchange 2003/2007 This is different from OWA 2007, which had a redirection behavior, opening up OWA 2000/2003 for public folders on older mailbox servers in separate browser windows

Get-PublicFolderStatistics now captures last user access
43

Microsoft Confidential

Review Exchange Server 2010 (Beta) key architecture changes Discuss Exchange Server 2010 (Beta) transition and co-existences scenarios Discuss how to prepare your environment for Exchange Server 2010 (Beta) today

44

Microsoft Confidential

22

invest in Volume Shadow Copy Service (VSS) Do not deploy a third-party Archiving solution today to solve the PST problem. deploy Office 2007 SP2 45 Microsoft Confidential Do not deploy single copy cluster (SCC) or local continuous replication (LCR) today. instead enable larger mailboxes and retain data in the mailbox Mailbox archiving will be built-in to Exchange Server 2010 (Beta) Third-party compliance solutions are OK.Start planning Windows Server 2008 as their base OS Move to Windows Server 2003 Forest Functional Mode Upgrade AD servers to Windows Server 2003 SP2 or later Remove Exchange 2000 Server Exchange Server 2010 (Beta) only supports coexistence within a forest with Exchange Server 2003 SP2 and Exchange Server 2007 SP2 For large mailbox and cached mode I/O improvements. but ensure there is a roadmap for future versions Ensure that the database names are unique across the Exchange Organization 46 Microsoft Confidential 23 . deploy cluster continuous replication (CCR)+ standby continuous replication (SCR) Neither are truly High Availability (HA) solutions Neither are offered in Exchange Server 2010 (Beta) Do not invest in a streaming backup solutions.

0 Plan for the upgrade of Outlook clients that are lower than Outlook 2003 Deploy a CAS certificate solution that covers: Exchange Fax that will be deprecated in Exchange Server 2010 (Beta) OWA/EAS namespace (e.com) Autodiscover namespace Legacy namespace (e.Do not deploy an Exchange UM Fax solution.foo. mail.foo.g. rely on third party solutions Plan for the upgrade or replacement of mobile devices that are lower than Windows Mobile 5.g. legacy.com) 47 Microsoft Confidential Key architectural changes Exchange Server 2010 (Beta) reduces storage I/O and enables large mailbox scenarios while providing built-in data availability mechanisms Exchange Server 2010 (Beta) provides a true middle tier access methodology for all client access mechanisms Exchange Server 2010 (Beta) introduces true transport resiliency which enables transport to become stateless 48 Microsoft Confidential 24 .

and/or other countries. Windows. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. AS TO THE INFORMATION IN THIS PRESENTATION. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.S. MICROSOFT MAKES NO WARRANTIES. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. EXPRESS. it should not be interpreted to be a commitment on the part of Microsoft. 25 .49 Microsoft Confidential © 2009 Microsoft Corporation. All rights reserved. Because Microsoft must respond to changing market conditions. Microsoft. IMPLIED OR STATUTORY.

Exchange Server 2010 (Beta) Ignite Module Number 14 Microsoft© Corporation Today’s Exchange Online Exchange Online & Exchange Server 2010 Reduced feature gaps Cross-premises coexistence New management tools Release schedule Q&A 2 Microsoft Confidential 1 .

000 seat minimum Many customization options VPN or dedicated circuit links customer site to Exchange environment Microsoft Confidential 2 . one architecture 5 seat minimum Rapid.9% uptime SLA (financially-backed) 24x7 IT Pro support Microsoft Confidential Exchange Exchange Exchange Exchange Multiple customers.(others being added) Business Productivity Online Suite (BPOS) Exchange infrastructure is based on Exchange Server 2007 SP1 Available today in 20 countries Unified provisioning. standardized deployment All connectivity to hosted environment occurs over public Internet 4 Single customer per architecture 5. billing and management across services 3 99.

Protection and Compliance • E-mail Archiving • Protect Communications • Advanced Security Anywhere Access • Manage Inbox Overload • Enhance Voice Mail • Collaborate Effectively Flexible and Reliable • Continuous Availability • Simplify Administration • Deployment Flexibility Native multi-tenancy Built for hybrid deployments 5 Tested with Live@edu Hosted by Exchange team Microsoft Confidential Brings new Exchange Server capabilities to the cloud Improves coexistence between on-premises and online users Gives administrators more control over the online environment Co-Existence On-Premises Hosted Service Deploy Exchange in a Fashion That Best Fits Business Needs with Choice of Delivery 6 Microsoft Confidential 3 .

Features from Exchange Server 2007 Transport Rules Managed Folders Voice Mail and Unified Messaging Features from Exchange Server 2010 Meet legal and compliance needs with cross-mailbox search Help users prevent e-mail mistakes with MailTips Apply RMS protection with transport rules Eliminate PSTs with Personal Archive Similar to UM branch office deployment Customer has on-premise telephony equipment Session Border Controller (SBC) connects on-premises telephony environment to Exchange Online PBX stays onpremises HubT UM PSTN Internet CAS Exchange Online hosts mailboxes and UM servers PBX and Office Phones 8 Microsoft Confidential MBX 4 .

single sign-on Directory Sync Tool User provisioning and unified GAL Microsoft Federation Gateway Active Directory Exchange Server 2010 • Cross-premises free/busy • Federated message delivery • Native mailbox migration Key aspects of coexistence:  Identity and authentication  Directory coexistence  E-mail coexistence  Calendar coexistence  Data migration Exchange Server 2003/2007 9 Microsoft Confidential Enterprise Apps ISV Apps Microsoft cloud services Microsoft Federation Gateway Dynamics CRM Online Exchange Online SharePoint Online OC Online Azure Services Platform Microsoft Online Federated sharing Single sign-on Microsoft Services Connector Active Directory Fabrikam Contoso Employee Exchange Exchange Sharing with partners Calendar sharing Contact sharing Federated RMS Message tracking Cross-premises coexistence Calendar sharing and free/busy Secure message delivery Microsoft Confidential Single sign-on / single identity Exchange Online Microsoft Online Services Applications hosted on Azure 10 5 .Microsoft Services Connector Single identity.

com To: ed@contoso.com and reroutes to final recipients Uses same Sharing Relationship configuration as free/busy calendar sharing Provides functionality similar to Transport Layer Security (TLS) E14 E14 To: ed@contoso. Contoso Online fed-del@service.com From: sara@contoso.contoso.Exchange Online user Exchange Online user Process is the same as setting up free/busy sharing with business partners No client configuration needed On-premises and online users can see each other’s free busy calendar data Maintains consistent user experience during migration and coexistence 11 Microsoft Confidential Invisible to end users Microsoft Federation Gateway Sending side encrypts and routes to a Federated Delivery address Exchange Receiving side validates.com From: sara@contoso.com Key advantage: Outbound mail can be routed through on-premises e-mail infrastructure for custom processing 12 Microsoft Confidential 6 . decrypts.

Today Single sign-on via stored password Online “2010” Single sign-on via federation Microsoft Services Connector or ADFS User benefits Same identity on-premises and in the cloud No need to manage separate passwords Used across multiple Online Services Administrator benefits No sign-on application to manage across desktops Passwords not synchronized to the cloud Retain security control over user accounts No changes to enterprise deployment of AD 13 Active Directory Microsoft Confidential Based on Geneva (Active Directory Federation Services v2) Simplified for service scenarios Quick and easy setup Free download Installed as an IIS website Admin proves domain ownership with SSL certificate Supports range of network infrastructures: Single server. server farm. proxy server Single identity (use domain password)  Outlook 2007  Windows Mobile  Entourage  PowerShell  POP/IMAP Client support: 14 Single sign-on (no password prompt)  Outlook 14 (w/ Windows 7)  Outlook Web Access Microsoft Confidential 7 .

Move mailboxes to cloud with Exchange Management Console Migrate mailboxes with built-in wizards View migration status and statistics 15 Microsoft Confidential Uses same replication engine as on-premises mailbox moves Asynchronous design improves fault-tolerance Mailbox is moved. not copied (reduces risk of admin error) OST resync is not required after mailbox move Includes support for moving mailboxes back on-premises On-premises E2K3 E2K7 E14 CAS E14 Mailbox Migration Supports migration from Exchange 2003. Exchange 2007. and Exchange 14 on-premises Microsoft Confidential 16 8 .

Exchange Control Panel Perform or delegate common admin tasks via a Web-based GUI Exchange Management Console Manage online and on-premises mailboxes in one place Remote PowerShell Manage the hosted Exchange environment via command line 17 Microsoft Confidential Adds new web-based management features Capabilities can be delegated beyond IT 18 Microsoft Confidential 9 .

Manage on-premises and online Exchange forests in the same console Manage recipients in the cloud Configure properties of online Exchange forest Move mailboxes to the cloud 19 Microsoft Confidential > New-DynamicDistributionGroup -Name "Florida Sales and Marketing" -IncludedRecipients MailboxUsers -ConditionalDepartment Sales. Marketing -ConditionalStateOrProvince Florida 20 PowerShell v2 lets you execute commands over the Internet Access is controlled via RBAC Allows scripting and automation of routine tasks Microsoft Confidential 10 .

Q1 Q2 Q3 Q4 Q1 Q2 Q3 Exchange Online will transition to Exchange Server 2010 next year Online beta: Q4 2009 Online launch: H1 2010 Customers can control the timing of their upgrade (waiting up to 12 months. or a seamless mix of both 22 Microsoft Confidential 11 . if desired) 21 Microsoft Confidential New server features available online  Messaging Records Management  Transport rules  Unified Messaging  New features from Exchange Server 2010 Improved migration and coexistence  Single identity (log in using domain credentials)  Calendar coexistence (shared free/busy)  Native migration tools Better administration and control  Enhanced web administration portal  Exchange Management Console  Remote PowerShell Choose between server. service.

MICROSOFT MAKES NO WARRANTIES. Microsoft. EXPRESS. IMPLIED OR STATUTORY. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. it should not be interpreted to be a commitment on the part of Microsoft. All rights reserved.S.23 Microsoft Confidential © 2009 Microsoft Corporation. Windows. Because Microsoft must respond to changing market conditions. and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. AS TO THE INFORMATION IN THIS PRESENTATION. Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. 12 . and/or other countries.

Sign up to vote on this title
UsefulNot useful