Professional Documents
Culture Documents
Module Number 01
Microsoft© Corporation
Optimize for
Software + Services
2 Microsoft Confidential
1
Flexible and Reliable
Provide the flexibility needed to operate a scalable, high
performing, and easy to administer messaging infrastructure
3 Microsoft Confidential
Co-Existence
4 Microsoft Confidential
2
Greater Range of Storage Options Through
Performance Enhancements
3
Limit User Disruption During Mailbox Moves
and Maintenance
E-Mail Client
7 Microsoft Confidential
X
Mailbox
Server
Hub
Transport
Edge
Transport
Servers keep “shadow copies” of items
until they are delivered to the next hop
Also helps simplify Hub and Edge Transport Server upgrades and maintenance
8 Microsoft Confidential
4
Empower Specialist Users to Perform Specific
Tasks with Role-based Administration
Compliance Officer Human Resources Help Desk Staff
9 Microsoft Confidential
10 Microsoft Confidential
5
Anywhere Access
Help manage communication overload by offering an easy to
navigate, universal inbox with advanced messaging features
11 Microsoft Confidential
Ignore
6
Help Reduce Unnecessary and Undeliverable
E-Mail Through New Sender MailTips
Remove Extra
Steps and E-Mail
Limit Accidental
E-Mail
Reduce Non-
Delivery Reports
13 Microsoft Confidential
Contextual Contact
Actions
14 Microsoft Confidential
7
Create Customized Voice Mail Menus with
Personal Auto Attendant
Managing Auto
Attendants Defining a Personalized
Voice Mail Menu
15 Microsoft Confidential
16 Microsoft Confidential
8
Rich Mobile Messaging Experience with
‘Desktop Class’ Features and Functionality
Voice Mail
Preview
Auto-Complete
Cache
Conversation
View
17 Microsoft Confidential
Voice Telephony
Instant Messaging
SMS Text Messaging
18 Microsoft Confidential
9
Ease Collaboration by Federating Calendar
Details with External Business Partners
19
Microsoft Confidential
20 Microsoft Confidential
10
Better Manage Mail in a Central Archive While
Maintaining a Familiar User Experience
…apply a
retention
policy….
21 Microsoft Confidential
Message expiration
time in view
22 Microsoft Confidential
11
Empower Compliance Officers to Conduct
Multi-Mailbox Searches with Ease
New User Friendly Search
23 Microsoft Confidential
24 Microsoft Confidential
12
Automatically Protect E-Mail with Centralized
Rights Management Rules
Automate RMS Policies
Based on Sender and
Recipient Attributes
25 Microsoft Confidential
Internet SMTP
26 Microsoft Confidential
13
• Increase operational flexibility
•
•
Streamline communications
Manage inbox overload
2009
• Deliver e-mail archiving solution
• Optimize for Software + Services
SP1
• Public Folder access in Outlook Web Access
• Standby Continuous Replication (SCR)
2007
• Additional Exchange ActiveSync Policies
Communication overload
28 Microsoft Confidential
14
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
15
Exchange Server 2010 (Beta) Ignite
Module Number 02
Microsoft© Corporation
2 Microsoft Confidential
1
Client – 1024
DC – 512
Exchange – 1536
OCS – 1024
3 Microsoft Confidential
Deployment scenarios
Deployment prerequisites
Role configuration
Edge Transport server role
Client Access server role
Hub Transport server role
Mailbox server role
Unified Messaging server role
Virtualization deployment guidelines
4 Microsoft Confidential
2
Small organizations
Exchange Online
Combined role servers – can run all roles on 2 servers (including
High Availability (HA))
Mid-market – multiple servers to run
Active Directory® (AD)
Dedicated Mailbox server role
Client Access server and Hub Transport server role – potentially
combine
Unified Messaging server role (optional, dedicated)**
Combined roles
Can install Hub, CAS and/or UM on a Mailbox server that is part of
Database Availability Group (DAG).
Cannot combine Edge Server role with other roles
UM combination only recommended in a single server deployment
Role combination is always a performance management exercise
5 Microsoft Confidential
6 Microsoft Confidential
3
In-place upgrades are not a valid scenario
You cannot add an Exchange Server 2010 (Beta) server to an existing
Exchange organization if it contains Exchange Server 5.5 or 2000
servers
You cannot add Exchange Server 2007 servers to a new Exchange
Server 2010 (Beta) organization
Exchange organization must be in native mode
You can transition an existing Exchange organization only if the
servers have the following versions installed:
Exchange Server 2003 Service Pack 2 (SP2)
Exchange Server 2007 SP2 on all CAS servers in the organization
Exchange Server 2007 SP2 on all Exchange Servers in any site
that will contain Exchange Server 2010 (Beta) servers
7 Microsoft Confidential
8 Microsoft Confidential
4
Exchange Server 2007 features dropped from Exchange
Server 2010 (Beta)
Local Continuous Replication (LCR)
Fax services
Single copy clusters (SCC) and along with them:
Shared storage
Pre-installing a cluster
Clustered mailbox servers
Running setup in cluster mode
Moving a clustered mailbox server
Storage groups
Properties moved to database objects
Two copy limitations of cluster continuous replication (CCR)
Streaming backups
9 Microsoft Confidential
5
Capacity planning
More load on Exchange Server 2010 (Beta) Client Access server
(CAS) than on Exchange Server 2007 CAS server
Never deploy Client Access server in perimeter network
Authentication is performed by Client Access server (EAS,
OWA, Outlook Anywhere)
Client Migration
Outlook 2007 clients and higher automatically be reconfigured by
Autodiscover when the mailbox is moved from Exchange Server
2007 to Exchange Server 2010 (Beta)
Legacy clients will communicate with the RPC Client Access
component on the CAS 2010 to access the mailbox
Utilize ISA Server for web publishing where possible
11 Microsoft Confidential
All servers
Enter the Exchange product key
Run the Microsoft Best Practices analyzer
Install anti-virus software
Verify installation success
Event logs
12 Microsoft Confidential
6
Deployment scenarios
Deployment prerequisites
Role configuration
Edge Transport server role
Client Access server role
Hub Transport server role
Mailbox server role
Unified Messaging server role
Virtualization deployment guidelines
13 Microsoft Confidential
Active Directory
Windows Server 2003 SP2 global catalog server is
installed in each Exchange AD site
Windows Server 2003 forest functional level
AD RAP is recommended
Exchange
Existing servers are Exchange Server 2003 SP2 or
later
Mixing versions is supported
Exchange Server Risk Assessment and Health Check
Program (EXRAP) is recommended prior to
introduction of Exchange Server 2010 (Beta)
14 Microsoft Confidential
7
Validate existing environment
DCDiag: basic domain diagnostics
NetDiag: domain controller network
diagnostics
REPLMon: replication monitor
NETDom: domain and trust diagnostics
ExBPA
Windows Update
15 Microsoft Confidential
16 Microsoft Confidential
8
Install PowerShell
ServerManagerCmd -i PowerShell
Install remote Active Directory Management
tools
ServerManagerCmd -i RSAT-ADDS
17 Microsoft Confidential
PowerShell Version 2
http://go.microsoft.com/fwlink/?LinkID=104222
.NET Framework 3.5
http://go.microsoft.com/fwlink/?LinkID=96339
Windows Remote Management 2.0
http://go.microsoft.com/fwlink/?LinkID=107396
Restart the server
9
Installation requirements
Windows Server 2008 64-bit editions
Standard Edition
Enterprise Edition
Datacenter Edition
Windows Server 2008 prerequisites for
Exchange Sever 2010 (Beta)
ServerManagerCmd –ip Exchange-Typical.xml
19 Microsoft Confidential
20 Microsoft Confidential
10
Deployment scenarios
Deployment prerequisites
Role configuration
Edge Transport server role
Client Access server role
Hub Transport server role
Mailbox server role
Unified Messaging server role
Virtualization deployment guidelines
21 Microsoft Confidential
11
Configure accepted domains
Create an accepted domain for each domain
for which you will accept email
Subscribe Edge Server
Configure Internet Mail Flow
Manual process if Edge is not configured
Configure external post master recipient
Configure cross-forest connectors
23 Microsoft Confidential
12
Verify successful role installation (setup logs, etc.)
Set Administrator Permissions (local)
Lock down the server via the Security Configuration
Wizard
Configure the agents that provide the antivirus and
anti-spam protection, message policy, and message
security features (all are enabled by default)
If installing additional Edge Transport servers, you can
execute a clone process to copy certain information
between Edge Transport servers
Enable Edge synchronization
25 Microsoft Confidential
13
Verify successful installation of Mailbox server role
Configure permissions using the Exchange administrator roles
Create mailboxes for users in your organization as needed
Move mailboxes from an existing Exchange Server
Configure public folders (optional)
Configure Messaging Records Management
Configure continuous replication for data and service availability
Configure backups for disaster recovery
Configure Calendar Concierge features
Configure out-of-office features
Configure the spam confidence level (SCL) junk e-mail folder
threshold
27 Microsoft Confidential
14
Unified Messaging server must be a
member of a domain before the Unified
Messaging server role is installed for a new
Unified Messaging server object to be
created during the installation
Infrastructure placement: corporate network
Requires Mailbox and Hub Transport server
roles installed
29 Microsoft Confidential
15
Deployment scenarios
Deployment prerequisites
Role configuration
Edge Transport server role
Client Access server role
Hub Transport server role
Mailbox server role
Unified Messaging server role
Virtualization deployment guidelines
31 Microsoft Confidential
32 Microsoft Confidential
16
No support stance (yet) with 2010 (Beta)
Exchange Server 2007 support stance
Hub Transport, Client Access Server, Mailbox
and Edge
Not Supported
Unified Messaging
Not Recommended
Mailbox Role
Must meet processor and disk requirements
May not make sense: Edge Server Role
33 Microsoft Confidential
17
35 Microsoft Confidential
Complete Lab 1
36 Microsoft Confidential
18
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
19
Exchange Server 2010 (Beta) Ignite
Module Number 03
Microsoft© Corporation
2 Microsoft Confidential
1
3 Microsoft Confidential
Example hardware
Standard configurations
Vendor loaned ―specials‖
Topologies
PerfSimple/PerfBasic
Low load, all-in-one config
PerfComplex
Medium to high load with all roles on individual
machines
Tools
4 Microsoft Confidential
2
Strategic choice made by the product group
Product group focused on supporting large
mailboxes at low cost, goal to further
decrease input/output (I/O) to reduce Total
Cost of Ownership (TCO)
Scaling up increases risk that an outage or
failure affects more users
Scaling out provides an opportunity for high
availability at low cost
5 Microsoft Confidential
6 Microsoft Confidential
3
erinbook@microsoft.com
7 Microsoft Confidential
8 Microsoft Confidential
4
Single role servers
Beta: 12 cores maximum
No benefit from moving to 16 cores
Known issues updating memory across cores
Code takes longer to execute; transaction costs
rise
Processor cross-talk
High scale all-in-one server—currently under
investigation
Beta: 16 cores max
Multiple processes
Cross-talk less of an issue
9 Microsoft Confidential
cache
Core1 Core2
Core3 Core4
Socket/Die 1
cache
Socket/Die 2
10 Microsoft Confidential
5
Sizing Impact
Crosstalk increases with utilization
Exchange sizes for 75% utilization
Don’t add sockets to reduce to 50%
Two ways to address crosstalk
Hypervisor to segment processes to specific
processor dies (currently not available in
Hyper-V)
Windows Resource Manager – segment
processes to specific processor dies
11 Microsoft Confidential
6
The system requirements may change prior to RTM, so be sure to check the
final guidance when it is released.
Max Processor Recommended Max Memory Recommended
Roles
Configuration Processor Configuration Memory
8 GB plus 2-6 MB
All-In-One Servers 16 cores 8 cores 64 GB
per mailbox
2 GB per core or 4
Unified Messaging 12 cores 4 cores 16 GB GB (minimum)
13 Microsoft Confidential
14 Microsoft Confidential
7
Internet Security and Acceleration (ISA) Server 2006
Kernel memory limitations imposed by the 32-bit
architecture
ISA:CAS ratio 3:1 (worst case)
Important when you have a large percentage of your users connected
via Outlook Anywhere, as the ratio of Transmission Control Protocol
(TCP) connections to users is much higher than you would see for
Outlook Web Access (OWA), ActiveSync, POP, or IMAP traffic
Beyond ISA 2006 … pre-release product information
Forefront Unified Access Gateway (UAG)
Next-generation secure remote access product and the future version
of Microsoft Intelligent Application Gateway—native 64-bit architecture
Will be tested with Exchange Server 2010 (Beta)
Forefront Threat Management Gateway (TMG)
Next-generation network security product and the future version of
Microsoft ISA Server—native 64-bit architecture
Will be tested with Exchange Server 2010 (Beta)
15 Microsoft Confidential
16 Microsoft Confidential
8
I/O reduced by 70% from Exchange Server
2007
Optimized for Serial Advanced Technology
Attachment (SATA) disks
Two socket platform is optimal
Crosstalk a concern
High Availability improvements
Introducing Database Availability Group (DAG)
17 Microsoft Confidential
18 Microsoft Confidential
9
Size for double failures
Do not over-commit resources
Spread node failure across all available nodes not one or two
Distribute database (DB) copies across nodes in a matrix
Seed compression/encryption (opt in)
Improved DB seed/log shipping performance across wide
area network (WAN)
Log shipping compression/encryption (opt in)
New log shipping architecture (Transport Control Protocol (TCP)
socket based as opposed to Server Message Block (SMB))
Improved high latency capability
Scales/database (TCP connection per database)
Use multiple 1 GB networks or 10 GB network
Improves LAN re-seed/log replication queue drain performance
Especially with large servers and/or large databases
19 Microsoft Confidential
Removal of DSProxy
Consolidation of store access paths
MAPI on the Middle Tier (MoMT)
Remote procedure call (RPC) endpoint for
Outlook
MAPI connection pool CAS MBX
Connection limitation on store not a factor
20 Microsoft Confidential
10
Entourage
Exchange Components Exchange Components
Transport
WS
Transport WS Agents
OWA
Agents OWA
Mailbox Agents
UM
Mailbox Agents
UM
Sync Outlook / MAPI Sync
clients
clients
Middle
Tier
MAPI.Net
Tier
Core Objects
Entourage
MAPI.Net
MAPI RPC DAV
Mailbox
Mailbox
MAPI RPC
Store
Store
21 Microsoft Confidential
Failover:
Client disconnected
for 1-15 minutes
CAS Failure:
MBX MBX Client just
reconnects
MBX1 MBX2
Failover:
Connected client
Exchange 2007 disconnected for 60- Exchange 2010
90 seconds (POR)
22 Microsoft Confidential
11
60K connections / MBX server
Outlook Clients
MBX
# of CAS servers
x
100 connections / CAS MoMT
service/process
MBX
Outlook Clients Exchange CAS NLB
23 Microsoft Confidential
24 Microsoft Confidential
12
With transport dumpster changes and
Extensible Storage Engine (ESE)
improvements, transport I/O operations per
second (IOPS) requirements are targeted to
be reduced by more than 50%
Database compression
7-bit compression and XPRESS
DB cache size 64 MB min and 1 GB max
Large messages are supported without
causing backpressure
25 Microsoft Confidential
26 Microsoft Confidential
13
Use 4 core
4-8 GB of RAM recommended
More than 8 GB is not shown to improve TCO or
scale
Not recommended combining with other roles
Audio quality can be affected – still investigating
Place close to the mailbox servers that host
mailboxes of the UM enabled
Voice mail preview
Need to adjust guidance based on this feature
27 Microsoft Confidential
28 Microsoft Confidential
14
Currently under investigation
30 Microsoft Confidential
15
Sizing guidance will account for expected overhead
from virtualization technology
Exchange application is not virtualization aware
No plans to change Setup experience
Fully assess the risks/benefits before deploying
Exchange in a virtualized environment
Exchange is a business critical application directly affecting
broad base of users every day
Virtualization can add complexity and risk to your
environment
Sharing infrastructure is a bad thing
Build out virtual machine configuration prior to
installing Exchange
31 Microsoft Confidential
16
Supported
Microsoft an third party virtualization platforms
within the Server Virtualization Validation
Program (SVVP)
Not supported
Unified Messaging (UM) Role
Hypervisor-provided clustering, migration or
portability solutions (i.e. quick migration)
Unknown
Windows 7 features (i.e. live migration)
33 Microsoft Confidential
34 Microsoft Confidential
17
Profiling
Exchange Profile Analyzer (EPA)
Performance Monitor (Perfmon)
Sizing
Exchange Server 2010 (Beta) storage
calculator (beta pending)
Spreadsheet available to plan for the storage you
need based on user profile
Validation
Jetstress 2010 (beta in April)
Exchange load generator ―Loadgen‖
35 Microsoft Confidential
User Profile
(Mailflow & Other Details)
Exchange Profile Analyzer
Exchange Storage
Calculator 2010
36 Microsoft Confidential
18
Generates statistical profile of user actions
Messages sent and received/day
Rule counts
Inputs
Item size and counts
Crawls mailboxes with MAPI (previously DAV)
OWA log analysis tool and ―summarizer‖
Accuracy somewhat dependent on how
users manage their mailbox
37 Microsoft Confidential
38 Microsoft Confidential
19
Jetstress
Jetstress should always be run on a new
deployment to validate storage reliability and
performance prior to Exchange deployment
It’s cheap and easy to run!
Loadgen
Loadgen should be used where you have a
need to validate end-to-end Exchange
configuration
Be aware of what the tool can and cannot do
Loadgen cannot replicate your client activity with
100% accuracy
39 Microsoft Confidential
40 Microsoft Confidential
20
The only supported multi-protocol load generator for
Exchange
Replaces Loadsim and ESP
Overall platform targets Exchange 2000 Server
through Exchange Server 2010 (Beta)+
Windows UI interface as well as a command-line
interface
Both task-based and scripted simulation modes
Consumed both internally at Microsoft and externally
Existing modules include: Outlook® 2003/2007 (online
and cached), Post Office Protocol (POP), Internet
Message Access Protocol (IMAP), Simple Mail
Transfer Protocol (SMTP), OWA, ActiveSync… others
in development
41 Microsoft Confidential
Capacity planning
The process of determining the optimal hardware
configuration which will support a given system
load within identified performance constraints
(response time, CPU/memory utilization)
Scalability
The capability of a system to increase total
throughput when resources (typically hardware)
are added
Performance
Cost of performing an operation in isolation (CPU,
memory, disk I/O, network, latency)
42 Microsoft Confidential
21
43 Microsoft Confidential
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
22
Exchange Server 2010 (Beta) Ignite
Module Number 04
Microsoft© Corporation
1
Client Access Server
2
Used by Outlook, Entourage, Exchange ActiveSync clients and
Exchange Web Services applications
Auto-configures client for end user
Within corporate network, Outlook magically configures itself without
requiring any user entry
From outside the corporate network, user enters e-mail address, user
name and password
Outlook automatically adjusts when Exchange configuration changes or
mailboxes are moved
Works ―out of the box‖ for intranet clients
Self-signed certificates auto-installed to work with internal clients
Deploy on the Internet for Outlook Anywhere clients
https://<your domain.tld>/autodiscover/ or https://Autodiscover.<your
domain.tld>/autodiscover/
Requires valid Secure Sockets Layer (SSL) certificate to prevent domain
spoofing
New in Exchange Server 2010 (Beta)
SOAP-based Autodiscover service with WS-Security and batch request
support
3
1 2 3
Outlook’s Scheduling Assistant The user’s home CAS Local free/busy information
calls EWS’ server determines which is retrieved via MAPI RPC
GetUserAvailability method mailboxes are local vs. in from the mailbox
using the URL determined via remote sites
Autodiscover MAPI RPC
HTTPS Request Exchange
Outlook requests
free/busy for Web Services
Free/busy
John@nwtraders.com
Amy@nwtraders.com results CAS John’s
Exchange 2007
5 AD Site 1 Mailbox Server
The original CAS server
combines the local and HTTPS Free/busy
remote results and Request results
returns them to Outlook
Meeting
suggestions
returned MAPI RPC
Exchange
for new Web Services
―Scheduling 4
Requests for remote sites Amy’s
Assistant‖ CAS
Exchange 2007
are proxied to remote
CAS servers AD Site 2 Mailbox Server
Site or forest
MailTips will be available in Outlook 14 (screenshot below) and Outlook Web Access 2010
boundary
(cross org not supported)
Group EWS
Metrics File EWS
GetMailTips (HTTPS)
4
EWS in Exchange Server 2010 (Beta) introduces new APIs to support federated
sharing outside the organization. The following table shows the benefits:
IT IT can restrict sharing to Can enable free busy access for entire
specific domains and max org.
level of detail. Only needs to establish trust once
Does not require privileged No need for external contacts in GAL.
service account or full AD
trust.
Provides a service that traces the servers a message went through from start to finish.
Works across organizations.
Org 1 Org 2
Sharing
relationship
CAS CAS
GetMessageTrackingReport
HTTPS Note: The same architecture is
HTTPS
used cross-site within one
Client Windows Live Id authentication
organization. Cross-site HTTP
calls are cheaper than RPCs.
5
Outlook connecting
What’s changed with Outlook
RPC Client Access Services (RPC Anywhere
Client Access Services Tier): Clients HTTP
now connect to CAS instead of MBX
DoMT (Directory on the Middle Tier): Windows
A full NSPI endpoint to replace DSProxy 2008+
Requirements RPCHTTP
Windows 2008 RPC HTTP RPC
Load balancer for RPC Client Access
Services should be different from CAS
RPCHTTP but may be the same RPC Client Access
servers Services + DoMT
Impact
LDAP RPC
DoMT resolves issues surrounding
DSProxy and split HTTP connections
Cross-site moves/failovers will require
additional configuration to be seamless
to clients
AD Mailbox
Exchange Server 2010 (Beta) CAS still distributes OABv4 via Background Intelligent Transfer Service
(BITS) over HTTP(s) for Outlook 2007 or later – no version change!
6
HAB support is accomplished by populating
objects with organization tree information (e.g.
departments and sub-departments)
List of properties stored in OAB is viewed by
Get-OfflineAddressBook
OAB properties list customization
Set-OfflineAddressBook
–ConfiguredAttributes <att1>,<att2>
Globally enable OAB distribution
Customizing the OAB properties list can result in
generation of large diff files
Set-OfflineAddressBook
–GlobalWebDistributionEnabled:$true
7
Outlook Clients
What?
A new service in Exchange Server 2010
(Beta) for Outlook to connect to CAS
instead of connecting directly to MBX
servers
Why?
Reduce code and client logic in Exchange Exchange CAS Array
store process for increased reliability
Use the same business logic for Outlook
and other CAS clients
Calendar logging + fix up
Content/body conversion # of CAS servers
x
Provide a better client experience during 100 cnx / CAS server
switchovers/failovers MBX
When a MBX server fails over, Outlook client will
only see ~30 sec disconnection, as compared to
1-15 min before
Support more concurrent
connections/mailboxes per Mailbox server
CAS machines
Entourage
Exchange Components Exchange Components
Transport
WS
Transport WS Agents
OWA Agents
Mailbox
OWA
Mailbox
Agents UM Agents UM
Sync Outlook / Sync
MAPI clients
Middle
MAPI clients
Tier
MAPI.Net
Tier
Core Objects
Entourage
MAPI.Net
MAPI RPC DAV
Mailbox
Mailbox
MAPI RPC
Store
Store
8
Exchange Server 2007 Exchange Server 2010
Outlook / MAPI Outlook / MAPI
clients clients
CAS Array
RpcProxy Proxy
CAS
Common
Logic
MAPI.Net
MAPI
Mailbox
MAPI RPC DSProxy NSPI LDAP
RPC
Store Store
ESE Mailbox AD ESE AD
# of CAS servers
x 100 connections / CAS RPCCA
service/process
MBX
Outlook Clients Exchange CAS NLB
9
No in-place upgrade: deploy new Exchange Server 2010 (Beta) servers
CAS-CAS
proxy
Internet
OWA Exchange Beta: CAS2010 manual redirect to CAS2007; user get new ―legacy‖ OWA URL
for FE2003—RTM: CAS2010 redirects to CAS2007 or MBX2003—all users use CAS2010
URL
Outlook Intranet RPC Leverages RPC Client Access service for mailbox access
IMAP4/POP3 Users get new ―legacy‖ hostnames for CAS2007 and FE2003 access
10
CAS to MBX RPC communication requires good network connection
Every AD Site with Exchange Server 2007 mailboxes needs a CAS role
Redirection
When: A CAS in the user’s mailbox AD site Is
available on the Internet, but the user goes to
an OWA URL for a CAS in a different AD site Redirect CAS-USA
What: OWA will show a page telling the user
which OWA URL they should be using for
access to their home AD site User-Italy
Use ―externalUrl‖ config key to control OWA CAS-Italy
redirection
Proxy
When: No CAS in the user’s mailbox AD site
is available on the Internet—the user uses
the OWA URL for a CAS in a different AD CAS-USA
Proxy
site
What: OWA will proxy the user requests to
the CAS in the mailbox AD Site User-Italy
Use ―internalUrl‖ configuration key to control
CAS-Italy
OWA proxy behavior
Comments &
CAS->MBX Redirect CAS->CAS Proxy CAS-> CAS
Consequences
Autodiscover + redirection
EAS 2010/2007
logic
Must have a CAS server in each Exchange
No Yes
AD site to use OWA/EAS/Web Services
Web Services 2010/2007
(Outlook 2007+ other Autodiscover
apps)
OWA 2003
Yes, via HTTP No Direct access from CAS2010 to MBX2003
EAS 2003 Not Required due to
CAS-> MBX comm.
Between AD sites
Outlook Anywhere with Direct access from CAS2010 to
MBX 2003/2007/2010 OLK2007 and newer: MBX2003/2007/2010
Yes, via RPC Autodiscover
Outlook Intranet RPC OLK2003 and older : No
with MBX 2010
Outlook Intranet RPC
Not Required due to client->MBX direct comm.
with MBX 2003/2007
IMAP/POP clients must access a CAS in the
IMAP4/POP3 No Coming soon mailbox AD Site directly and must access a
CAS matching the mailbox version
11
OWA and EWS require server affinity Client
During a session, all client requests must go to
the same CAS server
Other CAS services do not require client-server
affinity
NLB using Client IP or
Client IP-based load balancing
3rd party cookie LB
Cookie-based load balancing
―Poor man’s‖ solution
Windows Network Load Balancing (NLB)
Affinity fails if client IP changes during session UAG
array
Does not work behind reverse proxies like ISA
since the client IP is masked by the reverse proxy
ISA 2006 and UAG can do client IP LB for
servers behind it UAG cookie LB
Client
Scenario
Service is contacted on CAS in site A
Service needs to proxy request to
CAS in site B which is closer to
targeted mailbox
Site B has load balanced CAS
servers (NLB, reverse proxy)
CAS-to-CAS enabled services EWS NLB
NLB array bypass
ActiveSync, Availability, MailTips
Support in POP/IMAP coming soon
EWS bypasses NLBs
Subscriptions need CAS affinity
Configurable via cmdlet
CAS1 CAS2 CAS3
12
Improved scalability with lower memory and CPU
utilization
MIME fidelity improves reproduction of MIME in cases
of DBCS handling, signed and encrypted messages
Added (back) Delegate Access support
Duplicate download of messages mitigated for most
cases
Hidden messages are not retrieved anymore
R4: Adding service discovery support for HA scenarios
13
Perimeter
Network
Active
HTTPS Directory
Service
Account
Reverse
Firewall
Firewall
for CAS->MBX
Proxy w/ access
Pre-authN Client Access Mailbox
14
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
15
Exchange Server 2010 (Beta) Ignite
Module 05
Microsoft© Corporation
Please DO NOT take photos or video of Sessions or Slides throughout the TechReady Event
2 Microsoft Confidential
1
Exchange Server 2010 (Beta) Architecture
overview
Mobility with Exchange Server 2010 (Beta) and
Windows Mobile 6.5
Feature Set
Demo
Outlook Web Access in Exchange Server 2010
(Beta)
Feature Set
Demo
3 Microsoft Confidential
External
SMTP
servers
Mailbox Unified Messaging
Storage of Voice mail &
Mobile mailbox items voice access
phone
Client Access
Web
Client connectivity
browser Web services
Outlook
Line of business
(remote user)
application
4 Microsoft Confidential
2
5 Microsoft Confidential
3
Apple
7 Microsoft Confidential
Conversation View
Free/Busy Lookup
Read your voicemail (Enhance Voice Mail)
Short Message Service (SMS) from your computer
Find any e-mail in your mailbox
Remember to tell them you’re on vacation
Access documents while you’re out of the office
Top Secret E-mail protection
POP/IMAP service discovery
4
EAS sync state upgrade
POP/IMAP service discovery
POP/IMAP performance improvements
Calendar now support lunar calendars
Downloadable Outlook Mobile client
Use of temp installer and Skyline server
9 Microsoft Confidential
SharePoint
2003/2007 Server
SharePoint
Request Proxy via
Exchange CAS Exchange
Internet Exchange Mailbox Server
CAS Server
ISA Server /
Reverse Proxy
Active Directory
DMZ Intranet
10 Microsoft Confidential
5
Sync Authentication Encryption
Color Key
Exchange 2007 SP1
Exchange 2007 RTM
Exchange 2003 SP2
12 Microsoft Confidential
6
13 Microsoft Confidential
14 Microsoft Confidential
7
15 Microsoft Confidential
16 Microsoft Confidential
8
OWA premium for IE, FireFox, and Safari
Improved threaded conversation view
Integrated Presence and IM for SPOG UC Experience
Nickname cache
See your UM Voice Mail Messages
External Calendar sharing and Side by Side
Calendaring
SMS Sync in OWA (Outlook and Mobile too!)
Favorites folders
Advanced search
End User Archiving and access to archive
Distribution group creation
IRM
Delegate access
17 Microsoft Confidential
18 Microsoft Confidential
9
19 Microsoft Confidential
20
10
21 Microsoft Confidential
SMS Provider
User Recipient
22 Microsoft Confidential
11
SSL
User
SSL
Exchange
Server 2010
Recipient (Beta)
23
•UCWeb.DLL
•Cert. must be from same CA
•Can •Collaboration.DLL
use an internal CA
•Multiple CAS = Multiple Certs.
•Cert.•SipEPS.DLL
must use FQDN
Set-OwaMailboxPolicy
Certificate Authority
OCS 2007 R2 Active Directory
Set-OwaVirtualDirectory
-InstantMessagingEnabled:$true
–Identity <identity
Forefront name>
-InstantMessagingType:server
UAG Server
–InstantMessagingType:server
–InstantMessagingEnabled:$true
Set-CASMailbox <MailboxIdParameter>
Exchange 2010 CAS Exchange 2010 MBX
-OwaMailboxPolicy <MailboxPolicyIdParameter>
24
12
Delegate access
Distribution group creation
IRM
Archiving
25 Microsoft Confidential
26 Microsoft Confidential
13
27 Microsoft Confidential
14
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
15
Exchange Server 2010 (Beta) Ignite
Module Number 06
Microsoft© Corporation
2 Microsoft Confidential
1
Joe Person-Person Pat
relationship
Requires Microsoft
Org 1 Org 2
Federation Gateway
(MFG)
Broker service only, no
credentials
No passport /Windows
Live accounts or
Angi Jon
passwords shared
Org 1 Org 2
Org-org relationship
3 Microsoft Confidential
4 Microsoft Confidential
2
Today (Exchange Server 2007) MFG
Complex, proprietary trust Simple, standards-based trust
management MFG acts as trust broker
Cloud
Services
MFG
6 Microsoft Confidential
3
DNS TXT record with the AppID
IN TXT AppID=001600008000000F
Add account name space for contoso.com
Set-FederatedOrganizationIdentifier -
DelegationFederationTrust MFG Trust
-AccountNamespace contoso.com
Subsequent domains
Set-FederatedDomain –DomainName
contosoresearch.com
7 Microsoft Confidential
8 Microsoft Confidential
4
9 Microsoft Confidential
5
11 Microsoft Confidential
Paul@fabrikam.com adds
Crystal@ contoso.com to a
meeting
Fabrikam AS determines Crystal
is an external recipient and looks
up sharing relationship
Fabrikam AS requests a
delegation token for Paul for use
by AS in Contoso
Fabrikam AS includes the
delegation token in the free/busy
request to Contoso AS
Contoso AS determines Paul is
an external recipient; Performs
authorization by validating the
organization relationship for
contoso.com; retrieves the data
from the calendar folder
Contoso AS returns free/busy
data to Fabrikam AS
Paul sees free/busy information
12 Microsoft Confidential for Crystal
6
Exchange Server Exchange Server
2010 (Beta) 2010 (Beta)
13 Microsoft Confidential
14 Microsoft Confidential
7
Sharer sends invitation to
share his calendar/contacts
to recipient outside of the
Exchange organization
Sharing Invitation contains
sharing payload
Encrypted with POP key
Receiver’s e-mail
address
Alias support
Calendar subscription is
created in receiver’s
Calendar with target
information of the sender
15 Microsoft Confidential
Set-FederatedDomain –DomainName contosoresearch.com Additional domains can be registered to allow users with e-mail
addresses in those domain to get delegation tokens.
16 Microsoft Confidential
8
Scenarios
17 Microsoft Confidential
18 Microsoft Confidential
9
19 Microsoft Confidential
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
10
Exchange Server 2010 (Beta) Ignite
Module Number 07
Microsoft© Corporation
2 Microsoft Confidential
1
Lowering costs
Increased availability
Better administrative control
Operational excellence
3 Microsoft Confidential
2
mail.que database improvements
Increased Extensible Storage Engine (ESE)
page size to 32 KB
ESE Database (DB) page compression
ESE version store maintenance
Better use of intrinsic long value storage
Increase DB cache size and checkpoint depth
Decrease transport dumpster size through
truncation feedback to improve cache efficiency
Result: More than 50% reduction in IOPS (hub)
5 Microsoft Confidential
350
300
250
200
VersionBucketsHighThreshold (200) E2007
150 E2010
VersionBucketsMediumThreshold (120)
100
50
0
10mb 30mb 90mb 150mb 200mb 370mb
Message Size
6 Microsoft Confidential
3
Overview
Shadow messaging—transport redundancy
Automated server recovery
Transport dumpster
7 Microsoft Confidential
Goals
Increased reliability without increased hardware costs
Enabled by default
Shadow redundancy similar to transport dumpster
Data retained on previous hop until delivered
When failure in next hop detected, previous hop
resubmits
SMTP extensions used (create little overhead)
Ellimination of RAID overhead
50% IOP„s reduction for 80% Write I/O„s
8 Microsoft Confidential
4
1. Hub (shadow) delivers message to Edge1
(primary)
Hub Detects that Edge1 supports Transport
1 redundancy through XSHADOW verb
Hub moves message to shadow queue and stamps
Edge1 as current, primary owner
10 Microsoft Confidential
5
Delayed acknowledgement after end of data
SMTP submission from Exchange 2003/2007, 3rd
party Message Transfer Agent( MTA ) and Mail User
Agent (MUA - UM, POP and IMAP clients)
MUA (UM, POP and IMAP clients)
250 response delayed up to 30 sec (default)
If transport server fails before ack, client resubmits
Mailbox Submission redundancy relies on copy of
message in sender‟s “Sent Items” folder
Mail Submission Service resubmits copy when hub
doesn‟t acknowledge successful delivery of message
System generated (Journal Report, NDR) are
considered “side effects” of original message
submission, tracked as part of original delivery status
11 Microsoft Confidential
ShadowRedundancyEnabled : True
ShadowHeartbeatTimeoutInterval : 00:05:00
ShadowHeartbeatRetryCount : 3
ShadowMessageAutoDiscardInterval : 2.00:00:00
12 Microsoft Confidential
6
13 Microsoft Confidential
7
Up to 200% increase in IOPS/msg on hub transport role
when using transport dumpster in AD site with many
storage groups
18 megabyte (MB) quota per storage group using cluster
continuous replication (CCR) results in inefficient JET database
cache
Redelivery request from mailbox role after lossy failover
results in resubmission of entire quota
Analysis has shown that most are detected as duplicates unless
significant log replication lag exists
Can‟t recover data that exceeds dumpster quota (default
18 MB) regardless of how many logs lost in DB failover
Increased quota results in decreased cache efficiency
15 Microsoft Confidential
8
How many items are in the dumpster for each database ?
How much space is the dumpster consuming for each database?
Server : HP64PIZZA50
OldestItem : 6/16/2008 11:06:11 PM
QueueSize : 3645
NumberOfItems : 63
Server : HP64PIZZA50
OldestItem : 6/16/2008 11:06:14 PM
QueueSize : 827
NumberOfItems : 43
17 Microsoft Confidential
9
Exchange Server 2007 Health
Service availability: measurement of process uptime
Error events: large number of error conditions that may cause
service disruption if left undetected
Queue depth: rate of submission exceeds rate of delivery, may or
may not result in latency
Exchange Server 2010 (Beta) Health
Service Availability: aggregation of individual measurements of
process uptime
Categorization Bottleneck: raises alert when rate of submission
exceeds rate of messages entering delivery queue for extended
period of time (5 min)
Delivery Latency: measurements of component latency and raise
alerts when SLA exceeded over long periods of time (30 min)
19 Microsoft Confidential
20 Microsoft Confidential
10
First Exchange Server 2010 (Beta) (H1) Server loops over received
headers for InternalSMTPServers (H1 -> P2 -> P1):
Add Latency header for P2‟s and P1‟s received header
Add OriginalArrivalTime header for P1
Add InProgress header for H1
Server (H3): Loop over Received headers until we reach the previous
Exchange Server 2010 (Beta) server (H3 -> H2 -> H1):
Add Latency header for H2‟s received header
Convert H1‟s InProgress header to latency header
Add InProgress header for H3
21 Microsoft Confidential
InternalMessageId : 2
MessageId : <341fbd56-fce9-41a7-aabd-145949785d66@HP64-SFF77.dns.microsoft.com>
MessageLatency : 00:00:10.5310000
MessageLatencyType : EndToEnd
ComponentServerFqdn : HP64-SFF77.dns.microsoft.com
ComponentCode : TOTAL
ComponentName : Total Server Latency
ComponentLatency : 00:00:09
InternalMessageId : 2
MessageId : <341fbd56-fce9-41a7-aabd-145949785d66@HP64-SFF77.dns.microsoft.com>
MessageLatency : 00:00:10.5310000
MessageLatencyType : EndToEnd
ComponentServerFqdn : HP64PIZZA50.VGPHIG-dom.extest.microsoft.com
ComponentCode : TOTAL
ComponentName : Total Server Latency
ComponentLatency : 00:00:00
22 Microsoft Confidential
11
Why did messages take longer than 20 seconds to deliver end to end?
[PS] D:\>get-messagetrackinglog -server:fesmoke2 -eventid:deliver | where {$_.MessageLatencyType -
eq "EndtoEnd" -and $_.MessageLatency.TotalSeconds -gt 20} | convertTo-messageLatency | where
{$_.Latency -gt "00:00:20" -and $_.ComponentCode -notlike "total"}
InternalMessageId : 1
MessageId : <f8bee984-LB18.BXWLWF-dom.com>
MessageLatency : 00:00:25.7500000
MessageLatencyType : EndToEnd
ServerFqdn : 3859R7-LB18.BXWLWF-dom.extest.microsoft.com
ComponentCode : SMR
ComponentName : SMTP Receive
Latency : 00:00:22
InternalMessageId : 3
MessageId : <32623cfb-LB18.BXWLWF-dom.com>
MessageLatency : 00:00:26.6180000
MessageLatencyType : EndToEnd
ServerFqdn : 3859R7-LB18.BXWLWF-dom.extest.microsoft.com
ComponentCode : SMR
ComponentName : SMTP Receive
Latency : 00:00:24
23 Microsoft Confidential
24 Microsoft Confidential
12
Contoso SLA dashboard– Windows Internet Explorer
http://contoso/sla
Contoso> SLA Welcome Paula | My links | Email this page | Customize | Help
SLA scorecard
SLA scorecard Alerts Billing
Overall SLA 99.2% From 03/05/07 to 04/04/07 Zoom- 1 day/ 1 wk/ 1m/ 3m/ 6m/ 1 yr
CAS 99.5%
OWA 99.5%
25 Microsoft Confidential
26 Microsoft Confidential
13
Better Performance for EdgeSync.
Incremental updates significantly reduces the edge
sync workload
Introduced Deltasync Mode
Support Safe Senders and blocked Senders
Realtime support:
Incremental Updates significantly reduces the edge
sync workload
Junk E-mail Options Assistant propagates blocked
senders lists from mailboxes to AD
EdgeSync pushes blocked senders from AD to ADAM on
Edges
On Edges, the Sender Filtering agent blocks mail from
blocked senders
27 Microsoft Confidential
28 Microsoft Confidential
14
Transport Content Protection
What‟s new in Exchange Server 2010 (Beta)?
Confidential communications
Automatic content-based privacy
Transport Pipeline decryption
Information Rights Management (IRM) in
Outlook and Outlook Web Access (OWA)
Outlook Protection Rules
Business-to-business (B2B) Rights
Management Services (RMS) communication
29 Microsoft Confidential
15
Legal, Regulatory and Financial impacts
Cost of digital leakage per year is measured in $Billions
Increasing number and complexity of regulations
(e.g. GLBA, SOX, CA SB 1386)
Non-compliance with regulations or loss of data can lead
to significant legal fees, fines, and more
31 Microsoft Confidential
Authorized
Users
Information
Leakage
Access Control
List Perimeter Unauthorized
Users
Unauthorized
Users
Firewall Perimeter
16
Enforcement tools are
required—content protection
should be automated.
33 Microsoft Confidential
Automatic
Protection
Enable IT
Infrastructure
34 Microsoft Confidential
17
Windows Platform Information Protection Technology
Better safeguard sensitive information
Protect against unauthorized viewing, editing, copying, printing, or
forwarding of information
Limit file access to only authorized users
Audit trail tracks usage of protected files
Persistent protection
Protects your sensitive information no matter where it goes
Uses technology to enforce organizational policies
Authors define how recipients can use their information
35 Microsoft Confidential
36 Microsoft Confidential
18
Protect message in transit via Transport
Rules action
Protect messages by default at Outlook
Client
Private Voice message automatically
protected by Unified Messaging (UM)
37 Microsoft Confidential
38 Microsoft Confidential
19
New Transport rule action to “RMS protect”
Transport Rules support regular expression
scanning of attachments in Exchange
Server 2010 (Beta)
“Internet Confidential” and “Do Not Forward”
policies are available out of the box
Office 2003, Office 2007, Office 14, and
XPS documents are supported for
attachment protection
39 Microsoft Confidential
40 Microsoft Confidential
20
Allows an Exchange administrator to define client-
side rules that will protect sensitive content in
Outlook automatically
Rules can be mandatory or optional depending on
requirements
Rules look at the following predicates:
Sender‟s department (HR, R&D, etc.)
Recipient‟s identity (specific user or distribution list)
Recipient‟s scope (all within the organization, outside,
etc.)
Rules are automatically retrieved from Exchange
using Autodiscover and Exchange Web Services
41 Microsoft Confidential
42 Microsoft Confidential
21
IRM Protection will be applied by Outlook
Exchange does not require super-user
access to the IRM content:
Achieves protection from the service provider
But has certain limitations:
IRM protected e-mail cannot be shown in Outlook
Web Access
IRM protected e-mail cannot be indexed by the
content indexing engine on the mailbox server
Mail cannot be journaled in the clear to internal or
3rd party archives
E-discovery is unable to access or retrieve these
messages within Exchange
43 Microsoft Confidential
44 Microsoft Confidential
22
45 Microsoft Confidential
Automatic
Protection
Enable IT
Infrastructure
46 Microsoft Confidential
23
Pre-licensing enables offline and mobile
access to RMS protected messages
IRM Feature Parity between Outlook and
Outlook Web Access
Conduct full-text search on RMS protected
messages in Outlook Web Access
47 Microsoft Confidential
24
49 Microsoft Confidential
Automatic
Protection
Enable IT
Infrastructure
50 Microsoft Confidential
25
Enables Hub Transport agents to scan/modify RMS
protected messages
Required for Antivirus scanning, Transport Rules or 3rd
party agents
Decryption Agent
Decrypts message and attachments, using RMS super-user
privileges
Only decrypts once per forest, on the first Hub, to improve
performance
Option to non-deliver (NDR) messages that can‟t be
decrypted
Encryption Agent
Re-encrypts messages, message forks and NDRs with
original Publishing License
51 Microsoft Confidential
• Pipeline RMS
On Decryption Agent
Decrypt AD RMS
Submitted message from
Pipeline
52 Microsoft Confidential
26
Server Decryption agent:
• Attaches clear-text copies of RMS
protected messages and
attachments to journal mailbox
• Requires super-user privileges, off
by default
• Stamps x-Org header to prevent
future decrypt attempts
Archive/Journal
53 Microsoft Confidential
54 Microsoft Confidential
27
Automatic
Protection
Enable IT
Infrastructure
55 Microsoft Confidential
28
57 Microsoft Confidential
Microsoft Services
Gateway Organizations federate 1
nwtraders.com Fabrikam.com Exchange and RMS with
the Microsoft Services
Gateway
AD RMS 2008
58 Microsoft Confidential
29
Microsoft Services
Gateway Organizations federate 1
nwtraders.com Fabrikam.com Exchange and RMS with
the Microsoft Services
Gateway
Message is protected
against Northwind
Traders’s AD RMS server
User in Northwind 2
Traders sends an RMS
protected message to a
recipient in Fabrikam
AD RMS 2008
59 Microsoft Confidential
Microsoft Services
Gateway Organizations federate 1
nwtraders.com Fabrikam.com Exchange and RMS with
the Microsoft Services
Gateway
Fabrikam requests a
delegation SAML token
from the Services
Gateway
User in Northwind 2
Traders sends an RMS
protected message to a
recipient in Fabrikam
Fabrikam’s Exchange 3
server requests a
delegation SAML token
Exchange Server from Services Gateway for
Exchange Server 2010 (Beta)
2010 (Beta) Northwind Traders’s RMS
server
AD RMS 2008
60 Microsoft Confidential
30
Microsoft Services 1
Organizations federate
nwtraders.com Gateway Fabrikam.com Exchange and RMS with
the Microsoft Services
Gateway
Northwind Traders
validates the signature on
the delegation SAML
token and ensures that
the recipient has rights to User in Northwind 2
the message Traders sends an RMS
protected message to a
recipient in Fabrikam
Northwind Traders returns
a license to Fabrikam
which can be used to
decrypt the message in
OWA and enforce rights
Fabrikam’s Exchange 3
server requests a
Exchange Server
delegation SAML token
Exchange Server 2010 (Beta)
from Services Gateway for
2010 (Beta) Northwind Traders’s RMS
server
61 Microsoft Confidential
62 Microsoft Confidential
31
Exchange Server 2010
Supported on Windows Server® 2008
Planned support for Windows Server 2008 R2
RMS integration features require:
RMS on Windows Server 2008 SP2
or Windows Server 2008 R2
B2B RMS requires:
Windows Server 2008 R2 RMS
63 Microsoft Confidential
64 Microsoft Confidential
32
65 Microsoft Confidential
33
Header Information is utilized to extract required
information.
Trusted (internal) Server IP/Ranges must be present in the
InternalSMTPServers AD attribute.
All servers: RFC 2821/2822 “Received” headers provide server
FQDNs, IP addresses and time stamps for every hop messages
take.
Exchange Server 2010 (Beta): The “X-MS-Exchange-
Organization-MessageLatency” and “X-MS-Exchange-
Organization-MessageLatencyInProgress” headers contain
FQDNs and detailed latency data for Exchange Server 2010
(Beta) servers that messages go through.
Exchange Server 2007: The “X-MS-Exchange-Organization-
OriginalArrivalTime” header indicates the time the first Exchange
Server 2007 server is encountered by a message.
67 Microsoft Confidential
Sharing
relationship
CAS CAS
68 Microsoft Confidential
34
IRM right Description
Gives the user every right listed below, and the right to make changes to permissions
Full Control
associated with content. Expiration does not apply to users with Full Control.
Allows the user to open IRM content. This corresponds to Read Access in the Office user
View
interface.
Edit Allows the user to edit the IRM content.
Save Allows the user to save a file.
Allows the user to make a copy of any portion of a file and paste that portion of the file
Extract
into the work area of another application.
Allows the user to save content in another location or format that may or may not support
Export
IRM.
Print Allows the user to print the contents of a file.
Allow Macros Allows the user to run macros against the contents of a file.
Forward Allows e-mail recipients to forward an IRM e-mail message.
Reply Allows e-mail recipients to reply to an IRM e-mail message.
Allows e-mail recipients to reply to all users on the To: and Cc: lines of an IRM e-mail
Reply All
message.
Gives the user permission to view the rights associated with a file. Office ignores this
View Rights
right.
69 Microsoft Confidential
70 Microsoft Confidential
35
Step 3: Outlook detects a sensitive distribution list (DL) and automatically protects as MS
Confidential.
71 Microsoft Confidential
Variant: Administrator can define a policy as required, disabling the Permission button.
72 Microsoft Confidential
36
73 Microsoft Confidential
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
37
Exchange Server 2010 (Beta) Ignite
Module Number 08
Microsoft© Corporation
Compliance Framework
IW & IT Pro Pain Points
Archive – IW Experience
Archive – IT Pro Experience
Exchange Server 2010 (Beta) Features
Summary
2 Microsoft Confidential
1
Component Challenges
“I need an archive for eDiscovery.”
Preserve “We need to a more consistent way to apply
retention policies.”
“Regulations require we set up ethical walls.”
Protect
“We‟re worried about information leakage.”
“Our lawyers need a faster, easier way to hold and
Discover
search email.”
“Our auditors require detailed activity reports of user
Prove
and IT administrator email activity.”
3 Microsoft Confidential
PSTs
• Unlimited storage
PSTs • Portability User Archive Business Archive Backups
• Offline Access (3rd Party) (3rd Party)
Exchange Mailbox User Archive Backups
Mailbox • Highly available Business Archive
• Makes PSTs discoverable Single Item Restore
• Reliable • Discovery across email,
• Enables legal hold on PSTs Rogue Admin
• Outlook/OWA documents, etc.
• Unlimited Mail storage Separation
Mailbox DB • Retention Mgmt
Mailbox DB • Outlook/OWA with stubs Disaster Recovery
Mailbox DBs • Auditing
• Efficient storage (de-
duping, single instancing,
CAS Server compression)
4 Microsoft Confidential
2
IT Pro Perspective End user viewpoint
Out-of-box solution limited Changes workflow
Litigation hold can‟t be enforced on Litigation hold removes PST access
Personal Information Stores (PST) – and user can‟t delete messages
unable to ensure items not deleted Litigation hold causes OST
PSTs cannot be discovered performance to suffer
Lost laptop results in exposure of Quota forces forwards to Gmail
PSTs 3rd party add-in is confusing
Backup/recovery cost prohibitive
Inconsistent experience
PST on network share not supported
Are accessible on local machine only
3rd party solution expensive Search degraded when PST is on a
Licensing cost more than Outlook network share
14/Exchange Server 2010 (Beta) Bad hard drives lead to lost PSTs
Additional hardware needs purchased PST corruptions increase when PST
Delays Office upgrades is located on network share
Deployment touches all desktops As PSTs grow, stability lessens (>5
Add-in cause performance woes gigabytes (GB))
Leads to increased Help Desk cost
5 Microsoft Confidential
PSTs Archive
Mailbox
Primary User Archive Business Archive Backups
Mailbox (3rd Party) (3rd Party)
6
Microsoft Confidential
3
User
IT Pro manages Archive
Account mailboxes same as existing
Archive is an additional Exchange mailboxes
mailbox associated with an AD
existing user account
DAS Storage
7 Microsoft Confidential
8 Microsoft Confidential
4
A secondary mailbox that is
configured by the
administrator
Appears alongside a user‟s
primary mailbox in Outlook or
Outlook Web Access
PSTs can dragged and
dropped to the Online archive
Primary mailbox data can be
moved automatically using
messaging records
management (MRM)
Retention Policies
9 Microsoft Confidential
10 Microsoft Confidential
5
Move menu has latest Copy/move brings up
used folders, including folder picker which
archive folders includes the archive
Items in Archive
displayed exactly like
any
any other
other folder.
folder
12 Microsoft Confidential
6
Search in a folder in
Search in a folder in
the archive works the
the archive works the
same as any other
same as any other
folder.
folder.
13 Microsoft Confidential
Pre-Conditions:
• Default Move Policy = 2 Year
14 Microsoft Confidential
7
Pre-Conditions:
• Default Move Policy = 2 Year
15 Microsoft Confidential
Pre-Conditions:
• Default Move Policy =
2 Year
• Project X Folder
Move Policy = 1 Year
• Item 1 with Move
Policy = 5 Years
16 Microsoft Confidential
8
17 Microsoft Confidential
Pre-Conditions:
• Default Move Policy = 2 Years
• Default Delete Policy = 7 Years
18 Microsoft Confidential
9
Pre-Conditions:
• Default Move Policy = 2 Year
• Default Delete Policy = 7 Years
• Delete Policy On This Message = 10 years
19 Microsoft Confidential
Pre-Conditions:
• Default Move Policy = 2 Years • Selected Item Move Policy = 5 Years
• Default Delete Policy = 7 Years • Selected Item Delete Policy = 10 Years
• Project X Folder Move Policy = 1 Year • Project X Folder Delete Policy = 6 years
20 Microsoft Confidential
10
21 Microsoft Confidential
Requirements
P1 - enable IT Pro to add and remove the archive
P1 - enable IT Pro to view and manage the archive
P1 - enable IT Pro to migrate the archive
Assumptions
Archive and Primary Mailbox are on same database
(DB), same site, same forest
Users will only have one Archive in Exchange Server
2010 (Beta)
Archives cannot be accessed by delegate users
22 Microsoft Confidential
11
Add the archive to a user
New: Create an archive mailbox for a user
Enable: Enable an archive mailbox for a user
Connect: Connect an existing archive to a user
Remove the archive from a user
Disable: Disconnect the archive for a user
Remove: Remove the archive mailbox from a user
View the Archive
Get: View archive properties (e.g. quota) for a user
Get: View archive statistics (for e.g. size) for a user
Get: Enumerate all archives in a DB or an org
Manage the archive
Set: Set archive properties (e.g. quota) for a user
Import: Import data into an archive
Export: Export data from an archive
Migrate the archive and the primary mailbox
Move: Migrate the archive and primary mailbox
23 Microsoft Confidential
Create user,
mailbox and
archive
Scenario Create new Exchange Server 2010 (Beta) users and add
primary mailbox and archive
Input New-Mailbox -Name „Hal' ……… –archive
12
Enable archive
25 Microsoft Confidential
Scenario Enable Mailbox and Archive for Exchange Server 2010 (Beta)
users with no primary mailbox or archive
Input Get-user hal | enable-mailbox -archive
26 Microsoft Confidential
13
Connect the archive
27 Microsoft Confidential
Remove user,
primary and archive
Scenario Remove the archive, the user account and primary mailbox
Input Remove-mailbox hal
Output Removing the mailbox will remove the Windows user object and mark the
mailbox and archive for removal. Are you sure you want to remove Hal?
28 Microsoft Confidential
14
Remove the
archive only
Scenario Remove the archive only (keep user account and primary
mailbox)
Input Remove-mailbox hal –archive
Output Removing the Archive will mark the archive for removal. Are you sure
you want to remove the Archive for Hal?
29 Microsoft Confidential
Disconnect the
primary and archive
Scenario Disconnect the primary mailbox and the archive from a user
Input Disable-mailbox hal
30 Microsoft Confidential
15
Disconnect the
archive
31 Microsoft Confidential
View Archive
(special icon)
16
Filter the
Recipients
33 Microsoft Confidential
34 Microsoft Confidential
17
Archive quota is set
with other mailbox
quota properties
35 Microsoft Confidential
36 Microsoft Confidential
18
Import PST into
the Archive
37 Microsoft Confidential
38 Microsoft Confidential
19
Preserve
Feature Benefits
Role Based Access Delegate Legal Hold function to non-IT users
through user-friendly ECP GUI
Copy edited and deleted Builds on Exchange Server 2007 hold for
items auto-deleted items
Auto alert notification Eliminates manual alerts to users on hold
Search dumpster Use multi-mailbox search to retrieve
deleted/edited items
39 Microsoft Confidential
Discover
Delegate access to
search graphic user
interface (GUI) to Copy email from
attorney, compliance query and place
officer or HR in PST, mailbox
Search across
primary mailbox,
archives, IRM-
protected and
deleted items
Specific search by
keywords, dates,
content types,
specific mailboxes… and a variety of mailbox items
40 Microsoft Confidential
20
• Centralize PST files in a Online Archive
•
Preserve •
•
Apply granular retention policies per item or folder
Capture edited and deleted items with litigation hold
Decrypt IRM-protected e-mail for journaling
41 Microsoft Confidential
42 Microsoft Confidential
21
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
22
Exchange Server 2010 (Beta) Ignite
Module Number 9
Microsoft© Corporation
Background
Architecture
Customer research and feedback
How Exchange Unified Messaging (UM) is
used at Microsoft
Exchange Server 2010 (Beta) UM
Migration
Administration
Features
Demos
Questions
2 Microsoft Confidential
1
UM protocols
SIP/RTP to
gateway/PBX
LDAP to the directory
MAPI/(RPC) to
mailboxes
Can place UM servers
distant from PBXs
Support scale out and
server consolidation
3 Microsoft Confidential
4 Microsoft Confidential
2
Exchange UM is used most for creating call-answered
voice messages
Outlook Voice Access is very valuable to mobile workers,
but they are often in the minority
Requests for:
Built-in Message Waiting Indicator (MWI) support
Speech recognition (not just in English)
Outbound fax support
Support split messaging/telephony administration model
Better audio support for non-Windows clients
Private voice mail option
Better caller ID resolution
5 Microsoft Confidential
2010 Not supported. Require at least one UM “just works” for the enabled users.
UM 2010 server in the Dial Plan.
3
UM now uses Exchange Role Based
Access Control (RBAC)
Three UM administrative roles, as shipped
UM management
Administer any and all UM functionality
UM mailbox
Provision UM mailbox, PIN reset, clear lockout
UM prompt
Update Dial Plan and/or Auto Attendant prompts
Custom roles may be created
7 Microsoft Confidential
8 Microsoft Confidential
4
The goal is for each UM language pack to contain:
Prerecorded prompts
Text-to-speech (now using Microsoft engine)
Speech recognition (command/control, names)
Beta RTM RTM+120 Days
US English Chinese (PRC) Catalan
German Chinese (Taiwan ROC) Chinese (Hong Kong SAR)
Canadian French Dutch Danish
Mexican Spanish English (Australia) English (Canada)
Japanese English (UK) English (India)
French Finnish
Italian Norwegian (Bo)
Korean Polish
Brazilian Portuguese Portuguese
Spanish Russian
Swedish
9 Microsoft Confidential
MP3
WMA 2
GSM
WMA 9
10 Microsoft Confidential
5
Failure to resolve caller ID to a name is a
major source of complaint by end users
Numbering plan split across UM Dial Plans
Added EquivalentDialPlanPhoneContexts on
DP
FQDNs of other DPs in same numbering plan
Many non UM-enabled users have more than
one phone number
msRTCSIP-Line is not multi-valued
Added UMCallingLineIds to User object
11 Microsoft Confidential
12 Microsoft Confidential
6
Call answer is UM’s most frequent scenario
Play greeting, take message
Users wanted more control
e.g. special greetings by contact, time of day
Call answering rules
Condition: if it evaluates to true, then run…
Greeting and menu: collect caller's choice of…
Action: transfer, "Find me" or leave message
13 Microsoft Confidential
14 Microsoft Confidential
7
Exchange Server 2007 UM did not support MWI
Third-party solutions required
Exchange Server 2010 (Beta) UM supports MWI natively
Configure through UM Mailbox Policy
ON by default
No new roles
Highly scalable
MWI via Short Message Server (SMS)
Requires mail gateway
SIP
NOTIFY
Phone Gateway UM
& PBX servers Mailbox
15 Microsoft Confidential
servers
16 Microsoft Confidential
8
Speech recognition applied to voice mail
Text on delivery
Feature mark-up
Text Preview Audio Playback
of Voice Mail
Searchable
<100% accurate
Contextual Actions
In SMS MWI
17 Microsoft Confidential
18 Microsoft Confidential
9
CPU-intensive: affects UM scalability
Throttled: UM will skip transcription if too busy
Estimate ~1 VM/min/core as throughput
Try to use all cores
Below normal priority
Transcription followed
by:
Transcoding of audio
Creation of message
Submission to Hub
19 Microsoft Confidential
10
Controlled by UM mailbox policy
Requires AD Rights Management Services
Private: protect if sender marks message private
All: protect all messages (don't ask sender)
Always uses Do Not Forward permissions
RequireProtectedPlayOnPhone property
Blocks use of multimedia: no voice data on client
21 Microsoft Confidential
22 Microsoft Confidential
11
Deep investments in UM features that will
add real benefit to common scenarios
Voice mail preview
Call answering rules
Built-in MWI
Protected voice mail
A natural replacement for legacy voice mail
23 Microsoft Confidential
24 Microsoft Confidential
12
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
13
Exchange Server 2010 Ignite
Module Number 10
Microsoft© Corporation
1
Significant innovation in Exchange Server 2007
Reduce storage input/output (I/O) (70%)
Use large amounts of memory (64 bit)
Increased page size (4 kilobyte (KB) -> 8 KB)
Lower storage costs
Support large mailboxes (> 1 gigabyte (GB))
Provide fast search (CI)
Continuous replication (log shipping)
High Availability (HA) + fast recovery
Eliminate single points of failure
3 Microsoft Confidential
2
Random IO
Disk head has to move to process Disk Head
subsequent IO
Head movement = High IO latency
Seek Latency limits
IO (IOPS)
Sequential IO
Disk head does not move to
process subsequent IO
Stationary head = low IO latency
Disk RPM speed limits I/O per
second (IOPS)
7.2K SATA Disk (20ms Latency)
Random = 50 IOPS
Sequential = +300 IOPS
5 Microsoft Confidential
HBA / NAND
RAID
Exchange Server
2010 (Beta)
Mailbox Server
Enterprise SAN
SATA
Array
Hybrid
SSD
6 Microsoft Confidential
HDD
3
IO Reduction SATA/Tier 2
Sequential IO Disk
Optimization
Large, Fast,
Low-cost
Mailboxes
Storage RAID-less
Design Storage
Flexibility (JBOD)
7 Microsoft Confidential
Store schema = the way the store organizes data in the Extensible
Storage Engine (ESE) Database
Exchange Server 2010 (Beta): One simple theme
Move away from doing many, random, small size, disk IOs to doing fewer,
sequential, large size, disk IO's
Significant Benefits
Fast/efficient…
Outlook Web Access (OWA)/Outlook Online Mode
End user viewing for “cold” states/first time view creation
Calendar operations
Search performance
Outlook cached mode/Exchange Active Sync
OST sync = sequential IO
Exchange ActiveSync Server (EAS) sync = sequential IO
Server management
Move mailbox
Content Index Crawls
8 Microsoft Confidential
4
Per Database Per Folder
Mailbox
Exchange
Server
2007
M1 M3 M5 M4 M2
5
Exchange B+ Tree
Server 1078 92 4577 6 872 7210 3278 21 9346
2007
B+ Tree
Exchange
Server 1078 1079 1080 1081 1082 1083 3456 3457 3458
2010 (Beta)
11 Microsoft Confidential
Exchange
All Unread or Flagged items (view)
2010
Pay to Play
M1 M2 M1 M3 M2
Approach
Fewer, sequential, IOs (1 per view)
6
How do you move from random IO to sequential IO?
Element Exchange Server 2007 Exchange Server 2010 (Beta)
Excellent physical contiguity of
Poor physical contiguity of leaf
Physical leaf pages—so fewer, large
pages—hence many, small
Contiguity (ESE) size IOs, spanning N pages (N
size, IOs (1 for each page)
≈100)
13 Microsoft Confidential
7
Database table space allocation hints
Allocate DB space based on either data compactness or data
contiguity (based on usage pattern)
Space Disk
Compactness
Page 1 Page 2 Page 3 Page 4 Page 5
Used Event Used Msg Msg
Page History Page Header Header
Contiguity
Random/Compact Sequential/Bloat
15
Microsoft Confidential
Database Checksum When configured, ½ of OLD maintenance Two options (both Active and Passive copies):
window reserved for sequential scan 1. Run DB Checksum in the background
(Checksum), manual throttle—active DB 24x7 (default). Sequential IO
copy only 2. Run DB Checksum during OLM window.
Sequential IO
8
Exchange Server 2007 Message Header Table (aka MFT)
DB Page
Numbers
FRAGMENTED
Random deletes at the tail
Exchange Server 2010 (Beta) Message Header Table (aka MsgHeader)
CONTIGUOUS
*Production/Dogfood database analysis
Blue = contiguous (good)
Microsoft Confidential
17
Red = fragmented (bad)
9
Exchange Server Page 1 Page 3 Page 5
DB
2007 DB Read 20 Cache
Msg
Header
Msg
Body
Msg
Body
KB Message
Exchange Server
2010 (Beta) DB Page 1 (32KB)
DB
Read 20 KB Cache Msg Header, Msg Body
Message
1 Read IO Disk
Page 1 (32KB) Page 2 (32KB)
32 KB
Pages Msg Header, Msg Body X
19 Microsoft Confidential
Read Behavior
1 Read IO Disk
Page 1 Page 2 Page 3 Page 4 Page 5
20 Microsoft Confidential
10
DB Cache
Exchange
Page 1 Page 2 Page 3 Page 4 Page 5
Server 2007 DB
Write Behavior Dirty Clean Dirty Clean Dirty
Exchange DB Cache
Server 2010 Page 1 Page 2 Page 3 Page 4 Page 5
(Beta) DB Write Dirty Clean Dirty Clean Dirty
Behavior
1 Write IO
Disk
21 Microsoft Confidential
Write
20
IO Latency (ms)
Exchange Server
2010 (Beta) Max 15
Read
IO Size =
256KB for Read 10
384KB for Write
5
0
0 128 256 384 512 640 768 896 1024
IO Size (KB)
SqlIO Test, 1x 750GB 7.2k SATA, no caching array controller
22 Microsoft Confidential
11
Checkpoint depth = the amount of data that has yet to be committed to the
database file (edb)
Exchange Server 2010 (Beta) default checkpoint depth max is increasing from 20
MB to 100 MB only on databases within an HA solution (standalone still 20 MB)
Deep checkpoint benefit = efficient DB writes (40% reduction)
100MB Checkpoint Depth = 40% DB write IO reduction
120
100
Database
80 Pages
Repeatedly
60 Written/sec
40
DB Writes/sec Loadgen Test: 3000 Mailbox, 12 DB,
(avg) Outlook 2007 Online Very Heavy
20 Profile
0
20 40 60 80 100
Deep checkpoint risks = long store shutdown times, long crash recovery times
Risk mitigation: shutdown databases in parallel, failover on store crash
23 Microsoft Confidential
DB IOPS
+70%
Reduction!
500
450
400
350
300 DB Read IO/Sec
250 DB Write IO/Sec
200 DB IO/Sec
150
100
50
0
Exchange Server 2007 Exchange Server 2010 (Beta)
24 Microsoft Confidential
3000 Mailboxes, 3MB DB Cache/user, Loadgen Outlook 2007 Online Very Heavy Profile, 250MB Mailbox Size (build 405)
12
DB IOPS/Mailbox
+90%
1
Reduction!
1
0.8
Exchange Server
0.6 2003
0.33
0.4 Exchange Server
0.11 2007
0.2 Exchange Server
0 2010 (Beta)
Exchange Exchange Exchange
Server Server Server
2003 2007 2010
(Beta)
25 Microsoft Confidential
0
2 4 8 16 32 64
Maximum DB Write IO's Issued
Single 7.2k SATA disk, logs/db on same spindle, Loadgen load generating 250 RPC Operations/second, ~50 IOPS
26 Microsoft Confidential
13
Throttle DB writes based on checkpoint target (QoS)
When checkpoint depth equals 1x ->1.24x of checkpoint target, Limit Max
Outstanding DB writes/LUN to 1
When checkpoint depth meets or exceeds 1.25x of checkpoint target, ratchet up
max outstanding DB writes/LUN
The further behind on checkpoint, the more aggressively we raise the max
outstanding DB writes/LUN (maximum = 512/LUN)
20 MB Max Checkpoint Example
Max Outstanding DB Writes vs. Checkpoint Depth
40
Max Outstanding DB Writes
35 Works for
30 both JBOD
25
SATA and
20
RAID10 SAN!
15
10
5
0
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
27 Microsoft Confidential
45
40
34
35 DB Read Latency (ms)
30
25 Log Write Latency (ms)
20
RPC Average Latency
15 10.1
10 5.1
3.7
5 0.7
0
Exchange Server 2010 Exchange Server 2010
(Beta) Baseline (Beta) Smooth DB IO 3000 Mailboxes, 3MB DB Cache/user, 12 x 7.2k
SATA disks (DB/Logs on same spindles), Loadgen
Outlook 2007 Online Very Heavy Profile
28 Microsoft Confidential
14
Mailboxes/Disk (7.2K SATA)
+4X Mailboxes/Disk!
+500
125
15
Improve HA storage failure HA now detects storage failures
detection and failover and automatically fails over (~30
seconds)
16
1. Page corruption
detected on Active Database Availability Group (DAG)
Copy (e.g. -1018)
17
SAN DAS (SAS) DAS (SATA) JBOD (SATA)
HA = Shared Storage
Clustering HA = CCR
+1.0 IOPS/Mailbox HA = DAG (2 DB copies) HA = DAG (3+ DB copies)
.33 IOPS/Mailbox
3.5” 15K 146GB FC Disks 2.5” 146GB 10K SAS Disks
.11 IOPS/Mailbox .11 IOPS/Mailbox
RAID10 for DB & Logs 3.5” 2TB 7.2K SATA/SAS Disks 3.5” 2TB 7.2K SATA/SAS
RAID5 for DB
Dedicated Spindles RAID10 for DB & Logs Disks
RAID10 for Logs
Multi-path (HBA’s, FC SAS Array Controller (/w BBU) 1 DB = 1 Disk
SAS Array Controller (/w
Switches, SAN array Backup = Optional/VSS SAS Array Controller (/w
BBU)
controllers) Fast Recovery = Database BBU)
Backup = VSS Snapshot
Backup = Streaming off active Failover Backup = Optional/VSS
Fast Recovery = CCR
Fast Recovery = Hardware Fast Recovery = Database
VSS (Snapshots/Clones) Failover
18
Storage Guidance Stand Alone Exchange Server Exchange Server
(Beta) 2010 HA (2 2010 (Beta) HA
copies) (3+ copies)
Storage Type DAS, SAN (Fibre Channel, iSCSI)
Disk Type SAS, Fibre Channel, SATA , SSD
RAID RAID recommended RAID optional
RAID Type RAID-1/0, RAID-5, RAID-6 JBOD
DB/Log Isolation Best Practice Not required
Windows Disk Type Basic (recommended), Dynamic
Partition Type GPT (recommended), MBR
Partition Alignment Windows 2008 Default (1MB)
File System NTFS
NTFS Allocation Unit 64 KB for both database and log volumes
Size
Encryption Support Outlook Protection Rules, Bitlocker
37 Microsoft Confidential
38 Microsoft Confidential
19
39 Microsoft Confidential
40 Microsoft Confidential
20
New Exchange Server 2010 (Beta) behavior…
M1 M1 M1
M2 M2 M3
M3 M3 M5 Contiguous
M4 M4 M7
M5 M5 M10
Contiguous Fragmented
M6 M6 M11
M7 M7 M12
M8 M8 M13
M9 M9 M14
M10 M10 M15
41 Microsoft Confidential
21
AD site: Dallas
Database
Availability
Group
(DAG)
Mailbox Mailbox Mailbox Mailbox Mailbox
Server 1 Server 2 Server 3 Server 4 Server 5
43 Microsoft Confidential
Exchange 2010 Storage Guidance Stand Alone Database Availability Group: 2 nodes, 2 Database copies Database Availability Group: 3+ nodes, 3+ Database copies
Storage Type
Direct Attached Storage (DAS) Supported Supported Supported
Storage Area Network (SAN): iSCSI Supported. Best Practice = Do not share physical disks backing Exchange data with Supported. Best Practice = Do not share physical disks Supported. Best Practice = Do not share physical disks backing
other applications. backing Exchange data with other applications. Exchange data with other applications.
Storage Area Network (SAN): Fiber Channel (FC) Supported. Best Practice = Do not share physical disks backing Exchange data with Supported. Best Practice = Do not share physical disks Supported. Best Practice = Do not share physical disks backing
other applications. backing Exchange data with other applications. Exchange data with other applications.
Best Practice = Do not place both database copies on the Best Practice = Do not place both database copies on the same
same physical spindles. physical spindles.
Network Attached Storage (NAS): SMB Not Supported Not Supported Not Supported
Physical Disk Type
SATA Supported, requires battery backed caching array controller for data integrity Supported, requires battery backed caching array Supported, requires battery backed caching array controller for
controller for data integrity data integrity
Database Files/Volume Based on backup methodology Based on backup methodology RAID = based on backup methodology, JBOD = one DB
file/volume is recommended
Log Streams/Volume Based on backup methodology Based on backup methodology RAID = based on backup methodology, JBOD = one log
stream/volume is recommended
Windows Disk Type
Basic Disk Recommended Recommended Recommended
Dynamic Disk Supported Supported Supported
Partition Type
GUID Partition Table (GPT) Recommended Recommended Recommended
Master Boot Record (MBR) Supported Supported Supported
Partition Alignment Windows 2008 Default: 1MB Windows 2008 Default: 1MB Windows 2008 Default: 1MB
Volume Path Drive Letter or Mount Point (mount point host volume must be RAID’d) Drive Letter or Mount Point (mount point host volume Drive Letter or Mount Point (mount point host volume must be
must be RAID’d) RAID’d)
File System NTFS support only NTFS support only NTFS support only
NTFS Defragmentation Not required, not recommended Not required, not recommended Not required, not recommended
NTFS Allocation Unit Size 64KB for both edb and log volumes 64KB for both edb and log volumes 64KB for both edb and log volumes
NTFS Compression Not Supported for Exchange Database files Not Supported for Exchange Database files Not Supported for Exchange Database files
NTFS Encrypted File System (EFS) Not Supported for Exchange Database files Not Supported for Exchange Database files Not Supported for Exchange Database files
Windows Bitlocker (volume encryption) Supported for all Exchange database and log files Supported for all Exchange database and log files Supported for all Exchange database and log files
44 Microsoft Confidential
22
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
23
Exchange Server 2010 (Beta) Ignite
Module Number 11
Microsoft Corporation
1
Exchange Server 2007
Availability Solutions
2
2. Inspect logs
Database Database
Log E00.log Log
E0000000012.log
E0000000011.log
1. Copy logs 3. Replay logs
SCR managed
CCR #1 CCR #1 CCR #2
separately; no
CCR #2
Node A Node B Node A Node B GUI
3
Windows Failover Cluster
Default Cluster Clustered Mailbox
Group Server (CMS)
Cluster
Cluster
Networks
Database
4
Database Availability Group
5
Reduce complexity
Reduce cost
Native solution - no single point of failure
Improve recovery times
Support larger mailboxes
Support large scale deployments
Make High Availability Exchange
deployments mainstream!
11 Microsoft NDA Only
6
AD site: Dallas
Client Access
Client All clients connect Server DB1
via CAS servers DB3
DB5
AD site: San Jose Mailbox
Server 6
Easy to
Client Access stretch across
Server sites
Failover
managed within
Mailbox Mailbox Mailbox Mailbox Mailbox Exchange
Server 1 Server 2 Server 3 Server 4 Server 5
7
Exchange
Administrative
Group
Database
Servers Availability Databases
Groups
Database
16 Microsoft NDA Only Copy 1
8
Database Availability
Group (DAG)
Server
Database
Database Copy
Active Manager (AM)
RPC Client Access
service
DAG
9
Unit of membership for a DAG
Hosts the active and passive copies of multiple mailbox databases
Executes Information Store, CI, Assistants, etc., services on active
mailbox database copies
Executes replication services on passive mailbox database copies
Provides connection point between Information Store and RPC Client Access
Very few server-level properties relevant to HA
Server’s Database Availability Group
Server’s Activation Policy
RCA
10
Unit of *over
A database has 1 active copy – active copy can be
mounted or dismounted
Maximum # of passive copies == # servers in DAG – 1
11
Availability Terms
Active: Selected to provide email
services to clients
Passive: Available to provide email
services to clients if active fails
Replication Terms
Source: Provides data for copying to
a separate location
Target: Receives data from the
source
Scope of replication
A copy is either source or target of replication at any given time
A copy is either active or passive at any given time
Only 1 copy of each database in a DAG is active at a time
A server may not host >1 copy of a any database
Mailbox Mailbox
Server 1 Server 2
DB1 X DB1
DB2 DB2
DB1
DB3 DB3
25 Microsoft NDA Only
12
Defines properties applicable to an individual database copy
Copy status: Healthy, Initializing, Failed, Mounted, Dismounted, Disconnected,
Suspended, FailedandSuspended, Resynchronizing, Seeding
CopyQueueLength ActiveCopy
ReplayQueueLength ActivationSuspended
13
Active Directory is still primary source for
configuration info
Active Manager is primary source for
changeable state information (such as
active and mounted)
Replication service monitors health of all
mounted databases, and monitors ESE for
IO errors or failure
14
Continuous replication has the following
basic steps:
Database copy seeding of target
Log copying from source to target
Log inspection at target
Log replay into database copy
15
Log shipping in Exchange Server 2010 (Beta) leverages
TCP sockets
Supports encryption and compression
Administrator can set TCP port to be used
Replication service on target notifies the active instance
the next log file it expects
Based on last log file which it inspected
Replication service on source responds by sending the
required log file(s)
Copied log files are placed in the target’s Inspector
directory
32 Microsoft NDA Only
16
Log replay has moved to Information Store
The following validation tests are performed prior to log
replay:
Recalculate the required log generations by inspecting the
database header
Determine the highest generation that is present in the log
directory to ensure that a log file exists
Compare the highest log generation that is present in the directory
to the highest log file that is required
Make sure the logs form the correct sequence
Query the checkpoint file, if one exists
Replay the log file using a special recovery mode (undo
phase is skipped)
34 Microsoft NDA Only
In the event of failure, the following steps will occur for the
failed database:
Active Manager will determine the best copy to activate
The Replication service on the target server will attempt to copy
missing log files from the best ―source‖ - ACLL
If successful, then the database will mount with zero data loss
If unsuccessful (lossy failure), then the database will mount based on the
AutoDatabaseMountDial setting
The mounted database will generate new log files (using the same
log generation sequence)
Transport Dumpster requests will be initiated for the mounted
database to recover lost messages
When original server or database recovers, it will run through
divergence detection and perform an incremental reseed or
35
require a full reseed Microsoft NDA Only
17
Active Manager selects the ―best‖ copy to activate when the active fails
Ignores servers that are unreachable or activation is temporarily or
regularly blocked
Sorts copies by currency to minimize data loss
Breaks ties during sort based on Activation Preference
Selects from sorted list based on copy status of each copy—if the criteria
does not identify a copy that can be activated, then the next set of criteria
is tried:
18
Streaming backup APIs for public use have been cut, must use Volume
Shadow Copy Service (VSS) for backups
Backup from any copy of the database/logs
Always choose Passive (or Active) copy
Backup an entire server
Designate a dedicated backup server for a given database
Restore from any of these backups scenarios
Database Availability Group
X
39 Microsoft NDA Only
19
Exchange Server 2010 (Beta)
High Availability Design Examples
File
File Share File
Share Share
File File
Share Share
20
2 servers out -> manual
Single
activation Site 3
of server
3 Nodes
In 3 server DAG, quorum is lost
3 HA Copies
DAGs with more servers sustain
JBOD
more -> 3–physical
failures Copies
greater resiliency
Mailbox Mailbox Mailbox
X
Server 1 Server 2 Server 3
X
Database Availability Group (DAG)
42 Microsoft NDA Only
21
Exchange Server 2010 (Beta)
Site Resilience
Within a datacenter
Database *over
Server *over
Between datacenters
Single database *over
Server *over
Datacenter failover (which is really a
switchover)
22
Database mounted in another datacenter and
another Active Directory site
Serviced by ―new‖ Hub Transport servers
―Different OwningServer‖ – for routing
Transport dumpster re-delivery now from both Active
Directory sites
Serviced by ―new‖ CAS
―Different CAS URL‖ – for protocol access
Outlook Web Access (OWA) now re-directs
connection to second CAS farm
Other protocols proxy or redirect (varies)
HUB
GC
MbxSvr1 MbxSvr2
DAG
47 Site: Redmond Microsoft NDA Only Site: Dublin
23
Customers can evolve to site resilience
Standalone local redundancy site
resilience
Consider name space design at first
deployment
Keep extending the DAG!
Monitoring and many other concepts/skills just
re-applied
Normal administration remains unchanged
No ―special‖ network requirements
No single subnet requirements
Disaster recovery not HA event
48 Microsoft NDA Only
24
If DAC is not enabled, the DAG will not
restart and mount databases until a majority
of servers are restored
If DAC is enabled, the ―Mommy May I
Protocol‖ is used to coordinate with Active
Managers in DAG to determine state and
recoverability
There are several requirements that must
be satisfied to prevent split brain between
datacenters after datacenter failover
50 Microsoft NDA Only
Failure Scenario:
Recovering PrimaryData
DataCenter
Database
Server Failure
Failure
Failure
Center
1. Primary
MBX-A-1
Verify data
DB1center
fails
primary fails is capable of hosting service
fails center
data
2. Adjust DNSfailover
Automatic
Add primary records tofor SMTP
MBX-A-2
data center serversand HTTPS
back access
to DAG: and adjust CAS configurationDAG1
Start-DatabaseAvailabilityGroup –ActiveDirectorySite Baltimore
(if necessary)
3. Run Stop-DatabaseAvailabilityGroup
MBX-A-1
ReconfigureDB1
is fixed
is fixed
DAG and
to use DAG1 –ActiveDirectorySite
File Share Witness Baltimore
in primary data center: –ConfigurationOnly (in both
Set-DatabaseAvailabilityGroup DAG1 –FileShareWitnessShare
data
centers)
becomes a copy
\\ht-a\fsw
4. Restore-DatabaseAvailabilityGroup
Reseed data or allow replication to occur –ActiveDirectorySite
DAG1and ―Bel Air‖data
update copies in primary –AlternateFileShareWitnessShare
center \\ht-
5. b\fsw
Schedule downtime for the mailbox databases and dismount them
Legend Active Database
5.
6. Databases
Change MXmount
records(noand
activation block scenario)
HTTP access back to primary data center
7. Move databases back to primary data center: Move-ActiveMailboxDatabase DB1 –ActivateOnServer MBX-A-1 Database Copy
8. Mount databases in primary data center Unhealthy? Database
Contoso.com (MX Record)
Autodiscover.contoso.com
Mail.contoso.com
Load Balance Array
Records
Edge-A Proxy-A Proxy-B Edge-B
2.1.x.x Perimeter Network 2.2.x.x Perimeter Network
25
With each release, our goals are to
make Exchange high availability:
Easier and cheaper to deploy
Easier and cheaper to manage
Support better SLAs with faster and
more granular recoveries
Improve site resiliency support
Our other goal is for highly available
deployments to be mainstream!
52 Microsoft NDA Only
26
54 Microsoft Confidential
Non-Lagged Copies
Has the log file been backed up
(assuming no circular logging)?
Is the log file below my checkpoint?
Yes Truncate
Does the other non-lagged copies agree
with deletion?
Has the log file been inspected by all
lagged copies?
Lagged Copies
Is the log file below my checkpoint?
Is the log file older than ReplayLagTime + Yes Truncate
TruncationLagTime?
Is the log file deleted on the source?
27
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
28
Exchange Server 2010 (Beta) Ignite
Module Number 12
Microsoft© Corporation
2 Microsoft Confidential
1
IT organizations need to…
Maximize efficiency
Reduce cost
The annual cost of helpdesk support staff for e-mail
systems with 7,500 mailboxes is approximately
$20/mailbox. This cost goes up the smaller the
organization.
(―Email Support Staff Requirements and Costs: A Survey of 136 Organizations‖,
Ferris Research, June 2008).
3 Microsoft Confidential
4 Microsoft Confidential
2
Exchange Server 2007 has only 3 big roles to modify only
organization, recipient and server data
Cannot create new roles hence too much functionality for decentralized IT
environments—Unified Messaging, e-mail life cycle administrators need
permissions to manage their functions without being granted full organization
administration functionality
Organization scope is too broad
Too much permission required in order to delegate some operations (e.g. Move-
Mailbox, Export-Mailbox)
Permissions focused on Active Directory (AD) objects
Objects don‘t always map 1:1 with tasks
Unified Messaging administrators wants to manage Unified Messaging recipient
data without being granted full write rights to all properties on the mailbox AD
object
Granting and delegation Exchange permissions is complex
Customize access control lists (ACLs) manually which is complex, error prone, and
danger of ACL bloat
Permissions-based troubleshooting and related product support services (PSS)
calls are really expensive
No easy way to report who has permission or audit what was done
5 Microsoft Confidential
MMC
Powershell
Cmdlets (Business logic)
Process /
Machine IIS
Boundary Metabase
Local
Store Machine
AD
6 Microsoft Confidential
3
Enabling Exchange management capability to match business needs
Set many more out of the box roles matching typical business needs (e.g. UM
admin, records management administration)
Ability to create custom roles
Enable self-service management for IW (e.g. self service role)
Map authorization grants to operations, not AD objects
Define authorization grants as the actions a given user can perform over a set of
resources
Define scopes which determine the set of objects that can be accessed by the
granted operations
Remove direct rights on underlying storage
Help deliver a first class management experience for Enterprise and
Exchange Labs
Reduce administration burden by supporting easy management, reporting and
delegation of permissions
Audit the execution of business operations
Consistent, secure authorization model for Exchange management clients (ECP,
EMC)
7 Microsoft Confidential
8 Microsoft Confidential
4
EMS
MMC
WinForms
EMC Data Layer
Powershell Remote Powershell Runspace
Cmdlets (Business logic)
Process /
Machine IIS Local
Boundary Store Metabase Machine
AD
9 Microsoft Confidential
10 Microsoft Confidential
5
Role based Access Control (RBAC) has
replaced the permissions model used in
Exchange Server 2007
Able to define precise or broad roles and
assignments based on the tasks that need
to be performed
Includes self administration
11 Microsoft Confidential
Management role
Set A container for a grouping of management role entries
Management role entries
A cmdlet, including its parameters, that is added to a management
role
Management role scope
Scope of influence or impact
Management role assignment
The assignment of a management role to a user or universal
security group
12 Microsoft Confidential
6
Role
(What)
Role
Assignment
User or
Scope
USG
(Where)
(Who)
13 Microsoft Confidential
7
Example: A combination of the management
role that they are associated with, and the
name of the cmdlet
i.e. management role\cmdlet
e.g. OrganizationManagement\Set-Mailbox
e.g. DiscoveryManagement\Search-Mailbox
Role entries can only be removed from a
role
15 Microsoft Confidential
16 Microsoft Confidential
8
Apply a management role and the management
role scope, if specified, to a user or universal
security group
When an assignment is created, the user or group
specified gains access to the cmdlets and
parameters made available by the associated
management role
Role assignments are additive
Role A + role B = all role entries from both roles A and
B
Assignments without scopes use the implicit
scope of the role type of the role
17 Microsoft Confidential
18 Microsoft Confidential
9
New-ManagementRole -Name ―eDiscovery-
Sales‖ –Parent DiscoveryManagement
New-ManagementScope –Name ―Sales
Mailboxes‖ –DomainRestrictionFilter
―(RecipientType –eq ‗UserMailbox‘)‖ –
DomainRoot
―OU=Sales,DC=nwtraders,DC=Com‖
New-ManagementRoleAssignment –Name
―RA-Sales eDiscovery Administrators‖ –User
―USG-Sales eDiscovery Admins‖ -Role
―eDiscovery-Sales‖ –DomainScopeRestriction
―Sales Mailboxes‖
19 Microsoft Confidential
LAP1 WSMan +
PS Client RBAC stack:
Authorization
Active Directory
IIS:
Cmdlets Available in Runspace: Authentication
New-PSSession
SRV1
Remote Cmdlets Available in Runspace:
New-Mailbox -Name
Get-Mailbox Cmdlets Available in Runspace:
Set-Mailbox -Name New-Mailbox -Name
Get-Mailbox
Set-Mailbox -Name
20 Microsoft Confidential
10
A browser based management client for end
users, administrators, and specialists
Accessible directly via URL, Outlook Web
Access (OWA) and Outlook 14
Deployed as a part of the Client Access
Server (CAS) role
Simplified user experience to common
management tasks
Role-Based Access Control (RBAC) aware
21 Microsoft Confidential
UI Scope
Control
Secondary
Navigation
Slab
Primary
Navigation
22 Microsoft Confidential
11
23 Microsoft Confidential
24 Microsoft Confidential
12
25 Microsoft Confidential
26 Microsoft Confidential
13
Specialists
Administrators can delegate to specialists (e.g.
Help Desk Operators, Department
Administrator, and eDiscovery Administrators)
End users
Comprehensive self service tools for end users
OWA options plus
Hosted customers
Tenant administrators
27 Microsoft Confidential
ASP.NET application
Full browser support for Internet Explorer
(IE) 7+, Safari 3+, and Firefox
Authentication
Currently supports Integrated Windows and
basic authentication
ECP is an IIS virtual directory on the Client
Access Server role
28 Microsoft Confidential
14
The ECP IIS virtual directory is automatically created when
installing the Client Access Server role
ECP settings are stored in Active Directory and the IIS
metabase
The ECP is managed using Exchange cmdlets
ECP cmdlets
New-ECPVirtualDirectory
Set-ECPVirtualDirectory
Get-ECPVirtualDirectory
Remove-ECPVirtualDirectory
Test-ECPConnectivity
29 Microsoft Confidential
15
Exchange partners provide infrastructure to
transport cmdlet operations and data from
the (smart) client-side runspace to the
server-side runspace and back
WSMan – remoting transport and
authorization-hooks
PowerShell V2 ―Fan-in‖ remoting – allows high-
scale client-connectivity to a server/datacenter
environment
Exchange RBAC serves as the
authorization provider for PowerShell
Remoting
31 Microsoft Confidential
32 Microsoft Confidential
16
33 Microsoft Confidential
$UserCredential = Get-Credential
$rs = New-PSSession -ConfigurationName
Microsoft.Exchange -ConnectionUri
https://<Exchange 2010 computer
name>/powershell –Credential
$UserCredential
Import-PSSession $RS
34 Microsoft Confidential
17
Role Based Access Control
RBAC has replaced the permission model used in Exchange
Server 2007
Enables the definition of extremely broad or extremely precise
roles and assignments, based on the actual roles administrators
perform
Exchange Control Panel
Provides a new way to administer a subsets of Exchange
features
Provides a great self provisioning portal
Remote Powershell
Uses familiar Exchange cmdlets
Allows administration without the Exchange management tools
Provides a firewall friendly management access
35 Microsoft Confidential
36 Microsoft Confidential
18
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
19
Exchange Server 2010 (Beta) Airlift
Module Number 13
Microsoft© Corporation
2 Microsoft Confidential
1
Exchange 2007 Issues Exchange Server 2010 (Beta)
Client access role is not a middle-tier •All end-user clients now connect through the Client
•Messaging Application Programming Interface Access server for mailbox data and for directory
(MAPI) and Web Distributed Authoring and information
Versioning (WebDAV) clients connect directly to the •Client WebDAV communication mechanism has been
store deprecated
•Multiple different code paths stored in different
processes depending on connecting client
Scale issues •Scale issue between Mailbox and CAS roles for Outlook
•Windows TCP outbound port scalability issues Anywhere disappear due to the use of the RPC Client
(65,535) per server in Windows Server 2003 and per Access service
IP address in Windows Server 2008 (affects Outlook •DSProxy interface has been replaced with an NSPI
Anywhere) interface that is part of the RPC Client Access service
•DSProxy only supports 60,000 outbound TCP ports •Store supports 250,000 RPC context handles
per sever
•Store only supports 60,000 RPC context handles
per server
No easy solution for external data sharing Federation allows for sharing of free/busy data, provides
calendar access between Exchange organizations
3 Microsoft Confidential
Entourage
Exchange Components Exchange Components
Transport
WS
Transport WS Agents
OWA Agents
Mailbox
OWA
Mailbox
Agents UM Agents UM
Sync Outlook / Sync
MAPI clients
Middle
MAPI clients
Tier
NSPI
MAPI.Net
Tier
Core Objects
Entourage
MAPI.Net
MAPI RPC DAV
DSPROXY
Mailbox
Mailbox
MAPI RPC
Store
Store
4 Microsoft Confidential
2
Exchange Server 2010 (Beta) CAS required in every AD site where
Exchange Server 2010 (Beta) MBX is deployed
Load balancing
If planning on deploying more than 8 CAS servers in a load
balanced array, consider deploying hardware load balancing
solution
For Office Communications Server (OCS) integration with OWA, you
must deploy OCS 2007 R2
Since CAS role is now a true middle-tier solution, CAS servers will
require beefier hardware.
CAS to Mailbox processor core ratio changes drastically as a result of
RPCCA (Beta1: 3:4)
OWA 2010 will not support Public Folder (PF) access to folder stored
only on MBX 2007 or MBX 2003 servers
5 Microsoft Confidential
3
Single-copy cluster Cluster Continuous Exchange Server 2010 High
Replication Availability
Copies of data 1 2 2 to 16
Other advantages
Step up to automatic failover without rebuilding the mailbox server
Incrementally add replicated copies to meet business needs
No subnet or special DNS requirements
7 Microsoft Confidential
Outlook Clients
Outlook Clients
Failover:
Client
disconnected for
0-TTL minutes
Exchange CAS NLB
Failover:
Connected client
disconnected for
Exchange 2007 30 seconds
Exchange Server 2010 (Beta)
(POR)
8
Microsoft Confidential
4
Leverage the incremental deployment capabilities of
Exchange Server 2010 (Beta)
You do not need to deploy site resilience out of the box!
Deploy larger database availability groups (DAGs) over
smaller DAGs
Distribute database copies across nodes in a matrix
Improved database seed/log shipping performance across
the wide area network (WAN)
Seed compression/encryption (optional)
Log shipping compression/encryption (optional)
Log shipping is now Transport Control Protocol (TCP) socket
based
Use multiple 1 GB networks or 10 GB network to improve
local area network (LAN) re-seed/log replication queue
9 drain performance Microsoft Confidential
10,000 mailboxes
heavy Profile: 120
messages/day
8 Cores 8 Cores 8 Cores .11 IOPS/mailbox
32 GB RAM 32 GB RAM 32 GB RAM
2 GB mailbox size
Mbx Server 1 Mbx Server 2 Mbx Server 3
DB1 DB2 DB3 DB4 DB5 DB6 DB1 DB2 DB3 DB4 DB5 DB6 DB1 DB2 DB3 DB4 DB5 DB6 3,333 active
mailboxes/server
DB7 DB8 DB9 DB10 DB11 DB12 DB7 DB8 DB9 DB10 DB11 DB12 DB7 DB8 DB9 DB10 DB11 DB12
D DD 3 nodes, 3 copies
B DB13 BB DB13
DB13 DB14 DB15 DB16 DB17 DB18
1
DB14 DB15 DB16 DB17 DB18
11
DB14 DB15 DB16 DB17 DB18
= secondary failure
DB19 DB20 DB21 DB22 DB23 DB24 D DB19 DB20 DB21 DB22 DB23 DB24 DD DB19 DB20 DB21 DB22 DB23 DB24
resiliency
B BB
DB25 DB26 DB27 DB28 DB29 DB30 1 DB25 DB26 DB27 DB28 DB29 DB30 11 DB25 DB26 DB27 DB28 DB29 DB30 1TB 7.2k disks
(SAS/SATA)
JBOD: 30
Database Availability Group (DAG) disks/node
online spares
Active copy Passive copy Spare Disk battery backed
caching array
10 Legend
Microsoft Confidential controller
5
Upgrade
Single server 1
Site
Server
4 Nodes 2 fails
Server
3 1 upgrade is done
HA Copies
2 active->copies
JBOD die Copies
3 physical
XX
Mailbox
Server 1 Server 2 Server 3 Server 4
12 Microsoft Confidential
6
Streaming backup support has been removed
Deploy direct-attached storage (DAS) solutions, as they are
more cost effective with large mailboxes and continuous
replication
Leverage the Storage Cost Calculator
Deploy Database Availability Groups (DAGs) and use
replication to achieve high availability
If deploying 3 or more database copies, consider RAID-less storage design
and combining logs and database on same spindles
Ensure unique database names across the organization
Large mailbox support (10 GB+)
Deploy active mailbox to support 1-2 years worth of data
Deploy archive mailboxes to allow end users to retain long-term needed
data
Deploy Office 2007 Service Pack 2 (SP2) or later
13 Microsoft Confidential
14 Microsoft Confidential
7
Exchange Server 2010 (Beta) Mailbox servers can only communicate
with Exchange Server 2010 (Beta) Hub Transport servers
Exchange Server 2010 (Beta) Hub Transport servers can
communicate with Exchange Server 2007 Hub Transport servers
Must deploy an Exchange Server 2010 (Beta) Hub Transport server
in every site where you deploy Exchange Server 2010 (Beta) Mailbox
server
Since transport is stateless, there is no need to include RAID in your
storage designs
Currently only Exchange Server 2010 (Beta) Hub Transport servers
can communicate in an Edge synchronization process with Exchange
Server 2010 (Beta) Edge Transport servers
Information Rights Management (IRM) usage with transport requires
Rights Management Server deployed on Windows Server 2008
15 Microsoft Confidential
16 Microsoft Confidential
8
Schema changes!
No hard requirement for Windows Server®
2008 Active Directory® (AD)
At minimum, one Windows 2003 Service
Pack 2 (SP2) global catalog in each site
Exchange Server 2010 (Beta) domain-joined
server roles will be installed
The AD must be at least in Windows Server
2003 forest functionality mode
No support for read-only domain controller
(RODC)/read-only global catalog (ROGC)
17 Microsoft Confidential
18 Microsoft Confidential
9
Co-existence with Exchange Server 2007 in
the same organization
Multiple forests (resource forest model),
multiple AD sites
Single forest, multiple AD sites
Single AD site
19 Microsoft Confidential
Hard blocked
Exchange Server 2010 (Beta) coexistence with
Exchange 2000 Server and earlier
Exchange Server 2010 (Beta) coexistence with
Exchange Server 2003 prior to SP2
Exchange Server 2010 coexistence with
Exchange Server 2007 prior to SP2
Adding older versions of Exchange to an
Exchange Server 2010 (Beta)-created
organization
20 Microsoft Confidential
10
There is no support for in-place server
upgrades
Microsoft is investing in online mailbox moves
Exchange Server 2007 and 2010 (Beta)
Exchange Management Console (EMC) can
now run on the same machine side by side
(Administrator only)
Exchange objects are only managed via the
EMC management console that have the same
version (e.g. 2007 objects are managed by
2007 console)
21 Microsoft Confidential
CAS-CAS
proxy
Internet
11
CAS2010/UM2010/HUB2010 will redirect and proxy clients to CAS2007,
FE2003, MBX2003, UM2007, HUB2007 for access to Exchange Server
2003/2007 mailboxes
Server installation order
Client Access Server
Hub Transport
Unified Messaging (if applicable)
Mailbox
Set subheads in ―sentence case‖
Generally set subhead to 36pt or smaller so it will fit
First Exchange Server 2010 (Beta) server must be a CAS server
Order of removing/decommissioning Exchange Server 2007 servers in a site
Mailbox
Unified Messaging (if applicable)
Hub Transport
Client Access Server
23 Microsoft Confidential
Supported scenarios
Scenario Internet Facing Site Non-Internet Facing Site
1 2010 2010 and/or 2007
2 2010 2007 and 2003
3 2007+ 2010 2007 and/or 2003
4 2007 + 2010 2007 and/or 2010
5 2003 + 2010 2010 and/or 2003
6 2003 + 2007 + 2010 2010 and/or 2007 and/or 2003
Unsupported scenarios
Scenario Internet Facing Site Non-Internet Facing Site
7 2007 2007 + 2010
8 2007 2010
9 2010 2003
24 Microsoft Confidential
12
Install Exchange Server 2010 (Beta)
Install certificate on Exchange Server 2010 (Beta) CAS
Create certificate signing request (CSR), obtain certificate(s)
Publish Outlook Web Access (OWA) via Exchange Server 2010
(Beta) CAS
Configure external URL
Configure Outlook Anywhere on Exchange Server 2010 CAS
Configure DNS
Replace the certificate on Exchange Server 2003 front-
end
25 Microsoft Confidential
Internet
Autodiscover Internet Clients
AutoDiscover end (Outlook, WM6.1+, EWS clients like Entourage)
point is moved to
CAS2010 first in CAS 2007 CAS 2010
migration SP2
AutoD AutoD
Exchange Server
2010 (Beta) Outlook finds
AutoD using
Autodiscover AD Site SCPs For users
w/ MBX2010:
supports lookups AutoD2007 redirects
to AutoD2010
for MBX2007 and
MBX2010 Autodiscover
Intranet clients
26 Microsoft Confidential
13
Outlook
Internal Outlook clients Internet Anywhere
connect via MAPI
Intranet
Mailboxes on
MBX2010 will
connect to CAS via
RPCCA
CAS
Outlook Anywhere 2010
clients connect to the
CAS2010 server via
Outlook on
RPC/HTTPS intranet
Traffic is sent proxy
to MBX2003,
MBX2007, or
MBX2010 MBX MBX
2007 2010
MBX
2003
27 Microsoft Confidential
―XSO ―XSO
MAPI‖ MAPI‖ Proxy + PF/MBX
Integration logic
MBX 2003
MBX 2007
MBX 2007 (Public Folders) MBX 2003
(Public Folder) MBX 2010 MBX 2010
(Public Folders)
28 Microsoft Confidential
14
In Exchange Server 2007 WM5/6 WM6.1+
and Exchange Server
2010 (Beta),
EAS/POP/IMAP are POP/IMAP
parsed on CAS clients
30 Microsoft Confidential
15
CAS 2007 SP2 CAS 2010
―XSO ―XSO
MAPI‖ MAPI‖
31
Microsoft Confidential
Outlook 2007
Windows Mobile 5
Full Resync Required
Windows Mobile 6
Full Resync Required
POP
IMAP
EWS
32 Microsoft Confidential
New Entourage Version Required
16
Hub Transport Transition
Deploy Exchange Server 2010 (Beta) Hub(s)—at this point, you
need to have sufficient Exchange Server 2010 (Beta) Hub servers
to handle Exchange Server 2010 (Beta) mailboxes and Exchange
Server 2007 Hub servers to handle Exchange Server 2007
mailboxes. As you migrate more mailboxes to Exchange Server
2010 (Beta), you can decrease the number of Exchange Server
2007 Hub servers and increase the number of Exchange Server
2010 (Beta) Hubs.
Deploy Exchange Server 2010 (Beta) Edge and establish
Exchange Server 2010 (Beta) Edge Subscription.
Remove Exchange Server 2007 Edge and Exchange Server 2007
Edge subscriptions.
Finally, remove Exchange Server 2007 Hubs when no Exchange
Server 2007 mailboxes are present.
33 Microsoft Confidential
17
Edge 2007 SP2 can proxy to Hub 2010
Edge servers can be upgraded to
Exchange Server 2010 (Beta) last
Perimeter MBX 2003
network
SMTP
―XSO MAPI‖
35 Microsoft Confidential
AD-Site
1. Deploy Exchange Server 2007
E2007 Edge-Sync
SP2 on all Servers (including
E2007
E2007
SP2
Edge)
E2007 SP2 E2007 SP2 Mailbox
E2007 Edge
Edge
E2007 HUB
HUB 2. Introduce Exchange Server
E2007 SP2
E2007 Edge
E2007 SP2
E2007 HUB E2007
E2007
SP2 2010 (Beta) Hub Servers
Edge HUB Mailbox
Routing
Routing Version
SMTP
Version
boundary boundary
Exchange Server 2010 (Beta)
E2010 HUB
Hub cannot EdgeSync to
E2010 HUB Exchange Server 2007 SP2
Edge)
36 Microsoft Confidential
18
Routing is dependent on the AD site
boundary and server versions
Every AD-Site with a mailbox will always
require a hub of the same version for mail
delivery to that mailbox
Cannot be changed (e.g. specify Hub
Server in SubmissionServerOverrideList)
37 Microsoft Confidential
AD-Site
E2007 Edge-Sync
3. Deploy Exchange Server
E2007 SP2 2010 (Beta) Mailbox Role
E2007 SP2 E2007 SP2 Mailbox
Edge HUB
E2007 SP2
Edge
E2007 SP2
HUB
E2007 SP2
Mailbox
4. Deploy Exchange Server
2010 (Beta) Edge Role
SMTP
Routing Version
boundary
E2010 Edge-Sync
19
Exchange Server 2007 Edge can maintain Sync for Exchange
Server 2010 (Beta) Edge
R4 Upgrade Story In R4, we will be doing work to simplify the
upgrade process—these include:
Exchange Server 2007 SP2 ADAM schema will be compatible with the
Exchange Server 2010 (Beta) schema—this will enable Exchange
Server 2010 (Beta) Hubs to subscribe to Exchange Server 2007 SP2
Edge servers
Simplify the credential bootstrap process so that adding new Exchange
Server 2010 (Beta) Hub servers do not require re-subscribing to the
Edge servers
We will support deltasync to the Edges which is much more efficient
than syncing the entire AD every 4 hours
39 Microsoft Confidential
AD-Site
E2007 Edge-Sync
6. Remove Exchange Server
E2007 SP2
Mailbox
2007 Edge Role and
E2007 SP2 E2007 SP2
Edge HUB Subscription
E2007 SP2 E2007 SP2 E2007 SP2
Edge HUB Mailbox
7. Remove Exchange Server
2007 Mailbox Role
SMTP
Routing Version
boundary
E2010 Edge-Sync
40 Microsoft Confidential
20
Source mailbox can be used by users as normal during ―online‖ moves
Online mailbox move is only available for Exchange Server 2007 and
above
No OST resync after mailbox move
MAPI RPC used for all moves
On
lin e
Exchange 2007
line
Off Exchange 2010 CAS with Exchange 2010
―Mailbox Replication Service‖ Mailbox Server
Exchange 2003
41 Microsoft Confidential
42 Microsoft Confidential
21
Co-existence support between mailbox server 2010
and mailbox server 2003/2007
Co-existence with mailbox server 2000 is not supported
Outlook can read mailbox from one Exchange version
(e.g. 2010) and public folder from another (e.g.
2003/2007)
OWA 2010 only gives access to public folders with
replica in mailbox server 2010
Error message when accessing public folder with replica
only on Exchange 2003/2007
This is different from OWA 2007, which had a redirection
behavior, opening up OWA 2000/2003 for public folders on
older mailbox servers in separate browser windows
Get-PublicFolderStatistics now captures last user
access
43 Microsoft Confidential
44 Microsoft Confidential
22
Start planning Windows Server 2008 as their base
OS
Move to Windows Server 2003 Forest Functional
Mode
Upgrade AD servers to Windows Server 2003 SP2
or later
Remove Exchange 2000 Server
Exchange Server 2010 (Beta) only supports
coexistence within a forest with Exchange Server 2003
SP2 and Exchange Server 2007 SP2
For large mailbox and cached mode I/O improvements,
deploy Office 2007 SP2
45 Microsoft Confidential
23
Do not deploy an Exchange UM Fax solution, rely on
third party solutions
Plan for the upgrade or replacement of mobile devices
that are lower than Windows Mobile 5.0
Plan for the upgrade of Outlook clients that are lower
than Outlook 2003
Deploy a CAS certificate solution that covers:
Exchange Fax that will be deprecated in Exchange
Server 2010 (Beta)
OWA/EAS namespace (e.g. mail.foo.com)
Autodiscover namespace
Legacy namespace (e.g. legacy.foo.com)
47 Microsoft Confidential
48 Microsoft Confidential
24
49 Microsoft Confidential
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
25
Exchange Server 2010 (Beta) Ignite
Module Number 14
Microsoft© Corporation
2 Microsoft Confidential
1
(others being
added)
3 Microsoft Confidential
Exchange
Exchange
Exchange
Exchange
2
Protection and Anywhere Flexible and
Compliance Access Reliable
• E-mail Archiving • Manage Inbox Overload • Continuous Availability
• Protect Communications • Enhance Voice Mail • Simplify Administration
• Advanced Security • Collaborate Effectively • Deployment Flexibility
Co-Existence
3
Features from Exchange Server 2007
Transport Rules Managed Folders Voice Mail and Unified Messaging
UM Exchange Online
hosts mailboxes
PSTN Internet and UM servers
CAS
4
Microsoft Services Connector
Single identity, single sign-on
Directory Sync Tool
User provisioning and unified GAL Microsoft
Federation Gateway
Federated sharing
Fabrikam
Single sign-on Microsoft
Services
Contoso
Connector
Employee
Active Exchange
Directory Exchange
5
Exchange Online user
Process is the same as setting up On-premises and online users can see
free/busy sharing with business partners each other’s free busy calendar data
No client configuration needed Maintains consistent user experience
during migration and coexistence
11 Microsoft Confidential
Microsoft
Federation
Invisible to end users Gateway
Sending side encrypts and routes to
a Federated Delivery address
Exchange
Receiving side validates, decrypts, Contoso Online
and reroutes to final recipients fed-del@service.contoso.com
6
Today
Single sign-on via Online “2010”
stored password Single sign-on via
federation
Connector or ADFS
Microsoft Services
User benefits
Same identity on-premises and in the cloud
Active
No need to manage separate passwords
Directory
Used across multiple Online Services
Administrator benefits
No sign-on application to manage across desktops
Passwords not synchronized to the cloud
Retain security control over user accounts
No changes to enterprise deployment of AD
13 Microsoft Confidential
14 Microsoft Confidential
7
Move mailboxes to
cloud with Exchange
Management Console
Migrate mailboxes
with built-in wizards
View migration status
and statistics
15 Microsoft Confidential
On-premises
E2K3
Mailbox Migration
E2K7
E14 CAS
8
Exchange Control Panel
Perform or delegate common admin
tasks via a Web-based GUI
Remote PowerShell
Manage the hosted Exchange
environment via command line
17 Microsoft Confidential
9
Manage on-premises
and online Exchange
forests in the same
console
Manage recipients in
the cloud
Configure properties of
online Exchange forest
Move mailboxes to the
cloud
19 Microsoft Confidential
20 Microsoft Confidential
10
Q1 Q2 Q3 Q4 Q1 Q2 Q3
22 Microsoft Confidential
11
23 Microsoft Confidential
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
12