Exchange Server 2010 (Beta) - Student Manual

Exchange Server 2010 (Beta) Ignite
Module Number 01
Microsoft© Corporation
Flexible and Anywhere Protection and

Reliable Access Compliance
Deployment Flexibility Manage Inbox E-mail Archiving

Continuous Availability Overload Protect
Simplify Enhance Voice Mail Communications
Administration Collaboration Advanced Security
Effectively
Optimize for
Software + Services
2 Microsoft Confidential
1
Flexible and Reliable
Provide the flexibility needed to operate a scalable, high
performing, and easy to administer messaging infrastructure
Delivered in Exchange Server 2007

Improved installation and deployment experience
High Availability through Continuous Replication
Simplified management console and command line shell
Building on these Investments in Exchange Server 2010 (Beta)

Choice of solution delivery with addition of hosted service
Single platform for High Availability and Disaster Recovery
Role-based administration and user self-service
Deploy Exchange in a Fashion That Best Fits

Business Needs with Choice of Delivery
On-Premises Hosted Service
Co-Existence
2
Greater Range of Storage Options Through
Performance Enhancements
Storage Area Direct Attached Direct Attached JBOD SATA

Network (SAN) w/ SAS Disks w/ SATA Disks (RAID-less)
70% reduction in IOPS E2K3

Smoother IO patterns E2K7
Resilience against corruption E2010
Read IOPS Write IOPS
Simplified Mailbox High Availability and

Disaster Recovery with New Unified Platform
San Jose New York
Mailbox Mailbox Mailbox

Server Server Server
DB1 DB1 DB1 Replicate databases
Recover quickly DB2 DB2 DB2 to remote datacenter
from disk and DB3 DB3 DB3
database failures DB4 DB4 DB4
DB5 DB5 DB5
Evolution of Continuous Replication technology

Easier than traditional clustering to deploy and manage
Allows each database to have 16 replicated copies
Provides full redundancy of Exchange roles on as few as two servers
Capabilities of CCR and SCR combined into one platform
3
Limit User Disruption During Mailbox Moves
and Maintenance
E-Mail Client
Users remain online while their

mailboxes are moved between
servers
 Sending messages
 Receiving messages
Client Access Server
 Accessing entire mailbox
Administrators can perform
migration and maintenance
during regular hours
Mailbox Server 1 Mailbox Server 2
Guard Against Lost E-Mail Due to Hardware

Failures with Improved Transport Resiliency
Edge
Transport
X
Mailbox
Server
Hub
Transport
Edge
Transport
Servers keep “shadow copies” of items
until they are delivered to the next hop
Also helps simplify Hub and Edge Transport Server upgrades and maintenance
4
Empower Specialist Users to Perform Specific
Tasks with Role-based Administration
Compliance Officer Human Resources Help Desk Staff
Conduct Mailbox Update Employee

Manage Mailbox
Searches for Info in Company
Quotas
Legal Discovery Directory
Lower Support Costs Through New User Self-

Service Options
Track the status of

sent messages
Create and manage

distribution groups
5
Anywhere Access
Help manage communication overload by offering an easy to
navigate, universal inbox with advanced messaging features

Outlook experience on the web, phone, and mobile device
Single inbox for voice mail, e-mail, and more
Increased productivity with improved calendar experience

Easier Inbox navigation with updated conversation view
Enhanced voice mail with text preview
Share free/busy calendar details with external partners
Organize and Navigate with Ease Using

Enhanced Conversation View and Filtering
Conversation View
Filtering
Ignore
6
Help Reduce Unnecessary and Undeliverable
E-Mail Through New Sender MailTips
Remove Extra
Steps and E-Mail
Limit Accidental
E-Mail
Reduce Non-
Delivery Reports
Quickly Triage and Take Action on Messages

with Voice Mail Preview
Text Preview Audio Playback

of Voice Mail
Contextual Contact
Actions
7
Create Customized Voice Mail Menus with
Personal Auto Attendant
Managing Auto
Attendants Defining a Personalized
Voice Mail Menu
A Familiar and Rich Outlook Experience

Across Clients, Devices and Platforms
Desktop Web Mobile
8
Rich Mobile Messaging Experience with
‘Desktop Class’ Features and Functionality
Voice Mail
Preview
Auto-Complete
Cache
Conversation
View
One Location for E-Mail, Instant Messages,

Text Messages with a Universal Inbox
Voice Telephony
Instant Messaging
SMS Text Messaging
9
Ease Collaboration by Federating Calendar
Details with External Business Partners
19
Microsoft Confidential
Protection and Compliance

Achieve increased IT governance compliance with advanced tools
to protect communications and manage the infrastructure

On-premises and hosted protection from virus and spam
Compliance to corporate and government regulations
Mobile device security and management policies

E-mail archiving and more powerful retention policies
New Transport Rules for automated protection of e-mail
Powerful multi-mailbox search UI for eDiscovery
10
Better Manage Mail in a Central Archive While
Maintaining a Familiar User Experience
Drag and drop

PSTs directly
into the
archive….
…apply a
retention
policy….
…or set folders to

archive automatically…
Apply Granular Per Message and Per Folder

Policies as well as Legal Hold
Policy Drop
Down in Ribbon
Message expiration
time in view
11
Empower Compliance Officers to Conduct
Multi-Mailbox Searches with Ease
New User Friendly Search
Easily Refine and

Target Search
Safeguard Sensitive Information with Integrated

Information Leakage Protection Capabilities
Across the Across multiple Between partners

organization devices or PCs • One-click message
• Apply RMS automatically to • View and compose RMS encryption
messages per policies, messages in OWA • Send and receive RMS
content • Protect messages from messages
• Enable discovery of any mobile or desktop • Web-based reach client
archived messages that client for B2B and B2C
have been RMS-protected • Enable offline access to communications
• Protect sensitive voice mail RMS-protected messages
messages
12
Automatically Protect E-Mail with Centralized
Rights Management Rules
Automate RMS Policies
Based on Sender and
Recipient Attributes
Apply RMS polices

through Transport Rules
Stop Malicious Software and Spam from

Entering into the Messaging Environment
Hosted Service On-Premise Software
Internet SMTP
Hub Transport Server Mailbox Server Client Access Server
Antivirus and anti-spam protection for

Exchange Server 2010 (Beta) eServer Roles
Multiple scan engines throughout the corporate infrastructure

Tight integration with Exchange maximizes availability and performance
Easy-to-use management console provides central configuration and operation
13
• Increase operational flexibility
•
•
Streamline communications
Manage inbox overload
2009
• Deliver e-mail archiving solution
• Optimize for Software + Services
• Microsoft hosted enterprise messaging solution

• Centralized, Web-based configuration and admin
2008
• Financially backed service level agreements
SP1
• Public Folder access in Outlook Web Access
• Standby Continuous Replication (SCR)
2007
• Additional Exchange ActiveSync Policies
• Unified Messaging and more efficient collaboration

• Outlook experience from desktop to mobile
2006
• Performance and scalability optimization
Communication overload
Globally distributed customers and partners
High cost of communications
Increasing security and compliance
14
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
15
Module Number 02
Exercise 1, Steps 1 & 2, start the virtual

machines
1
Client – 1024
DC – 512
Exchange – 1536
OCS – 1024
Deployment scenarios
Deployment prerequisites
Role configuration
Edge Transport server role
Client Access server role
Hub Transport server role
Mailbox server role
Unified Messaging server role
Virtualization deployment guidelines
2
Small organizations
Exchange Online
Combined role servers – can run all roles on 2 servers (including
High Availability (HA))
Mid-market – multiple servers to run
Active Directory® (AD)
Dedicated Mailbox server role
Client Access server and Hub Transport server role – potentially
combine
Unified Messaging server role (optional, dedicated)**
Combined roles
Can install Hub, CAS and/or UM on a Mailbox server that is part of
Database Availability Group (DAG).
Cannot combine Edge Server role with other roles
UM combination only recommended in a single server deployment
Role combination is always a performance management exercise
Large and/or complex organizations

Consider dedicated server(s) for:
Mailbox server role
Unified Messaging server role (optional)
Edge Transport server role (must be dedicated)
Follow current best practices for Active
Directory infrastructure
3
In-place upgrades are not a valid scenario
You cannot add an Exchange Server 2010 (Beta) server to an existing
Exchange organization if it contains Exchange Server 5.5 or 2000
servers
You cannot add Exchange Server 2007 servers to a new Exchange
Server 2010 (Beta) organization
Exchange organization must be in native mode
You can transition an existing Exchange organization only if the
servers have the following versions installed:
Exchange Server 2003 Service Pack 2 (SP2)
Exchange Server 2007 SP2 on all CAS servers in the organization
Exchange Server 2007 SP2 on all Exchange Servers in any site
that will contain Exchange Server 2010 (Beta) servers
To deploy server roles, use this sequence:

Mailbox server role
Edge Transport server role (optional) on
separate server
Unified Messaging server role (optional)
4
Exchange Server 2007 features dropped from Exchange
Server 2010 (Beta)
Local Continuous Replication (LCR)
Fax services
Single copy clusters (SCC) and along with them:
Shared storage
Pre-installing a cluster
Clustered mailbox servers
Running setup in cluster mode
Moving a clustered mailbox server
Storage groups
Properties moved to database objects
Two copy limitations of cluster continuous replication (CCR)
Streaming backups
All client connections are routed through a Client Access

server installation
Outlook only talks to the CAS server for all workloads
Outlook Web Access (OWA)
Exchange Active Sync (EAS)
Outlook Anywhere
POP3 and IMAP4
MAPI/RPC now uses RPC Client Access (aka MOMT)
You must have at least one Client Access server role in
each site where Exchange Server 2010 (Beta) Mailbox
server(s) exist
Outlook no longer connects to the mailbox server role
CAS needs good network connection to Mailbox server
role to facilitate RPC communication
5
Capacity planning
More load on Exchange Server 2010 (Beta) Client Access server
(CAS) than on Exchange Server 2007 CAS server
Never deploy Client Access server in perimeter network
Authentication is performed by Client Access server (EAS,
OWA, Outlook Anywhere)
Client Migration
Outlook 2007 clients and higher automatically be reconfigured by
Autodiscover when the mailbox is moved from Exchange Server
2007 to Exchange Server 2010 (Beta)
Legacy clients will communicate with the RPC Client Access
component on the CAS 2010 to access the mailbox
Utilize ISA Server for web publishing where possible
All servers
Enter the Exchange product key
Run the Microsoft Best Practices analyzer
Install anti-virus software
Verify installation success
Event logs
6
Role configuration
Mailbox server role
Active Directory
Windows Server 2003 SP2 global catalog server is
installed in each Exchange AD site
Windows Server 2003 forest functional level
AD RAP is recommended
Exchange
Existing servers are Exchange Server 2003 SP2 or
later
Mixing versions is supported
Exchange Server Risk Assessment and Health Check
Program (EXRAP) is recommended prior to
introduction of Exchange Server 2010 (Beta)
7
Validate existing environment
DCDiag: basic domain diagnostics
NetDiag: domain controller network
diagnostics
REPLMon: replication monitor
NETDom: domain and trust diagnostics
ExBPA
Windows Update
Preparing Active Directory

/PrepareSchema
Requires Schema Administrator and Enterprise Administrator
rights
Must be done from a 64-bit server with prerequisites installed
Verify Replication
Organization name not required
/PrepareAD
Requires Enterprise Administrator
Exchange Organization Administrator rights if the enterprise
administrators have been explicitly denied access to the
Exchange configuration
Requires /OrganizationName
/PrepareDomain
Requires Domain Administrator rights
8
Install PowerShell
ServerManagerCmd -i PowerShell
Install remote Active Directory Management
tools
ServerManagerCmd -i RSAT-ADDS
PowerShell Version 2
http://go.microsoft.com/fwlink/?LinkID=104222
.NET Framework 3.5
Windows Remote Management 2.0
Restart the server
NOTE – If installing the mailbox HA features, you can pre-

install the Windows 2008 Failover Clustering component
(this allows the addition of a remote server to a DAG)
9
Installation requirements
Windows Server 2008 64-bit editions
Standard Edition
Enterprise Edition
Datacenter Edition
Windows Server 2008 prerequisites for
Exchange Sever 2010 (Beta)
ServerManagerCmd –ip Exchange-Typical.xml
Complete Exercise 1 by installing

Exchange Server 2010 (Beta)
10
Role configuration
Mailbox server role
Verify the installation

Secure the Client Access server messaging
environment
Use the Security Configuration Wizard
Ensure that a valid third-party commercial SSL certificate or
Windows PKI certificate is installed on the Client Access server
Configure Autodiscover
Configure OAB distribution point
Optional: Configure Availability service for other
Exchange organizations
Optional: enable Outlook Anywhere
Customize Exchange ActiveSync mailbox policies
11
Configure accepted domains
Create an accepted domain for each domain
for which you will accept email
Subscribe Edge Server
Configure Internet Mail Flow
Manual process if Edge is not configured
Configure external post master recipient
Configure cross-forest connectors
Must be installed on its own separate physical

machine (this is only applicable for Edge Transport
server and mailbox servers)
It cannot have other roles installed
The computer must NOT be member of the production
Active Directory forest
The computer can be a member of a perimeter
network Active Directory forest
Uses Active Directory Lightweight Directory Services
(ADLDS) to store configuration and recipient
information
Infrastructure placement - perimeter network
12
Verify successful role installation (setup logs, etc.)
Set Administrator Permissions (local)
Lock down the server via the Security Configuration
Wizard
Configure the agents that provide the antivirus and
anti-spam protection, message policy, and message
security features (all are enabled by default)
If installing additional Edge Transport servers, you can
execute a clone process to copy certain information
between Edge Transport servers
Enable Edge synchronization
Edge synchronization is needed to use the Recipient Lookup and Safe

Sender features
To enable Edge Synchronization you must:
Export the Edge Subscription file on the Edge Transport server
Copy the Edge Subscription file to the Hub Transport server
Import the Edge Subscription file on the Hub Transport server
Run EdgeSync and verify the synchronization completed
successfully.
You can also have the Internet Send Connector created automatically
as part of this process
Hub Transport server will provision certificates to secure Edge-Hub
connection
You will need to repeat this process for each Edge Transport server
that will receive Internet email
On an hourly schedule, the Hub Transport server role publishes
recipient data to Edge Transport server role securely
13
Verify successful installation of Mailbox server role
Configure permissions using the Exchange administrator roles
Create mailboxes for users in your organization as needed
Move mailboxes from an existing Exchange Server
Configure public folders (optional)
Configure Messaging Records Management
Configure continuous replication for data and service availability
Configure backups for disaster recovery
Configure Calendar Concierge features
Configure out-of-office features
Configure the spam confidence level (SCL) junk e-mail folder
threshold
You can create additional address books if you need them

either via Exchange Management Console or Exchange
Management Shell
New-OfflineAddressBook
The Offline Address Book (OAB) can be distributed in two
ways
Web service – for Outlook 2007 or later clients
Public Folders – for down-level clients
If you want to distribute the OAB via the web service, you
must configure the CAS server as an OAB Distribution Point
The OAB data is copied from the Mailbox server role to the
Offline Address Book distribution points by a new Exchange
Server 2010 (Beta) service, the File Distribution Service
(FDS)
14
Unified Messaging server must be a
member of a domain before the Unified
Messaging server role is installed for a new
Unified Messaging server object to be
created during the installation
Infrastructure placement: corporate network
Requires Mailbox and Hub Transport server
roles installed
Verify successful installation of the Unified Messaging

(UM) server role
Add a UM server that will be in a new Dial Plan
Create and configure a UM Dial Plan
Add a UM server to an existing UM Dial Plan
Enable users for Unified Messaging
Ensure IP/VoIP gateways or IP-PBXs are configured properly
Create and configure a UM IP Gateway
Create and configure UM mailbox policies
Optional: create and configure UM Hunt Groups
Optional: create and configure UM Auto Attendant
Add a UM server to an existing UM Dial Plan
Enable out-dialing
15
Role configuration
Mailbox server role
Windows Server 2008 Hyper-V Host

Third party virtualization validated in the
Windows Server Virtualization Validation
Program (SVVP)
Must meet all deployment guidelines for
non-virtualized systems
Storage Independent
DAS, iSCSI
Dedicated pass-through storage
16
No support stance (yet) with 2010 (Beta)
Exchange Server 2007 support stance
Hub Transport, Client Access Server, Mailbox
and Edge
Not Supported
Unified Messaging
Not Recommended
Mailbox Role
Must meet processor and disk requirements
May not make sense: Edge Server Role
Follow current Exchange deployment and planning

guidance
Determine where virtualization actually makes sense
(branch offices/decentralized environments)
More power-savings and cost savings possible when
Exchange storage moves from SAN to DAS
Separate LUN’s for Root OS, guest OS VHD’s, and Hyper-
V/VM storage
Eliminate single-points-of-failure
Proper host and guest performance testing
JetStress, LoadGen, Hyper-V Hypervisor Performance
Counters on host
17
Complete Lab 1
18
19
Module Number 03
Overview of product team testing and

guidance process
Guidelines and ratios
Role specific details
Toolkit for planning and sizing
1
Example hardware
Standard configurations
Vendor loaned ―specials‖
Topologies
PerfSimple/PerfBasic
Low load, all-in-one config
PerfComplex
Medium to high load with all roles on individual
machines
Tools
2
Strategic choice made by the product group
Product group focused on supporting large
mailboxes at low cost, goal to further
decrease input/output (I/O) to reduce Total
Cost of Ownership (TCO)
Scaling up increases risk that an outage or
failure affects more users
Scaling out provides an opportunity for high
availability at low cost
Testing limited to prioritized scenarios

Hardware selection limited
Time constrained
Third party products not considered
3
erinbook@microsoft.com
4
Single role servers
Beta: 12 cores maximum
No benefit from moving to 16 cores
Known issues updating memory across cores
Code takes longer to execute; transaction costs
rise
Processor cross-talk
High scale all-in-one server—currently under
investigation
Beta: 16 cores max
Multiple processes
Cross-talk less of an issue
cache
Core1 Core2
Core3 Core4
Socket/Die 1
cache
Socket/Die 2
5
Sizing Impact
Crosstalk increases with utilization
Exchange sizes for 75% utilization
Don’t add sockets to reduce to 50%
Two ways to address crosstalk
Hypervisor to segment processes to specific
processor dies (currently not available in
Hyper-V)
Windows Resource Manager – segment
processes to specific processor dies
Processor core ratios

Client Access Server (CAS) : Mailbox = 3 : 4
HUB transport server : Mailbox
= 1 : 7 (no A/V on Hub)
= 1 : 5 (with A/V Hub)
Edge guidance expected to be very similar to
Exchange Server 2007
GC: Mailbox
= 1 : 4 (32–bit GC)
= 1 : 8 (64-bit GC)
6
The system requirements may change prior to RTM, so be sure to check the
final guidance when it is released.
Max Processor Recommended Max Memory Recommended
Roles
Configuration Processor Configuration Memory
16 gigabytes 1 GB per core or 8

Transport Servers 12 cores 4 cores
(GB) GB (minimum)
Client Access 2 GB per core or 8

12 cores 8 cores 16 GB
Servers GB (minimum)
4 GB plus 2-6
Mailbox Servers 12 cores 8 cores 64 GB megabytes (MB) per
mailbox
8 GB plus 2-6 MB
All-In-One Servers 16 cores 8 cores 64 GB
per mailbox
2 GB per core or 4
Unified Messaging 12 cores 4 cores 16 GB GB (minimum)
Windows Network Load Balancing (NLB)

Not recommended above 8 nodes
Hardware load balancer
Recommended for larger environments
All-in-one High Availability (HA) scenarios
7
Internet Security and Acceleration (ISA) Server 2006
Kernel memory limitations imposed by the 32-bit
architecture
ISA:CAS ratio 3:1 (worst case)
Important when you have a large percentage of your users connected
via Outlook Anywhere, as the ratio of Transmission Control Protocol
(TCP) connections to users is much higher than you would see for
Outlook Web Access (OWA), ActiveSync, POP, or IMAP traffic
Beyond ISA 2006 … pre-release product information
Forefront Unified Access Gateway (UAG)
Next-generation secure remote access product and the future version
of Microsoft Intelligent Application Gateway—native 64-bit architecture
Will be tested with Exchange Server 2010 (Beta)
Forefront Threat Management Gateway (TMG)
Next-generation network security product and the future version of
Microsoft ISA Server—native 64-bit architecture
Will be tested with Exchange Server 2010 (Beta)
8
I/O reduced by 70% from Exchange Server
2007
Optimized for Serial Advanced Technology
Attachment (SATA) disks
Two socket platform is optimal
Crosstalk a concern
High Availability improvements
Introducing Database Availability Group (DAG)
Use 4 – 8 total cores for mailbox

16 cores shows decline in throughput on single
role machines
4 GB random access memory (RAM) with 2-6
MB per mailbox recommended
Size and prepare disks correctly
Use storage calculator
Use multiple 1 GB or 10 GB network speeds
for HA replication
9
Size for double failures
Do not over-commit resources
Spread node failure across all available nodes not one or two
Distribute database (DB) copies across nodes in a matrix
Seed compression/encryption (opt in)
Improved DB seed/log shipping performance across wide
area network (WAN)
Log shipping compression/encryption (opt in)
New log shipping architecture (Transport Control Protocol (TCP)
socket based as opposed to Server Message Block (SMB))
Improved high latency capability
Scales/database (TCP connection per database)
Use multiple 1 GB networks or 10 GB network
Improves LAN re-seed/log replication queue drain performance
Especially with large servers and/or large databases
Removal of DSProxy
Consolidation of store access paths
MAPI on the Middle Tier (MoMT)
Remote procedure call (RPC) endpoint for
Outlook
MAPI connection pool CAS  MBX
Connection limitation on store not a factor
10
Entourage
Exchange Components Exchange Components
Transport
WS
Transport WS Agents
OWA
Agents OWA
Mailbox Agents
UM
Mailbox Agents
UM
Sync Outlook / MAPI Sync
clients
XSO Outlook / MAPI MAPI RPC XSO

Middle
clients
Middle
Tier
MAPI.Net
Tier
Core Objects
Entourage
MAPI.Net
MAPI RPC DAV
Mailbox
Mailbox
MAPI RPC
Store
Store
Outlook Clients Outlook Clients
Failover:
Client disconnected
for 1-15 minutes
Exchange CAS NLB
CAS Failure:
MBX MBX Client just
reconnects
MBX1 MBX2
Failover:
Connected client
Exchange 2007 disconnected for 60- Exchange 2010
90 seconds (POR)
11
60K connections / MBX server
Outlook Clients
MBX
# of CAS servers
x
100 connections / CAS MoMT
service/process
MBX
Outlook Clients Exchange CAS NLB
Hardware requirements increased

For additional features (MoMT) and Exchange
Web Services (EWS) services
Use 4 to 8 cores
2 GB RAM/core recommended (8 GB min)
CAS: Mailbox = 3:4 Cores
12
With transport dumpster changes and
Extensible Storage Engine (ESE)
improvements, transport I/O operations per
second (IOPS) requirements are targeted to
be reduced by more than 50%
Database compression
7-bit compression and XPRESS
DB cache size 64 MB min and 1 GB max
Large messages are supported without
causing backpressure
Use 4-8 cores

4-8 GB of RAM recommended
More than 8 GB is not shown to improve TCO or
scale
DB cache
Not needed to adjust at install
Improvements in DB cache usage
13
Use 4 core
4-8 GB of RAM recommended
More than 8 GB is not shown to improve TCO or
scale
Not recommended combining with other roles
Audio quality can be affected – still investigating
Place close to the mailbox servers that host
mailboxes of the UM enabled
Voice mail preview
Need to adjust guidance based on this feature
MBX, CAS and Transport roles

Not sure of UM combination at this time
Use 8 core
8 GB RAM plus 2-6 MB mailbox recommended
Max recommended RAM 64 GB
14
Currently under investigation
MBX, CAS and Transport roles

Not sure of UM combination at this time
Possible solution for high core
configurations
Considering Windows System Resource
Manager (WSRM) to restrict per process
system utilization
Use 8-16 cores
8 GB RAM plus 2-6 MB mailbox recommended
Max recommended RAM 64 GB
Windows Operating System % Performance Hit
Windows or 3rd Party Kernel
Hypervisor Layer % Performance Hit
15
Sizing guidance will account for expected overhead
from virtualization technology
Exchange application is not virtualization aware
No plans to change Setup experience
Fully assess the risks/benefits before deploying
Exchange in a virtualized environment
Exchange is a business critical application directly affecting
broad base of users every day
Virtualization can add complexity and risk to your
environment
Sharing infrastructure is a bad thing
Build out virtual machine configuration prior to
installing Exchange
Small office, remote or branch office with High

Availability
Reduces physical servers
Mobile LAN
Complete network infrastructure deployed at a
moments notice
Exchange, file, and domain infrastructure services
Disaster recovery
"Warm Site‖
Should you virtualize Exchange?
http://msexchangeteam.com/archive/2009/01/22/450463.aspx
Exchange Supportability Statement
http://technet.microsoft.com/en-us/library/cc794548.aspx
16
Supported
Microsoft an third party virtualization platforms
within the Server Virtualization Validation
Program (SVVP)
Not supported
Unified Messaging (UM) Role
Hypervisor-provided clustering, migration or
portability solutions (i.e. quick migration)
Unknown
Windows 7 features (i.e. live migration)
17
Profiling
Exchange Profile Analyzer (EPA)
Performance Monitor (Perfmon)
Sizing
Exchange Server 2010 (Beta) storage
calculator (beta pending)
Spreadsheet available to plan for the storage you
need based on user profile
Validation
Jetstress 2010 (beta in April)
Exchange load generator ―Loadgen‖
Exchange Load Generator
User Profile
(Mailflow & Other Details)
Exchange Profile Analyzer
Exchange Storage
Calculator 2010
Performance Monitor User Profile (IOPS)

(perfmon)
Exchange Jetstress 2010
18
Generates statistical profile of user actions
Messages sent and received/day
Rule counts
Inputs
Item size and counts
Crawls mailboxes with MAPI (previously DAV)
OWA log analysis tool and ―summarizer‖
Accuracy somewhat dependent on how
users manage their mailbox
Follows product group recommendations

on:
Storage
Memory
Mailbox sizing
Goal of the calculator is to output:
I/O requirements
Capacity requirements
Logical user number (LUN) design
19
Jetstress
Jetstress should always be run on a new
deployment to validate storage reliability and
performance prior to Exchange deployment
It’s cheap and easy to run!
Loadgen
Loadgen should be used where you have a
need to validate end-to-end Exchange
configuration
Be aware of what the tool can and cannot do
Loadgen cannot replicate your client activity with
100% accuracy
Exchange I/O simulator

Uses Jet (ESE) database engine
Analyzes server I/O performance for Exchange
requirements
What can Jetstress be used for?
Storage performance validation
Storage reliability testing
End-to-end testing of storage components
What can’t Jetstress be used for?
Validation of client experience
Integration testing with third party software solutions
20
The only supported multi-protocol load generator for
Exchange
Replaces Loadsim and ESP
Overall platform targets Exchange 2000 Server
through Exchange Server 2010 (Beta)+
Windows UI interface as well as a command-line
interface
Both task-based and scripted simulation modes
Consumed both internally at Microsoft and externally
Existing modules include: Outlook® 2003/2007 (online
and cached), Post Office Protocol (POP), Internet
Message Access Protocol (IMAP), Simple Mail
Transfer Protocol (SMTP), OWA, ActiveSync… others
in development
Capacity planning
The process of determining the optimal hardware
configuration which will support a given system
load within identified performance constraints
(response time, CPU/memory utilization)
Scalability
The capability of a system to increase total
throughput when resources (typically hardware)
are added
Performance
Cost of performing an operation in isolation (CPU,
memory, disk I/O, network, latency)
21
22
Module Number 04
Client Access Server (CAS) functions

What’s new in Exchange Server 2010
(Beta)
Exchange Server 2003/Exchange
Server 2007 Migration to Exchange
Server 2010 (Beta)
Secure Sockets Layer (SSL) and
certificate considerations
1
Internet Explorer, Firefox, Safari OWA & ECP
Mobile Devices EAS RPC

Mailbox
Server
Outlook, Entourage, LOB apps EWS
Outlook, Entourage,
LOB apps, Mobile Devices Autodiscover
LDAP Domain
Outlook
Offline Address Controller
Book download
Outlook from the Internet Outlook
Anywhere
Proxied Other
Thunderbird HTTP
POP/IMAP CAS
Outlook from the intranet Server
MAPI on the
Middle Tier
ExOLEDB, WebDAV, CDOEx and

3rd Party Apps
store events are gone - Any platform. Eg. Linux/Mac
Office
Communicator
development: Exchange Web - Contacts/Buddy List
Services (EWS) and Transport
Agents
Outlook
EWS strengths - Free/Busy EWS
- OOF
Remotable over the Internet - UM
- MailTips
Encapsulates Outlook business
logic
Entourage
Strongly typed Personal - Everything
Information Manager (PIM)
objects 3rd Party Apps EWS Managed
- Windows .NET
Cross-platform interoperability API
through open web service
standards
Performant and scalable
2
Used by Outlook, Entourage, Exchange ActiveSync clients and
Exchange Web Services applications
Auto-configures client for end user
Within corporate network, Outlook magically configures itself without
requiring any user entry
From outside the corporate network, user enters e-mail address, user
name and password
Outlook automatically adjusts when Exchange configuration changes or
mailboxes are moved
Works ―out of the box‖ for intranet clients
Self-signed certificates auto-installed to work with internal clients
Deploy on the Internet for Outlook Anywhere clients
https://<your domain.tld>/autodiscover/ or https://Autodiscover.<your
domain.tld>/autodiscover/
Requires valid Secure Sockets Layer (SSL) certificate to prevent domain
spoofing
New in Exchange Server 2010 (Beta)
SOAP-based Autodiscover service with WS-Security and batch request
support
EWS Managed application programming interface (API)

First class .NET development for EWS
Supports Exchange 2007 Service Pack 1 (SP1) and
later
Built-in Autodiscover client
WS-Security authentication
Full DL (―groups‖) support
Create/update groups, add/remove members
Time zone enhancements
Folder Associated Items (FAI)
User configuration objects
GetRoomLists/GetRooms
3
1 2 3
Outlook’s Scheduling Assistant The user’s home CAS Local free/busy information
calls EWS’ server determines which is retrieved via MAPI RPC
GetUserAvailability method mailboxes are local vs. in from the mailbox
using the URL determined via remote sites
Autodiscover MAPI RPC
HTTPS Request Exchange
Outlook requests
free/busy for Web Services
Free/busy
John@nwtraders.com
Amy@nwtraders.com results CAS John’s
Exchange 2007
5 AD Site 1 Mailbox Server
The original CAS server
combines the local and HTTPS Free/busy
remote results and Request results
returns them to Outlook
 Meeting
suggestions
returned MAPI RPC
Exchange
for new Web Services
―Scheduling 4
Requests for remote sites Amy’s
Assistant‖ CAS
Exchange 2007
are proxied to remote
CAS servers AD Site 2 Mailbox Server
Site or forest
MailTips will be available in Outlook 14 (screenshot below) and Outlook Web Access 2010
boundary
(cross org not supported)
Mailbox 1 Mailbox 2 Active Directory

RPC RPC Autodiscover
(cross forest only)
HTTPS
CAS
GetMailTips (HTTPS)
Group EWS
Metrics File EWS
GetMailTips (HTTPS)
4
EWS in Exchange Server 2010 (Beta) introduces new APIs to support federated
sharing outside the organization. The following table shows the benefits:
User Security Benefits

IW  Continues to control who  Does not need separate account to
has access to calendar. share externally.
 Does not need to provide credentials.
 Only needs to know e-mail address.
 Can access shared calendar in both
Outlook and OWA.
IT  IT can restrict sharing to  Can enable free busy access for entire
specific domains and max org.
level of detail.  Only needs to establish trust once
 Does not require privileged  No need for external contacts in GAL.
service account or full AD
trust.
Provides a service that traces the servers a message went through from start to finish.
Works across organizations.
Org 1 Org 2
Mailbox Hub Mailbox Hub
RPC RPC RPC RPC
Sharing
relationship
CAS CAS
GetMessageTrackingReport
HTTPS Note: The same architecture is
HTTPS
used cross-site within one
Client Windows Live Id authentication
organization. Cross-site HTTP
calls are cheaper than RPCs.
5
Outlook connecting
What’s changed with Outlook
RPC Client Access Services (RPC Anywhere
Client Access Services Tier): Clients HTTP
now connect to CAS instead of MBX
DoMT (Directory on the Middle Tier): Windows
A full NSPI endpoint to replace DSProxy 2008+
Requirements RPCHTTP
Windows 2008 RPC HTTP RPC
Load balancer for RPC Client Access
Services should be different from CAS
RPCHTTP but may be the same RPC Client Access
servers Services + DoMT
Impact
LDAP RPC
DoMT resolves issues surrounding
DSProxy and split HTTP connections
Cross-site moves/failovers will require
additional configuration to be seamless
to clients
AD Mailbox
Exchange Server 2010 (Beta) CAS still distributes OABv4 via Background Intelligent Transfer Service
(BITS) over HTTP(s) for Outlook 2007 or later – no version change!

(Beta) OAB will bring
support for:
Hierarchical Address
Book (HAB)
Properties
customization
MailTips for O14
6
HAB support is accomplished by populating
objects with organization tree information (e.g.
departments and sub-departments)
List of properties stored in OAB is viewed by
Get-OfflineAddressBook
OAB properties list customization
Set-OfflineAddressBook
–ConfiguredAttributes <att1>,<att2>
Globally enable OAB distribution
Customizing the OAB properties list can result in
generation of large diff files
Set-OfflineAddressBook
–GlobalWebDistributionEnabled:$true
A new service that establishes an Remote

Procedure Call (RPC) endpoint for client access
on the Client Access Server (CAS) role
Replaces the existing RPC endpoint on the Mailbox
Replaces DSProxy
Consists of:
New RPC endpoint entirely re-written in managed code
Combination of re-factored XSO code and new code
into a new Core Objects abstraction layer
Cmdlets, performance counters, etc. to manage and
monitor
7
Outlook Clients
What?
A new service in Exchange Server 2010
(Beta) for Outlook to connect to CAS
instead of connecting directly to MBX
servers
Why?
Reduce code and client logic in Exchange Exchange CAS Array
store process for increased reliability
Use the same business logic for Outlook
and other CAS clients
Calendar logging + fix up
Content/body conversion # of CAS servers
x
Provide a better client experience during 100 cnx / CAS server
switchovers/failovers MBX
When a MBX server fails over, Outlook client will
only see ~30 sec disconnection, as compared to
1-15 min before
Support more concurrent
connections/mailboxes per Mailbox server
CAS machines
Entourage
Transport
WS
Transport WS Agents
OWA Agents
Mailbox
OWA
Mailbox
Agents UM Agents UM
Sync Outlook / Sync
MAPI clients
Middle
XSO Outlook / MAPI RPC XSO

Middle
MAPI clients
Tier
MAPI.Net
Tier
Core Objects
Entourage
MAPI.Net
MAPI RPC DAV
Mailbox
Mailbox
MAPI RPC
Store
Store
8
Exchange Server 2007 Exchange Server 2010
Outlook / MAPI Outlook / MAPI
clients clients
MAPI RPC RPC NSPI
CAS Array
RpcProxy Proxy
CAS
Common
Logic
MAPI.Net
MAPI
Mailbox
MAPI RPC DSProxy NSPI LDAP
RPC
Store Store
ESE Mailbox AD ESE AD
RPC Data Flow

HTTP Data Flow
Common Data Flow
60K connections / MBX server
Outlook Clients MBX
# of CAS servers
x 100 connections / CAS RPCCA
service/process
MBX
Outlook Clients Exchange CAS NLB
9
No in-place upgrade: deploy new Exchange Server 2010 (Beta) servers
1.2 Internal AD Site

Internet facing AD Site Deploy E2010 2
1 servers Upgrade Internal
Upgrade Internet sites second
facing sites first
CAS-CAS
proxy
Internet
CAS, HUB, 1.4

UM, Move Mailboxes
MBX 2010 CAS, HUB,
UM, MBX
1.3
1. Move Internet
hostnames to point to
CAS2010 (incl. move 1.1
of Autodiscover to
E2010) CAS, HUB, UM, Upgrade E2007
2. Move UM phone servers to SP2
number for OVA to
MBX 2003 or 2007
point to UM2010
Most clients will connect to CAS2010 for access to any mailbox

CAS2010 will redirect and proxy clients to CAS2007/FE2003/MBX2003 for access to Exchange Server 2003/Exchange
Server 2007 mailboxes
OWA Exchange Beta: CAS2010 manual redirect to CAS2007; user get new ―legacy‖ OWA URL
for FE2003—RTM: CAS2010 redirects to CAS2007 or MBX2003—all users use CAS2010
URL
EAS All devices get proxied from CAS2010 to MBX2003

WM6.1+ gets redirected between CAS2010 and CAS2007
WM5 and WM6 get proxied from CAS2010 to CAS2007
EWS Autodiscover sends clients to a CAS matching the MBX version
Outlook Anywhere RPC/HTTP service on CAS2010 forwards traffic to MBX 2003/2007
Outlook Intranet RPC Leverages RPC Client Access service for mailbox access
IMAP4/POP3 Users get new ―legacy‖ hostnames for CAS2007 and FE2003 access
10
CAS to MBX RPC communication requires good network connection
Every AD Site with Exchange Server 2007 mailboxes needs a CAS role
Redirection
When: A CAS in the user’s mailbox AD site Is
available on the Internet, but the user goes to
an OWA URL for a CAS in a different AD site Redirect CAS-USA
What: OWA will show a page telling the user
which OWA URL they should be using for
access to their home AD site User-Italy
Use ―externalUrl‖ config key to control OWA CAS-Italy
redirection
Proxy
When: No CAS in the user’s mailbox AD site
is available on the Internet—the user uses
the OWA URL for a CAS in a different AD CAS-USA
Proxy
site
What: OWA will proxy the user requests to
the CAS in the mailbox AD Site User-Italy
Use ―internalUrl‖ configuration key to control
CAS-Italy
OWA proxy behavior
Comments &
CAS->MBX Redirect CAS->CAS Proxy CAS-> CAS
Consequences
OWA 2010/2007 Yes
Autodiscover + redirection
EAS 2010/2007
logic
Must have a CAS server in each Exchange
No Yes
AD site to use OWA/EAS/Web Services
Web Services 2010/2007
(Outlook 2007+ other Autodiscover
apps)
OWA 2003
Yes, via HTTP No Direct access from CAS2010 to MBX2003
EAS 2003 Not Required due to
CAS-> MBX comm.
Between AD sites
Outlook Anywhere with Direct access from CAS2010 to
MBX 2003/2007/2010 OLK2007 and newer: MBX2003/2007/2010
Yes, via RPC Autodiscover
Outlook Intranet RPC OLK2003 and older : No
with MBX 2010
Outlook Intranet RPC
Not Required due to client->MBX direct comm.
with MBX 2003/2007
IMAP/POP clients must access a CAS in the
IMAP4/POP3 No Coming soon mailbox AD Site directly and must access a
CAS matching the mailbox version
11
OWA and EWS require server affinity Client
During a session, all client requests must go to
the same CAS server
Other CAS services do not require client-server
affinity
NLB using Client IP or
Client IP-based load balancing
3rd party cookie LB
Cookie-based load balancing
―Poor man’s‖ solution
Windows Network Load Balancing (NLB)
Affinity fails if client IP changes during session UAG
array
Does not work behind reverse proxies like ISA
since the client IP is masked by the reverse proxy
ISA 2006 and UAG can do client IP LB for
servers behind it UAG cookie LB
―No hassle‖ solution

ISA 2006, UAG or 3rd party Load Balancers
CAS
array
Client
Scenario
Service is contacted on CAS in site A
Service needs to proxy request to
CAS in site B which is closer to
targeted mailbox
Site B has load balanced CAS
servers (NLB, reverse proxy)
CAS-to-CAS enabled services EWS NLB
NLB array bypass
ActiveSync, Availability, MailTips
Support in POP/IMAP coming soon
EWS bypasses NLBs
Subscriptions need CAS affinity
Configurable via cmdlet
CAS1 CAS2 CAS3
12
Improved scalability with lower memory and CPU
utilization
MIME fidelity improves reproduction of MIME in cases
of DBCS handling, signed and encrypted messages
Added (back) Delegate Access support
Duplicate download of messages mitigated for most
cases
Hidden messages are not retrieved anymore
R4: Adding service discovery support for HA scenarios
Installs with SSL on by default, using an self-signed certificate

To make things simple: use a wildcard certificate like
*.nwtraders.com
Some mobile devices (e.g. WM5) do not support wildcard certificates—
use different certificate for EAS specifically
Cheaper: SAN certificate covering up to 6 hostnames
e.g. Owa.nwtraders.com, pop.nwtraders.com, imap.nwtraders.com,
smtp.nwtraders.com, autodiscover.nwtraders.com.
Use Exchange Server 2010 (Beta) certificate wizard to figure out the
hostnames you need included
Performance
SSL is ~10% of CAS CPU load
Ensure client-server affinity for the server which terminates SSL to avoid
re-doing SSL handshake for new connections
Consider offloading SSL to reverse proxy (e.g. ISA/UAG) or hardware
accelerator
13
Perimeter
Network
Active
HTTPS Directory
Service
Account
Reverse
Firewall
Firewall
for CAS->MBX
Proxy w/ access
Pre-authN Client Access Mailbox
Never deploy CAS in the Use pre-authentication on

Perimeter Network reverse proxy
No domain member servers Ensure no unauthenticated
should be in perimeter— traffic reaches intranet
they have too many access servers
rights on intranet AD servers For example, ISA2006/UAG
FBA, RSA SecurID
14
15
Module 05
TechReady content is Microsoft Confidential
DO NOT post TechReady content to any blogs or external Websites
Please DO NOT take photos or video of Sessions or Slides throughout the TechReady Event
All appropriate content will be made available on-demand

post event via https://www.mytechready.com and procurable on DVD via http://msmarket
1
Exchange Server 2010 (Beta) Architecture
overview
Mobility with Exchange Server 2010 (Beta) and
Windows Mobile 6.5
Feature Set
Demo
Outlook Web Access in Exchange Server 2010
(Beta)
Feature Set
Demo
Enterprise Network Phone system

(PBX or VOIP)
Edge Transport Hub Transport

Routing & AV/AS Routing & Policy
External
SMTP
servers
Mailbox Unified Messaging
Storage of Voice mail &
Mobile mailbox items voice access
phone
Client Access
Web
Client connectivity
browser Web services
Outlook
Line of business
(remote user)
application
Outlook (local user)
2
End User Enhancements Exchange Active sync Devices

Information overload
Conversation view and actions
Message preview
Reply/forward status
Free/busy information
Integrating communications (Unified inbox):
Enhanced visual voicemail, including speech-
to-text transcriptions
Text messages synchronized to Exchange Conversation Free Busy
inbox (send text messages from OWA and View Information
Outlook 14!)
Quickly address emails with automatic
recipient suggestions – shares the nickname
cache with OWA
Update your WM 6.1 devices with these new
Exchange Server 2010 (Beta) features over-
the-air!
IT Pro Enhancements
View mobile devices connecting to Exchange
Allow/block quarantine by device type/OS Enhanced Auto suggestions
Growing number of EAS supported devices Visual Voicemail
3
Apple
Conversation View
Free/Busy Lookup
Read your voicemail (Enhance Voice Mail)
Short Message Service (SMS) from your computer
Find any e-mail in your mailbox
Remember to tell them you’re on vacation
Access documents while you’re out of the office
Top Secret E-mail protection
POP/IMAP service discovery
Block/Allow via approved device list

Approved by device type or by user
Device type reported by the device
Block an unsupported device
Quarantine
E-mail sent
Administrator approved
Lost devices don’t mean leaked information
4
EAS sync state upgrade
POP/IMAP performance improvements
Calendar now support lunar calendars
Downloadable Outlook Mobile client
Use of temp installer and Skyline server
SharePoint
2003/2007 Server
SharePoint
Request Proxy via
Exchange CAS Exchange
Internet Exchange Mailbox Server
CAS Server
256-Bit SSL Subscription

Tunnel to Mailbox
ISA Server /
Reverse Proxy
Active Directory
DMZ Intranet
5
Sync Authentication Encryption
Configure message formats Minimum number of complex Require signed SMIME

(HTML or plain txt) characters messages
Include past e-mail items Enable password recovery Require encrypted SMIME
E-mail body truncation size Allow simple password messages
HTML e-mail body truncation Password expiration (days) Require signed SMIME
size Enforce password history algorithm
Include past calendar items Windows file share access Require encrypted SMIME
(duration) Windows SharePoint access algorithm
Require manual sync while Minimum password length Allow SMIME encrypted
roaming Timeout without user input algorithm negotiation
Allow attachment download Require password Allow SMIME SoftCerts
Maximum attachment size Require alphanumeric Device encryption
password Encrypt storage card
Number of failed attempts
Policy refresh interval
Allow non-provisionable
devices
Color Key
Exchange 2007 SP1
Exchange 2007 RTM
Exchange 2003 SP2
Device Control Network Control Application Control
Disable desktop ActiveSync Disable Wi-Fi Disable POP3/IMAP4 e-mail

Disable removable storage Disable Bluetooth Allow consumer e-mail
Disable camera Disable IrDA Allow browser
Disable SMS text messaging Allow internet sharing from Allow unsigned applications
device Allow unsigned CABs
Allow desktop sharing from Application allow list
device Application block list
Color Key
Exchange 2007 SP1
Exchange 2007 RTM
Exchange 2003 SP2
6

Nickname cache
See your UM messages
Forward/Reply information
Conversation view & actions
Free/Busy information
SMS sync
Block/Allow list
Downloadable client
7
Outlook Web Access (OWA)

Premium in Firefox 3 + Safari 3 +
Internet Explorer (IE) 7/8
Information overload
Conversations for everybody
Filters
Folder favorites
MailTips
Integrating communications
IM integration (OCS +
pluggable model)
Send/receive mobile text
messages (SMS) through
Exchange ActiveSync
devices, and get mobile You asked for it
notifications on your phone – Delegate Access
– Calendar and contacts sharing (within org and
between orgs; side-by-side calendar views)
– Information Rights Management (IRM) email without
plug-in
– “Virtual List View” removes need for paging
8
OWA premium for IE, FireFox, and Safari
Improved threaded conversation view
Integrated Presence and IM for SPOG UC Experience
Nickname cache
See your UM Voice Mail Messages
External Calendar sharing and Side by Side
Calendaring
SMS Sync in OWA (Outlook and Mobile too!)
Favorites folders
Advanced search
End User Archiving and access to archive
Distribution group creation
IRM
Delegate access
View conversations in context

All messages
All folders
Forks
Hide repeated information
Take action on conversations
Move
Ignore
9
20
10
SMS Provider
User Recipient
11
SSL
User
SSL
Exchange
Server 2010
Recipient (Beta)
23
•UCWeb.DLL
•Cert. must be from same CA
•Can •Collaboration.DLL
use an internal CA
•Multiple CAS = Multiple Certs.
•Cert.•SipEPS.DLL
must use FQDN
3rd Party Download Center
Set-OwaMailboxPolicy
Certificate Authority
OCS 2007 R2 Active Directory
–identity <identity name>

MTLS
Set-OwaVirtualDirectory
-InstantMessagingEnabled:$true
–Identity <identity
Forefront name>
-InstantMessagingType:server
UAG Server
–InstantMessagingType:server
–InstantMessagingEnabled:$true
Set-CASMailbox <MailboxIdParameter>
Exchange 2010 CAS Exchange 2010 MBX
-OwaMailboxPolicy <MailboxPolicyIdParameter>
24
12
Delegate access
Distribution group creation
IRM
Archiving
OWA premium for IE, FireFox, Side by side calendar view

and Safari Message tracking
Conversation view SMS Sync
Ignore/Move conversation Favorites folders
Virtual list view Advanced search
Presence Archiving
Instant messaging Distribution group creation
Nickname cache IRM
UM card Delegate access
Calendar sharing
13
14
15
Module Number 06
1
Joe Person-Person Pat
relationship
Requires Microsoft
Org 1 Org 2
Federation Gateway
(MFG)
Broker service only, no
credentials
No passport /Windows
Live accounts or
Angi Jon
passwords shared
Org 1 Org 2
Org-org relationship
Delegation Scenario Sign-on Scenarios

Services act on behalf of a User uses corporate
user to access Exchange credentials to access
resources Exchange resources in the
cloud
Federated sharing
Federated delivery Cross-premise mailbox login
Outlook Web Access (OWA) Direct logon for Line-of-
and Messenger Business (LOB) applications
3rd party access to mailbox
Virtual address lists
2
Today (Exchange Server 2007) MFG
Complex, proprietary trust Simple, standards-based trust
management MFG acts as trust broker
Contoso.com FourthCoffee.com Contoso.com

FourthCoffee.com
Cloud
Services
MFG
nwtraders.com fabrikam.com nwtraders.com fabrikam.com

Use Publicly Trusted Certificate

Public, private key
No name dependency
Get-ExchangeCertificate
Lists available certificates
Create the actual federation trust
New-FederationTrust -Name MFGTrust -
OrgCertificateThumbprint [cert thumbprint]
3
DNS TXT record with the AppID
IN TXT AppID=001600008000000F
Add account name space for contoso.com
Set-FederatedOrganizationIdentifier -
DelegationFederationTrust MFG Trust
-AccountNamespace contoso.com
Subsequent domains
Set-FederatedDomain –DomainName
contosoresearch.com
4
Exchange Server Exchange Server

2010 (Beta) 2010 (Beta)
Authenticated
Requires Exchange Server 2010 free busy access
(Beta) Request: View calendar
For: Joe@contoso.com
Establish MFG trust (once) fabrikam.com From: mary@fabrikam.com
contoso.com
One-time key exchange
Proof of domain ownership
Create org-org relationship
Enter organization info - domain
name, Web Service (WS) endpoint
Organization can enable anonymous
discovery of info Windows
Exchange makes request for user Live Id
O12/O14/OWA talks to local CAS
User not prompted for credentials Each org establishes a simple,
standards-based trust with MFG
No Active Directory (AD) trust or
account management
5
Paul@fabrikam.com adds
Crystal@ contoso.com to a
meeting
Fabrikam AS determines Crystal
is an external recipient and looks
up sharing relationship
Fabrikam AS requests a
delegation token for Paul for use
by AS in Contoso
Fabrikam AS includes the
delegation token in the free/busy
request to Contoso AS
Contoso AS determines Paul is
an external recipient; Performs
authorization by validating the
organization relationship for
contoso.com; retrieves the data
from the calendar folder
Contoso AS returns free/busy
data to Fabrikam AS
Paul sees free/busy information
12 Microsoft Confidential for Crystal
6
2010 (Beta) 2010 (Beta)
Configure MFG trust Authenticated

calendar access
Configure Sharing Policy
Request: Sync calendar
Include list of allowed domains users For: joe@fabrikam.com
From: mary@contoso.com
can share with Contoso Fabrikam
Set maximum level of sharing for each
domain
Associate users with sharing policy
Send Sharing Invitation
Invitation requires O14/OWA,
MFG
Opening invitation with O14/OWA
creates a server-side subscription Exchange Server 2010 (Beta) gets
token on behalf of user when making
Server syncs shared calendar to request
user’s mailbox
All clients can view sync’d calendar
7
Sharer sends invitation to
share his calendar/contacts
to recipient outside of the
Exchange organization
Sharing Invitation contains
sharing payload
Encrypted with POP key
Receiver’s e-mail
address
Alias support
Calendar subscription is
created in receiver’s
Calendar with target
information of the sender
Configuration steps to enable Federated Sharing: two Exchange on-premise

organizations with no Active Directory Trust want to share Calendar information
Administrator Steps Comment

This is the token signing certificate for federation trust with the
Request a CA signed certificate with private/public key and deployment on Federation service. Existing certificates can be leveraged if they
meet the requirements.
all CAS servers in the on-premise environment. The certificate distribution is
handled as part of the certificate deployment provided by the transport
team.
Both on-premise companies establish a federated trust with

New-FederationTrust -Name LiveTrust Microsoft Federation Gateway
-OrgCertificateThumbprint
16be06c9431f910f5ccc833def56c535661ca6ca
Windows Live Custom Domains require proof-of-ownership of

The network administrator creates an TXT record in DNS: any domain that should be federated with Federation Service.
The mechanism used is to lookup a AppID TXT record for the
domain that contains the ApplicationIdentifier created by the
contoso.com IN TXT AppID=001600008000000F trust.
The company registers which domain name should server as the

Set-FederatedOrganizationIdentifier -DelegationFederationTrust LiveTrust account namespace of the federated domain.
-AccountNamespace contoso.com User with e-mail addresses ending with this domain will get
delegation tokens from Federation Gateway, and a shadow account
is automatically created by Windows Live in the account
namespace.
Set-FederatedDomain –DomainName contosoresearch.com Additional domains can be registered to allow users with e-mail
addresses in those domain to get delegation tokens.
8
Scenarios
Contoso establishes Org-Org Sharing Relationship with Fabrikam
User Steps Comment

To setup a Sharing Relationship for Contoso with Fabrikam:
Get-FederationInformation –DomainName Fabrikam.com | New-SharingRelationship -Name Fabrikam

-CalendarEnabled $true -FederatedDeliveryEnabled $true
paul@contoso.com sends secure e-mail message to crystal@fabrikam.com
1. Contoso Exchange server requests 3. Fabrikam decrypts RPMSG

delegation token from Microsoft like message
MFG
Federation Gateway Decrypts SAML token
On behalf of paul@contoso.com targeted to Fabrikam to get
Offer: MSExchange. PoP key
DeliveryInternalSubmit Uses PoP to decrypt
Targeted to fabrikam.com content key
Uses content key to
2. Contoso Exchange creates decrypt DRMData stream
RPMSG like message Converts message back to
normal e-mail message
Creates a content key
Creates a DRMData stream with
contoso.com encrypted body fabrikam.com
Encrypts content key with PoP
key from token
Adds delegation token and
encrypted content key to new Fabrikam Server
Exchange Server stream
9
10
Module Number 07
Transport and routing

Exchange Server 2010 (Beta) transport key design goals
Capacity planning
High Availability and reliability
Instrumentation and reporting
Transport interoperability
Edge
Information Leakage Protection and Control (IPC)
Transport content protection
Confidential communications
Exchange Server 2010 (Beta) and Information Rights
Management (IRM) Integration
1
Lowering costs
Increased availability
Better administrative control
Operational excellence
Lowering capital expenditure (CapEx)

Reduction in IOPS/msg through performance improvements
reduces number of servers required in deployment
Enable non-redundant storage (RAID0) configurations without
increased risk of data loss
Lowering operations expenditure (OpEx)
Smaller server footprint, less power and A/C
“Disposable state” enables simple recovery actions (restart
process, restart server, rebuild database, reimage server)
Key Health Indicators (KHI) provide notification when system
needs attention
2
mail.que database improvements
Increased Extensible Storage Engine (ESE)
page size to 32 KB
ESE Database (DB) page compression
ESE version store maintenance
Better use of intrinsic long value storage
Increase DB cache size and checkpoint depth
Decrease transport dumpster size through
truncation feedback to improve cache efficiency
Result: More than 50% reduction in IOPS (hub)
Reducing Version Bucket Resource Pressure

500
450
400
Version Buckets
350
300
250
200
VersionBucketsHighThreshold (200) E2007
150 E2010
VersionBucketsMediumThreshold (120)
100
50
0
10mb 30mb 90mb 150mb 200mb 370mb
Message Size
3
Overview
Shadow messaging—transport redundancy
Automated server recovery
Transport dumpster
Goals
Increased reliability without increased hardware costs
Enabled by default
Shadow redundancy similar to transport dumpster
Data retained on previous hop until delivered
When failure in next hop detected, previous hop
resubmits
SMTP extensions used (create little overhead)
Ellimination of RAID overhead
50% IOP„s reduction for 80% Write I/O„s
4
1. Hub (shadow) delivers message to Edge1
(primary)
Hub Detects that Edge1 supports Transport
1 redundancy through XSHADOW verb
Hub moves message to shadow queue and stamps
Edge1 as current, primary owner
2. Edge1 (primary) receives message

Edge1 Edge2
(becomes “primary owner”)
2 Edge1 delivers message to next hop
Edge1 updates discard status of the
message indicating delivery complete
to foreign MTA
Foreign
MTA
3. Success: Hub (shadow) queries Edge1

(primary) for expiry status
Hub issues XQDISCARD command (next SMTP
Hub
1 3 4
Session),Edge1 checks local discard status and
responds with list of messages considered
delivered
 Hub deletes messages from its shadow queue
4. Failure: Hub (shadow) queries Edge1 (primary)
Edge2
Edge1 discard status and resubmits
2
Hub opens SMTP session, issued XQDISCARD
command (heartbeat)—if Hub can’t contact Edge1
within timeout, resubmits messages in shadow
queue—resubmitted messages are delivered to
Edge2 (go to #1)
Foreign
MTA
5
Delayed acknowledgement after end of data
SMTP submission from Exchange 2003/2007, 3rd
party Message Transfer Agent( MTA ) and Mail User
Agent (MUA - UM, POP and IMAP clients)
MUA (UM, POP and IMAP clients)
250 response delayed up to 30 sec (default)
If transport server fails before ack, client resubmits
Mailbox Submission redundancy relies on copy of
message in sender‟s “Sent Items” folder
Mail Submission Service resubmits copy when hub
doesn‟t acknowledge successful delivery of message
System generated (Journal Report, NDR) are
considered “side effects” of original message
submission, tracked as part of original delivery status
Global Shadow Redundancy Configuration:
[PS] D:\>get-TransportConfig | FL Shadow*
ShadowRedundancyEnabled : True
ShadowHeartbeatTimeoutInterval : 00:05:00
ShadowHeartbeatRetryCount : 3
ShadowMessageAutoDiscardInterval : 2.00:00:00
Delayed Acknowledgement Timer Configuration:
[PS] D:\>get-receiveconnector | ft server,name,MaxAcknowledgementDelay -a
Server Name MaxAcknowledgementDelay

------ ---- -----------------------
HP64PIZZA50 Default HP64PIZZA50 00:00:30
HP64PIZZA50 Client HP64PIZZA50 00:00:30
Delayed Acknowledgement disabled on a receive connector by setting

MaxAcknowledgementDelay to 00:00:00
6
Exchange Server 2007 memory resource pressure

results in decreased service availability
Exchange Server 2010 (Beta) implemented signal to
generate Dr. Watson report (determine cause of failure)
and restarts
Exchange Server 2010 (Beta) Alert can send to
System Center to further analyze resource pressure
Exchange Server 2007 queue database corruption
results in downtime until administrator can perform
manual recovery
Exchange Server 2010 (Beta), transport will detect
queue database corruption, move/delete DB, and
continue operation
Shadow redundancy provides data resiliency
7
Up to 200% increase in IOPS/msg on hub transport role
when using transport dumpster in AD site with many
storage groups
18 megabyte (MB) quota per storage group using cluster
continuous replication (CCR) results in inefficient JET database
cache
Redelivery request from mailbox role after lossy failover
results in resubmission of entire quota
Analysis has shown that most are detected as duplicates unless
significant log replication lag exists
Can‟t recover data that exceeds dumpster quota (default
18 MB) regardless of how many logs lost in DB failover
Increased quota results in decreased cache efficiency
Eliminate extra IOPS due to transport dumpster

Database replication feedback from mailbox role
allows dumpster truncation on hub role
LastLogInspected time for each database copy retrieved
from active manager at regular interval
Timestamp of “worst” database copy in DAG used as the
dumpster watermark for each database
Items older than dumpster watermark are removed based
on scheduled feedback
Size of transport dumpster based on log replication
latency and frequency of feedback
Redelivery requests result in resubmission of
messages newer than dumpster watermark
8
How many items are in the dumpster for each database ?
How much space is the dumpster consuming for each database?
PS] D:\>get-date;Get-MailboxServer | for each {get-databasecopystatus -MailboxServer

$_.identity -DumpsterStatistics | ? {$_.SummaryCopyStatus -ne 'Mounted'}} | foreach
{$_.DumpsterStatistics}
Monday, June 16, 2008 11:07:02 PM
Server : HP64PIZZA50
OldestItem : 6/16/2008 11:06:11 PM
QueueSize : 3645
NumberOfItems : 63
Server : HP64PIZZA50
OldestItem : 6/16/2008 11:06:14 PM
QueueSize : 827
NumberOfItems : 43
Key health indicators

Service Level Agreement (SLA)
instrumentation
Measuring delivery latency
End-to-end latency
Server component latency
Historical reporting and trends
Transport scorecard
Transport dashboard
Log Search Service
9
Exchange Server 2007 Health
Service availability: measurement of process uptime
Error events: large number of error conditions that may cause
service disruption if left undetected
Queue depth: rate of submission exceeds rate of delivery, may or
may not result in latency
Exchange Server 2010 (Beta) Health
Service Availability: aggregation of individual measurements of
process uptime
Categorization Bottleneck: raises alert when rate of submission
exceeds rate of messages entering delivery queue for extended
period of time (5 min)
Delivery Latency: measurements of component latency and raise
alerts when SLA exceeded over long periods of time (30 min)
Intra-organizational delivery latency is measured

from point of entry into organization to mailbox
delivery or transfer to external mail system
Servers in route between org entry and exit
contribute to the end-to-end latency
Components on each server contribute to the
latency on each server
Exchange Server 2010 (Beta) measures both and
provides reporting for both using message
tracking log and PerfMon instrumentation
10
First Exchange Server 2010 (Beta) (H1) Server loops over received
headers for InternalSMTPServers (H1 -> P2 -> P1):
Add Latency header for P2‟s and P1‟s received header
Add OriginalArrivalTime header for P1
Add InProgress header for H1
Server (H3): Loop over Received headers until we reach the previous
Exchange Server 2010 (Beta) server (H3 -> H2 -> H1):
Add Latency header for H2‟s received header
Convert H1‟s InProgress header to latency header
Add InProgress header for H3
What was the end-to-end latency of messages delivered?

What was the latency on each server hop in end-to-end route?
[PS] D:\>get-MessageTrackingLog -MessageId "<341fbd56-fce9-41a7-aabd-145949785d66@HP64-

SFF77.dns.microsoft.com>" | ? {$_.MessageLatencyType -eq 'EndToEnd'} | ConvertTo-Messagelatency
InternalMessageId : 2
MessageId : <341fbd56-fce9-41a7-aabd-145949785d66@HP64-SFF77.dns.microsoft.com>
MessageLatency : 00:00:10.5310000
MessageLatencyType : EndToEnd
ComponentServerFqdn : HP64-SFF77.dns.microsoft.com
ComponentCode : TOTAL
ComponentName : Total Server Latency
ComponentLatency : 00:00:09
MessageId : <341fbd56-fce9-41a7-aabd-145949785d66@HP64-SFF77.dns.microsoft.com>
ComponentServerFqdn : HP64PIZZA50.VGPHIG-dom.extest.microsoft.com
ComponentCode : TOTAL
ComponentName : Total Server Latency
ComponentLatency : 00:00:00
11
Why did messages take longer than 20 seconds to deliver end to end?
[PS] D:\>get-messagetrackinglog -server:fesmoke2 -eventid:deliver | where {$_.MessageLatencyType -
eq "EndtoEnd" -and $_.MessageLatency.TotalSeconds -gt 20} | convertTo-messageLatency | where
{$_.Latency -gt "00:00:20" -and $_.ComponentCode -notlike "total"}
MessageId : <f8bee984-LB18.BXWLWF-dom.com>
ServerFqdn : 3859R7-LB18.BXWLWF-dom.extest.microsoft.com
ComponentCode : SMR
ComponentName : SMTP Receive
Latency : 00:00:22
MessageId : <32623cfb-LB18.BXWLWF-dom.com>
ServerFqdn : 3859R7-LB18.BXWLWF-dom.extest.microsoft.com
ComponentCode : SMR
ComponentName : SMTP Receive
Latency : 00:00:24
12
Contoso SLA dashboard– Windows Internet Explorer
  http://contoso/sla    
Contoso> SLA Welcome Paula | My links | Email this page | Customize | Help
SLA scorecard
SLA scorecard Alerts Billing
Overall SLA 99.2% From 03/05/07 to 04/04/07 Zoom- 1 day/ 1 wk/ 1m/ 3m/ 6m/ 1 yr
Alerts – 4 alerts Performance Components Response time in mins

Unified messaging 92.5%
a. Network switch failure POP / IMAP 94.5%

b. Akamai routing issues Availability and 95.5%
Performance
c. Version 4.9.3 of antispam
Message delivery 95.5%
definition file deployed latency
d. Low disk space
MAPI logon 97.0%
Transport delivery 98.5%
CAS 99.5%
OWA 99.5%
Active Sync 99.5%
Web Services 99.5%
Outlook Anywhere 100%
Install Exchange 2007 SP2 on all Exchange

Server 2007 Servers (including Edge)
Introducing Exchange Server 2010 (Beta)
Hub Servers creates Routing Version
Boundary
Exchange Server 2010 (Beta) Hub cannot
Edge-Sync to Exchange Server 2007 SP2
Edge Server(s)
13
Better Performance for EdgeSync.
Incremental updates significantly reduces the edge
sync workload
Introduced Deltasync Mode
Support Safe Senders and blocked Senders
Realtime support:
Incremental Updates significantly reduces the edge
sync workload
Junk E-mail Options Assistant propagates blocked
senders lists from mailboxes to AD
EdgeSync pushes blocked senders from AD to ADAM on
Edges
On Edges, the Sender Filtering agent blocks mail from
blocked senders
Enhanced EdgeSync Configuration and

Troubleshooting
Exposed Configuration Settings to Powershell
Added new log file to track EdgeSync activity
14
Transport Content Protection
What‟s new in Exchange Server 2010 (Beta)?
Confidential communications
Automatic content-based privacy
Transport Pipeline decryption
Information Rights Management (IRM) in
Outlook and Outlook Web Access (OWA)
Outlook Protection Rules
Business-to-business (B2B) Rights
Management Services (RMS) communication
Exchange Server 2007 introduced:

Secure intranet e-mail by default
Opportunistic Transport Layer Security (TLS)
RMS pre-Licensing
Exchange Server 2010 (Beta) goes beyond:
Automatic detection and protection of sensitive
content using RMS
Provides centralized control of e-mail
protection
Enable transport agents to be "RMS aware"
Secure business communication using RMS
15
Legal, Regulatory and Financial impacts
Cost of digital leakage per year is measured in $Billions
Increasing number and complexity of regulations
(e.g. GLBA, SOX, CA SB 1386)
Non-compliance with regulations or loss of data can lead
to significant legal fees, fines, and more
Damage to Image and Credibility

Damage to public image and credibility with customers
Financial impact on company
Leaked e-mails or memos can be embarrassing
Loss of Competitive Advantage

Disclosure of strategic plans, M&A info potentially
lead to loss of revenue, market capitalization
Loss of research, analytical data, and other
intellectual capital
Authorized
Users
Information
Leakage
Access Control
List Perimeter Unauthorized
Users
Unauthorized
Users
Firewall Perimeter
…but not ongoing usage.

16
Enforcement tools are
required—content protection
should be automated.
Automatic
Protection
Streamlined End User

B2B RMS
Experience
Enable IT
Infrastructure
17
Windows Platform Information Protection Technology
Better safeguard sensitive information
Protect against unauthorized viewing, editing, copying, printing, or
forwarding of information
Limit file access to only authorized users
Audit trail tracks usage of protected files
Persistent protection
Protects your sensitive information no matter where it goes
Uses technology to enforce organizational policies
Authors define how recipients can use their information
RMS Protection is applied both to the

message itself and to the attachments.
Saved attachments retain the relevant

protection (e.g. rights to view, print or copy
content).
18
Protect message in transit via Transport
Rules action
Protect messages by default at Outlook
Client
Private Voice message automatically
protected by Unified Messaging (UM)
Exchange Server 2010 (Beta) provides a single point

in the organization to control the protection of e-mail
messages.
Automatic Content-based Privacy:

•Transport Rule action to apply RMS template to e-mail
message
• Transport Rules support Regex scanning of attachments
in Exchange 2010 (including content)
• Internet Confidential and Do Not Forward Policies
available out of box
19
New Transport rule action to “RMS protect”
Transport Rules support regular expression
scanning of attachments in Exchange
Server 2010 (Beta)
“Internet Confidential” and “Do Not Forward”
policies are available out of the box
Office 2003, Office 2007, Office 14, and
XPS documents are supported for
attachment protection
20
Allows an Exchange administrator to define client-
side rules that will protect sensitive content in
Outlook automatically
Rules can be mandatory or optional depending on
requirements
Rules look at the following predicates:
Sender‟s department (HR, R&D, etc.)
Recipient‟s identity (specific user or distribution list)
Recipient‟s scope (all within the organization, outside,
etc.)
Rules are automatically retrieved from Exchange
using Autodiscover and Exchange Web Services
Step 1: User creates a new

message in Outlook 14.
Step 2: User adds a distribution

list to the To line.
Step 3: Outlook detects a

sensitive distribution list (DL)
and automatically protects as
MS Confidential.
Microsoft Confidential - This content is confidential and

proprietary information intended for Microsoft employees only
and provides the following user rights: View, Reply, Reply All,
Save, Edit, Print and Forward.
Permission granted by: edbanti@exchange.microsoft.com
21
IRM Protection will be applied by Outlook
Exchange does not require super-user
access to the IRM content:
Achieves protection from the service provider
But has certain limitations:
IRM protected e-mail cannot be shown in Outlook
Web Access
IRM protected e-mail cannot be indexed by the
content indexing engine on the mailbox server
Mail cannot be journaled in the clear to internal or
3rd party archives
E-discovery is unable to access or retrieve these
messages within Exchange
Unified Messaging administrators can allow

incoming voice mail messages to be marked
as “private”
Private voice mail can be protected using
“Do Not Forward”, preventing forwarding or
copying content
Private voice mail is supported in Outlook
14 and Outlook Web Access (OWA)
22
Automatic
Protection

B2B RMS
Experience
Enable IT
Infrastructure
23
Pre-licensing enables offline and mobile
access to RMS protected messages
IRM Feature Parity between Outlook and
Outlook Web Access
Conduct full-text search on RMS protected
messages in Outlook Web Access
Create/Consume RMS protected messages

natively, just like Outlook
No client download or installation required
Supports:
Firefox, Safari, Macintosh and Windows
Conversation View, Preview pane
Full-text search on RMS protected messages
24
Automatic
Protection

B2B RMS
Experience
Enable IT
Infrastructure
25
Enables Hub Transport agents to scan/modify RMS
protected messages
Required for Antivirus scanning, Transport Rules or 3rd
party agents
Decryption Agent
Decrypts message and attachments, using RMS super-user
privileges
Only decrypts once per forest, on the first Hub, to improve
performance
Option to non-deliver (NDR) messages that can‟t be
decrypted
Encryption Agent
Re-encrypts messages, message forks and NDRs with
original Publishing License
All of the RMS integration agents are

implemented as “internal agents”
• Transport Rules
• Pipeline Decryption Agent
End of Agent • Journal Report
On Decryption Agent
Data Decrypt RMS Routed • Encryption Agent
message from SMTP • PreLicense Agent
• Journal Agent
• Pipeline RMS
On Decryption Agent
Decrypt AD RMS
Submitted message from
Pipeline
26
Server Decryption agent:
• Attaches clear-text copies of RMS
protected messages and
attachments to journal mailbox
• Requires super-user privileges, off
by default
• Stamps x-Org header to prevent
future decrypt attempts
Archive/Journal
27
Automatic
Protection

B2B RMS
Experience
Enable IT
Infrastructure
Today customers can communicate using RMS

between organizations by deploying ADFS and setting
up trusts
ADFS requires a separate trust between each partner
ADFS isn‟t supported by Exchange
In Exchange Server 2010 (Beta), customers can

federate with the Microsoft Services Gateway instead of
each partner
A single federation point replaces individual trusts
Allows Exchange to act on-behalf-of users for decryption
Next slides show an example of how OWA will decrypt

messages on-behalf-of a recipient using federation
28
Microsoft Services
Gateway Organizations federate 1
nwtraders.com Fabrikam.com Exchange and RMS with
the Microsoft Services
Gateway
Create a federated trust Create a federated trust

with Microsoft Services with Microsoft Services
Gateway using wizard Gateway using wizard
Exchange 2010 Exchange 2010
AD RMS 2008
29
Microsoft Services
Gateway
Message is protected
against Northwind
Traders’s AD RMS server
User in Northwind 2
Traders sends an RMS
protected message to a
recipient in Fabrikam

2010 (Beta) 2010 (Beta)
AD RMS 2008
Microsoft Services
Gateway
Fabrikam requests a
delegation SAML token
from the Services
Gateway
User in Northwind 2
Traders sends an RMS
Fabrikam’s Exchange 3
server requests a
Exchange Server from Services Gateway for
2010 (Beta) Northwind Traders’s RMS
server
Delegation SAML token

is used to authenticate
on-behalf-of the recipient
to Northwind Traders’s
RMS server
AD RMS 2008
30
Microsoft Services 1
Organizations federate
nwtraders.com Gateway Fabrikam.com Exchange and RMS with
Gateway
Northwind Traders
validates the signature on
the delegation SAML
token and ensures that
the recipient has rights to User in Northwind 2
the message Traders sends an RMS
Northwind Traders returns
a license to Fabrikam
which can be used to
decrypt the message in
OWA and enforce rights
Fabrikam’s Exchange 3
server requests a
Exchange Server
from Services Gateway for
2010 (Beta) Northwind Traders’s RMS
server
Northwind Traders returns 4

license to Fabrikam to
decrypt mail in OWA for
recipient
AD RMS 2008
Senders can control how their data is accessed by 3rd

parties
By using federation, RMS can allow organizations and
applications to access data on-behalf-of individuals
Specifically they can specify whether recipient organizations
can archive e-mails in the clear
RMS administrator can control which 3rd parties can access
data using federated authentication (allow/block list)
Recipient organization can decrypt RMS protected
messages for Outlook Web Access, Journal Report
Decryption and Transport Pipeline decryption
31
Supported on Windows Server® 2008
Planned support for Windows Server 2008 R2
RMS integration features require:
RMS on Windows Server 2008 SP2
or Windows Server 2008 R2
B2B RMS requires:
Windows Server 2008 R2 RMS
32
Reduction in datacenter server footprint

Lowering Input / Output Per Second (IOPS) per
message
Reduction in random Input/Output
Increased service availability
Handling larger messages without resource
pressure increases capacity of servers in site
Lowering delivery latency (99% in 90 sec)
Measuring transport component latency
provides insight into how to make system run
more efficiently
33
Header Information is utilized to extract required
information.
Trusted (internal) Server IP/Ranges must be present in the
InternalSMTPServers AD attribute.
All servers: RFC 2821/2822 “Received” headers provide server
FQDNs, IP addresses and time stamps for every hop messages
take.
Exchange Server 2010 (Beta): The “X-MS-Exchange-
Organization-MessageLatency” and “X-MS-Exchange-
Organization-MessageLatencyInProgress” headers contain
FQDNs and detailed latency data for Exchange Server 2010
(Beta) servers that messages go through.
Exchange Server 2007: The “X-MS-Exchange-Organization-
OriginalArrivalTime” header indicates the time the first Exchange
Server 2007 server is encountered by a message.
Provides a service that traces the servers a message went

through from start to finish. Works across organizations.
Org 1 Org Boundary Org 2
Mailbox Hub Hub Mailbox
RPC RPC RPC RPC
Sharing
relationship
CAS CAS
Message HTTPS - EWS Call

Tracking (Windows Live ID Note: the same architecture is used cross-site
Task authentication)
within one organization. Cross-site HTTP calls
are cheaper than RPCs.
34
IRM right Description
Gives the user every right listed below, and the right to make changes to permissions
Full Control
associated with content. Expiration does not apply to users with Full Control.
Allows the user to open IRM content. This corresponds to Read Access in the Office user
View
interface.
Edit Allows the user to edit the IRM content.
Save Allows the user to save a file.
Allows the user to make a copy of any portion of a file and paste that portion of the file
Extract
into the work area of another application.
Allows the user to save content in another location or format that may or may not support
Export
IRM.
Print Allows the user to print the contents of a file.
Allow Macros Allows the user to run macros against the contents of a file.
Forward Allows e-mail recipients to forward an IRM e-mail message.
Reply Allows e-mail recipients to reply to an IRM e-mail message.
Allows e-mail recipients to reply to all users on the To: and Cc: lines of an IRM e-mail
Reply All
message.
Gives the user permission to view the rights associated with a file. Office ignores this
View Rights
right.
Step 2: User adds a distribution list to the To line.
35
Step 3: Outlook detects a sensitive distribution list (DL) and automatically protects as MS
Confidential.
Variant: Administrator can define a policy as required, disabling the Permission button.
36
37
Module Number 08
Compliance Framework
IW & IT Pro Pain Points
Archive – IW Experience
Archive – IT Pro Experience
Exchange Server 2010 (Beta) Features
Summary
1
Component Challenges
“I need an archive for eDiscovery.”
Preserve “We need to a more consistent way to apply
retention policies.”
“Regulations require we set up ethical walls.”
Protect
“We‟re worried about information leakage.”
“Our lawyers need a faster, easier way to hold and
Discover
search email.”
“Our auditors require detailed activity reports of user
Prove
and IT administrator email activity.”
Exchange Admin with

EMC/ECP
PSTs
• Unlimited storage
PSTs • Portability User Archive Business Archive Backups
• Offline Access (3rd Party) (3rd Party)
Exchange Mailbox User Archive Backups
Mailbox • Highly available Business Archive
• Makes PSTs discoverable Single Item Restore
• Reliable • Discovery across email,
• Enables legal hold on PSTs Rogue Admin
• Outlook/OWA documents, etc.
• Unlimited Mail storage Separation
Mailbox DB • Retention Mgmt
Mailbox DB • Outlook/OWA with stubs Disaster Recovery
Mailbox DBs • Auditing
• Efficient storage (de-
duping, single instancing,
CAS Server compression)
IW with Compliance Officer

Outlook/OWA with ECP
2
IT Pro Perspective End user viewpoint
Out-of-box solution limited Changes workflow
Litigation hold can‟t be enforced on Litigation hold removes PST access
Personal Information Stores (PST) – and user can‟t delete messages
unable to ensure items not deleted Litigation hold causes OST
PSTs cannot be discovered performance to suffer
Lost laptop results in exposure of Quota forces forwards to Gmail
PSTs 3rd party add-in is confusing
Backup/recovery cost prohibitive
Inconsistent experience
PST on network share not supported
Are accessible on local machine only
3rd party solution expensive Search degraded when PST is on a
Licensing cost more than Outlook network share
14/Exchange Server 2010 (Beta) Bad hard drives lead to lost PSTs
Additional hardware needs purchased PST corruptions increase when PST
Delays Office upgrades is located on network share
Deployment touches all desktops As PSTs grow, stability lessens (>5
Add-in cause performance woes gigabytes (GB))
Leads to increased Help Desk cost
Exchange Admin with

EMC/ECP
PSTs
• Unlimited storage
• Portability
• Offline Access
PSTs Archive
Mailbox
Primary User Archive Business Archive Backups
Mailbox (3rd Party) (3rd Party)
User Archive Business Archive

Recoverable Items Recoverable Items
• Discovery across email, Backups
• Enables PST data to be •Single item restore
discovered documents, etc.
Exchange Server
• Retention mgmt •Rogue admin separation
(Beta) Archive • Enables PST data to be •Disaster recovery
2010 (Beta) under legal hold • Auditing
•Larger cheaper mailbox
Mailbox • Unlimited mail storage • Efficient storage (de-
•Single item restore
• Highly available • Outlook/OWA experience duping, single instancing,
•Highly Available
• Reliable with stubs compression)
•Discoverable
• Outlook/OWA
•Retention Mgmt
•Outlook/OWA
IW with Compliance Officer

Outlook/OWA with ECP
6
3
User
IT Pro manages Archive
Account mailboxes same as existing
Archive is an additional Exchange mailboxes
mailbox associated with an AD
existing user account
Primary Mailbox Archive Mailbox

Outlook/OWA 1-2 yrs of email 1- 10 yrs of email Exchange Admin/
Size < 10 GB Size < 10 - 30 GB Compliance Officer
Offline and Online Online Only
Recoverable Items Recoverable Items

(14 Days) (14 Days)
Archive mailbox is Archive availability

end user accessible and reliability is the
from Outlook and same as existing
Exchange Server 2010 (Beta) Exchange
OWA
DB + Copies mailboxes
DAS Storage
4
A secondary mailbox that is
configured by the
administrator
Appears alongside a user‟s
primary mailbox in Outlook or
Outlook Web Access
PSTs can dragged and
dropped to the Online archive
Primary mailbox data can be
moved automatically using
messaging records
management (MRM)
Retention Policies
5
Move menu has latest Copy/move brings up
used folders, including folder picker which
archive folders includes the archive
Drag and drop also

supported between
folders in both cases
11
Archive Node shows

Archive Node shows up
up as another root
as another root node
node.
Items in Archive
displayed exactly like
any
any other
other folder.
folder
6
Search in a folder in
Search in a folder in
the archive works the
the archive works the
same as any other
same as any other
folder.
folder.
Choosing to search in All Mail Items

will include the Archive, even if you are
viewing your primary mailbox
To search the whole archive, you need

to select Archive from the Dropdown.
Pre-Conditions:
• Default Move Policy = 2 Year
User selects 5 Years

from set of Policies
7
Pre-Conditions:

Pre-Conditions:
• Default Move Policy =
2 Year
• Project X Folder
Move Policy = 1 Year
• Item 1 with Move
Policy = 5 Years
8
Pre-Conditions:
• Default Move Policy = 2 Years
• Default Delete Policy = 7 Years

9
Pre-Conditions:
• Default Delete Policy = 7 Years
• Delete Policy On This Message = 10 years

Pre-Conditions:
• Default Move Policy = 2 Years • Selected Item Move Policy = 5 Years
• Default Delete Policy = 7 Years • Selected Item Delete Policy = 10 Years
• Project X Folder Move Policy = 1 Year • Project X Folder Delete Policy = 6 years
10
Requirements
P1 - enable IT Pro to add and remove the archive
P1 - enable IT Pro to view and manage the archive
P1 - enable IT Pro to migrate the archive
Assumptions
Archive and Primary Mailbox are on same database
(DB), same site, same forest
Users will only have one Archive in Exchange Server
2010 (Beta)
Archives cannot be accessed by delegate users
11
Add the archive to a user
New: Create an archive mailbox for a user
Enable: Enable an archive mailbox for a user
Connect: Connect an existing archive to a user
Remove the archive from a user
Disable: Disconnect the archive for a user
Remove: Remove the archive mailbox from a user
View the Archive
Get: View archive properties (e.g. quota) for a user
Get: View archive statistics (for e.g. size) for a user
Get: Enumerate all archives in a DB or an org
Manage the archive
Set: Set archive properties (e.g. quota) for a user
Import: Import data into an archive
Export: Export data from an archive
Migrate the archive and the primary mailbox
Move: Migrate the archive and primary mailbox
Create user,
mailbox and
archive
Scenario Create new Exchange Server 2010 (Beta) users and add
primary mailbox and archive
Input New-Mailbox -Name „Hal' ……… –archive
Output Command Prompt.

12
Enable archive
Scenario Enable Archive for existing Exchange Server 2010 (Beta)

users with primary mailbox but no archive
Input Enable-mailbox –identity:hal -archive
Output Command Prompt.
Scenario Enable Mailbox and Archive for Exchange Server 2010 (Beta)
users with no primary mailbox or archive
Input Get-user hal | enable-mailbox -archive
Output Command prompt
13
Connect the archive
Scenario Reconnect the archive to a user

Input connect-mailbox -id “legacydn of hal‟s archive" -User “jack“ –archive
Output Command Prompt
Remove user,
primary and archive
Scenario Remove the archive, the user account and primary mailbox
Input Remove-mailbox hal
Output Removing the mailbox will remove the Windows user object and mark the
mailbox and archive for removal. Are you sure you want to remove Hal?
14
Remove the
archive only
Scenario Remove the archive only (keep user account and primary
mailbox)
Input Remove-mailbox hal –archive
Output Removing the Archive will mark the archive for removal. Are you sure
you want to remove the Archive for Hal?
Disconnect the
primary and archive
Scenario Disconnect the primary mailbox and the archive from a user
Input Disable-mailbox hal
15
Disconnect the
archive
Scenario Disconnect the archive from the user

Input Disable-mailbox hal –archive
View Archive
(special icon)
Scenario Get users with mailbox and archive

Input Get-Mailbox –filter „(ArchiveGUID –ne $null)‟
Output Mailbox objects
Default Name RecipientType ArchiveName
Output -------- -------------------- -------------------
Hal UserMailbox Archive
16
Filter the
Recipients
Scenario Get Recipients with archive

Input Get-recipient –filter „(ArchiveGUID –ne $null)‟
Output Mailbox objects
Scenario Get statistics for all the archives on a DB

Input Get-mailbox –database DB1 | get-mailboxStatistics -archive
Output Mailbox statistics for archive on a DB
Default DisplayName ItemCount StorageLimitStatus
Output LastLogonTime
------------------ --------------- ------------------------- ------------------
---
Hal (Archive) 2 BelowLimit 12/17/2008
2:03 PM
John (Archive) 3 BelowLimit 12/17/2008
2:03 PM
17
Archive quota is set
with other mailbox
quota properties
Scenario Configure quota on archive

Input Set-Mailbox hal –archiveQuota:50000000
Scenario Bulk Operation: Set quota on all the archives on a DB

Input Get-mailbox –database db1 | set-mailbox –ArchiveQuota 30000000
Export the Archive
Scenario Export archive data to PST or mailbox

Input export-mailbox –id:„hal„ -TargetMailbox „johndoe' -TargetFolder 'foo„ -
archive
18
Import PST into
the Archive
Scenario Import a PST into the Archive

Input import-mailbox –id:„hal„ –PSTFolderPath C:\PSTFiles\hal_arch.pst –
archive
Scenario Move user, primary and archive from Exchange Server

2010 (Beta) DB1 to Exchange Server 2010 (Beta) DB2
Input New-MoveRequest Hal –Targetdatabase DB2
Scenario Move primary and archive for a group of users to
Exchange Server 2010 (Beta) DB2
Input Get-Mailbox -Filter { Department –eq Sales } | New-MoveRequest –
Targetdatabase DB2
Scenario Move primary and archive from DB1 to DB2
(Decommission DB)
Input Get-Mailbox –Database db1 | New-MoveRequest –targetdatabase
DB2
Output Command prompt
19
Preserve
Feature Benefits
Role Based Access Delegate Legal Hold function to non-IT users
through user-friendly ECP GUI
Copy edited and deleted Builds on Exchange Server 2007 hold for
items auto-deleted items
Auto alert notification Eliminates manual alerts to users on hold
Search dumpster Use multi-mailbox search to retrieve
deleted/edited items
Discover
Delegate access to
search graphic user
interface (GUI) to Copy email from
attorney, compliance query and place
officer or HR in PST, mailbox
Search across
primary mailbox,
archives, IRM-
protected and
deleted items
Specific search by
keywords, dates,
content types,
specific mailboxes… and a variety of mailbox items
20
• Centralize PST files in a Online Archive
•
Preserve •
•
Apply granular retention policies per item or folder
Capture edited and deleted items with litigation hold
Decrypt IRM-protected e-mail for journaling
• Automatically apply IRM-protection based on policies

•
Protect •
•
Allow partners/customers to read IRM-protected messages
Enable managers to monitor email traffic more effectively
Apply dynamic signatures to email based on user attributes
• Perform multi-mailbox search using simple GUI

Discover • Delegate search access to litigators/compliance managers
• Export search query items to PST for further analysis
Prove • Generate reports detailing mailbox activity and system

configurations
21
22
Module Number 9
Background
Architecture
Customer research and feedback
How Exchange Unified Messaging (UM) is
used at Microsoft
Exchange Server 2010 (Beta) UM
Migration
Administration
Features
Demos
Questions
1
UM protocols
SIP/RTP to
gateway/PBX
LDAP to the directory
MAPI/(RPC) to
mailboxes
Can place UM servers
distant from PBXs
Support scale out and
server consolidation
UM mainly used for call answering

About 2 in 3 of these are “missed calls”
Date UM Total Calls UM Call UM Call % Calls Avg Voice UM Fax Subscriber Avg
Answer Calls Answer Leaving Message Size Messages Logons Subscriber Call
Voice Voice (sec) Duration (sec)
Messages Message
1/31/2009 9,922 7,638 2,233 29% 18 18 120 74
1/30/2009 52,559 40,459 14,701 36% 18 49 601 72
1/29/2009 55,301 42,570 15,500 36% 18 76 635 74
1/28/2009 58,223 43,465 15,437 36% 19 52 588 52
1/27/2009 52,559 41,079 15,778 38% 19 33 661 45
1/26/2009 41,044 33,016 12,651 38% 20 25 533 33
1/25/2009 3,309 2,175 579 27% 19 4 58 28
Total 272,917 210,402 76,879 257 3,196
Number of UM-enabled users 67733

Calls diverted to UM, per user 3.1
Call answered voice messages per user 1.1
2
Exchange UM is used most for creating call-answered
voice messages
Outlook Voice Access is very valuable to mobile workers,
but they are often in the minority
Requests for:
Built-in Message Waiting Indicator (MWI) support
Speech recognition (not just in English)
Outbound fax support
Support split messaging/telephony administration model
Better audio support for non-Windows clients
Private voice mail option
Better caller ID resolution
UM 2010 requires mailbox, transport 2010

Unified Messaging version
2007 SP2 2010 (Beta)

Call answer: 302 (redirect on INVITE) to
UM 2007 server in the Dial Plan
Mailbox 2007 UM “just works” for the enabled users.

Subscriber access: REFER (with context)
version SP2 to UM 2007 server in the Dial Plan
2010 Not supported. Require at least one UM “just works” for the enabled users.
UM 2010 server in the Dial Plan.
Configure Internet Protocol (IP) gateways to send calls

to UM 2010
Office Communications Server (OCS) requires new UM
Dial Plan (new pilot #)
UM-disable, enable (PIN reset) in new DP
3
UM now uses Exchange Role Based
Access Control (RBAC)
Three UM administrative roles, as shipped
UM management
Administer any and all UM functionality
UM mailbox
Provision UM mailbox, PIN reset, clear lockout
UM prompt
Update Dial Plan and/or Auto Attendant prompts
Custom roles may be created
Exchange Server 2007 UM supported inbound fax

Delivered to users’ mailboxes
No specialized routing software
No outbound fax
UM customers mostly used other fax products
Exchange Server 2010 (Beta) UM will not create fax
messages
Working with key partners to provide migration and
interoperability story for UM fax
UM can hand fax calls off to partner solution
UM configuration slightly extended (for partner Uniform
Resource Identifier (URI))
4
The goal is for each UM language pack to contain:
Prerecorded prompts
Text-to-speech (now using Microsoft engine)
Speech recognition (command/control, names)
Beta RTM RTM+120 Days
US English Chinese (PRC) Catalan
German Chinese (Taiwan ROC) Chinese (Hong Kong SAR)
Canadian French Dutch Danish
Mexican Spanish English (Australia) English (Canada)
Japanese English (UK) English (India)
French Finnish
Italian Norwegian (Bo)
Korean Polish
Brazilian Portuguese Portuguese
Spanish Russian
Swedish
MP3 (codec and file format) is now the default for

recording voice messages
Socializes more easily with non-Windows and
non-Windows Mobile mail clients
G.711
MP3
WMA 2
GSM
WMA 9
5
Failure to resolve caller ID to a name is a
major source of complaint by end users
Numbering plan split across UM Dial Plans
Added EquivalentDialPlanPhoneContexts on
DP
FQDNs of other DPs in same numbering plan
Many non UM-enabled users have more than
one phone number
msRTCSIP-Line is not multi-valued
Added UMCallingLineIds to User object
Extension of CLID to E.164 was inflexible

InternationalNumberFormat single-valued
Added NumberingPlanFormats on DP
One or more patterns to extend N-digit to E.164
Lookup did not use unindexed AD attributes
telephoneNumber, homePhone, mobile
UM can now generate suffix search fields
AllowHeuristicADCallingLineIDResolution on
DP
Bottom line: caller ID lookup is now better!
6
Call answer is UM’s most frequent scenario
Play greeting, take message
Users wanted more control
e.g. special greetings by contact, time of day
Call answering rules
Condition: if it evaluates to true, then run…
Greeting and menu: collect caller's choice of…
Action: transfer, "Find me" or leave message
7
Exchange Server 2007 UM did not support MWI
Third-party solutions required
Exchange Server 2010 (Beta) UM supports MWI natively
Configure through UM Mailbox Policy
ON by default
No new roles
Highly scalable
MWI via Short Message Server (SMS)
Requires mail gateway
SIP
NOTIFY
Phone Gateway UM
& PBX servers Mailbox
servers
8
Speech recognition applied to voice mail
Text on delivery
Feature mark-up
Text Preview Audio Playback
of Voice Mail
Searchable
<100% accurate
Contextual Actions
In SMS MWI
Available in U.S. English, German for Beta

Accuracy is still improving
Average ~75% for en-US, less for other languages
"Your mileage may vary"
Release to manufacturing (RTM) languages to
be determined (usability tests in progress)
Controlled by UM mailbox policy
Uses Dial Plan default language
We need your feedback
9
CPU-intensive: affects UM scalability
Throttled: UM will skip transcription if too busy
Estimate ~1 VM/min/core as throughput
Try to use all cores
Below normal priority
Transcription followed
by:
Transcoding of audio
Creation of message
Submission to Hub
Exchange Server 2007 UM doesn’t have private

voice mail
Deployment blocker for some customers
Some voice messages are sensitive
Caller may have marked the message private
Some users receive nothing but sensitive voice mails
Treat voice mail as special case
of e-mail
E-mail can already be protected
Information Rights Management
UM will use the same approach
10
Controlled by UM mailbox policy
Requires AD Rights Management Services
Private: protect if sender marks message private
All: protect all messages (don't ask sender)
Always uses Do Not Forward permissions
RequireProtectedPlayOnPhone property
Blocks use of multimedia: no voice data on client
Requires rights management-aware client

interface that also supports Exchange UM
Outlook Voice Access (Exchange UM
telephone user interface (TUI)/voice user
interface (VUI))
Outlook Web Access (Exchange Server 2010
(Beta))
Outlook "14"
11
Deep investments in UM features that will
add real benefit to common scenarios
Voice mail preview
Call answering rules
Built-in MWI
Protected voice mail
A natural replacement for legacy voice mail
12
13
Exchange Server 2010 Ignite
Module Number 10
Exchange storage background

Disk storage technology 2010+
architecture
Store innovations
Extensible Storage Engine (ESE)
database innovations
design
Summary
1
Significant innovation in Exchange Server 2007
Reduce storage input/output (I/O) (70%)
Use large amounts of memory (64 bit)
Increased page size (4 kilobyte (KB) -> 8 KB)
Lower storage costs
Support large mailboxes (> 1 gigabyte (GB))
Provide fast search (CI)
Continuous replication (log shipping)
High Availability (HA) + fast recovery
Eliminate single points of failure
SATA (3.5") 2006 2010 2013
Drive Capacity (GB) 750 2,000 8,000

RPM 7.2K 7.2K 10k
Transfer Rate (Mb/sec) 930 2,000 5,000
Read Seek Time (ms) 8 7.2 6.5

FC/SAS (3.5”) 2006 2010 2013
Drive Capacity (GB) 300 600 2,400

RPM 15K 15K 15K
Transfer Rate (Mb/sec) 975 2,000 4,000
Read Seek Time (ms) 3.7 3.3 2.8
Disk capacity trend predicted to continue

Sequential throughput increasing linearly based on areal
density (2010 SATA = 250 megabytes (MB)/sec)
Random I/O performance not expected to improve
substantially
2
Random IO
Disk head has to move to process Disk Head
subsequent IO
Head movement = High IO latency
Seek Latency limits
IO (IOPS)
Sequential IO
Disk head does not move to
process subsequent IO
Stationary head = low IO latency
Disk RPM speed limits I/O per
second (IOPS)
7.2K SATA Disk (20ms Latency)
Random = 50 IOPS
Sequential = +300 IOPS
Flash best utilized by Exchange Server

2010 (Beta) when used as a cache within PCM
NAND storage stack
HBA / NAND
RAID
Exchange Server
2010 (Beta)
Mailbox Server
Enterprise SAN
SATA
Array
Hybrid
SSD
HDD
3
IO Reduction SATA/Tier 2
Sequential IO Disk
Optimization
Large, Fast,
Low-cost
Mailboxes
Storage RAID-less
Design Storage
Flexibility (JBOD)
Store schema = the way the store organizes data in the Extensible
Storage Engine (ESE) Database
Exchange Server 2010 (Beta): One simple theme
Move away from doing many, random, small size, disk IOs to doing fewer,
sequential, large size, disk IO's
Significant Benefits
Fast/efficient…
Outlook Web Access (OWA)/Outlook Online Mode
End user viewing for “cold” states/first time view creation
Calendar operations
Search performance
Outlook cached mode/Exchange Active Sync
OST sync = sequential IO
Exchange ActiveSync Server (EAS) sync = sequential IO
Server management
Move mailbox
Content Index Crawls
4
Per Database Per Folder
Message Table Attachments Message/Folder

Mailbox Table Folders Table (Msg) Table Table (MFT)
Exchange Jeff’s Mbx Jeff:Inbox Joe:Msg10 Jeff:Excel.xls Joe:Inbox:H1

Server
2007 Ann’s Mbx Ann:Drafts Jeff:Msg32 Ann:Pic.bmp Joe:Inbox:H2
Joe’s Mbx Joe:Unread Ann:Msg180 Joe:Help.doc Joe:Inbox:H3

Secondary Indexes used for Views
Per Database Per Mailbox Per View
Message View Tables (e.g.

Mailbox Table Folders Table Body Table
Header Table From)
Exchange
Server Jeff’s Mbx Joe:Inbox Joe:H10 Joe:Msg10 Joe:H920
2010
(Beta) Ann’s Mbx Joe:Drafts Joe:H302 Joe:Help.doc Joe:H302
Joe’s Mbx Joe:Unread Joe:H920 Joe:Msg302 Joe:H10

New store schema = no more single instance storage within a database
Mailbox
Inbox Calendar Drafts For Follow-up DL Mail
Exchange
Server
2007
M1 M3 M5 M4 M2
Many, small size, IOs

Random
Mailbox
DL Mail M1
Exchange Calendar M2
Server
2010 (Beta) Drafts M3 Sequential
For Follow-up M4
Inbox M5 Fewer, large size, IOs
5
Exchange B+ Tree
Server 1078 92 4577 6 872 7210 3278 21 9346
2007
Many, small size, IOs (1 per 8K page)
B+ Tree
Exchange
Server 1078 1079 1080 1081 1082 1083 3456 3457 3458
2010 (Beta)
Fewer, larger size, sequential IOs
Exchange All Unread or Flagged items (view)

2007 M1 M2 M1 M3 M2
Nickel &
Dime
Approach Many, random, IOs (1 per update)
DB I/O M1 arrives M2 arrives M1 flagged M3 arrives M2 deleted Time

User uses OWA/Outlook Online and
switches to this view
Exchange
All Unread or Flagged items (view)
2010
Pay to Play
M1 M2 M1 M3 M2
Approach
Fewer, sequential, IOs (1 per view)
6
How do you move from random IO to sequential IO?
Element Exchange Server 2007 Exchange Server 2010 (Beta)
Excellent physical contiguity of
Poor physical contiguity of leaf
Physical leaf pages—so fewer, large
pages—hence many, small
Contiguity (ESE) size IOs, spanning N pages (N
size, IOs (1 for each page)
≈100)
Headers for each folder kept in Headers for an entire mailbox

Logical separate table—so many, kept in a single table—hence
Contiguity (Store) small size, IOs spread over fewer, large sized, IOs on a
many tables single table
All views and indexes updated Views and indexes updated

Temporal each time a mail is delivered— only when they are accessed
Contiguity (View) so many, small size, IOs by user—so fewer, large sized,
spread over time IOs done together
Optimize for new store schema

Allocate database space in contiguous manner (table space
hints)
Maintain database contiguity over time (online defrag re-
factored)
Utilize space efficiently (database compression)
Increase database (DB) IO Size
DB page size increased from 8 kilobyte (KB) to 32 KB
Improved read/write IO coalescing (Gap coalescing)
Provide improved async read capability (pre-read)
Increase cache effectiveness (milestone=R4)
100 megabyte (MB) checkpoint depth (HA configurations
only)
Cache compression (dehydration)
DB cache priority (fast evict)
7
Database table space allocation hints
Allocate DB space based on either data compactness or data
contiguity (based on usage pattern)
Page X Page Y Page Z

Space Msg Msg Event
DB Cache
Contiguity Header Header History
Space Disk
Compactness
Page 1 Page 2 Page 3 Page 4 Page 5
Used Event Used Msg Msg
Page History Page Header Header
Contiguity
Random/Compact Sequential/Bloat
15
New Database Maintenance Architecture:

ESE Function Exchange Server 2007 Service Pack 1 Exchange Server 2010 (Beta)
(SP1)
Cleanup Cleanup performed during Online Defrag Cleanup performed at run time (when hard
(deleted items/mailboxes) (OLD) which occurs during Online delete occurs)—happens during Store dumpster
Maintenance (OLM) time window cleanup (OLM), pages are zeroed by default
Space Compaction Database is compacted and space Database is compacted and space reclaimed at
(deleted items/mailboxes) reclaimed during Online Defrag (OLD) run-time—auto-throttled
Maintain Contiguity N/A: Contiguity is compromised by space Database is analyzed for contiguity and space
(defragmentation) compaction at run time and is defragmented in the
background (B+Tree Defrag/OLD2)—auto-
throttled
Database Checksum When configured, ½ of OLD maintenance Two options (both Active and Passive copies):
window reserved for sequential scan 1. Run DB Checksum in the background
(Checksum), manual throttle—active DB 24x7 (default). Sequential IO
copy only 2. Run DB Checksum during OLM window.
Sequential IO
Database B+Tree Defragmentation (aka OLD2):

Background/throttled process that maintains space and contiguity of database tables
8
Exchange Server 2007 Message Header Table (aka MFT)
DB Page
Numbers
FRAGMENTED
Random deletes at the tail
Exchange Server 2010 (Beta) Message Header Table (aka MsgHeader)
CONTIGUOUS
*Production/Dogfood database analysis
Blue = contiguous (good)
17
Red = fragmented (bad)
Problem: Store Schema change, space hints, B+Tree Defrag and 32 KB

page size combine to increase DB file size by 20%
Solution: Growth is 100% mitigated by Database Compression
Targeted compression for message headers and text/html bodies
(7bit/Express)
DB File Size Comparison DB Space Analysis
1.50 Counts E2K7 SP1 E2010

1.20 Mailbox Count 750 750
Tables 14754 92435
1.00 1.00
1.00 0.88 Internal Trees 60852 37652
Msg
LV Trees 3 5
Views
Secondary Indexes 85784 4557
0.50 Pages 28486144 5814032

Used Pages (%) 85.7% 86.7% 32KB
Pages
Available Pages (%) 14.3% 13.3%
Msg Table (% space) 84.9% 80.0%
0.00
E2K7/RTF E14/RTF E14/Mix E14/HTML
1 Database, 750 x 250MB mailboxes

18 Microsoft Confidential RTF = RTF Compressed, Mix = 77% HTML, 15% RTF, 8% Text
Avg. Message size = ~50KB
9
Exchange Server Page 1 Page 3 Page 5
DB
2007 DB Read 20 Cache
Msg
Header
Msg
Body
Msg
Body
KB Message
3 Read IO’s Disk

8 KB Page 1 Page 2 Page 3 Page 4 Page 5
Pages Msg Msg Msg
X X
Header Body Body
Exchange Server
2010 (Beta) DB Page 1 (32KB)
DB
Read 20 KB Cache Msg Header, Msg Body
Message
1 Read IO Disk
Page 1 (32KB) Page 2 (32KB)
32 KB
Pages Msg Header, Msg Body X
Page 1 Page 3 Page 5

Exchange DB Msg Msg Msg
Server 2007 DB Cache Header Body Body
Read Behavior
3 Read IO’s Disk

Msg X Msg X Msg

Header Body Body
Exchange Server Page 2 Page 3 Page 4 Page 5

Page 1
2010 (Beta) DB DB Msg Temp Msg Temp Msg
Read Behavior Cache Header Buffer Body Buffer Body
1 Read IO Disk
Msg X Msg X Msg

Header Body Body
10
DB Cache
Exchange
Server 2007 DB
Write Behavior Dirty Clean Dirty Clean Dirty
Writes spaced out over time 3 Write IO’s

Disk
Exchange DB Cache
Server 2010 Page 1 Page 2 Page 3 Page 4 Page 5
(Beta) DB Write Dirty Clean Dirty Clean Dirty
Behavior
1 Write IO
Disk
IO Latency increases with IO size

Random DB IO Latency Based on Size
25
Write
20
IO Latency (ms)
Exchange Server
2010 (Beta) Max 15
Read
IO Size =
256KB for Read 10
384KB for Write
5
0
0 128 256 384 512 640 768 896 1024
IO Size (KB)
SqlIO Test, 1x 750GB 7.2k SATA, no caching array controller
11
Checkpoint depth = the amount of data that has yet to be committed to the
database file (edb)
Exchange Server 2010 (Beta) default checkpoint depth max is increasing from 20
MB to 100 MB only on databases within an HA solution (standalone still 20 MB)
Deep checkpoint benefit = efficient DB writes (40% reduction)
100MB Checkpoint Depth = 40% DB write IO reduction
120
100
Database
80 Pages
Repeatedly
60 Written/sec
40
DB Writes/sec Loadgen Test: 3000 Mailbox, 12 DB,
(avg) Outlook 2007 Online Very Heavy
20 Profile
0
20 40 60 80 100
Checkpoint Depth (MB)
Deep checkpoint risks = long store shutdown times, long crash recovery times
Risk mitigation: shutdown databases in parallel, failover on store crash
DB IOPS
+70%
Reduction!
500
450
400
350
300 DB Read IO/Sec
250 DB Write IO/Sec
200 DB IO/Sec
150
100
50
0
Exchange Server 2007 Exchange Server 2010 (Beta)
3000 Mailboxes, 3MB DB Cache/user, Loadgen Outlook 2007 Online Very Heavy Profile, 250MB Mailbox Size (build 405)
12
DB IOPS/Mailbox
+90%
1
Reduction!
1
0.8
Exchange Server
0.6 2003
0.33
0.4 Exchange Server
0.11 2007
0.2 Exchange Server
0 2010 (Beta)
Exchange Exchange Exchange
2003 2007 2010
(Beta)
Problem: DB write bursts negatively affect DB read and Log

write latency
The more write IOs issued at a time, the more disk contention
IO Latency Based on Max DB Write IO’s (ms)

120 E2K7=96
114 Maximum write
100 Queue depth
DB Read IO 91
85 (global)
80 80
Latency 69
60 63
(ms)
40 Log Write40 42
31 35 IO
20 18 20
0
2 4 8 16 32 64
Maximum DB Write IO's Issued
Single 7.2k SATA disk, logs/db on same spindle, Loadgen load generating 250 RPC Operations/second, ~50 IOPS
13
Throttle DB writes based on checkpoint target (QoS)
When checkpoint depth equals 1x ->1.24x of checkpoint target, Limit Max
Outstanding DB writes/LUN to 1
When checkpoint depth meets or exceeds 1.25x of checkpoint target, ratchet up
max outstanding DB writes/LUN
The further behind on checkpoint, the more aggressively we raise the max
outstanding DB writes/LUN (maximum = 512/LUN)
20 MB Max Checkpoint Example
Max Outstanding DB Writes vs. Checkpoint Depth
40
Max Outstanding DB Writes
35 Works for
30 both JBOD
25
SATA and
20
RAID10 SAN!
15
10
5
0
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44
Log Checkpoint Depth (MB)
Exchange Server 2010 (Beta) Smooth DB IO Benefit

49
50 50% Reduction!
45
40
34
35 DB Read Latency (ms)
30
25 Log Write Latency (ms)
20
RPC Average Latency
15 10.1
10 5.1
3.7
5 0.7
0
(Beta) Baseline (Beta) Smooth DB IO 3000 Mailboxes, 3MB DB Cache/user, 12 x 7.2k
SATA disks (DB/Logs on same spindles), Loadgen
Outlook 2007 Online Very Heavy Profile
14
Mailboxes/Disk (7.2K SATA)
+4X Mailboxes/Disk!
+500
125

(Beta)
250 MB Mailbox Size, 3MB DB Cache/user, 12 x 7.2k
SATA disks (DB/Logs on same spindles), Loadgen
Outlook 2007 Online Very Heavy Profile, measured at
29 Microsoft Confidential <20ms RPC Average latency
JBOD : 1 disk = 1 database (with logs)

Requires Exchange Server 2010 (Beta) High Availability (3+ DB
Copies)
Annual Disk Failure Rate (AFR) = 5%
JBOD Advantages JBOD Challenges
Reducing Storage Exchange HA/storage must
Costs/Complexity replace RAID functionality
Eliminates unnecessary DB copies: server Disk striping performance (e.g. RAID10)
and storage redundancy can be symmetrical cannot be leveraged
Disk failure = database failover (~30
Reduces disk IO: eliminates RAID write second outage)
penalty Re-enabling resiliency = spare disk
assignment/partitioning/format/DB re-
Enables simple storage design: 1 disk = 1
seed (scriptable)
database (with logs)
Soft disk errors (bad blocks) must be
Enables simple storage failure recovery
detected and repaired
15
Improve HA storage failure HA now detects storage failures
detection and failover and automatically fails over (~30
seconds)
Optimize HA ESE tuned to leverage DB cache

failovers/switchovers between passive->active
transitions (cache warming)
Active/passive copy background

Improve storage failure scan (checksum)
detection (bad
blocks/corruption) Active/passive copy lost write
detection
Utilize DB passive copy for

Improve database seeding source (R4 feature)
seeding/repair
Avoid re-seed by using single
page restore (active and passive)
(R4 feature)
What is a lost flush?

A DB write IO that the disk subsystem/OS returned as completed did not
actually get written to media or was written in the wrong location (aka lost
write).
Why are they so bad?

Your database may be logically corrupt and you do not know it!
How can they be detected in Exchange Server 2010 (Beta)?

Two methods:
1. In memory flush map (active and passive): memory overhead of 2
bits/page—event ID 530 is fired when detected (-1119) and page
can be patched.
Perfmon Counter: MSExchange Database - > Database Pages Lost Flush
Detection %: The percentage of database pages which have valid lost
flush detection information recorded.
2. Database recovery: event is fired (ID 516: timestamp mismatch, (-
567)) and database must be re-seeded.
16
1. Page corruption
detected on Active Database Availability Group (DAG)
Copy (e.g. -1018)

2. Active DB places
marker in log Server Node 1 Server Node 2 Server Node 3
stream to notify
passive copies to
ship up to date page
DB1-Active DB1-CopyA DB1-CopyB
3. Passive receives log
and replays up to
marker, retrieves good Log Log Log
page, invokes Replay
Service callback and
ships page Page1 Page1 Page1
4. Active receives good Page2 Page2 Page2

page, writes page to
log, DB page is Page3 Page3 Page3
patched
Database Database Database
5. Subsequent page
repair from additional
copies ignored
Database Availability Group (DAG)

1. Page corruption
detected on DB
Passive Copy (e.g. -
1018) Mailbox Mailbox Mailbox
Server Node 1 Server Node 2 Server Node 3
2. Passive copy
pauses log replay
(log copying
continues)
DB1-Active DB1-CopyA DB1-CopyB
3. Passive retrieves the
corrupted page # from Log Log Log
the active using DB
seeding infrastructure
Page1 Page1 Page1
4. Passive copy waits till
log file which meets Page2 Page2 Page2
max required
generation
requirement is
Page3 Page33 Page3
copied/inspected, then Database Database Database
patches page
5. Passive resumes log

replay
17
SAN DAS (SAS) DAS (SATA) JBOD (SATA)
HA = Shared Storage
Clustering HA = CCR
+1.0 IOPS/Mailbox HA = DAG (2 DB copies) HA = DAG (3+ DB copies)
.33 IOPS/Mailbox
3.5” 15K 146GB FC Disks 2.5” 146GB 10K SAS Disks
.11 IOPS/Mailbox .11 IOPS/Mailbox
RAID10 for DB & Logs 3.5” 2TB 7.2K SATA/SAS Disks 3.5” 2TB 7.2K SATA/SAS
RAID5 for DB
Dedicated Spindles RAID10 for DB & Logs Disks
RAID10 for Logs
Multi-path (HBA’s, FC SAS Array Controller (/w BBU) 1 DB = 1 Disk
SAS Array Controller (/w
Switches, SAN array Backup = Optional/VSS SAS Array Controller (/w
BBU)
controllers) Fast Recovery = Database BBU)
Backup = VSS Snapshot
Backup = Streaming off active Failover Backup = Optional/VSS
Fast Recovery = CCR
Fast Recovery = Hardware Fast Recovery = Database
VSS (Snapshots/Clones) Failover
35 More options to reduce storage cost
Exchange Online archive provides mailbox storage flexibility

One mailbox per user or two
Exchange Server 2010 (Beta) optimized for DAS storage but SAN
storage is supported
IOPS reductions/SATA optimizations enable lower performing storage
Exchange Server 2010 (Beta) HA architected for DAS (simpler)
JBOD* and RAID storage support
Exchange Server 2010 (Beta)optimized for Tier 2 (SATA) disks but
Enterprise disks are supported
SSD/Flash storage supported but not recommended for mainstream
due to high $/GB
Max 100 databases/server, storage groups are gone
Max recommended DB Size = 2 TB*
Max recommended folder Item Count = 100 K**
*3 copy High Availability only
** Assuming no 3rd party applications (OWA/Outlook Online)
18
Storage Guidance Stand Alone Exchange Server Exchange Server
(Beta) 2010 HA (2 2010 (Beta) HA
copies) (3+ copies)
Storage Type DAS, SAN (Fibre Channel, iSCSI)
Disk Type SAS, Fibre Channel, SATA , SSD
RAID RAID recommended RAID optional
RAID Type RAID-1/0, RAID-5, RAID-6 JBOD
DB/Log Isolation Best Practice Not required
Windows Disk Type Basic (recommended), Dynamic
Partition Type GPT (recommended), MBR
Partition Alignment Windows 2008 Default (1MB)
File System NTFS
NTFS Allocation Unit 64 KB for both database and log volumes
Size
Encryption Support Outlook Protection Rules, Bitlocker
Exchange Server 2010 (Beta) store has…

Reduced DB IOPS by +70%...again!
Optimized for large mailboxes (+10 GB) and
100K item counts
Optimized for large/slow/low-cost disks
(SATA/Tier2)
Made JBOD/RAID-less storage a viable option
Enables unmatched storage flexibility to push
storage Capex costs down
19
20
New Exchange Server 2010 (Beta) behavior…
1. Delivery 2. Random Delete 3. Defragmentation
Mailbox Messages Mailbox Messages
M1 M1 M1
M2 M2 M3
M3 M3 M5 Contiguous
M4 M4 M7
M5 M5 M10
Contiguous Fragmented
M6 M6 M11
M7 M7 M12
M8 M8 M13
M9 M9 M14
M10 M10 M15
Simplified mailbox High Availability and disaster recovery with

new unified platform
San Jose New York

DB1 DB1 DB1 Replicate databases
Recover quickly DB2 DB2 DB2 to remote datacenter
from disk and DB3 DB3 DB3
database failures DB4 DB4 DB4
DB5 DB5 DB5
Evolution of continuous replication technology (database mobility)

Easier than traditional clustering to deploy and manage
Allows each database to have 16 replicated copies
Provides full redundancy of Exchange roles on as few as two servers
21
AD site: Dallas
AD site: San Jose Client DB1 Mailbox

DB3 Server 6
CAS/HUB DB5
Database
Availability
Group
(DAG)
Mailbox Mailbox Mailbox Mailbox Mailbox
Server 1 Server 2 Server 3 Server 4 Server 5
DB1 DB4 DB2 DB5 DB3

DB2 DB5 DB3 DB1 DB4
DB3 DB1 DB4 DB2 DB5
Exchange 2010 Storage Guidance Stand Alone Database Availability Group: 2 nodes, 2 Database copies Database Availability Group: 3+ nodes, 3+ Database copies
Storage Type
Direct Attached Storage (DAS) Supported Supported Supported
Storage Area Network (SAN): iSCSI Supported. Best Practice = Do not share physical disks backing Exchange data with Supported. Best Practice = Do not share physical disks Supported. Best Practice = Do not share physical disks backing
other applications. backing Exchange data with other applications. Exchange data with other applications.
Storage Area Network (SAN): Fiber Channel (FC) Supported. Best Practice = Do not share physical disks backing Exchange data with Supported. Best Practice = Do not share physical disks Supported. Best Practice = Do not share physical disks backing
other applications. backing Exchange data with other applications. Exchange data with other applications.
Best Practice = Do not place both database copies on the Best Practice = Do not place both database copies on the same
same physical spindles. physical spindles.
Network Attached Storage (NAS): SMB Not Supported Not Supported Not Supported
Physical Disk Type
SATA Supported, requires battery backed caching array controller for data integrity Supported, requires battery backed caching array Supported, requires battery backed caching array controller for
controller for data integrity data integrity
SAS Supported Supported Supported

FC Supported Supported Supported
SSD (Flash Disk) Supported Supported Supported
Physical Disk Write Caching (enabled) Not Supported Not Supported Not Supported
Storage RAID RAID recommended RAID recommended RAID optional
EDB Volume RAID5/6, RAID10, RAID1 RAID5/6, RAID10, RAID1 JBOD, RAID5/6, RAID10, RAID1
Log Volume RAID1, RAID10 RAID1, RAID10 JBOD, RAID1, RAID10
Disk Array RAID Stripe Size (kb) 256KB 256KB 256KB
Storage Array Cache Settings 75% Write Cache, 25% Read Cache (with Battery Backed Cache) 75% Write Cache, 25% Read Cache (with Battery Backed 75% Write Cache, 25% Read Cache (with Battery Backed Cache)
Cache)
Database/Log file placement
Database/Log Isolation Best Practice (for recoverability) = separate database file (.edb) and logs from same Best Practice (for recoverability) = separate database file Database file (.edb) and logs from same Database can share
Database on to different volumes backed by different physical disks (.edb) and logs from same Database on to different same volume and same physical disk. This is a best practice for
volumes backed by different physical disks JBOD/RAID'less storage scenario where one or more volumes
store the edb and log files backed by the same physical disk.
Database Files/Volume Based on backup methodology Based on backup methodology RAID = based on backup methodology, JBOD = one DB
file/volume is recommended
Log Streams/Volume Based on backup methodology Based on backup methodology RAID = based on backup methodology, JBOD = one log
stream/volume is recommended
Windows Disk Type
Basic Disk Recommended Recommended Recommended
Dynamic Disk Supported Supported Supported
Partition Type
GUID Partition Table (GPT) Recommended Recommended Recommended
Master Boot Record (MBR) Supported Supported Supported
Partition Alignment Windows 2008 Default: 1MB Windows 2008 Default: 1MB Windows 2008 Default: 1MB
Volume Path Drive Letter or Mount Point (mount point host volume must be RAID’d) Drive Letter or Mount Point (mount point host volume Drive Letter or Mount Point (mount point host volume must be
must be RAID’d) RAID’d)
File System NTFS support only NTFS support only NTFS support only
NTFS Defragmentation Not required, not recommended Not required, not recommended Not required, not recommended
NTFS Allocation Unit Size 64KB for both edb and log volumes 64KB for both edb and log volumes 64KB for both edb and log volumes
NTFS Compression Not Supported for Exchange Database files Not Supported for Exchange Database files Not Supported for Exchange Database files
NTFS Encrypted File System (EFS) Not Supported for Exchange Database files Not Supported for Exchange Database files Not Supported for Exchange Database files
Windows Bitlocker (volume encryption) Supported for all Exchange database and log files Supported for all Exchange database and log files Supported for all Exchange database and log files
22
23
Module Number 11
Microsoft Corporation
Review of Exchange Server 2007

Availability Solutions
Overview of Exchange Server 2010 (Beta)
High Availability
Exchange Server 2010 (Beta) High
Availability Fundamentals
Exchange Server 2010 (Beta) High
Availability Architecture Scenarios
Exchange Server 2010 (Beta) Site
Resilience
2 Microsoft NDA Only
1
Availability Solutions
Single Copy Cluster (SCC) out-of-box provides little high

availability value
On Store failure, SCC restarts store on the same machine;
no CMS failover
SCC does not automatically recover from storage failures
SCC does not protect your data, your most valuable asset
SCC does not protect against site failures
SCC redundant network is not leveraged by CMS
Conclusion
SCC only provides protection from server hardware failures
and bluescreens, the relatively easy components to recover
Supports rolling upgrades without losing redundancy
2
2. Inspect logs
Database Database
Log E00.log Log
E0000000012.log
E0000000011.log
1. Copy logs 3. Replay logs
Local Cluster Standby

File
Share
Log shipping to a local Log shipping to a standby

disk Log shipping within a cluster server or cluster
Manual AD site: Dallas

“activation” of
Client Access
remote mailbox Server DB4
Outlook (MAPI) OWA, ActiveSync, or server
DB5
client Outlook Anywhere
Standby
Server DB6
AD site: San Jose
Mailbox server
can’t co-exist
Client Access
Server
with other roles
SCR
SCR managed
CCR #1 CCR #1 CCR #2
separately; no
CCR #2
Node A Node B Node A Node B GUI
Windows cluster Windows cluster Clustering

knowledge
DB1 DB1 DB4 DB4
required
DB2 DB2 DB5 DB5 Database failure

DB6
requires server
DB3 DB3 DB6
failover
3
Windows Failover Cluster
Default Cluster Clustered Mailbox
Group Server (CMS)
• Cluster IP Address • CMS IP Address

• Cluster Name • CMS Name
• Cluster Quorum • CMS resources (exres.dll)
• CMS disk resources
Cluster
Cluster
Networks
Database
Database Availability Group

Active Manager
•PAM DAG Networks

•SAM
Windows Failover Cluster
Default Cluster Group
• Cluster IP Address Cluster

• Cluster Name
Database
• Cluster Quorum
4
Mailbox Server Mailbox Server Mailbox Server
Get- Get- Get-

MailboxDatabaseCopyStatus MailboxDatabaseCopyStatus MailboxDatabaseCopyStatus
Move- Move- Move-

ActiveMailboxDatabase ActiveMailboxDatabase ActiveMailboxDatabase
Primary Active Manager Standby Active Manager Standby Active Manager
Storage Storage Storage
Overview of Exchange Server

2010 (Beta) High Availability
5
Reduce complexity
Reduce cost
Native solution - no single point of failure
Improve recovery times
Support larger mailboxes
Support large scale deployments
Make High Availability Exchange
deployments mainstream!
Improved mailbox uptime Key Benefits

• Improved failover granularity
• Simplified administration  Easier and cheaper to deploy
• Incremental deployment
• Unification of CCR + SCR  Easier and cheaper to manage
• Easy stretching across sites  Better Service Level
• Up to 16 replicated copies Agreements (SLAs)
More storage flexibility

 Reduced storage costs
• Further IO reductions
 Larger mailboxes
• RAID-less/JBOD support
Better end-to-end availability

• Online mailbox moves  Easier and cheaper to manage
• Improved transport resiliency  Better SLAs
6
AD site: Dallas
Client Access
Client All clients connect Server DB1
via CAS servers DB3
DB5
AD site: San Jose Mailbox
Server 6
Easy to
Client Access stretch across
Server sites
Failover
managed within
Mailbox Mailbox Mailbox Mailbox Mailbox Exchange
DB1 DB4 DB2 DB5 DB3

DB2 DB5 DB3 DB1 DB4
Database
centric
DB3 DB1 DB4 DB2 DB5
failover

High Availability Fundamentals
7
Exchange
Administrative
Group
Database
Servers Availability Databases
Groups
Server 1 DAG 1 Database 1
Database
16 Microsoft NDA Only Copy 1
8
Database Availability
Group (DAG)
Server
Database
Database Copy
Active Manager (AM)
RPC Client Access
service
DAG
A group of up to 16 servers hosting a set of replicated

databases
Wraps a Windows Failover Cluster
Manages servers’ membership in the group
Heartbeats servers, quorum, cluster database
Defines the boundary of database replication
Defines the boundary of failover/switchover (*over)
Defines boundary for DAG’s Active Manager
Mailbox Mailbox Mailbox Mailbox Mailbox

9
Unit of membership for a DAG
Hosts the active and passive copies of multiple mailbox databases
Executes Information Store, CI, Assistants, etc., services on active
mailbox database copies
Executes replication services on passive mailbox database copies

Server 1 Server 2 Server 3
DB1 DB4 DB3

DB2 DB1 DB4
DB3 DB2
Provides connection point between Information Store and RPC Client Access
Very few server-level properties relevant to HA
Server’s Database Availability Group
Server’s Activation Policy
RCA

DB1 DB4 DB3

DB2 DB1 DB4
DB3 DB2
21
Microsoft NDA Only
10
Unit of *over
A database has 1 active copy – active copy can be
mounted or dismounted
Maximum # of passive copies == # servers in DAG – 1

DB1 DB4 DB3

DB2 DB1 DB4
DB3 DB2 DB1
~30 seconds database *overs

Server failover/switchover involves moving all
active databases to one or more other servers
Database names are unique across an forest
Defines properties relevant at the database level
GUID: a Database’s unique ID
EdbFilePath: path at which copies are located
Servers: list of servers hosting copies
11
Availability Terms
Active: Selected to provide email
services to clients
Passive: Available to provide email
services to clients if active fails
Replication Terms
Source: Provides data for copying to
a separate location
Target: Receives data from the
source
Scope of replication
A copy is either source or target of replication at any given time
A copy is either active or passive at any given time
Only 1 copy of each database in a DAG is active at a time
A server may not host >1 copy of a any database
Mailbox Mailbox
Server 1 Server 2
DB1 X DB1
DB2 DB2
DB1
DB3 DB3
12
Defines properties applicable to an individual database copy
Copy status: Healthy, Initializing, Failed, Mounted, Dismounted, Disconnected,
Suspended, FailedandSuspended, Resynchronizing, Seeding
CopyQueueLength ActiveCopy
ReplayQueueLength ActivationSuspended
Exchange-aware resource manager (high

availability’s brain)
Runs on every server in the DAG
Manages which copies should be active and
which should be passive
Definitive source of information on where a
database is active or mounted
Provides this information to other Exchange
components (e.g., RPC Client Access and Hub
Transport)
Information stored in cluster database
13
Active Directory is still primary source for
configuration info
Active Manager is primary source for
changeable state information (such as
active and mounted)
Replication service monitors health of all
mounted databases, and monitors ESE for
IO errors or failure
Primary Active Manager (PAM)

Runs on the node that owns the default cluster
group (quorum resource)
Gets topology change notifications
Reacts to server failures
Selects the best database copy on *overs
Standby Active Manager (SAM)
Runs on every other node in the DAG
Responds to queries from other Exchange
components for which server hosts the active
copy of the mailbox database
14
Continuous replication has the following
basic steps:
Database copy seeding of target
Log copying from source to target
Log inspection at target
Log replay into database copy
There are three ways to seed the target

instance:
Automatic Seeding
Requires 1st log file containing CreateDB record
Update-MailboxDatabaseCopy cmdlet
Can be performed from active or passive copies
Manually copy the database
15
Log shipping in Exchange Server 2010 (Beta) leverages
TCP sockets
Supports encryption and compression
Administrator can set TCP port to be used
Replication service on target notifies the active instance
the next log file it expects
Based on last log file which it inspected
Replication service on source responds by sending the
required log file(s)
Copied log files are placed in the target’s Inspector
directory
The following actions are performed to verify the

log file before replay:
Physical integrity inspection
Header inspection
Move any Exx.log files to ExxOutofDate folder that
exist on target if it was previously a source
If inspection fails, the file will be recopied and
inspected (up to 3 times)
If the log file passes inspection it is moved into the
database copy’s log directory
16
Log replay has moved to Information Store
The following validation tests are performed prior to log
replay:
Recalculate the required log generations by inspecting the
database header
Determine the highest generation that is present in the log
directory to ensure that a log file exists
Compare the highest log generation that is present in the directory
to the highest log file that is required
Make sure the logs form the correct sequence
Query the checkpoint file, if one exists
Replay the log file using a special recovery mode (undo
phase is skipped)
In the event of failure, the following steps will occur for the
failed database:
Active Manager will determine the best copy to activate
The Replication service on the target server will attempt to copy
missing log files from the best ―source‖ - ACLL
If successful, then the database will mount with zero data loss
If unsuccessful (lossy failure), then the database will mount based on the
AutoDatabaseMountDial setting
The mounted database will generate new log files (using the same
log generation sequence)
Transport Dumpster requests will be initiated for the mounted
database to recover lost messages
When original server or database recovers, it will run through
divergence detection and perform an incremental reseed or
35
require a full reseed Microsoft NDA Only
17
Active Manager selects the ―best‖ copy to activate when the active fails
Ignores servers that are unreachable or activation is temporarily or
regularly blocked
Sorts copies by currency to minimize data loss
Breaks ties during sort based on Activation Preference
Selects from sorted list based on copy status of each copy—if the criteria
does not identify a copy that can be activated, then the next set of criteria
is tried:
Incremental reseed scenario

Active DB1 on server1 fails
Passive DB1 on server3 takes over service
Sometime later, failed DB1 on server1 comes back as passive – contains
inconsistent data
Make DB1 on server1 consistent with new active
Transaction logs of active and failed copy are compared to find
divergence point
Determines from logs the database pages that changed after divergent
point
Copies database pages from active to failed copy, then play new logs,
until in-sync
Replaces Exchange Server
2007’s Lost Log Resilience (LLR)
LLR is set to 1
X
DB1 DB1 DB1
18
Streaming backup APIs for public use have been cut, must use Volume
Shadow Copy Service (VSS) for backups
Backup from any copy of the database/logs
Always choose Passive (or Active) copy
Backup an entire server
Designate a dedicated backup server for a given database
Restore from any of these backups scenarios

DB1 DB1 DB1

DB2 DB2 DB2
DB3 DB3 DB3
VSS requestor
38
Microsoft NDA Only
Site/server/disk failure Exchange Server 2010 (Beta) HA

Archiving/compliance E-mail archive
Recover deleted items Extended/protected dumpster
retention

7-14 day lag copy
DB1 DB1 DB1

DB2 DB2 DB2
DB3 DB3 DB3
X
19
High Availability Design Examples
File
File Share File
Share Share
File File
Share Share
20
2 servers out -> manual
Single
activation Site 3
of server
3 Nodes
In 3 server DAG, quorum is lost
3 HA Copies
DAGs with more servers sustain
JBOD
more -> 3–physical
failures Copies
greater resiliency
X
X
Member servers of DAG

CAS/HUB/ CAS/HUB/ can host other server roles
MAILBOX 1 MAILBOX 2
2 server DAGs, with server

DB2 roles combined or not, should
use RAID
21
Site Resilience
Within a datacenter
Database *over
Server *over
Between datacenters
Single database *over
Server *over
Datacenter failover (which is really a
switchover)
22
Database mounted in another datacenter and
another Active Directory site
Serviced by ―new‖ Hub Transport servers
―Different OwningServer‖ – for routing
Transport dumpster re-delivery now from both Active
Directory sites
Serviced by ―new‖ CAS
―Different CAS URL‖ – for protocol access
Outlook Web Access (OWA) now re-directs
connection to second CAS farm
Other protocols proxy or redirect (varies)

HUB
GC
HUB
GC
FSW Alt FSW
MbxSvr1 MbxSvr2
DAG
47 Site: Redmond Microsoft NDA Only Site: Dublin
23
Customers can evolve to site resilience
Standalone  local redundancy  site
resilience
Consider name space design at first
deployment
Keep extending the DAG!
Monitoring and many other concepts/skills just
re-applied
Normal administration remains unchanged
No ―special‖ network requirements
No single subnet requirements
Disaster recovery not HA event
Two datacenter *overs have a risk of split brain

Primary datacenter power outage is classic example
Exchange Server 2010 (Beta) datacenter failovers
maintain DAG membership but shrink cluster membership
to create a new, ―available topology‖ in the standby
datacenter
Exchange Server 2010 (Beta) provides a safe answer with
―datacenter activation coordination‖ (DAC) mode
Requires a DAG with three nodes
Requires activation in partial datacenter failure cases is
―done right‖
Mailbox servers must be ―stopped‖ or powered off
Implements a ―Mommy may I protocol‖ before active
manager mounts databases
49
Microsoft NDA Only
24
If DAC is not enabled, the DAG will not
restart and mount databases until a majority
of servers are restored
If DAC is enabled, the ―Mommy May I
Protocol‖ is used to coordinate with Active
Managers in DAG to determine state and
recoverability
There are several requirements that must
be satisfied to prevent split brain between
datacenters after datacenter failover
Failure Scenario:
Recovering PrimaryData
DataCenter
Database
Server Failure
Failure
Failure
Center
1. Primary
MBX-A-1
Verify data
DB1center
fails
primary fails is capable of hosting service
fails center
data
2. Adjust DNSfailover
Automatic
Add primary records tofor SMTP
MBX-A-2
data center serversand HTTPS
back access
to DAG: and adjust CAS configurationDAG1
Start-DatabaseAvailabilityGroup –ActiveDirectorySite Baltimore
(if necessary)
3. Run Stop-DatabaseAvailabilityGroup
MBX-A-1
ReconfigureDB1
is fixed
is fixed
DAG and
to use DAG1 –ActiveDirectorySite
File Share Witness Baltimore
in primary data center: –ConfigurationOnly (in both
Set-DatabaseAvailabilityGroup DAG1 –FileShareWitnessShare
data
centers)
becomes a copy
\\ht-a\fsw
4. Restore-DatabaseAvailabilityGroup
Reseed data or allow replication to occur –ActiveDirectorySite
DAG1and ―Bel Air‖data
update copies in primary –AlternateFileShareWitnessShare
center \\ht-
5. b\fsw
Schedule downtime for the mailbox databases and dismount them
Legend Active Database
5.
6. Databases
Change MXmount
records(noand
activation block scenario)
HTTP access back to primary data center
7. Move databases back to primary data center: Move-ActiveMailboxDatabase DB1 –ActivateOnServer MBX-A-1 Database Copy
8. Mount databases in primary data center Unhealthy? Database
Contoso.com (MX Record)
Autodiscover.contoso.com
Mail.contoso.com
Load Balance Array
Records
Edge-A Proxy-A Proxy-B Edge-B
2.1.x.x Perimeter Network 2.2.x.x Perimeter Network
DC-A HT-A CAS-A CAS-B HT-B DC-B
172.16.x.x ―MAPI‖ Network 172.18.x.x ―MAPI‖ Network

DAG1 DAG1
MBX-A-1 MBX-A-2 MBX-B-3 MBX-B-4

DB1 DB2 DB1 DB2 DB1 DB2 DB1 DB2
DB3 DB4 DB3 DB4 DB3 DB4 DB3 DB4
172.17.x.x ―Replication‖ Network Outlook 172.19.x.x ―Replication‖ Network

2007/14
AD Site Baltimore (MBX on DB1) AD Site Bel Air
25
With each release, our goals are to
make Exchange high availability:
Easier and cheaper to deploy
Easier and cheaper to manage
Support better SLAs with faster and
more granular recoveries
Improve site resiliency support
Our other goal is for highly available
deployments to be mainstream!
26
Non-Lagged Copies
Has the log file been backed up
(assuming no circular logging)?
Is the log file below my checkpoint?
Yes  Truncate
Does the other non-lagged copies agree
with deletion?
Has the log file been inspected by all
lagged copies?
Lagged Copies
Is the log file below my checkpoint?
Is the log file older than ReplayLagTime + Yes  Truncate
TruncationLagTime?
Is the log file deleted on the source?
27
28
Module Number 12
Recognize the Exchange Server 2010 (Beta)

Management Tool set
Understand Exchange Server 2010 (Beta)
Management Tools new capabilities and
application
Understand Exchange Server 2010 (Beta)
Role Based Access Control and how to
delegate administrative function
Discover the Exchange Server 2010 (Beta)
control panel
Learn how to manage an Exchange Server
2010 (Beta) server using Remote PowerShell
1
IT organizations need to…
Maximize efficiency
Reduce cost
The annual cost of helpdesk support staff for e-mail
systems with 7,500 mailboxes is approximately
$20/mailbox. This cost goes up the smaller the
organization.
(―Email Support Staff Requirements and Costs: A Survey of 136 Organizations‖,
Ferris Research, June 2008).
Empower Specialist Users to Perform Specific Tasks

with Role-based Administration
Compliance Officer Human Resources Help Desk Staff
Conduct Mailbox Update Employee

Manage Mailbox
Searches for Info in Company
Quotas
Legal Discovery Directory
2
Exchange Server 2007 has only 3 big roles to modify only
organization, recipient and server data
Cannot create new roles hence too much functionality for decentralized IT
environments—Unified Messaging, e-mail life cycle administrators need
permissions to manage their functions without being granted full organization
administration functionality
Organization scope is too broad
Too much permission required in order to delegate some operations (e.g. Move-
Mailbox, Export-Mailbox)
Permissions focused on Active Directory (AD) objects
Objects don‘t always map 1:1 with tasks
Unified Messaging administrators wants to manage Unified Messaging recipient
data without being granted full write rights to all properties on the mailbox AD
object
Granting and delegation Exchange permissions is complex
Customize access control lists (ACLs) manually which is complex, error prone, and
danger of ACL bloat
Permissions-based troubleshooting and related product support services (PSS)
calls are really expensive
No easy way to report who has permission or audit what was done
MMC
Powershell
Cmdlets (Business logic)
Process /
Machine IIS
Boundary Metabase
Local
Store Machine
AD
3
Enabling Exchange management capability to match business needs
Set many more out of the box roles matching typical business needs (e.g. UM
admin, records management administration)
Ability to create custom roles
Enable self-service management for IW (e.g. self service role)
Map authorization grants to operations, not AD objects
Define authorization grants as the actions a given user can perform over a set of
resources
Define scopes which determine the set of objects that can be accessed by the
granted operations
Remove direct rights on underlying storage
Help deliver a first class management experience for Enterprise and
Exchange Labs
Reduce administration burden by supporting easy management, reporting and
delegation of permissions
Audit the execution of business operations
Consistent, secure authorization model for Exchange management clients (ECP,
EMC)
New Exchange Management Console features

Role Based Access Control (RBAC)
New authorization model that grants operations based on role or
job function (e.g. recipient admin, helpdesk etc.)
Easy to delegate and customize
All Exchange management clients (EMS, EMC, ECP) use RBAC
authorization model
Exchange Control Panel (ECP)
New and simplified web based management console
Targeted for end users, hosted tenants, and specialists
Remote PowerShell
Manage Exchange remotely using PS v2.0
4
EMS
MMC
WinForms
EMC Data Layer
Powershell Remote Powershell Runspace
Cmdlets (Business logic)
Process /
Machine IIS Local
Boundary Store Metabase Machine
AD
Add Exchange Forests to the console tree

Organizational health
Community and feedback
Command log (with export)
Diagnostic logging
Exchange help
A feature based changes, i.e. DAG
5
Role based Access Control (RBAC) has
replaced the permissions model used in
Able to define precise or broad roles and
assignments based on the tasks that need
to be performed
Includes self administration
Management role
Set A container for a grouping of management role entries
Management role entries
A cmdlet, including its parameters, that is added to a management
role
Management role scope
Scope of influence or impact
Management role assignment
The assignment of a management role to a user or universal
security group
6
Role
(What)
Role
Assignment
User or
Scope
USG
(Where)
(Who)
Built-in administrative management roles

Organization management
View only organization management
Recipient management
GAL Sync management
Unified Messaging management
Unified Messaging recipient management
Unified Messaging prompt management
Discovery management
Built-in self management roles
My options
My distribution group membership
My distribution groups
Custom roles can be added to suit specific delegation
requirements
Roles are hierarchical, with built-in role at the top
7
Example: A combination of the management
role that they are associated with, and the
name of the cmdlet
i.e. management role\cmdlet
e.g. OrganizationManagement\Set-Mailbox
e.g. DiscoveryManagement\Search-Mailbox
Role entries can only be removed from a
role
Example: Defines the specific scope of

impact or influence of a management role
There two types of scopes – IMPLICIT and
EXPLICIT
Implicit scopes are default scopes that apply
to a management role type
Explicit scopes are self set to meet
delegation requirements
8
Apply a management role and the management
role scope, if specified, to a user or universal
security group
When an assignment is created, the user or group
specified gains access to the cmdlets and
parameters made available by the associated
management role
Role assignments are additive
Role A + role B = all role entries from both roles A and
B
Assignments without scopes use the implicit
scope of the role type of the role
Step 1: Create the management role

Step 2: Change the new role's management
role entries (by removing role entries)
Step 3: Create a management scope (if
required)
Step 4: Assign the new management role
9
New-ManagementRole -Name ―eDiscovery-
Sales‖ –Parent DiscoveryManagement
New-ManagementScope –Name ―Sales
Mailboxes‖ –DomainRestrictionFilter
―(RecipientType –eq ‗UserMailbox‘)‖ –
DomainRoot
―OU=Sales,DC=nwtraders,DC=Com‖
New-ManagementRoleAssignment –Name
―RA-Sales eDiscovery Administrators‖ –User
―USG-Sales eDiscovery Admins‖ -Role
―eDiscovery-Sales‖ –DomainScopeRestriction
―Sales Mailboxes‖
> New-PSSession –URI https://server.fqdn.com/PowerShell/

> New-Mailbox –Name Bob
[Bob Mailbox Object in Pipeline]
IIS
PSv2 Client
Evan Runspace PSv2 RBAC Evan: Role Assignment
Server New-Mailbox -Name
Runspace Get-Mailbox
Set-Mailbox -Name
LAP1 WSMan +
PS Client RBAC stack:
Authorization
Active Directory
IIS:
Cmdlets Available in Runspace: Authentication
New-PSSession
SRV1
Remote Cmdlets Available in Runspace:
New-Mailbox -Name
Get-Mailbox Cmdlets Available in Runspace:
Set-Mailbox -Name New-Mailbox -Name
Get-Mailbox
Set-Mailbox -Name
10
A browser based management client for end
users, administrators, and specialists
Accessible directly via URL, Outlook Web
Access (OWA) and Outlook 14
Deployed as a part of the Client Access
Server (CAS) role
Simplified user experience to common
management tasks
Role-Based Access Control (RBAC) aware
UI Scope
Control
Secondary
Navigation
Slab
Primary
Navigation
11
12
13
Specialists
Administrators can delegate to specialists (e.g.
Help Desk Operators, Department
Administrator, and eDiscovery Administrators)
End users
Comprehensive self service tools for end users
OWA options plus
Hosted customers
Tenant administrators
ASP.NET application
Full browser support for Internet Explorer
(IE) 7+, Safari 3+, and Firefox
Authentication
Currently supports Integrated Windows and
basic authentication
ECP is an IIS virtual directory on the Client
Access Server role
14
The ECP IIS virtual directory is automatically created when
installing the Client Access Server role
ECP settings are stored in Active Directory and the IIS
metabase
The ECP is managed using Exchange cmdlets
ECP cmdlets
New-ECPVirtualDirectory
Set-ECPVirtualDirectory
Get-ECPVirtualDirectory
Remove-ECPVirtualDirectory
Test-ECPConnectivity
The new management paradigm for

PowerShell automation in Exchange Server
2010 (Beta)
Integrates with RBAC model
Is used for local and remote management
Standard protocols allow easier
management through firewalls
Solves many cross-forest management
issues
Simplifies management tools installation
15
Exchange partners provide infrastructure to
transport cmdlet operations and data from
the (smart) client-side runspace to the
server-side runspace and back
WSMan – remoting transport and
authorization-hooks
PowerShell V2 ―Fan-in‖ remoting – allows high-
scale client-connectivity to a server/datacenter
environment
Exchange RBAC serves as the
authorization provider for PowerShell
Remoting
16
$UserCredential = Get-Credential
$rs = New-PSSession -ConfigurationName
Microsoft.Exchange -ConnectionUri
https://<Exchange 2010 computer
name>/powershell –Credential
$UserCredential
Import-PSSession $RS
17
Role Based Access Control
RBAC has replaced the permission model used in Exchange
Server 2007
Enables the definition of extremely broad or extremely precise
roles and assignments, based on the actual roles administrators
perform
Exchange Control Panel
Provides a new way to administer a subsets of Exchange
features
Provides a great self provisioning portal
Remote Powershell
Uses familiar Exchange cmdlets
Allows administration without the Exchange management tools
Provides a firewall friendly management access
18
19
Exchange Server 2010 (Beta) Airlift
Module Number 13
Review Exchange Server 2010 (Beta) key

architecture changes
Discuss Exchange Server 2010 (Beta)
transition and co-existences scenarios
Discuss how to prepare your environment
for Exchange Server 2010 (Beta) today
1
Exchange 2007 Issues Exchange Server 2010 (Beta)
Client access role is not a middle-tier •All end-user clients now connect through the Client
•Messaging Application Programming Interface Access server for mailbox data and for directory
(MAPI) and Web Distributed Authoring and information
Versioning (WebDAV) clients connect directly to the •Client WebDAV communication mechanism has been
store deprecated
•Multiple different code paths stored in different
processes depending on connecting client
Scale issues •Scale issue between Mailbox and CAS roles for Outlook
•Windows TCP outbound port scalability issues Anywhere disappear due to the use of the RPC Client
(65,535) per server in Windows Server 2003 and per Access service
IP address in Windows Server 2008 (affects Outlook •DSProxy interface has been replaced with an NSPI
Anywhere) interface that is part of the RPC Client Access service
•DSProxy only supports 60,000 outbound TCP ports •Store supports 250,000 RPC context handles
per sever
•Store only supports 60,000 RPC context handles
per server
No easy solution for external data sharing Federation allows for sharing of free/busy data, provides
calendar access between Exchange organizations
Entourage
Transport
WS
Transport WS Agents
OWA Agents
Mailbox
OWA
Mailbox
Agents UM Agents UM
Sync Outlook / Sync
MAPI clients
Middle
XSO Outlook / MAPI RPC XSO

Middle
MAPI clients
Tier
NSPI
MAPI.Net
Tier
Core Objects
Entourage
MAPI.Net
MAPI RPC DAV
DSPROXY
Mailbox
Mailbox
MAPI RPC
Store
Store
2
Exchange Server 2010 (Beta) CAS required in every AD site where
Exchange Server 2010 (Beta) MBX is deployed
Load balancing
If planning on deploying more than 8 CAS servers in a load
balanced array, consider deploying hardware load balancing
solution
For Office Communications Server (OCS) integration with OWA, you
must deploy OCS 2007 R2
Since CAS role is now a true middle-tier solution, CAS servers will
require beefier hardware.
CAS to Mailbox processor core ratio changes drastically as a result of
RPCCA (Beta1: 3:4)
OWA 2010 will not support Public Folder (PF) access to folder stored
only on MBX 2007 or MBX 2003 servers

Exchange does many small, random input/outputs (I/Os) Exchange store schema and ESE optimized for fewer
which inhibit the types of disks that can be used large, smoother, sequential I/Os
•Store schema changes
•DB I/O size improvements
•Database cache effectiveness improvements
•ESE optimized for new store schema
Result: Exchange Server 2010 (Beta) reduces I/O by an

additional 70% when compared to Exchange Server
2007 and is optimized for SATA class disks
Large item count per folder is an issue due to restricted Schema changes of the table structure and deferred
views (affects large mailbox deployments index updates greatly improves restricted view
performance
Result: Supports 100,000 items per folder

Outlook Personal Folder Files (PSTs) are a litigation, New Messaging Records Management features
security, and management nightmare •Item level policy settings
•Archive mailbox feature for importing and storing
PST data
•Compliance Officer search capabilities
Result: PSTs can be removed by placing data into

Exchange repository and can be searched easily
3
Single-copy cluster Cluster Continuous Exchange Server 2010 High
Replication Availability
*Over granularity Server-level Server-level Database-level
Copies of data 1 2 2 to 16
*Over time ~2 min ~2 min ~30 sec (POR)
*Over management Windows Cluster Windows Cluster Exchange Server
Data replication Partner replication or Continuous replication Continuous replication

SCR
Management tools Separate Separate Unified
Host other roles? No No Yes
Other advantages
Step up to automatic failover without rebuilding the mailbox server
Incrementally add replicated copies to meet business needs
No subnet or special DNS requirements
Outlook Clients
Outlook Clients
Failover:
Client
disconnected for
0-TTL minutes
Exchange CAS NLB
MBX MBX CAS

Failure:
Client just
reconnects MBX1 MBX2
Failover:
Connected client
disconnected for
Exchange 2007 30 seconds
(POR)
8
4
Leverage the incremental deployment capabilities of
You do not need to deploy site resilience out of the box!
Deploy larger database availability groups (DAGs) over
smaller DAGs
Distribute database copies across nodes in a matrix
Improved database seed/log shipping performance across
the wide area network (WAN)
Seed compression/encryption (optional)
Log shipping compression/encryption (optional)
Log shipping is now Transport Control Protocol (TCP) socket
based
Use multiple 1 GB networks or 10 GB network to improve
local area network (LAN) re-seed/log replication queue
9 drain performance Microsoft Confidential
10,000 mailboxes
heavy Profile: 120
messages/day
8 Cores 8 Cores 8 Cores .11 IOPS/mailbox
32 GB RAM 32 GB RAM 32 GB RAM
2 GB mailbox size
Mbx Server 1 Mbx Server 2 Mbx Server 3
DB1 DB2 DB3 DB4 DB5 DB6 DB1 DB2 DB3 DB4 DB5 DB6 DB1 DB2 DB3 DB4 DB5 DB6 3,333 active
mailboxes/server
DB7 DB8 DB9 DB10 DB11 DB12 DB7 DB8 DB9 DB10 DB11 DB12 DB7 DB8 DB9 DB10 DB11 DB12
D DD 3 nodes, 3 copies
B DB13 BB DB13
DB13 DB14 DB15 DB16 DB17 DB18
1
DB14 DB15 DB16 DB17 DB18
11
DB14 DB15 DB16 DB17 DB18
= secondary failure
DB19 DB20 DB21 DB22 DB23 DB24 D DB19 DB20 DB21 DB22 DB23 DB24 DD DB19 DB20 DB21 DB22 DB23 DB24
resiliency
B BB
DB25 DB26 DB27 DB28 DB29 DB30 1 DB25 DB26 DB27 DB28 DB29 DB30 11 DB25 DB26 DB27 DB28 DB29 DB30 1TB 7.2k disks
(SAS/SATA)
JBOD: 30
Database Availability Group (DAG) disks/node
online spares
Active copy Passive copy Spare Disk battery backed
caching array
10 Legend
Microsoft Confidential controller
5
Upgrade
Single server 1
Site
Server
4 Nodes 2 fails
Server
3 1 upgrade is done
HA Copies
2 active->copies
JBOD die Copies
3 physical
XX
Mailbox
Server 1 Server 2 Server 3 Server 4

11
Storage Guidance Stand Alone or Database Availability

Database Availability Group (2 copies) Group (3+ copies)
Storage Type DAS, Fibre Channel, iSCSI
Disk Type SAS, Fibre Channel, SATA (with battery backed cache), SSD
RAID RAID recommended RAID optional
RAID Type RAID-1/0, RAID-5, RAID-6 JBOD
DB/Log Isolation Best practice Not required
Windows Disk Type Basic (recommended), Dynamic
Partition Type GPT (recommended), MBR
Partition Alignment Windows 2008 Default (1MB)
File System NTFS
NTFS Allocation Unit Size 64KB for both database and log volumes
Encryption Support Bitlocker
6
Streaming backup support has been removed
Deploy direct-attached storage (DAS) solutions, as they are
more cost effective with large mailboxes and continuous
replication
Leverage the Storage Cost Calculator
Deploy Database Availability Groups (DAGs) and use
replication to achieve high availability
If deploying 3 or more database copies, consider RAID-less storage design
and combining logs and database on same spindles
Ensure unique database names across the organization
Large mailbox support (10 GB+)
Deploy active mailbox to support 1-2 years worth of data
Deploy archive mailboxes to allow end users to retain long-term needed
data
Deploy Office 2007 Service Pack 2 (SP2) or later

Transport is stateful – loss of service results in loss of mail Shadow redundancy allows transport to become stateless by
keeping an additional copy of the message during the entire time
the message is in transit
Result: No need to worry about state of a transport server

Transport dumpster impacts the environment Database replication feedback is now used to control which
•Large number of SGs in an environment coupled with a messages remain in dumpster and thus redelivery requests only
small database cache result in large increase in I/Os result in redelivery of messages that had not been replicated to
•Redelivery submission results in entire quota being that database copy
redelivered and store removing duplicates
Database engine is not optimized for transport delivery ESE improvements
•Multi-threaded version store maintenance
•Larger checkpoint depth (40MB)
•Optimized database cache (64MB – 1GB)
•Intrinsic long value record storage
Result: With transport dumpster changes and ESE

improvements, transport IOPS requirements are targeted to be
reduced by more than 50%
No automatic mechanism to protect messages based on content Leverages Information Rights Management (IRM) and transport
rules to automatically protect messages that are deemed
―sensitive‖
No automatic way to restrict encrypted message flow within the Provides the ability to detect incoming external encrypted mail
environment and take action and to control when message encryption can be
used
7
Exchange Server 2010 (Beta) Mailbox servers can only communicate
with Exchange Server 2010 (Beta) Hub Transport servers
Exchange Server 2010 (Beta) Hub Transport servers can
communicate with Exchange Server 2007 Hub Transport servers
Must deploy an Exchange Server 2010 (Beta) Hub Transport server
in every site where you deploy Exchange Server 2010 (Beta) Mailbox
server
Since transport is stateless, there is no need to include RAID in your
storage designs
Currently only Exchange Server 2010 (Beta) Hub Transport servers
can communicate in an Edge synchronization process with Exchange
Server 2010 (Beta) Edge Transport servers
Information Rights Management (IRM) usage with transport requires
Rights Management Server deployed on Windows Server 2008

8
Schema changes!
No hard requirement for Windows Server®
2008 Active Directory® (AD)
At minimum, one Windows 2003 Service
Pack 2 (SP2) global catalog in each site
Exchange Server 2010 (Beta) domain-joined
server roles will be installed
The AD must be at least in Windows Server
2003 forest functionality mode
No support for read-only domain controller
(RODC)/read-only global catalog (ROGC)
Exchange Server 2007/Exchange Server 2010 (Beta)

coexistence in the same AD site which requires
Exchange Server 2007 changes (SP2)
Exchange Server 2007 SP2
Must be deployed to every server in the same AD Site as
All 2007 Client Access Services (CAS) servers in the
organization need to be upgraded
Exchange Server 2010 AD schema extensions are
planned to be backported into Exchange Server 2007
SP2
9
Co-existence with Exchange Server 2007 in
the same organization
Multiple forests (resource forest model),
multiple AD sites
Single forest, multiple AD sites
Single AD site
Hard blocked
Exchange Server 2010 (Beta) coexistence with
Exchange 2000 Server and earlier
Exchange Server 2010 (Beta) coexistence with
Exchange Server 2003 prior to SP2
Exchange Server 2010 coexistence with
Exchange Server 2007 prior to SP2
Adding older versions of Exchange to an
Exchange Server 2010 (Beta)-created
organization
10
There is no support for in-place server
upgrades
Microsoft is investing in online mailbox moves
Exchange Server 2007 and 2010 (Beta)
Exchange Management Console (EMC) can
now run on the same machine side by side
(Administrator only)
Exchange objects are only managed via the
EMC management console that have the same
version (e.g. 2007 objects are managed by
2007 console)
1.2 Internal AD Site

1 Deploy E2010 2
Internet facing AD Site servers Upgrade Internal
Upgrade Internet CAS first; MBX last sites second
facing sites first
CAS-CAS
proxy
Internet
CAS, HUB, UM, 1.4

MBX 14 Move Mailboxes
CAS, HUB,
UM, MBX
1.3
•Move Internet hostnames to
point to CAS2010
• This moves AutoDiscover
•―legacy‖ hostname for old CAS 1.1
•Includes SSL cert purchase
CAS, HUB, UM, Upgrade E2007
•End Users don‘t see this MBX 2003 or 2007 servers to SP2
hostname
•Move UM phone number for
OVA to point to UM14 Microsoft Confidential
22
11
CAS2010/UM2010/HUB2010 will redirect and proxy clients to CAS2007,
FE2003, MBX2003, UM2007, HUB2007 for access to Exchange Server
2003/2007 mailboxes
Server installation order
Hub Transport
Unified Messaging (if applicable)
Mailbox
Set subheads in ―sentence case‖
Generally set subhead to 36pt or smaller so it will fit
First Exchange Server 2010 (Beta) server must be a CAS server
Order of removing/decommissioning Exchange Server 2007 servers in a site
Mailbox
Unified Messaging (if applicable)
Hub Transport
Supported scenarios
Scenario Internet Facing Site Non-Internet Facing Site
1 2010 2010 and/or 2007
2 2010 2007 and 2003
3 2007+ 2010 2007 and/or 2003
4 2007 + 2010 2007 and/or 2010
5 2003 + 2010 2010 and/or 2003
6 2003 + 2007 + 2010 2010 and/or 2007 and/or 2003
Unsupported scenarios
Scenario Internet Facing Site Non-Internet Facing Site
7 2007 2007 + 2010
8 2007 2010
9 2010 2003
12
Install Exchange Server 2010 (Beta)
Install certificate on Exchange Server 2010 (Beta) CAS
Create certificate signing request (CSR), obtain certificate(s)
Publish Outlook Web Access (OWA) via Exchange Server 2010
(Beta) CAS
Configure external URL
Configure Outlook Anywhere on Exchange Server 2010 CAS
Configure DNS
Replace the certificate on Exchange Server 2003 front-
end
Internet
Autodiscover Internet Clients
AutoDiscover end (Outlook, WM6.1+, EWS clients like Entourage)
point is moved to
CAS2010 first in CAS 2007 CAS 2010
migration SP2
AutoD AutoD
Exchange Server
2010 (Beta) Outlook finds
AutoD using
Autodiscover AD Site SCPs For users
w/ MBX2010:
supports lookups AutoD2007 redirects
to AutoD2010
for MBX2007 and
MBX2010 Autodiscover
Intranet clients
13
Outlook
Internal Outlook clients Internet Anywhere
connect via MAPI
Intranet
Mailboxes on
MBX2010 will
connect to CAS via
RPCCA
CAS
Outlook Anywhere 2010
clients connect to the
CAS2010 server via
Outlook on
RPC/HTTPS intranet
Traffic is sent proxy
to MBX2003,
MBX2007, or
MBX2010 MBX MBX
2007 2010
MBX
2003
In Exchange Server 2007

and Exchange Server 2010
(Beta), OWA rendering
happens on CAS SSO SSO
Redirection Redirection
CAS 2007 CAS 2010 FE 2003

MBX 2003
―XSO ―XSO
MAPI‖ MAPI‖ Proxy + PF/MBX
Integration logic
MBX 2003
MBX 2007
MBX 2007 (Public Folders) MBX 2003
(Public Folder) MBX 2010 MBX 2010
(Public Folders)
14
In Exchange Server 2007 WM5/6 WM6.1+
and Exchange Server
2010 (Beta),
EAS/POP/IMAP are POP/IMAP
parsed on CAS clients
In Exchange Server 2003, Proxy

EAS/POP/IMAP are CAS 2010 CAS 2007
proxy-ed to MBX—
―XSO ―XSO
FE2003 FE2003 is only MAPI‖ MAPI‖
an authenticating proxy
MBX 2003 MBX 2010 MBX 2007

Before mailbox is moved

WM5, WM6, WM6.1 connect to Microsoft Server ActiveSync (MSAS) endpoint on
Exchange Server 2010 (Beta) CAS
Exchange Server 2010 (Beta) CAS proxies request directly to Exchange Server
2003 BE Mailbox server via HTTP
NOTE: Exchange Server 2003 BE must be configured for Windows Integrated
authentication—this is a manual step for IT administrators
After mailbox is moved
WM5, WM6, WM6.1 connect to MSAS endpoint on
Exchange Server 2010 (Beta) CAS
For Beta 1, all clients must perform a full
resynchronization of data—user must also select ‗Sync‘
on phone multiple times before this completes
successfully
This is not expected at RTM
Exchange Server 2010 (Beta) CAS handles the request
to the Exchange Server 2010 (Beta) Mailbox server
15
CAS 2007 SP2 CAS 2010
AutoD For lookups AutoD

against MBX2010:
AutoD2007 redirects
to AutoD2010
Proxy to AS version Exchange Server 2010

Matching MBX version AS Clients (Outlook,
AS Clients (Outlook, Avail svc Avail svc
For Exchange Server OWA, EWS clients)
OWA, EWS clients)
2007/Exchange Server
2010
―XSO ―XSO
MAPI‖ MAPI‖
MBX 2007 MBX 2010

storing mbxes MBX 2003 storing mbxes
Storing F/B in
Public Folders
31
Before mailbox is moved from 2003 to After Mailbox transitioned

2010 to Exchange Server 2010
(mail.contoso.com) (mail.contoso.com)
Outlook 2003
Outlook 2007
Windows Mobile 5
Full Resync Required
Windows Mobile 6
Windows Mobile 6.1

Outlook Web Access

HTTP Redirect
POP
IMAP
EWS
New Entourage Version Required
16
Hub Transport Transition
Deploy Exchange Server 2010 (Beta) Hub(s)—at this point, you
need to have sufficient Exchange Server 2010 (Beta) Hub servers
to handle Exchange Server 2010 (Beta) mailboxes and Exchange
Server 2007 Hub servers to handle Exchange Server 2007
mailboxes. As you migrate more mailboxes to Exchange Server
2010 (Beta), you can decrease the number of Exchange Server
2007 Hub servers and increase the number of Exchange Server
2010 (Beta) Hubs.
Deploy Exchange Server 2010 (Beta) Edge and establish
Exchange Server 2010 (Beta) Edge Subscription.
Remove Exchange Server 2007 Edge and Exchange Server 2007
Edge subscriptions.
Finally, remove Exchange Server 2007 Hubs when no Exchange
Server 2007 mailboxes are present.
Install the SP2 on Exchange Server 2007

servers
Deploy Exchange Server 2010 (Beta) CAS,
Hub and MBX roles
Exchange Server 2010 (Beta) and
Exchange Server 2007 Hub servers
configure themselves
Exchange Server 2010 MBX -> Exchange
Server 2010 Hub -> E2007 Hub -> E2007 MBX
E2007 MBX -> E2007 Hub -> Exchange Server
2010 Hub -> Exchange Server 2010 MBX
17
Edge 2007 SP2 can proxy to Hub 2010
Edge servers can be upgraded to
Exchange Server 2010 (Beta) last
Perimeter MBX 2003
network
SMTP
―XSO MAPI‖
Edge 2007 HUB 2010 MBX 2010

SP2
Incoming
SMTP
or
Outgoing
email
―XSO MAPI‖
HUB 2007 MBX 2007

Edge 2010
AD-Site
1. Deploy Exchange Server 2007
E2007 Edge-Sync
SP2 on all Servers (including
E2007
E2007
SP2
Edge)
E2007 SP2 E2007 SP2 Mailbox
E2007 Edge
Edge
E2007 HUB
HUB 2. Introduce Exchange Server
E2007 SP2
E2007 Edge
E2007 SP2
E2007 HUB E2007
E2007
SP2 2010 (Beta) Hub Servers
Edge HUB Mailbox
Routing
 Routing Version
SMTP
Version
boundary boundary
 Exchange Server 2010 (Beta)
E2010 HUB
Hub cannot EdgeSync to
E2010 HUB Exchange Server 2007 SP2
Edge)
18
Routing is dependent on the AD site
boundary and server versions
Every AD-Site with a mailbox will always
require a hub of the same version for mail
delivery to that mailbox
Cannot be changed (e.g. specify Hub
Server in SubmissionServerOverrideList)
AD-Site
E2007 Edge-Sync
3. Deploy Exchange Server
E2007 SP2 2010 (Beta) Mailbox Role
E2007 SP2 E2007 SP2 Mailbox
Edge HUB
E2007 SP2
Edge
E2007 SP2
HUB
E2007 SP2
Mailbox
4. Deploy Exchange Server
2010 (Beta) Edge Role
SMTP
Routing Version
boundary
E2010 5. Subscribe Exchange

E2010 Edge E2010 HUB Mailbox
Server 2010 (Beta) Edge
E2010 Edge E2010 HUB
E2010
Server(s)
Mailbox
E2010 Edge-Sync
19
Exchange Server 2007 Edge can maintain Sync for Exchange
Server 2010 (Beta) Edge
R4 Upgrade Story In R4, we will be doing work to simplify the
upgrade process—these include:
Exchange Server 2007 SP2 ADAM schema will be compatible with the
Exchange Server 2010 (Beta) schema—this will enable Exchange
Server 2010 (Beta) Hubs to subscribe to Exchange Server 2007 SP2
Edge servers
Simplify the credential bootstrap process so that adding new Exchange
Server 2010 (Beta) Hub servers do not require re-subscribing to the
Edge servers
We will support deltasync to the Edges which is much more efficient
than syncing the entire AD every 4 hours
AD-Site
E2007 Edge-Sync
6. Remove Exchange Server
E2007 SP2
Mailbox
2007 Edge Role and
E2007 SP2 E2007 SP2
Edge HUB Subscription
E2007 SP2 E2007 SP2 E2007 SP2
Edge HUB Mailbox
2007 Mailbox Role
SMTP
Routing Version
boundary

E2010
Mailbox
2007 Hub Role
E2010
Mailbox
E2010 Edge-Sync
20
Source mailbox can be used by users as normal during ―online‖ moves
Online mailbox move is only available for Exchange Server 2007 and
above
No OST resync after mailbox move
MAPI RPC used for all moves
On
lin e
Exchange 2007
line
Off Exchange 2010 CAS with Exchange 2010
―Mailbox Replication Service‖ Mailbox Server
Exchange 2003
With private branch With Office Communications

exchange/gateways (PBX/GWs): Server:
One Dial Plan, Redirect 2 Dial Plans, Direct
21
Co-existence support between mailbox server 2010
and mailbox server 2003/2007
Co-existence with mailbox server 2000 is not supported
Outlook can read mailbox from one Exchange version
(e.g. 2010) and public folder from another (e.g.
2003/2007)
OWA 2010 only gives access to public folders with
replica in mailbox server 2010
Error message when accessing public folder with replica
only on Exchange 2003/2007
This is different from OWA 2007, which had a redirection
behavior, opening up OWA 2000/2003 for public folders on
older mailbox servers in separate browser windows
Get-PublicFolderStatistics now captures last user
access

22
Start planning Windows Server 2008 as their base
OS
Move to Windows Server 2003 Forest Functional
Mode
Upgrade AD servers to Windows Server 2003 SP2
or later
Remove Exchange 2000 Server
Exchange Server 2010 (Beta) only supports
coexistence within a forest with Exchange Server 2003
SP2 and Exchange Server 2007 SP2
For large mailbox and cached mode I/O improvements,
deploy Office 2007 SP2
Do not deploy single copy cluster (SCC) or local continuous

replication (LCR) today, deploy cluster continuous replication
(CCR)+ standby continuous replication (SCR)
Neither are truly High Availability (HA) solutions
Neither are offered in Exchange Server 2010 (Beta)
Do not invest in a streaming backup solutions, invest in Volume
Shadow Copy Service (VSS)
Do not deploy a third-party Archiving solution today to solve the
PST problem, instead enable larger mailboxes and retain data in
the mailbox
Mailbox archiving will be built-in to Exchange Server 2010 (Beta)
Third-party compliance solutions are OK, but ensure there is a
roadmap for future versions
Ensure that the database names are unique across the
Exchange Organization
23
Do not deploy an Exchange UM Fax solution, rely on
third party solutions
Plan for the upgrade or replacement of mobile devices
that are lower than Windows Mobile 5.0
Plan for the upgrade of Outlook clients that are lower
than Outlook 2003
Deploy a CAS certificate solution that covers:
Exchange Fax that will be deprecated in Exchange
Server 2010 (Beta)
OWA/EAS namespace (e.g. mail.foo.com)
Autodiscover namespace
Legacy namespace (e.g. legacy.foo.com)
Key architectural changes

Exchange Server 2010 (Beta) reduces storage
I/O and enables large mailbox scenarios while
providing built-in data availability mechanisms
Exchange Server 2010 (Beta) provides a true
middle tier access methodology for all client
access mechanisms
Exchange Server 2010 (Beta) introduces true
transport resiliency which enables transport to
become stateless
24
25
Module Number 14
Today’s Exchange Online

Exchange Online & Exchange Server 2010
Reduced feature gaps
Cross-premises coexistence
New management tools
Release schedule
Q&A
1
(others being
added)
Business Productivity Online Suite (BPOS)
Exchange infrastructure is based on Exchange Server 2007 SP1
Available today in 20 countries 99.9% uptime SLA

Unified provisioning, billing and (financially-backed)
management across services 24x7 IT Pro support
Exchange
Exchange
Exchange
Exchange
Multiple customers, one architecture Single customer per architecture

5 seat minimum 5,000 seat minimum
Rapid, standardized deployment Many customization options
All connectivity to hosted environment VPN or dedicated circuit links customer
occurs over public Internet site to Exchange environment
2
Protection and Anywhere Flexible and
Compliance Access Reliable
• E-mail Archiving • Manage Inbox Overload • Continuous Availability
• Protect Communications • Enhance Voice Mail • Simplify Administration
• Advanced Security • Collaborate Effectively • Deployment Flexibility
Native multi-tenancy Tested with Live@edu

Built for hybrid deployments Hosted by Exchange team
Brings new Exchange Improves coexistence Gives administrators

Server capabilities between on-premises more control over the
to the cloud and online users online environment
Co-Existence
On-Premises Hosted Service
Deploy Exchange in a Fashion That Best Fits

Business Needs with Choice of Delivery
3
Features from Exchange Server 2007
Transport Rules Managed Folders Voice Mail and Unified Messaging
Features from Exchange Server 2010

Meet legal and compliance needs Help users prevent e-mail mistakes with MailTips
with cross-mailbox search
Apply RMS protection with transport rules
Eliminate PSTs with

Personal Archive
Similar to UM branch office deployment

Customer has on-premise telephony equipment
Session Border Controller (SBC) connects on-premises
telephony environment to Exchange Online
PBX stays on-
premises
HubT
UM Exchange Online
hosts mailboxes
PSTN Internet and UM servers
CAS
PBX and Office Phones

8 Microsoft Confidential MBX
4
Microsoft Services Connector
Single identity, single sign-on
Directory Sync Tool
User provisioning and unified GAL Microsoft
Federation Gateway
Active Exchange Server 2010

Directory • Cross-premises free/busy
• Federated message delivery
• Native mailbox migration Key aspects of coexistence:
 Identity and authentication
 Directory coexistence
Exchange Server  E-mail coexistence
2003/2007  Calendar coexistence
 Data migration
Microsoft Dynamics SharePoint

Enterprise
Apps
ISV Apps cloud services CRM Online Online
Azure Services Platform Exchange

OC Online
Microsoft Federation Online
Gateway Microsoft Online
Federated sharing
Fabrikam
Single sign-on Microsoft
Services
Contoso
Connector
Employee
Active Exchange
Directory Exchange
Sharing with partners Cross-premises coexistence Single sign-on / single identity

Calendar sharing Calendar sharing and free/busy Exchange Online
Contact sharing Secure message delivery Microsoft Online Services
Federated RMS Applications hosted on Azure
10 Message tracking Microsoft Confidential
5
Exchange Online user
Exchange Online user
Process is the same as setting up On-premises and online users can see
free/busy sharing with business partners each other’s free busy calendar data
No client configuration needed Maintains consistent user experience
during migration and coexistence
Microsoft
Federation
Invisible to end users Gateway
Sending side encrypts and routes to
a Federated Delivery address
Exchange
Receiving side validates, decrypts, Contoso Online
and reroutes to final recipients fed-del@service.contoso.com
Uses same Sharing Relationship E14 E14

configuration as free/busy
calendar sharing
Provides functionality similar to
Transport Layer Security (TLS)
To: ed@contoso.com To: ed@contoso.com
From: sara@contoso.com From: sara@contoso.com
Key advantage: Outbound mail can be routed through

on-premises e-mail infrastructure for custom processing
6
Today
Single sign-on via Online “2010”
stored password Single sign-on via
federation
Connector or ADFS
Microsoft Services
User benefits
Same identity on-premises and in the cloud
Active
No need to manage separate passwords
Directory
Used across multiple Online Services
Administrator benefits
No sign-on application to manage across desktops
Passwords not synchronized to the cloud
Retain security control over user accounts
No changes to enterprise deployment of AD
Based on Geneva (Active Directory Federation Services v2)

Simplified for service scenarios
Quick and easy setup
Free download
Installed as an IIS website
Admin proves domain ownership with SSL certificate
Supports range of network infrastructures:
Single server, server farm, proxy server
Single identity
(use domain password)
Single sign-on
(no password prompt)  Outlook 2007
Client  Windows Mobile
support:  Outlook 14 (w/ Windows 7)  Entourage
 Outlook Web Access  PowerShell
 POP/IMAP
7
Move mailboxes to
cloud with Exchange
Management Console
Migrate mailboxes
with built-in wizards
View migration status
and statistics
Uses same replication engine as on-premises mailbox

moves
Asynchronous design improves fault-tolerance
Mailbox is moved, not copied (reduces risk of admin error)
OST resync is not required after mailbox move
Includes support for moving mailboxes back on-premises
On-premises
E2K3
Mailbox Migration
E2K7
E14 CAS
E14 Supports migration from Exchange 2003,

Exchange 2007, and Exchange 14 on-premises
8
Exchange Control Panel
Perform or delegate common admin
tasks via a Web-based GUI
Exchange Management Console

Manage online and on-premises
mailboxes in one place
Remote PowerShell
Manage the hosted Exchange
environment via command line
Adds new web-based

management features
Capabilities can be
delegated beyond IT
9
Manage on-premises
and online Exchange
forests in the same
console
Manage recipients in
the cloud
Configure properties of
online Exchange forest
Move mailboxes to the
cloud
PowerShell v2 lets you execute

commands over the Internet
Access is controlled via RBAC
Allows scripting and
> New-DynamicDistributionGroup
-Name "Florida Sales and Marketing"
automation of routine tasks
-IncludedRecipients MailboxUsers
-ConditionalDepartment Sales, Marketing
-ConditionalStateOrProvince Florida
10
Q1 Q2 Q3 Q4 Q1 Q2 Q3
Exchange Online will transition to Exchange

Server 2010 next year
Online beta: Q4 2009
Online launch: H1 2010
Customers can control the timing of their upgrade
(waiting up to 12 months, if desired)
New server features Improved migration Better administration

available online and coexistence and control
 Messaging Records  Single identity (log in using  Enhanced web
Management domain credentials) administration portal
 Transport rules  Calendar coexistence  Exchange Management
 Unified Messaging (shared free/busy) Console
 New features from  Native migration tools  Remote PowerShell
Choose between server, service,

or a seamless mix of both
11
12

Exchange Server 2010 (Beta) - Student Manual

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Exchange Server 2010 (Beta) - Student Manual

Uploaded by

Copyright:

Available Formats

Exchange Server 2010 (Beta) Ignite

Flexible and Anywhere Protection and

Deployment Flexibility Manage Inbox E-mail Archiving

Delivered in Exchange Server 2007

Building on these Investments in Exchange Server 2010 (Beta)

Deploy Exchange in a Fashion That Best Fits

On-Premises Hosted Service

Storage Area Direct Attached Direct Attached JBOD SATA

70% reduction in IOPS E2K3

Simplified Mailbox High Availability and

Mailbox Mailbox Mailbox

Evolution of Continuous Replication technology

Users remain online while their

Mailbox Server 1 Mailbox Server 2

Guard Against Lost E-Mail Due to Hardware

Conduct Mailbox Update Employee

Lower Support Costs Through New User Self-

Track the status of

Create and manage

Delivered in Exchange Server 2007

Building on these Investments in Exchange Server 2010 (Beta)

Organize and Navigate with Ease Using

Quickly Triage and Take Action on Messages

Text Preview Audio Playback

A Familiar and Rich Outlook Experience

Desktop Web Mobile

One Location for E-Mail, Instant Messages,

Protection and Compliance

Delivered in Exchange Server 2007

Building on these Investments in Exchange Server 2010 (Beta)

Drag and drop

…or set folders to

Apply Granular Per Message and Per Folder

Easily Refine and

Safeguard Sensitive Information with Integrated

Across the Across multiple Between partners

Apply RMS polices

Stop Malicious Software and Spam from

Hub Transport Server Mailbox Server Client Access Server

Antivirus and anti-spam protection for

Multiple scan engines throughout the corporate infrastructure

• Microsoft hosted enterprise messaging solution

• Unified Messaging and more efficient collaboration

Globally distributed customers and partners

High cost of communications

Increasing security and compliance

Exercise 1, Steps 1 & 2, start the virtual

Large and/or complex organizations

To deploy server roles, use this sequence:

All client connections are routed through a Client Access

Preparing Active Directory

NOTE – If installing the mailbox HA features, you can pre-

Complete Exercise 1 by installing

Verify the installation

Must be installed on its own separate physical

Edge synchronization is needed to use the Recipient Lookup and Safe

You can create additional address books if you need them

Verify successful installation of the Unified Messaging

Windows Server 2008 Hyper-V Host

Follow current Exchange deployment and planning

Overview of product team testing and

Testing limited to prioritized scenarios

Processor core ratios