Professional Documents
Culture Documents
Server Deployment
Small organizations
Scenarios
Exchange Online
Small
and
Medium-Size
Organizations
Server Deployment
Scenarios
andand/or
Complex
Organization
Large
complex
organizations
Large
Consider all-in-one server
Mailbox/CAS/HUB
Used by MSIT, BPOS, large customers
Deployment Changes
Features Dropped
Replication Options
Inbound Fax
Clustering Change
Storage groups
Streaming backups
WebDAV
32-bit Client Administration Tools
Inbound FAX
Deployment Prerequisites
Supported Upgrade Path
Deployment Prerequisites
Supported Upgrade Path
Deployment sequence
Client Access server role
Hub Transport server role
Unified Messaging server role (optional)
Mailbox server role
Edge Transport server role (optional) on
separate server
AKA as the CHUM file deployment order
Deployment Prerequisites
Active Directory
Minimum requirements
Windows Server 2003 SP1 global catalog server
is installed in each Exchange Active Directory
site
Windows Server 2003 forest functional level
ADRAP is recommended
Deployment Prerequisites
Active Directory
http://blogs.technet.com/askds/archive/2009/07/01/getting-over-replmon.
aspx
Windows Update
Deployment Prerequisites
Active Directory
/PrepareSchema
/PrepareAD
Requires Enterprise Administrator
Exchange Organization Administrator rights if the enterprise
administrators have been explicitly denied access to the
Exchange configuration
Requires /OrganizationName
/PrepareDomain
Requires Domain Administrator rights
Deployment Prerequisites
Server OS Preparation
Windows Server 2008 SP2 Platform
Pre-reqs
Deployment Prerequisites
Server OS Preparation
Required Hotfixes
Deployment Prerequisites
Server OS Preparation
Required Components
Deployment Prerequisites
Server OS Preparation
Automate Windows 2008 SP2 OS prereqs
ServerManagerCmd -i RSAT-ADDS Web-Server WebMetabase Web-Lgcy-Mgmt-Console Web-ISAPI-Ext NETHTTP-Activation Web-Basic-Auth Web-Digest-Auth WebWindows-Auth Web-Dyn-Compression RPC-over-HTTPproxy Web-Net-Ext Restart
Deployment Prerequisites
Server OS Preparation
Automate Windows 2008 R2 OS prereqs
Use Add-WindowsFeature cmdlet instead
of Server Manager or ServerManagerCmd
Import-Module ServerManager
Add-WindowsFeature NET-Framework,RSAT-ADDS,WebServer,Web-Basic-Auth,Web-Windows-Auth,WebMetabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WASProcess-Model,RSAT-Web-Server,Web-ISAPI-Ext,WebDigest-Auth,Web-Dyn-Compression,NET-HTTPActivation,RPC-Over-HTTP-Proxy Restart
http://technet.microsoft.com/en-us/library
/bb691354(EXCHG.141).aspx
Deployment Prerequisites
Server OS Preparation
Automate platform pre-reqs
Language Packs
Language
Packs
installed
from splash
screen
28
Post-Installation Activities
Secure the Client Access server messaging
environment
Configure Autodiscover
Configure OAB distribution point
Optional
Configure Availability service for other Exchange
organizations
Configure Federation
Enable Outlook Anywhere
29
30
31
32
E-discovery
Message Approval
Federated Email
Move these to another server if
decommissioning the 1st MBX server deployed
34
Deployment
Infrastructure placement: corporate
network
Requires Mailbox and Hub Transport
server roles
37
Latest Documentation on
TechNet
http://technet.microsoft.com/enus/library/aa998636(EXCHG.141).aspx
39
Virtualization
Virtualization Supportability
Exchange 2010
Supported
Root: Hyper-V or SVVP
Guest:
Exchange 2010
Windows 2008 SP2 or Windows 2008 R2
Mailbox, Client Access, Hub Transport, Edge roles
Meets basic Exchange system requirements
Storage is fixed Virtual Hard Disk (VHD), SCSI pass through, or iSCSI
Not Supported
Combination of Exchange Mailbox HA and hypervisor-based
clustering or migration technologies
Snapshots, differencing/delta disks
VSS backup of root for pass-through disks
Unified Messaging role
Virtual/logical proc ratio greater than 2:1
Applications running in root partition
41
Virtualization
Best Practices
Virtualization
Deployment Recommendations
Virtualization
Root OS and Exchange Configuration
Separate LUN/Arrays for Root OS, Guest OS
VHDs and Hyper-V/VM Storage
LUNs should employ RAID to provide data protection
and performance
Virtualization
Guest OS Configuration
Virtualization
Exchange Storage Configuration
Contoso
No user action
or client
publishing
Joe
Free busy
request
Convenient
joe@contoso.com
Free busy
response
fabrikam\mary
No directory
replication
Client
Access
No service accounts, no
Token:replication
mary@fabrikam.com
Secure
Federated
contoso.com
Org
Relationship
Federated
Trust
Federated
token
Client
Access
Admin
controls
which users
participate
No AD trusts
No AD trusts
fabrikam.com
Can specify external
or serviceusers
Org
accounts
Microsoft
Relationship
Admin
controls
Admin can control per user which
Mailbo
orgs have
Federatio
x
access
n
Federated
Gateway
Trust
DNS Record
Federation
Gateway
Certificate
Organization Id: A154
contoso.com
Domains:
Contoso
Certificate
Federation trust
Organization ID:
A154
URL: http://...
DNS Record
contoso.com TXT B42a
Federation Gateway
FederationTrust
object
AD
DS
Federation
Gateway
Current Certificate: 1
Uploads public
cert to gateway
New-FederationTrust
thumbprint a05c2f..
Certificate 1
Import-ExchangeCertificate
Imports certificate from a file
into the local machines
certificate store
2010
CAS/HUB
2010 CAS/HUB
Cert
distributi
on
Service
Certificate 1
53
Organization Relationship
Commands - Configure Per Organization
Enter External Organization
info
Domain name, endpoint
Discover info with cmdlet
Set the dial
Maximum level of detail
Scope target users
Specify which users in
your org will share their
Free/Busy
Does not restrict
outbound Free/Busy
requests
fabrikam.com
Get-FederationInformation
DomainName contoso.com |
New-OrganizationRelationship
Set-OrganizationRelationship
FreeBusyAccessEnabled $TRUE
-FreeBusyAccessLevel LimitedDetails
Set-OrganizationRelationship
-FreeBusyAccessScope department1
organizations
contoso.com
Free/ Busy
request
Fabrikam
joe@contoso.com
joe@contoso.com
CAS
Org-Org relationship
Domain: contoso.com
Endpoint: https://...
Exchange
server submits
signed request
for token on
behalf of user
Gateway
verifies
signature,
ensures e-mail
alias matches
domains
Token request
Alias:
mary@fabrikam.com
To: contoso.com
For: Free/Busy
Free/Busy
response
joe@contoso.com
joe@contoso.com
Contoso
Federated Token
Free/Busy
response
Free/Busy
request
4
Federated Token
Alias:
mary@fabrikam.com
To: contoso.com
For: Free/Busy
Crack token,
6
lookup info for
requesting org,
and enforce
restrictions
Encrypted token
has requestors email address, can
only be cracked by
target org
MS Federation Gateway
Organization Id: C293
Domains: fabrikam.com
CAS
Org-Org relationship
Domain: fabrikam.com
Freebusy: true
Level: Free/Busy
Group: Department1
No accounts need to
be managed
Signs token and
encrypts with target
orgs public key.
Encrypte
d
55
joe@contoso.com
Exchange 2010
Client Access
Server
Exchange Server
2007 SP2 Client
Access Server
Add-AvailabilityAddressSpace
-ForestName contoso.com
-AccessMethodInternalProxy
Fabrikam
56
people
Mary
57
Same approach as
federated calendar
sharing
Same invitation
model
Same server-based
subscription model
Exchange 2010 and
Outlook Web App or
Outlook 2010
required for setup
OLK/OWA 2007 can
view calendars once
sync relationship
58
Sharing Policy
Default Policy
User can share Free/Busy with
anyone
Contoso
Mailbox: Joe
Sharing Policy: Default Policy
Default Policy:
Domain
Calendar
Contacts
Freebusy
None
Mailbox: Bill
Sharing Policy: Sales Policy
Sales Policy:
Domain
Calendar
Contacts
Freebusy
None
fabrikam.co
m
Reviewer
Reviewer
59
ISV Apps
Microsoft
cloud services
Microsoft
Federation
Gateway
Single sign-on
Dynamics
CRM
Online
SharePoint
Online
Exchange
Online
OC Online
Microsoft Online
Federated sharing
Fabrikam
Geneva
Employe
e
Contoso
AD DS
Exchange
Exchange
Cross-premises coexistence
Single sign-on/single identity
Free/Busy sharing
Exchange Online
Full calendar sharing
Microsoft Online Services
Secure message delivery
Applications hosted on Azure
Mailbox move
60
Federated Delegation
Simplified Setup in Exchange 2010
SP1
Reduces certificate headaches
Certificate
Current Gateway
contoso.com
Contoso
Certificate
fabrikam.com
Federation trust
Organization ID:
C293
URL: http://...
Federation trust
Organization ID:
F145
URL: http://...
New Gateway
contoso.com
fabrikam.com
Federation trust
Organization ID:
A154
URL: http://...
Federation trust
Organization ID:
G621
URL: http://...
Federation Summary
Planning services
http
://technet.microsoft.com/en-us/exchange/default.as
px
http
://technet.microsoft.com/en-us/library/cc261834.as
px
Microsoft IT Showcase Webcasts http
://www.microsoft.com/howmicrosoftdoesitwebcasts
2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S.
and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond
to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.