Setup, Deployment, and Server

Role Configuration Module

Exchange Deployment Planning Services

Agenda of this module

Deployment scenarios
Deployment prerequisites
Role setup and configuration
Edge Transport server role
Client Access server role
Hub Transport server role
Mailbox server role
Unified Messaging server role
Virtualization deployment guidelines
Federation

Setup and Deployment

Audience
Ideal audience for this workshop
Messaging SME
Networking SME
Security SME

Setup, Deployment, and

Server role configuration
In this module focus on the following:
How to setup and deploy Exchange
2010 server roles
Recommended deployment method

Setup, Deployment, and

Server role configuration
After this module you should have:
Understanding of where your
organization stands in relation to
Exchange 2010 requirements
A high level list of tasks to accomplish
prior to the deployment effort
How to deploy Exchange 2010
infrastructure at a high level

Agenda of this module

Deployment scenarios
Deployment prerequisites
Role setup and configuration
Edge Transport server role
Client Access server role
Hub Transport server role
Mailbox server role
Unified Messaging server role
Virtualization deployment guidelines
Federation

Server Deployment
Small organizations
Scenarios

Exchange Online
Small
and
Medium-Size
Organizations

Combined role servers can run all roles on 2 servers

(including DAG)

Third server needed to act as witness server

Mid-market multiple servers to run

Active Directory Domain Services (AD DS)
Dedicated Mailbox server role
Client Access server and Hub Transport server role
potentially combine
Unified Messaging server role (optional, dedicated)**
Combined roles
Can install Hub, CAS and/or UM on a Mailbox server that is
part of DAG
Cannot combine Edge Server role with other roles
UM combination only recommended in a single server
deployment

Server Deployment
Scenarios

andand/or
Complex
Organization
Large
complex
organizations
Large
Consider all-in-one server
Mailbox/CAS/HUB
Used by MSIT, BPOS, large customers

Consider dedicated server(s) for:

Low core count servers/limited RAM
Unified Messaging server role (optional)
Edge Transport server role (must be
dedicated)

Follow current best practices for Active

Directory infrastructure

Deployment Changes
Features Dropped
Replication Options

LCR: Local continuous replication

CCR: Cluster Continuous Replication
SCC: Single Copy Cluster
Log shipping via Server Message Block (SMB)

Inbound Fax
Clustering Change

Clustered mailbox servers

Running setup in cluster mode
Moving a clustered mailbox server

Storage groups

Properties moved to database objects

Streaming backups
WebDAV
32-bit Client Administration Tools

Inbound FAX

UM retains Exchange Server 2007 UM fax

configuration properties, and will continue to be
sensitive to fax tone on calls that it answers
If fax tone is detected, UM will look at a new configuration
property on UM Mailbox Policy objects (FaxServerURI) to
determine if an Exchange 2010 UM partner fax solution is
installed (and if so, where)
If a value is found for the property, UM will attempt to
hand off the call in progress to the partner fax solution
the partner fax solution will establish a fax media session
with the sender, create a fax message and send it to the
UM-enabled users mailbox

Messages created by Exchange 2010 UM partner

fax solutions will look essentially the same as those
created by Exchange Server 2007 UM, and will
appear as a fax when the user is UM-enabled

Agenda of this module

Deployment scenarios
Deployment prerequisites
Role setup and configuration
Edge Transport server role
Client Access server role
Hub Transport server role
Mailbox server role
Unified Messaging server role
Virtualization deployment guidelines
Federation

Deployment Prerequisites
Supported Upgrade Path

In-place upgrades are not a valid scenario

You cannot add an Exchange 2010 server to an existing
Exchange organization if it contains Exchange Server 5.5 or
2000 servers
You cannot add Exchange Server 2007 servers to an
Exchange 2010 organization that doesnt have existing
Exchange Server 2007

Greenfield Exchange 2010

Upgraded directly from Exchange 2003 to Exchange 2010

Exchange organization must be in native mode

Exchange Server 2003 and 2007 servers must be at the
following service pack levels to add 2010 servers to the org:
Exchange Server 2003 SP2
Exchange Server 2007 SP2 for the following:

All CAS servers in the organization

All UM servers in the organization
All Exchange Servers in any Active Directory site that will contain
Exchange 2010 servers

Deployment Prerequisites
Supported Upgrade Path

Deployment sequence
Client Access server role
Hub Transport server role
Unified Messaging server role (optional)
Mailbox server role
Edge Transport server role (optional) on
separate server
AKA as the CHUM file deployment order

Deployment Prerequisites
Active Directory

Minimum requirements
Windows Server 2003 SP1 global catalog server
is installed in each Exchange Active Directory
site
Windows Server 2003 forest functional level
ADRAP is recommended

Supported versions of Active Directory

Windows Server 2003 SP2 and R2
Windows Server 2008 SP2 and R2

Deployment Prerequisites
Active Directory

Validate existing environment

DCDiag: basic domain diagnostics
NetDiag: network diagnostics
Monitor replication health
2003: REPLMON
2008: REPadmin

http://blogs.technet.com/askds/archive/2009/07/01/getting-over-replmon.
aspx

NETDom: domain and trust diagnostics

ExBPA
Requires Exchange 2010 SP1

Windows Update

Deployment Prerequisites
Active Directory

/PrepareSchema

Requires Schema Administrator and Enterprise Administrator

rights
Must be done from a 64-bit server with prerequisites installed
Verify replication
Organization name not required

/PrepareAD
Requires Enterprise Administrator
Exchange Organization Administrator rights if the enterprise
administrators have been explicitly denied access to the
Exchange configuration
Requires /OrganizationName

/PrepareDomain
Requires Domain Administrator rights

Deployment Prerequisites

Server OS Preparation
Windows Server 2008 SP2 Platform
Pre-reqs

.NET Framework 3.5 SP1

.NET Framework 3.5 Family Update
Windows Management Framework
(WinRM 2.0 and Windows PowerShell v2)
RTM: Hub / Mailbox: Microsoft Filter Pack
SP1: Hub / Mailbox:
Office 2010 Filter Packs

Windows Server 2008 R2 Platform Prereqs

Deployment Prerequisites
Server OS Preparation
Required Hotfixes

Client Access Servers

KB983440 Win7 rollup package (PR for QFE
810219)
KB977020 FIX: An applicationthrows an
exception on a computer that is running
Windows 7
KB982867 WCF: Enable WebHeader settings
on the RST/SCT
Optional: additional fix for WCF (KB972251)
for specific scenario where smartcards are
being used to authenticate access to ECP

Deployment Prerequisites
Server OS Preparation
Required Components

Unified Messaging Servers

UCMA Unified
Communications Managed API 2.0, Core Runtim
e (64-bit
)
Microsoft Server Speech Platform Runtime (x6
4)

Deployment Prerequisites

Server OS Preparation
Automate Windows 2008 SP2 OS prereqs

ServerManagerCmd -i RSAT-ADDS Web-Server WebMetabase Web-Lgcy-Mgmt-Console Web-ISAPI-Ext NETHTTP-Activation Web-Basic-Auth Web-Digest-Auth WebWindows-Auth Web-Dyn-Compression RPC-over-HTTPproxy Web-Net-Ext Restart

Pre-defined XML files available with

build
Typical Install (M/H/C)
ServerManagerCmd -ip <Exchange install
files>\Scripts\Exchange-Typical.xml -Restart

Deployment Prerequisites

Server OS Preparation
Automate Windows 2008 R2 OS prereqs
Use Add-WindowsFeature cmdlet instead
of Server Manager or ServerManagerCmd

Import-Module ServerManager
Add-WindowsFeature NET-Framework,RSAT-ADDS,WebServer,Web-Basic-Auth,Web-Windows-Auth,WebMetabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WASProcess-Model,RSAT-Web-Server,Web-ISAPI-Ext,WebDigest-Auth,Web-Dyn-Compression,NET-HTTPActivation,RPC-Over-HTTP-Proxy Restart

http://technet.microsoft.com/en-us/library
/bb691354(EXCHG.141).aspx

Deployment Prerequisites
Server OS Preparation
Automate platform pre-reqs

FilterPackx64.exe /quiet /norestart

dotNetFx35setup.exe /quiet /norestart

Client Access servers

Net.Tcp Port Sharing service set to
Automatic start
Need to manually set on Windows 2008 SP2
Set-Service NetTcpPortSharing -StartupType
Automatic

Setup New GUI Experience

Language Packs
Language
Packs
installed
from splash
screen

Setup New GUI Experience

Client Access servers: Internet-facing

Setup New GUI Experience

Organization Prerequisites: Greenfield

Setup New Experience (SP1)

Install required Windows Roles and Features

RTM -> SP1 Upgrade

Setup.com /m:upgrade /installwindowscomponents

Setup New GUI Experience

Apply strict split
(SP1)
permissions security model
Typically used by large orgs
that completely separate
responsibility for
management of Exchange
and Active Directory between
different groups of people
Removes ability for Exchange
servers and admins to create
Active Directory objects,
such as users, groups and
contacts, as well as the
ability to manage nonExchange attributes on those
objects

Client Access Server Role

Deployment

All client connections are routed through a Client Access

server installation, except Outlook public folder access
You must have at least one Client Access server role in
each site where Exchange 2010 Mailbox server(s) exist
CAS <-> Mailbox RPC communication requires a high
bandwidth/low latency network connection
Exchange 2010 CAS servers require FBA enabled on
Exchange Server 2003 and 2007 FE/CAS servers
If basic authentication is enabled, users will be prompted
twice for credentials
Can be an issue if using 3rd party reverse proxy solution
that doesnt support FBA

28

Client Access Server Role

Post-Installation Activities
Secure the Client Access server messaging
environment

Use the Security Configuration Wizard

Ensure that a valid third-party commercial SSL certificate or
Windows PKI certificate is installed on the Client Access
server

Configure Autodiscover
Configure OAB distribution point
Optional
Configure Availability service for other Exchange
organizations
Configure Federation
Enable Outlook Anywhere

Customize Exchange ActiveSync mailbox policies

29

Hub Transport Server Role

Deployment

You must have at least one Hub Transport server role in

each site where Exchange 2010 Mailbox server(s) exist
Hub <-> Mailbox RPC communication requires a high
bandwidth/low latency network connection

30

Hub Transport Server Role

Post-Installation Activities

Configure accepted domains

Create an accepted domain for each domain for
which you will accept email

Subscribe Edge Server/Perimeter Hygiene

Appliance
Configure Internet Mail Flow
Manual process if Edge is not configured

Configure external post master recipient

Configure cross-forest connectors
Move location of transport queue and
transport logs

31

Edge Transport Server Role

Deployment

It cannot have other roles installed

Infrastructure placement is in perimeter
network
The computer should not be member of
corporate Active Directory forest
The computer can be a member of a perimeter
network forest
Uses AD LDS to store configuration and
recipient information

32

Edge Transport Server Role

Post-Installation Activities

Verify successful role installation (setup logs,

etc.)
Set Administrator Permissions (local)
Lock down the server via the Security
Configuration Wizard
Configure the agents that provide the antivirus
and anti-spam protection, message policy, and
message security features (all are enabled by
default)
If installing additional Edge Transport servers,
you can execute a clone process to copy
certain information between Edge Transport
servers
33

Mailbox Server Role

Deployment

High Availability configured postdeployment

Requires high bandwidth/low latency
connections to CAS and HUB transport
servers in its site
1st MBX server deployed gets three system
mailboxes

E-discovery
Message Approval
Federated Email
Move these to another server if
decommissioning the 1st MBX server deployed

34

Mailbox Server Role

Post-Installation Activities

Verify successful installation of Mailbox server role

Configure permissions using the Exchange
administrator roles
Create mailboxes for users in your organization as
needed
Move mailboxes from an existing Exchange Server
Configure public folders (optional)
Configure Messaging Records Management
Configure continuous replication for data and service
availability
Configure backups for disaster recovery
Configure Calendar Concierge features
Configure out-of-office features
Configure the spam confidence level (SCL) junk e- 35
mail folder threshold

Mailbox Server Role

Offline Address Book

Create additional address books if you need them

either via Exchange Management Console or
Exchange Management Shell
The OAB can be distributed in two ways
Web service for Outlook 2007 or later clients
Public Folders for down-level clients

If you want to distribute the OAB via the web service,

you must configure the CAS server as an OAB
Distribution Point
The OAB data is copied from the Mailbox server role
to the Offline Address Book distribution points by a
new Exchange 2010 service, the Microsoft Exchange
File Distribution Service
36

Unified Messaging Server

Role

Deployment
Infrastructure placement: corporate
network
Requires Mailbox and Hub Transport
server roles

37

Unified Messaging Server

Role
Verify successful installation of the UM server role
Post-Installation
Activities
Add a UM server that will be in a new Dial Plan

Create and configure a UM Dial Plan

Add a UM server to an existing UM Dial Plan
Enable users for Unified Messaging
Ensure IP/ VoIP gateways or IP- PBX are configured
properly
Create and configure a UM IP Gateway
Create and configure UM mailbox policies
Optional: create and configure UM Hunt Groups
Optional: create and configure UM Auto Attendant

Add a UM server to an existing UM Dial Plan

Enable out-dialing
38

Latest Documentation on
TechNet

http://technet.microsoft.com/enus/library/aa998636(EXCHG.141).aspx

39

Virtualization

Windows Server 2008/R2 Hyper-V

Third party virtualization validated in
the Windows SVVP
Must meet all deployment guidelines
for non-virtualized systems
Storage Independent
DAS: direct attached storage
iSCSI: Internet small computer system
interface
Dedicated pass-through storage
40

Virtualization Supportability
Exchange 2010

Supported
Root: Hyper-V or SVVP
Guest:

Exchange 2010
Windows 2008 SP2 or Windows 2008 R2
Mailbox, Client Access, Hub Transport, Edge roles
Meets basic Exchange system requirements
Storage is fixed Virtual Hard Disk (VHD), SCSI pass through, or iSCSI

Not Supported
Combination of Exchange Mailbox HA and hypervisor-based
clustering or migration technologies
Snapshots, differencing/delta disks
VSS backup of root for pass-through disks
Unified Messaging role
Virtual/logical proc ratio greater than 2:1
Applications running in root partition

41

Virtualization
Best Practices

Follow current Exchange deployment and planning

guidance
Determine where virtualization actually makes sense
More power-savings and cost savings possible when
Exchange storage moves from SAN to DAS
Separate LUNs for Root OS, guest OS VHDs, and
Hyper-V/VM storage
Eliminate single-points-of-failure
Dedicate host resources according to design specs for
guests (processor and memory)
Proper host and guest performance testing
JetStress, LoadGen, Hyper-V Hypervisor Performance
Counters on host
42

Virtualization

Deployment Recommendations

Virtualization isnt free

Hypervisor adds overhead, must account for this
when sizing - ~5-12% in our Exchange 2010
tests
Workload costs rise as well, though this is more
difficult to characterize

Hyper-V does not change Exchange design

requirements from an application
perspective
Design for Performance, Reliability, and Capacity
(MBX/Hub/Edge)
Design for Usage Profiles (CAS/MBX)
43
Design for Message Profiles (Hub/Edge)

Virtualization
Root OS and Exchange Configuration
Separate LUN/Arrays for Root OS, Guest OS
VHDs and Hyper-V/VM Storage
LUNs should employ RAID to provide data protection
and performance

Exchange application is not Hyper-V aware

No plans to change Setup experience

Build out virtual machine configuration prior to

installing Exchange

Exchange sizing guidance is basically the same

for physical and Hyper-V systems
CPU and Memory rules of thumb apply
Account for impact of hypervisor when sizing the root44

Virtualization
Guest OS Configuration

Fixed VHDs for Virtual OS

Need to account for page file consumption in
addition to OS requirements
15GB + VM Memory Size = Minimum VHD size

VM Disk requirements for Exchange Roles must

include space for .BIN (even if its not used)
CAS = OS VHD Size + (VM Memory Size)
HUB = OS VHD Size + (VM Memory Size) + Queues
MBX = OS VHD Size + (VM Memory Size) + DBs + Logs
45

Virtualization
Exchange Storage Configuration

Exchange storage should be on spindles

separate from Guest OS VHD physical storage
Exchange storage must be Fixed VHD, SCSI
pass-through or iSCSI
Preference is to use SCSI pass through to host
Queues, DBs and Logfile streams
All disks should honor I/O stream segregation the
same as physical (separate DB and Log LUNs)

FC/SCSI HBAs must be configured to Root OS

and LUNs presented to VMs as pass through
or VHD
46

Agenda of this module

Deployment scenarios
Deployment prerequisites
Role setup and configuration
Edge Transport server role
Client Access server role
Hub Transport server role
Mailbox server role
Unified Messaging server role
Virtualization deployment guidelines
Federation

Benefits of Exchange 2010

Federation
Federated Sharing provides

Easy setup of external data sharing

Broader reach without additional steps to setup
More secure with controls for administrators and users

Federated Sharing possible through

Server can act on behalf of specific user
Specific user identified by e-mail address
User not prompted for credentials
Microsoft Federation Gateway acting as a trust broker
Reduces explicit point-to-point trust management
No AD DS trusts, service or cloud accounts to manage
Minimizes certificate exchanges
Verifies domain ownership

Free Busy WS and Federation

Exchange 2010
Fabrikam
Mary

Contoso

No user action
or client
publishing

Joe

Free busy
request

Convenient

joe@contoso.com

Free busy
response

No user action required

joe@contoso.com

fabrikam\mary
No directory
replication

Client
Access

No service accounts, no
Token:replication
mary@fabrikam.com

Secure
Federated

contoso.com

Org
Relationship

Federated
Trust

Federated
token

Client
Access

Admin
controls
which users
participate

No AD trusts

No AD trusts
fabrikam.com
Can specify external
or serviceusers
Org
accounts
Microsoft
Relationship
Admin
controls
Admin can control per user which
Mailbo
orgs have
Federatio
x
access
n
Federated
Gateway
Trust

Federated Delegation Setup

Fabrikam
Certificate
Federation trust
Organization ID:
C293
URL: http://...

DNS Record

Federation
Gateway
Certificate
Organization Id: A154
contoso.com
Domains:

Organization Id: C293

fabrikam.com
Domains:

fabrikam.com TXT 3F2j

Contoso
Certificate
Federation trust
Organization ID:
A154
URL: http://...

DNS Record
contoso.com TXT B42a

Step 1 Create trust with certificate exchange

Step 2 Prove domain ownership
Step 3 Add domains

Federation Gateway

Broker services only for the trusts

between Exchange organizations
No cached credentials in the cloud
Not a Microsoft passport / Windows
live credential set
Hosted in the Microsoft Cloud data
centre
Client access server (CAS) needs to
reach Microsoft Federation Gateway
(MFG) via the Internet
Cant be hosted in an isolated network

Federation Certificate Management

Reads the certificate from
local machine store and
set thumbprint in AD DS.

FederationTrust
object

AD
DS

Federation
Gateway

Current Certificate: 1

Uploads public
cert to gateway

New-FederationTrust
thumbprint a05c2f..

Organization Id: A154

Public Cert: 1

2010 Admin Box

Securely installs certificate to

all CAS/HUB servers in the
same site the task runs
Machine where task is run

Certificate 1

Local cert store

Import-ExchangeCertificate
Imports certificate from a file
into the local machines
certificate store

2010
CAS/HUB

2010 CAS/HUB

Servers in same site

where task is run
Certificate 1

Local cert store

Local service pulls

cert from remote
sites to all
CAS/HUB servers
based on
thumbprint
information in AD
DS

Cert
distributi
on
Service

Servers in other sites

Certificate 1

Local cert store

53

Organization Relationship
Commands - Configure Per Organization
Enter External Organization
info
Domain name, endpoint
Discover info with cmdlet
Set the dial
Maximum level of detail
Scope target users
Specify which users in
your org will share their
Free/Busy
Does not restrict
outbound Free/Busy
requests
fabrikam.com

Get-FederationInformation
DomainName contoso.com |
New-OrganizationRelationship
Set-OrganizationRelationship
FreeBusyAccessEnabled $TRUE
-FreeBusyAccessLevel LimitedDetails
Set-OrganizationRelationship
-FreeBusyAccessScope department1

organizations

contoso.com

Organization-level relationship removes need for individual AD DS54

Federated Free/Busy Access

Mar
y

Free/ Busy
request

Fabrikam

joe@contoso.com

joe@contoso.com

CAS

Org-Org relationship
Domain: contoso.com
Endpoint: https://...

Exchange
server submits
signed request
for token on
behalf of user

Gateway
verifies
signature,
ensures e-mail
alias matches
domains

Token request

Alias:
mary@fabrikam.com
To: contoso.com
For: Free/Busy

Free/Busy
response

joe@contoso.com

joe@contoso.com

Lookup info for

2
target org

Contoso

Federated Token

Free/Busy
response

Free/Busy
request

4
Federated Token

Alias:
mary@fabrikam.com
To: contoso.com
For: Free/Busy

Crack token,
6
lookup info for
requesting org,
and enforce
restrictions

Encrypted token
has requestors email address, can
only be cracked by
target org

MS Federation Gateway
Organization Id: C293
Domains: fabrikam.com

Organization Id: A154

Domains: contoso.com

CAS

Org-Org relationship
Domain: fabrikam.com
Freebusy: true
Level: Free/Busy
Group: Department1

All connections over

Secure Sockets
Layer (SSL)
No e-mail addresses
are stored in the
cloud

No accounts need to
be managed
Signs token and
encrypts with target
orgs public key.

Encrypte
d

55

Exchange 2010 Federated Free/Busy

Interop with Exchange Server 2007

Use Exchange 2010 to proxy down-level

requests
Configure Exchange Server 2007 Service Pack 2
(SP2) to proxy requests to Exchange 2010
Outlook 2007 still requires recipients in AD DS
Free/Busy
request

joe@contoso.com

Exchange 2010
Client Access
Server

Exchange Server
2007 SP2 Client
Access Server

Add-AvailabilityAddressSpace
-ForestName contoso.com
-AccessMethodInternalProxy

Fabrikam

56

Federated Calendar Sharing

Uses federation infrastructure

Requires federation trust, but not org-org
relationship
Joe

Ad-hoc, person-person sharing

people

Mary

Does not require person to be in the GAL

Relationship created with sharing invitation

Server maintains calendar subscription

Updated when user views the calendar
Server uses federated token to fetch data on
users behalf
Can be viewed by any client that views
mailbox folders
Attachments, attendees never not brought
over

Exchange Web Services supports

invitation, sync

57

Federated Contact Sharing

Same approach as
federated calendar
sharing
Same invitation
model
Same server-based
subscription model
Exchange 2010 and
Outlook Web App or
Outlook 2010
required for setup
OLK/OWA 2007 can
view calendars once
sync relationship

58

Sharing Policy

Sharing policy limits level of

personal sharing
Calendar Free/Busy, detailed
Free/Busy, reviewer
Contacts - reviewer
Identify specific domains or *
Enforced during invitations
Permissions monitored

Default Policy
User can share Free/Busy with
anyone

Admin can add policies

Apply per user

Contoso
Mailbox: Joe
Sharing Policy: Default Policy
Default Policy:
Domain

Calendar

Contacts

Freebusy

None

Mailbox: Bill
Sharing Policy: Sales Policy
Sales Policy:
Domain

Calendar

Contacts

Freebusy

None

fabrikam.co
m

Reviewer

Reviewer

59

Federation and Exchange

Online
Enterpris
e
Apps

ISV Apps

Azure Services Platform

Microsoft
cloud services
Microsoft
Federation
Gateway

Single sign-on

Dynamics
CRM
Online

SharePoint
Online

Exchange
Online

OC Online

Microsoft Online
Federated sharing
Fabrikam

Geneva

Employe
e

Sharing with partners

Free/Busy sharing
Full calendar sharing
Contact sharing

Contoso

AD DS

Exchange
Exchange

Cross-premises coexistence
Single sign-on/single identity
Free/Busy sharing
Exchange Online
Full calendar sharing
Microsoft Online Services
Secure message delivery
Applications hosted on Azure
Mailbox move

60

Federated Delegation
Simplified Setup in Exchange 2010
SP1
Reduces certificate headaches

Uses self-signed certificate by default

Exchange creates certificate for you
Still requires proof of domain ownership

Content of DNS TXT record slightly different

Run Get-FederatedDomainProof to get content

New Test-FederationTrust command

Helps to analyze issues

Federated Sharing New Gateway

If a customer
already
has federation set
Exchange
2010 RTM
only
up in Exchange 2010 RTM, they must
migrate to a new gateway in Exchange
2010 SP1.
Exchange 2010 SP1 customers use this
gateway by default when setting up the
federation trust.
Fabrikam

Certificate

Current Gateway
contoso.com

Contoso

Certificate

fabrikam.com
Federation trust
Organization ID:
C293
URL: http://...
Federation trust
Organization ID:
F145
URL: http://...

New Gateway
contoso.com
fabrikam.com

Federation trust
Organization ID:
A154
URL: http://...
Federation trust
Organization ID:
G621
URL: http://...

Federation Summary

Exchange Federated Sharing provides

Easy setup of external data sharing
Broader reach without additional steps to setup
More secure with controls for admins and users

Exchange Federated Sharing is convenient

Sharing between two organizations or two people
No trusts or service accounts
No end user accounts and credential prompts

Exchange Federated Sharing is secure

Control which organizations you share with
Control which users can share and at what level

Exchange Federated Sharing works with online

services

End of Setup, Deployment,

and Server Role
configuration Workshop

For More Information

Exchange Server Tech Center

Planning services

http
://technet.microsoft.com/en-us/exchange/default.as
px
http
://technet.microsoft.com/en-us/library/cc261834.as
px
Microsoft IT Showcase Webcasts http
://www.microsoft.com/howmicrosoftdoesitwebcasts

Microsoft TechNet http

://www.microsoft.com/technet/itshowcase

 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S.
and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond
to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.