http://technet.microsoft.com/en-us/library/aa996719%28v=exchg.150%29.aspx http://technet.microsoft.com/en-us/library/cc731125(v=ws.10).aspx 1
4/16/2013 Exchange 2010 Architecture Client Access Hub Transport, Unified Messaging AuthN, Proxy, Re-direct Protocols, API, Biz-logic Mailbox Assistants, Store, CI Store, CI Validate existing Client Access using Remote Connectivity Analyzer and test connectivity cmdlets 2. Deploy Exchange 2013 servers E2010 CAS 3 E2013 CAS Exchange 2010 Servers SP3 SP3 SP3 Intranet site 6 5 E2010 MBX E2013 MBX Internet-facing site upgrade first Mailbox (includes Hub Transport / Unified Msg) 2 1 Prepare AD with Exchange 2013 schema and validate 2. Deploy Exchange 2013 servers 5 Install both Exchange 2013 MBX and CAS servers E2010 HUB Client Access Install Exchange 2007 SP3 + RU across the ORG autodiscover.contoso.com mail.contoso.com 3 legacy.contoso.com Prepare AD with Exchange 2013 schema 4 Protocols, Assistants, API, Biz-logic Clients Install Exchange 2010 SP3 across the ORG 2 1 AuthN, Proxy, Re-direct 1. Prepare 1. Prepare Clients Layer 4 Load balancing Layer 7 Load balancing Hardware Load Balancer autodiscover.contoso.com mail.contoso.com Exchange 2013 Architecture 3. Obtain and deploy certificates Obtain and deploy certificates on Exchange 2013 Client Access Servers 4. Switch primary namespace to Exchange 2013 CAS Exchange 2013 fields all traffic, including traffic from Exchange 2010 users E2007 SP3 CAS E2007 SP3 HUB E2013 CAS Intranet site Build out DAG Move Exchange 2010 users to Exchange 2013 MBX 6. Repeat for additional sites 5. Switch primary namespace to Exchange 2013 CAS Validate using Remote Connectivity Analyzer 7 6 5. Move Mailboxes Exchange 2007 Servers RU RU RU RU Validate using Remote Connectivity Analyzer Prepare 4 Install both Exchange 2013 MBX and CAS servers 3. Create legacy namespace Create DNS record to point to legacy Exchange 2007 CAS 4. Obtain and Deploy Certificates Obtain and deploy certificates on Exchange 2013 CAS servers configured with legacy namespace, Exchange 2013 namespace, and autodiscover namespace Deploy certificates on Exchange 2007 CAS E2007 SP3 MBX E2013 MBX Internet-facing site upgrade first 6. Move mailboxes Build out DAG Move Exchange 2007 users to Exchange 2013 MBX 7. Repeat for additional sites 1 2 1 Install Install Exchange 2007 SP3 + coexistence RU using same steps as previous Exchange 2007 roll-ups Prepare Active Directory with Exchange 2013 schema Validate existing client access using Remote Connectivity Analyzer and test connectivity cmdlets http://www.exrca.com Setup.exe /mode:install /roles:clientaccess Setup.exe /mode:install /roles:mailbox Setup.exe /mode:install /roles:managementtools Other required parameter - /IAcceptExchangeServerLicenseTerms MBX performs PowerShell commands CAS is proxy only GUI or command line In-place upgrades not supported Updated to reflect Exchange 2013 roles New required parameter for license terms acceptance 2
Create Legacy Namespace 13 14 Used to access Exchange 2007 during coexistence Legacy.contoso.com First notification shown 30 days prior to expiration Subsequent notifications provided daily http://www.exrca.com Certificates 14 Namespace 5 Minimize the number of certificates Minimize number of host names Use split DNS for Exchange host names mail.contoso.com for Exchange connectivity on intranet and Internet mail.contoso.com has different IP addresses in intranet/internet DNS Don t list machine host names in certificate host name list Use load-balanced (LB) arrays for intranet and Internet access to servers Use Subject Alternative Name (SAN) certificate Exchange 2010 Coexistence OWA mail.contoso.com Layer 4 LB europe.mail.contoso.com Layer 7 LB Protocol Head RPC E2010 CAS Store IIS HTTP Proxy E2013 CAS Protocol Head Site Boundary Protocol Head RPC E2010 CAS Store Cross-Site Redirect Request DB DB DB E2010 MBX E2013 MBX E2010 MBX Cross-Site Proxy Request 3
Exchange 2007 Coexistence Legacy.contoso.com mail.contoso.com europe.mail.contoso.com Layer 7 LB Layer 4 LB Layer 7 LB Protocol Head RPC E2007 CAS Store IIS OWA HTTP Proxy E2013 CAS Protocol Head Site Boundary Protocol Head E2007 CAS RPC Store Cross-Site Redirect Request Protocol Exchange 2007 user accessing Exchange 2007 user accessing Exchange 2010 user accessing Exchange 2010 namespace Exchange 2013 namespace Exchange 2013 namespace Requires Legacy namespace Legacy namespace No additional namespaces OWA Same AD site: silent or SSO FBA redirect Non-silent redirect (not SSO) to CAS 2007 Proxy to CAS 2010 Externally facing AD site: manual or silent/sso externally facing URL Cross-site silent redirect (not SSO), which may Cross-site redirect redirect to CAS 2010 or CAS 2013 Internally facing AD site: proxy EAS EAS v12.1+ : Autodiscover & redirect Proxy to MBX 2013 Proxy to CAS 2010 Older EAS devices: proxy Outlook Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010 Anywhere Autodiscover Direct CAS 2010 support Redirect to CAS 2007 externally facing URL Proxy to CAS 2010 EWS Autodiscover Autodiscover Proxy to CAS 2010 POP/IMAP Proxy Proxy to CAS 2007 Proxy to CAS 2010 OAB Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010 DB E2007 MBX DB E2013 MBX DB E2007MBX Cross-Site Proxy Request RPS n/a n/a Proxy to CAS 2010 ECP n/a n/a Proxy to CAS 2010 Cross-site redirect, which may redirect to CAS 2010 or CAS 2013 Move Mail 6 http://technet.microsoft.com/en-us/library/jj150486%28v=exchg.150%29.aspx 4
Hypervisors Host-based clustering Migration Jetstress in guests Dynamic memory & memory overcommit Hypervisor snapshots Apps on the root Significant processor oversubscription Exchange roles Differencing/delta disks Storage 5
6
*** Second Session *** Next generation of Forefront Online Protection for Exchange (FOPE) Comprehensive protection Enterprise class reliability Streamlined administration console 7
On-premises Directory Sync Exchange Online Protection ADFS (optional) Single sign on Existing email environment Bulk Mail control Mark all bulk messages as spam Block external threats quickly Advanced fingerprinting technologies that identify and stop new spam and phishing vectors in real time. Block unwanted email based on language or geographic origin 8
Recommendation: Send suspected junk mail to the Outlook junk mail folder. Spam quarantine managed by administrators. Users can manage safe senders and block lists through Outlook. Outlook Junk Mail Reporting Tool for missed spam http://www.microsoft.com/enus/download/details.aspx?id=18275 Send spam email as an attachment to abuse@messaging.microsoft.com Send false positive messages to false_positive@messaging.microsoft.com Email is routed to EOP DC based on MX record resolution (Contoso-com.mail.protection.outlook.com) Virus IP-based edge Scanning blocks Envelope blocks Multiple AV Engines Policy Enforcement Custom Rules Spam Analysts SPAM Protection Safe Sender/Recipient Content scanning and Heuristics SPF & Sender ID Filter Customer Feedback False Positives and False Negatives Corporate Network Virus Scanning Multiple AV Engines Policy Enforcement Custom Rules SPAM Protection Content scanning and Heuristics Advanced SPAM management Low Score Bulk Mail Outbound Pool Outbound Pool Outbound Pool Bulk Delivery Pool EOP Network Quarantine Bulk Mail filtering International Spam Advanced SPAM management Corporate Network EOP Network Quarantine Spam Analysts High Score High Risk Delivery Pool Internet Delete messages Delete attachments Robust, customizable notifications 9
Built on Exchange transport rules engine Conditions Actions Exceptions 10
11
Administration Console Policy Rules EOP Console with similar look/feel to Exchange 2013 and Office 365 Flexible rules based on Exchange Transport Rules engine with attachment scanning FOPE Specific FOPE Console with different look/feel. FOPE specific policy rules Available Today! RegEx.Net RegEx Engine Basic RegEx Regional Routing EU and US routing US Only Intelligent Routing Criteria Based Routing Virtual Domains Reporting Detailed online reports and downloadable excel Online reports only workbook Spam management Granular spam management including bulk mail Granular spam management and international spam blocking Malware Multi-engine anti-malware scanning with Multi-engine anti-malware attachment blocking scanning Quarantine Admin Only (at GA) End-User and Admin Access Migration from FOPE Protect communications Enforce policy Streamlined management 12