| As most know Exchange 2010 is the latest version of | | | | If you wish to remotely manage your Exchange |
| Microsoft's email server. I wanted to write a short | | | | server you can install the management tools. They will |
| description of the software and outline its features. | | | | install on Vista SP2 and higher or server 2008 SP2 or |
| Like its predecessor Exchange 2010 requires that you | | | | higher. This way you do not have to remotely login to |
| run it on an x64 platform. 32-bit processing is surely | | | | your Exchange server to make all of your changes. |
| but slowly becoming a thing of the past. In 2010 | | | | As far as your site layout goes you should also plan |
| however you must also be running Windows 2008 | | | | on having a global catalog server in every location that |
| SP2 or 2008 R2. One of the major decisions you'll | | | | contains a mailbox server. This is recommended by |
| have to make is whether to select the standard or | | | | Microsoft and will reduce WAN traffic. |
| enterprise edition. This basically boils down to how | | | | Exchange has also setup a new permissions setup |
| many stores you need. Standard supports 5 stores | | | | which they refer to as RBAC or role based access |
| per server as to where Enterprise you can do 50+. As | | | | control. From this you get 5 roles to manage your |
| far as the client side CAL's are concerned you must | | | | exchange infrastructure. They are Organization |
| purchase the 2008 enterprise CAL's if you wish to do | | | | management, view only organization management, |
| unified messaging. There is not however a limitation in | | | | recipient management, records management, and GAL |
| the software. It is simply a licensing issue. Which | | | | synchronization management. |
| means you'll still have the ability to access unified | | | | Another thing you should consider before installing |
| messaging but it will not be licensed correctly. Another | | | | Exchange 2010 is to make sure your domain is setup |
| feature Microsoft has decided to keep is the JET EDB | | | | properly. You can use tools such as NETDIAG and |
| database. It has been rumored in the past that | | | | DCDIAG to verify this. In order to install Exchange 2010 |
| Microsoft would start using SQL server to house the | | | | you're going to need to be a member of domain |
| Exchange database. This is not the case. | | | | admins, enterprise admins, and schema admins. You |
| If you ever worked with recovery storage groups in | | | | will also want to add connect and to your trusted sites |
| Exchange 2003 or 2007 you will no longer find those in | | | | list in IE. Other pieces of software that must be |
| 2010. As well you will not be able to find routing groups. | | | | installed are.NET 3.5, Windows remote management |
| All of the Exchange 2010's routing is done through | | | | 2.0, powershell v2, 2007 office converter Microsoft |
| active directory sites and services. So you must make | | | | filter packs. If you are installing the mailbox role you |
| sure that you have properly configured your sites | | | | must also have AD services remote management |
| before moving forward with Exchange. It is essential to | | | | tools. |
| Exchange 2010 functioning properly. As with Exchange | | | | Before starting the install you must prepare your |
| 2007 Microsoft still is trying to de-emphasize public | | | | schema by running setup /ps if it fails delete the |
| folders. Their goal is to eventually replace these with | | | | contents of c:windowstemp, copy the files from your |
| their Sharepoint product. | | | | CD to your hard drive and rerun setup /ps. You must |
| Another major feature of Exchange 2007 and 2010 is | | | | then run setup /prepareAD |
| their ability to reject email at the gateway. The Edge | | | | OrganizationName:MyCompany where "MyCompany" |
| transport server allows you to configure ADAM and | | | | can be replaced by your organization name. |
| active directory lightweight services to query AD. This | | | | You must then prepare the prerequisites by running |
| allows you to get a list of valid email address and push | | | | the following commands. |
| them out to the border of your network. If the edge | | | | ServerManagerCMD -install RSAT-ADDS |
| server detects that someone is trying to send email to | | | | ServerManagerCMD -install Web-Server |
| the inside of your organization and the user does not | | | | ServerManagerCMD -install Web-ISAPI-Ext |
| exist it is dropped immediately. This saves on memory | | | | ServerManagerCMD -install Web-Metabase |
| and processing power internally so that you don't have | | | | ServerManagerCMD -install Web-Lgcy-Mgmt-Console |
| to deal with spam. | | | | ServerManagerCMD -install Web-Basic-Auth |
| Additionally with Exchange 2007 and 2010 you get the | | | | ServerManagerCMD -install Web-Digest-Auth |
| ability to create UNC direct file access paths. This way | | | | ServerManagerCMD -install Web-Windows-Auth |
| in OWA when a user needs a file on a network share | | | | ServerManagerCMD -install Web-Dyn-Compression |
| they can grab it without needing a cumbersome VPN | | | | ServerManagerCMD -install Net-http-Activation |
| client. Outlook anywhere also remains widely the same | | | | ServerManagerCMD -install RPC-over-http-Proxy |
| in 2007 and 2010. It basically encapsulates your RPC | | | | Once this is complete reboot your server. You are |
| packets into https packets. This allows you to traverse | | | | now ready to run /mode:install /roles:H,C,M the H,C,M |
| your firewall without opening any additional ports. | | | | install hub cas and mailbox roles. |
| Therefore giving users access to their email from | | | | Once your install is complete run the Exchange BPA |
| Outlook wherever they may travel. | | | | or best practice analyzer. |
| One of the greatest new features of Exchange 2010 | | | | In order to install the Edge server you'll want to make |
| in my opinion is database availability groups or DAG. | | | | sure you're running 2008 standard with SP2. You'll |
| This is essentially the same thing as CCR in Exchange | | | | need.NET 3.5, remote management 2.0, powershell v2, |
| 2007. Anyone who has tried to configure CCR, LCR, | | | | AD LDS (can be installed via servermanagerCMD -i |
| or SCR in Exchange 2007 knows that it can be quite | | | | ADLDS). For the edge server to work in a DMZ you'll |
| the process. Microsoft simplified this with DAG's in | | | | need to open ports 50389-50636. Then run |
| 2010. It allows you to keep 16 copies of a users | | | | new-EdgeSubscription -filename |
| mailbox for redundancy and disaster recovery. It does | | | | "c:tempEdgeSubscriptionInfo.xml" Copy that generated |
| this through a process called log shipping. Where 1MB | | | | file to your hub server you can import it in the GUI and |
| files are created and then played into the database. | | | | run start-edgeSubscription from EMS. You can test |
| This allows you to keep a backup of your server at | | | | this once it is imported to verify it is working properly |
| another physical location for disaster recovery or have | | | | by using test-EdgeSubscription from EMS. |
| two Exchange servers running next to each other. | | | | I would personally recommend using a RBL provider to |
| Another nice feature in 2010 is the fact that the client | | | | stop spam from entering your organization. One |
| access server or CAS redirects your client to their | | | | example of this is SpamHaus. This queries the |
| database server that houses their mailbox. You no | | | | connecting server to a black list of IP's and blocks |
| longer need to specify the location of your server in | | | | communication if it is found on the list. This one feature |
| Outlook. The CAS parses AD and redirects them | | | | can drastically cut down on spam. |
| automatically. Therefore there is no hard coding. This | | | | Another item you have to address is purchasing a |
| makes the transition for fail over a lot easier. | | | | SAN certificate for your Exchange server. Exchange |
| As most of you know who have used Exchange | | | | has moved to a secure by default mentality. You will |
| 2007 the GUI is simply a front end to Microsofts | | | | find connecting to OWA or using active sync become |
| command line utility called EMS or Exchange | | | | very painful if you try to issue your own SSL |
| Mangement Shell. Anything you do in the GUI is | | | | certificates. |
| converted to a command and executed against your | | | | Another security improvement in Exchange 2007 and |
| server. I would personally say you have about 90 | | | | 2010 is that all intercommunication is secure and |
| percent functionality in the GUI as opposed to EMS. | | | | encrypted. TLS is used for all server to server |
| However, EMS definitely makes the process a lot | | | | communication internally. RPC is used for your Outlook |
| easier if you need to apply a setting to multiple objects | | | | clients to communicate with your servers. SSL is |
| at the same time. | | | | configured for all external client communication |
| As with Exchange 2007 you still have the same five | | | | including, OWA, activesync, etc. |
| roles edge transport, hub transport, client access | | | | Opportunistic TLS is a new feature where your |
| server, mailbox, and unified messaging. Inside of these | | | | Exchange server will no long try to send via SMTP by |
| five roles only the edge transport server must be | | | | default. It will first send a STARTTLS command to |
| installed separately from the rest of the servers. | | | | use TLS to encrypt external SMTP communication |
| Everything else can be ran on one box. Although this is | | | | with other servers. If the other server however does |
| not recommend for performance reasons. The reason | | | | not support this it will revert to insecure |
| why the edge server is standalone is it was meant to | | | | communications. |
| sit in your DMZ or on the border of your network. | | | | Still included in Exchange 2010 is the ability to use a |
| Absorbing the hits so your internal servers are not | | | | journaling mailbox to track all of your emails. This is |
| affected. It has features such as safelist aggregation | | | | required by some organizations. Keep in mind that this |
| where Outlook client rules are brought outside to it so | | | | feature can increase your processor and memory |
| that it can apply those rules before the message ever | | | | usage by 25 percent. So you should make sure your |
| enters your internal network. | | | | server has plenty of resources before turning on this |
| The hub server still is the same as Exchange 2007 it | | | | feature. |
| routes your messages internally and holds compliance | | | | One of the requirements as previously stated is that |
| rules. You can also run a command against it to install | | | | Exchange 2010 must be running active directory 2003. |
| antispam feature set. This way if you don't have an | | | | Even though 2008 is recommended if you are running |
| edge transport server you can use it to receive | | | | Cisco Unified Messaging 4.2(1) or lower it is NOT |
| outside mail directly. Although this is not recommended | | | | compatible with active directory 2008. |
| by Microsoft. | | | | When you upgrade your active directory infrastructure |
| The CAS server or client access server is meant to | | | | it is recommended that you create a virtual machine |
| interface with your internal and external clients. As | | | | using Microsoft Hyper-v or Vmware. Make the virtual |
| stated before it automatically redirects your Outlook | | | | machine an additional domain controller and make it a |
| clients so that you don't need to hardcode their | | | | global catalog. This way if your upgrade takes turn for |
| mailbox server. It also accepts connections from smart | | | | the worst you have data that is intact if you have to |
| phones, OWA, etc. It is basically your clients interface | | | | downgrade. Do not forget to unplug it from the |
| to your Exchange infrastructure. | | | | network before doing the upgrade. If you need to |
| If you wish to monitor your Exchange 2010 | | | | revert back you can use NTDSUTIL to seize the roles. |
| infrastructure Microsoft has made a plugin for their | | | | If for whatever reason you need to create a scratch |
| SCOM or system center operations manager. This is | | | | installation of a domain you can always use the ADMT |
| Microsoft's MOM replacement that allows you to | | | | utility to move users, groups, computers, service |
| monitor your servers. | | | | accounts, and trusts. |
| In Exchange 2010 you will no longer see SCR, LCR, or | | | | To migrate from 2003 Exchange to 2010 the |
| CCR. They have been superseded by DAG or | | | | overview is as follows. First you must be running |
| database availability groups. This makes configuring | | | | Exchange 2003 with service pack 2. Your active |
| database replication a lot smoother. DAG's also allow | | | | directory domain and forest functional levels must be |
| for your data to reside across multiple servers. You | | | | 2003 and at least one global catalog has to be 2003 |
| can also have multiple DAG's. This is a great feature | | | | server with SP2. Instal AD LDIFDE tools on 2008 to |
| because if half of your users are in one DAG group | | | | upgrade your schema. Upgrade your Exchange |
| and it goes down the other half are not even affected. | | | | Schema. Transfer OWA, activesync, and Outlook |
| Other benefits are reduced restore time since you're | | | | anywhere to the CAS server. Install/upgrade hub |
| not restoring all of your users' data only the ones in | | | | server. Transfer the mail flow to the hub transport |
| that DAG. You can also have separate exchange | | | | server. Install mailbox servers and DAG if required. |
| policies for different DAG's. So if your management is | | | | Move your public folder replicas using pfmigrat.wsf or |
| in one and your regular users are in another you can | | | | PFRecursive.PS1. Move your mailboxes. Rehome |
| change the rules that apply to them. This is a great | | | | OAB. Rehome public folder hierarchy. Transfer public |
| way to mitigate risk by distributing your load. | | | | folder replicas. Delete 2003 public and private stores. |
| As far as the enterprise and standard software go | | | | Delete routing group connectors. Delete RUS using |
| they are both installed from the same media. It is just | | | | ADSIEdit. Uninstall Exchange 2003. |
| different license keys that you input that determine | | | | To migrate from 2007 Exchange to 2010 the process |
| what version you are installing. It is also upgradable. | | | | is a little less. Make sure your Exchange 2007 server |
| You can go from trial to standard to enterprise. | | | | is running SP2. Make sure your domain and forest is at |
| However, you cannot downgrade backwards from | | | | 2003 functional level. Global catalog server is at 2003 |
| enterprise to standard or standard to trial. | | | | SP2. Use AD LDIFDE tools to upgrade your schema. |
| In order to install Exchange 2010 your domain and | | | | Prepare schema. CAS server. Transfer OWA. Install |
| forest functional level must be at 2003. Also each site | | | | hub transport. Transfer mail to hub transport. Use |
| which contains Exchange 2010 must also contain a | | | | AddReplicatoPFRecursive.Ps1 to move your public |
| 2003SP2 domain controller or 2008 domain controller. | | | | folder replications. Move your mailboxes. Rehome |
| We recommend you have your domain running | | | | OAB. Transfer public folder replica. Delete public and |
| 2008R2 domain controllers however. | | | | private stores. Uninstall Exchange 2007. |
| Exchange still uses EAS or exchange active sync for | | | | With Exchange 2010 or 2007 you want to make your |
| mobile devices. This way your contacts, calendar, | | | | co-existence time as small as possible. The longer you |
| email, etc. are all tightly integrated with your Windows | | | | intermingle different versions the more problems you |
| mobile devices. | | | | are asking for. |
| One common misconception that people have is | | | | If you are running Exchange 5.5 unfortunately there is |
| Exchange enterprise must be installed on server | | | | no direct upgrade at this point. You must first upgrade |
| enterprise software. Or that server enterprise | | | | to Exchange 2003 SP2 then to 2010. As far as Lotus |
| software cannot have Exchange standard installed on | | | | Notes, Novell Groupwise, or Senmail goes the |
| it. Both of these are fallacies. | | | | recommend path is to install a clean environment and |
| When you begin your Exchange installation you should | | | | then work on importing your data using tools. There is |
| give serious consideration to how you configure your | | | | no upgrade path. |
| arrays. Exchange is a very read/write intensive | | | | Database Availability Groups or DAG's are a very |
| application. Therefore you should separate your OS, | | | | important new feature of Exchange 2010. It gives you |
| log files, and database all on separate arrays. If this is | | | | the ability to maintain 16 copies of users' mailboxes. |
| not possible it is then recommended that you at least | | | | You can also set different databases to fail over to |
| put yoru OS and log files on one array and your | | | | different servers and specify in what priority. The |
| database files on another. The reason for this is simple. | | | | requirements for DAG are Windows Server 2008 |
| The log files are write intensive and the database files | | | | enterprise, two nics in your mailboxes servers, |
| are read intensive. Separate these two out can speed | | | | Exchange 2010 Enterprise, a file share witness. We |
| up your disk I/O. | | | | recommend you put this on your hub transport server. |
| Memory requirements in Exchange 2010 have pretty | | | | But technically it can be on any file server. It is very |
| much gone unchanged. Start your server with 2GB of | | | | easy to setup as you create a share and then |
| memory and then 5MB for every mailbox user. I would | | | | Exchange manages and handles the permissions. |
| also personally recommend to have a minimum of | | | | Steps to create a DAG, Add members, and verify the |
| 4GB. Memory is cheap enough these days that the | | | | DAG |
| benefit of having more of it out way the cost. | | | | New-DatabaseAvailabilityGroup -Name |
| Although the databases in Exchange can grow very | | | | ExchangeDAG -WitnessServer ExchangeHT |
| large we do not recommend that you go over 100GB. | | | | -WitnessDirectory "c:FSW" |
| This can become cumbersome to work with and | | | | -DatabaseAvailabilityGroupIPAddresses 172.16.4. |
| decrease performance on your server. | | | | |