Your SlideShare is downloading. ×
Exchange Server 2010
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Exchange Server 2010

1,251
views

Published on

Exchange 2010 | Management Tools | Leonardo Elias

Exchange 2010 | Management Tools | Leonardo Elias


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,251
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.  
  • 2. Tech Day 28/06/2009 | Rio de Janeiro
  • 3. Exchange 2010 Management Tools Leonardo Elias MCP / MCTS / MCITP / MCT http://leonardooelias.spaces.live.com
  • 4. Exchange 2010 Investments Simplify Administration
    • Empower Specialist Users to Perform Specific Tasks with Role-based Administration
      • Compliance Officer - Conduct Mailbox Searches for Legal Discovery
      • HR Officer - Update Employee Info in Company Directory
    • Lower Support Costs Through New User Self-Service Options
      • Track Status of sent messages
      • Create and Manage Distribution Lists
    The annual cost of helpdesk support staff for e-mail systems with 7,500 mailboxes is approximately $20/mailbox. This cost goes up the smaller the organization. (“Email Support Staff Requirements and Costs: A Survey of 136 Organizations”, Ferris Research, June 2008).
  • 5. Exchange 2010 Management What's New?
    • New Exchange Management Console features
    • Exchange Control Panel (ECP)
      • New and simplified web based management console
      • Targeted for end users, hosted tenants, and specialists
    • Role Based Access Control (RBAC)
      • New authorization model
      • Easy to delegate and customize
      • All Exchange management clients (EMS, EMC, ECP) use RBAC
    • Remote PowerShell
      • Manage Exchange remotely using PowerShell v2.0
      • Note: No more local PowerShell, it's all remote in Exchange 2010
  • 6. Exchange Management Console (EMC) Improvements
    • Built on Remote PowerShell and RBAC
    • Multiple Forest Support
    • Cross-premises Exchange Management
      • Including Mailbox Moves
    • Recipient Bulk Edit
    • PowerShell Command Logging
    • New feature support
      • For Example: High Availability
  • 7. Exchange Management Console
  • 8. Exchange Control Panel (ECP) What is it?
    • A browser based Management client for end users, administrators, and specialists
    • Simplified user experience for common management tasks
    • Accessible directly via URL, OWA & Outlook 14
    • Deployed as a part of the Client Access Server role
    • RBAC aware
  • 9. Exchange Control Panel Who will use it?
    • Specialists
      • Administrators can delegate to specialists e.g. Help Desk Operators, Department Administrator, and eDiscovery Administrators
    • End Users
      • Comprehensive self service tools for End Users
    • Hosted Customers
      • Tenant Administrators
  • 10. Exchange Control Panel What It Looks Like
  • 11. Exchange Control Panel
  • 12. ECP Architecture Overview
    • High Level View
      • AJAX-based
      • Shares some code with OWA, but two separate applications
      • Deployed on Client Access Server
      • ECP  ASP.Net  RBAC  PowerShell
      • Authentication
        • Windows Integrated, Basic, Forms Based
    • Browser support - Same as OWA premium
      • IE
      • Firefox
      • Safari
  • 13. ECP Architecture Overview Role Based Access Control
    • Users shouldn't have access to message tracking
      • Message tracking tab doesn't show up in ECP
      • Users can edit mailboxes, but not create new ones
      • "New Mailbox" button hidden
      • Users can edit display name but not Department
      • Department field visible but read-only
  • 14. RBAC in Exchange 2010
      • RBAC has replaced the permission model used in Exchange 2007
      • Your “role” is defined by “what you do”
      • Define precise or broad roles and assignments based on the tasks that need to be performed
    • Includes Self Administration
    • Used by EMC, EMS and ECP
  • 15. Who can do What… and Where? RoleGroup /USG Role Assignment Policy Recipient Write Scope Recipient Read Scope Configuration Write Scope Configuration Read Scope Admins End-Users Role Assignment Role Entry Cmdlet: Param1 Param2 Param3 Role Entry Cmdlet: Param1 Param2 Param3 <Role Entry> Cmdlet: Param1 Param2 Param3 Role What? Where? Who?
  • 16. Who can do What… and Where? RoleGroup /USG Role Assignment Policy Recipient Write Scope Recipient Read Scope Configuration Write Scope Configuration Read Scope What? Where? Admins End-Users Role Assignment New-ManagementRoleAssignment Get-ManagementRoleAssignment Set-ManagementRoleAssignment Remove-ManagementRoleAssignment Add-RoleGroupMember Remove-RoleGroupMember New-RoleAssignmentPolicy Remove-RoleAssignmentPolicy Who?
  • 17. Who can do What… and Where? Role Assignment Policy Recipient Write Scope Recipient Read Scope Configuration Write Scope Configuration Read Scope Where? Who? Admins End-Users Role Assignment New-RoleGroup Set-RoleGroup Get-RoleGroup Remove-RoleGroup RoleGroup /USG Role Entry Cmdlet: Param1 Param2 Param3 Role Entry Cmdlet: Param1 Param2 Param3 <Role Entry> Cmdlet: Param1 Param2 Param3 Role What?
  • 18. Who can do What… and Where? RoleGroup /USG Role Assignment Policy Recipient Write Scope Recipient Read Scope Configuration Write Scope Configuration Read Scope What? Who? Admins End-Users Role Assignment Where?
  • 19. Custom Management Roles
    • Custom Roles can be added to suit specific delegation requirements
      • Roles are hierarchical, with built-in role at the top
      • Role Entries can only be removed from a role
      • Create the management role
      • Change the new role's management role entries (by removing role entries)
      • Create a management scope (if required)
      • Assign the new management role
  • 20. Custom Management Roles What does it look like?
    • New-ManagementRole -Name “eDiscovery-Sales” –Parent DiscoveryManagement
    • New-ManagementScope –Name “Sales Mailboxes” –DomainRestrictionFilter “(RecipientType –eq ‘UserMailbox’)” –DomainRoot “OU=Sales,DC=contoso,DC=Com”
    • New-ManagementRoleAssignment –Name “RA-Sales eDiscovery Administrators” –User “USG-Sales eDiscovery Admins” -Role “eDiscovery-Sales” –DomainScopeRestriction “Sales Mailboxes”
  • 21. Role Based Access Control
  • 22. RBAC Role Delegation
    • Role membership is not a right to delegate
    • RoleAssignment Delegation
      • Special kind of Role Assignment
      • Delegation does not grant role permissions
    • RoleGroup Delegation
      • Controlled through RoleGroup ownership
      • ManagedBy parameter similar to DGs (Multi-Valued)
      • Ownership does not grant RoleGroup permissons
  • 23. RBAC Permissions Reporting
      • Get-ManagementRoleAssignment
      • Effective Roles for a User
      • Effective Users by Role/Scope/Group
      • Effective permissions to a Writable Object
  • 24. Remote PowerShell
    • New management architecture for PowerShell in Exchange 2010
      • Allows Role-based Access Control (RBAC) model
      • Restricted Runspace allows RBAC to hide cmdlets and parameters
      • Client / Server separation
      • Remote PowerShell is always used to connect “remotely” to localhost
      • Enables firewall and cross-forest scenarios
      • “ No Binaries” scenarios
      • Exchange-cmdlet management from a client machine which does not have Exchange Management Tools (Exchange binaries) installed
  • 25. Remote PowerShell How does it work? IIS WSMan + RBAC stack: Authorization PSv2 RBAC Server Runspace > New-Mailbox –Name Bob PSv2 Client Runspace Erik Erik: Role Assignment New-Mailbox -Name Get-Mailbox Set-Mailbox -Name Cmdlets Available in Runspace: New-PSSession > New-PSSession –URI https://server.fqdn.com/PowerShell/ Remote Cmdlets Available in Runspace: New-Mailbox -Name Get-Mailbox Set-Mailbox -Name Exchange Server IIS: Authentication Cmdlets Available in Runspace: New-Mailbox -Name Get-Mailbox Set-Mailbox -Name [Bob Mailbox Object in Pipeline]
  • 26. Remote PowerShell How Do I Use It?
    • $UserCredential = Get-Credential
    • $rs = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://<Exchange 2010 servername>/powershell –Credential $UserCredential
    • Import-PSSession $RS
  • 27. Remote PowerShell
  • 28. Summary
    • Role Based Access Control
      • RBAC used as the permissions model
      • Enables the definition of broad or precise roles and assignments, based on the actual roles administrators perform
    • Exchange Control Panel
      • Provides a new way to administer a subsets of Exchange features
      • Provides a great self provisioning portal
    • Remote Powershell
      • Uses familiar Exchange cmdlets
      • Allows administration without the Exchange management tools
      • Provides a firewall friendly management access
  • 29. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.