Viestinnän seminaari 8.11.2012 / Exchange


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Ignite is the technical readiness program from the Microsoft Office Division (MOD). Ignite provides deep (level 300) technical training from Microsoft experts to IT Professionals and Developers.
  • Devices:Fast and fluid experience with touch, pen, mouse & keyboardImmersive touch-optimized Windows 8 appsSupport for Mobile DevicesCloud:Office - on demand, roaming & up-to-dateNew cloud app development modelEnterprise-grade reliability and standardsSocial:Newsfeeds & microblogging, extend with YammerPervasive social capabilities across OfficeMultiparty HD video & Skype federationControl:DLP, data retention & unified eDiscoveryReimagined deployment model for Office appsCommon management experience across Office 365
  • Slide objectiveCommunicate that Exchange can be deployed in many ways that meet customer needs.Talking pointsThe key here is that you are in control. Giving customers transparency and options is what we are delivering in the new Exchange.This really is the cloud on your terms.On-premises deployment provides complete control of your environment and security and more customization.Exchange Online can help reduce costs, focus IT on business priorities, and ensure that your users benefit from the latest technology.Coexistence capabilities mean that you can mix the two in a hybrid deployment and segment your users to give them the right level of service at the lowest cost.All configurations provide the robust messaging capabilities that you expect from Exchange.
  • Slide objectiveCommunicate that Exchange can be deployed in many ways that meet customer needs.Talking pointsThe key here is that you are in control. Giving customers transparency and options is what we are delivering in the new Exchange.This really is the cloud on your terms.On-premises deployment provides complete control of your environment and security and more customization.Exchange Online can help reduce costs, focus IT on business priorities, and ensure that your users benefit from the latest technology.Coexistence capabilities mean that you can mix the two in a hybrid deployment and segment your users to give them the right level of service at the lowest cost.All configurations provide the robust messaging capabilities that you expect from Exchange.
  • The Exchange Administration Center is supported by Role-Based Access Control or RBAC. RBAC Assigns permissions to specific operations with meaning in the organization. RBAC defines who can do what … and where.RBAC was introduced in Exchange 2010 and replaces the permissions model in previous versions of ExchangeThe RBAC authorization model is centered on the concept of Role Assignment. A role assignment defines exactly who (a user or a group) can do what, and where (what objects) they can do it to. Your role is defined by what you do – it’s an action or verb oriented world.This is a very different model from the AD ACL Model which hinged around the Where. Where: Scopes can be filter or OU based; all scopes grant access to included objects; exclusive scopes prevent non-holders access to included objects.Role groups define high level job functionsEnd user role assignment policies for self-serviceAssign ask, action or feature-based permissionsDelegate multiple rolesLimit the scope of the role assignment, e.g. “Legal Department” or “Asia Offices”
  • Blocking SPAMTop ranked filtering service gets better with faster more proactive ways of catching and eliminating spamNew fingerprinting techniques to react faster (in real time – don’t have to wait until user community reports it)For example; when we find a bad IP that is sending spamWe’ll do more than just block the mail from We’ll start collecting all of the email from that know bad server and analyzing it to find out characteristics of the spam, so that we can more effectively block it.International SPAM SupportAbility to select geo-regions/countries for blockingAbility to filter on languages (86 languages supported)Geo-regions enforcement happens in Connection Filtering LayerLanguage enforcement happens at the Content Filtering layer Bulk Mail marked as SPAMThe admin can decide how to classify these type of messages – will be treated based on what your choice of how to manage SPAM.Bacn (pronounced like bacon), is email that has been subscribed to and is therefore not unsolicited (like e-mail spam), but is often not read by the recipient for a long period of time, if at all. Bacn has been described as "email you want but not right now.“Bacn differs from spam in that the recipient has signed up to receive it. Bacn is also not necessarily sent in bulk. Some examples of common bacn messages are news alerts, periodic messages from e-merchants from whom one has made previous purchases, messages from social networking sites, and wiki watch lists.[3]The name bacn is meant to convey the idea that such email is "better than spam, but not as good as a personal email".
  • Integrated archiving and data hold capabilitiesCentrally managed or used assigned retention policies
  • In the new Exchange, the DLP features will support major regulatory requirements out of the box, including PCI DSS.It will also be extensible, allowing admins to install specific templates offered by security partners. For example, a DLP template built by a partner for the German market would take action on email that includes German driver’s license numbers. Talking points Exchange gives you the control to manage compliance in order to meet your business and regulatory needs.The goal is to help you with accidental data loss. Detect sensitive data before it is sent with built-in templates that filter mail content for PCI DSS, GLBA, and other regulations. Import DLP policy templates from top security partners or build your own.Today, it is important to help users do the right thing in a complex world of compliance. Education for usersDLP is built upon transport rules (v3). While it was possible to do in Exchange Server 2010 or Exchange Online, now it is packaged, and with reporting/charts/classifications, and it is out of the box Stories When was the last time you saw the employee handbook with all of the regulations on what you were and weren’t supposed to do?. Most people aren’t malicious, but they aren’t educated.  More infoClassificationScanning will examine both message contents and attachmentsOut-of-the-box classification rules work to detect common types of sensitive data. Actions are built in today (in transport rules). We are adding deep analysis (content inspection)Policy engineWell-defined entities (e.g., CC#, SSN) Probabilistic techniques for fuzzy matches (e.g., SOX, medical terms) RSA partnershipDLP policy template: Logical grouping of classification rules, transport rules, and reporting to achieve an objectiveThere will be several templates in the box.PII, financial, healthcare (for the type of healthcare issues that HR would deal with. We are not building templates for hospitals, though we enable partners to do that through our extensibility story)U.S. and Europe Custom classification rulesFingerprinting for org. documents that share common characteristics (e.g., 1040 form) Custom regex and keyword matchesOffice document metadata ExtensibilityClassification rules: Open format for classification rule schemaISVs create new packages of classification rules, transport rules, and reporting for specific regulations ActionsBuilt on Exchange Transport Rules; has same actions availableSupports discovery phase of compliance: two clicks to start monitoring sensitive information IW ExperienceContextual education for information workers Detect sensitive data in email before it is sentText is customizable by admins from Exchange Admin Center
  • SituationWith the explosive growth of compliance requirements both inside and outside organizations, compliance has become everyone’s responsibility. Neither the IT department nor the legal and compliance departments can keep tabs on all of the information that is exchanged in the ordinary course of business. Organizations need tools that enable self-service and automated compliance wherever possible. Talking pointsThere is a solid partnership between the teams. We all work together now.Perform unified searches regardless of document type or location, across Exchange, SharePoint, Lync, and file shares.Search and view content by project, legal matter, or business context.Save money when there is a litigation need by producing results quickly and efficiently.Provide native safety for messaging content.This is an evolution of our compliance (v3) and search infrastructure (FAST)Data stays where it lives (In-Place) where it has the most relevance.
  • Separate HA solutions for each roleIntroduced the DAGRich management experience using RBACSupport for Hybrid deployments
  • Exchange Building Block Model: The Exchange building block model simplifies Exchange deployments at all scales, standardizes high availability and client load balancing, and improves cross-version interoperability. As an IT administrator, your focus is not necessarily backups, monitoring or disaster recovery. Your focus is to help keep your service available for your business. We have created a system that:Is flexible and efficient to allow deployment on a wide range of hardwareEnables large, low cost mailboxes, butProvides a single solution for high availability, business continuity, data protection and backupsHelps isolate failures with built in monitoring and availability managementHelps you reduce risk and focus on your business
  • In the new version of Exchange we envision two basic building blocks within Exchange – the Client Access Server or CAS and the Mailbox Server. CAS is comprised of two components: client protocols and SMTP. A CAS array is a series of thin, stateless servers from a protocol session perspective. Because they are stateless, they do not require session affinity or layer 7 load balancing. They are designed to work with TCP affinity or layer 4 load balancing which is protocol unaware. This is important because this provides flexibility and choice with respect to load balancing and high availability. It increases the capability/utilization of the LB as you won’t have to do SSL processing, session cookie processing, etc – it reduces complexity and cost.CAS has the logic to route all protocol requests to the correct back end or mailbox server, even older versions of Exchange. It is domain joined, meaning it is not an edge or gateway server.From a functionality perspective, we want to avoid dependencies between functionalities CAS and MBX so that we enable independent upgrade the two and allow cross-version interaction, which is critical to making the upgrade/coexistence story simple and flexible for customers. In terms of deployment flexibility this also means that there is no expectation that CAS needs to be in the same location as MBX in Exchange. Many customers will have them in the same sites but some large organizations may want the flexibility to consolidate CAS or consolidate MBX. Meanwhile, the mailbox servers host all components that process, render and store data – RPC CA, OWA, RPC proxy, transport, UM, etc) Clients do not connect directly to MBXservers; connectivity is through CAS. MBX servers are the evolution of what we provided in Exchange 2010 with a DAG; a collection of these servers form an HA unit.
  • Earlier versions of MAC Outlook Clients used WebDav, need the EWS versions of Entourage/Outlook versions for MACExchange Server 2003 coexistence is blocked by Exchange 2013 setup, this is not a supported scenario
  • Exchange continues to support the non-standard DNS namespaces due to Windows support for these namespaces.
  • Windows Server 2012 includes several prereqs, not additional downloads like on Windows 2008 R2PowerShell v3.0.NET Framework 4.5Exchange 2013 includes the 5 / 100 database limit for Exchange Standard and Exchange Enterprise, same as Exchange 2010Windows Management Framework 3.0Includes Remote Management and PowerShell v3.0UCMA v4.0 includes new speech engine
  • With Exchange 2013 Preview, you need to install MBX first. MBX first is a recommendation. CAS is just a stateless protocol proxy, no business logic, no APIs, no objects to work with. So if Exchange 2013 CAS is installed first, it cannot be configured because there are no configuration objects, it cannot be manipulated because there is no business logic.You can do CAS first instead of MBX first, but recommend MBX first. Or install a multirole server first.
  • Test legacy namespace creation with HOSTS filesLayer 7 load balancers are no longer required for primary Exchange 2013 namespaceSession Affinity is not required for Exchange 2013Layer 4 is supported and recommendedPerforms service health awarenessLoad balancing of the CAS servers
  • HT-palvelimiaeienääoleEdge on versio 2010Jatkossapäivittämiennkohdistuu mailbox-palvelimiin, eivälttämättäCASArrayhin
  • UM keskusteleeainoanaroolinasuoraan Mailbox-palvelimenkanssa
  • Inbound Emails from external SMTP will be received by Receive Connector (SMTP Receive) on the Hub Transport Service. SMTP Receive perform a Connection Filtering, Recipient filtering and Sender filtering by the Protocol Agent and the emails will be delivered to Hub Selector. Hub Selector use the delivery groups to find where to deliver the emails based on the recipient and the emails will be sent to SMTP Send component on the Front End Transport Service
  • Koska PF on yksi mailbox (primary) Siihensovelletaanpostilaatikonvikasietoisuusominaisuuksia (DAG?)
  • Vanha PF –konseptitoimiiedelleen, migraatiosuunniteltava!
  • Viestinnän seminaari 8.11.2012 / Exchange

    1. 1. Exchange, Office & Office 365Preview WorkshopOctober 2012
    2. 2. Jarmo EkholmSenior Trainer/ConsultantMCT, MCSE, MCITPOsaamisalueet:• Exchange, kaikki versiot• Varmennepalvelut• Palvelininfrastruktuuri 3
    3. 3. Remain in control, online, and on- Do more, Keep the premises on any device organization safeExchange enables you to tailor your Exchange helps your users be more Exchange keeps your organization safe bysolution based on your unique needs productive by helping them manage enabling you to protect businessand ensures your communications are increasing volumes of communications and sensitivealways available while you remain in communications across multiple information and to meet internal andcontrol; on your own terms— devices and work together more regulatory compliance, on-premises, or a hybrid of the effectively as teams.two.
    4. 4. Copyright© Microsoft Corporation
    5. 5. Copyright© Microsoft Corporation
    6. 6. Who What WhereCopyright© Microsoft Corporation
    7. 7. Copyright© Microsoft Corporation
    8. 8. Block email based on languageBlock email based on geography Copyright© Microsoft Corporation
    9. 9. Policy details transparently displayed to end user Right click to assign policy to anCopyright© Microsoft Corporation item, folder or to all your email
    10. 10. Copyright© Microsoft Corporation
    11. 11. Use proximity searches to understand context Fine tune complex queries Get instant statistics Query results across Exchange, Lync & SharePointLaser focused refiners to help find the data you need
    12. 12. Previous Server Role ForefrontArchitecture Online Protection for Internal Network5 server roles Exchange Phone system (PBX Edge or VOIP) Transport Hub Transport Routing and Routing and policy AV/ASTightly-coupled Externalin terms of SMTP servers Mailbox Unified Messaging Stores mailbox and Voice mail and versioning Mobile public folder items voice access phone functionality Web Layer 7 LB Client Access Client connectivity browser user partitioning Web services Outlook AD geo-affinity (remote user) Outlook (local user) Line of business application Copyright© Microsoft Corporation
    13. 13. Copyright© Microsoft Corporation
    14. 14. Copyright© Microsoft Corporation
    15. 15. Hardware efficiency Deployment simplicity Cross-version inter-op Failure isolationCopyright© Microsoft Corporation
    16. 16. Layer 4 load balancer EdgeMailbox Server hosts all CAS MBXcomponents to process, renderand store data Remote clients & devices Local clients PBX Internet Enterprise network
    17. 17. Exchange 2010 Exchange 2013 L4 LB Hardware L7 LB Load Balancer AuthN, Proxy, Re- Client Access direct AuthN, Proxy, Re-direct Client Access Hub Transport, Protocols, API, Biz-logic Protocols, Assistants,Unified Messaging API, Biz-logic Mailbox Mailbox Assistants, Store, CI Store, CI
    18. 18.
    19. 19.
    20. 20. 1. Prepare Clients Install Exchange 2010 SP3 across the ORG Prepare AD with Exchange Preview schema Validate existing Client Access using Remote Connectivity Analyzer and test connectivity cmdlets1 2 4 2. Deploy Exchange Preview servers Install both Exchange Preview MBX and CAS servers E2010 E2010 Exchange 2010 3. Obtain and deploy certificates E2013 Servers HUB CAS 3 CAS Obtain and deploy certificates on Exchange Preview SP3 Client Access Servers SP3 4. Switch primary namespace to Exchange Preview CAS Intranet site Exchange Preview fields all traffic, including traffic from Exchange 2010 users Validate using Remote Connectivity Analyzer 5 6 5. Move Mailboxes E2010 E2013 MBX MBX Build out DAG Move Exchange 2010 users to Exchange Preview MBX Internet-facing site – upgrade first 6. Repeat for additional sites
    21. 21. 1. Prepare Clients Install Exchange 2007 SP3 + RU across the ORG Prepare AD with Exchange Preview schema and validate 3 2. Deploy Exchange Preview servers Install both Exchange Preview MBX and CAS servers1 2 5 3. Create legacy namespace Create DNS record to point to legacy Exchange 2007 CAS 4. Obtain and Deploy Certificates Exchange 2007 Obtain and deploy certificates on Exchange Preview CAS E2007 E2007 E2013 Servers SP3 SP3 4 CAS servers configured with legacy namespace, Exchange HUB CAS RU RU Preview namespace, and autodiscover namespace Deploy certificates on Exchange 2007 CAS RU RU Intranet site 5. Switch primary namespace to Exchange Preview CAS Validate using Remote Connectivity Analyzer 6 7 6. Move mailboxes E2007 E2013 SP3 Build out DAG MBX MBX Move Exchange 2007 users to Exchange Preview MBX Internet-facing site – upgrade first 7. Repeat for additional sites
    22. 22. Prepare 1Install Exchange 2007 SP3 + coexistence RU using same steps as previous Exchange 2007 roll-upsPrepare Active Directory with Exchange Preview schemaValidate existing client access using Remote ConnectivityAnalyzer and test connectivity cmdlets Copyright© Microsoft Corporation
    23. 23. 1 2Install − Setup.exe /mode:install /roles:clientaccess MBX performs PowerShell commands − Setup.exe /mode:install /roles:mailbox CAS is proxy only − Setup.exe /mode:install /roles:ManagementToolsOther required parameter- /IAcceptExchangeServerLicenseTerms GUI or command line In-place upgrades not supported Updated to reflect Exchange Preview roles New required parameter for license Copyright© Microsoft Corporation
    24. 24. Create Legacy Namespace 1 3Used to access Exchange 2007 during coexistenceLegacy.contoso.com Copyright© Microsoft Corporation
    25. 25. DNS 2007 CAS 2007CAS ExternalURL 2013CAS 2013 CAS2007/2013 coexistence
    26. 26. 1 4First notification shown 30 days prior to expirationSubsequent notifications provided daily Copyright© Microsoft Corporation
    27. 27. Certificates 1 4Minimize the number of certificatesMinimize number of host namesUse split DNS for Exchange host for Exchange connectivity on intranet and has different IP addresses in intranet/Internet DNSDon’t list machine host names in certificate host namelistUse load-balanced (LB) arrays for intranet and Internet access to serversUse “Subject Alternative Name” (SAN) certificate Copyright© Microsoft Corporation
    28. 28. 36 Copyright© Microsoft Corporation
    29. 29. 37 Copyright© Microsoft Corporation
    30. 30. LB L7 LB Ex Ex CAS HT MBX MBX Ex Ex Separate HA solutions for SAN each role Simplify forRole differentiation Separate roles for ease of Introduced the DAG scale, balancedthrough manual deployment and Rich management utilization, isolationconfiguration management experience using RBAC Integrate HA for all rolesHardware solutions for segmentation Leaves resources on the Simplify network―reliability‖ ($$$$) Support cheaper storage ground in each role architecture 2000/2003 2007 2010 201338
    31. 31. 40 Copyright© Microsoft Corporation
    32. 32. Forefront Online Two building Protection for Exchange Enterprise Network blocks Edge Transport AD Routing and CAS DAG AV/AS Array CAS MBX External SMTP servers CAS MBX Layer 4 LB CAS MBX Mobile phone CAS MBX Web CAS MBX Loosely browser coupled Outlook (remote user) Line of Business Phone System Outlook (local user) Application (PBX or VOIP)41 Copyright© Microsoft Corporation
    33. 33. OWA Outlook EAS EAC PowerShell IMAP SMTP SBC, AP SIP Layer 4 LB Redirect IIS CAS 2013 HTTP Proxy POP, IMAP SMTP UM HTTP POP, IMAP SMTP SIP + RTP IIS RpcProxy OWA, EAS, EWS, EC POP Transport UM RPS IMAP RPC CA P, OAB MBX 2013 Mail MDB Q42
    34. 34. RPC/HTTP and the death of RPC/TCP mailbox- guid@contoso.com43 Copyright© Microsoft Corporation
    35. 35. 44 Copyright© Microsoft Corporation
    36. 36. What you need to control connectivity flow45 Copyright© Microsoft Corporation
    37. 37. Protocol E2007 user accessing E2010 E2007 user accessing E2013 namespace E2010 user accessing E2013 namespace Legacy Coexistence Requires namespace Legacy Namespace Legacy Namespace No additional namespaces OWA • Same AD site: silent or SSO FBA Silent redirect (not SSO) to CAS 2007 externally facing • Proxy to CAS 2010 redirect URL • Cross-site silent redirect (not SSO), which may • Externally facing AD site: manual or redirect to CAS 2010 or CAS 2013 silent/SSO cross-site redirect • Internally facing AD site: proxy Exchange • EAS v12.1+ : Autodiscover & Proxy to MBX 2013 Proxy to CAS 2010 ActiveSync redirect • Older EAS devices: proxy Outlook Anywhere Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010 Autodiscover Direct CAS 2010 support Redirect to CAS 2007 externally facing URL Proxy to CAS 2010 EWS Autodiscover Autodiscover Proxy to CAS 2010 POP/IMAP Proxy Proxy to CAS 2007 Proxy to CAS 2010 OAB Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010 RPS n/a n/a Proxy to CAS 2010 ECP n/a n/a • Proxy to CAS 2010 • Cross-site redirect, which may redirect to CAS 2010 or CAS 201346
    38. 38. 47 Copyright© Microsoft Corporation
    39. 39. External SMTP External SMTP Front-End Transport Pipeline SMTP Receive SMTP Send Protocol Agents Hub Selector SMTP from MBX 2013 SMTP to MBX 201349
    40. 40. 50 Copyright© Microsoft Corporation
    41. 41. 51 Copyright© Microsoft Corporation
    42. 42. Dawn of a New Age Public Private Logon Public Logon Logon CAS 2013 Content Hierarchy Mailbox Mailbox MBX MBX MBX 2013 2013 201352 Copyright© Microsoft Corporation
    43. 43. 53 Copyright© Microsoft Corporation
    44. 44. SMTP from Transport SMTP to Transport Service Service Mailbox Transport Pipeline SMTP Receive SMTP Send Hub Selector (Router) Store Driver Deliver MBX Deliver Store Driver Submit Agents MBX MBX Submit Assistants Agents Mailbox Transport Delivery Mailbox Transport Submission MAPI MAPI Mailbox Store55
    45. 45. 56 Copyright© Microsoft Corporation
    46. 46. 57 Copyright© Microsoft Corporation
    47. 47. Seminaaritarjous!– Microsoft Exchange Server– 533: Exchange 2013 / Office 365 Ignite 20.- 22.11.2012– 10135: Exchange 2010, käyttöönotto ja hallinta 11.- 14.12.2012– 520: MCITP: Enterprise Messaging Administrator 2010 -valmennusohjelma alkaen 11.12.2012
    48. 48. WorkSmarter, Anywhere.