Exchange Server 2013 introduced new server roles that simplified the architecture. The Client Access server role became a thin, stateless proxy server that routes client protocol requests. The Mailbox server role consolidated functionality into a single server that processes, renders, and stores Exchange data. This evolution improved hardware efficiency, simplified deployments, and enabled cross-version interoperability. The Front End Transport service acts as a load-balanced ingress/egress point that determines the optimal Mailbox server for delivering messages to avoid unnecessary hops.

1. Exchange Server 2013
Architecture Deep Dive, Part 1
Scott Schnoll
Principal Technical Writer
Microsoft Corporation

2. Agenda
Exchange Server Evolution
Architecture Changes
Client Access Server Role

3. Exchange: Past, Present and Future
L7 LB
CA
Ex Ex S
HT
C C C H H H
MBX MBX
Ex Ex
SAN
• Role differentiation • Separate roles for • Separate HA solution per
through manual deployment & role
configuration segmentation • Introduction of the DAG
• Backups and hardware • Support cheaper • Support for Hybrid
solutions for storage deployments
“reliability”
2000/2003 2007 2010

4. Previous Server Role Architecture
5 server roles Forefront Online
Protection for
Exchange
Internal Network Phone system
(PBX or VOIP)
Tightly-coupled E
in terms of
versioning External
SMTP
functionality servers
user partitioning Mobile phone
geo-affinity Web Layer 7
browser
LB
Outlook
(remote user)
Outlook (local user) Line of business
application

5. Challenges with Legacy Model
Exchange deployments can be complicated
Load balancing is difficult and can require expensive solutions
When dedicated server roles are deployed, hardware can go unutilized or
under-utilized
Too many namespaces required

7. Evolution of Server Roles
E C C H U M

8. Client Access Server Role
Thin, stateless (protocol session) server that includes:
Client access protocols (HTTP, POP, IMAP)
SMTP proxy
UM call router
Exchange-aware proxy server
Understands requests from client protocols
Supports proxy and redirection logic for client protocols

9. Mailbox Server Role
Server that processes, renders and stores Exchange data
Includes components previously found in separate roles (CAS, Hub, UM)
Connectivity to user’s mailbox is always provided by the protocol stack on
the Mailbox server hosting the active database copy

10. Evolution of Server Roles
E C M
C M

12. Exchange 2013 Architectural Theme
Use Building Blocks to facilitate deployments at all scales – from self-
hosted, small organizations to Office 365
• Server role evolution
• Network layer improvements
• Versioning and inter-op principles

13. Exchange 2013 Architecture Benefits
Hardware efficiency
Deployment simplicity
Cross-version inter-op
Failure isolation

14. Exchange 2013 Tenet: Every
Server is an Island EWS protocol
MRS proxy
protocol
SMTP
Protocols, EW MRS Transpor Transpor MRS EW
S MRSProxy t t MRSProxy S
Server Agents Custom WS
Assistan Assistan
RPC CA RPC CA
ts ts
MailItem Banned MailItem
XSO E2010 XSO
Business Logic
CTS Other APIs CTS Other APIs
Content Content
Store index Store index
Storage
ESE File ESE File
system system
Server1 (Vn) Server2 (Vn+1)

15. Functional Differences
Exchange 2010 Exchange 2013
Architecture Architecture
L4 LB
L7 LB AuthN, Proxy, Client Access
Re-direct
AuthN, Proxy,
Client Access Re-direct
Hub Transport, Protocols, API,
Unified Messaging Biz-logic Protocols, Assista
nts, API, Biz-logic
Mailbox Assistants, Store, Mailbox
Store, CI
CI

17. Client Access Server Role
Domain-joined machine in the internal Active Directory forest
Thin, stateless (protocol session) server
Comprised of three components:
Client access protocols (HTTP, IMAP, POP)
SMTP
UM Call Router
Exchange-aware proxy server
Understands requests from different protocols (OWA, EWS, etc.)
Contains logic to route specific protocol requests to their destination end-point
Supports proxy and redirection logic for client protocols
Capable of supporting legacy servers with redirect or proxy logic

18. Client Access Array
A group of CAS organized in a load-balanced configuration
Designed to work with TCP affinity (aka, layer 4 LB)
Does not require application-level session affinity (aka, layer 7 LB)
Provides a unified namespace and authentication
Similar to Exchange 2010 in terms of providing a unified endpoint for
client connectivity and authentication

19. Outlook Connectivity Changes
Exchange 2013 supports RPC/HTTP only; No RPC/TCP
Benefits
• Simplifies the protocol stack
• Provides an extremely reliable and stable connectivity model
• RPC session is always on Mailbox server hosting active copy
• Eliminates need for RPC CAS Array and RPC CAS Array
namespace(s)
• Eliminates end user interruptions like “The Exchange administrator has
made a change that requires you to quit and restart Outlook” during
mailbox moves or *overs

20. Client Protocol Flow in Exchange
2013
Outlook Web App Outlook EAS EAC PowerShell POP/IMAP SMTP
SI
P
Load Balancer
Redirect
IIS POP, IM SIP + RTP
Client HTTP Proxy AP
SMTP UM
Access POP, IMAP SMTP
HTTP
IIS
RpcProxy
OWA, EAS, EWS, POP Transpo
UM
RPS ECP, OAB IMAP rt
RPC CA
Mailbox
MDB MailQ

21. Namespace Simplification
No longer requires multiple namespaces for site resilient solutions
or site-specific scenarios
Easy to setup a single, worldwide client access namespace
Can be used in coexistence with Exchange 2010

22. Single Common Namespace
Sue Sue
(somewhere in NA) mail.contoso.co (traveling
in APAC)
DNS Resolution m DNS Resolution via Geo-DNS
Round-Robin between # of VIPs Round-Robin between # of VIPs
VIP #1 VIP #2 VIP #3 VIP #4
DAG DAG

23. Split DNS
Outlook supports only a single RPC Proxy endpoint
If Outlook Anywhere is allowed on the Internet, this may have internal
Outlook clients connect to the external firewall for connectivity
Use split DNS to ensure that internal Outlook clients follow internal
pathway
Forces internal clients to use internal IP
Forces external clients to use external IP

24. Third-Party MAPI Products
Need to use RPC/HTTP to connect to CAS 2013
Exchange 2013 is the last release to support a MAPI/CDO download
Must move to Exchange Web Services
MAPI/CDO download updated to include support for RPC/HTTP
Will require third-party application configuration
either by programmatically editing a dynamic MAPI profile;
or by setting registry keys
Legacy environments can continue to use RPC/TCP

26. Front End Transport Service
Handles all inbound and outbound external SMTP traffic for the
organization, as well as client endpoint for SMTP traffic
Does not replace the Edge Transport Server role
Functions as a layer 7 proxy and has full access to protocol conversation
Does not queue mail locally, and is stateless
If enabled, all outbound traffic appears to come from CAS 2013
Listens on TCP25 and TCP587 (two receive connectors)

27. Front End Transport Service
Network protection – centralized, load-balanced egress/ingress point
for the organization
Mailbox locator – avoids unnecessary hops by determining the best
MBX 2013 to deliver the message

28. Front End Transport Service
External SMTP External SMTP
Front End Transport service
SMTP Receive SMTP Send
Protocol
Agents
Hub Selector
SMTP from MBX 2013 SMTP to MBX 2013

29. Inbound | Outbound Mail Flow
Inbound Mail Flow Outbound Mail Flow
1. FET accepts initial SMTP 1. MBX 2013 determines if mail
connection recipient is a remote destination
and selects a FET within local site
2. After DATA command is
when the FrontEndProxyEnabled
issued, FET determines the next
parameter on Send Connector is
destination for the recipients in the
set to $true
message
2. MBX 2013 connects to FET and
3. FET starts the SMTP proxy session
initiates SMTP conversation
to the appropriate destination
3. FET proxies outbound connection
to appropriate destination

30. Entry Point Routing
FET uses delivery groups: DAG, mailbox, AD site
Bifurcation does not occur on FET, so only one DAG or Mailbox server is
selected, regardless of the number of recipients in a message
Server selection within the delivery group is based on recipient type
• If message only has a single mailbox recipient, select MBX server
within delivery group based on proximity of AD site
• If multiple mailbox recipients, select MBX server in closest delivery
group, factoring in site proximity
• If there are no mailbox recipients (DG, MEUs, etc.), select a random
MBX 2013, giving preference to local AD site

31. Summary
New CAS architecture
• Simplifies the network layer
• Removes need for RPC CAS Array and RPC CAS Array Namespace
• Provides deployment flexibility
New Front End Transport Service
• Provides centralized, load-balanced egress/ingress point for the
organization and for client/application SMTP submissions
• Avoids unnecessary hops by determining the best place to deliver the
message

32. Questions?
Scott Schnoll
Principal Technical Writer
scott.schnoll@microsoft.com
http://aka.ms/schnoll
schnoll