Exchange 2013 ABC's: Architecture, Best Practices and Client Access

14,663 views

Published on

Presented by Michael Van Horenbeeck.

Published in: Technology
1 Comment
15 Likes
Statistics
Notes
No Downloads
Views
Total views
14,663
On SlideShare
0
From Embeds
0
Number of Embeds
71
Actions
Shares
0
Downloads
960
Comments
1
Likes
15
Embeds 0
No embeds

No notes for slide
  • Introduction & Welcome
  • Easy to setup a single worldwide client access namespace; mail.contoso.com Can use a single access namespace/URL with Exchange 2010E2013 no longer requires multiple namespaces for site resilient solutions or site specific scenariosLoad-balanced namespaces are not required for DAGs or Mailbox servers
  • Clients which do recurring AutoDiscover will discover legacy namespaceSame Site/Cross Site No Internet AccessRequest hits CAS 2013 which proxies to MBX 2013 which proxies to CAS 2007For cross site, CAS 2007 in internet site proxies to CAS 2007 in intranet siteCross site with internet accessClients are already configured using site specific URLNo change and requests continue to hit site specific URL and handled by CAS 2007
  • Easy to setup a single worldwide client access namespace; mail.contoso.com Can use a single access namespace/URL with Exchange 2010E2013 no longer requires multiple namespaces for site resilient solutions or site specific scenariosLoad-balanced namespaces are not required for DAGs or Mailbox servers
  • Easy to setup a single worldwide client access namespace; mail.contoso.com Can use a single access namespace/URL with Exchange 2010E2013 no longer requires multiple namespaces for site resilient solutions or site specific scenariosLoad-balanced namespaces are not required for DAGs or Mailbox servers
  • Exchange 2013 ABC's: Architecture, Best Practices and Client Access

    1. 1. © Microsoft Corporation. All Rights Reserved.
    2. 2. © Microsoft Corporation. All Rights Reserved.
    3. 3. Michael VanHorenbeeckTechnology Consultant @ Xylos
    4. 4. Did you already work with or install Exchange 2013 (in a lab)?
    5. 5. Architecture
    6. 6. Forefront Online Protection for Exchange Internal Network Phone system (PBX or VOIP) Edge Transport Hub Transport Routing and Routing and policy AV/AS External SMTP servers Mailbox Unified Messaging Stores mailbox and Voice mail and public folder items voice access Mobile phone Web Client Access browser Layer 7 LB Client connectivity Web services ADOutlook (remote user) Outlook (local user) Line of business application
    7. 7. Exchange deployments can be complicated Load balancing is difficult and can require expensive solutions When dedicated server roles are deployed, hardware can go unutilized or under-utilized Too many namespaces requiredCopyright© Microsoft Corporation
    8. 8. Use Building Blocks to facilitate deployments at all scales – from self- hosted, small organizations to Office 365 • Server role evolution • Network layer improvements • Versioning and inter-op principlesCopyright© Microsoft Corporation
    9. 9. Forefront Online Protection for Exchange Internal Network Exchange 2010 CAS MBX Edge (Array) (DAG) Transport Layer 4 load balancing External SMTP servers Mobile phone Web browserOutlook (remote Phone system user) (PBX or VOIP) Outlook (local user) LOB Application
    10. 10. EWS protocol MRS proxy protocol SMTP MRSProtocols, EWS MRSProxy Transport Transport MRS MRSProxy EWSServer Agents RPC CA Assistants Custom WS Assistants RPC CA XSO MailItem Banned XSO MailItem E2010Business Logic CTS Other API CTS Other API Content Content Store index Store indexStorage ESE File ESE File system system Server1 (Vn) Server2 (Vn+1)
    11. 11. Exchange 2010 Exchange 2013 Architecture Architecture L4 LB Hardware Load Balancer L7 LB AuthN, Proxy, Client Access Re-direct AuthN, Proxy, Re-direct Client Access Hub Transport, Protocols, API,Unified Messaging Biz-logic Protocols, Assistants, API, Biz-logic Mailbox Mailbox Assistants, Store, CI Store, CI
    12. 12. Architecture
    13. 13. Outlook Web App Outlook EAS EAC PowerShell POP/IMAP SMTP SI Load Balancer P Redirect IIS POP, SIP + RTP Client HTTP Proxy IMAP SMTP UM Access SMTP HTTP POP, IMAP IIS RpcProxy POP Transpo OWA, EAS, EWS, UM RPS ECP, OAB IMAP rt RPC CA Mailbox MDB MailQ
    14. 14. Geographical DNS Solution Sue Sue(somewhere in NA) (traveling mail.contoso.com in APAC) DNS Resolution DNS Resolution via Geo-DNS Round-Robin between # of VIPs Round-Robin between # of VIPs VIP #1 VIP #2 VIP #3 VIP #4 DAG DAG
    15. 15. Architecture
    16. 16. External SMTP External SMTP Front-End Transport PipelineSMTP Receive SMTP Send Protocol Agents Hub Selector SMTP from MBX 2013 SMTP to MBX 2013
    17. 17. box recipients, select MBX server in closest delivery group, factoring in site proximity23
    18. 18. Architecture
    19. 19. Managed Store IOPS reductions Larger mailbox support Modern public folders New search infrastructureCopyright© Microsoft Corporation
    20. 20. DB IOPS/Mailbox +97% 1 Reduction!0.8 Exchange 20030.6 Exchange 2007 Exchange 20100.4 Exchange 20130.2 0 Exchange 2003 Exchange 2007 Exchange 2010 Exchange 2013
    21. 21. 1 Day 150 11 MB1 Month 3300 242 MB 1 Year 39000 2.8 GB2 Years 78000 5.6 GB4 Years 156000 11.2 GB
    22. 22. Public logonPrivate Public logonlogon CAS2013 Content Hierarchy Mailbox Mailbox MBX MBX MBX 2013 2013 2013
    23. 23. Uses FAST Significantly improved query performance Significantly improved indexing performanceCopyright© Microsoft Corporation
    24. 24. FAST Primer Incoming Documents Incoming Queries CTS IMS Word Content Content Filter Query Parse Break XForm XForm “CTS Flow” MARS “IMS Flow” Writer FAST Core Catalog
    25. 25. Transport Transport CTS Mailbox Store ExSearch Index Node CTS Mailbox D Id D Id B x B xLog Log Read Content
    26. 26. Architecture
    27. 27. SMTP SMTP Transport Pipeline SMTP Receive Delivery Protocol SMTP Send Queue Agents Categorizer Routing Agents Pickup/Replay Submission Delivery Agents for Queue other protocols Delivery QueueSMTP from MBX Transport SMTP to MBX Transport Delivery Submission
    28. 28. SMTP from Transport SMTP to Transport Service Service Mailbox Transport SMTP Receive Pipeline SMTP Send Hub Selector Store Driver Deliver (Router) MBX Deliver Store Driver Submit Agents MBX Submit MBX Agents Assistants Mailbox Transport Delivery Mailbox Transport Submission MAPI MAPI Mailbox Store
    29. 29. If you have a stretched DAG, you also have transport site resilience Resubmits due to transport DB loss or MDB *over are fully automatic and do45
    30. 30. SMTP Transport Transport MBX Transport MBX TransportMAPI MAPI DB1 DB2 DB1 DB2 MBX1 MBX2 DAG
    31. 31. Protocol Flows
    32. 32. Exchange Server 2010 Coexistence - Autodiscover (External clients) Clients autodiscover.contoso.com CAS CAS 2010 PROXY PROXY 2010 handles handles E2010 CAS request E2013 CAS E2010 CAS request E2010/E2007 MBX E2010 MBX E2013 MBX E2010 MBX Internet facing site Intranet site
    33. 33. Exchange Server 2007 Coexistence - Autodiscover (External clients) Clients autodiscover.contoso.co m E2007 CAS E2013 CAS E2007 CAS PROXY MBX 2013 E2010/E2007 handles MBX E2007 MBX E2013 MBX request E2007 MBX Internet facing site Intranet site
    34. 34. Exchange Server 2010 Coexistence - Autodiscover (Internal clients) Lookup SCP records in AD Outlook Clients Internal LB namespace CAS CAS 2010 PROXY PROXY 2010 handles handles E2010 CAS request E2013 CAS E2010 CAS request E2010/E2007 MBX E2010 MBX E2013 MBX E2010 MBX Internet facing site Intranet site
    35. 35. Exchange Server 2007 Coexistence - Autodiscover (Internal clients) Lookup SCP records in AD Outlook Clients Internal LB namespace E2007 CAS E2013 CAS E2007CAS MBX 2013 E2010/E2007 handles MBX E2007 MBX E2013 MBX request E2007 MBX Internet facing site Intranet site
    36. 36. Protocol Flows
    37. 37. (2007)
    38. 38. Clients 2010Exchange Server 2007 andRPC/HTTP Coexistence - Outlook Anywhere mail.contoso.com RPC/HTTP 1. Enable Outlook Anywhere On intranet 2007/2010 servers HTTP HTTP PROXY E2013 CAS PROXY 2. Client Settings E2010/E2007 CAS E2010/E2007 CAS Enable OA Make 2007/2010 client settings Enable OA Enable OA Client Auth: Basic the same as 2013 Server Client Auth: Basic Client Auth: Basic IIS Auth: Basic IIS Auth: Basic IIS Auth: Basic NTLM NTLM 3. IIS Authentication Methods Must include NTLM RPC RPC E2010/E2007 MBX E2010/E2007 MBX E2013 MBX E2010/E2007 MBX Internet facing site Intranet site
    39. 39. Protocol Flows
    40. 40. OWAExchange Server 2010 Coexistence - OWA mail.contoso.com europe.mail.contoso.com Layer 4 LB Layer 7 LB Same HTTP Auth HTTP Auth Cross site PROXY 2013 PROXY 2010 site proxy logon logon proxy E2010 CAS request E2013 CAS page page E2010 CAS request RPC RPC E2010/E2007 MBX E2010 MBX E2013 MBX E2010 MBX Internet facing site Intranet site
    41. 41. OWAExchange Server 2007 Coexistence - OWA legacy.mail.contoso.co mail.contoso.com europe.mail.contoso.com m Layer 4 LB Layer 7 LB Layer 7 LB Auth Auth HTTP Auth 2007 2013 PROXY 2007 logon logon logon E2007 CAS page E2013 CAS page E2007 CAS page RPC RPC E2010/E2007 MBX E2007 MBX E2013 MBX E2007 MBX Internet facing site Intranet site
    42. 42. Protocol Flows
    43. 43. Exchange Server 2010 Coexistence – EAS/EWS EAS/EW S europe.mail.contoso.com mail.contoso.com Layer 4 LB Layer 7 LB Same HTTP HTTP Cross site PROXY PROXY site proxy proxy E2010 CAS request E2013 CAS E2010 CAS request E2010/E2007 MBX E2010 MBX E2013 MBX E2010 MBX Internet facing site Intranet site
    44. 44. Exchange Server 2007 Coexistence – EAS, EWS EAS, EWS legacy.mail.contoso.com mail.contoso.com europe.mail.contoso.com Layer 7 LB Layer 4 LB Layer 7 LB E2007 CAS E2013 CAS E2007 CAS E2010/E2007 MBX E2007 MBX E2013 MBX E2007 MBX Internet facing site Intranet site
    45. 45. Namespaceplanning
    46. 46. A Single External Namespace ExampleGeographical DNS Solution Sue Sue(somewhere in NA) (traveling mail.contoso.com in APAC) DNS Resolution DNS Resolution via Geo-DNS Round-Robin between # of VIPs Round-Robin between # of VIPs VIP #1 VIP #2 VIP #3 VIP #4 DAG DAG
    47. 47. Multiple Namespace Example Round-Robin Sue between # of Sue(somewhere na.contoso.com VIPs emea.contoso.com (traveling in NA) in APAC) VIP #1 VIP #2 VIP #3 VIP #4 DAG DAG Sue Sue(somewhere Round-Robin (traveling in NA) between # of in APAC) na.contoso.local VIPs emea.contoso.local
    48. 48. Deployment
    49. 49. 1. Prepare Install Exchange 2010 SP3 across the ORG Clients Validate existing Client Access using ExRCA and built- autodiscover.contoso.com in Test cmdlets mail.contoso.com Prepare AD with E2013 schema 2 4 2. Deploy Exchange 2013 servers1 Install both E2013 MBX and CAS servers 3. Obtain and Deploy Certificates E2010 E2010 E2013 Exchange 2010 Obtain and deploy certificates on E2013 Client 3 Servers Access Servers HUB CAS CAS SP3 4. Switch primary namespace to Exchange 2013 CAS SP3 E2013 fields all traffic, including traffic from Intranet site Exchange 2010 users Validate using Remote Connectivity Analyzer 5 6 5. Move Mailboxes E2010 E2013 Build out DAG MBX MBX Move E2010 users to E2013 MBX 6. Repeat for additional sites Internet facing site – Upgrade first
    50. 50. 1. Prepare Clients Install Exchange 2007 SP3 + RU across the ORG autodiscover.contoso.com mail.contoso.com 3 Prepare AD with E2013 schema and validate legacy.contoso.com 2. Deploy Exchange 2013 servers 5 Install both E2013 MBX and CAS servers1 2 3. Create Legacy namespace Create DNS record to point to legacy E2007 CAS 4. Obtain and Deploy Certificates Exchange 2007 Obtain and deploy certificates on E2013 Client Access E2007 E2007 E2013 4 Servers SP3 SP3 CAS Servers configured with legacy namespace, E2013 HUB CAS RU RU namespace and Autodiscover namespace Deploy certificates on Exchange 2007 CAS RU Intranet site 5. Switch primary namespace to Exchange 2013 CAS Validate using Remote Connectivity Analyzer 6 7 6. Move Mailboxes E2007 E2013 SP3 Build out DAG MBX MBX Move E2007 users to E2013 MBX Internet facing site – Upgrade first 7. Repeat for additional sites
    51. 51. 1. Prepare Clients Install Exchange SP and/or updates across the ORG autodiscover.contoso.com mail.contoso.com Prepare AD with E2013 schema and validate 2. Deploy Exchange 2013 servers1 3. Create Legacy namespace 4. Obtain and Deploy Certificates Exchange 2010 E2010 E2010 or 2007 Servers 5. Switch primary namespace to Exchange 2013 CAS or 2007 or 2007 HUB CAS SP/RU 6. Move Mailboxes SP/RU Intranet site 7. Repeat for additional sites E2010 or 2007 MBX Internet facing site – Upgrade first
    52. 52. 2 1Install both MBX and CAS InstallServersMBX performs PowerShell commands − Setup.exe /mode:install /roles:clientaccessCAS is proxy only − Setup.exe /mode:installExchange 2013 Setup /roles:mailbox − Setup.exe /mode:installGUI or command line /roles:ManagementToolsIn-place upgrades are not supportedUpdated to reflect Exchange 2013 roles Other required parameter - /IAcceptExchangeServerLicenseTermsParametersNew required parameter for license termsacceptance
    53. 53. Certificates 4 1
    54. 54. 51
    55. 55. 51

    ×