Exchange 2007 Architecture and Deployment

Jim McBee

jmcbee@somorita.com

http://mostlyexchange.blogspot.com

AgendaMessaging Challenges64-bit Exchange ArchitectureServer RolesHigh AvailabilityUpgrading to Exchange 2007Summary

Exchange 2007 ThemesIT Pro Situation

E-mail is mission-critical

E-mail systems too complex/ expensive

Management tasks tedious, not automated

ControlControl

Org-wide Situation

Security the top concern

Spam and viruses compromise the e-mail experience

Regulatory compliance critical in many industries

Built-In Built-In ProtectionProtection

Info Worker Situation

Anywhere Anywhere AccessAccess

Users want easy access to all their communications

Mobile devices are increasingly common

Calendaring is frustrating

Why upgrade to Exchange 2007? More scalable Greatly improved OWA Consistent scripting interface Auto-discovery for Outlook

2007 Customizable over-quota and

NDR messages Per-Recipient Journaling Schedule-able OOF Local Continuous Replication Clustered Continuous

Replication Message routing based on

Active Directory sites No more Administrative

Groups! Restore databases to any

server

Unified messaging (voice mail, faxing, Outlook Voice Access)

Per-User Safe Sender and Blocked Sender lists

Transport rules (disclaimers, message security, attachment filtering)

E-mail Lifecycle Management OWA SharePoint document

access Improved message transport

security Simplified Exchange

Management Console Improved anti-spam features 32KB rules limit gone! Calendar Concierge

The New Exchange Architecture

The Move to 64 Bits Improved caching

– No more 4GB barrier– Can reduce I/O up to 70%

Reduce number of required spindles

– Fewer, larger drives to meet requirements

Removes kernel bottlenecks– Paged pool– Non-paged pool

Increases simultaneous connections

Recommended RAM– 2GB + 10MB per user

Why Change the Architecture?Scalability: support larger mailboxes and

a larger number of connected clientsSimplicity: use existing concepts in the

underlying Windows operating systemFlexibility: provide more flexibility in

deploying and managing ExchangeTrustworthy: protect against attacks,

malware, eavesdropping, and tampering

Simplified Deployment Improved management (see in EX02)

– Exchange Management Console– Exchange Management Shell– Administrative model

Role-based deployment Improved installation processNo more administrative groups Improved high availability features

Server Roles

Improved Installation Role Based installation

aims to reduce management complexity and improve security

– Servers can be optimized for the roles installed on it

– Increased availability through load balancing and clustering by roles

– Management by server roles is more intuitive

Install via GUI / Wizard Command line/scriptable

– Unattended Install (Exchange Management Shell)

Exchange 2007 Server RolesBy defining well-described roles, we can:

– Remove unnecessary functionality– Reduce the attack surface

Benefit: optimize server performance Benefit: reduced exposure in the perimeter

EdgeTransport

Server

HubTransport

Server

Mailbox Server

ClientAccessServer

UnifiedMessaging

Server

Perimeter Network Protected Network

Server Roles 1/5 Edge Transport

– Must be on its own separate physical machine – No other roles installed– May be workgroup member or joined to an Active

Directory domain– Uses Active Directory Application Mode (ADAM) for

configuration and recipient information– Perimeter policy enforcement (see EX03)– Message hygiene (see EX04)

• Anti-spam• Transport anti-virus

• Not Required

Server Roles 2/5 Client Access Server (CAS)

– Supports Outlook Web Access, Exchange ActiveSync, Outlook Anywhere (formerly RPC/HTTPS), POP3 and IMAP4 protocols, Auto-discover, and Web services

– At least one CAS in each site and domain where mailbox servers exist

– Requires good network connection to mailbox servers

– Uses RPC communication to mailbox server– MAPI/RPC clients connects directly to the mailbox

servers

Server Roles 3/5Hub Transport

– Handles message delivery and routing (see EX03)

– Applies policies to incoming and outgoing mail (see EX03)

– Can handle message hygiene functions– Reduces cost and complexity

• Provides more predictable routing• Reduces downtime

Server Roles 4/5Mailbox

– Responsible for serving mailbox databases and public folders

– Mailbox access through MAPI– Possible to require MAPI encryption– Possible to run without public folders– HA options:

• Local Continuous Replication (LCR)• Cluster Continuous Replication (CCR)• Single Copy Cluster (SCC)

Server Roles 5/5Unified Messaging

– Placed in the protected corporate network– Requires that Mailbox and Hub Transport

roles exist– Check with your phone vendor to see if their

phone system will work with UM server• May require PBX gateway

Network Placement Edge Transport Server:

– Perimeter placement recommended– Should not be a member of corporate AD forest

• Perimeter AD forest• Workgroup

– Must be connected to a Hub Transport server Client Access Server:

– ISA can publish OWA, RPC over HTTP, and ActiveSync

– At least one in every AD site with a mailbox server Hub Transport:

– At least one in every AD site with a mailbox server

Enterprise Topology

SMTPServer

PBX/VoIP

Mailbox

Mailbox

PublicFolders

InternalClients

`

EdgeTransport

Routing

Hygiene

HubTransport

Routing

Policy

ExternalClients

`Unified

Messaging

Voice Messaging

Fax

Outlook Voice Access

ClientAccess

ApplicationsOWA

ProtocolsEAS, POP, IMAP, Outlook Anywhere

ProgrammabilityWeb services, Web parts

Things to Consider Interdependencies

– Mailbox servers require the Hub Transport role for message delivery – even to the same database

– The CAS roles provide OWA, ActiveSync, RPC over HTTP, the Availability Service, Auto-discovery, and more

– The Edge role requires a Hub Transport server Fault tolerance

– Mailbox servers can only talk to Hub Transport servers in the same Active Directory site

– Mailbox servers will talk to Hubs on the same server before other Hubs in the same Active Directory site

– For proxy & re-direct scenarios CAS connects to "best" CAS CAS not the same as FE servers

Changes to Message Routing

Changes to Message Routing Routing uses Active Directory sites Hub Transport in one site always attempts

direct connect to another site first– When direct relay is not possible, uses automatically

established connections based on:• Sites• Site Links• Costs

RGs and RGCs not required No more link state updates Automatic configuration of routing topology Division of services between Hub and Edge

Changes to Message Routing Hub Transport routing changes significantly

– First, select a route– Then, attempt direct delivery along the route– Delay fan-out as long as possible

• Delay “bifurcation” or message split Route selection is simplified and deterministic

– Identify least cost route– If multiple routes with same cost, choose one with

lowest hop count– If equal sites exist, find last site prior to destination

Routing example

Site B Site C

Site D

Site A

To Edge or Not To EdgeEdge servers are optionalYou can continue to use other perimeter

SMTP relays and smart hostsHub Transport role can receive mail

directly from the Internet or send mail directly to the Internet

High Availability

Focus on High Availability Improve data availability

– Protect mailbox data from failures and corruptions– Reduce time required to restore mailbox data

Service availability– Make mailbox data more available– Make cluster failover less painful– Make cluster management easier– Support for ‘stretch’ or ‘geo-clusters’– Allow large mailboxes inexpensively

High Availability Options Hub Transport Role

– Redundant hardware– Automatically load balanced and redundant with multiple HTs

Edge, Client Access Server and Unified Messaging Roles

– Redundant hardware– Windows NLB or third party load balancing– Round robin DNS– DNS MX records (Edge only)

Mailbox Server Role– Replication and clustering– Local Continuous Replication (LCR for single servers)– Clustered Continuous Replication (CCR) – Single Copy Clustering (SCC)

Local Continuous Replication Additional copy of the logs

– On the same server– On a different volume

Benefits– Easy configuration– Single datacenter– Doesn’t require expensive hardware– Online backups– Very quick restoration of service

Drawbacks– Manual activation– Additional storage requirements

LCR Diagrammed

Copy of Database Copy of Transactio

nLogs

DatabaseTransactionLogs

Server

Clustered Continuous Replication Benefits

– Potentially no single point of failure– Two copies of the data on separate servers– No need for shared storage.– Full redundancy with automatic recovery– Backup mailboxes without disturbing production– Doesn’t require validation for clustered configuration

Drawbacks– Initial database seeding required– Servers must be on same subnet– Transaction logs pulled over SMB shares– Some scenarios required log validation, replay

CCR Caveats Requires Microsoft Cluster Services

– Majority Node Set cluster– Requires a third “voting” node - uses a shared folder

Two-node, Active/Passive only Backup:

– Streaming backup against production storage groups

– VSS backup against production and replica storage groups

Limit of one database per storage group Can be used for PF database if it is the only PF

database in the organization

CCR Diagrammed

Database TransactionLogs

RebuiltDatabase

ReplicatedTransaction

Logs

Server 1 Server 2

LCR versus CCR LCR

– Focused towards resiliency – Improve restore time– Administrator has to initiate restore manually– Single data-center solution– Implements log shipping and replay out of the box

• Log files are copied locally and replayed CCR

– Targeted towards site resiliency– Automatic failovers– Single or two-data center solution– Supports “stretch” option– Implements log shipping and replay out of the box

• Log files are copied to remote server and replayed– Simplifies cluster deployment

• No SAN or shared storage

Shared Copy Clusters Requires Microsoft Cluster Services Benefits

– Improved Exchange Cluster setup– Traditional clustering used today– Failovers use the same data copy

Disadvantages– Requires expensive hardware with shared storage– Can be complicated for admins to learn– Doesn’t protect from storage/data issues– Servers must be on same IP subnet– Data redundancy provided through partners

SCC Diagrammed

Shared Storage

Server 1 Server 2

Upgrading to Exchange Server 2007

Upgrade Paths Can upgrade organization from:

– Exchange 2000 Server– Exchange Server 2003

Cannot upgrade org from Exchange 5.5 No in-place server upgrades Move all existing mailboxes and services Consolidate Most new mailbox features require mailbox to

be homed on Exchange 2007 Many new features require Outlook 2007

Keeping Older Exchange Versions Exchange 2000

– Microsoft Mobile Information Server– Instant Messaging Service– Exchange Chat Service– Exchange 2000 Conferencing Server– Key Management Service– cc:Mail Connector– MS Mail Connector

Exchange 2003– Novell GroupWise Connector– Public folder access over OWA

Extending Exchange 2007 Agent API

– Transport agents– Managed code

Management API– Built on Exchange Management Shell– Complete access to all functionality– Scripts can integrate .NET objects– Can be called from managed code

Web Services API– Consistent remote interface into the store– Replaces WebDAV

De-emphasized APIs

Old API Replaced byCDOSYS

SMTP Transport Events Agent API

CDO 1.2.1CDOEx

EXOLEDBOWA URL commands

Store EventsWebDAV

Web Services for Exchange

Cut APIs

Old API Replaced by

CDOExMESEdbcli2

Exchange WMI classesQueue Viewer API

Management API

EDK GatewayRouting Objects

Agent API

CDO for WorkflowWorkflow Designer5.5 Event Service

ExIFSWSS Forms

Windows Workflow Foundation

ASP.NET

Infrastructure Requirements Schema Master DC requires Windows 2003 SP1 GCs used by Exchange 2007 require Windows 2003 SP1 AD domain functional level must be Windows 2000 native or

higher for:– Each domain that will host Exchange 2007 servers– Each domain that will host mail-enabled users

Multi forest topologies and forest trusts– Minimum forest functional level is Windows Server 2003.

No Exchange Server 5.5 servers in the organization; organization must be in native mode

DNS is correctly configured for the Active Directory forest Active Directory is prepared Note: WINS is no longer required

The Typical Upgrade Prepare Active Directory Deploy Edge Transport servers - Optional Deploy CAS servers Deploy Hub Transport servers Deploy Mailbox servers Move resources from Exchange 2000/2003

servers Uninstall Exchange 2000/2003 servers from

the Exchange organization Remove connectors between RGs Remove RGs

Summary64 bit architecture provides scalability

and consolidation wins Improved installation with role-based

deploymentMore High Availability optionsCloser integration with Windows and

Active Directory for consistent, flexible administration

New and improved management tools

For more information Visit TechNet

– http://www.microsoft.com/technet

Visit the Exchange 2007 home page– http://www.microsoft.com/exchange/preview/default.mspx – Get signed up for Beta 2!

Exchange Team blog– http://msexchangeteam.com

Exchange 2007 Documentation– http://go.microsoft.com/fwlink/?LinkId=69434

Requirements– http://www.microsoft.com/technet/prodtechnol/exchange/2007/

productevaluation/sysreqs.mspx

Questions?