SLBdiensten: Windows 10 deployment met Microsoft Deployment Toolkit en Setup Commander
Exchange Deployment Planning Services Setup, Deployment, and Server Role Configuration Module.
-
Upload
herbert-chandler -
Category
Documents
-
view
249 -
download
2
Transcript of Exchange Deployment Planning Services Setup, Deployment, and Server Role Configuration Module.
Exchange Deployment Planning Services
Setup, Deployment, and Server Role Configuration Module
Agenda of this module
Deployment scenarios Deployment prerequisites Role setup and configuration
Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role
Virtualization deployment guidelines Federation
Ideal audience for this workshop Messaging SME Networking SME Security SME
Setup and Deployment Audience
Setup, Deployment, and Server role configuration
In this module focus on the following: How to setup and deploy Exchange
2010 server roles Recommended deployment method
Setup, Deployment, and Server role configuration
After this module you should have: Understanding of where your
organization stands in relation to Exchange 2010 requirements
A high level list of tasks to accomplish prior to the deployment effort
How to deploy Exchange 2010 infrastructure at a high level
Agenda of this module
Deployment scenarios Deployment prerequisites Role setup and configuration
Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role
Virtualization deployment guidelines Federation
Server Deployment ScenariosSmall and Medium-Size Organizations• Small organizations
− Exchange Online− Combined role servers – can run all roles on 2 servers
(including DAG)− Third server needed to act as witness server
• Mid-market – multiple servers to run− Active Directory® Domain Services (AD DS)− Dedicated Mailbox server role − Client Access server and Hub Transport server role –
potentially combine− Unified Messaging server role (optional, dedicated)**− Combined roles− Can install Hub, CAS and/or UM on a Mailbox server that is
part of DAG− Cannot combine Edge Server role with other roles− UM combination only recommended in a single server
deployment − Role combination is always a performance management
exercise
Server Deployment ScenariosLarge and Complex Organization• Large and/or complex organizations
− Consider “all-in-one” server− Mailbox/CAS/HUB− Used by MSIT, BPOS, large customers
− Consider dedicated server(s) for:− Low core count servers/limited RAM− Unified Messaging server role (optional)− Edge Transport server role (must be
dedicated)− Follow current best practices for Active
Directory infrastructure
Deployment ChangesFeatures Dropped− Replication Options
− LCR: Local continuous replication − CCR: Cluster Continuous Replication− SCC: Single Copy Cluster− Log shipping via Server Message Block (SMB)
− Inbound Fax− Clustering Change
− Clustered mailbox servers− Running setup in cluster mode− Moving a clustered mailbox server
− Storage groups − Properties moved to database objects
− Streaming backups− WebDAV− 32-bit Client Administration Tools
Inbound FAX• UM retains Exchange Server 2007 UM fax
configuration properties, and will continue to be sensitive to fax tone on calls that it answers− If fax tone is detected, UM will look at a new configuration
property on UM Mailbox Policy objects (FaxServerURI) to determine if an Exchange 2010 UM partner fax solution is installed (and if so, where)
− If a value is found for the property, UM will attempt to hand off the call in progress to the partner fax solution—the partner fax solution will establish a fax media session with the sender, create a fax message and send it to the UM-enabled user’s mailbox
• Messages created by Exchange 2010 UM partner fax solutions will look essentially the same as those created by Exchange Server 2007 UM, and will appear as a fax when the user is UM-enabled
Agenda of this module
Deployment scenarios Deployment prerequisites Role setup and configuration
Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role
Virtualization deployment guidelines Federation
Deployment PrerequisitesSupported Upgrade Path• In-place upgrades are not a valid scenario• You cannot add an Exchange 2010 server to an existing
Exchange organization if it contains Exchange Server 5.5 or 2000 servers
• You cannot add Exchange Server 2007 servers to an Exchange 2010 organization that doesn’t have existing Exchange Server 2007− Greenfield Exchange 2010− Upgraded directly from Exchange 2003 to Exchange 2010
• Exchange organization must be in native mode• Exchange Server 2003 and 2007 servers must be at the
following service pack levels to add 2010 servers to the org:− Exchange Server 2003 SP2− Exchange Server 2007 SP2 for the following:
− All CAS servers in the organization− All UM servers in the organization− All Exchange Servers in any Active Directory site that will contain
Exchange 2010 servers
Deployment PrerequisitesSupported Upgrade Path
• Deployment sequence− Client Access server role− Hub Transport server role− Unified Messaging server role (optional)− Mailbox server role− Edge Transport server role (optional) on
separate server − AKA as the CHUM file deployment order
Deployment PrerequisitesActive Directory
• Minimum requirements− Windows Server® 2003 SP1 global catalog server
is installed in each Exchange Active Directory site
− Windows Server 2003 forest functional level− ADRAP is recommended
• Supported versions of Active Directory− Windows Server 2003 SP2 and R2− Windows Server 2008 SP2 and R2
• Validate existing environment• DCDiag: basic domain diagnostics• NetDiag: network diagnostics• Monitor replication health
− 2003: REPLMON− 2008: REPadmin− http://blogs.technet.com/askds/archive/2009/07/01/getting-over-replmon.
aspx
• NETDom: domain and trust diagnostics• ExBPA
− Requires Exchange 2010 SP1
• Windows Update
Deployment PrerequisitesActive Directory
Deployment PrerequisitesActive Directory• /PrepareSchema
− Requires Schema Administrator and Enterprise Administrator rights
− Must be done from a 64-bit server with prerequisites installed− Verify replication − Organization name not required
• /PrepareAD − Requires Enterprise Administrator− Exchange Organization Administrator rights if the enterprise
administrators have been explicitly denied access to the Exchange configuration
− Requires /OrganizationName
• /PrepareDomain − Requires Domain Administrator rights
• Windows Server 2008 SP2 Platform Pre-reqs− .NET Framework 3.5 SP1− .NET Framework 3.5 Family Update− Windows Management Framework
(WinRM 2.0 and Windows PowerShell v2)− RTM: Hub / Mailbox: Microsoft Filter Pack− SP1: Hub / Mailbox:
Office 2010 Filter Packs
• Windows Server 2008 R2 Platform Pre-reqs− RTM: Hub / Mailbox: Microsoft Filter Pack− SP1: Hub / Mailbox:
Office 2010 Filter Packs
Deployment PrerequisitesServer OS Preparation
• Required Hotfixes− Client Access Servers
− KB983440 – Win7 rollup package (PR for QFE 810219)
− KB977020 – FIX: An application…throws an exception on a computer that is running Windows 7
− KB982867 – WCF: Enable WebHeader settings on the RST/SCT
− Optional: additional fix for WCF (KB972251) for specific scenario where smartcards are being used to authenticate access to ECP
Deployment PrerequisitesServer OS Preparation
• Required Components− Unified Messaging Servers
− UCMA – Unified Communications Managed API 2.0, Core Runtime (64-bit)
− Microsoft Server Speech Platform Runtime (x64)
Deployment PrerequisitesServer OS Preparation
• Automate Windows 2008 SP2 OS pre-reqsServerManagerCmd -i RSAT-ADDS Web-Server Web-Metabase Web-Lgcy-Mgmt-Console Web-ISAPI-Ext NET-HTTP-Activation Web-Basic-Auth Web-Digest-Auth Web-Windows-Auth Web-Dyn-Compression RPC-over-HTTP-proxy Web-Net-Ext –Restart
• Pre-defined XML files available with build− Typical Install (M/H/C)
ServerManagerCmd -ip <Exchange install files>\Scripts\Exchange-Typical.xml -Restart
Deployment PrerequisitesServer OS Preparation
• Automate Windows 2008 R2 OS pre-reqs− Use Add-WindowsFeature cmdlet instead
of Server Manager or ServerManagerCmdImport-Module ServerManagerAdd-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy –Restart
• http://technet.microsoft.com/en-us/library/bb691354(EXCHG.141).aspx
Deployment PrerequisitesServer OS Preparation
• Automate platform pre-reqsFilterPackx64.exe /quiet /norestartdotNetFx35setup.exe /quiet /norestart
• Client Access servers− Net.Tcp Port Sharing service set to
Automatic start− Need to manually set on Windows 2008 SP2
Set-Service NetTcpPortSharing -StartupType Automatic
Deployment PrerequisitesServer OS Preparation
Setup – New GUI Experience
• Language Packs
Language Packs
installed from splash
screen
Setup – New GUI Experience• Client Access servers: Internet-facing
Setup – New GUI Experience
• Organization Prerequisites: Greenfield
Setup – New Experience (SP1)• Install required Windows Roles and Features• RTM -> SP1 Upgrade
− Setup.com /m:upgrade /installwindowscomponents
Setup – New GUI Experience (SP1)• Apply strict split permissions security model− Typically used by large orgs
that completely separate responsibility for management of Exchange and Active Directory between different groups of people
− Removes ability for Exchange servers and admins to create Active Directory objects, such as users, groups and contacts, as well as the ability to manage non-Exchange attributes on those objects
• All client connections are routed through a Client Access server installation, except Outlook public folder access
• You must have at least one Client Access server role in each site where Exchange 2010 Mailbox server(s) exist
• CAS <-> Mailbox RPC communication requires a high bandwidth/low latency network connection
• Exchange 2010 CAS servers require FBA enabled on Exchange Server 2003 and 2007 FE/CAS servers− If basic authentication is enabled, users will be prompted
twice for credentials− Can be an issue if using 3rd party reverse proxy solution
that doesn’t support FBA
Client Access Server RoleDeployment
28
Client Access Server RolePost-Installation Activities• Secure the Client Access server messaging
environment− Use the Security Configuration Wizard − Ensure that a valid third-party commercial SSL certificate or
Windows PKI certificate is installed on the Client Access server
• Configure Autodiscover• Configure OAB distribution point• Optional
− Configure Availability service for other Exchange organizations
− Configure Federation− Enable Outlook Anywhere
• Customize Exchange ActiveSync® mailbox policies29
• You must have at least one Hub Transport server role in each site where Exchange 2010 Mailbox server(s) exist
• Hub <-> Mailbox RPC communication requires a high bandwidth/low latency network connection
Hub Transport Server RoleDeployment
30
Hub Transport Server RolePost-Installation Activities
• Configure accepted domains− Create an accepted domain for each domain for
which you will accept email
• Subscribe Edge Server/Perimeter Hygiene Appliance
• Configure Internet Mail Flow− Manual process if Edge is not configured
• Configure external post master recipient• Configure cross-forest connectors• Move location of transport queue and
transport logs31
Edge Transport Server RoleDeployment
• It cannot have other roles installed • Infrastructure placement is in perimeter
network• The computer should not be member of
corporate Active Directory forest• The computer can be a member of a perimeter
network forest• Uses AD LDS to store configuration and
recipient information
32
Edge Transport Server RolePost-Installation Activities
• Verify successful role installation (setup logs, etc.)
• Set Administrator Permissions (local)• Lock down the server via the Security
Configuration Wizard• Configure the agents that provide the antivirus
and anti-spam protection, message policy, and message security features (all are enabled by default)
• If installing additional Edge Transport servers, you can execute a clone process to copy certain information between Edge Transport servers
• Enable Edge synchronization33
Mailbox Server RoleDeployment
• High Availability configured post-deployment
• Requires high bandwidth/low latency connections to CAS and HUB transport servers in its site
• 1st MBX server deployed gets three system mailboxes− E-discovery− Message Approval− Federated Email− Move these to another server if
decommissioning the 1st MBX server deployed34
Mailbox Server RolePost-Installation Activities• Verify successful installation of Mailbox server role• Configure permissions using the Exchange
administrator roles• Create mailboxes for users in your organization as
needed • Move mailboxes from an existing Exchange Server• Configure public folders (optional)• Configure Messaging Records Management• Configure continuous replication for data and service
availability• Configure backups for disaster recovery• Configure Calendar Concierge features• Configure out-of-office features• Configure the spam confidence level (SCL) junk e-
mail folder threshold35
Mailbox Server RoleOffline Address Book• Create additional address books if you need them
either via Exchange Management Console or Exchange Management Shell
• The OAB can be distributed in two ways− Web service – for Outlook 2007 or later clients− Public Folders – for down-level clients
• If you want to distribute the OAB via the web service, you must configure the CAS server as an OAB Distribution Point
• The OAB data is copied from the Mailbox server role to the Offline Address Book distribution points by a new Exchange 2010 service, the Microsoft Exchange File Distribution Service
36
Unified Messaging Server RoleDeployment• Infrastructure placement: corporate
network• Requires Mailbox and Hub Transport
server roles
37
Unified Messaging Server RolePost-Installation Activities• Verify successful installation of the UM server role• Add a UM server that will be in a new Dial Plan
− Create and configure a UM Dial Plan− Add a UM server to an existing UM Dial Plan− Enable users for Unified Messaging− Ensure IP/ VoIP gateways or IP- PBX are configured
properly− Create and configure a UM IP Gateway− Create and configure UM mailbox policies− Optional: create and configure UM Hunt Groups− Optional: create and configure UM Auto Attendant
• Add a UM server to an existing UM Dial Plan• Enable out-dialing
38
Latest Documentation on TechNet• http://technet.microsoft.com/en-us/
library/aa998636(EXCHG.141).aspx
39
Virtualization
• Windows Server 2008/R2 Hyper-V• Third party virtualization validated in
the Windows SVVP• Must meet all deployment guidelines
for non-virtualized systems• Storage Independent
− DAS: direct attached storage− iSCSI: Internet small computer system
interface− Dedicated pass-through storage
40
Virtualization SupportabilityExchange 2010
• Supported− Root: Hyper-V or SVVP− Guest:
− Exchange 2010− Windows 2008 SP2 or Windows 2008 R2− Mailbox, Client Access, Hub Transport, Edge roles− Meets basic Exchange system requirements− Storage is fixed Virtual Hard Disk (VHD), SCSI pass through, or iSCSI
• Not Supported− Combination of Exchange Mailbox HA and hypervisor-based
clustering or migration technologies− Snapshots, differencing/delta disks− VSS backup of root for pass-through disks− Unified Messaging role− Virtual/logical proc ratio greater than 2:1− Applications running in root partition
41
VirtualizationBest Practices
Follow current Exchange deployment and planning guidance
Determine where virtualization actually makes sense
More power-savings and cost savings possible when Exchange storage moves from SAN to DAS
Separate LUN’s for Root OS, guest OS VHD’s, and Hyper-V/VM storage
Eliminate single-points-of-failure
Dedicate host resources according to design specs for guests (processor and memory)
Proper host and guest performance testingJetStress, LoadGen, Hyper-V Hypervisor Performance Counters on host 42
VirtualizationDeployment Recommendations
• Virtualization isn’t free− Hypervisor adds overhead, must account for this
when sizing - ~5-12% in our Exchange 2010 tests
− Workload costs rise as well, though this is more difficult to characterize
• Hyper-V does not change Exchange design requirements from an application perspective− Design for Performance, Reliability, and Capacity
(MBX/Hub/Edge)− Design for Usage Profiles (CAS/MBX)− Design for Message Profiles (Hub/Edge) 43
VirtualizationRoot OS and Exchange Configuration
• Separate LUN/Arrays for Root OS, Guest OS VHD’s and Hyper-V/VM Storage− LUNs should employ RAID to provide data protection
and performance
• Exchange application is not Hyper-V aware− No plans to change Setup experience
• Build out virtual machine configuration prior to installing Exchange
• Exchange sizing guidance is basically the same for physical and Hyper-V systems− CPU and Memory rules of thumb apply
− Account for impact of hypervisor when sizing the root44
VirtualizationGuest OS Configuration
• Fixed VHD’s for Virtual OS− Need to account for page file consumption in
addition to OS requirements
15GB + VM Memory Size = Minimum VHD size
• VM Disk requirements for Exchange Roles must include space for .BIN (even if it’s not used)
CAS = OS VHD Size + (VM Memory Size)HUB = OS VHD Size + (VM Memory Size) + Queues
MBX = OS VHD Size + (VM Memory Size) + DB’s + Logs45
VirtualizationExchange Storage Configuration
• Exchange storage should be on spindles separate from Guest OS VHD physical storage
• Exchange storage must be Fixed VHD, SCSI pass-through or iSCSI− Preference is to use SCSI pass through to host
Queues, DB’s and Logfile streams− All disks should honor I/O stream segregation the
same as physical (separate DB and Log LUNs)
• FC/SCSI HBAs must be configured to Root OS and LUNs presented to VMs as pass through or VHD
46
Agenda of this module
Deployment scenarios Deployment prerequisites Role setup and configuration
Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role
Virtualization deployment guidelines Federation
Benefits of Exchange 2010 Federation• Federated Sharing provides
− Easy setup of external data sharing− Broader reach without additional steps to setup− More secure with controls for administrators and users
• Federated Sharing possible through− Server can act on behalf of specific user
− Specific user identified by e-mail address− User not prompted for credentials
− Microsoft Federation Gateway acting as a trust broker− Reduces explicit point-to-point trust management− No AD DS trusts, service or cloud accounts to manage− Minimizes certificate exchanges− Verifies domain ownership
Contoso
Joe
Mailbox
fabrikam.com
Org Relationship
Free Busy – WS and Federation Exchange 2010
Token: [email protected]
Fabrikam
Mary
fabrikam\mary
contoso.com
Microsoft Federatio
n Gateway
Org Relationship
Federated Trust
Federated Trust
Free busy request [email protected]
Free busy response [email protected]
Federated token
No AD trusts
or service accounts
No user action or client
publishing
Admin controls which orgs have
access
Admin controls
which users participateClient
Access Client Access
Convenient
Secure
Admin can control per user
Can specify external users
No service accounts, no replication
No user action required
No directory replication
Federated Delegation – Setup
ContosoFabrikam Federation Gateway
Organization Id: A154…Domains:
Organization Id: C293…Domains:
Federation trustOrganization ID: A154…URL: http://...
Federation trustOrganization ID: C293…URL: http://...
contoso.com
fabrikam.com DNS Recordcontoso.com TXT B42a…
DNS Recordfabrikam.com TXT 3F2j…
Certificate Certificate
Step 1 – Create trust with certificate exchange
Step 2 – Prove domain ownership
Step 3 – Add domains
Certificate
Federation Gateway
• Broker services only for the trusts between Exchange organizations
• No cached credentials in the cloud• Not a Microsoft passport / Windows
live credential set• Hosted in the Microsoft “Cloud” data
centre• Client access server (CAS) needs to
reach Microsoft Federation Gateway (MFG) via the Internet− Can’t be hosted in an isolated network
Federation Certificate Management
AD DS
FederationTrust object Current Certificate: 1
Organization Id: A154…Public Cert: 1
Federation Gateway
Reads the certificate from local machine store and set thumbprint in AD DS.
Securely installs certificate to all CAS/HUB servers in the same site the task runs
Local service pulls cert from remote sites to all CAS/HUB servers based on thumbprint information in AD DS
Uploads public cert to gateway
2010 CAS/HUB
Servers in same site where task is run
Servers in other sites
Cert distributi
on Service
2010 CAS/HUB
Local cert store
2010 Admin Box
Machine where task is run
Certificate 1
New-FederationTrust –thumbprint a05c2f…..
Local cert store
Certificate 1
Local cert store
Certificate 1
Import-ExchangeCertificate
Imports certificate from a file into the local machine’s certificate store
53
Set-OrganizationRelationship –FreeBusyAccessEnabled $TRUE-FreeBusyAccessLevel LimitedDetails
Get-FederationInformation –DomainName contoso.com | New-OrganizationRelationship
contoso.comfabrikam.com
Organization Relationship Commands - Configure Per Organization
Organization-level relationship removes need for individual AD DS recipients
Set-OrganizationRelationship -FreeBusyAccessScope department1
organizations
Enter External Organization info
Domain name, endpointDiscover info with cmdlet
Set the dialMaximum level of detail
Scope target usersSpecify which users in your org will share their Free/BusyDoes not restrict outbound Free/Busy requests
54
Federated Free/Busy Access
Token request Alias: [email protected] To: contoso.com For: Free/Busy
Federated Token Alias: [email protected] To: contoso.com For: Free/Busy
Free/ Busy request [email protected]
Org-Org relationshipDomain: contoso.comEndpoint: https://...…
Fabrikam Contoso
Org-Org relationshipDomain: fabrikam.comFreebusy: trueLevel: Free/BusyGroup: Department1…
Free/Busy request [email protected]
Free/Busy response [email protected]
1
2
3 4
5
7
6
8
Lookup info for target org
Exchange server submits signed request for token on behalf of user
Free/Busy response [email protected]
Encrypted token has requestor’s e-mail address, can only be cracked by target org
Crack token, lookup info for requesting org, and enforce restrictions
Signs token and encrypts with target org’s public key.
Gateway verifies signature, ensures e-mail alias matches domains
Federated Token
MS Federation Gateway
Organization Id: C293…Domains: fabrikam.com
CAS CAS
Organization Id: A154…Domains: contoso.com
Mary
All connections over Secure Sockets Layer (SSL)
No e-mail addresses are stored in the cloud
No accounts need to be managed
Encrypted
55
Exchange 2010 Federated Free/BusyInterop with Exchange Server 2007
• Use Exchange 2010 to proxy down-level requests− Configure Exchange Server 2007 Service Pack 2
(SP2) to proxy requests to Exchange 2010− Outlook 2007 still requires recipients in AD DS
Exchange Server 2007 SP2 Client Access Server
Exchange 2010 Client Access
Server
Add-AvailabilityAddressSpace -ForestName contoso.com-AccessMethodInternalProxy
Free/Busy request [email protected]
Fabrikam
56
Federated Calendar Sharing• Uses federation infrastructure
− Requires federation trust, but not org-org relationship
• Ad-hoc, person-person sharing− Does not require person to be in the GAL− Relationship created with sharing invitation
• Server maintains calendar subscription− Updated when user views the calendar− Server uses federated token to fetch data on
user’s behalf− Can be viewed by any client that views
mailbox folders− Attachments, attendees never not brought
over
• Exchange Web Services supports invitation, sync
Joe Marypeople
57
Federated Contact Sharing
• Same approach as federated calendar sharing − Same invitation
model− Same server-based
subscription model− Exchange 2010 and
Outlook Web App or Outlook 2010 required for setup
− OLK/OWA 2007 can view calendars once sync relationship established 58
Sharing Policy• Sharing policy limits level of
personal sharing− Calendar – Free/Busy, detailed
Free/Busy, reviewer− Contacts - reviewer− Identify specific domains or *− Enforced during invitations− Permissions monitored
• Default Policy− User can share Free/Busy with
anyone
• Admin can add policies− Apply per user
Contoso
Domain Calendar Contacts
* Freebusy None
Mailbox: JoeSharing Policy: Default Policy
Default Policy:
Domain Calendar Contacts
* Freebusy None
fabrikam.com Reviewer Reviewer
Mailbox: BillSharing Policy: Sales Policy
Sales Policy:
59
Exchange
Fabrikam
Exchange
Microsoft cloud services
Azure Services Platform
ISV AppsISV AppsEnterpris
eApps
Enterprise
Apps
Microsoft Online
OC OnlineOC Online
Dynamics CRM
Online
Dynamics CRM
Online
SharePoint Online
SharePoint Online
Microsoft Federation Gateway
Microsoft Federation Gateway
Exchange Online
Exchange Online
Contoso
Federation and Exchange Online
Sharing with partnersFree/Busy sharingFull calendar sharingContact sharing
Cross-premises coexistenceFree/Busy sharingFull calendar sharingSecure message deliveryMailbox move
GenevaGeneva
Employee
Single sign-on/single identityExchange Online Microsoft Online ServicesApplications hosted on Azure™
Single sign-on
AD DSAD DS
Federated sharing
60
Federated Delegation – Simplified Setup in Exchange 2010 SP1• Reduces certificate headaches
− Uses self-signed certificate by default− Exchange creates certificate for you− Still requires proof of domain ownership
− Content of DNS TXT record slightly different − Run Get-FederatedDomainProof to get content
• New Test-FederationTrust command − Helps to analyze issues
New Gateway
Federated Sharing – New GatewayExchange 2010 RTM only
ContosoFabrikam Current Gateway
Federation trustOrganization ID: G621…URL: http://...
Federation trustOrganization ID: F145…URL: http://...
contoso.com
fabrikam.com
Certificate Certificatecontoso.com
fabrikam.com
Federation trustOrganization ID: A154…URL: http://...
Federation trustOrganization ID: C293…URL: http://...
If a customer already has federation set up in Exchange 2010 RTM, they must migrate to a new gateway in Exchange 2010 SP1. Exchange 2010 SP1 customers use this gateway by default when setting up the federation trust.
Federation Summary• Exchange Federated Sharing provides
− Easy setup of external data sharing− Broader reach without additional steps to setup− More secure with controls for admins and users
• Exchange Federated Sharing is convenient− Sharing between two organizations or two people− No trusts or service accounts− No end user accounts and credential prompts
• Exchange Federated Sharing is secure− Control which organizations you share with− Control which users can share and at what level
• Exchange Federated Sharing works with online services
End of Setup, Deployment, and Server Role configuration Workshop
For More Information
• Exchange Server Tech Centerhttp://technet.microsoft.com/en-us/exchange/default.aspx
• Planning serviceshttp://technet.microsoft.com/en-us/library/cc261834.aspx
• Microsoft IT Showcase Webcasts http://www.microsoft.com/howmicrosoftdoesitwebcasts
• Microsoft TechNet http://www.microsoft.com/technet/itshowcase
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after
the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.