Exchange Deployment Planning Services

Setup, Deployment, and Server Role Configuration Module

Agenda of this module

Deployment scenarios Deployment prerequisites Role setup and configuration

Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role

Virtualization deployment guidelines Federation

Ideal audience for this workshop Messaging SME Networking SME Security SME

Setup and Deployment Audience

Setup, Deployment, and Server role configuration

In this module focus on the following: How to setup and deploy Exchange

2010 server roles Recommended deployment method

Setup, Deployment, and Server role configuration

After this module you should have: Understanding of where your

organization stands in relation to Exchange 2010 requirements

A high level list of tasks to accomplish prior to the deployment effort

How to deploy Exchange 2010 infrastructure at a high level

Agenda of this module

Deployment scenarios Deployment prerequisites Role setup and configuration

Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role

Virtualization deployment guidelines Federation

Server Deployment ScenariosSmall and Medium-Size Organizations• Small organizations

− Exchange Online− Combined role servers – can run all roles on 2 servers

(including DAG)− Third server needed to act as witness server

• Mid-market – multiple servers to run− Active Directory® Domain Services (AD DS)− Dedicated Mailbox server role − Client Access server and Hub Transport server role –

potentially combine− Unified Messaging server role (optional, dedicated)**− Combined roles− Can install Hub, CAS and/or UM on a Mailbox server that is

part of DAG− Cannot combine Edge Server role with other roles− UM combination only recommended in a single server

deployment − Role combination is always a performance management

exercise

Server Deployment ScenariosLarge and Complex Organization• Large and/or complex organizations

− Consider “all-in-one” server− Mailbox/CAS/HUB− Used by MSIT, BPOS, large customers

− Consider dedicated server(s) for:− Low core count servers/limited RAM− Unified Messaging server role (optional)− Edge Transport server role (must be

dedicated)− Follow current best practices for Active

Directory infrastructure

Deployment ChangesFeatures Dropped− Replication Options

− LCR: Local continuous replication − CCR: Cluster Continuous Replication− SCC: Single Copy Cluster− Log shipping via Server Message Block (SMB)

− Inbound Fax− Clustering Change

− Clustered mailbox servers− Running setup in cluster mode− Moving a clustered mailbox server

− Storage groups − Properties moved to database objects

− Streaming backups− WebDAV− 32-bit Client Administration Tools

Inbound FAX• UM retains Exchange Server 2007 UM fax

configuration properties, and will continue to be sensitive to fax tone on calls that it answers− If fax tone is detected, UM will look at a new configuration

property on UM Mailbox Policy objects (FaxServerURI) to determine if an Exchange 2010 UM partner fax solution is installed (and if so, where)

− If a value is found for the property, UM will attempt to hand off the call in progress to the partner fax solution—the partner fax solution will establish a fax media session with the sender, create a fax message and send it to the UM-enabled user’s mailbox

• Messages created by Exchange 2010 UM partner fax solutions will look essentially the same as those created by Exchange Server 2007 UM, and will appear as a fax when the user is UM-enabled

Agenda of this module

Deployment scenarios Deployment prerequisites Role setup and configuration

Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role

Virtualization deployment guidelines Federation

Deployment PrerequisitesSupported Upgrade Path• In-place upgrades are not a valid scenario• You cannot add an Exchange 2010 server to an existing

Exchange organization if it contains Exchange Server 5.5 or 2000 servers

• You cannot add Exchange Server 2007 servers to an Exchange 2010 organization that doesn’t have existing Exchange Server 2007− Greenfield Exchange 2010− Upgraded directly from Exchange 2003 to Exchange 2010

• Exchange organization must be in native mode• Exchange Server 2003 and 2007 servers must be at the

following service pack levels to add 2010 servers to the org:− Exchange Server 2003 SP2− Exchange Server 2007 SP2 for the following:

− All CAS servers in the organization− All UM servers in the organization− All Exchange Servers in any Active Directory site that will contain

Exchange 2010 servers

Deployment PrerequisitesSupported Upgrade Path

• Deployment sequence− Client Access server role− Hub Transport server role− Unified Messaging server role (optional)− Mailbox server role− Edge Transport server role (optional) on

separate server − AKA as the CHUM file deployment order

Deployment PrerequisitesActive Directory

• Minimum requirements− Windows Server® 2003 SP1 global catalog server

is installed in each Exchange Active Directory site

− Windows Server 2003 forest functional level− ADRAP is recommended

• Supported versions of Active Directory− Windows Server 2003 SP2 and R2− Windows Server 2008 SP2 and R2

• Validate existing environment• DCDiag: basic domain diagnostics• NetDiag: network diagnostics• Monitor replication health

− 2003: REPLMON− 2008: REPadmin− http://blogs.technet.com/askds/archive/2009/07/01/getting-over-replmon.

aspx

• NETDom: domain and trust diagnostics• ExBPA

− Requires Exchange 2010 SP1

• Windows Update

Deployment PrerequisitesActive Directory

Deployment PrerequisitesActive Directory• /PrepareSchema 

− Requires Schema Administrator and Enterprise Administrator rights

− Must be done from a 64-bit server with prerequisites installed− Verify replication − Organization name not required

• /PrepareAD − Requires Enterprise Administrator− Exchange Organization Administrator rights if the enterprise

administrators have been explicitly denied access to the Exchange configuration

− Requires /OrganizationName

• /PrepareDomain − Requires Domain Administrator rights

• Windows Server 2008 SP2 Platform Pre-reqs− .NET Framework 3.5 SP1− .NET Framework 3.5 Family Update− Windows Management Framework

(WinRM 2.0 and Windows PowerShell v2)− RTM: Hub / Mailbox: Microsoft Filter Pack− SP1: Hub / Mailbox:

Office 2010 Filter Packs

• Windows Server 2008 R2 Platform Pre-reqs− RTM: Hub / Mailbox: Microsoft Filter Pack− SP1: Hub / Mailbox:

Office 2010 Filter Packs

Deployment PrerequisitesServer OS Preparation

• Required Hotfixes− Client Access Servers

− KB983440 – Win7 rollup package (PR for QFE 810219)

− KB977020 – FIX: An application…throws an exception on a computer that is running Windows 7

− KB982867 – WCF: Enable WebHeader settings on the RST/SCT

− Optional: additional fix for WCF (KB972251) for specific scenario where smartcards are being used to authenticate access to ECP

Deployment PrerequisitesServer OS Preparation

• Required Components− Unified Messaging Servers

− UCMA – Unified Communications Managed API 2.0, Core Runtime (64-bit)

− Microsoft Server Speech Platform Runtime (x64)

Deployment PrerequisitesServer OS Preparation

• Automate Windows 2008 SP2 OS pre-reqsServerManagerCmd -i RSAT-ADDS Web-Server Web-Metabase Web-Lgcy-Mgmt-Console Web-ISAPI-Ext NET-HTTP-Activation Web-Basic-Auth Web-Digest-Auth Web-Windows-Auth Web-Dyn-Compression RPC-over-HTTP-proxy Web-Net-Ext –Restart

• Pre-defined XML files available with build− Typical Install (M/H/C)

ServerManagerCmd -ip <Exchange install files>\Scripts\Exchange-Typical.xml -Restart

Deployment PrerequisitesServer OS Preparation

• Automate Windows 2008 R2 OS pre-reqs− Use Add-WindowsFeature cmdlet instead

of Server Manager or ServerManagerCmdImport-Module ServerManagerAdd-WindowsFeature NET-Framework,RSAT-ADDS,Web-Server,Web-Basic-Auth,Web-Windows-Auth,Web-Metabase,Web-Net-Ext,Web-Lgcy-Mgmt-Console,WAS-Process-Model,RSAT-Web-Server,Web-ISAPI-Ext,Web-Digest-Auth,Web-Dyn-Compression,NET-HTTP-Activation,RPC-Over-HTTP-Proxy –Restart

• http://technet.microsoft.com/en-us/library/bb691354(EXCHG.141).aspx

Deployment PrerequisitesServer OS Preparation

• Automate platform pre-reqsFilterPackx64.exe /quiet /norestartdotNetFx35setup.exe /quiet /norestart

• Client Access servers− Net.Tcp Port Sharing service set to

Automatic start− Need to manually set on Windows 2008 SP2

Set-Service NetTcpPortSharing -StartupType Automatic

Deployment PrerequisitesServer OS Preparation

Setup – New GUI Experience

• Language Packs

Language Packs

installed from splash

screen

Setup – New GUI Experience• Client Access servers: Internet-facing

Setup – New GUI Experience

• Organization Prerequisites: Greenfield

Setup – New Experience (SP1)• Install required Windows Roles and Features• RTM -> SP1 Upgrade

− Setup.com /m:upgrade /installwindowscomponents

Setup – New GUI Experience (SP1)• Apply strict split permissions security model− Typically used by large orgs

that completely separate responsibility for management of Exchange and Active Directory between different groups of people

− Removes ability for Exchange servers and admins to create Active Directory objects, such as users, groups and contacts, as well as the ability to manage non-Exchange attributes on those objects

• All client connections are routed through a Client Access server installation, except Outlook public folder access

• You must have at least one Client Access server role in each site where Exchange 2010 Mailbox server(s) exist

• CAS <-> Mailbox RPC communication requires a high bandwidth/low latency network connection

• Exchange 2010 CAS servers require FBA enabled on Exchange Server 2003 and 2007 FE/CAS servers− If basic authentication is enabled, users will be prompted

twice for credentials− Can be an issue if using 3rd party reverse proxy solution

that doesn’t support FBA

Client Access Server RoleDeployment

28

Client Access Server RolePost-Installation Activities• Secure the Client Access server messaging

environment− Use the Security Configuration Wizard − Ensure that a valid third-party commercial SSL certificate or

Windows PKI certificate is installed on the Client Access server

• Configure Autodiscover• Configure OAB distribution point• Optional

− Configure Availability service for other Exchange organizations

− Configure Federation− Enable Outlook Anywhere

• Customize Exchange ActiveSync® mailbox policies29

• You must have at least one Hub Transport server role in each site where Exchange 2010 Mailbox server(s) exist

• Hub <-> Mailbox RPC communication requires a high bandwidth/low latency network connection

Hub Transport Server RoleDeployment

30

Hub Transport Server RolePost-Installation Activities

• Configure accepted domains− Create an accepted domain for each domain for

which you will accept email

• Subscribe Edge Server/Perimeter Hygiene Appliance

• Configure Internet Mail Flow− Manual process if Edge is not configured

• Configure external post master recipient• Configure cross-forest connectors• Move location of transport queue and

transport logs31

Edge Transport Server RoleDeployment

• It cannot have other roles installed • Infrastructure placement is in perimeter

network• The computer should not be member of

corporate Active Directory forest• The computer can be a member of a perimeter

network forest• Uses AD LDS to store configuration and

recipient information

32

Edge Transport Server RolePost-Installation Activities

• Verify successful role installation (setup logs, etc.)

• Set Administrator Permissions (local)• Lock down the server via the Security

Configuration Wizard• Configure the agents that provide the antivirus

and anti-spam protection, message policy, and message security features (all are enabled by default)

• If installing additional Edge Transport servers, you can execute a clone process to copy certain information between Edge Transport servers

• Enable Edge synchronization33

Mailbox Server RoleDeployment

• High Availability configured post-deployment

• Requires high bandwidth/low latency connections to CAS and HUB transport servers in its site

• 1st MBX server deployed gets three system mailboxes− E-discovery− Message Approval− Federated Email− Move these to another server if

decommissioning the 1st MBX server deployed34

Mailbox Server RolePost-Installation Activities• Verify successful installation of Mailbox server role• Configure permissions using the Exchange

administrator roles• Create mailboxes for users in your organization as

needed • Move mailboxes from an existing Exchange Server• Configure public folders (optional)• Configure Messaging Records Management• Configure continuous replication for data and service

availability• Configure backups for disaster recovery• Configure Calendar Concierge features• Configure out-of-office features• Configure the spam confidence level (SCL) junk e-

mail folder threshold35

Mailbox Server RoleOffline Address Book• Create additional address books if you need them

either via Exchange Management Console or Exchange Management Shell

• The OAB can be distributed in two ways− Web service – for Outlook 2007 or later clients− Public Folders – for down-level clients

• If you want to distribute the OAB via the web service, you must configure the CAS server as an OAB Distribution Point

• The OAB data is copied from the Mailbox server role to the Offline Address Book distribution points by a new Exchange 2010 service, the Microsoft Exchange File Distribution Service

36

Unified Messaging Server RoleDeployment• Infrastructure placement: corporate

network• Requires Mailbox and Hub Transport

server roles

37

Unified Messaging Server RolePost-Installation Activities• Verify successful installation of the UM server role• Add a UM server that will be in a new Dial Plan

− Create and configure a UM Dial Plan− Add a UM server to an existing UM Dial Plan− Enable users for Unified Messaging− Ensure IP/ VoIP gateways or IP- PBX are configured

properly− Create and configure a UM IP Gateway− Create and configure UM mailbox policies− Optional: create and configure UM Hunt Groups− Optional: create and configure UM Auto Attendant

• Add a UM server to an existing UM Dial Plan• Enable out-dialing

38

Latest Documentation on TechNet• http://technet.microsoft.com/en-us/

library/aa998636(EXCHG.141).aspx

39

Virtualization

• Windows Server 2008/R2 Hyper-V• Third party virtualization validated in

the Windows SVVP• Must meet all deployment guidelines

for non-virtualized systems• Storage Independent

− DAS: direct attached storage− iSCSI: Internet small computer system

interface− Dedicated pass-through storage

40

Virtualization SupportabilityExchange 2010

• Supported− Root: Hyper-V or SVVP− Guest:

− Exchange 2010− Windows 2008 SP2 or Windows 2008 R2− Mailbox, Client Access, Hub Transport, Edge roles− Meets basic Exchange system requirements− Storage is fixed Virtual Hard Disk (VHD), SCSI pass through, or iSCSI

• Not Supported− Combination of Exchange Mailbox HA and hypervisor-based

clustering or migration technologies− Snapshots, differencing/delta disks− VSS backup of root for pass-through disks− Unified Messaging role− Virtual/logical proc ratio greater than 2:1− Applications running in root partition

41

VirtualizationBest Practices

Follow current Exchange deployment and planning guidance

Determine where virtualization actually makes sense

More power-savings and cost savings possible when Exchange storage moves from SAN to DAS

Separate LUN’s for Root OS, guest OS VHD’s, and Hyper-V/VM storage

Eliminate single-points-of-failure

Dedicate host resources according to design specs for guests (processor and memory)

Proper host and guest performance testingJetStress, LoadGen, Hyper-V Hypervisor Performance Counters on host 42

VirtualizationDeployment Recommendations

• Virtualization isn’t free− Hypervisor adds overhead, must account for this

when sizing - ~5-12% in our Exchange 2010 tests

− Workload costs rise as well, though this is more difficult to characterize

• Hyper-V does not change Exchange design requirements from an application perspective− Design for Performance, Reliability, and Capacity

(MBX/Hub/Edge)− Design for Usage Profiles (CAS/MBX)− Design for Message Profiles (Hub/Edge) 43

VirtualizationRoot OS and Exchange Configuration

• Separate LUN/Arrays for Root OS, Guest OS VHD’s and Hyper-V/VM Storage− LUNs should employ RAID to provide data protection

and performance

• Exchange application is not Hyper-V aware− No plans to change Setup experience

• Build out virtual machine configuration prior to installing Exchange

• Exchange sizing guidance is basically the same for physical and Hyper-V systems− CPU and Memory rules of thumb apply

− Account for impact of hypervisor when sizing the root44

VirtualizationGuest OS Configuration

• Fixed VHD’s for Virtual OS− Need to account for page file consumption in

addition to OS requirements

15GB + VM Memory Size = Minimum VHD size

• VM Disk requirements for Exchange Roles must include space for .BIN (even if it’s not used)

CAS = OS VHD Size + (VM Memory Size)HUB = OS VHD Size + (VM Memory Size) + Queues

MBX = OS VHD Size + (VM Memory Size) + DB’s + Logs45

VirtualizationExchange Storage Configuration

• Exchange storage should be on spindles separate from Guest OS VHD physical storage

• Exchange storage must be Fixed VHD, SCSI pass-through or iSCSI− Preference is to use SCSI pass through to host

Queues, DB’s and Logfile streams− All disks should honor I/O stream segregation the

same as physical (separate DB and Log LUNs)

• FC/SCSI HBAs must be configured to Root OS and LUNs presented to VMs as pass through or VHD

46

Agenda of this module

Deployment scenarios Deployment prerequisites Role setup and configuration

Edge Transport server role Client Access server role Hub Transport server role Mailbox server role Unified Messaging server role

Virtualization deployment guidelines Federation

Benefits of Exchange 2010 Federation• Federated Sharing provides

− Easy setup of external data sharing− Broader reach without additional steps to setup− More secure with controls for administrators and users

• Federated Sharing possible through− Server can act on behalf of specific user

− Specific user identified by e-mail address− User not prompted for credentials

− Microsoft Federation Gateway acting as a trust broker− Reduces explicit point-to-point trust management− No AD DS trusts, service or cloud accounts to manage− Minimizes certificate exchanges− Verifies domain ownership

Contoso

Joe

Mailbox

fabrikam.com

Org Relationship

Free Busy – WS and Federation Exchange 2010

Token: mary@fabrikam.com

Fabrikam

Mary

fabrikam\mary

contoso.com

Microsoft Federatio

n Gateway

Org Relationship

Federated Trust

Federated Trust

Free busy request joe@contoso.com

Free busy response joe@contoso.com

Federated token

No AD trusts

or service accounts

No user action or client

publishing

Admin controls which orgs have

access

Admin controls

which users participateClient

Access Client Access

Convenient

Secure

Admin can control per user

Can specify external users

No service accounts, no replication

No user action required

No directory replication

Federated Delegation – Setup

ContosoFabrikam Federation Gateway

Organization Id: A154…Domains:

Organization Id: C293…Domains:

Federation trustOrganization ID: A154…URL: http://...

Federation trustOrganization ID: C293…URL: http://...

contoso.com

fabrikam.com DNS Recordcontoso.com TXT B42a…

DNS Recordfabrikam.com TXT 3F2j…

Certificate Certificate

Step 1 – Create trust with certificate exchange

Step 2 – Prove domain ownership

Step 3 – Add domains

Certificate

Federation Gateway

• Broker services only for the trusts between Exchange organizations

• No cached credentials in the cloud• Not a Microsoft passport / Windows

live credential set• Hosted in the Microsoft “Cloud” data

centre• Client access server (CAS) needs to

reach Microsoft Federation Gateway (MFG) via the Internet− Can’t be hosted in an isolated network

Federation Certificate Management

AD DS

FederationTrust object Current Certificate: 1

Organization Id: A154…Public Cert: 1

Federation Gateway

Reads the certificate from local machine store and set thumbprint in AD DS.

Securely installs certificate to all CAS/HUB servers in the same site the task runs

Local service pulls cert from remote sites to all CAS/HUB servers based on thumbprint information in AD DS

Uploads public cert to gateway

2010 CAS/HUB

Servers in same site where task is run

Servers in other sites

Cert distributi

on Service

2010 CAS/HUB

Local cert store

2010 Admin Box

Machine where task is run

Certificate 1

New-FederationTrust –thumbprint a05c2f…..

Local cert store

Certificate 1

Local cert store

Certificate 1

Import-ExchangeCertificate

Imports certificate from a file into the local machine’s certificate store

53

Set-OrganizationRelationship –FreeBusyAccessEnabled $TRUE-FreeBusyAccessLevel LimitedDetails

Get-FederationInformation –DomainName contoso.com | New-OrganizationRelationship

contoso.comfabrikam.com

Organization Relationship Commands - Configure Per Organization

Organization-level relationship removes need for individual AD DS recipients

Set-OrganizationRelationship -FreeBusyAccessScope department1

organizations

Enter External Organization info

Domain name, endpointDiscover info with cmdlet

Set the dialMaximum level of detail

Scope target usersSpecify which users in your org will share their Free/BusyDoes not restrict outbound Free/Busy requests

54

Federated Free/Busy Access

Token request Alias: mary@fabrikam.com To: contoso.com For: Free/Busy

Federated Token Alias: mary@fabrikam.com To: contoso.com For: Free/Busy

Free/ Busy request joe@contoso.com

Org-Org relationshipDomain: contoso.comEndpoint: https://...…

Fabrikam Contoso

Org-Org relationshipDomain: fabrikam.comFreebusy: trueLevel: Free/BusyGroup: Department1…

Free/Busy request joe@contoso.com

Free/Busy response joe@contoso.com

1

2

3 4

5

7

6

8

Lookup info for target org

Exchange server submits signed request for token on behalf of user

Free/Busy response joe@contoso.com

Encrypted token has requestor’s e-mail address, can only be cracked by target org

Crack token, lookup info for requesting org, and enforce restrictions

Signs token and encrypts with target org’s public key.

Gateway verifies signature, ensures e-mail alias matches domains

Federated Token

MS Federation Gateway

Organization Id: C293…Domains: fabrikam.com

CAS CAS

Organization Id: A154…Domains: contoso.com

Mary

All connections over Secure Sockets Layer (SSL)

No e-mail addresses are stored in the cloud

No accounts need to be managed

Encrypted

55

Exchange 2010 Federated Free/BusyInterop with Exchange Server 2007

• Use Exchange 2010 to proxy down-level requests− Configure Exchange Server 2007 Service Pack 2

(SP2) to proxy requests to Exchange 2010− Outlook 2007 still requires recipients in AD DS

Exchange Server 2007 SP2 Client Access Server

Exchange 2010 Client Access

Server

Add-AvailabilityAddressSpace -ForestName contoso.com-AccessMethodInternalProxy

Free/Busy request joe@contoso.com

Fabrikam

56

Federated Calendar Sharing• Uses federation infrastructure

− Requires federation trust, but not org-org relationship

• Ad-hoc, person-person sharing− Does not require person to be in the GAL− Relationship created with sharing invitation

• Server maintains calendar subscription− Updated when user views the calendar− Server uses federated token to fetch data on

user’s behalf− Can be viewed by any client that views

mailbox folders− Attachments, attendees never not brought

over

• Exchange Web Services supports invitation, sync

Joe Marypeople

57

Federated Contact Sharing

• Same approach as federated calendar sharing − Same invitation

model− Same server-based

subscription model− Exchange 2010 and

Outlook Web App or Outlook 2010 required for setup

− OLK/OWA 2007 can view calendars once sync relationship established 58

Sharing Policy• Sharing policy limits level of

personal sharing− Calendar – Free/Busy, detailed

Free/Busy, reviewer− Contacts - reviewer− Identify specific domains or *− Enforced during invitations− Permissions monitored

• Default Policy− User can share Free/Busy with

anyone

• Admin can add policies− Apply per user

Contoso

Domain Calendar Contacts

* Freebusy None

Mailbox: JoeSharing Policy: Default Policy

Default Policy:

Domain Calendar Contacts

* Freebusy None

fabrikam.com Reviewer Reviewer

Mailbox: BillSharing Policy: Sales Policy

Sales Policy:

59

Exchange

Fabrikam

Exchange

Microsoft cloud services

Azure Services Platform

ISV AppsISV AppsEnterpris

eApps

Enterprise

Apps

Microsoft Online

OC OnlineOC Online

Dynamics CRM

Online

Dynamics CRM

Online

SharePoint Online

SharePoint Online

Microsoft Federation Gateway

Microsoft Federation Gateway

Exchange Online

Exchange Online

Contoso

Federation and Exchange Online

Sharing with partnersFree/Busy sharingFull calendar sharingContact sharing

Cross-premises coexistenceFree/Busy sharingFull calendar sharingSecure message deliveryMailbox move

GenevaGeneva

Employee

Single sign-on/single identityExchange Online Microsoft Online ServicesApplications hosted on Azure™

Single sign-on

AD DSAD DS

Federated sharing

60

Federated Delegation – Simplified Setup in Exchange 2010 SP1• Reduces certificate headaches

− Uses self-signed certificate by default− Exchange creates certificate for you− Still requires proof of domain ownership

− Content of DNS TXT record slightly different − Run Get-FederatedDomainProof to get content

• New Test-FederationTrust command − Helps to analyze issues

New Gateway

Federated Sharing – New GatewayExchange 2010 RTM only

ContosoFabrikam Current Gateway

Federation trustOrganization ID: G621…URL: http://...

Federation trustOrganization ID: F145…URL: http://...

contoso.com

fabrikam.com

Certificate Certificatecontoso.com

fabrikam.com

Federation trustOrganization ID: A154…URL: http://...

Federation trustOrganization ID: C293…URL: http://...

If a customer already has federation set up in Exchange 2010 RTM, they must migrate to a new gateway in Exchange 2010 SP1. Exchange 2010 SP1 customers use this gateway by default when setting up the federation trust.

Federation Summary• Exchange Federated Sharing provides

− Easy setup of external data sharing− Broader reach without additional steps to setup− More secure with controls for admins and users

• Exchange Federated Sharing is convenient− Sharing between two organizations or two people− No trusts or service accounts− No end user accounts and credential prompts

• Exchange Federated Sharing is secure− Control which organizations you share with− Control which users can share and at what level

• Exchange Federated Sharing works with online services

End of Setup, Deployment, and Server Role configuration Workshop

For More Information

• Exchange Server Tech Centerhttp://technet.microsoft.com/en-us/exchange/default.aspx

• Planning serviceshttp://technet.microsoft.com/en-us/library/cc261834.aspx

• Microsoft IT Showcase Webcasts http://www.microsoft.com/howmicrosoftdoesitwebcasts

• Microsoft TechNet http://www.microsoft.com/technet/itshowcase

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after

the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.