Overview. Presentation Introduction Supported coexistence scenarios Upgrade and coexistence...

Exchange 2010Overview

Upgrading and Coexisting with Exchange 2010

Presentation

Content Introduction Supported coexistence scenarios Upgrade and coexistence Exchange 2003 Upgrade and coexistence Exchange 2007

Introduction

Exchange version Mainstream support phase

Extended support phase

Exchange Server 5.5 12/31/2003 1/10/2006

Exchange 2000 Server

12/31/2005 1/11/2011

Exchange Server 2003

4/14/2009 4/8/2014

Exchange 2007 4/10/2012 4/11/2017

Source: http://support.microsoft.com/lifecycle

Supported Coexistence Scenarios

Exchange version Exchange organization coexistence

Exchange Server 5.5 Not supported

Exchange 2000 Server Not supported

Exchange Server 2003 Supported

Exchange 2007 Supported

Mixed Exchange 2007 and Exchange Server 2003 organization

Supported

In-Place Upgrade NOT possible!

General Prerequisites

Exchange◦ Exchange 2003 Sp2◦ Exchange 2007 Sp2◦ Exchange organization in native mode

Active Directory◦ In every site 1 Global Catalog Win 2003 Sp2 or later◦ At least Windows Server 2003 forest functionality mode◦ Schema Master Win 2003 Sp2 or later

Planning Roadmap for Upgrade and Coexistence Be aware of new features Be aware of dropped features Understanding coexistence

◦ Management interfaces◦ Server role features◦ Routing differences

The order◦ Active Directory sites◦ Server roles

New from E2003 to E2007

From 2 server roles to 5 server roles: Client Access, Hub Transport, Edge Transport, Mailbox, Unified Messaging

64-bit only for production AD Sites replace Routing Groups Exchange Web Services & Autodiscover Unified Messaging New admin tools

New from E2007 to E2010

On-Premise & In-The-Cloud High Availability solution for mailboxes is

Database Availability Groups (DAG) RPC Client Access Service Management Tools (Exchange Binaries) are 64-bit

only

Exchange 2003 Dropped Features Routing groups Administrative groups Link state routing Exchange Installable File System (ExIFS) Event service ExMerge Outlook Mobile Access (OMA) Network News Transfer Protocol (NNTP)

Exchange 2007 Dropped Features Local Continuous Replication Fax services Single copy clusters (SCC) and along with them::

◦ Shared storage◦ Pre-installing a cluster

Clustered mailbox servers◦ Running setup in cluster mode◦ Moving a clustered mailbox server

Storage groups◦ Properties moved to database objects

Two copy limitation of CCR Streaming Backup WebDAV, ExOLEDB, CDOEx (“Entourage EWS” uses EWS)

Supported Client Access Methods Desktop

◦ Microsoft Office Outlook 2003 and later◦ POP/IMAP◦ Entourage

Web◦ Internet Explorer◦ Mozilla◦ Safari

Mobile◦ EAS + Third-Party vendors

Management Interfaces

Domain Partition

Configuration Partition

Schema Partition

Exchange 2003 Exchange 2007 Exchange 2010

ADUC / ESM

ESM

EMS/EMCRBAC

EMS/EMC/ECP

Management Console Interoperability Actions that create new objects, such as new mailboxes or a new

Offline Address Book, can only be performed on a version of the Exchange Management Console that is the same as the target object.

Exchange 2007 Mailbox databases cannot be managed from the Exchange 2010 Management Console, although these databases can be viewed.

Exchange 2010 Management Console can't enable or disable Exchange 2007 Unified Messaging mailboxes.

Exchange 2010 Management Console can't manage Exchange 2007 mobile devices.

Actions that require management can be performed on Exchange 2007 objects from the Management Console in Exchange Server 2010. These actions cannot be performed from the Management Console in Exchange 2007 on objects from Exchange Server 2010.

Management Console Interoperability ...2

Actions that require viewing of objects can be performed from any version of the Exchange Management Console to any version of Exchange objects with a few exceptions.

Exchange 2007 and Exchange 2010 transport rule objects can only be viewed from the corresponding version of the Exchange Management Console.

Exchange 2007 and Exchange 2010 servers can only be viewed from their corresponding version of the Exchange Management Console.

Exchange 2010 Management Console's Queue Viewer tool can't connect to an Exchange 2007 server to view queues or messages.

Upgrade Step-by-Step Start = internet accessible Active Directory sites first Step 1. Upgrade existing servers to SP2 Step 2. Deploy E2010 servers

◦ CAS first, MBX last◦ Start with a few, add more as you move mailboxes

Step 3. Legacy hostname for old FE/CAS◦ SSL cert purchase◦ End Users don’t see this hostname◦ Used when autodiscover and redirection from CAS 2010 tell clients to talk to

FE2003/CAS2007 for MBX2003/MBX2007 access Step 4. Move

◦ Internet hostnames to CAS2010◦ UM phone numbers to UM 2010◦ SMTP end point to HUB 2010

Step 5. Move Mailboxes Step 6. Decommission old servers Upgrade internal sites second (repeat same steps)

Start = Mix of E2003 and E2007

Introducing Exchange 2010

Mix of E2003 and E2007 and E2010

ESME2003


EMCE2007


EMS E2007


EMCE2010


EMS E2010

Namespaces and URLsHostnames and services exposed to Internet

Remote Connectivity Analyzerhttps://www.testexchangeconnectivity.com

Remote Connectivity Analyzer

Demo

Certificates ... Best practice: minimize the number of

certificates◦ 1 certificate for all CAS servers + reverse proxy +

Edge/HUB Use “Subject Alternative Name” (SAN)

certificate which can cover multiple hostnames

Wildcard Certificates◦ Yes◦ But: Windows Mobile 5 + Outlook Anywhere

Certificate Wizard in E2010

Transition to E2010 CAS1. Configure reverse proxy or external DNS

◦ Point legacy.contoso.com to FE2003/CAS2007

2. Transition from E2003: Ensure OWA can redirect user to correct URL◦ Configure Exchange2003URL parameter on CAS2010 OWA virtual

directory (https://legacy.contoso.com/exchange)

3. Test before switching over◦ Legacy.contoso.com works for Internet Access◦ Use the Exchange Remote Connectvity Analyzer

4. Transition from E2007: Tell CAS2010 how to send users to CAS2007:◦ Configure externalURL parameters on CAS2007 virtual

directories (OWA,EAS,EWS,OAB etc.) to point to legacy URL◦ Test that CAS2010 is redirecting/proxying to CAS2007

5. Configure reverse proxy or DNS

Transition to E2010 HUB Step 1. Upgrade existing E2003 and E2007 servers to SP2 Step 2. Install HUB and MBX 2010 Step 3. Switch Edgesync + SMTP to go to HUB2010 Step 4. Install Edge2010 Step 5. Switch internet email submission to Edge2010 HUB2007-HUB2010: SMTP HUB2007-MBX2007: RPC HUB2007-MBX2010: NO HUB2010-MBX2007: NO HUB2010-MBX2010: RPC EDGE2010-HUB2007Sp1: EdgeSync Yes

No OCSStep1. Introduce UM2010 to existing dial planStep 2. Route IP GW/PBX calls to UM2010 for dial planStep 3. Remove UM2007 after UM-enabled mailboxes have been moved

Transition to UM2010 With OCSStep 1. Introduce UM2010 with

new dial planStep 2. Remove UM2007 after

UM-enabled mailboxes have been moved

Move Mailboxes: Online & Offline Online = minimal user disruption (briefly

disconnected as recently received messages are copied over)

Online:◦ E2007 SP2, E2010 -> E2010, Exchange Online

Offline:◦ E2003 -> E2010◦ E2010 -> E2003/E2007

Exchange Deployment Assistant

http://technet.microsoft.com/en-us/exdeploy2010/default(EXCHG.140).aspx#Home

Exchange Deployment Assistant

Demo

Exchange 2010 :High Availability

Agenda

• Exchange 2010 High Availability Fundamentals

• High Availability Management

• Storage Improvements

• End-to-End Availability Improvements

• High Availability Design Examples

•Improved failover granularity•Simplified administration•Incremental deployment•Unification of CCR + SCR•Easy stretching across sites•Up to 16 replicated copies

High Availability Improvements

Easier & cheaper to deploy

Easier & cheaper to manage

Better SLAs

Reduced storage costs

Larger mailboxes

•Further IO reductions •RAID-less / JBOD support

Key benefits

•Improved transport resiliency•Online mailbox moves

Easier & cheaper to manage

Better SLAs

Improved mailbox uptime

More storage flexibility

Better end-to-end availability

Mailbox Server

• Evolution of Continuous Replication technology• Combines the capabilities of CCR and SCR into one platform• Easier than traditional clustering to deploy and manage• Allows each database to have up to 16 replicated copies• Provides full redundancy of Exchange roles on two servers

DB1

DB3DB2

DB4DB5

Mailbox Server

DB1DB2

DB4DB5

DB3

Mailbox Server

DB1DB2

DB4DB5

DB3

San Jose Dallas

Recover quickly from disk and database failures

Replicate databases to remote datacenter

Unified Platform for High Availability and Disaster Recovery

Client Access Server

Mailbox Server 1

Mailbox Server 2

Mailbox Server 3

Mailbox Server 6

Mailbox Server 4

AD site: Dallas

AD site: San Jose

Mailbox Server 5

Exchange 2010 High Availability Overview

Failover managed within Exchange

Easy to stretch across sites


All clients connect via CAS servers

Database Availability Group

Client

DB2

DB3

DB1 DB4

DB5

DB1

DB2

DB3

DB4

DB5

DB1

DB2

DB3

DB4

DB5

DB1

DB3

DB5

DB1

DB1

Database centric failover

High Availability Fundamentals

Database Availability Group (DAG)

Mailbox Servers

Mailbox Database

Database Copy

Active Manager


DB2

DB1

DB2

DB3

DB1

DB2

DB3

DB1

• RPC Client Access Service (Active Manager Client)

Active Manager

Active Manager

Active Manager

RPC Client Access Service

DB3

Exchange 2010 HA Fundamentals:Database Availability Group (DAG)

• Group of up to 16 servers• Wraps a Windows Failover Cluster• Defines the boundary of replication and failover/switchover

Mailbox Servers …. Host the active and passive copies of multiple mailbox

databases Support up to 100 Databases per server

Exchange 2010 HA FundamentalsMailbox Databases and Copies

Mailbox Database◦ Unit of Failover/Switchover◦ 30 second Database Failover/Switchover◦ Database names are unique across an forest

Mailbox Database Copy◦ A database has 1 Active copy in a DAG ◦ A server may not host more than 1 copy of a given

database◦ Replication of copies using Log Shipping◦ System tracks health of each copy

Exchange 2010 HA FundamentalsMailbox Database Copy Status• Healthy• Initializing• Failed• Suspended

• Resynchronizing• Seeding

• ActivationSuspended

• Mounted• Dismounted• Disconnected• FailedandSuspended

Exchange Server 2010 HA FundamentalsLog Shipping

Log shipping in Exchange Server 2010 leverages TCP sockets◦ Supports encryption and compression

Target Replication service notifies the active instance the next log file it expects

Source Replication service responds by sending the required log file(s)

Copied log files are placed in the target’s Inspector directory

Validation tests are performed prior to log replay

Exchange 2010 HA FundamentalsActive Manager

• High Availability’s Brain• Manages which database copies should be

active and passive• Source of definitive information on where a

database is active and mounted◦ Active Directory is primary source for configuration

information◦ Active Manager is primary source for changeable state

information such as active and mounted• A process that runs on every server in DAG

Active Manager

Exchange 2010 HA FundamentalsActive Manager Selection of Active Database Copy

• Active Manager selects the “best” copy to become when the active fails1. Ignores servers that are unreachable or activation is

temporarily or regularly blocked

2. Sorts copies by currency

3. Breaks ties in during sort based on Activation Preference

4. Selects from sorted listed based on copy status of each copy

Exchange 2010 HA FundamentalsClient Access

Exchange 2010

Exchange CAS NLB

Outlook Clients

MBX1 MBX2

Failover:Connected

client disconnected

for 30 seconds

CAS Failure:Client just reconnects

Agenda• Exchange 2010 High Availability

Fundamentals





Incremental Deployment Easy to add high availability to existing deployment High availability configuration is post-setup HA Mailbox servers can host other Server Roles

Mailbox Server 1

Mailbox Server 2


Mailbox Server 3

Datacenter 1 Datacenter 2

DB2

DB3

DB1

DB2

DB3

DB1

DB2

DB3

DB1

Reduces cost and complexity of HA deployments

Creating a Database Availability GroupExchange Management Console

Creating a Database Availability GroupExchange Management Shell

Create DAG

New-DatabaseAvailabilityGroup

Add servers to a DAG

Add-DatabaseAvailabilityGroupServer

Add database copies to a server in a DAG

Add-MailboxDatabaseCopy

Simplified Management

HA Administration within Exchange Recovery uses the same simple operation

for a wide range of failures Simplified activation of Exchange services

in a standby datacenter

Reduces cost and complexity of management

1

2

Managing Availability in the Exchange Management Console

3View locations and status of replicated copies

Take action (add copies, change master, etc.)

Select a database

High Availability Management

demo

DB2

DB3

DB1

DB2

DB3

DB1

DB2

DB3

Exchange Server 2010 Backups• Use a VSS backup solution

• Backup from any copy of the database/logs• Always choose Passive (or Active) copy• Backup an entire server • Designate a dedicated backup server for a given database

• Restore from any of these backups

VSS requestor

DB1

Mailbox Server 1

Mailbox Server 2


Mailbox Server 3


Fundamentals





Exchange 2010 Storage Enhancements

• 70% reduction in IOPS• Smoother IO patterns• Resilience against corruption

Storage ImprovementsPerformance Enhancements Enable New

Options

Storage Area Network (SAN)

Direct Attached w/ SAS Disks

JBOD SATA(RAID-less)

Direct Attached w/ SATA Disks

Read IOPS

Write IOPS

Ex 2003

Ex 2007

Ex 2010

Choose from a wide range of storage technologies without sacrificing system availability:

Lowering Exchange 2010 Storage Costs

• Optimized for DAS storage• Use larger, slower, cheaper disks

• Support larger mailboxes at lower cost

• HA provides resilience from disk failures• HA Solution remains unchanged regardless of data

volume size

• JBOD/RAID-less storage now an option• Requires 3+ DB Copies

Exchange 2010 Cost Savings

• Storage flexibility

• Simplified management

• Simplified site resilience

• All server roles on one server (Small deployments)

Storage Cost savings examples

E2003 SCC (FC SAN)

E2007 CCR (SAS

DAS)

E2010 DAG (SATA

DAS)

$0

$5

$10

$15

$20

$25

$30

$35

$27

$19

$13

$0

$34

$21

Server/Storage Capex $/Mailbox

$/Mailbox (500 MB)$/Mailbox (2 GB)

3000 Mailboxes2 Node Cluster

E2007 CCR (SAS DAS)

E2010 DAG (SATA DAS)

$0

$10

$20

$30

$32

$8

Hardware Capex $/Mailbox

$/Mailbox (2GB)

24,000 Mailboxes

4 x 2 Node CCR 2 copies (RAID)

6 Node DAG 3 copies (JBOD)

Double Server/Disk Failure Resiliency


Fundamentals





Improved Transport Resiliency Automatic Protection Against Loss of Queued Emails Due to Hardware Failure

Mailbox Server

HubTransport

Edge Transport

EdgeTransport

Servers keep “shadow copies” of items until they are

delivered to the next hop

X

• Simplifies Hub and Edge Transport Server upgrades and maintenance

Online Move Mailbox Limit User Disruption During Mailbox Moves And MaintenanceE-Mail Client

Mailbox Server 1 Mailbox Server 2


• Users remain online while their mailboxes are moved between servers Sending messages Receiving messages Accessing entire mailbox

• Administrators can perform migration and maintenance during regular hours

• Also can be used to migrate users from on-premise server to Exchange Online

• Exchange 2010 & Exchange 2007 SP2 Online

• Exchange 2003 Offline


Fundamentals





CAS/HUB/

MAILBOX 1

CAS/HUB/

MAILBOX 2

Mailbox servers in a DAG can host other Exchange server roles

Hardware Load Balancer

DB1

DB2

DB3

DB2

DB1

DB2

DB3

2 server configurations, should always use RAID

High Availability Design ExampleBranch Office or Smaller Deployment

High Availability Design ExampleDouble Resiliency

Single Site4 Nodes3 HA CopiesJBOD -> 3 physical Copies

Database Availability Group (DAG)

DB2

DB3

DB5DB4

DB7 DB8 DB1

DB2 DB3 DB4

MailboxServer 1

DB5 DB6 DB7

DB8 DB1 DB2

MailboxServer 2

MailboxServer 3

X

CAS NLB Farm

AD: Dublin

DB3 DB4 DB5

DB6 DB7 DB8

MailboxServer 4

DB1 X

DB6

Upgrade server 1Server 2 failsServer 1 upgrade is done2 active copies die

Site Resilience Datacenter Failover: Basics

• Customers can evolve to site resilience• Standalone Local Redundancy Site Resilience

• Keep extending the DAG

• No single subnet requirements• Normal administration remains unchanged• Disaster recovery usually requires manual

intervention• Standby datacenter is "always live"

High Availability for Other Server Roles

• Hardware load balancer (recommended) or Windows Network Load Balancing (NLB)

Client Access

• No special configuration required (load balancing and failover is automatic)

Hub Transport

• Use DNS round robin, Multiple MX recordsEdge

Transport

• Configure IP gateway to point to more than one UM server

Unified Messaging

High Availability for Other Server Roles

SummaryExchange 2010 High Availability …..

• Easier & Cheaper to deploy

• Simplified Administration

• Granular failover & recovery

• Better End-to-End Availability

• One Technology for both High Availability and Site Resilience

Exchange 2010 Management Tools

Exchange 2010 InvestmentsSimplify Administration

• Empower Specialist Users to Perform Specific Tasks with Role-based Administration− Compliance Officer - Conduct Mailbox Searches for Legal

Discovery− HR Officer - Update Employee Info in Company Directory

• Lower Support Costs Through New User Self-Service Options− Track Status of sent messages− Create and Manage Distribution Lists

The annual cost of helpdesk support staff for e-mail systems with 7,500 mailboxes is approximately $20/mailbox. This cost goes up the smaller the organization. (“Email Support Staff Requirements and Costs: A Survey of 136 Organizations”, Ferris Research, June 2008).

Exchange 2010 ManagementWhat's New?

• New Exchange Management Console features• Exchange Control Panel (ECP)

− New and simplified web based management console− Targeted for end users, hosted tenants, and specialists

• Role Based Access Control (RBAC)− New authorization model− Easy to delegate and customize− All Exchange management clients (EMS, EMC, ECP) use RBAC

• Remote PowerShell− Manage Exchange remotely using PowerShell v2.0− Note: No more local PowerShell, it's all remote in Exchange 2010

Exchange Management Console (EMC)Improvements

• Built on Remote PowerShell and RBAC• Multiple Forest Support• Cross-premises Exchange Management

−Including Mailbox Moves• Recipient Bulk Edit• PowerShell Command Logging• New feature support

−For Example: High Availability

Exchange Management Console

demo

Exchange Control Panel (ECP)What is it?

• A browser based Management client for end users, administrators, and specialists

• Simplified user experience for common management tasks

• Accessible directly via URL, OWA & Outlook 14• Deployed as a part of the Client Access Server role• RBAC aware

Exchange Control PanelWho will use it?

• Specialists

−Administrators can delegate to specialists e.g. Help Desk Operators, Department Administrator, and eDiscovery Administrators

• End Users

−Comprehensive self service tools for End Users

• Hosted Customers

−Tenant Administrators

Exchange Control PanelWhat It Looks Like

Primary Navigati

on

UI Scope Control

Secondary

Navigation

Slab

Exchange Control Panel

demo

ECP Architecture Overview

High Level View◦ AJAX-based◦ Shares some code with OWA, but two

separate applications◦ Deployed on Client Access Server◦ ECP ASP.Net RBAC PowerShell◦ Authentication

Windows Integrated, Basic, Forms Based

Browser support - Same as OWA premium◦ IE◦ Firefox◦ Safari

Web Browser

ECP Client Library

AJAX


HTTP.SYS (IIS)

LiveId/FBA Auth

PowerShell

Exchange Cmdlets

RBAC

ECP Server Library

ECP Architecture OverviewRole Based Access Control

Users shouldn't have access to message tracking◦ Message tracking tab

doesn't show up in ECP

• Users can edit mailboxes, but not create new ones◦"New Mailbox" button hidden

• Users can edit display name but not Department

◦Department field visible but read-only

RBAC in Exchange 2010• RBAC has replaced the permission model used in Exchange

2007

• Your “role” is defined by “what you do”

• Define precise or broad roles and assignments based on the tasks that need to be performed

Includes Self Administration Used by EMC, EMS and ECP

RoleGroup/USG

Who can do What… and Where?

Role Assignment

Policy

Role EntryCmdlet: Param1

Param2Param3


Param2Param3

<Role Entry>Cmdlet: Param1

Param2Param3

Role

Recipient Write Scope

Recipient Read Scope

Configuration Write

Scope

Configuration Read Scope

What?

Where?

Who?

Admins End-Users

Role Assignment


RoleGroup/USG Role

Assignment Policy


Param2Param3

Role



Configuration Write

Scope


What?

Where?

Who?

Admins End-Users

Role Assignment

New-ManagementRoleAssignmentGet-ManagementRoleAssignmentSet-ManagementRoleAssignmentRemove-ManagementRoleAssignment

Add-RoleGroupMemberRemove-RoleGroupMember

New-RoleAssignmentPolicyRemove-RoleAssignmentPolicy


Role Assignment

Policy


Param2Param3


Param2Param3

<Role Entry>Cmdlet: Param1

Param2Param3

Role



Configuration Write

Scope


What?

Where?

Who?

Admins End-Users

Role Assignment

OrganizationManagement<All Roles>

ViewOnlyOrgManagement<All Roles View-Only>

RecipientManagementPasswordManagementMailRecipientManagementDistributionGroupManagement…

UMManagementUMServerManagementUMRecipientManagement…

DiscoveryManagementMailboxSearchManagementLegalholdManagement

RoleGroupAssigned Roles

New-RoleGroupSet-RoleGroupGet-RoleGroupRemove-RoleGroup

RoleGroup/USG


RoleGroup/USG Role

Assignment Policy


Param2Param3

Role



Configuration Write

Scope


What?

Where?

Who?

Admins End-Users

Role Assignment

New-ManagementRoleAssignment –Name Sales-RecipMgt …-RecipientOrganizationalUnitScope “OU=Sales,CN=Users…”

New-ManagementScope –Name Sales-Recipients-RecipientRestrictionFilter “(Department –eq ‘Sales’)”

New-ManagementScope –Name Euro-Servers -ServerRestrictionFilter “(Name –like ‘EuroMBX*’)”

New-ManagementScope –Name VIP-Recipients-RecipientRestrictionFilter ((Title –eq ‘CEO’) –or (Title –eq ‘CIO’)-Exclusive

•Exclusive scopes take effect immediately

•Access is granted through Role Assignment to an Exclusive Scope

Custom Management Roles

• Custom Roles can be added to suit specific delegation requirements−Roles are hierarchical, with built-in role at the top−Role Entries can only be removed from a role

1.Create the management role

2.Change the new role's management role entries (by removing role entries)

3.Create a management scope (if required)

4.Assign the new management role

Custom Management RolesWhat does it look like?

New-ManagementRole -Name “eDiscovery-Sales” –Parent DiscoveryManagement

New-ManagementScope –Name “Sales Mailboxes” –DomainRestrictionFilter “(RecipientType –eq ‘UserMailbox’)” –DomainRoot “OU=Sales,DC=contoso,DC=Com”

New-ManagementRoleAssignment –Name “RA-Sales eDiscovery Administrators” –User “USG-Sales eDiscovery Admins” -Role “eDiscovery-Sales” –DomainScopeRestriction “Sales Mailboxes”

Role Based Access Control

demo

RBAC Role Delegation• Role membership is not a right to delegate

• RoleAssignment Delegation

−Special kind of Role Assignment

−Delegation does not grant role permissions

• RoleGroup Delegation

−Controlled through RoleGroup ownership

−ManagedBy parameter similar to DGs (Multi-Valued)

−Ownership does not grant RoleGroup permissons

RBAC Permissions ReportingGet-ManagementRoleAssignment

• Effective Roles for a User• Effective Users by Role/Scope/Group• Effective permissions to a Writable Object

Remote PowerShellNew management architecture for PowerShell in Exchange 2010

• Allows Role-based Access Control (RBAC) model− Restricted Runspace allows RBAC to hide cmdlets and parameters

• Client / Server separation− Remote PowerShell is always used to connect “remotely” to localhost

− Enables firewall and cross-forest scenarios

• “No Binaries” scenarios− Exchange-cmdlet management from a client machine which does not

have Exchange Management Tools (Exchange binaries) installed

Remote PowerShellHow does it work?

IIS

WSMan +RBAC stack:

Authorization

PSv2 RBACServer

Runspace

> New-Mailbox –Name Bob

PSv2 Client

RunspaceErik Erik: Role

AssignmentNew-Mailbox -NameGet-MailboxSet-Mailbox -Name

Cmdlets Available in Runspace:New-PSSession

> New-PSSession –URI https://server.fqdn.com/PowerShell/

Remote Cmdlets Available in Runspace:New-Mailbox -NameGet-MailboxSet-Mailbox -Name

Exchange Server

IIS: Authentication

Active Directory

Cmdlets Available in Runspace:New-Mailbox -NameGet-MailboxSet-Mailbox -Name

[Bob Mailbox Object in Pipeline]

Remote PowerShellHow Do I Use It?

$UserCredential = Get-Credential

$rs = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://<Exchange 2010 servername>/powershell –Credential $UserCredential

Import-PSSession $RS

Remote PowerShell

demo

Summary

• Role Based Access Control−RBAC used as the permissions model−Enables the definition of broad or precise roles and assignments,

based on the actual roles administrators perform

• Exchange Control Panel−Provides a new way to administer a subsets of Exchange features−Provides a great self provisioning portal

• Remote Powershell−Uses familiar Exchange cmdlets−Allows administration without the Exchange management tools −Provides a firewall friendly management access

Overview. Presentation Introduction Supported coexistence scenarios Upgrade and coexistence...

Documents

Transcript of Overview. Presentation Introduction Supported coexistence scenarios Upgrade and coexistence...