webcast exchange2013 abcv2 130115103555 phpapp01
Post on 29-Apr-2017
212 Views
Preview:
TRANSCRIPT
© Microsoft Corporation. All Rights Reserved.
Exchange Server 2013 ABCsArchitecture, Best-Practices, Client Access
Belgian Unified Communications CommunityThe Belgian User Group is bunch of subject matter experts on Exchange , Lync and Office 365 that aim to provide a central point of interest for like-minded IT professionals.
Regular free in-person events & TechNet Livemeeting sessionsNext event: January 23rd – “Office 365 vNext” (by Ilse Van Criekinge)
Follow our blog posts on http://www.pro-exchange.beFollow us on Twitter @ProExchangeSpread the word!
© Microsoft Corporation. All Rights Reserved.
SpeakerMichael Van HorenbeeckTechnology Consultant @ Xylos
Exchange Server MVPPro-Exchange Core MemberMicrosoft MEET Member
mivh@xylos.com@mvanhorenbeeckhttp://be.linkedin.com/in/mvanhorenbeeck
Poll
Did you already work with or install Exchange
2013 (in a lab)?
Agenda• The new Exchange 2013 Architecture• Protocol flows• Deploying Exchange 2013• Q&A
The new Exchange 2013 Architecture paradigmArchitecture
Previous Server Role Architecture (2010)
• 5 server roles
• Tightly-coupledin terms of• versioning• functionality• user partitioning• geo-affinity
Internal NetworkPhone system (PBX or VOIP)
Web browser
Outlook (remote user)
Mobile phone
Line of business application
MailboxStores mailbox
and public folder items
Unified MessagingVoice mail and
voice access
Client AccessClient connectivity
Web services
Outlook (local user)
Layer 7 LB
AD
ExternalSMTP
servers
Edge TransportRouting and
AV/AS
Hub TransportRouting and policy
Forefront Online Protection for
Exchange
Copyright© Microsoft Corporation
Challenges with existing model
Exchange deployments can be complicatedLoad balancing is difficult and can require expensive solutionsWhen dedicated server roles are deployed, hardware can go unutilized or under-utilizedToo many namespaces required
Copyright© Microsoft Corporation
Exchange 2013 Architecture Theme
Use Building Blocks to facilitate deployments at all scales – from self-hosted, small organizations to Office 365• Server role evolution• Network layer improvements• Versioning and inter-op
principles
Exchange Server 2013 ArchitectureBuilding BlocksClient Access server• CAS ArrayMailbox server• DAGLoosely-coupled• Functionality• Versioning• User partitioning• Geo-affinity
Internal Network
Web browser
Outlook (remote user)
Mobile phone
LOB Application
ExternalSMTP
servers
Exchange 2010Edge
Transport
Forefront Online Protection for
Exchange
CAS(Array)
MBX(DAG)
Outlook (local user)
Laye
r 4
load
bal
anci
ng
Phone system (PBX or VOIP)
Protocols, Server Agents
Business Logic
Storage
EWS
RPC CA
Transport
Assistants
MRSMRSProx
yEWS
RPC CA
Transport
Assistants
MRSMRSProx
y
Server1 (Vn) Server2 (Vn+1)
XSO MailItem
Other APICTS
Store
ESE
Contentindex
File system
XSO MailItem
Other APICTS
Store
ESE
Contentindex
File system
SMTP
MRS proxyprotocol
EWS protocol
Custom WS
Banned
“Every Server is an Island”
E2010
Functional Layering
AuthN, Proxy, Re-direct
Protocols, API, Biz-logic
Assistants, Store, CI
Exchange 2010Architecture
AuthN, Proxy, Re-direct
Store, CI
Protocols, Assistants, API,
Biz-logic
Exchange 2013Architecture
Client Access
Mailbox
Client AccessHub Transport,
Unified Messaging
Mailbox
HardwareLoad Balancer
L4 LBL7 LB
Client Access Server RoleArchitecture
Client Access Server role• Domain-joined machine in the internal Active
Directory forest• Thin, stateless (protocol session) server
• Comprised of three components:• Client access protocols (HTTP, IMAP, POP)• SMTP• UM Call Router
• Exchange-aware proxy server• Understands requests from different protocols (OWA, EWS, etc.)• Supports proxy and redirection logic for client protocols• Capable of supporting legacy servers with redirect or proxy logic• Contains logic to route specific protocol requests to their destination end-point
Client Access Array• A group of CAS organized in a load-balanced
configuration• Designed to work with TCP affinity (aka, layer 4 LB)• Does not require session affinity (aka, layer 7 LB)
• Provides a unified namespace and authentication• Similar to Exchange 2010 in terms of providing a unified
endpoint for client connectivity and authentication
Load Balancer
MDB
HTTP ProxyIISClient
Access
RPC CA
Mailbox
IIS
RPS OWA, EAS, EWS, ECP, OAB
POP, IMAP SMTP UM
POP IMAP
Transport UM
SMTPPOP, IMAPHTTP
MailQ
Client Protocol Architecture in Exchange 2013
RpcProxy
SMTP
SIP
RedirectSIP + RTP
POP/IMAPOutlook Web App Outlook EAS EAC PowerShell
Outlook Connectivity in Exchange 2013• Exchange 2013 supports RPC/HTTP only; No
RPC/TCP Simplifies the protocol stack Provides an extremely reliable and stable connectivity model because RPC session is always on Mailbox server hosting active copy
Eliminates need for RPC CAS Array namespace(s) Eliminates end user interruptions like “The Exchange administrator has made a change that requires you to quit and restart Outlook” during mailbox moves or *overs
Namespace Simplification• Exchange 2013 no longer requires multiple
namespaces for site resilient solutions or site specific scenarios
• Easy to setup a single, worldwide client access namespace Can be used in coexistence with Exchange 2010
A Single Common Namespace ExampleGeographical DNS Solution
Sue (somewhere in
NA) DNS Resolution
DAG
VIP #1 VIP #2
Sue (traveling in APAC)DNS Resolution via Geo-
DNSRound-Robin between # of VIPs
DAG
VIP #3 VIP #4
mail.contoso.comRound-Robin between # of VIPs
FE Transport ServiceArchitecture
Handles all inbound and outbound external SMTP traffic for the organization, as well as client endpoint for SMTP traffic; but does not replace the Edge Transport Server roleFunctions as a layer 7 proxy and has full access to protocol conversationWill not queue mail locally, and will be completely statelessAll outbound traffic appears to come from CAS 2013Listens on TCP25 and TCP587 (two receive connectors)
Front-End Transport Service
Front-End Transport Service Architecture
Front-End Transport Pipeline
SMTP SendSMTP ReceiveProtocol Agents
SMTP to MBX 2013SMTP from MBX 2013
External SMTP External SMTP
Hub Selector
Bifurcation does not occur on Front-End transport (FET), so only one DAG or MBX 2013 is selected, regardless of the number of recipients in a messageFET uses delivery groups: DAG, mailbox, AD site
Server selection within the delivery group is based on recipient type• If message only has a single mailbox recipient, select MBX server
within delivery group based on proximity of AD site• If multiple mailbox recipients, select MBX server in closest delivery
group, factoring in site proximity• If there are no mailbox recipients (DG, MEUs, etc.), select a random
MBX 2013, giving preference to local AD site
Entry Point Routing
23
Mailbox Server RoleArchitecture
Mailbox Server Role• Server that hosts the components that
process, render and store Exchange data• Includes components previously found in separate
roles• Only Client Access servers connect directly to
the Mailbox server• Clients connect to Client Access servers• Connectivity to a mailbox is always provided by
the server hosting the active copy of the database
Database Availability Group• Collection of servers that form a unit of
high availability• Boundary for replication and *over• DAG members can be in different sites• Can have a maximum of 16 Mailbox
servers
MBX1
MBX2
MBX16
Copyright© Microsoft Corporation
Mailbox-related changes
Managed StoreIOPS reductionsLarger mailbox supportModern public foldersNew search infrastructure
Managed Store• Store service process
(Microsoft.Exchange.Store.Service.exe)• Manages worker process lifetime based on
mount/dismount• Logs failure item when store worker process problems
detected• Terminates store worker process in response to “dirty”
dismount during failover• Store worker process
(Microsoft.Exchange.Store.Worker.exe)• One process per database, RPC endpoint instance is
database GUID• Responsible for block-mode replication for passive
databases• Fast transition to active when mounted• Transition from passive active increases ESE cache size
5X
Microsoft Exchange Replication service• MSExchangeRepl.exe• Detecting unexpected database failures• Issues mount/dismount operations to Store• Provides administrative interface for management tasks• Initiates failovers on failures reported by ESE, Store and Responders
ESE Cache Management• Algorithm allocates memory for ESE cache for store worker processes
based on RAM (max cache target)
• ESE cache allocated to each database (store worker process) based on number of local database copies and value of MaximumActiveDatabases• Static amount of cache allocated to passive and active copies
• Store worker process will only use max cache target when operating as active• Passive database allocates 20% of max cache target
• Max cache target computed at service process startup• Restart service process when adding/removing copies or changing maximum active
database configuration
IOPS Reductions• Improvements to logical contiguity of store schema• Property blobs are used to store actual message
properties• Several messages / page means fewer large IOs to
retrieve message properties• Use of long-value storage is reduced, though when
accessed, large sequential IOs are used• Reduction in passive copy IO• 100MB checkpoint depth reduces write IO• Transaction log code has been refactored for fast failover
with deep checkpoint
IOPS Reductions
Exchange 2003 Exchange 2007 Exchange 2010 Exchange 20130
0.2
0.4
0.6
0.8
1
DB IOPS/Mailbox
IOPS/Mailbox
+97% Reduction!
Support for Larger Mailboxes• Large Mailbox Size is 100
GB+• Aggregate Mailbox =
Primary Mailbox + Archive Mailbox + Recoverable Items
• 1-2 years of mail (minimum)• Increase IW productivity• Eliminate or reduce PST files• Eliminate or reduce third-
party archive solutions• OST size control with Outlook
2013
Time Items Mailbox Size
1 Day 150 11 MB1 Month 3300 242 MB1 Year 39000 2.8 GB2 Years 78000 5.6 GB4 Years 156000 11.2 GB
Modern Public Folders• Public folders based on the mailbox
architecture • Single-master model
• Hierarchy is stored in a PF mailbox (one writeable)• Content can be broken up and placed in multiple
mailboxes• The hierarchy folder points to the target content
mailbox• Because it’s a mailbox, it’s in a mailbox
database…thus,• High availability achieved through continuous
replication• No separate replication mechanism
• Similar administrative features to current PFs• No end-user changes
MBX2013
CAS2013
MBX2013
MBX2013
Public logon
Private logon
Public logon
Content MailboxHierarchy
Mailbox
Modern Public Folders• 1 - User connects to their home
Public Folder mailbox first, which should be located near their primary mailbox.
• 2- Folder contents live in one specific mailbox for that folder. All content operations are redirected to the mailbox for that folder
• 3 – Folder hierarchy changes are intercepted and written to writeable copy of Public Folder hierarchy
• 4 – All Public Folder mailboxes listen for hierarchy changes and update similar to Outlook clients
• 5 - When a Public Folder mailbox gets full, move some folders to a new mailbox
12 3 5
4
Copyright© Microsoft Corporation
New Search Infrastructure
Uses FAST
Significantly improved query performance
Significantly improved indexing performance
FAST Primer
FAST Core
Catalog
CTS
Incoming Documents
Filter Word Break
Content
XForm
MARS Write
r
Incoming Queries
“CTS Flow”
IMSContent XForm
Query Parse
“IMS Flow”
Resu
lts
Mailbox
DB
Idx
Passive
Exchange Search InfrastructureTransport
Transport CTS
MailboxStore
DB
Index Node
Idx
ExSearch
Loca
l Deli
very
Relia
ble
Even
t
CTS
Read Content
MBX2013
LogLog
MBX2013
Back-end Transport ServiceArchitecture
Transport Components• Transport on Mailbox server is three services
• Microsoft Exchange Transport - Stateful and handles SMTP mail flow for the organization and performs content inspection
• Microsoft Exchange Mailbox Transport Delivery - Receives mail from the Transport service and deliveries to the mailbox database
• Microsoft Exchange Mailbox Transport Submission - Takes mail from the mailbox databases and submits to the Transport service
• Transport has the following responsibilities• Receives all inbound mail to the organization• Submits all outbound mail from the organization• Handles all internal message processing such as transport rules, content filtering,
and antivirus• Performs mail flow routing• Queue messages• Supports SMTP extensibility
Transport Service Architecture
Transport Pipeline
SMTP to MBX Transport Submission
SMTP from MBX Transport Delivery
SMTP SMTP
Delivery Agents for other protocols
Submission Queue
Delivery Queue
Delivery Queue
Pickup/Replay
CategorizerRouting Agents
SMTP SendSMTP Receive
Protocol Agents
Mailbox Transport SubmissionMailbox Transport Delivery
Mailbox Transport Component Architecture
Mailbox Transport Pipeline
Store Driver Deliver
MBX Deliver Agents
SMTP SendSMTP Receive
Hub Selector (Router)
Store Driver Submit
MBX Assistants
MBX Submit Agents
MAPI MAPIMailbox Store
SMTP to Transport Service
SMTP from Transport Service
Mailbox Transport Component• Two separate services to handle mail submissions (from
the store) and mail delivery (from the Transport service)• Mailbox Assistant and Store Driver combined• Leverages SMTP (encrypted) for communication with the
Transport component and TCP465 for inbound traffic• Leverages local RPC for delivery to store• Is stateless and does not have a persistent storage
mechanism
Every message is redundantly persisted before its receipt is acknowledged to the senderDelivered messages are kept redundant in transport, similar to active messagesEvery DAG represents a transport HA boundary and owns its HA implementationIf you have a stretched DAG, you also have transport site resilienceResubmits due to transport DB loss or MDB *over are fully automatic and do not require any manual involvement
Transport High Availability Improvements
45
Mail Delivery Flow
DAGMBX1
MBX Transport
Transport
DB2DB1MBX2
MBX Transport
Transport
DB2DB1DB1 DB1
MAPI MAPI
SMTP
AutodiscoverProtocol Flows
CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence - Autodiscover (External clients)
autodiscover.contoso.com
PROXY
Clients
E2010/E2007 MBXE2010 MBX
Internet facing siteE2013 MBX
E2013 CAS
Intranet siteE2010 MBX
E2010 CAS E2010 CAS
PROXYCAS 2010 handles request
CAS 2010 handles request
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence - Autodiscover (External clients)
autodiscover.contoso.com
PROXY
Clients
E2010/E2007 MBXE2007 MBX
Internet facing siteE2013 MBX
E2013 CAS
Intranet siteE2007 MBX
E2007 CAS E2007 CAS
MBX 2013 handles request
CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence - Autodiscover (Internal clients)
Internal LB namespace
PROXY
Outlook Clients
E2010/E2007 MBXE2010 MBX
Internet facing siteE2013 MBX
E2013 CAS
Intranet siteE2010 MBX
E2010 CAS E2010 CAS
PROXYCAS 2010 handles request
CAS 2010 handles request
Lookup SCP records in AD
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence - Autodiscover (Internal clients)
Internal LB namespace
Outlook Clients
E2010/E2007 MBXE2007 MBX
Internet facing siteE2013 MBX
E2013 CAS
Intranet siteE2007 MBX
E2007 CAS E2007CAS
MBX 2013 handles request
Lookup SCP records in AD
OutlookProtocol Flows
Internal Outlook Connectivity• No changes to 2007/10 – still direct to mailbox
(2007) and RPC Client Access on CAS (2010)• 2013 users use Outlook Anywhere inside and out• AutoDiscover 2013 hands back two EXHTTP nodes
for 2013 users, one for Internal OA, one for external – client starts at the top of the list and works down
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 and 2010 Coexistence - Outlook Anywhere
mail.contoso.com
HTTPPROXY
Clients
E2010/E2007 MBXE2010/E2007
MBX Internet facing siteE2013 MBX
E2013 CAS
RPC/HTTP
Intranet siteE2010/E2007
MBX
Enable OAClient Auth: BasicIIS Auth: Basic
E2010/E2007 CAS Enable OA
Client Auth: BasicIIS Auth: Basic
E2010/E2007 CAS
HTTPPROXY 2. Client Settings
Make 2007/2010 client settings the same as 2013 Server
3. IIS Authentication Methods
Must include NTLMRPC
NTLM NTLM
Enable OAClient Auth: BasicIIS Auth: Basic
RPC
RPC/HTTP
1. Enable Outlook AnywhereOn intranet 2007/2010 servers
OWAProtocol Flows
CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence - OWA
mail.contoso.comLayer 4 LB
HTTPPROXY
OWA
E2010/E2007 MBXE2010 MBX
Internet facing siteE2013 MBX
E2013 CAS
Intranet siteE2010 MBX
E2010 CAS E2010 CAS
HTTPPROXY
Same site proxy request
Cross site proxy request
Auth2013 logon page
europe.mail.contoso.com
Layer 7 LB
Auth2010 logon page
RPC RPC
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence - OWA
mail.contoso.comLayer 4 LB
OWA
E2010/E2007 MBXE2007 MBX
Internet facing siteE2013 MBX
E2013 CAS
Intranet siteE2007 MBX
E2007 CAS E2007 CAS
HTTPPROXY
Auth2007 logon page
Auth2013 logon page
europe.mail.contoso.com
Layer 7 LB
Auth2007 logon page
RPC RPC
legacy.mail.contoso.com
Layer 7 LB
EWS/EASProtocol Flows
CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence – EAS/EWS
Layer 4 LBmail.contoso.com
HTTPPROXY
EAS/EWS
E2010/E2007 MBXE2010 MBX
Internet facing siteE2013 MBX
E2013 CAS
Intranet siteE2010 MBX
E2010 CAS E2010 CAS
HTTPPROXY
Same site proxy request
Cross site proxy request
Layer 7 LBeurope.mail.contoso.co
m
CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence – EAS, EWS
Layer 4 LBmail.contoso.com
EAS, EWS
E2010/E2007 MBXE2007 MBX
Internet facing siteE2013 MBX
E2013 CAS
Intranet siteE2007 MBX
E2007 CAS E2007 CAS
Layer 7 LBeurope.mail.contoso.co
mLayer 7 LBlegacy.mail.contoso.co
m
Protocol Flow Summary• Basic principles to apply are;• Co-Existence with 2010 – CAS 2013 proxies all traffic to
CAS 2010• Co-Existence with 2007 – CAS 2013 redirects most traffic
to CAS 2007, proxies AutoDiscover, POP and IMAP• We no longer do HTTP 451 redirects• We hand out site specific URL’s if they are set, but if a
client comes to the wrong place, we just proxy and make it work
Namespace planning
Namespace Planning Principles• Exchange Server 2013 gives you a greater possibility of creating
simplified namespaces as CAS will proxy in more scenarios• Assuming you have the network and DNS infrastructure to support it
that is… • Single flat namespaces typically make more sense externally than
internally though really, it’s only OWA where this makes sense• Our guidance is to make internal and external namespace designs the
same if you can, as it makes troubleshooting easier• Or if you cannot, use regional/site namespaces, including cases where
you want to control traffic• Remember AutoDiscover masks a lot of the URL’s clients need
A Single External Namespace ExampleGeographical DNS Solution
Sue (somewhere in
NA) DNS Resolution
DAG
VIP #1 VIP #2
Sue (traveling in APAC)DNS Resolution via Geo-
DNSRound-Robin between # of VIPs
DAG
VIP #3 VIP #4
mail.contoso.comRound-Robin between # of VIPs
Multiple Namespace ExampleSue
(somewhere in NA)
DAG
VIP #1 VIP #2
Sue (traveling in APAC)
Round-Robin between # of
VIPs
DAG
VIP #3 VIP #4
na.contoso.com emea.contoso.com
Sue (somewher
e in NA)Sue (traveling in APAC)
Round-Robin between # of
VIPsna.contoso.local emea.contoso.local
Deploying Exchange 2013Deployment
Exchange 2013 Prerequisites• Supported coexistence scenarios• Exchange Server 2010 SP3*• Exchange Server 2007 SP3 (+ coexistence RU*)
• Supported client access methods• Outlook 2013, Outlook 2010, Outlook 2007• RPC over HTTP is only method of connectivity for Outlook
clients• Entourage 2008 for Mac, Web Services Edition• Outlook for Mac 2011
Exchange 2013 Prerequisites• Active Directory• Windows Server 2003 forest functional level or higher• At least one Windows 2003 SP2 or later GC/DC in each site• No support for RODC or ROGC
• Supported Namespaces• Contiguous• Disjoint• Single label domain• Non-contiguous
Exchange 2013 Prerequisites• Operating System (64-bit)• Windows Server 2008 R2 SP1 Standard or Enterprise• Standard - for Exchange 2013 Client Access servers• Enterprise - for Exchange 2013 Mailbox servers in a DAG
• Windows Server 2012 Standard or Datacenter• Other IIS and OS components• .NET Framework 4.5• Windows Management Framework 3.0• Unified Communications Managed API (UCMA) 4.0
Upgrade to Exchange 2013 from Exchange 2010
SP3
E2010 CAS
E2010 HUB
E2010 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 Servers
SP3
1. PrepareInstall Exchange 2010 SP3 across the ORGValidate existing Client Access using ExRCA and built-in Test cmdletsPrepare AD with E2013 schema
4. Switch primary namespace to Exchange 2013 CAS
E2013 fields all traffic, including traffic from Exchange 2010 usersValidate using Remote Connectivity Analyzer5. Move MailboxesBuild out DAGMove E2010 users to E2013 MBX
6. Repeat for additional sites
2. Deploy Exchange 2013 serversInstall both E2013 MBX and CAS servers
SP3
SP3
E2013 CAS
E2013MBX
3. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers
1 2 4
3
5 6
Upgrade to Exchange 2013 from Exchange 2007
RU
E2007 SP3 CAS
E2007 SP3 HUB
E2007 SP3 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2007 Servers
RU
1. PrepareInstall Exchange 2007 SP3 + RU across the ORGPrepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS
Validate using Remote Connectivity Analyzer6. Move MailboxesBuild out DAG Move E2007 users to E2013 MBX
7. Repeat for additional sites
2. Deploy Exchange 2013 serversInstall both E2013 MBX and CAS servers
RU
RU
E2013 CAS
E2013MBX
3. Create Legacy namespaceCreate DNS record to point to legacy E2007 CAS
4. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers configured with legacy namespace, E2013 namespace and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com3
1 2 5
4
6 7
Upgrading to Exchange Server 2013
SP/RU
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
SP/RU
1. PrepareInstall Exchange SP and/or updates across the ORGPrepare AD with E2013 schema and validate
5. Switch primary namespace to Exchange 2013 CAS6. Move Mailboxes
7. Repeat for additional sites
3. Create Legacy namespace
4. Obtain and Deploy Certificates
12. Deploy Exchange 2013 servers
Exchange Server 2013 SetupInstall both MBX and CAS ServersMBX performs PowerShell commandsCAS is proxy only
Exchange 2013 SetupGUI or command lineIn-place upgrades are not supportedUpdated to reflect Exchange 2013 roles
ParametersNew required parameter for license terms acceptance
Install−Setup.exe /mode:install /roles:clientaccess
−Setup.exe /mode:install /roles:mailbox
−Setup.exe /mode:install /roles:ManagementTools
Other required parameter- /IAcceptExchangeServerLicenseTerms
12
Certificates - Best Practices• Minimize the number of certificates
• Minimize number of hostnames• Use split DNS for Exchange hostnames
• Don’t list machine hostnames in certificate hostname list• Use Load Balance (LB) arrays for intranet and internet
access to servers
• Use Subject Alternative Name (SAN) certificate
Certificates 14
Preparing for Client Access Server Upgrade• Validate legacy namespace creation• Configure Load balancing• Layer 7 load balancers are no longer required for primary
Exchange 2013 namespace• Layer 4 is supported and recommended• Legacy namespace is separate VIP configured with Layer 7
load balancing• Configure the AutoDiscoverServiceInternalUri on Exchange
2013 CAS Servers to a LB value• Configure AutoDiscoverSiteScope
15
Switching to new Client Access Servers• Update internal and external DNS to point Mail and
Autodiscover to CAS 2013 • Update publishing rules for legacy namespace• Use Remote Connectivity Analyzer to test access to
all CAS servers • Test both externally and internally
15
Exchange 2013 Public Folders• Database-centered architecture replaced by mailbox• Existing Public Folders can be migrated to Exchange 2013• Public Folder Replication is removed• End user experience doesn’t change
• Public Folders are not supported in Exchange 2013 OWA• Migrate Public Folder users before Public Folders• Exchange 2013 users can access Exchange 2010/Exchange 2007
Public Folders• Exchange 2010/Exchange 2007 users cannot access Exchange 2013
Public Folders• Migration of Public Folders is a cut-over migration• Similar to online mailbox moves
Public Folder Migration Process• Analyze existing Public Folders • Tool available to analyze existing Public Folder hierarchy to
determine how many Exchange 2013 Public Folder mailboxes are recommended
• Copy Public Folder data• Users continue to access existing Public Folder deployment while
data is copied• Data migration happens in the background
• Switch clients to Exchange 2013 Public Folders • There will be a short downtime while the migration is finalized
Once migration completes, everyone switches at the same time• Can switch back, but any post migration Public Folder changes are
lost
Managing Coexistence • Use the Exchange 2013 Administration Center (EAC)
to:• Manage Exchange 2013 mailboxes• View and update Exchange 2010/2007 mailboxes and
properties (with a few limitations)
• Use Exchange 2010/2007 Management Console (EMC) to create mailboxes or perform new operations
Upgrade and Coexistence Summary• Updates are required for Exchange 2013
coexistence• Exchange 2010 Service Pack 3 (Q1 2013)• Exchange 2007 SP3 with a coexistence rollup (RU)
• Exchange 2007 requires a legacy namespace when coexisting with Exchange 2013
• Certificate deployment and management is improved
• Exchange 2013 Public Folders now utilize the mailbox architecture and require migration planning
Thank you!
top related