upgrading to exchange 2010 colin lee mcm/a – exchange practice executive – uc dell session code:...

(c) 2011 Microsoft. All rights reserved.

UPGRADING TO EXCHANGE 2010

Colin Lee MCM/A – ExchangePractice Executive – UCDell

SESSION CODE: EXL310

Sofiane Behraoui MCM – ExchangePractice Lead – GICSDell ANZ

Session Objectives and Takeaways

► Session Objectives– What’s new in Exchange 2010– Transition and Migration to Exchange 2010– Take in the Best Practices for deployment– Tips and Tricks to help streamline the process

► Upgrade to Exchange 2010 can be done with no significant user access downtime

► Planning and Preparation will help you succeed

► Use the Tools

New from E2003 to E2007► Front-End / Back-End ->CAS / MBX / HUB / EDGE /

UM► 64bit servers support► Active Directory Sites replace Routing Groups► Autodiscover to automatically configure clients► Removes Outlook 2007+ need for Public Folders

– Availability Service: Free/Busy information read direct from mailboxes, not from Public Folders

– Offline Address Book download from Client Access Server

► New admin tools– Exchange Management Console (EMC) and Powershell

► Unified Messaging: Get voice mail in your inbox► New Developer API: Exchange Web Services (EWS)

New from E2007 to E2010► Exchange 2010: On-Premise, Office365 or Hybrid ► High Availability: Database Availability Groups

(DAG)– Provides HA and disaster recovery– 30-second fail-over with simplified admin experience– Flexibility in storage choices (SATA disks, JBOD, etc.)– Replaces SCC, SCR, LCR, and CCR from E2007

► 64bit management tool support► RPC Client Access and Address Book service

– Improved High Availability solution– Outlook MAPI connects directly to Client Access Servers

► ExOLEDB, WebDAV and CDOEx are gone– “Entourage EWS” uses EWS

Exchange Server 2010 Prerequisites

► Active Directory– Windows 2003 SP2 GC server is installed in each Exchange Active

Directory (AD) site• No hard requirement for Windows Server 2008 AD

– Windows Server 2003 forest functional level– TIP: Windows Server 2008 RODC is cannot replace an GC

► Exchange– All Legacy Exchange CAS and UM servers must have SP2– Existing servers are Exchange 2003 SP2 or Exchange 2007 SP2. No

Exchange 2000 or older servers.

► To install Exchange 2010 on a machine– Windows Server 2008 SP2 or R2 64-bit editions (Std/Ent)– Windows Management Framework– .NET Framework 3.5 SP1 – Internet Information Services (IIS)

► TIP: Use Windows Server 2008 R2 SP1 – Supported and Recommended– Hotfixes are rolled into SP1

Exchange Server 2010 Updates

► Latest SP1 update– Update Rollup 4 for Exchange Server 2010 SP1

(14.1.323.6)• Re-Released July 27, 2011 (MSKB 2579150)

► Latest RTM update– Update Rollup 5 for Exchange Server 2010 (14.0.726.0)

• Released December 13, 2010 (MSKB 2407113)

► See TechNet Wiki for more info -http://social.technet.microsoft.com/wiki/contents/articles/exchange-server-and-update-rollups-builds-numbers.aspx

Setup – New Experience (SP1)

► Install required Windows Roles and Features► RTM -> SP1 Upgrade

– Setup.com /m:upgrade /installwindowscomponents

Setup – New GUI Experience (SP1)

►Apply strict split permissions security model– Typically used by large orgs that completely

separate responsibility for management of Exchange and Active Directory between different groups of people

– Removes ability for Exchange servers and admins to create Active Directory objects, such as users, groups and contacts, as well as the ability to manage non-Exchange attributes on those objects


Outlook 2003 with Exchange 2010

► Fully Supported– Outlook 2003 by default does not turn on encryption for

client – server communication– Outlook 2007/2010 – on by default

► Encryption Options– Option 1: Turn of encryption for client communication

• Set-rpcClientAccess –server{servername} –encryptionRequired $False

– Option 2: Turn on encryption at the client manually or with Group Policies• MSKB 2006508

► Outlook 2003 performance – UDP on Exchange 2010– Requires Exchange 2010 SP1 RU3 or above

Upgrading to Exchange 2010

Proxy

Internet Facing AD Site

Internal AD Site

Decommission old servers

Upgrade Internal sites NEXT

Upgrade Internet-facing sites FIRST

Upgrade servers to SP2

1

Move Mailboxes5

Inte

rnet

https://mail.contoso.com

https://autodiscover.contoso.com

https://mail.contoso.com

https://autodiscover.contoso.com

• Internet hostname switch• Unified Messaging switch• SMTP switch

Move Infra Pointers4

• SSL cert purchase• End users don’t see this

hostname• Used when new CAS tell

clients to talk to legacy environments

Legacy hostnames for old FE/CAS3

• Start small• Gradually add more servers to

support scale

Deploy E2010 Servers2

E200x Servers

E200x Servershttps://legacy.contoso.com


Useful Tools and Scripts

Preparation ToolsFinding and solving problems before users do

Help determine the cause of performance, mail flow, and database issues

Troubleshooting Assistant

Simulate and test how a server responds to e-mail loads

Remote Connectivity Analyzer

Determine overall health of Exchange system and topology

Best Practice Analyzer

Provides customised instructions for upgrading to Exchange 2010

Deployment Assistant

Focus on overall topology readiness

Pre-Deployment Assistant


Exchange Server Deployment Assistant

Exchange Server Deployment Assistant is your Best Friend

Mailbox Assistants Troubleshooter (SP1)

► Mailbox Assistants perform event-based and time-based functions (e.g., free/busy, resource booking, conversations, calendar repair, etc.)

► Test-AssistantHealth can be used to verify the health of the Microsoft Exchange Mailbox Assistants services, to recover from health issues, and to report on the diagnosis or recovery action

► Includes ResolveProblems parameter which can– Start the service if it is not running– Restart the service if it is hung or deadlocked for more than 15

minutes

Database Log Growth Troubleshooter (SP1)

► Troubleshoot-DatabaseSpace.ps1 detects excessive log growth issues and takes action

► By default– Runs every 15 minutes to determine available

free space– If free space < 25%, tools runs an algorithm to

determine if excessive log growth is cause• If it is cause, the tool quarantines or throttles mailboxes

causing excessive growth, as appropriate

► Defaults defined in StoreTSConstants.ps1

Database Latency Troubleshooter (SP1)

► Troubleshoot-DatabaseLatency.ps1 used by SCOM, but can be used outside of SCOM as a schedule task– Defaults defined in StoreTSConstants.ps1

► Checks for database latencies above value of LatencyThreshold (default is 70 ms)

► Checks disk’s transfer rate against read rate and read latency performance counters

► Checks to see if any user is using more than one thread for duration of TimeInServerThreshold (default is 10 min)

Database Latency Troubleshooter (SP1)

► Disk’s transfers-per-second rate < DiskReadRateThreshold

► Disk’s seconds-per-transfer rate > DiskReadLatencyThreshold– If both conditions are true, it indicates that disk has

high latency under low load, which often means the disk is going bad and needs replacing

► User using more than one thread for duration of TimeInServerThreshold– Mailbox quarantined for 6 hours

Getting All Logon Statistics from Outlook► Use Get-LogonStatistics to retrieve data such as

logon time, last access time, client version, and adapter speed– Get-LogonStatistics -Server <ServerName>

► By default, Outlook 2010 and Outlook 2007 SP3 don’t transmit IP address, MAC address, username or machine name because it is considered PII (privacy)– Check “Enable troubleshooting logging” checkbox or

add registry entry to Outlook client to get this info– HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\CancelRPC\

EnablePerfTracking– HKCU\Software\Microsoft\Office\14.0\Outlook\CancelRPC\EnablePerfTracking

DWORD, Value: 0x00000028


Deployment Considerations


► Deploy Multiple Role Servers– CAS/HUB/MBX collocated– Even in Virtualised environments

► Deploy an CAS array– Use hardware load balancer

• Note: Virtual equivalents are also available (F5, Kemp, etc)

► Look at flexible storage options– DAS, SAS, SATA – JBOD configurations

► Leverage DAG for HA and DR– They are separate scenarios

Deploying Exchange 2010Topology decisions

Autodiscover.contoso.comsmtp.contoso.com legacy.contoso.com

mail.contoso.commail.contoso.com mail.contoso.com

Exchange 2003

Outlook Web Access– /owa

Exchange Web Services– /ews

Offline Address Book– /oab

Unified Messaging– /unifiedmessaging

Outlook Mobile Access– /oma

Exchange 2010

Exchange Control Panel– /ecp

Unified Messaging– /unifiedmessaging

Namespaces and URLs

Outlook Web Access– /exchange,

/exchweb, /publicExchange ActiveSync– /microsoft-server-

activesyncOutlook Anywhere– /rpc

POP/IMAPOutlook Mobile Access– /oma

Exchange 2007

Note: the /exchange and /public vdirs will provide a 301 redirect experience to /owa

Clients and SMTP servers Autodiscover/autodiscover

E2003/E2007 services

Deploying SSL Certificates

► Use “Subject Alternative Name” (SAN) certificate which can cover multiple hostnames

► Minimize the number of certificates– 1 certificate for all CAS servers + reverse proxy + Edge/Hub

► Minimize number of hostnames– Use “Split DNS” for Exchange hostnames– mail.contoso.com for Exchange connectivity on intranet and

Internet– mail.contoso.com has different IP addresses in

intranet/Internet DNS

► Don’t list machine hostnames in certificate hostname list– Use Load Balance (LB) arrays for intranet and Internet access

to servers


► OWA and EWS load balancing require ClientServer affinity– Client-IP based Windows NLB or LB device using cookie-

based affinity

► Tell Autodiscover where to send clients.– Configure internalURL and externalURL parameters and

virtual directories– Example: Set-WebServicesVirtualDirectory cas2010\ews*

-ExternalURL https://mail.contoso.com/ews/exchange.asmx

► Outlook clients connection for intranet MAPI access– Use New-ClientAccessArray and set-mailboxdatabase

Deploying Exchange 2010Topology decisions—CAS load balancing


► Obtain and deploy a new certificate that includes the required host name values– mail.contoso.com– autodiscover.contoso.com– legacy.contoso.com

► Upgrade all Exchange servers to Service Pack 2– Enable Integrated Windows Authentication on Exchange

2003 MSAS virtual directory (KB 937031)

► Install and configure CAS2010 servers– Configure InternalURLs and ExternalURLs– Enable Outlook Anywhere– Configure the Exchange2003URL parameter to be

https://legacy.contoso.com/exchange

Switching to CAS2010Preparatory steps


► Join CAS2010 to a load balanced array– Create CAS2010 RPC Client Access Service array– Ensure MAPI RPC and HTTPS ports are load balanced

► Install HUB2010 and MBX2010 servers– Configure routing coexistence

► Create Legacy hostname in DNS► Create Legacy publishing rules in your reverse

proxy/firewall solution pointed to FE2003 / CAS2007 array

► Use ExRCA to verify connectivity for Legacy hostname against E2003/E2007

Switching to CAS2010Preparatory steps, continued

Switching to CAS2010

The switchover involves a minor service interruption

1. Update/Create Autodiscover publishing rule

2. Update Mail publishing rulesa. Update paths with new Exchange

2010 specific virtual directories

3. Switch: Move Mail… and Autodiscover… hostnames to point to CAS2010 array

4. Reconfigure CAS2007 internalURLs and externalURLs to now utilize Legacy namespace

5. Disable Outlook Anywhere on legacy Exchange

6. Test that CAS2010 is redirecting/ proxying to CAS2007 (externally and internally)

TMG

E200x SP2E2010 CAS+HUB+MBX

autodiscover…mail…

1

2

2

1Clients access E2010 through Autodiscover… and mail…

Redirection (legacy…), proxying, and direct access to E2003/E20072

legacy…The switchover

Client Access Upgrade► Clients access CAS2010 first

► Four different things happen for E2003/ E2007 mailboxes

1. Autodiscover tells clients to talk to CAS2007

2. HTTP redirect to FE2003 or CAS2007

3. Proxying of requests from CAS2010 to CAS2007

4. Direct CAS2010 support for the service against BE2003 and MBX2007

CAS2010 Service

E2003/E2007 mailbox treatment

Outlook Web App

Redirect (with Single Sign-On for Forms-Based Authentication)

Exchange ActiveSync

•E2007: Autodiscover and redirect (WM6.1 and newer), Proxying (WM6 and older, all non-Microsoft)•E2003: Direct CAS2010 support

Outlook Anywhere, OAB, and Autodiscover

Direct CAS2010 support

Exchange Web Services

Autodiscover

POP/IMAP E2007:ProxyE2003: Direct CAS2010 support

Step 5: Switch Internet e-mail submission to Edge 2010

- Follow this flow for each physical location

- Edge servers are optional

- Edge 2007 SP2 can be used with HUB 2010

SMTP Transport Upgrade

E2003 Bridgehead

E2003 Back-End

E2010 HUB

E2010 MBX

E2007 HUB

E2007 MBX

E2010 Edge E2007 Edge

Internet SMTP Servers

Step 1: Upgrade existing E2003 and E2007 servers to SP2

Step 2: Install HUB and MBX 2010

Step 3: Switch Edgesync +SMTP to go to HUB2010

Step 4: Install Edge 2010

Unified Messaging Upgrade

Step 1: Introduce UM 2010 to existing dial plan

Step 2: Route IP GW/PBX calls to UM 2010 for dial plan

Step 3:Remove UM 2007 after mailboxes have been moved

► IP PBXes and GWs– Configure to send all traffic

to E2010 UM– E2010 UM will redirect to

E2007 UM when necessary

► Lync 2010– With E2010 RTM, create new

dial plan for E2010 UM users– Lync update: Lync will

automatically talk to E2010 UM, which will redirect to E2007 UM when necessary

► TIP: UM is not supported in a virtualised environment.


► Co-existence supported for Exchange 2010 and Exchange 2003/2007

► Outlook can access mailbox data from Exchange 2010 and public folder from Exchange 2003/2007

► OWA 2010 will allow access to public folders with replica on Exchange 2010

► Get-PublicFolderStatistics help take action– Move– Delete– Migrate to SharePoint

► Public Folder DB can be located on Exchange 2010 that is part of a DAG but must use PF replication and not DAG technology.

Public Folders

Service Level Agreement

► 1GB mailbox could take 90 minutes or more to move– Pain: User is disconnected for the duration– Pain: Your SLA for availability is not met

Availability Yearly Downtime allowed w/24-hour day 8-hour day

95% 438 h (18.25 d) 145.6 h (6.07 d)

99% 87.6 h (3.65 d) 29.12 h (1.21 d)

99.9% 8.76 h 2.91 h

99.99% 52.56 min 17.47 min

99.999% (“five nines”) 5.256 min 1.747 min

99.9999% 31.536 sec 10.483 sec

Service availability during migration

E-mail Client

Mailbox Server 1 Mailbox Server 2

Client Access Server

Online Move Mailbox

Minimal disruption

Exchange 2010 and Exchange 2007 SP2 OnlineExchange 2003 Offline

► Users remain online while their mailboxes are moved between servers– Sending messages– Receiving messages– Accessing entire mailbox

► Administrators can perform migration and maintenance during regular hours

► Also can be used to migrate users from on-premises server to Exchange Online

► Move Request (SP1) performed by MRS on all CAS

Time to retire E2003 and E2007


Foreign Messaging System Migration► Lotus Notes

– Quest– Binary Tree– Etc…

► Groupwise– Quest– MigrationWiz– Transend– Etc…

► Gmail– MigrationWiz– Transend– Etc…


Lotus Notes Migration► Quest

– Notes Migrator for Exchange– Coexistence Manager for Notes

► Binary Tree– CMT – Exchange– CMT – Coexistence

• Hosted Migration possible

► Best Practice– Migrate as Fast as you can– Remediate existing directory and email infrastructure

• i.e. Enforce mail retention

– Use out of the box functionality from Exchange, Quest and/or Binary Tree

– Don’t assume you need to migrate everything– Don’t assume you need to migrate applications before e-mail– Don’t ignore potential regional issues

• i.e. legal and regulatory requirements


Groupwise Migration

► Quest– Groupwise Migrator for Exchange

• Working on coexistence

► MigrationWiz– Hosted migration, per mailbox

► Transend– Transend Migrator

• Multiple platforms supported beyond Groupwise

► Lack of coexistence across all vendors

Enrol in Microsoft Virtual Academy TodayWhy Enroll, other than it being free?The MVA helps improve your IT skill set and advance your career with a free, easy to access training portal that allows you to learn at your own pace, focusing on Microsoft technologies.

What Do I get for enrolment?► Free training to make you become the Cloud-Hero in my Organization► Help mastering your Training Path and get the recognition► Connect with other IT Pros and discuss The Cloud

Where do I Enrol?

www.microsoftvirtualacademy.com

Then tell us what you think. [email protected]

http://www.microsoftvirtualacademy.com/Home.aspx?WT.mc_id=otc-n-au-jtc-DPR-40787


© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this

presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


www.msteched.com/Australia

Sessions On-Demand & Community

http:// technet.microsoft.com/en-au

Resources for IT Professionals

http://msdn.microsoft.com/en-au

Resources for Developers

www.microsoft.com/australia/learning

Microsoft Certification & Training Resources

Resources

http://www.msteched.com/Australia

http://technet.microsoft.com/en-au







http://www.microsoft.com/australia/learning

upgrading to exchange 2010 colin lee mcm/a – exchange practice executive – uc dell session code:...

Documents