© Microsoft Corporation.  All Rights Reserved.

Exchange Server 2013 ABCsArchitecture, Best-Practices, Client Access

Belgian Unified Communications CommunityThe Belgian User Group is bunch of subject matter experts on Exchange , Lync and Office 365 that aim to provide a central point of interest for like-minded IT professionals.

Regular free in-person events & TechNet Livemeeting sessionsNext event: January 23rd – “Office 365 vNext” (by Ilse Van Criekinge)

Follow our blog posts on http://www.pro-exchange.beFollow us on Twitter @ProExchangeSpread the word!

© Microsoft Corporation.  All Rights Reserved.

SpeakerMichael Van HorenbeeckTechnology Consultant @ Xylos

Exchange Server MVPPro-Exchange Core MemberMicrosoft MEET Member

mivh@xylos.com@mvanhorenbeeckhttp://be.linkedin.com/in/mvanhorenbeeck

Poll

Did you already work with or install Exchange

2013 (in a lab)?

Agenda• The new Exchange 2013 Architecture• Protocol flows• Deploying Exchange 2013• Q&A

The new Exchange 2013 Architecture paradigmArchitecture

Previous Server Role Architecture (2010)

• 5 server roles

• Tightly-coupledin terms of• versioning• functionality• user partitioning• geo-affinity

Internal NetworkPhone system (PBX or VOIP)

Web browser

Outlook (remote user)

Mobile phone

Line of business application

MailboxStores mailbox

and public folder items

Unified MessagingVoice mail and

voice access

Client AccessClient connectivity

Web services

Outlook (local user)

Layer 7 LB

AD

ExternalSMTP

servers

Edge TransportRouting and

AV/AS

Hub TransportRouting and policy

Forefront Online Protection for

Exchange

Copyright© Microsoft Corporation

Challenges with existing model

Exchange deployments can be complicatedLoad balancing is difficult and can require expensive solutionsWhen dedicated server roles are deployed, hardware can go unutilized or under-utilizedToo many namespaces required

Copyright© Microsoft Corporation

Exchange 2013 Architecture Theme

Use Building Blocks to facilitate deployments at all scales – from self-hosted, small organizations to Office 365• Server role evolution• Network layer improvements• Versioning and inter-op

principles

Exchange Server 2013 ArchitectureBuilding BlocksClient Access server• CAS ArrayMailbox server• DAGLoosely-coupled• Functionality• Versioning• User partitioning• Geo-affinity

Internal Network

Web browser

Outlook (remote user)

Mobile phone

LOB Application

ExternalSMTP

servers

Exchange 2010Edge

Transport

Forefront Online Protection for

Exchange

CAS(Array)

MBX(DAG)

Outlook (local user)

Laye

r 4

load

bal

anci

ng

Phone system (PBX or VOIP)

Protocols, Server Agents

Business Logic

Storage

EWS

RPC CA

Transport

Assistants

MRSMRSProx

yEWS

RPC CA

Transport

Assistants

MRSMRSProx

y

Server1 (Vn) Server2 (Vn+1)

XSO MailItem

Other APICTS

Store

ESE

Contentindex

File system

XSO MailItem

Other APICTS

Store

ESE

Contentindex

File system

SMTP

MRS proxyprotocol

EWS protocol

Custom WS

Banned

“Every Server is an Island”

E2010

Functional Layering

AuthN, Proxy, Re-direct

Protocols, API, Biz-logic

Assistants, Store, CI

Exchange 2010Architecture

AuthN, Proxy, Re-direct

Store, CI

Protocols, Assistants, API,

Biz-logic

Exchange 2013Architecture

Client Access

Mailbox

Client AccessHub Transport,

Unified Messaging

Mailbox

HardwareLoad Balancer

L4 LBL7 LB

Client Access Server RoleArchitecture

Client Access Server role• Domain-joined machine in the internal Active

Directory forest• Thin, stateless (protocol session) server

• Comprised of three components:• Client access protocols (HTTP, IMAP, POP)• SMTP• UM Call Router

• Exchange-aware proxy server• Understands requests from different protocols (OWA, EWS, etc.)• Supports proxy and redirection logic for client protocols• Capable of supporting legacy servers with redirect or proxy logic• Contains logic to route specific protocol requests to their destination end-point

Client Access Array• A group of CAS organized in a load-balanced

configuration• Designed to work with TCP affinity (aka, layer 4 LB)• Does not require session affinity (aka, layer 7 LB)

• Provides a unified namespace and authentication• Similar to Exchange 2010 in terms of providing a unified

endpoint for client connectivity and authentication

Load Balancer

MDB

HTTP ProxyIISClient

Access

RPC CA

Mailbox

IIS

RPS OWA, EAS, EWS, ECP, OAB

POP, IMAP SMTP UM

POP IMAP

Transport UM

SMTPPOP, IMAPHTTP

MailQ

Client Protocol Architecture in Exchange 2013

RpcProxy

SMTP

SIP

RedirectSIP + RTP

POP/IMAPOutlook Web App Outlook EAS EAC PowerShell

Outlook Connectivity in Exchange 2013• Exchange 2013 supports RPC/HTTP only; No

RPC/TCP Simplifies the protocol stack Provides an extremely reliable and stable connectivity model because RPC session is always on Mailbox server hosting active copy

Eliminates need for RPC CAS Array namespace(s) Eliminates end user interruptions like “The Exchange administrator has made a change that requires you to quit and restart Outlook” during mailbox moves or *overs

Namespace Simplification• Exchange 2013 no longer requires multiple

namespaces for site resilient solutions or site specific scenarios

• Easy to setup a single, worldwide client access namespace Can be used in coexistence with Exchange 2010

A Single Common Namespace ExampleGeographical DNS Solution

Sue (somewhere in

NA) DNS Resolution

DAG

VIP #1 VIP #2

Sue (traveling in APAC)DNS Resolution via Geo-

DNSRound-Robin between # of VIPs

DAG

VIP #3 VIP #4

mail.contoso.comRound-Robin between # of VIPs

FE Transport ServiceArchitecture

Handles all inbound and outbound external SMTP traffic for the organization, as well as client endpoint for SMTP traffic; but does not replace the Edge Transport Server roleFunctions as a layer 7 proxy and has full access to protocol conversationWill not queue mail locally, and will be completely statelessAll outbound traffic appears to come from CAS 2013Listens on TCP25 and TCP587 (two receive connectors)

Front-End Transport Service

Front-End Transport Service Architecture

Front-End Transport Pipeline

SMTP SendSMTP ReceiveProtocol Agents

SMTP to MBX 2013SMTP from MBX 2013

External SMTP External SMTP

Hub Selector

Bifurcation does not occur on Front-End transport (FET), so only one DAG or MBX 2013 is selected, regardless of the number of recipients in a messageFET uses delivery groups: DAG, mailbox, AD site

Server selection within the delivery group is based on recipient type• If message only has a single mailbox recipient, select MBX server

within delivery group based on proximity of AD site• If multiple mailbox recipients, select MBX server in closest delivery

group, factoring in site proximity• If there are no mailbox recipients (DG, MEUs, etc.), select a random

MBX 2013, giving preference to local AD site

Entry Point Routing

23

Mailbox Server RoleArchitecture

Mailbox Server Role• Server that hosts the components that

process, render and store Exchange data• Includes components previously found in separate

roles• Only Client Access servers connect directly to

the Mailbox server• Clients connect to Client Access servers• Connectivity to a mailbox is always provided by

the server hosting the active copy of the database

Database Availability Group• Collection of servers that form a unit of

high availability• Boundary for replication and *over• DAG members can be in different sites• Can have a maximum of 16 Mailbox

servers

MBX1

MBX2

MBX16

Copyright© Microsoft Corporation

Mailbox-related changes

Managed StoreIOPS reductionsLarger mailbox supportModern public foldersNew search infrastructure

Managed Store• Store service process

(Microsoft.Exchange.Store.Service.exe)• Manages worker process lifetime based on

mount/dismount• Logs failure item when store worker process problems

detected• Terminates store worker process in response to “dirty”

dismount during failover• Store worker process

(Microsoft.Exchange.Store.Worker.exe)• One process per database, RPC endpoint instance is

database GUID• Responsible for block-mode replication for passive

databases• Fast transition to active when mounted• Transition from passive active increases ESE cache size

5X

Microsoft Exchange Replication service• MSExchangeRepl.exe• Detecting unexpected database failures• Issues mount/dismount operations to Store• Provides administrative interface for management tasks• Initiates failovers on failures reported by ESE, Store and Responders

ESE Cache Management• Algorithm allocates memory for ESE cache for store worker processes

based on RAM (max cache target)

• ESE cache allocated to each database (store worker process) based on number of local database copies and value of MaximumActiveDatabases• Static amount of cache allocated to passive and active copies

• Store worker process will only use max cache target when operating as active• Passive database allocates 20% of max cache target

• Max cache target computed at service process startup• Restart service process when adding/removing copies or changing maximum active

database configuration

IOPS Reductions• Improvements to logical contiguity of store schema• Property blobs are used to store actual message

properties• Several messages / page means fewer large IOs to

retrieve message properties• Use of long-value storage is reduced, though when

accessed, large sequential IOs are used• Reduction in passive copy IO• 100MB checkpoint depth reduces write IO• Transaction log code has been refactored for fast failover

with deep checkpoint

IOPS Reductions

Exchange 2003 Exchange 2007 Exchange 2010 Exchange 20130

0.2

0.4

0.6

0.8

1

DB IOPS/Mailbox

IOPS/Mailbox

+97% Reduction!

Support for Larger Mailboxes• Large Mailbox Size is 100

GB+• Aggregate Mailbox =

Primary Mailbox + Archive Mailbox + Recoverable Items

• 1-2 years of mail (minimum)• Increase IW productivity• Eliminate or reduce PST files• Eliminate or reduce third-

party archive solutions• OST size control with Outlook

2013

Time Items Mailbox Size

1 Day 150 11 MB1 Month 3300 242 MB1 Year 39000 2.8 GB2 Years 78000 5.6 GB4 Years 156000 11.2 GB

Modern Public Folders• Public folders based on the mailbox

architecture • Single-master model

• Hierarchy is stored in a PF mailbox (one writeable)• Content can be broken up and placed in multiple

mailboxes• The hierarchy folder points to the target content

mailbox• Because it’s a mailbox, it’s in a mailbox

database…thus,• High availability achieved through continuous

replication• No separate replication mechanism

• Similar administrative features to current PFs• No end-user changes

MBX2013

CAS2013

MBX2013

MBX2013

Public logon

Private logon

Public logon

Content MailboxHierarchy

Mailbox

Modern Public Folders• 1 - User connects to their home

Public Folder mailbox first, which should be located near their primary mailbox.

• 2- Folder contents live in one specific mailbox for that folder. All content operations are redirected to the mailbox for that folder

• 3 – Folder hierarchy changes are intercepted and written to writeable copy of Public Folder hierarchy

• 4 – All Public Folder mailboxes listen for hierarchy changes and update similar to Outlook clients

• 5 - When a Public Folder mailbox gets full, move some folders to a new mailbox

12 3 5

4

Copyright© Microsoft Corporation

New Search Infrastructure

Uses FAST

Significantly improved query performance

Significantly improved indexing performance

FAST Primer

FAST Core

Catalog

CTS

Incoming Documents

Filter Word Break

Content

XForm

MARS Write

r

Incoming Queries

“CTS Flow”

IMSContent XForm

Query Parse

“IMS Flow”

Resu

lts

Mailbox

DB

Idx

Passive

Exchange Search InfrastructureTransport

Transport CTS

MailboxStore

DB

Index Node

Idx

ExSearch

Loca

l Deli

very

Relia

ble

Even

t

CTS

Read Content

MBX2013

LogLog

MBX2013

Back-end Transport ServiceArchitecture

Transport Components• Transport on Mailbox server is three services

• Microsoft Exchange Transport - Stateful and handles SMTP mail flow for the organization and performs content inspection

• Microsoft Exchange Mailbox Transport Delivery - Receives mail from the Transport service and deliveries to the mailbox database

• Microsoft Exchange Mailbox Transport Submission - Takes mail from the mailbox databases and submits to the Transport service

• Transport has the following responsibilities• Receives all inbound mail to the organization• Submits all outbound mail from the organization• Handles all internal message processing such as transport rules, content filtering,

and antivirus• Performs mail flow routing• Queue messages• Supports SMTP extensibility

Transport Service Architecture

Transport Pipeline

SMTP to MBX Transport Submission

SMTP from MBX Transport Delivery

SMTP SMTP

Delivery Agents for other protocols

Submission Queue

Delivery Queue

Delivery Queue

Pickup/Replay

CategorizerRouting Agents

SMTP SendSMTP Receive

Protocol Agents

Mailbox Transport SubmissionMailbox Transport Delivery

Mailbox Transport Component Architecture

Mailbox Transport Pipeline

Store Driver Deliver

MBX Deliver Agents

SMTP SendSMTP Receive

Hub Selector (Router)

Store Driver Submit

MBX Assistants

MBX Submit Agents

MAPI MAPIMailbox Store

SMTP to Transport Service

SMTP from Transport Service

Mailbox Transport Component• Two separate services to handle mail submissions (from

the store) and mail delivery (from the Transport service)• Mailbox Assistant and Store Driver combined• Leverages SMTP (encrypted) for communication with the

Transport component and TCP465 for inbound traffic• Leverages local RPC for delivery to store• Is stateless and does not have a persistent storage

mechanism

Every message is redundantly persisted before its receipt is acknowledged to the senderDelivered messages are kept redundant in transport, similar to active messagesEvery DAG represents a transport HA boundary and owns its HA implementationIf you have a stretched DAG, you also have transport site resilienceResubmits due to transport DB loss or MDB *over are fully automatic and do not require any manual involvement

Transport High Availability Improvements

45

Mail Delivery Flow

DAGMBX1

MBX Transport

Transport

DB2DB1MBX2

MBX Transport

Transport

DB2DB1DB1 DB1

MAPI MAPI

SMTP

AutodiscoverProtocol Flows

CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence - Autodiscover (External clients)

autodiscover.contoso.com

PROXY

Clients

E2010/E2007 MBXE2010 MBX

Internet facing siteE2013 MBX

E2013 CAS

Intranet siteE2010 MBX

E2010 CAS E2010 CAS

PROXYCAS 2010 handles request

CAS 2010 handles request

CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence - Autodiscover (External clients)

autodiscover.contoso.com

PROXY

Clients

E2010/E2007 MBXE2007 MBX

Internet facing siteE2013 MBX

E2013 CAS

Intranet siteE2007 MBX

E2007 CAS E2007 CAS

MBX 2013 handles request

CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence - Autodiscover (Internal clients)

Internal LB namespace

PROXY

Outlook Clients

E2010/E2007 MBXE2010 MBX

Internet facing siteE2013 MBX

E2013 CAS

Intranet siteE2010 MBX

E2010 CAS E2010 CAS

PROXYCAS 2010 handles request

CAS 2010 handles request

Lookup SCP records in AD

CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence - Autodiscover (Internal clients)

Internal LB namespace

Outlook Clients

E2010/E2007 MBXE2007 MBX

Internet facing siteE2013 MBX

E2013 CAS

Intranet siteE2007 MBX

E2007 CAS E2007CAS

MBX 2013 handles request

Lookup SCP records in AD

OutlookProtocol Flows

Internal Outlook Connectivity• No changes to 2007/10 – still direct to mailbox

(2007) and RPC Client Access on CAS (2010)• 2013 users use Outlook Anywhere inside and out• AutoDiscover 2013 hands back two EXHTTP nodes

for 2013 users, one for Internal OA, one for external – client starts at the top of the list and works down

CAS2013 Client Protocol Connectivity FlowExchange Server 2007 and 2010 Coexistence - Outlook Anywhere

mail.contoso.com

HTTPPROXY

Clients

E2010/E2007 MBXE2010/E2007

MBX Internet facing siteE2013 MBX

E2013 CAS

RPC/HTTP

Intranet siteE2010/E2007

MBX

Enable OAClient Auth: BasicIIS Auth: Basic

E2010/E2007 CAS Enable OA

Client Auth: BasicIIS Auth: Basic

E2010/E2007 CAS

HTTPPROXY 2. Client Settings

Make 2007/2010 client settings the same as 2013 Server

3. IIS Authentication Methods

Must include NTLMRPC

NTLM NTLM

Enable OAClient Auth: BasicIIS Auth: Basic

RPC

RPC/HTTP

1. Enable Outlook AnywhereOn intranet 2007/2010 servers

OWAProtocol Flows

CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence - OWA

mail.contoso.comLayer 4 LB

HTTPPROXY

OWA

E2010/E2007 MBXE2010 MBX

Internet facing siteE2013 MBX

E2013 CAS

Intranet siteE2010 MBX

E2010 CAS E2010 CAS

HTTPPROXY

Same site proxy request

Cross site proxy request

Auth2013 logon page

europe.mail.contoso.com

Layer 7 LB

Auth2010 logon page

RPC RPC

CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence - OWA

mail.contoso.comLayer 4 LB

OWA

E2010/E2007 MBXE2007 MBX

Internet facing siteE2013 MBX

E2013 CAS

Intranet siteE2007 MBX

E2007 CAS E2007 CAS

HTTPPROXY

Auth2007 logon page

Auth2013 logon page

europe.mail.contoso.com

Layer 7 LB

Auth2007 logon page

RPC RPC

legacy.mail.contoso.com

Layer 7 LB

EWS/EASProtocol Flows

CAS2013 Client Protocol Connectivity FlowExchange Server 2010 Coexistence – EAS/EWS

Layer 4 LBmail.contoso.com

HTTPPROXY

EAS/EWS

E2010/E2007 MBXE2010 MBX

Internet facing siteE2013 MBX

E2013 CAS

Intranet siteE2010 MBX

E2010 CAS E2010 CAS

HTTPPROXY

Same site proxy request

Cross site proxy request

Layer 7 LBeurope.mail.contoso.co

m

CAS2013 Client Protocol Connectivity FlowExchange Server 2007 Coexistence – EAS, EWS

Layer 4 LBmail.contoso.com

EAS, EWS

E2010/E2007 MBXE2007 MBX

Internet facing siteE2013 MBX

E2013 CAS

Intranet siteE2007 MBX

E2007 CAS E2007 CAS

Layer 7 LBeurope.mail.contoso.co

mLayer 7 LBlegacy.mail.contoso.co

m

Protocol Flow Summary• Basic principles to apply are;• Co-Existence with 2010 – CAS 2013 proxies all traffic to

CAS 2010• Co-Existence with 2007 – CAS 2013 redirects most traffic

to CAS 2007, proxies AutoDiscover, POP and IMAP• We no longer do HTTP 451 redirects• We hand out site specific URL’s if they are set, but if a

client comes to the wrong place, we just proxy and make it work

Namespace planning

Namespace Planning Principles• Exchange Server 2013 gives you a greater possibility of creating

simplified namespaces as CAS will proxy in more scenarios• Assuming you have the network and DNS infrastructure to support it

that is… • Single flat namespaces typically make more sense externally than

internally though really, it’s only OWA where this makes sense• Our guidance is to make internal and external namespace designs the

same if you can, as it makes troubleshooting easier• Or if you cannot, use regional/site namespaces, including cases where

you want to control traffic• Remember AutoDiscover masks a lot of the URL’s clients need

A Single External Namespace ExampleGeographical DNS Solution

Sue (somewhere in

NA) DNS Resolution

DAG

VIP #1 VIP #2

Sue (traveling in APAC)DNS Resolution via Geo-

DNSRound-Robin between # of VIPs

DAG

VIP #3 VIP #4

mail.contoso.comRound-Robin between # of VIPs

Multiple Namespace ExampleSue

(somewhere in NA)

DAG

VIP #1 VIP #2

Sue (traveling in APAC)

Round-Robin between # of

VIPs

DAG

VIP #3 VIP #4

na.contoso.com emea.contoso.com

Sue (somewher

e in NA)Sue (traveling in APAC)

Round-Robin between # of

VIPsna.contoso.local emea.contoso.local

Deploying Exchange 2013Deployment

Exchange 2013 Prerequisites• Supported coexistence scenarios• Exchange Server 2010 SP3*• Exchange Server 2007 SP3 (+ coexistence RU*)

• Supported client access methods• Outlook 2013, Outlook 2010, Outlook 2007• RPC over HTTP is only method of connectivity for Outlook

clients• Entourage 2008 for Mac, Web Services Edition• Outlook for Mac 2011

Exchange 2013 Prerequisites• Active Directory• Windows Server 2003 forest functional level or higher• At least one Windows 2003 SP2 or later GC/DC in each site• No support for RODC or ROGC

• Supported Namespaces• Contiguous• Disjoint• Single label domain• Non-contiguous

Exchange 2013 Prerequisites• Operating System (64-bit)• Windows Server 2008 R2 SP1 Standard or Enterprise• Standard - for Exchange 2013 Client Access servers• Enterprise - for Exchange 2013 Mailbox servers in a DAG

• Windows Server 2012 Standard or Datacenter• Other IIS and OS components• .NET Framework 4.5• Windows Management Framework 3.0• Unified Communications Managed API (UCMA) 4.0

Upgrade to Exchange 2013 from Exchange 2010

SP3

E2010 CAS

E2010 HUB

E2010 MBX

Clients

Internet facing site – Upgrade first

autodiscover.contoso.commail.contoso.com

Intranet site

Exchange 2010 Servers

SP3

1. PrepareInstall Exchange 2010 SP3 across the ORGValidate existing Client Access using ExRCA and built-in Test cmdletsPrepare AD with E2013 schema

4. Switch primary namespace to Exchange 2013 CAS

E2013 fields all traffic, including traffic from Exchange 2010 usersValidate using Remote Connectivity Analyzer5. Move MailboxesBuild out DAGMove E2010 users to E2013 MBX

6. Repeat for additional sites

2. Deploy Exchange 2013 serversInstall both E2013 MBX and CAS servers

SP3

SP3

E2013 CAS

E2013MBX

3. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers

1 2 4

3

5 6

Upgrade to Exchange 2013 from Exchange 2007

RU

E2007 SP3 CAS

E2007 SP3 HUB

E2007 SP3 MBX

Clients

Internet facing site – Upgrade first

autodiscover.contoso.commail.contoso.com

Intranet site

Exchange 2007 Servers

RU

1. PrepareInstall Exchange 2007 SP3 + RU across the ORGPrepare AD with E2013 schema and validate

5. Switch primary namespace to Exchange 2013 CAS

Validate using Remote Connectivity Analyzer6. Move MailboxesBuild out DAG Move E2007 users to E2013 MBX

7. Repeat for additional sites

2. Deploy Exchange 2013 serversInstall both E2013 MBX and CAS servers

RU

RU

E2013 CAS

E2013MBX

3. Create Legacy namespaceCreate DNS record to point to legacy E2007 CAS

4. Obtain and Deploy CertificatesObtain and deploy certificates on E2013 Client Access Servers configured with legacy namespace, E2013 namespace and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS

legacy.contoso.com3

1 2 5

4

6 7

Upgrading to Exchange Server 2013

SP/RU

E2010 or 2007CAS

E2010 or 2007 HUB

E2010 or 2007 MBX

Clients

Internet facing site – Upgrade first

autodiscover.contoso.commail.contoso.com

Intranet site

Exchange 2010 or 2007 Servers

SP/RU

1. PrepareInstall Exchange SP and/or updates across the ORGPrepare AD with E2013 schema and validate

5. Switch primary namespace to Exchange 2013 CAS6. Move Mailboxes

7. Repeat for additional sites

3. Create Legacy namespace

4. Obtain and Deploy Certificates

12. Deploy Exchange 2013 servers

Exchange Server 2013 SetupInstall both MBX and CAS ServersMBX performs PowerShell commandsCAS is proxy only

Exchange 2013 SetupGUI or command lineIn-place upgrades are not supportedUpdated to reflect Exchange 2013 roles

ParametersNew required parameter for license terms acceptance

Install−Setup.exe /mode:install /roles:clientaccess

−Setup.exe /mode:install /roles:mailbox

−Setup.exe /mode:install /roles:ManagementTools

Other required parameter- /IAcceptExchangeServerLicenseTerms

12

Certificates - Best Practices• Minimize the number of certificates

• Minimize number of hostnames• Use split DNS for Exchange hostnames

• Don’t list machine hostnames in certificate hostname list• Use Load Balance (LB) arrays for intranet and internet

access to servers

• Use Subject Alternative Name (SAN) certificate

Certificates 14

Preparing for Client Access Server Upgrade• Validate legacy namespace creation• Configure Load balancing• Layer 7 load balancers are no longer required for primary

Exchange 2013 namespace• Layer 4 is supported and recommended• Legacy namespace is separate VIP configured with Layer 7

load balancing• Configure the AutoDiscoverServiceInternalUri on Exchange

2013 CAS Servers to a LB value• Configure AutoDiscoverSiteScope

15

Switching to new Client Access Servers• Update internal and external DNS to point Mail and

Autodiscover to CAS 2013 • Update publishing rules for legacy namespace• Use Remote Connectivity Analyzer to test access to

all CAS servers • Test both externally and internally

15

Exchange 2013 Public Folders• Database-centered architecture replaced by mailbox• Existing Public Folders can be migrated to Exchange 2013• Public Folder Replication is removed• End user experience doesn’t change

• Public Folders are not supported in Exchange 2013 OWA• Migrate Public Folder users before Public Folders• Exchange 2013 users can access Exchange 2010/Exchange 2007

Public Folders• Exchange 2010/Exchange 2007 users cannot access Exchange 2013

Public Folders• Migration of Public Folders is a cut-over migration• Similar to online mailbox moves

Public Folder Migration Process• Analyze existing Public Folders • Tool available to analyze existing Public Folder hierarchy to

determine how many Exchange 2013 Public Folder mailboxes are recommended

• Copy Public Folder data• Users continue to access existing Public Folder deployment while

data is copied• Data migration happens in the background

• Switch clients to Exchange 2013 Public Folders • There will be a short downtime while the migration is finalized

Once migration completes, everyone switches at the same time• Can switch back, but any post migration Public Folder changes are

lost

Managing Coexistence • Use the Exchange 2013 Administration Center (EAC)

to:• Manage Exchange 2013 mailboxes• View and update Exchange 2010/2007 mailboxes and

properties (with a few limitations)

• Use Exchange 2010/2007 Management Console (EMC) to create mailboxes or perform new operations

Upgrade and Coexistence Summary• Updates are required for Exchange 2013

coexistence• Exchange 2010 Service Pack 3 (Q1 2013)• Exchange 2007 SP3 with a coexistence rollup (RU)

• Exchange 2007 requires a legacy namespace when coexisting with Exchange 2013

• Certificate deployment and management is improved

• Exchange 2013 Public Folders now utilize the mailbox architecture and require migration planning

Thank you!