welcome to the exchange 2013 webcast deployment & coexistence
TRANSCRIPT
Welcome to the Exchange 2013 Webcast
Deployment & Coexistence
Exchange 2013 Deployment and Coexistence
Brian Day, Senior Program Manager
Agenda Fundamentals of Deployment
Upgrade and Coexistence
Public Folder Migrations
Tips and Q&A
Fundamentals of Deployment
Exchange 2013 Prerequisites• Supported coexistence scenarios (Requires 2013 CU1)
Exchange Server 2010 SP3 Exchange Server 2007 SP3 RU10
• Supported major clients Outlook 2013 Outlook 2010 SP1 with Nov 2012 Public Update (or later) applied Outlook 2007 SP3 with Nov 2012 Public Update (or later) applied
Note: RPC over HTTPS is the only method of connectivity for Windows Outlook clients Entourage 2008 for Mac, Web Services Edition Outlook for Mac 2011
Exchange 2013 Prerequisites• Active Directory
Windows Server 2003 forest functional level or higher At least one Windows 2003 SP2 or later GC/DC in each site with
Exchange installed No support for RODC or ROGC
• Supported Namespaces Contiguous Dis-contiguous (also known as Non-Contiguous) Disjoint Single label domain Definitions:
http://technet.microsoft.com/en-us/library/cc731125(v=WS.10).aspx
Exchange 2013 Prerequisites• Operating System (64-bit)
Windows Server 2008 R2 SP1 Standard or Enterprise Standard - for Exchange 2013 Client Access servers Enterprise - for Exchange 2013 Mailbox servers in a DAG
Windows Server 2012 Standard or Datacenter
• Other IIS and OS components• .NET Framework 4.5• Windows Management Framework 3.0• Unified Communications Managed API (UCMA)
4.0
Upgrade and Coexistence
Functional Layering
AuthN, Proxy, Re-direct
Protocols, API, Biz-logic
Assistants, Store, CI
Exchange 2010Architecture
AuthN, Proxy, Re-direct
Store, CI
Protocols, Assistants,
API, Biz-logic
Exchange 2013Architecture
Client Access
Mailbox
Client AccessHub Transport,
Unified Messaging
Mailbox
HardwareLoad Balancer
L4 LB
L7 LB
Upgrading to Exchange 2013From an existing Exchange 2010 environment
SP3
E2010 CAS
E2010 HUB
E2010 MBX
Clients
Internet-facing site – upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 Servers
SP3
1. Prepare
Install Exchange 2010 SP3 across the ORG
Prepare AD with Exchange 2013 CU1 schema
Validate existing Client Access using Remote Connectivity Analyzer and test connectivity cmdlets
4. Switch primary namespace to Exchange 2013 CAS
Exchange 2013 fields all traffic, including traffic from Exchange 2010 users
Validate using Remote Connectivity Analyzer5. Move Mailboxes
Build out DAG
Move Exchange 2010 users to Exchange 2013 MBX6. Repeat for additional sites
2. Deploy Exchange 2013 CU1 servers
Install both Exchange 2013 MBX and CAS roles
SP3
SP3
E2013 CAS
E2013MBX
3. Obtain and deploy certificates
Obtain and deploy certificates on Exchange 2013 Client Access Servers
1 2 4
3
5 6
10
Upgrading to Exchange 2013From an existing Exchange 2007 environment
RU10
E2007 SP3 CAS
E2007 SP3 HUB
E2007 SP3 MBX
Clients
Internet-facing site – upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2007 Servers
RU10
1. Prepare
Install Exchange 2007 SP3 + RU10 across the ORG
Prepare AD with Exchange 2013 CU1 schema
5. Switch primary namespace to Exchange 2013 CAS
Validate using Remote Connectivity Analyzer6. Move mailboxes
Build out DAG
Move Exchange 2007 users to Exchange 2013 MBX7. Repeat for additional sites
2. Deploy Exchange 2013 CU1 servers
Install both Exchange 2013 MBX and CAS servers
RU10
RU10
E2013 CAS
E2013MBX
3. Create legacy namespace Create DNS record to point to legacy Exchange 2007 CAS4. Obtain and Deploy Certificates
Obtain and deploy certificates on Exchange 2013 CAS servers configured with legacy namespace, Exchange 2013 namespace, and autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com3
1 2 5
4
6 7
11
Upgrading to Exchange 2013 (Cont’d)
SP/RU
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet facing site – Upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
SP/RU
1. PrepareInstall Exchange SP and/or updates across the orgPrepare AD with Exchange 2013 CU1 schema and validate
5. Switch primary namespace to Exchange 2013 CAS6. Move mailboxes
7. Repeat for additional sites
3. Create legacy namespace
4. Obtain and deploy certificates
12. Deploy Exchange 2013 CU1 servers
12
Install coexistence update on all servers in the organizationInstall Exchange 2010 SP3 and/or Exchange 2007 SP3 RU10 across the org.
Extend Active Directory Schema for Exchange 2013 CU1
Upgrade the Exchange Organization to Exchange 2013 CU1
Prepare domains for Exchange 2013 CU1 mail enabled objects
Validate existing client access using MS Connectivity Analyzer and Test-*connectivity cmdlets in EMS.http://www.exrca.com
Preparing for Exchange 2013 Prepare
1
13
Upgrading to Exchange 2013 (Cont’d)
SP/RU
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet-facing site – upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
SP/RU
1. Prepare
Install Exchange SP and/or updates across the org
Prepare AD with Exchange 2013 CU1 schema
5. Switch primary namespace to Exchange 2013 CAS6. Move mailboxes
7. Repeat for additional sites
2. Deploy Exchange 2013 servers
Install both E2013 MBX and CAS servers
E2013 CAS
E2013MBX
3. Create legacy namespace
4. Obtain and deploy certificates
22. Deploy Exchange 2013 CU1 servers
Install both Exchange 2013 MBX and CAS servers
14
Install both MBX and CAS ServersMBX performs PowerShell commandsCAS is proxy only
Exchange 2013 SetupGUI or command lineIn-place upgrades not supportedUpdated to reflect Exchange 2013 rolesCannot change roles later on
ParametersNew required parameter for license terms acceptance
Exchange 2013 Setup
Install
−Setup.exe /mode:install /roles:clientaccess
−Setup.exe /mode:install /roles:mailbox
−Setup.exe /mode:install /roles:ManagementTools
Other required parameter
- /IAcceptExchangeServerLicenseTerms
12
15
Upgrading to Exchange 2013 (Cont’d)
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet-facing site – upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the org
Prepare AD with Exchange 2013 CU1 schema
5. Switch primary namespace to Exchange 2013 CAS6. Move mailboxes
7. Repeat for additional sites
2. Deploy Exchange 2013 CU1 servers
Install both Exchange 2013 MBX and CAS servers
E2013 CAS
E2013MBX
4. Obtain and deploy certificates
legacy.contoso.com3
3. Create legacy namespace
SP/RU
SP/RU
16
Required only for Exchange 2007 coexistenceUsed to access Exchange 2007 resources during coexistence
Create DNS record in internal and external DNS for legacy namespacelegacy.contoso.com
Validate legacy namespace creation via MS Connectivity Analyzerhttp://testconnectivity.microsoft.com
Create Legacy Namespace 13
17
Upgrading to Exchange 2013 (Cont’d)
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet-facing site – upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the org
Prepare AD with Exchange 2013 CU1 schema
5. Switch primary namespace to Exchange 2013 CAS6. Move mailboxes
7. Repeat for additional sites
2. Deploy Exchange 2013 CU1 servers
Install both Exchange 2013 MBX and CAS servers
E2013 CAS
E2013MBX
4. Obtain and deploy certificatesObtain and deploy certificates on Exchange 2013 CAS configured with legacy namespace, Exchange 2013 namespace, and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com
4
3. Create legacy namespace
SP/RU
SP/RU
18
New End-to-end Certificate Wizard in the Exchange Administration Center (EAC)End-to-end certificate request creation
Allows importing of certificate with private key to any CAS in the org
EAC provides notification when an Exchange 2013 Client Access server’s certificate(s) is about to expireFirst notification shown 30 days prior to expiration
Subsequent notifications provided daily
Certificates 14
19
Minimize the number of certificates
Minimize number of host namesUse split DNS for Exchange host names
mail.contoso.com for Exchange connectivity on intranet and Internetmail.contoso.com has different IP addresses in intranet/Internet DNS
Don’t list machine host names in certificate host name listUse load-balanced (LB) arrays for intranet and Internet access to servers
Use “Subject Alternative Name” (SAN) certificate
Certificates - Best Practices Certificates 14
20
Upgrading to Exchange 2013 (Cont’d)
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet-facing site – upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the org
Prepare AD with Exchange 2013 CU1 schema
5. Switch primary namespace to Exchange 2013 CAS
Validate using Remote Connectivity Analyzer6. Move mailboxes
7. Repeat for additional sites
2. Deploy Exchange 2013 CU1 servers
Install both Exchange 2013 MBX and CAS servers
E2013 CAS
E2013MBX
4. Obtain and deploy certificatesObtain and deploy certificates on Exchange 2013 CAS configured with legacy namespace, Exchange 2013 namespace, and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com
3. Create legacy namespace
SP/RU
SP/RU
5
21
Client Access Server Upgrade• Validate legacy namespace creation in DNS
Name is reachable internally and externally from numerous Internet DNS servers
• Configure Load balancing Layer 7 load balancers are no longer required for Exchange 2013
namespace. “No Affinity” is supported and recommended for 2013. Simple TCP Session
only. Legacy namespace is a separate VIP configured with Layer 7 load
balancing Configure the AutoDiscoverServiceInternalUri of each Exchange
2013 CAS to a load balanced value Configure the AutoDiscoverSiteScope of each Exchange 2013 CAS to
cover additional AD sites if necessary besides the installation site
Switching to new Client Access Servers• Lower TTL on existing DNS records in advance• Create publishing rules for legacy namespace• Update internal and external DNS to point Mail
and Autodiscover records to CAS 2013 • Update publishing rules for new 2013 Servers• Outlook Anywhere switchover to 2013• Use MS Connectivity Analyzer to validate access
is working https://testconnectivity.microsoft.com/ Test internally and externally as well as Exchange 2013 and legacy
Exchange mailboxes
Exchange 2013 OWA Client Connectivity FlowExchange 2010 Coexistence
Layer 4 LB
E2013 CAS
IIS
HTTP Proxy
E2013 MBX
Protocol Head
DB
E2010 CAS
Protocol Head
E2010 MBX
Store
DB
Site
Boundary
E2010 CAS
Protocol Head
E2010 MBX
Store
DB
RPC RPC
Cross-Site Proxy Request
Layer 7 LB
Cross-Site
Redirect Request
OWAeurope.mail.contoso.commail.contoso.com
24
Exchange 2013 OWA Client Connectivity FlowExchange 2007 Coexistence
Layer 4 LB
E2013 CAS
IIS
HTTP Proxy
E2013 MBX
Protocol Head
DB
E2007 CAS
Protocol Head
E2007 MBX
Store
DB
Site
Boundary
E2007 CAS
Protocol Head
E2007MBX
Store
DB
RPC RPC
Layer 7 LB
Cross-Site
Redirect Request
OWA
Layer 7 LBlegacy.contoso.com mail.contoso.com europe.mail.contoso.com
Cross-Site Proxy Request
25
Load Balancer
Layer 7 LB
mail.contoso.com
HTTPPROXY
RPC/HTTP
Clients
E2007/E2010 MBX
Internet-facing site
RPC/HTTP
Intranet-facing site
E2007/E2010 MBX
OA Enabled OA EnabledClient SettingsIIS Auth: NTLM
E2007/E2010 CAS OA
Client SettingsIIS Auth:
E2007/E2010 CAS
HTTPPROXY
3. Client settings
Make legacy OA settings the same as 2013 CAS so all clients get the same proxy hostname
1. Enable Outlook Anywhere on all legacy CAS2. IIS authentication methods
IIS Auth must have NTLM enabled on all legacy CAS
RPC
Client Auth: BasicIIS Auth: Basic
NTLM
E2013 CU1 CAS
E2013 CU1 MBX
RPCRPC
DisabledEnabled
NTLM
4. DNS cutoverA low TTL on the existing
record the days prior to the cutover is a good idea.
Switching OA to CAS 2013
CAS 2013 Client Protocol Connectivity FlowLegacy Coexistence
Protocol Exchange 2007 user accessing Exchange 2010 namespace
Exchange 2007 user accessing Exchange 2013 namespace
Exchange 2010 user accessing Exchange 2013 namespace
Requires Legacy namespace Legacy namespace No additional namespaces
OWA • Same AD site: silent or SSO FBA redirect• Externally facing AD site: manual or
silent/SSO Cross-site redirect• Internally facing AD site: proxy
Non-silent redirect (not SSO) to CAS 2007 externally facing URL
• Proxy to CAS 2010• Cross-site silent redirect (not SSO), which
may redirect to CAS 2010 or CAS 2013
EAS • EAS v12.1+ : Autodiscover & redirect • Older EAS devices: proxy
Proxy to MBX 2013 Proxy to CAS 2010
Outlook Anywhere
Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010
Autodiscover Exchange 2010 answers Autodiscover query for 2007 User
Exchange 2013 answers Autodiscover query for 2007 User
Proxy to CAS 2010
EWS Uses Autodiscover to find CAS 2007 EWS External URL
Uses Autodiscover to find CAS 2007 EWS External URL
Proxy to CAS 2010
POP/IMAP Proxy Proxy to CAS 2007 Proxy to CAS 2010
OAB Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010
RPS n/a n/a Proxy to CAS 2010
ECP n/a n/a • Proxy to CAS 2010• Cross-site redirect, which may redirect to
CAS 2010 or CAS 2013
27
Upgrading to Exchange 2013 (Cont’d)
E2010 or 2007CAS
E2010 or 2007 HUB
E2010 or 2007 MBX
Clients
Internet-facing site – upgrade first
autodiscover.contoso.commail.contoso.com
Intranet site
Exchange 2010 or 2007 Servers
1. Prepare
Install Exchange SP and/or updates across the org
Prepare AD with Exchange 2013 CU1 schema
5. Switch primary namespace to Exchange 2013 CAS
Validate using Remote Connectivity Analyzer6. Move mailboxes
Build out DAG
Move users to Exchange 2013 MBX
7. Repeat for additional sites
2. Deploy Exchange 2013 CU1 servers
Install both Exchange 2013 MBX and CAS servers
E2013 CAS
E2013MBX
4. Obtain and deploy certificatesObtain and deploy certificates on Exchange 2013 CAS configured with legacy namespace, Exchange 2013 namespace, and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS
legacy.contoso.com
3. Create legacy namespace
SP/RU
SP/RU
6
28
Exchange 2013 Mailbox Moves
New Migration ServiceProvides additional functionality to orchestrate moves such as batch managementProvides migration reporting Provides retry semantics
New cmdlets New-MigrationBatchGet-MigrationUserStatistics
Also available from EAC
Public Folders Manageability
Exchange 2013 Public Folders• Database-centered architecture replaced by mailbox
Existing Public Folders can be migrated to Exchange 2013 Public Folder Replication is removed End user experience doesn’t change
• Migrate Public Folder users before Public Folders Exchange 2013 users can access Exchange 2010/Exchange 2007
Public Folders Exchange 2010/Exchange 2007 users cannot access Exchange 2013
Public Folders Migration of Public Folders is a cut-over migration Similar to online mailbox moves
Public Folder Migration Process• Analyze existing Public Folders
Tool available to analyze existing Public Folder hierarchy to determine how many Exchange 2013 Public Folder mailboxes are recommended
• Copy Public Folder data Users continue to access existing Public Folder deployment while
data is copied Data migration happens in the background
• Switch clients to Exchange 2013 Public Folders There will be a short downtime while the migration is finalized
Once migration completes, everyone switches at the same time Can switch back, but any post migration Public Folder changes are
lost
Managing Coexistence • Use the Exchange 2013 Administration Center
(EAC) to: Manage Exchange 2013 mailboxes View and update Exchange 2010/2007 mailboxes and properties
(with a few limitations)
Use Exchange 2010/2007 Management Console (EMC) to create mailboxes or perform new operations
Added Tips• Avoid OAB re-downloads• Mailbox size increases• SMTP Mail Flow timing• Prep once using the CU1 bits when available• Use https://testconnectivity.microsoft.com/ a lot• Publishing Exchange 2013 with TMG or UAG
Minor changes around a new logoff URL and Office Apps with Outlook 2013
http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx
Q&A
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.