welcome to the exchange 2013 webcast deployment & coexistence

Welcome to the Exchange 2013 Webcast

Deployment & Coexistence

Exchange 2013 Deployment and Coexistence

Brian Day, Senior Program Manager

Agenda Fundamentals of Deployment

Upgrade and Coexistence

Public Folder Migrations

Tips and Q&A

Fundamentals of Deployment

Exchange 2013 Prerequisites• Supported coexistence scenarios (Requires 2013 CU1)

Exchange Server 2010 SP3 Exchange Server 2007 SP3 RU10

• Supported major clients Outlook 2013 Outlook 2010 SP1 with Nov 2012 Public Update (or later) applied Outlook 2007 SP3 with Nov 2012 Public Update (or later) applied

Note: RPC over HTTPS is the only method of connectivity for Windows Outlook clients Entourage 2008 for Mac, Web Services Edition Outlook for Mac 2011

Exchange 2013 Prerequisites• Active Directory

Windows Server 2003 forest functional level or higher At least one Windows 2003 SP2 or later GC/DC in each site with

Exchange installed No support for RODC or ROGC

• Supported Namespaces Contiguous Dis-contiguous (also known as Non-Contiguous) Disjoint Single label domain Definitions:

http://technet.microsoft.com/en-us/library/cc731125(v=WS.10).aspx



Exchange 2013 Prerequisites• Operating System (64-bit)

Windows Server 2008 R2 SP1 Standard or Enterprise Standard - for Exchange 2013 Client Access servers Enterprise - for Exchange 2013 Mailbox servers in a DAG

Windows Server 2012 Standard or Datacenter

• Other IIS and OS components• .NET Framework 4.5• Windows Management Framework 3.0• Unified Communications Managed API (UCMA)

4.0

Upgrade and Coexistence

Functional Layering

AuthN, Proxy, Re-direct

Protocols, API, Biz-logic

Assistants, Store, CI

Exchange 2010Architecture

AuthN, Proxy, Re-direct

Store, CI

Protocols, Assistants,

API, Biz-logic

Exchange 2013Architecture

Client Access

Mailbox

Client AccessHub Transport,

Unified Messaging

Mailbox

HardwareLoad Balancer

L4 LB

L7 LB

Upgrading to Exchange 2013From an existing Exchange 2010 environment

SP3

E2010 CAS

E2010 HUB

E2010 MBX

Clients

Internet-facing site – upgrade first

autodiscover.contoso.commail.contoso.com

Intranet site

Exchange 2010 Servers

SP3

1. Prepare

Install Exchange 2010 SP3 across the ORG

Prepare AD with Exchange 2013 CU1 schema

Validate existing Client Access using Remote Connectivity Analyzer and test connectivity cmdlets

4. Switch primary namespace to Exchange 2013 CAS

Exchange 2013 fields all traffic, including traffic from Exchange 2010 users

Validate using Remote Connectivity Analyzer5. Move Mailboxes

Build out DAG

Move Exchange 2010 users to Exchange 2013 MBX6. Repeat for additional sites

2. Deploy Exchange 2013 CU1 servers

Install both Exchange 2013 MBX and CAS roles

SP3

SP3

E2013 CAS

E2013MBX

3. Obtain and deploy certificates

Obtain and deploy certificates on Exchange 2013 Client Access Servers

1 2 4

3

5 6

10

Upgrading to Exchange 2013From an existing Exchange 2007 environment

RU10

E2007 SP3 CAS

E2007 SP3 HUB

E2007 SP3 MBX

Clients



Intranet site

Exchange 2007 Servers

RU10

1. Prepare

Install Exchange 2007 SP3 + RU10 across the ORG



Validate using Remote Connectivity Analyzer6. Move mailboxes

Build out DAG

Move Exchange 2007 users to Exchange 2013 MBX7. Repeat for additional sites


Install both Exchange 2013 MBX and CAS servers

RU10

RU10

E2013 CAS

E2013MBX

3. Create legacy namespace Create DNS record to point to legacy Exchange 2007 CAS4. Obtain and Deploy Certificates

Obtain and deploy certificates on Exchange 2013 CAS servers configured with legacy namespace, Exchange 2013 namespace, and autodiscover namespaceDeploy certificates on Exchange 2007 CAS

legacy.contoso.com3

1 2 5

4

6 7

11

Upgrading to Exchange 2013 (Cont’d)

SP/RU

E2010 or 2007CAS

E2010 or 2007 HUB

E2010 or 2007 MBX

Clients

Internet facing site – Upgrade first


Intranet site

Exchange 2010 or 2007 Servers

SP/RU

1. PrepareInstall Exchange SP and/or updates across the orgPrepare AD with Exchange 2013 CU1 schema and validate

5. Switch primary namespace to Exchange 2013 CAS6. Move mailboxes

7. Repeat for additional sites

3. Create legacy namespace



12

Install coexistence update on all servers in the organizationInstall Exchange 2010 SP3 and/or Exchange 2007 SP3 RU10 across the org.

Extend Active Directory Schema for Exchange 2013 CU1

Upgrade the Exchange Organization to Exchange 2013 CU1

Prepare domains for Exchange 2013 CU1 mail enabled objects

Validate existing client access using MS Connectivity Analyzer and Test-*connectivity cmdlets in EMS.http://www.exrca.com

Preparing for Exchange 2013 Prepare

1

13


SP/RU

E2010 or 2007CAS

E2010 or 2007 HUB

E2010 or 2007 MBX

Clients



Intranet site


SP/RU

1. Prepare

Install Exchange SP and/or updates across the org




2. Deploy Exchange 2013 servers

Install both E2013 MBX and CAS servers

E2013 CAS

E2013MBX





14

Install both MBX and CAS ServersMBX performs PowerShell commandsCAS is proxy only

Exchange 2013 SetupGUI or command lineIn-place upgrades not supportedUpdated to reflect Exchange 2013 rolesCannot change roles later on

ParametersNew required parameter for license terms acceptance

Exchange 2013 Setup

Install

−Setup.exe /mode:install /roles:clientaccess

−Setup.exe /mode:install /roles:mailbox

−Setup.exe /mode:install /roles:ManagementTools

Other required parameter

- /IAcceptExchangeServerLicenseTerms

12

15


E2010 or 2007CAS

E2010 or 2007 HUB

E2010 or 2007 MBX

Clients



Intranet site


1. Prepare







E2013 CAS

E2013MBX


legacy.contoso.com3


SP/RU

SP/RU

16

Required only for Exchange 2007 coexistenceUsed to access Exchange 2007 resources during coexistence

Create DNS record in internal and external DNS for legacy namespacelegacy.contoso.com

Validate legacy namespace creation via MS Connectivity Analyzerhttp://testconnectivity.microsoft.com

Create Legacy Namespace 13

17


E2010 or 2007CAS

E2010 or 2007 HUB

E2010 or 2007 MBX

Clients



Intranet site


1. Prepare







E2013 CAS

E2013MBX

4. Obtain and deploy certificatesObtain and deploy certificates on Exchange 2013 CAS configured with legacy namespace, Exchange 2013 namespace, and Autodiscover namespaceDeploy certificates on Exchange 2007 CAS

legacy.contoso.com

4


SP/RU

SP/RU

18

New End-to-end Certificate Wizard in the Exchange Administration Center (EAC)End-to-end certificate request creation

Allows importing of certificate with private key to any CAS in the org

EAC provides notification when an Exchange 2013 Client Access server’s certificate(s) is about to expireFirst notification shown 30 days prior to expiration

Subsequent notifications provided daily

Certificates 14

19

Minimize the number of certificates

Minimize number of host namesUse split DNS for Exchange host names

mail.contoso.com for Exchange connectivity on intranet and Internetmail.contoso.com has different IP addresses in intranet/Internet DNS

Don’t list machine host names in certificate host name listUse load-balanced (LB) arrays for intranet and Internet access to servers

Use “Subject Alternative Name” (SAN) certificate

Certificates - Best Practices Certificates 14

20


E2010 or 2007CAS

E2010 or 2007 HUB

E2010 or 2007 MBX

Clients



Intranet site


1. Prepare








E2013 CAS

E2013MBX


legacy.contoso.com


SP/RU

SP/RU

5

21

Client Access Server Upgrade• Validate legacy namespace creation in DNS

Name is reachable internally and externally from numerous Internet DNS servers

• Configure Load balancing Layer 7 load balancers are no longer required for Exchange 2013

namespace. “No Affinity” is supported and recommended for 2013. Simple TCP Session

only. Legacy namespace is a separate VIP configured with Layer 7 load

balancing Configure the AutoDiscoverServiceInternalUri of each Exchange

2013 CAS to a load balanced value Configure the AutoDiscoverSiteScope of each Exchange 2013 CAS to

cover additional AD sites if necessary besides the installation site

Switching to new Client Access Servers• Lower TTL on existing DNS records in advance• Create publishing rules for legacy namespace• Update internal and external DNS to point Mail

and Autodiscover records to CAS 2013 • Update publishing rules for new 2013 Servers• Outlook Anywhere switchover to 2013• Use MS Connectivity Analyzer to validate access

is working https://testconnectivity.microsoft.com/ Test internally and externally as well as Exchange 2013 and legacy

Exchange mailboxes

https://testconnectivity.microsoft.com/


Exchange 2013 OWA Client Connectivity FlowExchange 2010 Coexistence

Layer 4 LB

E2013 CAS

IIS

HTTP Proxy

E2013 MBX

Protocol Head

DB

E2010 CAS

Protocol Head

E2010 MBX

Store

DB

Site

Boundary

E2010 CAS

Protocol Head

E2010 MBX

Store

DB

RPC RPC

Cross-Site Proxy Request

Layer 7 LB

Cross-Site

Redirect Request

OWAeurope.mail.contoso.commail.contoso.com

24

Exchange 2013 OWA Client Connectivity FlowExchange 2007 Coexistence

Layer 4 LB

E2013 CAS

IIS

HTTP Proxy

E2013 MBX

Protocol Head

DB

E2007 CAS

Protocol Head

E2007 MBX

Store

DB

Site

Boundary

E2007 CAS

Protocol Head

E2007MBX

Store

DB

RPC RPC

Layer 7 LB

Cross-Site

Redirect Request

OWA

Layer 7 LBlegacy.contoso.com mail.contoso.com europe.mail.contoso.com

Cross-Site Proxy Request

25

Load Balancer

Layer 7 LB

mail.contoso.com

HTTPPROXY

RPC/HTTP

Clients

E2007/E2010 MBX

Internet-facing site

RPC/HTTP

Intranet-facing site

E2007/E2010 MBX

OA Enabled OA EnabledClient SettingsIIS Auth: NTLM

E2007/E2010 CAS OA

Client SettingsIIS Auth:

E2007/E2010 CAS

HTTPPROXY

3. Client settings

Make legacy OA settings the same as 2013 CAS so all clients get the same proxy hostname

1. Enable Outlook Anywhere on all legacy CAS2. IIS authentication methods

IIS Auth must have NTLM enabled on all legacy CAS

RPC

Client Auth: BasicIIS Auth: Basic

NTLM

E2013 CU1 CAS

E2013 CU1 MBX

RPCRPC

DisabledEnabled

NTLM

4. DNS cutoverA low TTL on the existing

record the days prior to the cutover is a good idea.

Switching OA to CAS 2013

CAS 2013 Client Protocol Connectivity FlowLegacy Coexistence

Protocol Exchange 2007 user accessing Exchange 2010 namespace

Exchange 2007 user accessing Exchange 2013 namespace

Exchange 2010 user accessing Exchange 2013 namespace

Requires Legacy namespace Legacy namespace No additional namespaces

OWA • Same AD site: silent or SSO FBA redirect• Externally facing AD site: manual or

silent/SSO Cross-site redirect• Internally facing AD site: proxy

Non-silent redirect (not SSO) to CAS 2007 externally facing URL

• Proxy to CAS 2010• Cross-site silent redirect (not SSO), which

may redirect to CAS 2010 or CAS 2013

EAS • EAS v12.1+ : Autodiscover & redirect • Older EAS devices: proxy

Proxy to MBX 2013 Proxy to CAS 2010

Outlook Anywhere

Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010

Autodiscover Exchange 2010 answers Autodiscover query for 2007 User

Exchange 2013 answers Autodiscover query for 2007 User

Proxy to CAS 2010

EWS Uses Autodiscover to find CAS 2007 EWS External URL

Uses Autodiscover to find CAS 2007 EWS External URL

Proxy to CAS 2010

POP/IMAP Proxy Proxy to CAS 2007 Proxy to CAS 2010

OAB Direct CAS 2010 support Proxy to CAS 2007 Proxy to CAS 2010

RPS n/a n/a Proxy to CAS 2010

ECP n/a n/a • Proxy to CAS 2010• Cross-site redirect, which may redirect to

CAS 2010 or CAS 2013

27


E2010 or 2007CAS

E2010 or 2007 HUB

E2010 or 2007 MBX

Clients



Intranet site


1. Prepare





Build out DAG

Move users to Exchange 2013 MBX




E2013 CAS

E2013MBX


legacy.contoso.com


SP/RU

SP/RU

6

28

Exchange 2013 Mailbox Moves

New Migration ServiceProvides additional functionality to orchestrate moves such as batch managementProvides migration reporting Provides retry semantics

New cmdlets New-MigrationBatchGet-MigrationUserStatistics

Also available from EAC

Public Folders Manageability

Exchange 2013 Public Folders• Database-centered architecture replaced by mailbox

Existing Public Folders can be migrated to Exchange 2013 Public Folder Replication is removed End user experience doesn’t change

• Migrate Public Folder users before Public Folders Exchange 2013 users can access Exchange 2010/Exchange 2007

Public Folders Exchange 2010/Exchange 2007 users cannot access Exchange 2013

Public Folders Migration of Public Folders is a cut-over migration Similar to online mailbox moves

Public Folder Migration Process• Analyze existing Public Folders

Tool available to analyze existing Public Folder hierarchy to determine how many Exchange 2013 Public Folder mailboxes are recommended

• Copy Public Folder data Users continue to access existing Public Folder deployment while

data is copied Data migration happens in the background

• Switch clients to Exchange 2013 Public Folders There will be a short downtime while the migration is finalized

Once migration completes, everyone switches at the same time Can switch back, but any post migration Public Folder changes are

lost

Managing Coexistence • Use the Exchange 2013 Administration Center

(EAC) to: Manage Exchange 2013 mailboxes View and update Exchange 2010/2007 mailboxes and properties

(with a few limitations)

Use Exchange 2010/2007 Management Console (EMC) to create mailboxes or perform new operations

Added Tips• Avoid OAB re-downloads• Mailbox size increases• SMTP Mail Flow timing• Prep once using the CU1 bits when available• Use https://testconnectivity.microsoft.com/ a lot• Publishing Exchange 2013 with TMG or UAG

Minor changes around a new logoff URL and Office Apps with Outlook 2013

http://blogs.technet.com/b/exchange/archive/2012/11/21/publishing-exchange-server-2013-using-tmg.aspx







© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

welcome to the exchange 2013 webcast deployment & coexistence

Documents