cisntwk-492e - 2profs.net2profs.net/steve/cisntwk492e/ppt/ch07.pdf · cisntwk-492e microsoft...
Post on 10-Feb-2018
230 Views
Preview:
TRANSCRIPT
CISNTWK-492eMicrosoft Exchange Server 2003 Administration
Chapter SevenConfiguring and Managing Exchange
Server
1
ObjectivesObjectives
Understand how and why additional administrative• Understand how and why additional administrative groups should be created
• Understand how and why additional routing groupsUnderstand how and why additional routing groups should be created
• Describe front-end and back-end server configurations
• Describe how to manage virtual servers and virtual di idirectories
2
Configuring and Managing Exchange g g g g gServer
• Organizations usually need additional servers– Greater volume of users may be hosted– Dedicated servers perform specific tasks
• Load-balance processing across serversT ti f i i• Two perspectives for organizing servers– Connectivity
Administrative– Administrative
3
Configuring and Managing Exchange g g g g gServer
• HTTP virtual servers – Grant access and transfer files to client work
stations– Are administered using Internet Services
ManagerManager
4
Administrative GroupsAdministrative Groups
• Administrative groups• Administrative groups– Define admin topology for an Exchange
organizationorganization– Based on geography, department, division, or
function
5
Administrative GroupsAdministrative Groups
• Assigning administrative permissions• Assigning administrative permissions– Is simplified by using administrative groups– Objects created or moved into an admin group– Objects created or moved into an admin group
object inherit its permissions • Four objects may be created in administrativeFour objects may be created in administrative
group– Policies, Routing Groups, Public Folder Trees, g p
Servers
6
Administrative ModelsAdministrative Models
• Three administrative models organize admin• Three administrative models organize admin groups– Centralized, Decentralized, Mixed, ,
• Centralized administrative model:– One group has full control over the Exchange
servers– Routing group need not reflect administrative
topologytopology
7
Administrative ModelsAdministrative Models
• Decentralized administrative model:• Decentralized administrative model:– Each location has a team of Exchange
administrators– Groups are based on geographical or
departmental needs G t i li i bli f ld– Groups can contain policies, servers, public folder trees, and other objects specific to the group
8
9
10
Administrative Groups (continued)Administrative Groups (continued)
• Issues migrating from Exchange Server 5 5 at• Issues migrating from Exchange Server 5.5 at multiple sites:– Forces use of decentralized administrative model – Exchange 5.5 sites are created as separate admin
groups• Mixed administrative model:
– Restricts certain administrative functions Does not create specialization for every function– Does not create specialization for every function
– Create admin groups by function, not department– Combines specialized admin functions and
11
Combines specialized admin functions and geographical factors into one model
12
Activity 7-1: Creating an Administrative Group
• Time Required: 10 to 20 minutes• Objective: Create an additional administrative j
group• Description: Create an additional
administrative group for your organization. By default when you install your first Exchange 2003 d f lt d i i t ti2003 server, a default administrative group called First Administrative Group is created.
13
14
Managing Administrative GroupsManaging Administrative Groups
• Exchange Server 2003 has two modes of operation– Mixed mode: pre-Exchange 2000 Servers are
supportedNative mode: only Exchange 2000 Server and– Native mode: only Exchange 2000 Server and Exchange Server 2003 are supported
15
Mixed ModeMixed Mode• Mixed: the default operation mode for Exchange Server 2003• Mixed mode accommodates Exchange Server 5.5• Exchange 5.5 limits Exchange Server 2003
– Each admin group has only one functional routing groupEach admin group has only one functional routing group– Mailboxes cannot be moved between servers in different
administrative groups– Some System Manager commands do not apply to Exchange– Some System Manager commands do not apply to Exchange
Server 5.5– You cannot edit directory object properties in Active Directory
InetOrgPerson and query based distribution groups are not– InetOrgPerson and query-based distribution groups are not available
16
Native ModeNative Mode
Nati e mode operation• Native mode operation– Exchange Server 2003 is not subject to mixed
mode limitationsmode limitations • Using Exchange Server 2003 you can:
– Enable routing group support– Enable routing group support– Create additional routing groups as necessary
• Native mode drawback:• Native mode drawback:– It cannot work with Exchange Server 5.5 or
lower versions
17
Routing GroupsRouting Groups
R ti h i l ll ti f• Routing group: physical collection of servers• The links between routing groups are assumed
to be slow or unreliableto be slow or unreliable• Connectors join routing groups over slow WAN
links– Costs may be implemented on connectors– Costs enable you to channel physical path
• Target server handles message communication within a routing groupB id h d h dl
18
• Bridgehead server handles message communication among routing groups
Routing Groups (continued)Routing Groups (continued)
• Bridgehead server is designated in each routing g g ggroup
• Routing group connector is used by the b id h d j i ibridgehead server to join routing groups
• Exchange System Manager is used to create separate routing groupsseparate routing groups
• Factors for deciding whether to set up a routing group:g oup– Persistent connectivity– Common Active Directory forest
19
– Relatively high bandwidth
Routing Groups (continued)Routing Groups (continued)
• Place servers prone to failure in separate routing• Place servers prone to failure in separate routing groups
• Place a global catalog server in each routingPlace a global catalog server in each routing group
• Five reasons for dividing Exchange Server 5.5 into multiple routing groups:– Minimum requirements outlined are not met
Messaging path m st be altered to m ltiple hops– Messaging path must be altered to multiple hops– Messages must be queued and sent by schedule– Bandwidth between servers is less than 16 Kbps
20
Bandwidth between servers is less than 16 Kbps– Routing client connections to specific public folder
replicas
Activity 7 2: Creating a Routing GroupActivity 7-2: Creating a Routing Group
• Time Required: 10 to 20 minutes• Objective: Create an additional routing group j g g p
using Exchange System Manager• Description: Create an additional routing
group within your organization. Routing groups help you to control mail flow and public folder
f l Withi ti llreferrals. Within a routing group, all servers communicate and transfer messages directly to one another
21
one another.
22
Activity 7-3: Installing a Server into a New Administrative GroupNew Administrative Group
and Routing Group• Time Required: 90 to 120 minutes• Objective: Install an Exchange Server 2003 j g
server into a second administrative and second routing group.
• Description: With administrative groups already preconfigured, you are prompted during th i t ll ti f t hi hthe installation of any new servers as to which administrative group and routing group you want to install the server into
23
want to install the server into
24
25
26
27
28
29
Front End/Back End ConfigurationsFront-End/Back-End Configurations
• Front-end/back-end configurationg– Tasks are distributed between front-end/back-end
servers• Front-end server duties accept requests from
clientsProxies requests to appropriate back end server– Proxies requests to appropriate back-end server
30
Front End/Back End ConfigurationsFront-End/Back-End Configurations
• Recommended topology for the following:p gy g– Multiple server organizations – Users of Microsoft Outlook Web Access, POP,
IMAP, or Outlook 2003 (using RPC over HTTP)• Front-end server specially configured
N fi ti ti t d i t b k d• No configuration option to designate back-end server
31
Advantages of Front-End/Back-End gConfiguration
Th d t f f t d/b k d• Three advantages of front-end/back-end topology:– Single namespace across organizationSingle namespace across organization
• User need not know name of server hosting mailbox (accessed with Web, POP, or IMAP interface)interface)
– Ability to balance load across servers • Front-end server handles SSLFront end server handles SSL
encryption/decryption • Encryption/decryption offloaded from back-end
servers
32
servers
Advantages of Front-End/Back-End gConfiguration
Abilit t fi ll t t t b k d– Ability to use firewalls to protect back-end• Front-end provides additional layer behind firewall• Front-end hides back-end configurationFront end hides back end configuration• Front-end authenticates mailbox/public folder
requests
33
Front End/Back End FunctionalityFront-End/Back-End Functionality
• Front-end proxies client requests to back-end• Front-end/back-end configuration with a firewallg
– Complex due to communication with Active Directory
– Exchange Server uses DSAccess to detect directory serversDSA LDAP d RPC– DSAccess uses LDAPs and RPCs
– RPCs require many open ports on the firewallHi h b f t i t d it
34
– High number of open ports introduces security issues
Front-End/Back-End Functionality y(continued)
• Front-end/back-end configuration without a firewall:
Helps maintain a single namespace for e mail– Helps maintain a single namespace for e-mail servers
– Scalable using Outlook Web Access, POP, IMAP g , ,
35
Front-End/Back-End Functionality y(continued)
• Using IMAP or POP access: – Client sends log-on request with mailbox name
F t d d t i l ti f ' ilb– Front-end determines location of user's mailbox– Front-end proxies request to back-end– User is authenticated– User is authenticated – Back-end sends results of log-on to front-end– Front-end presents results to userp
36
Activity 7-4: Setting Up a Front-End Server Configuration for POP and OWA AccessConfiguration for POP and OWA Access
• Time Required: 20 to 30 minutes• Objective: Configure a front-end server to act
POP f th E h S 2003as a POP server for the Exchange Server 2003 organization
• Description: Configure the newly installed• Description: Configure the newly installed server that was created in the previous activity as a front-end server for POP access to the organization. This server will accept POP connections and proxy the requests to the back-end server on behalf of the client to
37
back-end server on behalf of the client to retrieve information from the mailbox.
38
Front-End Server Configuration forFront End Server Configuration for POP and OWA Access
• SMTP protocol should be configured on the front-end
• SMTP is used by IMAP and POP clients for outgoing communication
39
Front-End Server Configuration forFront End Server Configuration for POP and OWA Access
• Using Outlook Web Access: – HTTP client requests are sent to the front-end q
server– Front-end server uses Active Directory to isolate
back end serverback-end server – Front-end server forwards request to back-end
server– HTTP host header remains unchanged
40
Front-End Server Configuration for POP and OWA Access
(continued)( )• Exchange Server 2003 improvements for front-
end/back-end configuration:end/back end configuration:– Kerberos authentication – RPC over HTTP: encapsulate RPC within HTTPp– Forms-based authentication
41
Managing HTTP Virtual ServersManaging HTTP Virtual Servers
• IIS: Internet Information Services• IIS: Internet Information Services– Provides transport services to access
folders/mailboxesfolders/mailboxes– Uses Internet protocol (HTTP, POP, or IMAP)
• Exchange integrates with Windows 2000/2003 IISExchange integrates with Windows 2000/2003 IIS
42
Managing HTTP Virtual ServersManaging HTTP Virtual Servers
• Exchange stores configuration in IIS metabase• Exchange stores configuration in IIS metabase• Directory Service Metabase Synchronization
(DS2MB)(DS2MB) – Part of Exchange System Attendant– Replicates configuration changes made in ActiveReplicates configuration changes made in Active
Directory to the metabase– Overrides changes made directly to the IIS g y
metabase
43
Managing HTTP Virtual Servers g g(continued)
• Each HTTP virtual server is represented as a Web site• Default Web site represents default HTTP server • Five important HTTP virtual server directories:• Five important HTTP virtual server directories:
– Exadmin: Web-based administration of the HTTP virtual server– Exchange: used to access mailboxes– ExchWeb: provides calendaring, address book, other functions– OMA: directory to which Outlook Mobile Access users connect to
access Exchange data– Public: used to access the default public folders tree
44
45
Activity 7-5: Configuring an Additional Virtual ServerVirtual Server
• Time Required: 20 to 40 minutes• Objective: Create an additional HTTP virtual j
server to host an additional domain• Description: Create an additional HTTP virtual
server that will be configured to host an additional SMTP domain in three stages. A f th t ill t t th i t lfourth stage will test the new virtual server.
46
47
48
Activity 7-6: Configuring Additional Virtual Directories
• Time Required: 20 to 40 minutes• Objective: Create an additional HTTP virtual j
directory to host an additional domain• Description: Create an additional HTTP virtual
directory that will be configured to host an additional SMTP domain in two stages
49
Activity 7-7: Configuring Connection Values
• Time Required: 10 to 15 minutes• Objective: Walk through the steps outlining j g p g
how to configure connection settings for your HTTP virtual server
• Description: Walk through the steps for how you could configure the connection limits and
ti ti t l f SMTPconnection timeout values for your SMTP virtual server
50
Activity 7-8: Starting and Stopping Virtual Servers and the World WideVirtual Servers and the World Wide
Web Service• Time Required: 10 to 20 minutes• Objective: Walk through the steps outlining j g p g
how to start and stop an HTTP virtual server and the World Wide Web publishing service
• Description: Walk through the steps that you can take to stop and start HTTP virtual servers
ithi E h S 2003 i tiwithin your Exchange Server 2003 organization as well as the World Wide Web publishing service
51
service
SummarySummary
• Administrative groups define admin topologyAdministrative groups define admin topology• Admin groups are based on geography,
department, division, functionp• Three approaches to administrative group
design: centralized, decentralized, mixed• Admin group operation is based on Exchange
Server 2003 mode (native or mixed)• Routing group: collection of servers with high• Routing group: collection of servers with high-
bandwidth connectivity
52
Summary (continued)Summary (continued)
• Routing groups are determined by physicalRouting groups are determined by physical topology
• Connectors join routing groups over slow WAN j g g plinks
• Exchange Server 2003 perceives a single g p grouting group (default)
• Front-end/back-end configuration distributes tasks
• Front-end server receives client requests
53
Summary (continued)Summary (continued)
• Front-end servers proxy requests to back-endFront end servers proxy requests to back end• Front-end servers may or may not fall behind a
firewall• IIS virtual servers provide transport services• Multiple virtual servers require one SSL certificate
for each domain name• HTTP virtual servers run under World Wide Web
Publishing ServicePublishing Service
54
top related