emory enterprise exchange 2007 tech talk
DESCRIPTION
Emory Enterprise Exchange 2007 Tech Talk. Emory Email Components. Email Team General mail flow Active Directory Exchange 2003 Enterprise Exchange 2007 Exchange Email Archiving. Email Team. Jay Flanagan, Manager (also IDM, Security) James Reed, Lead - PowerPoint PPT PresentationTRANSCRIPT
Information Technology
Emory Enterprise Exchange 2007Tech Talk
Information Technology
Emory Email Components
Email Team General mail flow Active Directory Exchange 2003 Enterprise Exchange 2007 Exchange Email Archiving
2
Information Technology
Email Team
Jay Flanagan, Manager (also IDM, Security) James Reed, Lead
Exchange, Active Directory, LearnLink, Meeting Maker
Greg Cooper, Lead Exchange, Active Directory
Terry Markert, Senior LearnLink, Exchange, Meeting Maker, Exchange Email Archiving
Learning Exchange 2007, Active Directory David Gottschalk, Senior
Eagle Mail, Mail Relays, Postini Wes Blalock (entry level)
Meeting Maker, Exchange Email Archiving Learning Windows, Unix, Postini, Eagle Mail, Mail Relays, Exchange, Active Directory
3
Information Technology
General Mail Flow
4
Information Technology
5
Information Technology
Mail Flow
6
Information Technology
Inbound Enterprise Exchange 2007 Mail Flow
7
Information Technology
Outbound Enterprise Exchange 2007 Mail Flow
8
Information Technology
Internal Exchange Mail Flow
9
Information Technology
Active Directory
10
Information Technology
Academic Site
DMZ Site
AdminSite
Emory.Edu (Empy Root)
Eu.Emory.Edu
Eu.Emory.Edu
Eu.Emory.EduEmory University
AD Site Layout
DCDC
DCDC DC
DC DC
DC
DC
DC
DC
HIPAASite
Eu.Emory.Edu
DC DC
ResNetSite
Eu.Emory.EduDC
11
Information Technology
Active Directory (cont’d)
All Windows 2003 Native mode Required for Exchange to operate
Emory University AD Root Domain Emory.Edu (EmoryAD)
2 Servers (AD1, URI) Child Domain EU.Emory.Edu (EmoryUnivAD)
5 Sites based upon firewall Core Admin Site (AD13, AD14, AD15) DMZ Site (AD10, AD11, AD12) Academic Site (AD2, Batman, Robin) ResNet Site (Pasteur) HIPAA Site (AD6, AD7)
Emory Enterprise Resource Forest Domain Enterprise.Emory.Net (Enterprise)
2 Sites based upon role seclusion - HIPAA Core FSMO Site (ADRF1, ADRF2) APPS Site (ADRF3, ADRF4, ADRF5)
12
Information Technology
Exchange 2003
13
Information Technology
Academic Site
DMZ Site
AdminSite
Emory.Edu (Empy Root)
Eu.Emory.Edu
Exchange ClusterServers 1 and 3
Exchange ClusterServers 2 and 4
Eu.Emory.Edu
Eu.Emory.Edu
ISA
ISA1
OWAGOODLINK
University Exchange 2003
OWADC
BHDC
DNS
DC
GC
DCDNS
BH
DCBHGC
DCBH
DCGCBH
DCGC
DNS
DCGC
BHDC
DNS
DCGC
BH
14
Information Technology
Enterprise Exchange 2007
15
Information Technology
History of Project
Started November 2006 Design Started January 2007 Implementation Started ____________________
Currently Testing with EHC IS Delays
16
Information Technology
Enterprise Exchange 2007
17
Information Technology
AD Layout for Enterprise Exchange 2007
18
Information Technology
Enterprise Exchange 2007 AD Layout
Resource AD Forest One way trust between EHC AD Two way trust between EU AD
(two way needed for MOM) All accounts from both AD’s will be created
Can be used for other MS applications Office Communicator Suite SharePoint
19
Information Technology
Client Access for Enterprise Exchange 2007
20
Information Technology
Enterprise Exchange 2007 Client Connectivity
Outlook 2003 and 2007 – Outlook 2007 required for full functionality
Macintosh – examples include Entourage IMAPS clients – examples include Mozilla, Thunderbird, MacMail,Eudora, Outlook Express, other IMAPS clients
Outlook Web Access – IE 7 required for full functionality (lightweight version available for other browsers, i.e. FireFox, IE6 and lower, Safari, etc.)
Mobile Devices – currently ActiveSync and GoodLink; Blackberry pending governance approval
21
Information Technology
Client Functionality Matrix
Windows Exchange Clients Outlook 2003/2007 Outlook Web Access IMAPS clients
Send/Receive Email Y Y Y
Send/Receive Calendar Invitations
Y Y N
Use Global Address List
Y Y Y
Public Folder Access Y Y Y*
Server-based contacts Y Y N
Auto-Archiving Y N N
Group Calendar Y Y N
Recover Deleted Items Y Y N
Work Offline Y N Y
* Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do not include this functionality * Information provided from University of Connecticut Web Site
22
Information Technology
Client Functionality Matrix Macintosh Exchange Clients Entourage X Outlook Web
AccessIMAPS clients
Send/Receive Email Y Y Y
Send/Receive Calendar Invitations
Y Y N
Use Global Address List
Y Y Y
Public Folder Access Y Y Y*
Server-based contacts
Y Y N
Auto-Archiving N N N
Group Calendar N Y N
Recover Deleted Items
N Y N
Work Offline Y N Y
* Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do not include this functionality * Information provided from University of Connecticut Web Site 23
Information Technology
Client Functionality Matrix
Linux Exchange Clients Outlook Web Access IMAPS clients
Send/Receive Email Y Y
Send/Receive Calendar Invitations
Y N
Use Global Address List Y Y
Public Folder Access Y Y*
Server-based contacts Y N
Auto-Archiving N N
Group Calendar Y N
Recover Deleted Items Y N
Work Offline N Y
* Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do not include this functionality * Information provided from University of Connecticut Web Site* Ximian current release only supports Exchange 2003, no current TBA from vendor on updates 24
Information Technology
Enterprise Exchange 2007
Secure Located in HIPAA core firewall zone Remote access given only on as required basis
RSA Keyfob access required for VPN (giving 2 factor auth)
Managed security / management policies To be presented for formal approval to HIPAA steering committee in Fall
Client connectivity via SSL Except from EHC Citrix VDT
25
Information Technology
Enterprise Exchange 2007 (cont’d)
Highly Available Redundant Hardware Clusters for Mailbox servers Multiple redundant nodes for other server roles (CAS/HUB/EDGE)
26
Information Technology
Enterprise Exchange 2007 SAN
SAN Storage Symmetrix DMX 3, RAID 1, 300GB Dedicated spindles for Exchange
96 x 110GB – Databases (12 x active server) 96 x 43GB – Log volumes (12 x active server) 4 x 34GB – Public Folders DB/Logs (2 x cluster) 8 x 172GB – Recovery Volume (1 per active server)
8 x 51GB - Edge Server DB / Logs (2 x server) 8 x 94GB - Hub Server DB / Logs (2 x server)
27
Information Technology
Enterprise Exchange 2007 Storage
28
Information Technology
Enterprise Exchange 2007 Backups
Backups Designed for User self restoration
Recover Deleted Items Databases for Disaster Recovery
Full backup every x days (TBD, worst case 2 days)
Differential (w/log rollup) daily Using EMC snap software and VSS management Using EMC Legato Networker to backup to CDL
Up to 17TB CDL storage dedicated for Exchange backups
1 full backup with no compression = estimated 9TB
29
Information Technology
Exchange Email Archiving
30
Information Technology
Exchange Email Archival Overview Archive product selection under review Provides Exchange archiving / tiered storage Quota based archiving Attachment based archiving
Stub attachments and messages Quick retrieval of full message and attachments Stores stub in plain text for minimal footprint
End user restorability of deleted messages No storage limits for archived messages (300MB active mailbox limit)
Seamless recovery of archived messages31
Information Technology
Exchange Email Archival Overview (cont’d)
Search ability Future Compliance searching Currently allows end user search ability to own archive
Retention policies Can be used to manage compliance minimums (may eventually come for HIPAA or Sarbanes Oxley)
Can expire messages after maximum retention periods
32
Information Technology
Exchange Email Archival Overview (cont’d)
Targeted Clients Entourage (Macintosh) support Outlook Outlook Web Access IMAP User Access (TBD)
33
Information Technology
Enterprise Exchange 2007 Server Layout
Servers 12 Mailbox Servers
MS Cluster 1 – 4 Active, 2 Passive CMS Names: Exchange10, Exchange11, Exchange12, Exchange13
Contains 6 physical nodes MS Cluster 2 – 4 Active, 2 Passive
CMS Names: Exchange20, Exchange21, Exchange22, Exchange23
Contains 6 physical nodes
34
Information Technology
Enterprise Exchange 2007 Server Layout (cont’d)
Servers 4 Hub Servers
MTA Role 4 CAS Servers (Client Access Server)
OWA, AccessAnywhere (RPC over HTTPS), ActiveSync, MAPI/RPC, IMAPS
4 Edge Servers (border hygiene) Put in place for potential Mail Relay retirement (no ETA)
Non Domain joined for security
35
Information Technology
Enterprise Exchange 2007 Resource Accounts
Resource accounts available for: Rooms - assigned to a meeting location, such as a conference room, auditorium, or training room
Equipment - assigned to a resource that is not location specific, such as a portable computer projector, or microphone
Requires designated owner(s) Owners responsible for assigning delegate access for management
36
Information Technology
Enterprise Exchange 2007 Sponsored/Department Accounts
Current Departments can be approved to have group accounts available for shared group access
Sponsored users cannot have personal accounts; however, they can use approved departmental account for department communications
Sponsored account limitations Smaller quota Some limited functionality
New Update
37
Information Technology
Enterprise Exchange 2007 Calendaring
Meeting Maker will be decommissioned in August 2008
Outlook Calendaring provides Free/Busy status of both people and resources
Assisted scheduling of meetings within Outlook or OWA client
Resource Calendars – Rooms, Equipment
38
Information Technology
Enterprise Exchange 2007 Existing Data Migration
Eagle Mail – server side data migration IMAP mail client – local data user side migration (eg. Contacts, Distribution Lists, Distribution Groups, etc.)
Exchange 2003 – server side data migration LearnLink – POP3 user side migration (will remain in use for student interactive services and maintain separate quotas)
Departmental Email server – department dependant migration options
39
Information Technology
Timeline
TBD – awaiting on EHC migration completion
40
Information Technology
Questions?
41