Microsoft Exchange Server 2010 Transition and Deployment

Martin CoetzerTechnical ConsultantMicrosoftSession Code: UNC310

New from E2003 to E2007Front-End/Back-End ->Client Access/Mailbox/Hub Transport/Edge Transport/Unified Messaging64bit servers onlyAD Sites replace Routing GroupsAutodiscoverRemoves Outlook 2007+ need for Public Folders

Availability Service: Free/Busy information read direct from mailboxes, not from Public FoldersOffline Address Book download from Client Access Server

New admin toolsExchange Management Console (EMC) and Powershell

Unified Messaging – Voice mail in your inboxNew Developer API: Exchange Web Services (EWS)

New from E2007 to E2010Run Exchange Server yourself, or use Exchange Online?High Availability solution for mailboxes isDatabase Availability Groups (DAG)

Also provides site resilience and disaster recovery30sec fail-over with simplified admin experienceWorks with cheap discs (eg. SATA and JBOD)Replaces SCR, LCR, SCC and CCR from E2007

EMC is 64bit onlyRPC Client Access service

Improved High Availability solution: Outlook MAPI connects directly to Client Access Servers

ExOLEBD, WebDAV and CDOEx are gone“Entourage EWS” uses EWS

Transition in a Nutshell

Internet facing AD Site

Internal AD Site

Inte

rnet

FE, BE, CAS, HUB, UM, MBX 2003 or 2007

CAS, HUB, UM,MBX 2010

Upgrade Internet facing sites first

Upgrade Internal sites second

CAS, HUB, UM, MBX

Deploy E2010 serversCAS first; MBX last• Start with a few•Gradually add more servers

as you move mailboxes

2

https://legacy.contoso.com

Move • Internet hostnames to CAS2010•UM phone number to UM2010• SMTP end point to HUB2010

4

Move Mailboxes5

CAS-CASproxy

Upgrade existing servers to SP2

1‘Legacy’ hostname for old FE/CAS• SSL cert purchase• End Users don’t see this hostname• Used when autodiscover and

redirection from CAS2010 tell clients to talk to FE2003/CAS2007 for MBX2003/MBX2007 access

3

https://mail.contoso.com

https://autodiscover.contoso.com

Decommission old servers

6

Exchange 2007 Service Pack 2

A prerequisite for transitions to Exchange 2010

announcing

E2010 TopologyPrerequisites

Active DirectoryWindows 2003 SP2 global catalog server (or later) in each Exchange AD site

No hard requirement for Windows Server 2008 Active Directory (AD)

Windows Server 2003 forest functional level

ExchangeUpgrade to E2003 SP2+ and E2007 SP2+ before E2010

E2010 Installation Prerequisites

Windows Server 2008 SP2 or R2 64-bit editionsStandard, Enterprise or Datacenter Edition

Windows PowerShell v2.0.NET Framework 3.5 Windows Remote Management v2.0Internet Information Services (IIS)See http://technet.microsoft.com/en-us/library/bb691354(EXCHG.140).aspx

Supported client access methods

Outlook 2003 Outlook 2007Desktop Web Mobile

POP/IMAP

Demo TopologyHostnames and services exposed to Internet

E2003mail.contoso.com

Outlook Web Access/owa

Exchange Web Services/ews

Offline Address Book/oab

Unified Messaging/unifiedmessaging

Outlook Mobile Access/oma

autodiscover.contoso.comAutodiscover

/autodiscover

E2010 updatesmail.contoso.com

Outlook Web Access/exchweb

Exchange Control Panel/ecp

Unified Messaging/unifiedmessaging

legacy.andaker.comE2003/E2007 services

mail.contoso.comOutlook Web Access

/exchange, /exchweb, /public

Exchange ActiveSync/microsoft-server-activesync

Outlook Anywhere/rpc

POPIMAPSMTP

For clients and SMTP servers

Outlook Mobile Access/oma

E2007 updates

Remote Connectivity Analyzerhttps://www.testexchangeconnectivity.com/In BetaTest

Exchange ActiveSync (EAS)Outlook Anywhere (RPC/HTTP)AutodiscoverSMTP…more will come…

Use it at every step of transition

Remote Connectivity AnalyzerYour best friend while transitioninghttps://www.testexchangeconnectivity.com/

demo

SetupStep-by-step instructions in setup appSetup.exe with parameters gives unattended setupTry it this week – Hands on Lab

UNC14H–“Microsoft Exchange Server 2010Setup and Deployment”

Configure E2010Your preferred configurationExternal CAS hostname: mail.andaker.com

externalUrl parameter. Determines autodiscover config for clients.

E2003 routing groupconnector: E2003 server

Deploying E2010Topology Decisions – SSL Certificates

Best practice: minimize the number of certificates1 certificate for all CAS servers + reverse proxy + Edge/HUB

Use “Subject Alternative Name” (SAN) certificate which can cover multiple hostnames

Don’t list machine hostnames in certificate hostname listUse Load Balance (LB) arrays for intranet and Internet access to servers

Deploying E2010Topology Decisions – CAS Load Balancing

Best Practice: Use “Split DNS” for Exchange hostnames used by clients. Goal: minimize number of hostnames

mail.contoso.com for Exchange connectivity on intranet and Internetmail.contoso.com has different IP addresses in intranet/Internet DNS

OWA and EWS load balancing require Client<->Server affinityClient-IP based Windows NLB or LB device using cookie based affinity

Tell Autodiscover where to send clients: configure internalURL and externalURL parameters and on virtual directories

Eg. Set-owaVirtualDirectoryTell Outlook clients where to go for intranet MAPI access

Use New-clientaccessarray

CertificatesStep by stepNew-ExchangeCertificate

-GenerateRequest-Path c:\certificates\request.req-SubjectName "c=ZA, o=Contoso Inc, cn=mail1.contoso.com“-DomainName mail.contoso.com, autodiscover.contoso.com, legacy.contoso.com-PrivateKeyExportable $true

1. Creates a Certificate Request file

2. Send Request file to certificate authority you are buying from

3. Use import-ExchangeCertificate to make Exchange use the certificate you get back

Certificate Wizarddemo

Switching to E2010 CASPrepare

1. Configure reverse proxy (eg. ISA) or external DNS to• Point legacy.andaker.com to FE2003/CAS2007

2. Transition from E2003: Ensure OWA can redirect user to correct URL• Configure Exchange2003URL parameter on CAS2010 OWA virtual

directory

4. Test before the plunge• legacy.contoso.com works for Internet access

Switching to E2010 CASThe plunge4. Transition from E2007: Tell CAS2010

how to send users to CAS2007• Configure externalURL parameters

on CAS2007 virtual directories (OWA, EAS, EWS, OAB etc.) to point to legacy.andaker.com

• Test that CAS2010 is redirecting/proxying to CAS2007

5. Configure reverse proxy (eg. ISA) or DNS• Switch mail.andaker.com to go to

E2010 CAS and Edge/Hub• Users will start using E2010• No service interruption, except current

sessions will be cut off

ISA

E2003 SP2FE/BE

E2010 CAS+HUB+MBX

autodiscover…mail…

1

2

2

1 Clients access E2010 through Autodiscover… and mail…

Redirection (legacy…), proxying and direct access to E20032

legacy…

Switching to E2010 CASdemo

Client Access TransitionClients access CAS2010 firstFour different things happen for E2003/E2007 mailboxes1. Autodiscover tells clients

to talk to CAS20072. HTTP redirect to FE2003 or

CAS20073. Proxying of requests from

CAS2010 to CAS20074. Direct CAS2010 support

for the service against BE2003 and MBX2007

CAS2010 Service

E2003/E2007 mailbox treatment

OWA Redirect (with Single Sign-On for Forms-Based Authentication)

EAS •E2007: Autodiscover & redirect (WM6.1 and newer), Proxying (WM6 and older, all non-Microsoft)•E2003: Direct CAS2010 support.•Clients which use new EAS2010 features need to re-sync

Outlook Anywhere & OAB

Direct CAS2010 support

Autodiscover Direct CAS2010 supportEWS AutodiscoverPOP/IMAP E2007:Proxy

E2003: Direct CAS2010 support

AD Site

SMTP transporttransitionFollow this flow for each physical locationEdge servers are optionalEdge2007 SP2 can be used with HUB2010

E2003 Routing Group

E2003Bridgehead

E2003Back-End

E2010HUB

E2010MBX

E2007HUB

E2007MBX

E2010 Edge E2007 EdgeUpgrade existing E2003 and E2007

servers to SP2

1

Install HUB and MBX 2010

2

Switch Edgesync +

SMTP to go to HUB2010

3

Internet SMTP Servers

Install Edge 2010

4

Switch Internet email submission to Edge2010

4

Unified Messaging TransitionWith private branch exchange/gateways (PBX/GWs): One Dial Plan, Redirect

Step 1: Introduce UM 2010 to existing dial plan

Step 2: Route IP GW/PBX calls to UM 2010 for dial plan

Step 3:Remove UM 2007 after UM-enabled mailboxes have been moved

Step 1: Introduce UM 2010 with new dial plan, OVA#

Step 2: Remove UM 2007 after UM-enabled mailboxes have been moved

With Office Communications Server:

2 Dial Plans, Direct

Service Level AgreementService availability during transition

1GB mailbox could take 90 minutes to movePain: User is disconnected for durationPain: Your SLA for availability is not met

Availability Yearly Downtime allowed w/24-hour day 8-hour day

90% 876 h (36.5 d) 291.2 h (12.13 d)95% 438 h (18.25 d) 145.6 h (6.07 d)99% 87.6 h (3.65 d) 29.12 h (1.21 d)

99.9% 8.76 h 2.91 h99.99% 52.56 min 17.47 min

99.999% (“five nines”) 5.256 min 1.747 min99.9999% 31.536 sec 10.483 sec

E-Mail Client

Mailbox Server 1 Mailbox Server 2

Client Access Server

Online Move Mailbox Minimal User Disruption

Users remain online while mailboxes are moved

At end of move:User is briefly disconnected as recently received messages are copied overClient autodiscovers new database location

Administrators can perform migration and maintenance during regular hoursOnline:

E2007, E2010 -> E2010, Exchange OnlineOffline:

E2003 -> E2010

Online Move Mailboxdemo

question & answer

www.microsoft.com/teched

International Content & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za

Related ContentMicrosoft Exchange Server 2010 Transition and Deployment (UNC310) High Availability in Microsoft Exchange Server 2010 (UNC301)Unified Messaging in Microsoft Exchange Server 2010 (UNC311)Microsoft Exchange Server 2010 Management Tools (UNC309)Storage in Microsoft Exchange Server 2010 (UNC312) Microsoft Hyper-V: Dos and Don'ts for Microsoft Exchange Server 2007 SP1 and 2010 (VIR308) Archiving and Retention in Microsoft Exchange Server 2010 (UNC307)

Complete a session evaluation and enter to win!

10 pairs of MP3 sunglasses to be won

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.