martin coetzer technical consultant microsoft session code: unc310
TRANSCRIPT
Microsoft Exchange Server 2010 Transition and Deployment
Martin CoetzerTechnical ConsultantMicrosoftSession Code: UNC310
New from E2003 to E2007Front-End/Back-End ->Client Access/Mailbox/Hub Transport/Edge Transport/Unified Messaging64bit servers onlyAD Sites replace Routing GroupsAutodiscoverRemoves Outlook 2007+ need for Public Folders
Availability Service: Free/Busy information read direct from mailboxes, not from Public FoldersOffline Address Book download from Client Access Server
New admin toolsExchange Management Console (EMC) and Powershell
Unified Messaging – Voice mail in your inboxNew Developer API: Exchange Web Services (EWS)
New from E2007 to E2010Run Exchange Server yourself, or use Exchange Online?High Availability solution for mailboxes isDatabase Availability Groups (DAG)
Also provides site resilience and disaster recovery30sec fail-over with simplified admin experienceWorks with cheap discs (eg. SATA and JBOD)Replaces SCR, LCR, SCC and CCR from E2007
EMC is 64bit onlyRPC Client Access service
Improved High Availability solution: Outlook MAPI connects directly to Client Access Servers
ExOLEBD, WebDAV and CDOEx are gone“Entourage EWS” uses EWS
Transition in a Nutshell
Internet facing AD Site
Internal AD Site
Inte
rnet
FE, BE, CAS, HUB, UM, MBX 2003 or 2007
CAS, HUB, UM,MBX 2010
Upgrade Internet facing sites first
Upgrade Internal sites second
CAS, HUB, UM, MBX
Deploy E2010 serversCAS first; MBX last• Start with a few•Gradually add more servers
as you move mailboxes
2
https://legacy.contoso.com
Move • Internet hostnames to CAS2010•UM phone number to UM2010• SMTP end point to HUB2010
4
Move Mailboxes5
CAS-CASproxy
Upgrade existing servers to SP2
1‘Legacy’ hostname for old FE/CAS• SSL cert purchase• End Users don’t see this hostname• Used when autodiscover and
redirection from CAS2010 tell clients to talk to FE2003/CAS2007 for MBX2003/MBX2007 access
3
https://mail.contoso.com
https://autodiscover.contoso.com
Decommission old servers
6
E2010 TopologyPrerequisites
Active DirectoryWindows 2003 SP2 global catalog server (or later) in each Exchange AD site
No hard requirement for Windows Server 2008 Active Directory (AD)
Windows Server 2003 forest functional level
ExchangeUpgrade to E2003 SP2+ and E2007 SP2+ before E2010
E2010 Installation Prerequisites
Windows Server 2008 SP2 or R2 64-bit editionsStandard, Enterprise or Datacenter Edition
Windows PowerShell v2.0.NET Framework 3.5 Windows Remote Management v2.0Internet Information Services (IIS)See http://technet.microsoft.com/en-us/library/bb691354(EXCHG.140).aspx
Demo TopologyHostnames and services exposed to Internet
E2003mail.contoso.com
Outlook Web Access/owa
Exchange Web Services/ews
Offline Address Book/oab
Unified Messaging/unifiedmessaging
Outlook Mobile Access/oma
autodiscover.contoso.comAutodiscover
/autodiscover
E2010 updatesmail.contoso.com
Outlook Web Access/exchweb
Exchange Control Panel/ecp
Unified Messaging/unifiedmessaging
legacy.andaker.comE2003/E2007 services
mail.contoso.comOutlook Web Access
/exchange, /exchweb, /public
Exchange ActiveSync/microsoft-server-activesync
Outlook Anywhere/rpc
POPIMAPSMTP
For clients and SMTP servers
Outlook Mobile Access/oma
E2007 updates
Remote Connectivity Analyzerhttps://www.testexchangeconnectivity.com/In BetaTest
Exchange ActiveSync (EAS)Outlook Anywhere (RPC/HTTP)AutodiscoverSMTP…more will come…
Use it at every step of transition
Remote Connectivity AnalyzerYour best friend while transitioninghttps://www.testexchangeconnectivity.com/
demo
SetupStep-by-step instructions in setup appSetup.exe with parameters gives unattended setupTry it this week – Hands on Lab
UNC14H–“Microsoft Exchange Server 2010Setup and Deployment”
Configure E2010Your preferred configurationExternal CAS hostname: mail.andaker.com
externalUrl parameter. Determines autodiscover config for clients.
E2003 routing groupconnector: E2003 server
Deploying E2010Topology Decisions – SSL Certificates
Best practice: minimize the number of certificates1 certificate for all CAS servers + reverse proxy + Edge/HUB
Use “Subject Alternative Name” (SAN) certificate which can cover multiple hostnames
Don’t list machine hostnames in certificate hostname listUse Load Balance (LB) arrays for intranet and Internet access to servers
Deploying E2010Topology Decisions – CAS Load Balancing
Best Practice: Use “Split DNS” for Exchange hostnames used by clients. Goal: minimize number of hostnames
mail.contoso.com for Exchange connectivity on intranet and Internetmail.contoso.com has different IP addresses in intranet/Internet DNS
OWA and EWS load balancing require Client<->Server affinityClient-IP based Windows NLB or LB device using cookie based affinity
Tell Autodiscover where to send clients: configure internalURL and externalURL parameters and on virtual directories
Eg. Set-owaVirtualDirectoryTell Outlook clients where to go for intranet MAPI access
Use New-clientaccessarray
CertificatesStep by stepNew-ExchangeCertificate
-GenerateRequest-Path c:\certificates\request.req-SubjectName "c=ZA, o=Contoso Inc, cn=mail1.contoso.com“-DomainName mail.contoso.com, autodiscover.contoso.com, legacy.contoso.com-PrivateKeyExportable $true
1. Creates a Certificate Request file
2. Send Request file to certificate authority you are buying from
3. Use import-ExchangeCertificate to make Exchange use the certificate you get back
Switching to E2010 CASPrepare
1. Configure reverse proxy (eg. ISA) or external DNS to• Point legacy.andaker.com to FE2003/CAS2007
2. Transition from E2003: Ensure OWA can redirect user to correct URL• Configure Exchange2003URL parameter on CAS2010 OWA virtual
directory
4. Test before the plunge• legacy.contoso.com works for Internet access
Switching to E2010 CASThe plunge4. Transition from E2007: Tell CAS2010
how to send users to CAS2007• Configure externalURL parameters
on CAS2007 virtual directories (OWA, EAS, EWS, OAB etc.) to point to legacy.andaker.com
• Test that CAS2010 is redirecting/proxying to CAS2007
5. Configure reverse proxy (eg. ISA) or DNS• Switch mail.andaker.com to go to
E2010 CAS and Edge/Hub• Users will start using E2010• No service interruption, except current
sessions will be cut off
ISA
E2003 SP2FE/BE
E2010 CAS+HUB+MBX
autodiscover…mail…
1
2
2
1 Clients access E2010 through Autodiscover… and mail…
Redirection (legacy…), proxying and direct access to E20032
legacy…
Client Access TransitionClients access CAS2010 firstFour different things happen for E2003/E2007 mailboxes1. Autodiscover tells clients
to talk to CAS20072. HTTP redirect to FE2003 or
CAS20073. Proxying of requests from
CAS2010 to CAS20074. Direct CAS2010 support
for the service against BE2003 and MBX2007
CAS2010 Service
E2003/E2007 mailbox treatment
OWA Redirect (with Single Sign-On for Forms-Based Authentication)
EAS •E2007: Autodiscover & redirect (WM6.1 and newer), Proxying (WM6 and older, all non-Microsoft)•E2003: Direct CAS2010 support.•Clients which use new EAS2010 features need to re-sync
Outlook Anywhere & OAB
Direct CAS2010 support
Autodiscover Direct CAS2010 supportEWS AutodiscoverPOP/IMAP E2007:Proxy
E2003: Direct CAS2010 support
AD Site
SMTP transporttransitionFollow this flow for each physical locationEdge servers are optionalEdge2007 SP2 can be used with HUB2010
E2003 Routing Group
E2003Bridgehead
E2003Back-End
E2010HUB
E2010MBX
E2007HUB
E2007MBX
E2010 Edge E2007 EdgeUpgrade existing E2003 and E2007
servers to SP2
1
Install HUB and MBX 2010
2
Switch Edgesync +
SMTP to go to HUB2010
3
Internet SMTP Servers
Install Edge 2010
4
Switch Internet email submission to Edge2010
4
Unified Messaging TransitionWith private branch exchange/gateways (PBX/GWs): One Dial Plan, Redirect
Step 1: Introduce UM 2010 to existing dial plan
Step 2: Route IP GW/PBX calls to UM 2010 for dial plan
Step 3:Remove UM 2007 after UM-enabled mailboxes have been moved
Step 1: Introduce UM 2010 with new dial plan, OVA#
Step 2: Remove UM 2007 after UM-enabled mailboxes have been moved
With Office Communications Server:
2 Dial Plans, Direct
Service Level AgreementService availability during transition
1GB mailbox could take 90 minutes to movePain: User is disconnected for durationPain: Your SLA for availability is not met
Availability Yearly Downtime allowed w/24-hour day 8-hour day
90% 876 h (36.5 d) 291.2 h (12.13 d)95% 438 h (18.25 d) 145.6 h (6.07 d)99% 87.6 h (3.65 d) 29.12 h (1.21 d)
99.9% 8.76 h 2.91 h99.99% 52.56 min 17.47 min
99.999% (“five nines”) 5.256 min 1.747 min99.9999% 31.536 sec 10.483 sec
E-Mail Client
Mailbox Server 1 Mailbox Server 2
Client Access Server
Online Move Mailbox Minimal User Disruption
Users remain online while mailboxes are moved
At end of move:User is briefly disconnected as recently received messages are copied overClient autodiscovers new database location
Administrators can perform migration and maintenance during regular hoursOnline:
E2007, E2010 -> E2010, Exchange OnlineOffline:
E2003 -> E2010
www.microsoft.com/teched
International Content & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources Tech·Ed Africa 2009 sessions will be made available for download the week after the event from: www.tech-ed.co.za
Related ContentMicrosoft Exchange Server 2010 Transition and Deployment (UNC310) High Availability in Microsoft Exchange Server 2010 (UNC301)Unified Messaging in Microsoft Exchange Server 2010 (UNC311)Microsoft Exchange Server 2010 Management Tools (UNC309)Storage in Microsoft Exchange Server 2010 (UNC312) Microsoft Hyper-V: Dos and Don'ts for Microsoft Exchange Server 2007 SP1 and 2010 (VIR308) Archiving and Retention in Microsoft Exchange Server 2010 (UNC307)
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.