Exchange 2010 - Upgrade and Deployment

download report

Transcript Exchange 2010 - Upgrade and Deployment

Exchange Server 2010 Upgrade and Deployment

Meelis Nigols koolitaja IT Koolitus

New from Exchange Server 2003 to Exchange Server 2007

• • • • • • • • Shift from front-end/back-end to a scalable role-based architecture 64-bit server support Active Directory Sites replace Routing Groups Autodiscover to automatically configure users Removes Outlook 2007+ need for Public Folders − − Availability Service: Free/Busy information read direct from mailboxes, not from Public Folders Offline Address Book download from Client Access Server New admin tools Unified Messaging: Get voice mail in your inbox New Developer API: Exchange Web Services (EWS)

New from Exchange Server 2007 to Exchange Server 2010

• • • • • Flexible deployment choices − Run Exchange Server on-premises, use Exchange Online, or a hybrid approach High Availability solution for mailbox resiliency − − − − Comprised of database availability group and database copies Provides site resilience and disaster recovery 30-second switchover/failover with simplified admin experience Improves the flexibility in storage choices (SATA disks, JBOD configurations, etc.) − Replaces SCR, LCR, SCC, and CCR from E2007 64-bit management tools support RPC client access and Address Book services − − Improved High Availability solution Outlook MAPI connects directly to Client Access Servers for mailbox-related data and directory requests ExOLEBD, WebDAV, and CDOEx are gone − “Entourage EWS” uses EWS

Collaborate Effectively A familiar and rich Outlook experience across clients, devices, and platforms

Exchange Server 2010 Prerequisites

• • •

Active Directory

• • Windows 2003 SP2 global catalog server is installed in each Exchange Active Directory (AD) site −

No hard requirement

for Windows Server 2008 AD • Windows Server 2003 forest functional level

Exchange

• All Client Access Servers (CAS) and Unified Messaging (UM) servers must have SP2 Existing servers are Exchange 2003 SP2 or Exchange 2007 SP2

Server

• • • • Windows Server 2008 SP2 or R2 64-bit editions (Std/Ent) Windows Management Framework .NET Framework 3.5 SP1 Internet Information Services (IIS)

Starting Setup for Exchange 2010

• • • • • Step-by-step instructions in setup app Setup.com with parameters gives unattended setup Setup provides specific settings for configuring your environment Configure CAS External domain name − Sets ExternalUrl property which aids client configuration E2003 routing group connector: E2003 server

Namespaces and URLs

Outlook Web Access − − − − /exchange, /exchweb, /public Exchange ActiveSync /microsoft-server activesync Outlook Anywhere /rpc POP/IMAP Outlook Mobile Access /oma Outlook Web Access − − − − − /owa Exchange Web Services /ews Offline Address Book /oab Unified Messaging /unifiedmessaging Outlook Mobile Access /oma Clients and SMTP servers Autodiscover /autodiscover Outlook Web Access Outlook Web App Exchange Control Panel − − /ecp Unified Messaging /unifiedmessaging E2003/E2007 services

Deploying SSL Certificates

• • • • Use “Subject Alternative Name” (SAN) certificate which can cover multiple hostnames Site resilience scenario − If leveraging a certificate per datacenter, ensure that the Certificate Principal Name is the same on all certificates Don’t list machine hostnames in certificate hostname list − Use Load Balance (LB) arrays for intranet and Internet access to servers Best practice: Minimize the number of certificates − − 1 certificate for all CAS servers + reverse proxy + Edge/Hub Additional certificate(s) if using Office Communications Server (OCS)

Certificate Creation

1.

2.

3.

4.

Create a Certificate Request file Send Request file to certificate authority you are buying from Use

Import ExchangeCertificate

activate newly acquired certificate to Use

Enable ExchangeCertificate

enable the certificate for use with a particular service to

New-ExchangeCertificate -GenerateRequest -Path c:\certificates\request.req

-SubjectName “c=US, o=contoso Inc, cn=mail1.contoso.com” -DomainName mail.contoso.com, autodiscover.contoso.com, legacy.contoso.com

-PrivateKeyExportable $true

Deploying E2010 Topology Decisions—Split-brain DNS

• • • Best Practice: Use “Split DNS” for Exchange hostnames used by clients Goal: Minimize number of hostnames − − mail.contoso.com for Exchange connectivity on intranet and Internet mail.contoso.com has different IP addresses in intranet/Internet DNS Important: Before moving down this path, be sure to map out all the hostnames (outside of Exchange) that you will want to create in the internal zone

Deploying Exchange 2010 Topology decisions—CAS load balancing

• • • OWA and EWS load balancing require Client  Server affinity − Client-IP based Windows NLB or LB device using cookie-based affinity Tell Autodiscover where to send clients: Configure internalURL and externalURL parameters and virtual directories − Example: Set-WebServicesVirtualDirectory cas2010\ews* ExternalURL https://mail.contoso.com/ews/exchange.asmx

Tell Outlook clients where to go for intranet MAPI access − Use New-ClientAccessArray and set-mailboxdatabase

Deploying Exchange 2010 Topology decisions—CAS load balancing

• • • CAS

AutoDiscoverServiceInternalUri

set to NLB FQDN property should be Ensure the Web Services property

InternalNLBBypassURL

to the Server FQDN is set Configure virtual directory URLs according to this table:

Virtual Directory

/OWA /ECP /Microsoft-Server-ActiveSync

InternalURL

Server FQDN NLB FQDN NLB FQDN

ExternalURL (Internet Facing AD Site)

NLB FQDN NLB FQDN NLB FQDN

ExternalURL (Non-Internet Facing AD Site)

$null $null $null NLB FQDN /OAB /EWS NLB FQDN NLB FQDN NLB FQDN $null $null

Upgrading to Exchange 2010

Internet Facing AD Site • • Start small Gradually add more servers to support scale • • • Internet hostname switch Unified Messaging switch SMTP switch Proxy Internal AD Site E200x Servers • SSL cert purchase • End users don’t see this hostname • Used when new CAS tell clients to talk to legacy environments E200x Servers

Preparation Tools Finding and solving problems before users do

Verify Internet-facing services are set up and configured properly Help determine the cause of performance, mail flow, and database issues Simulate and test how a server responds to e-mail loads Determine overall health of Exchange system and topology

Switching to CAS2010 Preparatory steps

1.

2.

3.

Obtain and deploy a new certificate that includes the required host name values a.

mail.contoso.com

b.

c.

b.

c.

autodiscover.contoso.com

legacy.contoso.com

Upgrade all Exchange servers to Service Pack 2 a.

Enable Integrated Windows Authentication on Exchange 2003 MSAS virtual directory (KB 937031) Install and configure CAS2010 servers a.

Configure InternalURLs and ExternalURLs Enable Outlook Anywhere Configure the Exchange2003URL parameter to be https://legacy.contoso.com/exchange

Switching to CAS2010 Preparatory steps, continued

6.

7.

8.

4.

5.

Join CAS2010 to a load balanced array a.

Create CAS2010 RPC Client Access Service array b.

Ensure MAPI RPC and HTTPS ports are load balanced Install HUB2010 and MBX2010 servers a.

b.

Configure routing coexistence Configure OAB Web-based distribution Create Legacy record in DNS (internal/external) Create Legacy publishing rules in your reverse proxy/firewall solution pointed to FE2003 / CAS2007 array Use ExRCA to verify connectivity for Legacy namespace

Switching to CAS2010 The switchover

legacy… The switchover involves a minor service interruption 1.

2.

3.

4.

5.

6.

Update internal DNS and have Mail and Autodiscover point to CAS2010 array Update/Create Autodiscover publishing rule and point to CAS2010 array Update Mail publishing rules and point to CAS2010 array a.

Remember to update paths with new Exchange 2010 specific virtual directories Reconfigure CAS2007 URLs to now utilize Legacy namespace Disable Outlook Anywhere on legacy Exchange Test that CAS2010 is redirecting/ proxying to CAS2007 (externally and internally) 2 2 autodiscover… mail… ISA 1 E200x SP2 1 2 E2010 CAS+HUB+MBX Clients access E2010 through Autodiscover… and mail… Redirection (legacy…), proxying, and direct access to E2003/E2007

Client Access Upgrade

• • Clients access CAS2010 first Four different things happen for E2003/ E2007 mailboxes

1.

Autodiscover

tells clients to talk to CAS2007

2.

3.

4.

HTTP redirect

to FE2003 or CAS2007

Proxying

of requests from CAS2010 to CAS2007

Direct CAS2010 support

for the service against BE2003 and MBX2007

CAS2010 Service Outlook Web App Exchange ActiveSync E2003/E2007 mailbox treatment

Redirect (with Single Sign-On for Forms-Based Authentication) • E2007: Autodiscover and redirect (WM6.1 and newer), Proxying (WM6 and older, all non-Microsoft) • E2003: Direct CAS2010 support Direct CAS2010 support

Outlook Anywhere, OAB, and Autodiscover Exchange Web Services POP/IMAP

Autodiscover E2007:Proxy E2003: Direct CAS2010 support

• • •

SMTP Transport Upgrade

Internet SMTP Servers E2010 Edge

Step 4:

Install Edge 2010 E2007 Edge

Step 5:

Switch Internet e-mail submission to Edge 2010

Step 3:

Switch Edgesync +SMTP to go to HUB2010 E2007 HUB

Step 1:

Upgrade existing E2003 and E2007 servers to SP2 E2003 Bridgehead

Step 2:

Install HUB and MBX 2010 E2010 HUB E2003 Back-End E2010 MBX E2007 MBX

Unified Messaging Upgrade

Will find proper UM server

Step 2:

Route IP GW/PBX calls to UM 2010 for dial plan

Step 3:

Remove UM 2007 after mailboxes have been moved

Step 1:

Introduce UM 2010 to existing dial plan

Public Folders

• • • • − − − Co-existence support between mailbox server 2010 and mailbox server 2003/2007 Outlook can read mailbox from one Exchange version (such as 2010) and public folder from another (such as 2003/2007) OWA 2010 will allow access to public folders with replica in mailbox server 2010 Get-PublicFolderStatistics help take action Move Delete Migrate to SharePoint

Service Level Agreement Service availability during migration

Availability

95% 99% 99.9% 99.99% 99.999% (“five nines”) 99.9999%

Yearly Downtime allowed w/

24-hour day 8-hour d ay 438 h (18.25 d) 87.6 h (3.65 d) 8.76 h 52.56 min 5.256 min 31.536 sec 145.6 h (6.07 d) 29.12 h (1.21 d) 2.91 h 17.47 min 1.747 min 10.483 sec • 1GB mailbox could take 90 minutes or more to move − Pain: User is disconnected for the duration − Pain: Your SLA for availability is not met

Online Move Mailbox Minimal disruption

Client Access Server E-mail Client • • • − − − Sending messages Receiving messages Accessing entire mailbox Mailbox Server 1 Mailbox Server 2

Key Takeaways

• • • Exchange 2007 Service Pack 2 introduces new functionality and is required for coexistence with Exchange 2010 Upgrading server roles is seamless and without impact to end users Online mailbox moves improves mailbox data migration by significantly reducing the user outage window

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Forefront, Outlook, Windows, Windows Mobile, Windows Server, and other product names are or may be registered trademarks and/or trademarks of Microsoft Corporation in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.