Transcript Slide 0
Information Technology Emory Enterprise Exchange 2007 Tech Talk Information Technology Emory Email Components Email Team General mail flow Active Directory Exchange 2003 Enterprise Exchange 2007 Exchange Email Archiving 1 Information Technology Email Team Jay Flanagan, Manager (also IDM, Security) James Reed, Lead Exchange, Active Directory, LearnLink, Meeting Maker Greg Cooper, Lead Exchange, Active Directory Terry Markert, Senior LearnLink, Exchange, Meeting Maker, Exchange Email Archiving Learning Exchange 2007, Active Directory David Gottschalk, Senior Eagle Mail, Mail Relays, Postini Wes Blalock (entry level) Meeting Maker, Exchange Email Archiving Learning Windows, Unix, Postini, Eagle Mail, Mail Relays, Exchange, Active Directory 2 Information Technology General Mail Flow 3 Information Technology 4 Information Technology Mail Flow 5 Information Technology Inbound Enterprise Exchange 2007 Mail Flow 6 Information Technology Outbound Enterprise Exchange 2007 Mail Flow 7 Information Technology Internal Exchange Mail Flow 8 Information Technology Active Directory 9 Information Technology Emory University AD Site Layout Academic Site Emory.Edu (Empy Root) DC DC ResNet Site Eu.Emory.Edu DC DC DC DC DC DMZ Site Eu.Emory.Edu Eu.Emory.Edu DC DC Admin Site Eu.Emory.Edu HIPAA Site DC DC Eu.Emory.Edu DC DC DC 10 Information Technology Active Directory (cont’d) All Windows 2003 Native mode Required for Exchange to operate Emory University AD Root Domain Emory.Edu (EmoryAD) 2 Servers (AD1, URI) Child Domain EU.Emory.Edu (EmoryUnivAD) 5 Sites based upon firewall Core Admin Site (AD13, AD14, AD15) DMZ Site (AD10, AD11, AD12) Academic Site (AD2, Batman, Robin) ResNet Site (Pasteur) HIPAA Site (AD6, AD7) Emory Enterprise Resource Forest Domain Enterprise.Emory.Net (Enterprise) 2 Sites based upon role seclusion - HIPAA Core FSMO Site (ADRF1, ADRF2) APPS Site (ADRF3, ADRF4, ADRF5) 11 Information Technology Exchange 2003 12 Information Technology University Exchange 2003 Academic Site DMZ Site OWA ISA GOODLINK Exchange Cluster Servers 2 and 4 Emory.Edu (Empy Root) DC DC DNS BH ISA1 OWA Eu.Emory.Edu BH DC DC Eu.Emory.Edu DC GC DC BH DC GC DNS GC DNS BH GC DC DNS BH Admin Site BH BH DC GC DC DC GC Eu.Emory.Edu Exchange Cluster Servers 1 and 3 13 Information Technology Enterprise Exchange 2007 14 Information Technology History of Project Started November 2006 Design Started January 2007 Implementation Started ____________________ Currently Testing with EHC IS Delays 15 Information Technology Enterprise Exchange 2007 16 Information Technology AD Layout for Enterprise Exchange 2007 17 Information Technology Enterprise Exchange 2007 AD Layout Resource AD Forest One way trust between EHC AD Two way trust between EU AD (two way needed for MOM) All accounts from both AD’s will be created Can be used for other MS applications Office Communicator Suite SharePoint 18 Information Technology Client Access for Enterprise Exchange 2007 19 Information Technology Enterprise Exchange 2007 Client Connectivity Outlook 2003 and 2007 – Outlook 2007 required for full functionality Macintosh – examples include Entourage IMAPS clients – examples include Mozilla, Thunderbird, MacMail,Eudora, Outlook Express, other IMAPS clients Outlook Web Access – IE 7 required for full functionality (lightweight version available for other browsers, i.e. FireFox, IE6 and lower, Safari, etc.) Mobile Devices – currently ActiveSync and GoodLink; Blackberry pending governance approval 20 Information Technology Client Functionality Matrix Windows Exchange Clients Outlook 2003/2007 Outlook Web Access IMAPS clients Send/Receive Email Y Y Y Send/Receive Calendar Invitations Y Y N Use Global Address List Y Y Y Public Folder Access Y Y Y* Server-based contacts Y Y N Auto-Archiving Y N N Group Calendar Y Y N Recover Deleted Items Y Y N Work Offline Y N Y * Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do not include this functionality * Information provided from University of Connecticut Web Site 21 Information Technology Client Functionality Matrix Macintosh Exchange Clients Entourage X Outlook Web Access IMAPS clients Send/Receive Email Y Y Y Send/Receive Calendar Invitations Y Y N Use Global Address List Y Y Y Public Folder Access Y Y Y* Server-based contacts Y Y N Auto-Archiving N N N Group Calendar N Y N Recover Deleted Items N Y N Work Offline Y N Y * Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do not include this functionality * Information provided from University of Connecticut Web Site 22 Information Technology Client Functionality Matrix Linux Exchange Clients Outlook Web Access IMAPS clients Send/Receive Email Y Y Send/Receive Calendar Invitations Y N Use Global Address List Y Y Public Folder Access Y Y* Server-based contacts Y N Auto-Archiving N N Group Calendar Y N Recover Deleted Items Y N Work Offline N Y * Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do not include this functionality * Information provided from University of Connecticut Web Site * Ximian current release only supports Exchange 2003, no current TBA from vendor on updates 23 Information Technology Enterprise Exchange 2007 Secure Located in HIPAA core firewall zone Remote access given only on as required basis RSA Keyfob access required for VPN (giving 2 factor auth) Managed security / management policies To be presented for formal approval to HIPAA steering committee in Fall Client connectivity via SSL Except from EHC Citrix VDT 24 Information Technology Enterprise Exchange 2007 (cont’d) Highly Available Redundant Hardware Clusters for Mailbox servers Multiple redundant nodes for other server roles (CAS/HUB/EDGE) 25 Information Technology Enterprise Exchange 2007 SAN SAN Storage Symmetrix DMX 3, RAID 1, 300GB Dedicated spindles for Exchange 96 x 110GB – Databases (12 x active server) 96 x 43GB – Log volumes (12 x active server) 4 x 34GB – Public Folders DB/Logs (2 x cluster) 8 x 172GB – Recovery Volume (1 per active server) 8 x 51GB - Edge Server DB / Logs (2 x server) 8 x 94GB - Hub Server DB / Logs (2 x server) 26 Information Technology Enterprise Exchange 2007 Storage 27 Information Technology Enterprise Exchange 2007 Backups Backups Designed for User self restoration Recover Deleted Items Databases for Disaster Recovery Full backup every x days (TBD, worst case 2 days) Differential (w/log rollup) daily Using EMC snap software and VSS management Using EMC Legato Networker to backup to CDL Up to 17TB CDL storage dedicated for Exchange backups 1 full backup with no compression = estimated 9TB 28 Information Technology Exchange Email Archiving 29 Information Technology Exchange Email Archival Overview Archive product selection under review Provides Exchange archiving / tiered storage Quota based archiving Attachment based archiving Stub attachments and messages Quick retrieval of full message and attachments Stores stub in plain text for minimal footprint End user restorability of deleted messages No storage limits for archived messages (300MB active mailbox limit) Seamless recovery of archived messages 30 Information Technology Exchange Email Archival Overview (cont’d) Search ability Future Compliance searching Currently allows end user search ability to own archive Retention policies Can be used to manage compliance minimums (may eventually come for HIPAA or Sarbanes Oxley) Can expire messages after maximum retention periods 31 Information Technology Exchange Email Archival Overview (cont’d) Targeted Clients Entourage (Macintosh) support Outlook Outlook Web Access IMAP User Access (TBD) 32 Information Technology Enterprise Exchange 2007 Server Layout Servers 12 Mailbox Servers MS Cluster 1 – 4 Active, 2 Passive CMS Names: Exchange10, Exchange11, Exchange12, Exchange13 Contains 6 physical nodes MS Cluster 2 – 4 Active, 2 Passive CMS Names: Exchange20, Exchange21, Exchange22, Exchange23 Contains 6 physical nodes 33 Information Technology Enterprise Exchange 2007 Server Layout (cont’d) Servers 4 Hub Servers MTA Role 4 CAS Servers (Client Access Server) OWA, AccessAnywhere (RPC over HTTPS), ActiveSync, MAPI/RPC, IMAPS 4 Edge Servers (border hygiene) Put in place for potential Mail Relay retirement (no ETA) Non Domain joined for security 34 Information Technology Enterprise Exchange 2007 Resource Accounts Resource accounts available for: Rooms - assigned to a meeting location, such as a conference room, auditorium, or training room Equipment - assigned to a resource that is not location specific, such as a portable computer projector, or microphone Requires designated owner(s) Owners responsible for assigning delegate access for management 35 Information Technology Enterprise Exchange 2007 Sponsored/Department Accounts Current Departments can be approved to have group accounts available for shared group access Sponsored users cannot have personal accounts; however, they can use approved departmental account for department communications Sponsored account limitations Smaller quota Some limited functionality New Update 36 Information Technology Enterprise Exchange 2007 Calendaring Meeting Maker will be decommissioned in August 2008 Outlook Calendaring provides Free/Busy status of both people and resources Assisted scheduling of meetings within Outlook or OWA client Resource Calendars – Rooms, Equipment 37 Information Technology Enterprise Exchange 2007 Existing Data Migration Eagle Mail – server side data migration IMAP mail client – local data user side migration (eg. Contacts, Distribution Lists, Distribution Groups, etc.) Exchange 2003 – server side data migration LearnLink – POP3 user side migration (will remain in use for student interactive services and maintain separate quotas) Departmental Email server – department dependant migration options 38 Information Technology Timeline TBD – awaiting on EHC migration completion 39 Information Technology Questions? 40