Transcript Slide 0
Information Technology
Emory
Enterprise
Exchange
2007
Tech Talk
Information Technology
Emory Email Components
Email Team
General mail flow
Active Directory
Exchange 2003
Enterprise Exchange 2007
Exchange Email Archiving
1
Information Technology
Email Team
Jay Flanagan, Manager (also IDM, Security)
James Reed, Lead
Exchange, Active Directory, LearnLink, Meeting Maker
Greg Cooper, Lead
Exchange, Active Directory
Terry Markert, Senior
LearnLink, Exchange, Meeting Maker, Exchange Email
Archiving
Learning Exchange 2007, Active Directory
David Gottschalk, Senior
Eagle Mail, Mail Relays, Postini
Wes Blalock (entry level)
Meeting Maker, Exchange Email Archiving
Learning Windows, Unix, Postini, Eagle Mail, Mail Relays,
Exchange, Active Directory
2
Information Technology
General Mail Flow
3
Information Technology
4
Information Technology
Mail Flow
5
Information Technology
Inbound Enterprise Exchange 2007 Mail
Flow
6
Information Technology
Outbound Enterprise Exchange 2007 Mail
Flow
7
Information Technology
Internal Exchange Mail Flow
8
Information Technology
Active Directory
9
Information Technology
Emory University
AD Site Layout
Academic
Site
Emory.Edu (Empy Root)
DC
DC
ResNet
Site
Eu.Emory.Edu
DC
DC
DC
DC
DC
DMZ Site
Eu.Emory.Edu
Eu.Emory.Edu
DC
DC
Admin
Site
Eu.Emory.Edu
HIPAA
Site
DC
DC
Eu.Emory.Edu
DC
DC
DC
10
Information Technology
Active Directory (cont’d)
All Windows 2003 Native mode
Required for Exchange to operate
Emory University AD
Root Domain Emory.Edu (EmoryAD)
2 Servers (AD1, URI)
Child Domain EU.Emory.Edu (EmoryUnivAD)
5 Sites based upon firewall Core
Admin Site (AD13, AD14, AD15)
DMZ Site (AD10, AD11, AD12)
Academic Site (AD2, Batman, Robin)
ResNet Site (Pasteur)
HIPAA Site (AD6, AD7)
Emory Enterprise Resource Forest
Domain Enterprise.Emory.Net (Enterprise)
2 Sites based upon role seclusion - HIPAA Core
FSMO Site (ADRF1, ADRF2)
APPS Site (ADRF3, ADRF4, ADRF5)
11
Information Technology
Exchange 2003
12
Information Technology
University Exchange
2003
Academic
Site
DMZ Site
OWA
ISA
GOODLINK
Exchange Cluster
Servers 2 and 4
Emory.Edu (Empy Root)
DC
DC
DNS
BH
ISA1
OWA
Eu.Emory.Edu
BH
DC
DC
Eu.Emory.Edu
DC
GC
DC
BH
DC
GC
DNS
GC
DNS
BH
GC
DC
DNS
BH
Admin
Site
BH
BH
DC
GC
DC
DC
GC
Eu.Emory.Edu
Exchange Cluster
Servers 1 and 3
13
Information Technology
Enterprise
Exchange 2007
14
Information Technology
History of Project
Started November 2006
Design Started January 2007
Implementation Started
____________________
Currently Testing with EHC IS
Delays
15
Information Technology
Enterprise Exchange 2007
16
Information Technology
AD Layout for Enterprise Exchange
2007
17
Information Technology
Enterprise Exchange 2007 AD Layout
Resource AD Forest
One way trust between EHC AD
Two way trust between EU AD
(two way needed for MOM)
All accounts from both AD’s will be created
Can be used for other MS applications
Office Communicator Suite
SharePoint
18
Information Technology
Client Access for Enterprise Exchange 2007
19
Information Technology
Enterprise Exchange 2007 Client
Connectivity
Outlook 2003 and 2007 – Outlook 2007 required
for full functionality
Macintosh – examples include Entourage
IMAPS clients – examples include Mozilla,
Thunderbird, MacMail,Eudora, Outlook Express,
other IMAPS clients
Outlook Web Access – IE 7 required for full
functionality (lightweight version available for
other browsers, i.e. FireFox, IE6 and lower, Safari,
etc.)
Mobile Devices – currently ActiveSync and
GoodLink; Blackberry pending governance
approval
20
Information Technology
Client Functionality Matrix
Windows Exchange
Clients
Outlook 2003/2007 Outlook Web Access IMAPS clients
Send/Receive Email
Y
Y
Y
Send/Receive Calendar
Invitations
Y
Y
N
Use Global Address List
Y
Y
Y
Public Folder Access
Y
Y
Y*
Server-based contacts
Y
Y
N
Auto-Archiving
Y
N
N
Group Calendar
Y
Y
N
Recover Deleted Items
Y
Y
N
Work Offline
Y
N
Y
* Most IMAPS clients will be able to read and post data to public folders, however, there may be some which do
not include this functionality
* Information provided from University of Connecticut Web Site
21
Information Technology
Client Functionality Matrix
Macintosh
Exchange Clients
Entourage X
Outlook Web
Access
IMAPS clients
Send/Receive Email
Y
Y
Y
Send/Receive Calendar
Invitations
Y
Y
N
Use Global Address List
Y
Y
Y
Public Folder Access
Y
Y
Y*
Server-based contacts
Y
Y
N
Auto-Archiving
N
N
N
Group Calendar
N
Y
N
Recover Deleted Items
N
Y
N
Work Offline
Y
N
Y
* Most IMAPS clients will be able to read and post data to public folders, however,
there may be some which do not include this functionality
* Information provided from University of Connecticut Web Site
22
Information Technology
Client Functionality Matrix
Linux Exchange Clients
Outlook Web Access
IMAPS clients
Send/Receive Email
Y
Y
Send/Receive Calendar
Invitations
Y
N
Use Global Address List
Y
Y
Public Folder Access
Y
Y*
Server-based contacts
Y
N
Auto-Archiving
N
N
Group Calendar
Y
N
Recover Deleted Items
Y
N
Work Offline
N
Y
* Most IMAPS clients will be able to read and post data to public folders, however, there may be some
which do not include this functionality
* Information provided from University of Connecticut Web Site
* Ximian current release only supports Exchange 2003, no current TBA from vendor on updates
23
Information Technology
Enterprise Exchange 2007
Secure
Located in HIPAA core firewall zone
Remote access given only on as required basis
RSA Keyfob access required for VPN (giving 2
factor auth)
Managed security / management policies
To be presented for formal approval to HIPAA
steering committee in Fall
Client connectivity via SSL
Except from EHC Citrix VDT
24
Information Technology
Enterprise Exchange 2007 (cont’d)
Highly Available
Redundant Hardware
Clusters for Mailbox servers
Multiple redundant nodes for other server roles
(CAS/HUB/EDGE)
25
Information Technology
Enterprise Exchange 2007 SAN
SAN Storage
Symmetrix DMX 3, RAID 1, 300GB
Dedicated spindles for Exchange
96 x 110GB – Databases (12 x active server)
96 x 43GB – Log volumes (12 x active server)
4 x 34GB – Public Folders DB/Logs (2 x cluster)
8 x 172GB – Recovery Volume (1 per active server)
8 x 51GB - Edge Server DB / Logs (2 x server)
8 x 94GB - Hub Server DB / Logs (2 x server)
26
Information Technology
Enterprise Exchange 2007 Storage
27
Information Technology
Enterprise Exchange 2007 Backups
Backups
Designed for User self restoration
Recover Deleted Items
Databases for Disaster Recovery
Full backup every x days (TBD, worst case 2 days)
Differential (w/log rollup) daily
Using EMC snap software and VSS management
Using EMC Legato Networker to backup to CDL
Up to 17TB CDL storage dedicated for Exchange backups
1 full backup with no compression = estimated 9TB
28
Information Technology
Exchange Email
Archiving
29
Information Technology
Exchange Email Archival Overview
Archive product selection under review
Provides Exchange archiving / tiered storage
Quota based archiving
Attachment based archiving
Stub attachments and messages
Quick retrieval of full message and attachments
Stores stub in plain text for minimal footprint
End user restorability of deleted messages
No storage limits for archived messages
(300MB active mailbox limit)
Seamless recovery of archived messages
30
Information Technology
Exchange Email Archival Overview
(cont’d)
Search ability
Future Compliance searching
Currently allows end user search ability to own
archive
Retention policies
Can be used to manage compliance minimums
(may eventually come for HIPAA or Sarbanes
Oxley)
Can expire messages after maximum retention
periods
31
Information Technology
Exchange Email Archival Overview
(cont’d)
Targeted Clients
Entourage (Macintosh) support
Outlook
Outlook Web Access
IMAP User Access (TBD)
32
Information Technology
Enterprise Exchange 2007 Server Layout
Servers
12 Mailbox Servers
MS Cluster 1 – 4 Active, 2 Passive
CMS Names: Exchange10, Exchange11, Exchange12,
Exchange13
Contains 6 physical nodes
MS Cluster 2 – 4 Active, 2 Passive
CMS Names: Exchange20, Exchange21, Exchange22,
Exchange23
Contains 6 physical nodes
33
Information Technology
Enterprise Exchange 2007 Server Layout
(cont’d)
Servers
4 Hub Servers
MTA Role
4 CAS Servers (Client Access Server)
OWA, AccessAnywhere (RPC over HTTPS),
ActiveSync, MAPI/RPC, IMAPS
4 Edge Servers (border hygiene)
Put in place for potential Mail Relay retirement (no
ETA)
Non Domain joined for security
34
Information Technology
Enterprise Exchange 2007 Resource
Accounts
Resource accounts available for:
Rooms - assigned to a meeting location, such
as a conference room, auditorium, or training
room
Equipment - assigned to a resource that is not
location specific, such as a portable computer
projector, or microphone
Requires designated owner(s)
Owners responsible for assigning delegate
access for management
35
Information Technology
Enterprise Exchange 2007
Sponsored/Department Accounts
Current
Departments can be approved to have group
accounts available for shared group access
Sponsored users cannot have personal
accounts; however, they can use approved
departmental account for department
communications
Sponsored account limitations
Smaller quota
Some limited functionality
New Update
36
Information Technology
Enterprise Exchange 2007 Calendaring
Meeting Maker will be decommissioned in
August 2008
Outlook Calendaring provides Free/Busy
status of both people and resources
Assisted scheduling of meetings within
Outlook or OWA client
Resource Calendars – Rooms, Equipment
37
Information Technology
Enterprise Exchange 2007 Existing Data
Migration
Eagle Mail – server side data migration
IMAP mail client – local data user side
migration (eg. Contacts, Distribution Lists,
Distribution Groups, etc.)
Exchange 2003 – server side data migration
LearnLink – POP3 user side migration (will
remain in use for student interactive services
and maintain separate quotas)
Departmental Email server – department
dependant migration options
38
Information Technology
Timeline
TBD – awaiting on EHC migration
completion
39
Information Technology
Questions?
40