Microsoft Exchange Anywhere Access ADS

Transcript Microsoft Exchange Anywhere Access ADS

Exchange Anywhere Access Solutions Architecture Design Session Name

Title Microsoft

Architecture Design Session

Solution Briefing Summary Vision scope input from solution briefing Solution Overview VPC-based demo View the capabilities in action Show various possibilities Technology Overview Architecture Discussion POC Planning Point out technologies for relevant capabilities Discuss technologies Discuss Architecture Decision Points Develop scope and specifications for POC

Architecture Design Session

Solution Briefing Summary Vision scope input from solution briefing

Summary of Pains and Drivers

tracking with the customer’s

Challenges

• • • • Weakened productivity of mobile workers Competitive pressure to increase sales or improve efficiency Failure of business activities when sales people are out of the office Poor availability of data for mobile workers

Business Drivers

• • • Increase efficiency and flexibility Easily connect to key resources and information while on the road Increase employees’ availability to customers regardless of location • • •

Technical Requirements

Secure, reliable communications via mobile devices Feature-rich application access on mobile devices (like CRM, sales pipeline, and documents) Real-time conferencing capabilities in lieu of face-to-face visits

Architecture Design Session

Solution Briefing Summary Vision scope input from solution briefing Solution Overview VPC-based demo View the capabilities in action Show various possibilities

Instant Messaging (IM) Voice Mail Video Conferencing Telephony Web Conferencing E-mail and Calendaring Audio Conferencing

User Experience

Authentication Administration Storage

User Experience

Authentication Administration Storage Telephony and

User Experience

E-mail and Calendaring Unified Conferencing: Audio, Video, Web Instant Messaging

User Experience

Authentication Administration Storage

User Experience Unified Inbox & Presence

Authentication Administration Storage

User Experience

Authentication Authentication Administration Authentication Administration Storage Storage Compliance

User Experience

Authentication Administration Storage

On-Premises Hybrid In the Cloud

Microsoft Unified Communications

Increased productivity through communications convergence Across Devices PC, Mobile, Web Streamline Communications Increase Efficiency and Flexibility Amplify Protection and Control

Unified Identity, Presence, and Inbox

Authentication

Resources

Compliance

with S+S

Provide a Unified and Extensible Platform

On-Premises, Hybrid, or in the Cloud

Enable Anytime and Anywhere

PC Mobile Web Web

Microsoft Unified Communications Products and Services

E-Mail and Calendaring Security and Compliance Unified Messaging Mobility Conferencing VoIP IM and Presence Conferencing E-mail Security, Compliance, and Continuity On Premise Hosted by Microsoft or by Partners Hosted by Microsoft Hosted by Partners

UC Journey Through Infrastructure Optimization

identify where you are identify where you want to be Basic Dynamic Basic e-mail, file shares, mostly phone based communication Standardized Standard platform for secure e-mail and IM Ad hoc teaming around functions & projects based on IT standards Rationalized Increasing unification of communication channels Fully managed collaboration platform and pervasive access Seamless collaboration across the firewall Federation of communication information and policy

IT is a

cost center

IT is an

Efficient cost center

IT is a

business enabler

IT is a

strategic asset

each stage (where they are,

Identifying Target Maturity Level

Basic Standardized Basic email with no remote access and with limited security Rich mailbox & calendaring Secure, remote, online & offline access Minimal or decentralized IT support Basic AV/AS/AP protection and disaster recovery User inboxes are fully managed by IT Solution supports encryption Public IM/online presence, ad-hoc use for daily business Sporadic use of audio & web conferencing Limited video conferencing capabilities Legacy TDM PBX, traditional phones Limited voice mail and call routing Secure access from inside & outside the firewall Supports peer-to-peer voice & video communications Presence enabled email client Secure web conferencing accessible from remote locations and devices IT-managed video conferencing with limited remote access Highly available hybrid telephony infrastructure Online & offline access to voice mail Managed call routing Rationalized Business continuity with AS/AP and multi-layer AV protection Support advanced policy driven message controls Provisioning for user inboxes Secure IM/online presence accessible from a variety of devices and integrated into enterprise productivity & collaboration platform Persistence group chat Integrated & secure conferencing platform Supports high-quality audio & video Dynamic Seamless business continuity with multiple AV/AS protection Advanced policy control to mobile devices & applications Integration with LOB applications Federation of calendar Supports federation and integration with LOB applications Contextual unified conferencing solution tightly integrated with collaboration infrastructure and LOB applications Remotely accessible collaboration features Encrypted voice infrastructure with unified inbox accessible from PCs, phones, & web browsers Managed storage Presence-based call routing Integrated voice platform for IM/presence; conferencing with LOB applications Auto-remediation, proactive monitoring of call quality Federated identity and presence-based call routing

Anywhere Access

Unified Communication Anywhere Access

Manage Inbox Overload   Enhanced conversation view eases Inbox navigation MailTips help avoid undelivered/misdirected email Enhance Voicemail   Text preview of voicemail messages for faster triage Customizable call handling rules and menu options Collaborate Effectively   Full featured experience across all “three screens” Federation of Free/Busy details with partners

Manage Inbox Overload

Instant Messaging Ignore Conversation Conversation View

Manage Inbox Overload

MailTips in Outlook 2010 MailTips in Outlook Web App

Enhanced Voice Mail

Text Preview of Voice Mail Audio playback Contextual Contact Actions

Enhanced Voice Mail

Managing Call Answer Rules Defining a Custom Voice Mail Menu

Collaborate Effectively

Desktop

Collaborate Effectively

Calendar Sharing Microsoft Federation Gateway Contoso Inc.

Fabrikam Inc.

Exchange Server 2010 Intranet Internet Exchange Server 2010 Intranet

Anywhere Access Clients

Outlook Web App

Calendar Sharing & Subscribing Calendar Publishing Explicit opt-in for both admins and users Admin turns on vdir, enables sharing, and assigns policy User decides to turn on calendar for publishing Server provides URL Public: Discoverable over the Internet Restricted: User must send link Security and data protection Published calendars are completely isolated with a dedicated vdir, separate app pool, and limited HTTP access Throttling prevents excessive requests for published calendars Calendar Subscribing Subscribe to any public calendar Uses iCal standard Server-side storage

Anywhere Access Clients

Exchange ActiveSync

Provides users with full-featured, real-time access to their communications over the air on variety of compatible devices Exchange ActiveSync Direct Push delivers e-mail to device as it arrives Enhanced device control and policies, including user self-service Support for advanced e-mail features ActiveSync uses SSL by default Certificate based authentication Outlook Web App provides user self service options, such as: Remote device wipe Device access logging Device password reset Speech-to-text voice mail preview Conversation View of E-mails

Exchange ActiveSync Benefits

Key User Benefits High fidelity Direct Push email and personal information management (PIM) Know when to schedule a meeting Read your voicemail The company directory is in your pocket SMS from your computer Find any email in your mailbox Message Flagging Remember to tell them you’re on vacation SharePoint® sites & file share access Data Encryption Buy the phone that’s right for you GAL Photo IRM over EAS Quick Actions

Exchange ActiveSync Benefits

Key Administrator Benefits Don’t pay extra for mobile email Don’t risk downtime at the hands of others Grows with you You’ve already got enough to manage Bring law and order to your mobile employees Control your border Lost devices don’t mean leaked information Keep away prying eyes Know what's going on with your users Device choice Connect multiple devices Block/allow via approved device list Approved by device type or by user Device type reported by the device Block an unsupported device Quarantine E-mail sent Administrator approved

Anywhere Access Clients

Exchange ActiveSync

Block/Allow/Quarantine

Scenario:

No Policy No Policy Person Device Anything Unknown Quarantine Allow Block Allow Block Allow

Person

: Is there a special case for this user?

Device

: Are we blocking or allowing this device?

Anything Unknown

: What is done when no policy applies?

Anywhere Access Clients

Exchange ActiveSync

Outlook Anywhere

Provides user to access to their full mailbox with rich outlook features outside the corporate firewall without VPN Provides rich Outlook experience Enables users to access their full mailbox from Internet Users can access their full mailbox including E-mails, calendar, contacts, voice mails, public folders etc.

Provides secure communication without VPN connectivity

Anywhere Access Clients

Voice mail and Unified Messaging

Provides effective to manage and easy access to voicemails wherever you are Consolidation of voicemail in to Universal Inbox Speech-to-text previews of voicemail Effectively manage important calls – call answering rules Text Preview of Voice Mail Users can create customized greetings and call transfer options Protected voicemail Outlook Voice Access Audio Playback Contextual Actions

Exchange Unified Messaging

Outlook Voice Access

Enables users to retrieve e-mail messages from their mailbox using an analog, digital, or mobile telephone Users can interact with their mailbox using touchtone or voice commands Automatic Speech Recognition (ASR) Users can retrieve, listen to, reply to, create, and forward voice or e-mail messages Listen to or change calendar information Send a voice message to a personal contact Can set personal greeting messages Allows user to choose the order to listen to unread voice mail messages, from the oldest message first or the newest message first

Listening to e-mail messages using the Voice User Interface Sending an I'll be late message using the Voice User Interface Sending an I'll be late message using the touchtone interface

Exchange Server 2010 Security

Users External Web Server Exchange Internet External traffic secured with SSL and authentication DMZ HEAD QUARTERS Internal Network Active Directory Secured by default with SSL: Outlook Anywhere, Exchange ActiveSync and Outlook Web App Self-signed certificate installed out of the box Deploy Windows Certificate Services Use a third-party PKI product or CA Remote device wipe Device password policies

Architecture Design Session

Solution Briefing Summary Vision scope input from solution briefing Solution Overview VPC-based demo View the capabilities in action Show various possibilities Technology Overview Architecture Discussion Point out technologies for relevant capabilities Discuss technologies Discuss Architecture Decision Points

Key Deployment Scenarios

Access for everyone / Branch office support: Consider impact of Outlook Web App; Exchange ActiveSync; Outlook Anywhere; Outlook Voice Access; Instant Messaging; and Instant Messaging thru Web client, on users productivity Consider SSL and server placement requirements to provide secure remote access Evaluate mobile device support and purchase options Existing non-Windows Mobile devices: Evaluate the impact of replacing devices Determine if existing devices can be supported by Exchange

Exchange Server 2010 Architecture Overview

Other SMTP Servers I N T E R N E T Enterprise Network Edge Transport Routing Hygiene Applications OWA Protocols ActiveSync, POP, IMAP, RPC / HTTP, MAPI Programmability Web services, Web parts Client Access Hub Transport Routing Policy Mailbox Public Folders Mailbox PBX or VoIP Voice Messaging Fax Unified Messaging

5 server roles – Edge, Hub Transport, UM, Mail and Client Access

Exchange Server 2010 Roles

Client Access Server enables OWA, mobility, web services, and RPC client access Hub Transport enables SMTP email transport Mailbox enables Both mailbox and public folder database hosting Edge Transport role resides in the perimeter network Not required to be part of Active Directory Provides routing hygiene and security Unified Messaging enables Storage of voicemail messages in the Exchange mailbox Flexible deployment options – co-locate or separate Automated provisioning with Windows PowerShell scripting

Architecture Decision Points

Current Infrastructure • Current mobility/mobility-ready technologies Future Infrastructure • Future mobility needs and goals Remote Access • Basic remote access requirements Deployment Application Development • Basic deployment planning • Scope and nature of applications • Development expertise on staff

Architecture Decision Points

Current Infrastructure

What technologies are currently implemented that offer mobility?

What is the current network and office topology?

What are the company drivers and requirements for mobility?

Is there a current PKI infrastructure?

If not, are there plans to implement PKI to support anywhere access?

Is the use of a supported third-party CA under consideration?

Architecture Decision Points

Future Infrastructure

What are the future plans for the network and office topology?

What are the expansion expectations for the next six months, a year, two years, and five years? What types of anywhere access options are needed?

Does everyone need the same type?

Which specific services or resources do you want to provide access to?

Architecture Decision Points

Remote Access

What certificate types will be required and how will they be deployed?

Transitioning from earlier versions (Exchange Server 2003 and 2007) requires additional certificates

OWA/EAS: everything you need is included.

Outlook: need Autodiscover DNS records Outlook Voice Access: requires inbound extension to Exchange Server What other servers will have proxy access provided by Exchange Server?

Architecture Decision Points

Deployment

What devices and device operating systems will be supported?

Do you need to deploy any PKI assets if you’re just doing a pilot of Lync Server 2010 deployment What device policies will need to be configured?

Is over-the-air provisioning required?

Is there any benefit to deploying UAG/TMG 2010 now even if your Exchange Server / unified communications deployment is delayed?

Coordinate with network security / firewall team to provide appropriate tunneling, server access, and server placement.

Architecture Decision Points

Application Development

What applications do you want to enable for mobile access?

Are they your own applications, or third-party tools?

What data types (forms, databases, etc.) does the application need to handle?

Do you have an existing .NET Framework application that you can extend?

Do you need mobile device access only, or Web and desktop / mobile PC access?

What’s your corporate experience with Windows / .NET application development?

Architecture Design Session

POC Planning Sponsor Name Project Timing Goals and Objectives Scope Milestones Risks & Dependencies

Next Steps

  

Solution Development Solution Briefing Architecture Design Session Proof of Concept Proof of Concept

• Assemble resources from the business side and from the IT group • Understand business processes that are being addressed • Gain knowledge about technology infrastructure • Verify the technology roadmap • Review the POC scope and assumptions

This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Appendix Slides…

Improvements in Service Pack 1 & Service Pack2

• • • •

Improved Outlook Web App UI

Simplified UI better optimizes for small screens – e.g., Netbooks Support for calendar printing Support for adding inline images while composing new email Themes and customization support • •

Improved OWA Performance

Long running operations do not block user experience Auto-save drafts while composing new email • • • • •

Better Mobile Experience

Conversation view experience on par with Outlook Web App Photos supported in Global Address List contact card Exchange ActiveSync (EAS) throttling support Information Rights Management support in EAS Block/Quarantine notification to mobile device via EAS Outlook Web App (OWA) Mini A browse-only version of OWA designed for low bandwidth and resolution devices

EAS Policies Exchange Server Standard CAL

• • • • • • • • • •

Allow Mobile OTA Update Mobile OTA Update Mode Configure message formats (HTML or plain txt) Include past email items Email body truncation size HTML email body truncation size Include past calendar items (Duration) Require manual sync while roaming Allow attachment download Maximum attachment size

• • • • • • • • • • • • • •

Minimum number of complex characters Enable password recovery Allow simple password Password expiration (days) Enforce password history Windows file share access Windows SharePoint access Minimum password length Timeout without user input Require password Require alphanumeric password Number of failed attempts Policy refresh interval Allow non-provisionable devices

Color Key

• • •

Exchange 2010 SP1 Exchange 2010 RTM Exchange 2007 SP1

• •

Exchange 2007 RTM Exchange 2003 SP2

• • • • • • • • •

Allow IRM over EAS Require signed SMIME messages Require encrypted SMIME messages Require signed SMIME algorithm Require encrypted SMIME algorithm Allow SMIME encrypted algorithm negotiation Allow SMIME SoftCerts Device encryption Encrypt storage card

EAS Policies Exchange Server Enterprise CAL

• • • •

Disable desktop ActiveSync Disable removable storage Disable camera Disable SMS text messaging

• • • • •

Disable Wi-Fi Disable Bluetooth Disable IrDA Allow internet sharing from device Allow desktop sharing from device

• • • • • • •

Disable POP3/IMAP4 email Allow consumer email Allow browser Allow unsigned applications Allow unsigned CABs Application allow list Application block list Color Key

• • •

Exchange 2010 SP1 Exchange 2010 RTM Exchange 2007 SP1

• •

Exchange 2007 RTM Exchange 2003 SP2