SESSION CODE: EXL310 Colin Lee MCM/A – Exchange Practice Executive – UC Dell Sofiane Behraoui MCM – Exchange Practice Lead – GICS Dell ANZ UPGRADING TO EXCHANGE 2010 (c) 2011

Download Report

Transcript SESSION CODE: EXL310 Colin Lee MCM/A – Exchange Practice Executive – UC Dell Sofiane Behraoui MCM – Exchange Practice Lead – GICS Dell ANZ UPGRADING TO EXCHANGE 2010 (c) 2011 

SESSION CODE: EXL310
Colin Lee
MCM/A – Exchange
Practice Executive – UC
Dell
Sofiane Behraoui
MCM – Exchange
Practice Lead – GICS
Dell ANZ
UPGRADING TO EXCHANGE 2010
(c) 2011 Microsoft. All rights reserved.
Session Objectives and Takeaways
► Session Objectives
–
–
–
–
What’s new in Exchange 2010
Transition and Migration to Exchange 2010
Take in the Best Practices for deployment
Tips and Tricks to help streamline the process
► Upgrade to Exchange 2010 can be done with no
significant user access downtime
► Planning and Preparation will help you succeed
► Use the Tools
New from E2003 to E2007
► Front-End / Back-End ->CAS / MBX / HUB / EDGE / UM
► 64bit servers support
► Active Directory Sites replace Routing Groups
► Autodiscover to automatically configure clients
► Removes Outlook 2007+ need for Public Folders
– Availability Service: Free/Busy information read direct from
mailboxes, not from Public Folders
– Offline Address Book download from Client Access Server
► New admin tools
– Exchange Management Console (EMC) and Powershell
► Unified Messaging: Get voice mail in your inbox
► New Developer API: Exchange Web Services (EWS)
New from E2007 to E2010
► Exchange 2010: On-Premise, Office365 or Hybrid
► High Availability: Database Availability Groups (DAG)
–
–
–
–
Provides HA and disaster recovery
30-second fail-over with simplified admin experience
Flexibility in storage choices (SATA disks, JBOD, etc.)
Replaces SCC, SCR, LCR, and CCR from E2007
► 64bit management tool support
► RPC Client Access and Address Book service
– Improved High Availability solution
– Outlook MAPI connects directly to Client Access Servers
► ExOLEDB, WebDAV and CDOEx are gone
– “Entourage EWS” uses EWS
Exchange Server 2010 Prerequisites
► Active Directory
– Windows 2003 SP2 GC server is installed in each Exchange Active Directory
(AD) site
• No hard requirement for Windows Server 2008 AD
– Windows Server 2003 forest functional level
– TIP: Windows Server 2008 RODC is cannot replace an GC
► Exchange
– All Legacy Exchange CAS and UM servers must have SP2
– Existing servers are Exchange 2003 SP2 or Exchange 2007 SP2. No Exchange
2000 or older servers.
► To install Exchange 2010 on a machine
–
–
–
–
Windows Server 2008 SP2 or R2 64-bit editions (Std/Ent)
Windows Management Framework
.NET Framework 3.5 SP1
Internet Information Services (IIS)
► TIP: Use Windows Server 2008 R2 SP1 – Supported and
Recommended
– Hotfixes are rolled into SP1
Exchange Server 2010 Updates
► Latest SP1 update
– Update Rollup 4 for Exchange Server 2010 SP1 (14.1.323.6)
• Re-Released July 27, 2011 (MSKB 2579150)
► Latest RTM update
– Update Rollup 5 for Exchange Server 2010 (14.0.726.0)
• Released December 13, 2010 (MSKB 2407113)
► See TechNet Wiki for more info http://social.technet.microsoft.com/wiki/contents/arti
cles/exchange-server-and-update-rollups-buildsnumbers.aspx
Setup – New Experience (SP1)
► Install required Windows Roles and Features
► RTM -> SP1 Upgrade
– Setup.com /m:upgrade /installwindowscomponents
Setup – New GUI Experience (SP1)
►Apply strict split permissions security model
– Typically used by large orgs that completely
separate responsibility for management of
Exchange and Active Directory between
different groups of people
– Removes ability for Exchange servers and
admins to create Active Directory objects, such
as users, groups and contacts, as well as the
ability to manage non-Exchange attributes on
those objects
Outlook 2003 with Exchange 2010
► Fully Supported
– Outlook 2003 by default does not turn on encryption for
client – server communication
– Outlook 2007/2010 – on by default
► Encryption Options
– Option 1: Turn of encryption for client communication
• Set-rpcClientAccess –server{servername} –encryptionRequired $False
– Option 2: Turn on encryption at the client manually or with
Group Policies
• MSKB 2006508
► Outlook 2003 performance – UDP on Exchange 2010
– Requires Exchange 2010 SP1 RU3 or above
(c) 2011 Microsoft. All rights reserved.
Upgrading to Exchange 2010
Internet Facing AD Site
Upgrade Internet-facing
sites FIRST
2
Deploy E2010 Servers
• Start small
• Gradually add more servers to
support scale
4
Move Infra Pointers
• Internet hostname switch
• Unified Messaging switch
• SMTP switch
Internal AD Site
Internet
Proxy
3
5
Move Mailboxes
E200x Servers
Legacy hostnames for
old FE/CAS
• SSL cert purchase
• End users don’t see this
hostname
• Used when new CAS tell
clients to talk to legacy
environments
1
Upgrade servers to SP2
E200x Servers
Decommission old servers
Upgrade Internal sites NEXT
Useful Tools and Scripts
(c) 2011 Microsoft. All rights reserved.
Preparation Tools
Finding and solving problems before users do
Focus on overall topology readiness
Provides customised instructions for
upgrading to Exchange 2010
Help determine the cause of performance,
mail flow, and database issues
Remote Connectivity Analyzer
Simulate and test how a server responds
to e-mail loads
Determine overall health of Exchange system
and topology
Exchange Server Deployment Assistant
Exchange Server Deployment Assistant
is your Best Friend
(c) 2011 Microsoft. All rights reserved.
Mailbox Assistants Troubleshooter (SP1)
► Mailbox Assistants perform event-based and time-based
functions (e.g., free/busy, resource booking, conversations,
calendar repair, etc.)
► Test-AssistantHealth can be used to verify the health of
the Microsoft Exchange Mailbox Assistants services, to
recover from health issues, and to report on the diagnosis
or recovery action
► Includes ResolveProblems parameter which can
– Start the service if it is not running
– Restart the service if it is hung or deadlocked for more than 15
minutes
Database Log Growth Troubleshooter (SP1)
► Troubleshoot-DatabaseSpace.ps1 detects
excessive log growth issues and takes action
► By default
– Runs every 15 minutes to determine available free
space
– If free space < 25%, tools runs an algorithm to
determine if excessive log growth is cause
• If it is cause, the tool quarantines or throttles mailboxes
causing excessive growth, as appropriate
► Defaults defined in StoreTSConstants.ps1
Database Latency Troubleshooter (SP1)
► Troubleshoot-DatabaseLatency.ps1 used by SCOM,
but can be used outside of SCOM as a schedule task
– Defaults defined in StoreTSConstants.ps1
► Checks for database latencies above value of
LatencyThreshold (default is 70 ms)
► Checks disk’s transfer rate against read rate and read
latency performance counters
► Checks to see if any user is using more than one
thread for duration of TimeInServerThreshold (default
is 10 min)
Database Latency Troubleshooter (SP1)
► Disk’s transfers-per-second rate <
DiskReadRateThreshold
► Disk’s seconds-per-transfer rate >
DiskReadLatencyThreshold
– If both conditions are true, it indicates that disk has
high latency under low load, which often means the
disk is going bad and needs replacing
► User using more than one thread for duration of
TimeInServerThreshold
– Mailbox quarantined for 6 hours
Getting All Logon Statistics from Outlook
► Use Get-LogonStatistics to retrieve data such as
logon time, last access time, client version, and
adapter speed
– Get-LogonStatistics -Server <ServerName>
► By default, Outlook 2010 and Outlook 2007 SP3 don’t
transmit IP address, MAC address, username or
machine name because it is considered PII (privacy)
– Check “Enable troubleshooting logging” checkbox or add
registry entry to Outlook client to get this info
–
–
HKCU\Software\Policies\Microsoft\Office\14.0\Outlook\CancelRPC\EnablePerfTr
acking
HKCU\Software\Microsoft\Office\14.0\Outlook\CancelRPC\EnablePerfTracking
DWORD, Value: 0x00000028
Deployment Considerations
(c) 2011 Microsoft. All rights reserved.
Deploying Exchange 2010
Topology decisions
► Deploy Multiple Role Servers
– CAS/HUB/MBX collocated
– Even in Virtualised environments
► Deploy an CAS array
– Use hardware load balancer
• Note: Virtual equivalents are also available (F5, Kemp, etc)
► Look at flexible storage options
– DAS, SAS, SATA – JBOD configurations
► Leverage DAG for HA and DR
– They are separate scenarios
(c) 2011 Microsoft. All rights reserved.
Namespaces and URLs
Outlook Web Access
– /exchange,
/exchweb, /public
Exchange ActiveSync
– /microsoft-serveractivesync
Outlook Anywhere
– /rpc
POP/IMAP
Outlook Mobile Access
– /oma
Clients and SMTP servers
Outlook Web Access
– /owa
Exchange Web Services
– /ews
Exchange Control Panel
– /ecp
Unified Messaging
– /unifiedmessaging
Offline Address Book
– /oab
Unified Messaging
– /unifiedmessaging
Outlook Mobile Access
– /oma
Autodiscover
/autodiscover
E2003/E2007 services
Deploying SSL Certificates
► Use “Subject Alternative Name” (SAN) certificate which
can cover multiple hostnames
► Minimize the number of certificates
– 1 certificate for all CAS servers + reverse proxy + Edge/Hub
► Minimize number of hostnames
– Use “Split DNS” for Exchange hostnames
– mail.contoso.com for Exchange connectivity on intranet and
Internet
– mail.contoso.com has different IP addresses in intranet/Internet
DNS
► Don’t list machine hostnames in certificate hostname list
– Use Load Balance (LB) arrays for intranet and Internet access to
servers
Deploying Exchange 2010
Topology decisions—CAS load balancing
► OWA and EWS load balancing require
ClientServer affinity
– Client-IP based Windows NLB or LB device using cookiebased affinity
► Tell Autodiscover where to send clients.
– Configure internalURL and externalURL parameters and
virtual directories
– Example: Set-WebServicesVirtualDirectory cas2010\ews* ExternalURL https://mail.contoso.com/ews/exchange.asmx
► Outlook clients connection for intranet MAPI access
– Use New-ClientAccessArray and set-mailboxdatabase
(c) 2011 Microsoft. All rights reserved.
Switching to CAS2010
Preparatory steps
► Obtain and deploy a new certificate that includes the
required host name values
– mail.contoso.com
– autodiscover.contoso.com
– legacy.contoso.com
► Upgrade all Exchange servers to Service Pack 2
– Enable Integrated Windows Authentication on Exchange
2003 MSAS virtual directory (KB 937031)
► Install and configure CAS2010 servers
– Configure InternalURLs and ExternalURLs
– Enable Outlook Anywhere
– Configure the Exchange2003URL parameter to be
https://legacy.contoso.com/exchange
(c) 2011 Microsoft. All rights reserved.
Switching to CAS2010
Preparatory steps, continued
► Join CAS2010 to a load balanced array
– Create CAS2010 RPC Client Access Service array
– Ensure MAPI RPC and HTTPS ports are load balanced
► Install HUB2010 and MBX2010 servers
– Configure routing coexistence
► Create Legacy hostname in DNS
► Create Legacy publishing rules in your reverse
proxy/firewall solution pointed to FE2003 / CAS2007
array
► Use ExRCA to verify connectivity for Legacy
hostname against E2003/E2007
(c) 2011 Microsoft. All rights reserved.
Switching to CAS2010
The switchover
autodiscover…
legacy… mail…
The switchover involves a minor service
interruption
1.
2.
TMG
Update/Create Autodiscover publishing
rule
Update Mail publishing rules
a.
Update paths with new Exchange 2010
specific virtual directories
3. Switch: Move Mail… and Autodiscover…
hostnames to point to CAS2010 array
4.
5.
6.
1
2
Reconfigure CAS2007 internalURLs and
externalURLs to now utilize Legacy
namespace
Disable Outlook Anywhere on legacy
Exchange
Test that CAS2010 is redirecting/ proxying
to CAS2007 (externally and internally)
2
E2010 CAS+HUB+MBX
E200x SP2
1
Clients access E2010 through
Autodiscover… and mail…
2
Redirection (legacy…), proxying,
and direct access to E2003/E2007
Client Access Upgrade
► Clients access CAS2010 first
► Four different things happen
for E2003/ E2007 mailboxes
1.
Autodiscover tells clients
to talk to CAS2007
2.
HTTP redirect to FE2003
or CAS2007
3.
Proxying of requests
from CAS2010 to
CAS2007
4.
Direct CAS2010 support
for the service against
BE2003 and MBX2007
CAS2010
Service
E2003/E2007 mailbox treatment
Outlook Web
App
Redirect (with Single Sign-On for
Forms-Based Authentication)
Exchange
ActiveSync
• E2007: Autodiscover and redirect
(WM6.1 and newer), Proxying
(WM6 and older, all nonMicrosoft)
• E2003: Direct CAS2010 support
Outlook
Anywhere,
OAB, and
Autodiscover
Direct CAS2010 support
Autodiscover
Exchange
Web Services
POP/IMAP
E2007:Proxy
E2003: Direct CAS2010 support
SMTP Transport Upgrade

- Follow this flow for each physical
location


- Edge servers are optional
Internet SMTP Servers
- Edge 2007 SP2 can be used with
HUB 2010
Step 5:
Switch Internet
e-mail submission to
Edge 2010
Step 4:
Install Edge 2010
E2010 Edge
E2007 Edge
Step 3:
Switch Edgesync
+SMTP to go to
HUB2010
E2003 Bridgehead
Step 1:
Upgrade existing E2003 and
E2007 servers to SP2
E2010 HUB
E2007 HUB
E2010 MBX
E2007 MBX
Step 2:
Install HUB and MBX 2010
E2003 Back-End
Unified Messaging Upgrade
► IP PBXes and GWs
– Configure to send all traffic
to E2010 UM
– E2010 UM will redirect to
E2007 UM when necessary
Step 1:
Introduce UM 2010
to existing dial plan
► Lync 2010
– With E2010 RTM, create new
dial plan for E2010 UM users
– Lync update: Lync will
automatically talk to E2010
UM, which will redirect to
E2007 UM when necessary
► TIP: UM is not supported in
a virtualised environment.
Step 2:
Route IP GW/PBX
calls to UM 2010 for
dial plan
Step 3:
Remove UM 2007
after mailboxes
have been moved
Public Folders
► Co-existence supported for Exchange 2010 and
Exchange 2003/2007
► Outlook can access mailbox data from Exchange 2010
and public folder from Exchange 2003/2007
► OWA 2010 will allow access to public folders with replica
on Exchange 2010
► Get-PublicFolderStatistics help take action
– Move
– Delete
– Migrate to SharePoint
► Public Folder DB can be located on Exchange 2010 that
is part of a DAG but must use PF replication and not DAG
technology.
(c) 2011 Microsoft. All rights reserved.
Service Level Agreement
Service availability during migration
Availability
Yearly Downtime allowed w/
24-hour day
8-hour day
95%
438 h (18.25 d)
145.6 h (6.07 d)
99%
87.6 h (3.65 d)
29.12 h (1.21 d)
99.9%
8.76 h
2.91 h
99.99%
52.56 min
17.47 min
99.999% (“five nines”)
5.256 min
1.747 min
99.9999%
31.536 sec
10.483 sec
► 1GB mailbox could take 90 minutes or more to move
– Pain: User is disconnected for the duration
– Pain: Your SLA for availability is not met
Online Move Mailbox
Minimal disruption
E-mail Client
► Users remain online while their
mailboxes are moved between
servers
– Sending messages
– Receiving messages
– Accessing entire mailbox
Client Access Server
Mailbox Server 1
Mailbox Server 2
Exchange 2010 and Exchange 2007 SP2 Online
Exchange 2003 Offline
► Administrators can perform
migration and maintenance
during regular hours
► Also can be used to migrate
users from on-premises server
to Exchange Online
► Move Request (SP1) performed by
MRS on all CAS
Time to retire E2003 and E2007
Foreign Messaging System Migration
► Lotus Notes
– Quest
– Binary Tree
– Etc…
► Groupwise
–
–
–
–
Quest
MigrationWiz
Transend
Etc…
► Gmail
– MigrationWiz
– Transend
– Etc…
(c) 2011 Microsoft. All rights reserved.
Lotus Notes Migration
► Quest
– Notes Migrator for Exchange
– Coexistence Manager for Notes
► Binary Tree
– CMT – Exchange
– CMT – Coexistence
• Hosted Migration possible
► Best Practice
– Migrate as Fast as you can
– Remediate existing directory and email infrastructure
• i.e. Enforce mail retention
– Use out of the box functionality from Exchange, Quest and/or Binary
Tree
– Don’t assume you need to migrate everything
– Don’t assume you need to migrate applications before e-mail
– Don’t ignore potential regional issues
•
i.e. legal and regulatory requirements
(c) 2011 Microsoft. All rights reserved.
Groupwise Migration
► Quest
– Groupwise Migrator for Exchange
• Working on coexistence
► MigrationWiz
– Hosted migration, per mailbox
► Transend
– Transend Migrator
• Multiple platforms supported beyond Groupwise
► Lack of coexistence across all vendors
(c) 2011 Microsoft. All rights reserved.
Enrol in Microsoft Virtual Academy Today
Why Enroll, other than it being free?
The MVA helps improve your IT skill set and advance your career with a free, easy to access
training portal that allows you to learn at your own pace, focusing on Microsoft
technologies.
What Do I get for enrolment?
► Free training to make you become the Cloud-Hero in my Organization
► Help mastering your Training Path and get the recognition
► Connect with other IT Pros and discuss The Cloud
Where do I Enrol?
www.microsoftvirtualacademy.com
Then tell us what you think. [email protected]
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other
countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
(c) 2011 Microsoft. All rights reserved.
Resources
www.msteched.com/Australia
www.microsoft.com/australia/learning
Sessions On-Demand & Community
Microsoft Certification & Training Resources
http:// technet.microsoft.com/en-au
http://msdn.microsoft.com/en-au
Resources for IT Professionals
Resources for Developers
(c) 2011 Microsoft. All rights reserved.