Book giveaway and e-mail notice • Please give me a piece of paper with your name for drawing • Include your e-mail address or give.
Download ReportTranscript Book giveaway and e-mail notice • Please give me a piece of paper with your name for drawing • Include your e-mail address or give.
Book giveaway and e-mail notice • Please give me a piece of paper with your name for drawing • Include your e-mail address or give me a business card if you want: ● ● 20% discount code for Directory Update software Notification e-mail when Mastering Exchange Server 2007 is available • Keep an eye out for Mastering Exchange Server 2007 – Due out in late April Exchange 2007 for Exchange 2003 Administrators Jim McBee ITCS Hawaii [email protected] Who is Jim McBee!!?? • Consultant, Writer, MCSE, MVP and MCT – Honolulu, Hawaii (Aloha!) • Principal clients (Dell, Microsoft, U.S. Government, SAIC, Servco Pacific) • Author – Exchange 2003 Advanced Administration and Mastering Exchange Server 2007 (Wiley/Sybex) • Contributor – Exchange and Outlook Administrator • Blog ● http://mostlyexchange.blogspot.com • Directory Update software ● http://www.directory-update.com Audience Assumptions • You have at least a few months experience running Exchange 5.5, 2000, or 2003. • You have worked with Active Directory • You can install and configure a Windows 2000 / 2003 server Today’s presentation • • • • • • • What is new with Exchange 2007? Upgrading or migrating Administering Exchange 2007 Resource Management High availability options Anti-spam, antivirus, and security Transport rules What’s new? Why upgrade? • No single “killer feature” • Improved deployment options ● ● ● ● Scriptable Command-line Simplified management console Automatic Outlook 2007 configuration Installation is intuitive and helpful 64-bit rocks • Use up to 32GB of RAM (cost is limiting factor right now) • Improved caching • Reduce I/O profile • Reduce disks required for I/O profile • 0.3 IOPS per “heavy” user Server roles • • • • • • Allows easy segmentation of functions Mailbox Client Access Hub Transport Unified Messaging Edge Transport Why have server roles? • Install just what you need • Easier to harden • Simplify, consolidate or distribute Hub Transport Server Client Access Server Mailbox Server Unified Messaging Server Edge Transport Server Perimeter Network Protected Network Server Roles: Edge Transport • Optional role • Must be on its own separate physical machine with no other roles installed • May be workgroup member or joined to a separate Active Directory forest • Uses Active Directory Application Mode (ADAM) for configuration and recipient information • Enforces policy at the perimeter policy enforcement ● ● ● Message hygiene Anti-virus Advanced anti-spam • Must be connected (subscribed) to a Hub Transport server Server Roles: Client Access Server • Supports client protocols except MAPI ● ● ● ● ● ● OWA Exchange ActiveSync Outlook Anywhere (formerly RPC/HTTPS) POP3 and IMAP4 Autodiscover Web services • Placed in protected network ● ISA in perimeter can publish protocols • At least one CAS in each site and domain where mailbox servers exist • Requires good network connection for RPC to mailbox servers • Not strictly required for mailbox access, but almost all environments will need it • Can coexist with mailbox, Hub Transport, UM roles Server Roles: Hub Transport • Handles message delivery and routing • Applies policies to all messages via transport rules • Can handle some message hygiene functions ● ● Anti-virus Limited anti-spam • Reduces cost and complexity ● ● Provides more predictable routing Reduces downtime • At least one in every AD site with a mailbox server • Can coexist with mailbox, Hub Transport, UM roles Server Roles: Mailbox • Responsible for serving mailbox databases and public folders • Mailbox access through MAPI • Supports, but does not require, public folders • HA options: ● ● ● ● Local Continuous Replication (LCR) Cluster Continuous Replication (CCR) Single Copy Cluster (SCC) Standby Continuous Replication (SCR) Server Roles: Unified Messaging • Unified Messaging ● ● ● Placed in the protected corporate network Requires that Mailbox and Hub Transport roles exist Answers calls diverted by PBX • Provides automated attendant • Records and delivers voice messages ● ● Provides Outlook Voice Access Check with your phone vendor to see if their phone system will work with UM server • May require PBX gateway Enterprise Topology SMTP Clients Edge Transport Hub Transport Routing Routing Mailbox Hygiene Policy Public Folders Mailbox PBX/ VoIP ` Unified Messaging External Clients ISA Server ` Applications OWA Reverse Proxy Forms Based Authentication Client Access Internal Clients Protocols EAS, POP, IMAP, Outlook Anywhere Programmability Web services, Web parts Voice Messaging Fax Outlook Voice Access Improved high availability options • • • • Single copy clusters Cluster continuous replication Local continuous replication Database portability Improved compliance and security • • • • • • Message transport rules Messaging records management Opportunistic TLS Internal SMTP always encrypted Per-recipient journaling Edge Transport server role and anti-spam agents • Forefront Security for Exchange Improvements for users • OWA integration with file shares and SharePoint • More than 32KB of rules per folder • Improved OOF functions ● Internal, external, schedulable • Improved shared resource features • Windows Mobile 6 support • Manage mobile devices via OWA Customizable quota and NDR messages Server licensing changes • Exchange Server 2007 Enterprise Edition ● ● ● Allows clustering Allows 50 storage groups / mailbox databases Database size 16TB • Exchange Server 2007 Standard Edition ● ● Allows 5 storage groups / mailbox databases Database size 16TB • See: ● http://preview.tinyurl.com/bmd55 Client Access Licenses • Standard Exchange CAL ● E-mail, ActiveSync, OWA, Outlook Anywhere • Enterprise Exchange CAL ● ● ● ● ● Unified Messaging Per recipient journaling Messaging records management Forefront Security for Exchange Server Exchange Hosted Filtering (for SA customers) • See: ● http://preview.tinyurl.com/bmd55 Administering Exchange 2007 • • • • Improvements for administrators No more admin or routing groups Exchange Management Console Exchange Management Shell Legacy Exchange Management Challenges • Exchange 2000/2003 admins face some challenges ● ● ● ● ● Delegation is not flexible enough. There are no consistent provisioning methods. Bulk operations are difficult (or impossible). ESM is scattered and difficult to navigate. Scripting is difficult and limited in scope • Many of these problems are only made worse by the addition of third-party utilities. Look familiar? Improvements include… • No more Recipient Update Service • Mailbox properties generated at creation time: ● ● Including SMTP addresses and address list membership Can be updated via command-line • All recipient administration performed from Exchange Management Console or Exchange Management Shell (no ADUC extensions) Exchange Server 2007 Management Architecture GUI Setup CLI WinForms WinForms ADO.Net Early-bound objs PowerShell Data Provider PowerShell Exchange-specific cmdlets / tasks Configuration Data Access Process boundary MAPI Store Registry AD Meta base What This Means To You • New tools to learn ● ● Exchange Management Console for GUI Exchange Management Shell for CLI • Most tasks are much easier • A few tasks require use of the command line Exchange Management Console • Goal: "Intuitive design" • Simplified navigation ● ● ● Multiple panes Object filtering Discoverable tasks through Actions pane • Consistent user interface • Integrated toolbox ● ● ● RTM tools Web release tools ADU&C is no longer used for recipient management Improved Exchange Management Console • • Console Tree: segmented into four work centers • Recipients • Servers • System • Toolbox Allows quick access to core functions and groupings Action Pane: • Shows all tasks for selected object(s) • Easy contextual access to all actions for an object Result Pane: • rich contextual list of appropriate objects • Shows all objects in org or server Work Pane: • child objects of results pane objects • Automatically shows what objects you can work on at a given time Demos Exchange Management Console Create and manage mailbox Administrative Group Design • Existing problems ● ● ● Too rigid; not dynamic Not completely granular Low usage • 50% of companies (from Tech-Ed) state they do not use AGs • Another 40% use 5 or less • Benefits of removing Administrative Groups ● ● ● ● Exchange Server 2007 provides org-wide permissions Delegate access to single servers Apply role-based permissions to server objects Group and filter in GUI based on server attributes • Transition note: Exchange Server 2007 creates a new hard-coded AG for compatibility Permission Delegation • Permissions model ● ● ● Organization Admin Recipient Admin Server Admin • Recipient Admin can move mailboxes • Server Admin specified for multiple servers • Predefined groups: ● ● ● ● Exchange Organization Administrators Exchange Recipient Administrators Exchange Server Administrators Exchange View-Only Administrators Simplified administrative model • No more administrative or routing groups! • Server-based admin permissions • Separate “recipient administrators” • Pre-configured Active Directory groups • Customize your own permissions Demos Active Directory groups Delegating permissions via EMC Exchange Management Shell • Extensions to Windows PowerShell • Fundamental implementation of the Management API • All management activities exposed to command line and script • Reduced complexity with fewer APIs • NET integration ● ● Can make use of .NET classes and namespaces Can be consumed by .NET applications • Bulk actions ● ● Consistent provisioning Updating multiple objects • Security and safety features Using the PowerShell • Exchange functions are extension of PowerShell • Commands are “task based” ● Called “cmdlet” – pronounced “command-let” • Verb-Noun combination • Easy to remember combinations • Tab completion Help is easy to find • • • • Help or Get-Help cmdlets Help *mailbox* Help get* Help Get-Mailbox –Full ● ● or –Detailed or -Example EMS Cmdlet: What It Does get-mailbox -server CT-EXCH-MBX-01 | ` move-mailbox ` –targetdatabase SG1\Executives • Get all mailboxes on the mailbox server named CTEXCH-MBX-01 and pipe this list to the next command: get-mailbox -server CT-EXCH-MBX-01| • Move each mailbox in this list to the Executives database in the SG1 storage group: move-mailbox –targetdatabase SG1\Executives More EMS Examples • Get-Mailbox -server CT-EXCH-MBX-01| ` Move-Mailbox -targetdatabase SG1\Executives • Get-DistributionGroupMember “Engineering” • Get-DistributionGroupMember “Engineering" | ` Set-Mailbox -IssueWarningQuota:1500MB • Get-DistributionGroupMember “Engineering" | ` Set-Mailbox | Format-Table name,issuewarningquota Demos Using the Exchange Management Shell SP1 Management Improvements • Service Pack 1 includes some major EMC improvements ● ● ● Public folder management tools POP / IMAP server management tools Clustered mailbox server management • There are EMS improvements as well ● ● ● Import and export mailboxes to PST! Improved tools for bulk mailbox manipulation Some syntax improvements Message routing improvements • Routing infrastructure no longer manually defined • No more routing groups • Routing dependant on Active Directory Legacy Message Routing • Exchange 2000 and Exchange 2003 ● ● ● ● ● Provide multiple routing groups Require routing group connectors Use link state routing to share routing information between RGs Have difficulty converging link state information in large networks Have a hard time clearing / purging poisoned or corrupted routing information Exchange Server 2007 Message Routing • No more routing groups! ● ● ● ● Routing uses Active Directory sites No RGs means no RGCs No more link state updates Automatic configuration of routing topology • No more bridgeheads! • Message routing goes direct whenever possible ● ● HT in one site always attempts direct connect to HT in another site first When direct relay not available, HT establishes connections based on AD topology • Division of services between Hub and Edge ● ● Edge provides perimeter policy control + external routing Hub provides internal policy control + internal routing Exchange Server 2007 Message Routing • Hub Transport routing changes significantly 1. 2. 3. HT selects a route HT attempts direct delivery on the route HT delays fan-out/bifurcation as long as possible • Route selection is simplified and deterministic ● ● Identify least cost route Are there multiple routes with same cost? • Choose one with lowest hop count ● If equal sites exist, find last site prior to destination Planning Mailbox Database Storage • Storage group recommendations • Disk and LUNs • Local continuous replication considerations • IOPS • Demo How many storage groups? • Recommend using one storage group per database • When using SANs, create one LUN for each SG’s transaction logs and one LUN for each database (for VSS backups) • Maximum database size: ● ● ● 100GB without LCR 200GB with LCR Take in to consideration restore times and SLC It is all about disk performance • Sizing for IOPS is just as important as disk capacity User type Light Cache per user 2MB Sent / Received 5 / 20 IOPS per user 0.11 Average 3.5MB 10 / 40 0.18 Heavy 5MB 20 / 80 0.32 30 / 120 0.48 Very heavy 5MB Demo Create storage group and mailbox database Upgrading / migration • Upgrade path • Keeping an older version of Exchange? • Prerequisites Upgrade Paths • Can upgrade organization from: ● ● Exchange 2000 Server Exchange Server 2003 • Cannot upgrade org from Exchange 5.5 • No in-place server upgrades; move/consolidate existing mailboxes and services • Most new mailbox features require mailbox to be homed on Exchange Server 2007 • Many new features require Outlook 2007 Keeping Older Exchange Versions • Exchange 2000 ● ● ● ● ● ● ● Microsoft Mobile Information Server Instant Messaging Service Exchange Chat Service Exchange 2000 Conferencing Server Key Management Service cc:Mail Connector MS Mail Connector • Exchange 2003 ● ● Novell GroupWise Connector Public folder access over OWA Infrastructure Requirements • Schema Master DC requires Windows Server 2003 SP1 • GCs used by Exchange 2007 require Windows Server 2003 SP1 • AD domain functional level must be Windows 2000 native or higher for: ● ● Each domain that will host Exchange Server 2007 servers Each domain that will host mail-enabled users • Multi forest topologies and forest trusts ● Minimum forest functional level is Windows Server 2003. • No Exchange Server 5.5 servers in the organization; organization must be in native mode • DNS is correctly configured for the Active Directory forest • Active Directory is prepared • Note: WINS is no longer required The Typical Upgrade • • • • • • Prepare Active Directory Deploy Edge Transport servers - Optional Deploy CAS servers Deploy Hub Transport servers Deploy Mailbox servers Move resources from Exchange 2000/2003 servers • Uninstall Exchange 2000/2003 servers from the Exchange organization • Remove connectors between RGs • Remove RGs Public Folders • Still supported until 2016 ● De-emphasized in favor of SharePoint • Public folder store not created by default ● ● ● Free/busy published via web service Other system folders not present (OAB) Fix: specify pre-Outlook 2007 clients during installation • Management options ● ● ● ● EMC: create/manage/remove public folder store EMS: full complement of cmdlets Exchange Server 2007 adds EMC GUI support PFDavAdmin still works, PFMigrate • Gotchas: ● ● OWA does not currently expose PFs on Exchange 2007 mailbox servers SharePoint 3.0 not yet a complete replacement Public Folder Changes in SP1 • SP1 adds two major public folder improvements ● ● Access from Outlook Web Access Full administrative / management access to public folders from EMC Public Folder Management Console File Actions View Favorites Window Public Folders Default Public Folders Customer List Feedback Internet Newsgroups Exchange Server Exchange Server Admin Exchange Server Setup Support Help Default Public Folders – exch01.redmond.microsoft.com + Create Filter Actions Default Public Folders Name Path Customer List \IPM_SUBTREE Feedback \IPM_SUBTREE Internet Newsgroups \IPM_SUBTREE Support \IPM_SUBTREE New Public Folder... View New Windows from Here Refresh System Public Folder Help Customer List Update Public Folder Mail Enable Remove Properties X Resource management • Resource mailboxes are now uniquely identified • Creating resource mailboxes • Configuring and managing resource mailboxes Creating the mailbox using EMC • Create “Room” or “Equipment” mailbox type Customizing resource mailboxes • Disabled user account created ● • • • • • Enable user account to manage resource settings Use OWA to manage resource mailbox Allow automatic processing of requests Specify who can request and schedule Notification options Privacy options Resource scheduling options Demo Creating and managing a resource mailbox High availability options • New high availability options • Reduce recovery time after failure • New replication option coming in SP1 Focus on High Availability • Improve data availability ● ● Protect mailbox data from failures and corruptions Reduce time required to restore mailbox data • Improve service availability ● ● ● ● ● Make mailbox data more available Make cluster failover faster and less painful Make cluster management easier Support for ‘stretch’ or ‘geo-clusters’ Allow large mailboxes inexpensively High Availability Options • Hub Transport Role ● ● Redundant hardware Automatically load balanced and redundant with multiple HTs • Edge, Client Access Server and Unified Messaging Roles ● ● ● ● Redundant hardware Windows NLB or third party load balancing (Edge / UM only) Round robin DNS DNS MX records (Edge only) • Mailbox Server Role ● ● ● ● ● Replication and clustering Local Continuous Replication (LCR) Cluster Continuous Replication (CCR) Standby Continuous Replication (SCR) Single Copy Clusters (SCC) Local Continuous Replication • Additional copy of the logs ● On the same server ● On a different volume • Benefits ● Easy configuration ● Single datacenter ● Doesn’t require expensive hardware ● Online backups ● Very quick restoration of service • Drawbacks ● Manual activation ● Only protects 1 server ● Only protects 1 DB in SG ● Additional storage requirements LCR Diagrammed Server Transaction Logs Database Copy of Database Copy of Transaction Logs Cluster Continuous Replication • Benefits ● Potentially no single point of failure ● Two copies of the data on separate servers ● No need for shared storage. ● Full redundancy with automatic recovery ● Backup mailboxes without disturbing production ● Doesn’t require validation for clustered configuration • Drawbacks ● Initial database seeding required ● Servers must be on same subnet ● Transaction logs pulled over SMB shares ● Some scenarios require log validation, replay CCR Caveats • Requires Microsoft Cluster Services ● ● Majority Node Set cluster Requires a third “voting” node - uses a shared folder • Two-node, active / passive only • Backup: ● ● Streaming backup against production storage groups VSS backup against production and replica storage groups • Limit of one database per storage group • Can be used for PF database if it is the only PF database in the organization ● ● Stand-alone In two different MSCS clusters On different subnets • Controlled per storage group • Many-to-1 and one-tomany supported Logs ● Logs • Coming in Service Pack 1 • Source and target machines can be DB Standby Continuous Replication Replication to a standby server Replication Options • LCR ● ● ● ● ● Focused towards server resiliency Improves restore time Administrator has to initiate restore manually Single server, single data center solution Implements log shipping and replay out of the box • CCR ● ● ● ● • Log files are copied locally and replayed Targeted towards site resiliency Automatic failovers Single or two-data center solution by supporting “stretch” option Implements log shipping and replay out of the box • Log files are copied to remote server and replayed ● Simplifies cluster deployment • SCR ● ● ● ● • Requires MSCS • Does not require SAN or shared storage • Does not require identical nodes in cluster Provides site and server resiliency “Cold spare” approach cuts hardware costs Can be combined with LCR, CCR, and SCC for maximum flexibility Look for more details at TechEd 2007 Single Copy Clusters • Requires Microsoft Cluster Services • Benefits ● ● Improved Exchange Cluster setup Failovers use the same data copy • Disadvantages ● ● ● ● ● Requires expensive hardware with shared storage Can be complicated for admins to learn Doesn’t protect from storage/data issues Servers must be on same IP subnet Data redundancy provided through partners Demos Replicating a database using LCR Transport rules • Managing data in transit • How transport rules are created • Conditions, actions, exceptions Where Data Is • In transit: data being moved from one storage location to another should not be ● ● ● Snooped/sniffed Altered (without notice) Inappropriately disclosed • At rest: data in a storage location should not be ● ● ● Inappropriately accessed Altered (without notice) Deleted Applying E-mail Policy in Transit • Transport rules • Routing policies ● ● Automatic certificate-based protection Enforce retention and compliance • Journaling ● ● ● ● Transport-based Massively reduced duplication Scoped (internal, external, global messages) Reports to any valid SMTP address • Message security classifications What Are Transport Rules? • Rules that are applied to all transport servers to inspect messages and act on them in some fashion • Managed by the administrators • Managed by GUI wizard or cmdlets ● ● ● Who does the rule apply to? What exceptions are allowed? What should be done with matching messages? Transport Rule Examples • Example Conditions and Exceptions ● ● ● ● Sender, Recipients Sender or recipient is member of DL String match in subject, body, or header Regular expression match in subject, body, or header • Example Actions ● ● ● Add a disclaimer Encrypt the message Route to a specified server Ethical Walls Select multiple conditions to constrain the rule Ethical Walls Customize the action to suit the organization’s needs Message Classification Admin configuration with transport rules User configuration with Outlook More About Transport Rules • Rules on the Hub Transport ● ● ● ● Used for restrict / protect / audit scenarios Stored in Active Directory Managed and applied across entire organization Max of approx. 1000 rules per organization • Rules on the Edge Transport ● ● Used for boundary restrictions Managed and applied per-server Transport Rule Collections • Collections ● ● ● ● Internal: apply when all senders/recipients are in the organization External: apply to when one or more parties are unauthenticated (anonymous) or not in the organization Global: apply to all messages Edge: apply to all messages in the DMZ Demos Creating a transport rule Messaging Records Management • Managing records “at rest” • Creating policies for messaging records management E-mail Policy at Rest • Messaging records management (Managed Folders) • Multi-mailbox search • Secure classifications • Rights Management ● ● ● Certificate based Applies access controls to the message data Integrates with / requires Windows Rights Management Messaging Records Management • • • • Settings configured by the admin Implementation handled by the user Integrates with an archiving solution Retention policies can be configured by type • E-mail • Voice mail • Faxes • Tasks • Calendar • … Messaging Records Management Help users store the information they need and delete the information they don’t Retention Policies on Default Folders Set policy on Inbox, Deleted Items, etc. Policies based on item age Unique policies enabled for e-mail, voice mail and fax Expiration actions: Move to Deleted Items Delete Move to a another folder for cleanup review Instructional message can be shown to users Messaging Records Management Administrative Attributes •Managed Folders display in the user’s mailbox •Provide a place to store critical content longer-term •Cannot be deleted by users •Can have user-created sub-folders •Grouped together by Mailbox Policies •Policies can be deployed based on different characteristics •Folder quotas can limit individual folder size Demos Using messaging records management Journaling • • • • Increasingly common Journal per mailbox database Journal using transport rules Journal per mailbox Journaling in Exchange 2007 • Configurable per-recipient • Envelope journaling only • Number of individual journal reports has been significantly reduced • Can journal to multiple destinations: ● ● ● Exchange mailbox Mail-enabled public folder SMTP recipient on external system Demos Creating a journaling rule Clearing out unwanted e-mail • Use the Export-Mailbox • Copy or remove content from specified mailboxes • Must be moved to another mailbox • get-mailbox -database “Mailbox Database" | export-mailbox SubjectKeywords "resume" -StartDate "06/25/06" -EndDate "07/07/06" -TargetFolder "Inbox" -TargetMailbox Administrator DeleteContent:$true Demos Using Export-Mailbox Improvements in message transit security • E-mail is encrypted in transit ● ● ● ● Hub-to-Mailbox Hub to Hub Edge to Hub Edge to Edge • Alternately external connections can be encrypted AND authenticated using certificate authentication Mailbox ↔ Hub • Authentication: Mutual by Kerberos • Encryption: TLS TLS & Kerberos Mailbox server Hub Transport server Hub ↔ Hub • Authentication: Mutual by Kerberos • Encryption: TLS TLS & Kerberos Hub Transport server Hub Transport server Edge ↔ Hub • Authentication: Mutual via certificates • Encryption: TLS TLS & Mutual Authentication Perimeter Edge Transport server Internal Network Hub Transport server Edge ↔ Edge • Mutual authentication (Domain Security) ● Certificate + TLS TLS & Certificates Perimeter Perimeter Internet Edge Transport server Edge Transport server Introducing the Edge Transport • Why use the Edge Transport server? • Placement of the Edge Transport server role • Adding anti-spam to the Edge Transport The Need For The Edge • Exchange Server 2003: Monolithic architecture ● ● ● ● No granular control over which code modules are installed The Store service is required for SMTP delivery of NDRs Servers must be part of an Active Directory domain Perceived to be vulnerable as a border MTA • Mail routers on the edge have specialized needs ● ● ● ● ● Hardening against increased security threats Make intelligent routing choices Reject bad messages, not allow into the organization Enforce message hygiene and policy Minimize firewall exposure and reconfiguration Exchange Server 2007 On The Edge • Full AD integration without AD exposure • Easier than ever to provide secure transit without a lot of configuration • Enforce compliance policies on inbound and outbound mail • Extensive message hygiene features ● ● Enterprise-grade anti-spam Enterprise-grade anti-virus • Fully scriptable • Easily extended for third-party functionality Exchange Server 2007 Filtering • Connection filtering ● Drop bad connections based on source IP address • Allow/deny lists (IP, domain, sender, recipient) • DNS real-time blocklists • Third party allow lists • Protocol filtering ● Drop bad connections based on SMTP conversation • Sender filtering (local restrictions, Sender ID) • Recipient filtering • Protocol errors ● ● Protocol analysis Slow down persistent senders to avoid excessive resource consumption (tarpitting) 1 Connection Filtering 2 Sender & Recipient Filtering 3 Content Filtering Inbox Junk E-mail Exchange Server 2007 Anti-Spam • Content filtering ● Reject or bounce messages based on content cues • What’s in the message? • Who sent it? • What do we know about other messages from the same source? • Is there a postmark? ● Most resource intensive • Quarantine ● ● ● Managed by administrator Integrated with content filtering Freeing messages feeds back to content filtering engine Content Filtering • Uses SmartScreen technology • Composite score from several data sources ● ● ● ● ● ● ● Domain reputation Sender ID IP address presence on block lists Message characteristics and contents Computational puzzles Provides two confidence levels: spam and phish Regular automatic updates • Custom weight lists ● Administrator configurable word lists allow fine-tuning of results • Transport rules allow centralized dynamic responses Attachment Filtering • Strip attachments ● ● ● By file size By MIME content type By file extension • Looks inside ZIP archives • Use transport rules to quickly block emerging threats Transport AV By Role • Edge Transport ● Filters inbound and outbound traffic • Hub Transport ● ● Filters all email between mailboxes …even on the same server • Mailbox ● ● Scan the mailbox store Use legacy VSAPI 2.5 interface Forefront Security for Exchange Server • Forefront server security solutions help protect messaging servers against viruses and worms • Based on mature Antigen product line • Full support of Exchange Server 2007 features like transport stamping Advanced Protection Multiple scan engines at multiple layers throughout the corporate infrastructure provide maximum protection against e-mail and collaboration threats Availability & Control Tight integration with Microsoft Exchange, Windows-based SMTP, SharePoint and Live Communications Servers maximizes availability and management control Secure Content Ensures organizations can eliminate inappropriate language and dangerous attachments from internal and external communications Overview of Unified Messaging • • • • What is Unified Messaging? Delivering access to e-mail from anywhere The Unified Messaging server role Common terms and concepts What Is Unified Messaging? • Solution: put voice and fax data into the Inbox ● ● Gives deskbound users access to all communications from one place Gives mobile users access to all data from laptop, browser, mobile device, and telephone Expanding Anywhere Access • Some users use Outlook heavily ● They want all data types in one place • Other users travel frequently and don't always have access to Outlook ● They want access to data from any location and device • How can we deliver both? Exchange Unified Messaging ● ● ● ● ● ● New server role Connects physical phone system with Exchange storage Accepts voice and fax messages and delivers them to users' inboxes Applies admin-specified call routing rules Provides Automated Attendant service Provides Outlook Voice Access Exchange Unified Messaging Directory Server Key SMTP Unified Messaging Server Hub Transport Server Client Access Server Mailbox Server VoIP Gateway MAPI RPC HTTPS Site PBX IP-PBX VoIP Outlook Forest RPC/HTTPS PSTN LDAP Internal Phone Internet TDM Internal Phone External Phones Fax Exchange ActiveSync Outlook Web Access Outlook Exchange Unified Messaging • Unified Messaging server ● ● ● ● Accepts and routes calls Records and plays back voice messages Receives faxes Outlook Voice Access • Mailbox server ● Holds user mailboxes • Client Access Server ● Allows Outlook, OWA, EAS clients to access mailbox contents • Hub Transport server ● ● ● Moves messages from UM to mailbox server Provides store-and-forward in case of mailbox outage Applies policies for archiving, compliance Exchange Unified Messaging • Unified Messaging depends on several new Active Directory objects ● ● ● ● ● ● Gateways Dial plans Hunt groups Pilot numbers Mailbox policies Automated Attendants Unified Messaging: Mailbox Policies • Policies control what UM features the mailbox can use ● ● ● ● How long is the PIN and when must it be changed? PIN lockout policies Maximum greeting duration Can the mailbox use Outlook Voice Access? • You can create multiple policies • Each mailbox can only have one policy applied Unified Messaging Audio Encoding • Exchange Server 2007 Unified Messaging supports 3 different codecs ● ● ● Uncompressed: 64kbps, same as standard phone audio bandwidth GSM: approximately 8kbps Windows Mobile (default): 4kb + 1kbps • Codec choice is set as part of the Exchange organization settings Unified Communications • A little gazing in to my crystal ball • “Presence” will be everywhere • Contacting you when you need/want to be contacted Communications Convergence Communications Convergence Occurs Communication Capabilities E-mail/Calendaring Mobile Phones Voicemail Fax Integrated Communication Solutions IM and Presence Web and Video Conferencing VoIP PBX Integration Integration with Applications IP Telephony Unified Messaging Mobile/Remote Solutions Horizontally Integrated Communications Expanded VoIP Scenarios Common Directory Standards Based The Role of Real-Time • Messaging / calendaring are asynchronous ● ● Sending and receipt are decoupled Explicitly store-and-forward by design • Not every kind of interaction is asynchronous ● ● Passing notes vs. having a conversation “Phone tag” and “voice mail jail” vs IM and conferencing Microsoft Office Communicator 2005 Office Communications Server 2007 Investment Themes Enhanced Enterprise IM Group IM Enhanced presence Improved scalability, security, compliance, and manageability Multi-Party On-Premise Conferencing Ad-hoc and scheduled online meeting capabilities Flexible IP audio / video conversations and meetings RoundTable with panoramic view of room Call Management Rich, integrated voice offering Presence-enabled IP phone experience Control of the desktop phone Enhanced Enterprise IM • Integration with Exchange distribution groups ● ● ● No longer need to manually duplicate groups Use the group in real time or add it to contact list Send messages or invitation to groups at once Presence Everywhere • Presence sprinkled everywhere in Outlook • SharePoint integration • Contextual entry points Interruption Management • Send all communications to voicemail when in do-not-disturb • Allow specific people breakthrough privileges • Lightweight notification in presentation mode • Suppression of audio notifications based on how busy user is Consolidated History In Outlook • Automatic history for all IMs and calls • Custom forms and views in Outlook • Missed call entry point in Communicator Integration with OneNote 2007 • Make notes during a call with OneNote – straight from the conversation window • Stored call logs can link to the OneNote notes Questions Questions? Book giveaway • Keep an eye out for Mastering Exchange Server 2007 – Due out in late April Free eBook from realtimepublishers.com • Tips and Tricks Guide to Secure Messaging • Free download! • http://nexus.realtimepublishers.com/ttgsm.htm • Watch for Exchange Storage Solutions eBook soon! Links and more information • Mostly Exchange blog (me!) ● • Exchange Team blog ● • http://exchangepedia.com/blog Exchange Home Page ● • http://blogs.3sharp.com/blog/deving Bharat Suneja’s Exchangepedia blog ● • http://www.robichaux.net/blog Devin Ganger’s (e)Mail Insecurity blog ● • http://ww.exchangeninjas.com Paul Robichaux’s Down Home blog ● • http://msexchangeteam.com/ Exchange 2007 Wiki ● • http://mostlyexchange.blogspot.com http://www.microsoft.com/exchange Exchange 2007 Documentation ● http://go.microsoft.com/fwlink/?LinkId=69434