Exchange Server 2010
Upgrade and Deployment
Meelis Nigols
koolitaja
IT Koolitus
New from Exchange Server 2003 to
Exchange Server 2007
•
•
•
•
•
Shift from front-end/back-end to a scalable role-based
architecture
64-bit server support
Active Directory Sites replace Routing Groups
Autodiscover to automatically configure users
Removes Outlook 2007+ need for Public Folders
− Availability Service: Free/Busy information read direct from
mailboxes, not from Public Folders
− Offline Address Book download from Client Access Server
•
•
•
New admin tools
Unified Messaging: Get voice mail in your inbox
New Developer API: Exchange Web Services (EWS)
New from Exchange Server 2007 to
Exchange Server 2010
•
Flexible deployment choices
− Run Exchange Server on-premises, use Exchange Online, or a hybrid approach
•
High Availability solution for mailbox resiliency
− Comprised of database availability group and database copies
− Provides site resilience and disaster recovery
− 30-second switchover/failover with simplified admin experience
− Improves the flexibility in storage choices (SATA disks, JBOD configurations, etc.)
− Replaces SCR, LCR, SCC, and CCR from E2007
•
•
64-bit management tools support
RPC client access and Address Book services
− Improved High Availability solution
− Outlook MAPI connects directly to Client Access Servers for mailbox-related data
and directory requests
•
ExOLEBD, WebDAV, and CDOEx are gone
− “Entourage EWS” uses EWS
Collaborate Effectively
A familiar and rich Outlook experience across
clients, devices, and platforms
Exchange Server 2010 Prerequisites
•
Active Directory
•
•
•
•
Windows 2003 SP2 global catalog server is installed in each
Exchange Active Directory (AD) site
− No hard requirement for Windows Server 2008 AD
Windows Server 2003 forest functional level
Exchange
•
•
All Client Access Servers (CAS) and Unified Messaging (UM)
servers must have SP2
Existing servers are Exchange 2003 SP2 or Exchange 2007 SP2
•
•
•
•
Windows Server 2008 SP2 or R2 64-bit editions (Std/Ent)
Windows Management Framework
.NET Framework 3.5 SP1
Internet Information Services (IIS)
Server
Starting Setup for Exchange 2010
•
•
•
•
•
Step-by-step instructions in setup app
Setup.com with parameters gives unattended setup
Setup provides specific
settings for configuring
your environment
Configure CAS External
domain name
− Sets ExternalUrl
property which
aids client
configuration
E2003 routing group
connector: E2003 server
Namespaces and URLs
Outlook Web Access
−
/exchange,
/exchweb, /public
Exchange ActiveSync
−
/microsoft-serveractivesync
Outlook Anywhere
−
/rpc
POP/IMAP
Outlook Mobile Access
−
/oma
Clients and SMTP servers
Outlook Web Access
− /owa
Exchange Web Services
− /ews
Offline Address Book
− /oab
Unified Messaging
Outlook Web Access
Outlook Web App
Exchange Control Panel
− /ecp
Unified Messaging
− /unifiedmessaging
− /unifiedmessaging
Outlook Mobile Access
− /oma
Autodiscover
/autodiscover
E2003/E2007 services
Deploying SSL Certificates
•
•
•
•
Use “Subject Alternative Name” (SAN) certificate which can cover
multiple hostnames
Site resilience scenario
− If leveraging a certificate per datacenter, ensure that the
Certificate Principal Name is the same on all certificates
Don’t list machine hostnames in certificate hostname list
− Use Load Balance (LB) arrays for intranet and Internet access
to servers
Best practice: Minimize the number of certificates
− 1 certificate for all CAS servers + reverse proxy + Edge/Hub
− Additional certificate(s) if using Office Communications
Server (OCS)
Certificate Creation
1. Create a Certificate Request
file
2. Send Request file to
certificate authority you are
buying from
3. Use ImportExchangeCertificate to
activate newly acquired
certificate
4. Use EnableExchangeCertificate to
enable the certificate for use
with a particular service
New-ExchangeCertificate
-GenerateRequest
-Path
c:\certificates\request.req
-SubjectName “c=US,
o=contoso Inc,
cn=mail1.contoso.com”
-DomainName
mail.contoso.com,
autodiscover.contoso.com,
legacy.contoso.com
-PrivateKeyExportable $true
Deploying E2010
Topology Decisions—Split-brain DNS
•
•
•
Best Practice: Use “Split DNS” for Exchange hostnames used by
clients
Goal: Minimize number of hostnames
− mail.contoso.com for Exchange connectivity on intranet and
Internet
− mail.contoso.com has different IP addresses in intranet/Internet
DNS
Important: Before moving down this path, be sure to map out all
the hostnames (outside of Exchange) that you will want to create in
the internal zone
Deploying Exchange 2010
Topology decisions—CAS load balancing
•
•
•
OWA and EWS load balancing require ClientServer affinity
− Client-IP based Windows NLB or LB device using cookie-based
affinity
Tell Autodiscover where to send clients: Configure internalURL and
externalURL parameters and virtual directories
− Example: Set-WebServicesVirtualDirectory cas2010\ews* ExternalURL https://mail.contoso.com/ews/exchange.asmx
Tell Outlook clients where to go for intranet MAPI access
− Use New-ClientAccessArray and set-mailboxdatabase
Deploying Exchange 2010
Topology decisions—CAS load balancing
•
•
•
CAS AutoDiscoverServiceInternalUri property should be
set to NLB FQDN
Ensure the Web Services property InternalNLBBypassURL is set
to the Server FQDN
Configure virtual directory URLs according to this table:
Virtual Directory
InternalURL
ExternalURL
(Internet Facing AD Site)
ExternalURL
(Non-Internet Facing AD
Site)
/OWA
Server FQDN
NLB FQDN
$null
/ECP
NLB FQDN
NLB FQDN
$null
/Microsoft-Server-ActiveSync
NLB FQDN
/OAB
NLB FQDN
/EWS
NLB FQDN
NLB FQDN
NLB FQDN
NLB FQDN
$null
$null
$null
Upgrading to Exchange 2010
Internet Facing AD Site
• Start small
• Gradually add more servers
to support scale
• Internet hostname switch
• Unified Messaging switch
• SMTP switch
Internal AD Site
Internet
Proxy
• SSL cert purchase
• End users don’t see this
hostname
• Used when new CAS tell
clients to talk to legacy
environments
E200x Servers
E200x Servers
Preparation Tools
Finding and solving problems before users do
Verify Internet-facing services are set up
and configured properly
Help determine the cause of performance,
mail flow, and database issues
Simulate and test how a server responds to
e-mail loads
Determine overall health of Exchange system
and topology
Switching to CAS2010
Preparatory steps
1.
2.
3.
Obtain and deploy a new certificate that includes the required host
name values
a. mail.contoso.com
b. autodiscover.contoso.com
c. legacy.contoso.com
Upgrade all Exchange servers to Service Pack 2
a. Enable Integrated Windows Authentication on Exchange 2003
MSAS virtual directory (KB 937031)
Install and configure CAS2010 servers
a. Configure InternalURLs and ExternalURLs
b. Enable Outlook Anywhere
c. Configure the Exchange2003URL parameter to be
https://legacy.contoso.com/exchange
Switching to CAS2010
Preparatory steps, continued
4.
5.
6.
7.
8.
Join CAS2010 to a load balanced array
a. Create CAS2010 RPC Client Access Service array
b. Ensure MAPI RPC and HTTPS ports are load balanced
Install HUB2010 and MBX2010 servers
a. Configure routing coexistence
b. Configure OAB Web-based distribution
Create Legacy record in DNS (internal/external)
Create Legacy publishing rules in your reverse proxy/firewall solution
pointed to FE2003 / CAS2007 array
Use ExRCA to verify connectivity for Legacy namespace
Switching to CAS2010
The switchover
autodiscover…
mail…
legacy…
The switchover involves a minor service
interruption
1.
2.
3.
Update internal DNS and have Mail and
Autodiscover point to CAS2010 array
Update/Create Autodiscover publishing
rule and point to CAS2010 array
Update Mail publishing rules and point
to CAS2010 array
a.
4.
5.
6.
ISA
2
2
Remember to update paths with new
Exchange 2010 specific virtual directories
Reconfigure CAS2007 URLs to now
utilize Legacy namespace
Disable Outlook Anywhere on legacy
Exchange
Test that CAS2010 is redirecting/
proxying to CAS2007 (externally and
internally)
1
E200x SP2
1
2
E2010
CAS+HUB+MBX
Clients access E2010 through
Autodiscover… and mail…
Redirection (legacy…), proxying,
and direct access to
E2003/E2007
Client Access Upgrade
•
•
Clients access CAS2010 first
Four different things happen
for E2003/ E2007 mailboxes
1.
Autodiscover tells clients
to talk to CAS2007
2.
HTTP redirect to FE2003
or CAS2007
3.
Proxying of requests from
CAS2010 to CAS2007
4.
Direct CAS2010 support
for the service against
BE2003 and MBX2007
CAS2010
Service
E2003/E2007 mailbox
treatment
Outlook Web
App
Redirect (with Single Sign-On for
Forms-Based Authentication)
Exchange
ActiveSync
• E2007: Autodiscover and
redirect (WM6.1 and newer),
Proxying (WM6 and older, all
non-Microsoft)
• E2003: Direct CAS2010 support
Outlook
Anywhere,
OAB, and
Autodiscover
Direct CAS2010 support
Exchange
Web Services
Autodiscover
POP/IMAP
E2007:Proxy
E2003: Direct CAS2010 support
SMTP Transport Upgrade
•
Internet SMTP Servers
•
•
Step 5:
Switch Internet
e-mail submission
to Edge 2010
Step 4:
Install Edge 2010
E2010 Edge
E2007 Edge
Step 3:
Switch Edgesync
+SMTP to go to
HUB2010
E2003 Bridgehead
Step 1:
Upgrade existing E2003
and E2007 servers to SP2
E2010 HUB
E2007 HUB
E2010 MBX
E2007 MBX
Step 2:
Install HUB and MBX 2010
E2003 Back-End
Unified Messaging Upgrade
Step 1:
Introduce UM
2010 to existing
dial plan
Step 2:
Route IP GW/PBX
calls to UM 2010
for dial plan
Will find proper UM server
Step 3:
Remove UM 2007
after mailboxes
have been moved
Public Folders
•
•
•
•
Co-existence support between mailbox server 2010 and
mailbox server 2003/2007
Outlook can read mailbox from one Exchange version (such as
2010) and public folder from another (such as 2003/2007)
OWA 2010 will allow access to public folders with replica in
mailbox server 2010
Get-PublicFolderStatistics help take action
− Move
− Delete
− Migrate to SharePoint
Service Level Agreement
Service availability during migration
Availability
•
Yearly Downtime allowed w/
24-hour day
8-hour day
95%
438 h (18.25 d)
145.6 h (6.07 d)
99%
87.6 h (3.65 d)
29.12 h (1.21 d)
99.9%
8.76 h
2.91 h
99.99%
52.56 min
17.47 min
99.999% (“five nines”)
5.256 min
1.747 min
99.9999%
31.536 sec
10.483 sec
1GB mailbox could take 90 minutes or more to move
− Pain: User is disconnected for the duration
− Pain: Your SLA for availability is not met
Online Move Mailbox
Minimal disruption
E-mail Client
•
− Sending messages
− Receiving messages
− Accessing entire mailbox
•
Client Access Server
•
Mailbox Server 1
Mailbox Server 2
Key Takeaways
•
•
•
Exchange 2007 Service Pack 2 introduces new functionality and is
required for coexistence with Exchange 2010
Upgrading server roles is seamless and without impact to end
users
Online mailbox moves improves mailbox data migration by
significantly reducing the user outage window
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, Forefront, Outlook, Windows, Windows Mobile, Windows Server, and other product names are or may be registered trademarks
and/or trademarks of Microsoft Corporation in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of
this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any
information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.