Mike Chan
Group Product Manager
Forefront Online Services
SIA317
Hans Andersen
Principal Architect
Forefront Online Protection
SIA317
Business
Ready
Security
Help securely enable business by managing risk and empowering people
Identity
Highly Secure & Interoperable Platform
from:
Block
Cost
Siloed
to:
Enable
Value
Seamless
Email Protection – The Stakes
>95% of mail is spam
Obnoxious at best, criminal at worst
The rest is business-critical
Mail hygiene is a must-have
If your protection solution fails, you can’t reach
your customers – and they can’t reach you.
FOPE Architecture Overview
Internet Cloud
I
N
T
E
R
N
E
T
FOPE
Online
Service
Customer
Mail server
Spam quarantine
FOPE Service Level Agreement
99.999% Uptime
<1 Minute Mail Delivery
100% of known viruses filtered
>98% of spam blocked
<1 False Positive per 250,000
Financially Backed
Microsoft relies on FOPE
Microsoft Corporate Mail
you@microsoft.com
Business Productivity Online Suite
Standard and Dedicated offerings
Coming soon to Live@EDU
99.999% Network Uptime
<1 Minute Inbound Latency
Availability: Five Nines.
No Maintenance Windows.
Availability: Five Nines
Truly Shared Architecture
Network Geo-diversity
Disaster capacity
Lots of copies
Proactive Health Checking
Outbound Risk Management
1. Truly Shared Architecture
No PODs, clusters…
Spam attack vs. you personally?
Every FOPE server is at your service
A datacenter needs maintenance?
We take it out of rotation
No impact to mailflow
2. Network Geo-diversity
NOT Geo-proximity
Mail latency: seconds, not milliseconds
Washington
Backup, Utility
California
Utility
Virginia
220 Hosts
Ireland
140 Hosts
Texas
200 Hosts
Singapore
140 Hosts
2. Network Geo-diversity
U.S.-only routing available
Washington
Backup, Utility
California
Utility
Virginia
220 Hosts
Ireland
140 Hosts
Texas
200 Hosts
Singapore
140 Hosts
2. Network Geo-diversity
Additional Europe Datacenter in CY10
Enables Europe-only routing
Washington
Backup, Utility
California
Utility
Virginia
220 Hosts
Ireland
140 Hosts
New Europe DC
TBD Hosts
Texas
200 Hosts
Singapore
140 Hosts
3. Disaster Capacity
6,000,000,000
5 Billion
5,000,000,000
4,000,000,000
3,000,000,000
2,000,000,000
Design goal: 7.5Bil, with
one DC out
1,000,000,000
0
12/29/2004
0.5 Billion
2/2/2006
3/9/2007
4/12/2008
5/17/2009
Recipients
Post-Edge
Delivery
4. Lots of Copies
Every server caches every customer’s settings
No DC relies on another to process mail
Each Datacenter
Customer
Config
PrimaryDB
Customer
Config
BackupDB
Each Filtering
Each
Filtering
Server
Each
Filtering
Server
Server
Config
Config
Config
5. Proactive health checking
Pushback
Servers automatically leave rotation if they are
having trouble meeting SLA
Invisible to customer – different from Exchange
“backpressure”
Central “Brain” prevents the entire service from
going out of rotation at once
I
N
T
E
R
N
E
T
6. Outbound Risk Mitigation
Customer’s
Mail Server
Outbound
Delivery Pool
Higher-Risk
Delivery Pool
Non-Customer
Mail Server
98% of spam blocked
<1 False Positive in 250,000
All known viruses caught
Spam Effectiveness SLA – 98%
Layered approach
Defense-in-depth at the edge
Defense-in-depth content
Constant Improvement via Feedback loops
Defense-In-Depth at the Edge
Directory Blocks
0.5% Blocked
Protocol Blocks
0.1% Blocked
Forefront Block List
9-11% Blocked
Spamhaus SBL, XBL, PBL
80-85% Blocked
Accepted for Content Scans
~6% Accepted
Defense-In-Depth Content Analysis
Multiple virus engines
In-house fingerprinting system
SmartScreen technology from Hotmail
URIBL – catch malicious links in message body
Feedback-driven Regular Expressions
Regular Expressions
\bpoisoned (?:to death )?by his business associate.
Very creative phisher.
\<[0-9a-f]{8}\$[0-9a-f]{8}\$[0-9a-f]{8}\@
Spots fake Outlook Message-IDs generated by botnets.
2 billion caught since October 2006!
Anti-Spam Regex Filters
25,000 rules
250,000 total rule catalog
International spam analyst coverage
Analysts in Redmond, Winnipeg, and Dublin
English, Russian, Chinese, Japanese, Italian,
Spanish, German coverage
Constant tuning by analysts
~2000 confirmed spam reports/week
~200 tuned rules per week
False Positives
“No False Positives” culture
“Not Junk” button in spam quarantine
~6,500 confirmed FP submissions/week
FP so low, many customers stop checking
quarantine altogether
False Positives – Self-Serve Tools
Per-customer IP Blocklist Exceptions
DIY, takes effect in 15 minutes
No need to contact Support
Exchange/Outlook SafeSender support
Exempt key senders from spam rules
Leverage your on-premise AD Identities
Compact, lightweight tool installed
Or configure integration directly from FPE
Anti-spam effectiveness
Edge + Content: >96% of all mail blocked
Less than 1:400,000 False Positive rate
9.3 and beyond
FOPE Release Cadence
Three releases a year
9.1
Outbound Spam Mitigations/Backscatter Defense
New Directory Sync tool – scales to 100,000 users
9.2
Back-end release – now using Exchange 2010
technology
Largest deployment of Exchange 2010 Edge Roles!
Forefront Online Protection for Exchange
Mike Chan
Group Product Manager
Microsoft
FOPE 9.3 Release next week!
FOPE 9.3
New Policy Rule tools
Custom filters
Enhanced regular-expression rules syntax
New header-match rules
Admin Center Globalization
13 languages
Outbound TLS Enhancements
Support for mail sent to a mix of
Forced/Opportunistic TLS destinations
Sample of new 9.3 features!
Mike Chan
Group Product Manager
Microsoft
FOPE 10.x – Calendar 2010
European regional routing
Enterprise Single-Sign-On
Leveraging Microsoft Federation Gateway and
Microsoft Services Connector technology
Forced Inbound TLS
FOPE 10.x – Calendar 2010
Data Leakage Protection capabilities
Apply policies to attachment contents
PCI and PII policy scanning
Exchange Blocked Senders support
Antivirus refresh using FPE 2010 tech
Virus Quarantine
FOPE 10.x – Calendar 2010
Reporting Enhancements
Outbound Deferral Reports
DLP Risk Class Reports
Message-Trace Enhancements
Wild-card searches
Edge-block tracing
General Usability Enhancements
Resources
www.microsoft.com/teched
www.microsoft.com/learning
Sessions On-Demand & Community
Microsoft Certification & Training Resources
http://microsoft.com/technet
http://microsoft.com/msdn
Resources for IT Professionals
Resources for Developers
Related Content
Breakout Sessions
• UNC203 - 11/09/2009 09:00-10:15 [Cyril Sultan]
Implementing and Administering Microsoft Online Services
• OFS209 - 11/10/2009 17:00-18:15 [Kimmo Forss]
SharePoint Online Overview
• UNC205 - 11/11/2009 17:30-18:45 [Cyril Sultan]
Tips and Tricks for Planning, Deploying, and Troubleshooting the Office Live Meeting
Service
• SIA317 - 11/12/2009 13:30-14:45 [Mike Chan]
Forefront Online Protection for Exchange Architecture
• UNC310 - 11/12/2009 13:30-14:45 [David Anderson]
Migrating Data, Co-Existence, and Directory Synchronization with Microsoft Online
Services
• ITS213 - 11/12/2009 17:00-18:15 [Gail Warren]
Critical Infrastructure and Operations for Delivering Secure, Enterprise-Class
Software Services
Online Related Content
Breakout Sessions
• UNC203 - 11/09/2009 09:00-10:15 [Cyril Sultan]
Implementing and Administering Microsoft Online Services
• OFS209 - 11/10/2009 17:00-18:15 [Kimmo Forss]
SharePoint Online Overview
• UNC205 - 11/11/2009 17:30-18:45 [Cyril Sultan]
Tips and Tricks for Planning, Deploying, and Troubleshooting the Office Live Meeting
Service
• SIA317 - 11/12/2009 13:30-14:45 [Mike Chan]
Forefront Online Protection for Exchange Architecture
• UNC310 - 11/12/2009 13:30-14:45 [David Anderson]
Migrating Data, Co-Existence, and Directory Synchronization with Microsoft Online
Services
• ITS213 - 11/12/2009 17:00-18:15 [Gail Warren]
Critical Infrastructure and Operations for Delivering Secure, Enterprise-Class
Software Services
Sessions
Breakout
Sessions
SIA201: Introducing Business Ready Security
SIA302: Forefront Identity Manager 2010 Case Study: FIM in Microsoft IT
SIA304: Windows Server 2008 R2 AD Rights Management Services Deep Dive
SIA305: Windows Identity Foundation Overview
SIA307: Microsoft Identity and Access Management solution overview
SIA311: Better Together: Exchange Server 2010 and Forefront
SIA312: Protecting information with Forefront BRS solutions
SIA315: Securing the Microsoft Cloud Infrastructure
SIA317: Forefront Online Services – Overview, Architecture and Roadmap
Interactive Theater
SIA01-IS: Security Panel
SIA03-IS: FIM 2010 RC1
SIA05-IS: Secure Messaging
using ADRMS and Exchange
SIA07-IS: Security Assessment
Planning and Implementation
SIA08-IS: Security Services in
the Cloud
Demos
SIA02-DEMO:
End-to-End Email
Protection
HOLS
SIA19-HOL: Secure Messaging
SIA23-HOL: IPC Using AD RMS
SIA24-HOL: FOPE Admin &
Reporting
Complete an evaluation
on CommNet and enter to
win an Xbox 360 Elite!
Please join us for the
Community Drinks this evening
In Halls 3 & 4
from 18:15 – 19:30
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should
not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.